X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=ansible%2Froles%2Fetcd%2Ftemplates%2Fetcd.yml;h=3be70a82ec123955d73d2240f1f77511e6d53029;hb=92925d932577f53cc2664dc39a32018ac360c3f8;hp=0133870c81a955020bfe0776b4c74632994ada48;hpb=e85043aa3e0f004b8129971f4cb5cb2c4810d281;p=ta%2Fcaas-etcd.git diff --git a/ansible/roles/etcd/templates/etcd.yml b/ansible/roles/etcd/templates/etcd.yml index 0133870..3be70a8 100644 --- a/ansible/roles/etcd/templates/etcd.yml +++ b/ansible/roles/etcd/templates/etcd.yml @@ -63,24 +63,25 @@ spec: value: "/etc/etcd/ssl/etcd{{ nodeindex }}.pem" - name: ETCD_PEER_KEY_FILE value: "/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem" -{% if nodename | search("caas_master1") %} - name: ETCD_INITIAL_CLUSTER - value: "etcd1=https://{{ hostvars[groups.caas_master[0]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }}" -{% else %} +{% set etcdclusternodes = [] -%} +{%- for nodenumber in range(nodeindex|int) -%} +{%- if etcdclusternodes.append('etcd' + ((nodenumber+1)|string) + '=https://' + (hostvars[groups.caas_master[nodenumber]]['networking']['infra_internal']['ip']|string) + ':' + (caas.etcd_peer_port|string) ) -%}{%- endif -%} +{%- endfor %} + value: "{{ etcdclusternodes|join(",") }}" +{% if not nodename | search("caas_master1") %} - name: ETCD_INITIAL_CLUSTER_STATE value: "existing" -{% endif %} -{% if nodename | search("caas_master2") %} - - name: ETCD_INITIAL_CLUSTER - value: "etcd1=https://{{ hostvars[groups.caas_master[0]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }},etcd2=https://{{ hostvars[groups.caas_master[1]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }}" -{% endif %} -{% if nodename | search("caas_master3") %} - - name: ETCD_INITIAL_CLUSTER - value: "etcd1=https://{{ hostvars[groups.caas_master[0]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }},etcd2=https://{{ hostvars[groups.caas_master[1]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }},etcd3=https://{{ hostvars[groups.caas_master[2]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }}" {% endif %} - name: ETCD_LISTENONINTERFACE value: "{{ networking.infra_internal.interface }}" + resources: + requests: + cpu: "60m" volumeMounts: + - name: time-mount + mountPath: /etc/localtime + readOnly: true - name: store mountPath: /var/lib/etcd - name: etcd-config @@ -88,7 +89,39 @@ spec: - name: secret mountPath: /etc/etcd/ssl readOnly: true + - name: kube-etcd-proxy + image: {{ container_image_names | select('search', '/etcd') | list | last }} +{% set etcdproxys = [] -%} +{%- for nodenumber in range(groups['caas_master']|length|int) -%} +{%- if etcdproxys.append('https://' + (hostvars[groups.caas_master[nodenumber]]['networking']['infra_internal']['ip']|string) + ':' + (caas.etcd_api_port|string) ) -%}{%- endif -%} +{%- endfor %} + command: + - /usr/bin/etcd + args: + - grpc-proxy + - start + - --endpoints={{ etcdproxys|join(',')}} + - --listen-addr={{ ansible_host }}:{{ caas.etcd_proxy_port }} + - --advertise-client-url={{ ansible_host }}:{{ caas.etcd_proxy_port }} + - --resolver-prefix='___grpc_proxy_endpoint' + - --resolver-ttl=60 + - --cert=/etc/etcd/ssl/etcd{{ nodeindex }}.pem + - --key=/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem + - --cacert=/etc/etcd/ssl/ca.pem + resources: + requests: + cpu: "10m" + volumeMounts: + - name: time-mount + mountPath: /etc/localtime + readOnly: true + - name: secret + mountPath: /etc/etcd/ssl + readOnly: true volumes: + - name: time-mount + hostPath: + path: /etc/localtime - name: store hostPath: path: /var/lib/etcd