cert_path: /etc/etcd/ssl
alt_names:
ip:
- - "{{ ansible_host }}"
+ "{{ lookup('template', 'caas-master-nodes.j2') | from_yaml }}"
add_users:
- caas_etcd
- kube # needed for apiserver
become_user: "root"
- name: etcd docker id
- shell: "docker ps | grep etcd | grep -v pause | awk -F' ' '{ print $1 }'"
+ shell: "docker ps --no-trunc | grep etcd | grep -v pause | grep -v grpc-proxy | awk -F' ' '{ print $1 }'"
environment:
DOCKER_HOST: "tcp://{{ networking.infra_internal.ip }}:2375"
DOCKER_TLS_VERIFY: "1"
when: ( nodename | search("caas_master1") ) and ( groups['caas_master']|length|int > 1 )
- name: etcd docker id
- shell: "docker ps | grep etcd | grep -v pause | awk -F' ' '{ print $1 }'"
+ shell: "docker ps --no-trunc | grep etcd | grep -v pause | grep -v grpc-proxy | awk -F' ' '{ print $1 }'"
environment:
DOCKER_HOST: "tcp://{{ networking.infra_internal.ip }}:2375"
DOCKER_TLS_VERIFY: "1"
--- /dev/null
+{% for host in groups['caas_master']%}
+- "{{ hostvars[host]['networking']['infra_internal']['ip'] }}"
+{% endfor %}
+
- name: secret
mountPath: /etc/etcd/ssl
readOnly: true
+ - name: kube-etcd-proxy
+ image: {{ container_image_names | select('search', '/etcd') | list | last }}
+{% set etcdproxys = [] -%}
+{%- for nodenumber in range(groups['caas_master']|length|int) -%}
+{%- if etcdproxys.append('https://' + (hostvars[groups.caas_master[nodenumber]]['networking']['infra_internal']['ip']|string) + ':' + (caas.etcd_api_port|string) ) -%}{%- endif -%}
+{%- endfor %}
+ command:
+ - /usr/bin/etcd
+ args:
+ - grpc-proxy
+ - start
+ - --endpoints={{ etcdproxys|join(',')}}
+ - --listen-addr={{ ansible_host }}:{{ caas.etcd_proxy_port }}
+ - --advertise-client-url={{ ansible_host }}:{{ caas.etcd_proxy_port }}
+ - --resolver-prefix='___grpc_proxy_endpoint'
+ - --resolver-ttl=60
+ - --cert=/etc/etcd/ssl/etcd{{ nodeindex }}.pem
+ - --key=/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem
+ - --cacert=/etc/etcd/ssl/ca.pem
+ resources:
+ requests:
+ cpu: "10m"
+ volumeMounts:
+ - name: time-mount
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: secret
+ mountPath: /etc/etcd/ssl
+ readOnly: true
volumes:
- name: time-mount
hostPath:
%define COMPONENT etcd
%define RPM_NAME caas-%{COMPONENT}
%define RPM_MAJOR_VERSION 3.3.13
-%define RPM_MINOR_VERSION 3
+%define RPM_MINOR_VERSION 4
%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION}
%define docker_build_dir %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-build
%define docker_save_dir %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save