From 69a1a2c0585389f45d07cccb69f45869d82e3917 Mon Sep 17 00:00:00 2001
From: Foivos Filippopoulos <ffilippopoulos@utilitywarehouse.co.uk>
Date: Mon, 7 Oct 2019 09:17:56 +0100
Subject: [PATCH 1/2] Upgrade etcd to v3.4.1

---
 etcd.tf      | 22 +++++++++-------------
 variables.tf |  2 +-
 2 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/etcd.tf b/etcd.tf
index 4f7e5ba..9adc212 100644
--- a/etcd.tf
+++ b/etcd.tf
@@ -8,19 +8,15 @@ data "template_file" "etcd-cfssl-new-cert" {
   template = file("${path.module}/resources/cfssl-new-cert.sh")
 
   vars = {
-    cert_name = "node"
-    user      = "etcd"
-    group     = "etcd"
-    profile   = "client-server"
-    path      = "/etc/etcd/ssl"
-    cn        = "${count.index}.etcd.${var.dns_domain}"
-    org       = ""
-    get_ip    = var.get_ip_command[var.cloud_provider]
-    # workaround for https://github.com/kubernetes/kubernetes/issues/72102
-    # include first member's ip in SAN for all nodes
-    # this replicates kubeadm behaviour to include first node's ip, as kubeadm
-    # generates all certificates on the first node
-    extra_names = join(",", ["etcd.${var.dns_domain}", var.etcd_addresses[0]])
+    cert_name   = "node"
+    user        = "etcd"
+    group       = "etcd"
+    profile     = "client-server"
+    path        = "/etc/etcd/ssl"
+    cn          = "${count.index}.etcd.${var.dns_domain}"
+    org         = ""
+    get_ip      = var.get_ip_command[var.cloud_provider]
+    extra_names = ""
   }
 }
 
diff --git a/variables.tf b/variables.tf
index 6c98bdf..aa46bc5 100644
--- a/variables.tf
+++ b/variables.tf
@@ -39,7 +39,7 @@ variable "etcd_image_url" {
 
 variable "etcd_image_tag" {
   description = "The version of the etcd image to use."
-  default     = "v3.3.13"
+  default     = "v3.4.1"
 }
 
 variable "node_exporter_image_url" {

From f3d0574dfd0a0fc67df1389ae490e4553ca3ccde Mon Sep 17 00:00:00 2001
From: Foivos Filippopoulos <ffilippopoulos@utilitywarehouse.co.uk>
Date: Mon, 7 Oct 2019 11:18:35 +0100
Subject: [PATCH 2/2] Revert etcd workaround deletion

---
 etcd.tf | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/etcd.tf b/etcd.tf
index 9adc212..4f7e5ba 100644
--- a/etcd.tf
+++ b/etcd.tf
@@ -8,15 +8,19 @@ data "template_file" "etcd-cfssl-new-cert" {
   template = file("${path.module}/resources/cfssl-new-cert.sh")
 
   vars = {
-    cert_name   = "node"
-    user        = "etcd"
-    group       = "etcd"
-    profile     = "client-server"
-    path        = "/etc/etcd/ssl"
-    cn          = "${count.index}.etcd.${var.dns_domain}"
-    org         = ""
-    get_ip      = var.get_ip_command[var.cloud_provider]
-    extra_names = ""
+    cert_name = "node"
+    user      = "etcd"
+    group     = "etcd"
+    profile   = "client-server"
+    path      = "/etc/etcd/ssl"
+    cn        = "${count.index}.etcd.${var.dns_domain}"
+    org       = ""
+    get_ip    = var.get_ip_command[var.cloud_provider]
+    # workaround for https://github.com/kubernetes/kubernetes/issues/72102
+    # include first member's ip in SAN for all nodes
+    # this replicates kubeadm behaviour to include first node's ip, as kubeadm
+    # generates all certificates on the first node
+    extra_names = join(",", ["etcd.${var.dns_domain}", var.etcd_addresses[0]])
   }
 }