Etcd update
[ta/caas-etcd.git] / ansible / roles / etcd / templates / etcd.yml
1 {#
2 Copyright 2019 Nokia
3
4 Licensed under the Apache License, Version 2.0 (the "License");
5 you may not use this file except in compliance with the License.
6 You may obtain a copy of the License at
7
8     http://www.apache.org/licenses/LICENSE-2.0
9
10 Unless required by applicable law or agreed to in writing, software
11 distributed under the License is distributed on an "AS IS" BASIS,
12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 See the License for the specific language governing permissions and
14 limitations under the License.
15 #}
16 ---
17 apiVersion: v1
18 kind: Pod
19 metadata:
20   name: etcd
21   namespace: kube-system
22 spec:
23   hostNetwork: true
24   dnsPolicy: ClusterFirst
25   securityContext:
26     runAsUser: {{ caas.uid.caas_etcd }}
27   containers:
28     - name: kube-etcd
29       image: {{ container_image_names | select('search', '/etcd') | list | last }}
30       command: ["/usr/bin/etcd"]
31       env:
32         - name: PORT
33           value: "{{ caas.etcd_api_port }}"
34         - name: ETCD_NAME
35           value: "etcd{{ nodeindex }}"
36         - name: ETCD_DATA_DIR
37           value: "/var/lib/etcd/etcd{{ nodeindex }}.etcd"
38         - name: ETCD_ADVERTISE_CLIENT_URLS
39           value: "https://{{ ansible_host }}:{{ caas.etcd_api_port }}"
40         - name: ETCD_LISTEN_CLIENT_URLS
41           value: "https://{{ ansible_host }}:{{ caas.etcd_api_port }}"
42         - name: ETCD_CLIENT_CERT_AUTH
43           value: "true"
44         - name: ETCD_TRUSTED_CA_FILE
45           value: "/etc/etcd/ssl/ca.pem"
46         - name: ETCD_CERT_FILE
47           value: "/etc/etcd/ssl/etcd{{ nodeindex }}.pem"
48         - name: ETCD_KEY_FILE
49           value: "/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem"
50         - name: ETCD_MAX_WALS
51           value: "1"
52         - name: ETCD_LOG_PACKAGE_LEVELS
53           value: "etcdserver=CRITICAL,etcdmain=CRITICAL"
54         - name: ETCD_INITIAL_ADVERTISE_PEER_URLS
55           value: "https://{{ ansible_host }}:{{ caas.etcd_peer_port }}"
56         - name: ETCD_LISTEN_PEER_URLS
57           value: "https://{{ ansible_host }}:{{ caas.etcd_peer_port }}"
58         - name: ETCD_PEER_CLIENT_CERT_AUTH
59           value: "true"
60         - name: ETCD_PEER_TRUSTED_CA_FILE
61           value: "/etc/etcd/ssl/ca.pem"
62         - name: ETCD_PEER_CERT_FILE
63           value: "/etc/etcd/ssl/etcd{{ nodeindex }}.pem"
64         - name: ETCD_PEER_KEY_FILE
65           value: "/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem"
66         - name: ETCD_INITIAL_CLUSTER
67 {% set etcdclusternodes = [] -%}
68 {%- for nodenumber in range(nodeindex|int) -%}
69 {%- if etcdclusternodes.append('etcd' + ((nodenumber+1)|string) + '=https://' + (hostvars[groups.caas_master[nodenumber]]['networking']['infra_internal']['ip']|string) + ':' + (caas.etcd_peer_port|string) ) -%}{%- endif -%}
70 {%- endfor %}
71           value: "{{ etcdclusternodes|join(",") }}"
72 {% if not nodename | search("caas_master1") %}
73         - name: ETCD_INITIAL_CLUSTER_STATE
74           value: "existing"
75 {% endif %}
76         - name: ETCD_LISTENONINTERFACE
77           value: "{{ networking.infra_internal.interface }}"
78       resources:
79         requests:
80           cpu: "60m"
81       volumeMounts:
82         - name: time-mount
83           mountPath: /etc/localtime
84           readOnly: true
85         - name: store
86           mountPath: /var/lib/etcd
87         - name: etcd-config
88           mountPath: /etcd-config
89         - name: secret
90           mountPath: /etc/etcd/ssl
91           readOnly: true
92   volumes:
93     - name: time-mount
94       hostPath:
95         path: /etc/localtime
96     - name: store
97       hostPath:
98         path: /var/lib/etcd
99     - name: etcd-config
100       emptyDir: {}
101     - name: secret
102       hostPath:
103         path: /etc/etcd/ssl