File _service:obs_scm:0015-delete-apiserver-kubelet-... of Package eggo

File _service:obs_scm:0015-delete-apiserver-kubelet-https-flag-and-add-lb-bind-.patch of Package eggo

From 83a2ad6a3b68180d0c926280500dd20ee715f26e Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Wed, 15 Dec 2021 10:32:29 +0800
Subject: [PATCH 15/17] delete apiserver kubelet-https flag, and add lb bind
 port in firewall

Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
 cmd/configs.go                                      | 13 +++++++++++--
 .../binary/commontools/systemdservices.go           |  1 -
 pkg/utils/template/template_test.go                 |  2 --
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/cmd/configs.go b/cmd/configs.go
index beefd9d..326e889 100644
--- a/cmd/configs.go
+++ b/cmd/configs.go
@@ -300,7 +300,7 @@ func fillPackageConfig(ccfg *api.ClusterConfig, icfg *InstallConfig) {
 	}
 }
 
-func fillOpenPort(ccfg *api.ClusterConfig, openports map[string][]*OpenPorts, dnsType string) {
+func fillOpenPort(ccfg *api.ClusterConfig, openports map[string][]*OpenPorts, dnsType string, lb LoadBalance) {
 	// key: master, worker, etcd, loadbalance
 	for t, p := range openports {
 		role, ok := toTypeInt[t]
@@ -316,6 +316,15 @@ func fillOpenPort(ccfg *api.ClusterConfig, openports map[string][]*OpenPorts, dn
 		ccfg.RoleInfra[api.Master].OpenPorts =
 			append(ccfg.RoleInfra[api.Master].OpenPorts, infra.CorednsPorts...)
 	}
+
+	if lb.Ip != "" && lb.BindPort > 0 {
+		ccfg.RoleInfra[api.LoadBalance].OpenPorts =
+			append(ccfg.RoleInfra[api.LoadBalance].OpenPorts, &api.OpenPorts{
+				Port:     lb.BindPort,
+				Protocol: "tcp",
+			})
+		return
+	}
 }
 
 func defaultHostName(clusterID string, nodeType string, i int) string {
@@ -588,7 +597,7 @@ func toClusterdeploymentConfig(conf *DeployConfig) *api.ClusterConfig {
 	fillLoadBalance(&ccfg.LoadBalancer, conf.LoadBalance)
 	fillAPIEndPoint(&ccfg.APIEndpoint, conf)
 	fillPackageConfig(ccfg, &conf.InstallConfig)
-	fillOpenPort(ccfg, conf.OpenPorts, conf.Service.DNS.CorednsType)
+	fillOpenPort(ccfg, conf.OpenPorts, conf.Service.DNS.CorednsType, conf.LoadBalance)
 	ccfg.WorkerConfig.KubeletConf.EnableServer = conf.EnableKubeletServing
 
 	fillExtrArgs(ccfg, conf.ConfigExtraArgs)
diff --git a/pkg/clusterdeployment/binary/commontools/systemdservices.go b/pkg/clusterdeployment/binary/commontools/systemdservices.go
index 0a17ee2..3b32e22 100644
--- a/pkg/clusterdeployment/binary/commontools/systemdservices.go
+++ b/pkg/clusterdeployment/binary/commontools/systemdservices.go
@@ -44,7 +44,6 @@ func SetupAPIServerService(r runner.Runner, ccfg *api.ClusterConfig, hcf *api.Ho
 		"--client-ca-file":                     "/etc/kubernetes/pki/ca.crt",
 		"--kubelet-client-certificate":         "/etc/kubernetes/pki/apiserver-kubelet-client.crt",
 		"--kubelet-client-key":                 "/etc/kubernetes/pki/apiserver-kubelet-client.key",
-		"--kubelet-https":                      "true",
 		"--proxy-client-cert-file":             "/etc/kubernetes/pki/front-proxy-client.crt",
 		"--proxy-client-key-file":              "/etc/kubernetes/pki/front-proxy-client.key",
 		"--tls-cert-file":                      "/etc/kubernetes/pki/apiserver.crt",
diff --git a/pkg/utils/template/template_test.go b/pkg/utils/template/template_test.go
index 2d13329..ae46d48 100644
--- a/pkg/utils/template/template_test.go
+++ b/pkg/utils/template/template_test.go
@@ -156,7 +156,6 @@ func TestCreateSystemdServiceTemplate(t *testing.T) {
 			"--client-ca-file=/etc/kubernetes/pki/ca.crt",
 			"--kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt",
 			"--kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key",
-			"--kubelet-https=true",
 			"--proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt",
 			"--proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key",
 			"--tls-cert-file=/etc/kubernetes/pki/apiserver.crt",
@@ -195,7 +194,6 @@ ExecStart=/usr/bin/kube-apiserver \
 		--client-ca-file=/etc/kubernetes/pki/ca.crt \
 		--kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt \
 		--kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key \
-		--kubelet-https=true \
 		--proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt \
 		--proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key \
 		--tls-cert-file=/etc/kubernetes/pki/apiserver.crt \
-- 
2.25.1