+ - name: kube-etcd-proxy
+ image: {{ container_image_names | select('search', '/etcd') | list | last }}
+{% set etcdproxys = [] -%}
+{%- for nodenumber in range(groups['caas_master']|length|int) -%}
+{%- if etcdproxys.append('https://' + (hostvars[groups.caas_master[nodenumber]]['networking']['infra_internal']['ip']|string) + ':' + (caas.etcd_api_port|string) ) -%}{%- endif -%}
+{%- endfor %}
+ command:
+ - /usr/bin/etcd
+ args:
+ - grpc-proxy
+ - start
+ - --endpoints={{ etcdproxys|join(',')}}
+ - --listen-addr={{ ansible_host }}:{{ caas.etcd_proxy_port }}
+ - --advertise-client-url={{ ansible_host }}:{{ caas.etcd_proxy_port }}
+ - --resolver-prefix='___grpc_proxy_endpoint'
+ - --resolver-ttl=60
+ - --cert=/etc/etcd/ssl/etcd{{ nodeindex }}.pem
+ - --key=/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem
+ - --cacert=/etc/etcd/ssl/ca.pem
+ resources:
+ requests:
+ cpu: "10m"
+ volumeMounts:
+ - name: time-mount
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: secret
+ mountPath: /etc/etcd/ssl
+ readOnly: true