X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=ansible%2Froles%2Fetcd%2Ftemplates%2Fetcd.yml;h=3be70a82ec123955d73d2240f1f77511e6d53029;hb=refs%2Fchanges%2F01%2F1201%2F1;hp=c54017f81de492d333666348716093f64143d80f;hpb=4598260480dcbcef742d2482fdef9b1f6afd563d;p=ta%2Fcaas-etcd.git

diff --git a/ansible/roles/etcd/templates/etcd.yml b/ansible/roles/etcd/templates/etcd.yml
index c54017f..3be70a8 100644
--- a/ansible/roles/etcd/templates/etcd.yml
+++ b/ansible/roles/etcd/templates/etcd.yml
@@ -89,6 +89,35 @@ spec:
         - name: secret
           mountPath: /etc/etcd/ssl
           readOnly: true
+    - name: kube-etcd-proxy
+      image: {{ container_image_names | select('search', '/etcd') | list | last }}
+{% set etcdproxys = [] -%}
+{%- for nodenumber in range(groups['caas_master']|length|int) -%}
+{%- if etcdproxys.append('https://' + (hostvars[groups.caas_master[nodenumber]]['networking']['infra_internal']['ip']|string) + ':' + (caas.etcd_api_port|string) ) -%}{%- endif -%}
+{%- endfor %}
+      command:
+      - /usr/bin/etcd
+      args:
+      - grpc-proxy
+      - start
+      - --endpoints={{ etcdproxys|join(',')}}
+      - --listen-addr={{ ansible_host }}:{{ caas.etcd_proxy_port }}
+      - --advertise-client-url={{ ansible_host }}:{{ caas.etcd_proxy_port }}
+      - --resolver-prefix='___grpc_proxy_endpoint'
+      - --resolver-ttl=60
+      - --cert=/etc/etcd/ssl/etcd{{ nodeindex }}.pem
+      - --key=/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem
+      - --cacert=/etc/etcd/ssl/ca.pem
+      resources:
+        requests:
+          cpu: "10m"
+      volumeMounts:
+        - name: time-mount
+          mountPath: /etc/localtime
+          readOnly: true
+        - name: secret
+          mountPath: /etc/etcd/ssl
+          readOnly: true
   volumes:
     - name: time-mount
       hostPath: