ansible/roles/etcd/templates/etcd.yml

   1 {#
   2 Copyright 2019 Nokia
   3
   4 Licensed under the Apache License, Version 2.0 (the "License");
   5 you may not use this file except in compliance with the License.
   6 You may obtain a copy of the License at
   7
   8     http://www.apache.org/licenses/LICENSE-2.0
   9
  10 Unless required by applicable law or agreed to in writing, software
  11 distributed under the License is distributed on an "AS IS" BASIS,
  12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 See the License for the specific language governing permissions and
  14 limitations under the License.
  15 #}
  16 ---
  17 apiVersion: v1
  18 kind: Pod
  19 metadata:
  20   name: etcd
  21   namespace: kube-system
  22 spec:
  23   hostNetwork: true
  24   dnsPolicy: ClusterFirst
  25   securityContext:
  26     runAsUser: {{ caas.uid.caas_etcd }}
  27   containers:
  28     - name: kube-etcd
  29       image: {{ container_image_names | select('search', '/etcd') | list | last }}
  30       command: ["/usr/bin/etcd"]
  31       env:
  32         - name: PORT
  33           value: "{{ caas.etcd_api_port }}"
  34         - name: ETCD_NAME
  35           value: "etcd{{ nodeindex }}"
  36         - name: ETCD_DATA_DIR
  37           value: "/var/lib/etcd/etcd{{ nodeindex }}.etcd"
  38         - name: ETCD_ADVERTISE_CLIENT_URLS
  39           value: "https://{{ ansible_host }}:{{ caas.etcd_api_port }}"
  40         - name: ETCD_LISTEN_CLIENT_URLS
  41           value: "https://{{ ansible_host }}:{{ caas.etcd_api_port }}"
  42         - name: ETCD_CLIENT_CERT_AUTH
  43           value: "true"
  44         - name: ETCD_TRUSTED_CA_FILE
  45           value: "/etc/etcd/ssl/ca.pem"
  46         - name: ETCD_CERT_FILE
  47           value: "/etc/etcd/ssl/etcd{{ nodeindex }}.pem"
  48         - name: ETCD_KEY_FILE
  49           value: "/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem"
  50         - name: ETCD_MAX_WALS
  51           value: "1"
  52         - name: ETCD_LOG_PACKAGE_LEVELS
  53           value: "etcdserver=CRITICAL,etcdmain=CRITICAL"
  54         - name: ETCD_INITIAL_ADVERTISE_PEER_URLS
  55           value: "https://{{ ansible_host }}:{{ caas.etcd_peer_port }}"
  56         - name: ETCD_LISTEN_PEER_URLS
  57           value: "https://{{ ansible_host }}:{{ caas.etcd_peer_port }}"
  58         - name: ETCD_PEER_CLIENT_CERT_AUTH
  59           value: "true"
  60         - name: ETCD_PEER_TRUSTED_CA_FILE
  61           value: "/etc/etcd/ssl/ca.pem"
  62         - name: ETCD_PEER_CERT_FILE
  63           value: "/etc/etcd/ssl/etcd{{ nodeindex }}.pem"
  64         - name: ETCD_PEER_KEY_FILE
  65           value: "/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem"
  66         - name: ETCD_INITIAL_CLUSTER
  67 {% set etcdclusternodes = [] -%}
  68 {%- for nodenumber in range(nodeindex|int) -%}
  69 {%- if etcdclusternodes.append('etcd' + ((nodenumber+1)|string) + '=https://' + (hostvars[groups.caas_master[nodenumber]]['networking']['infra_internal']['ip']|string) + ':' + (caas.etcd_peer_port|string) ) -%}{%- endif -%}
  70 {%- endfor %}
  71           value: "{{ etcdclusternodes|join(",") }}"
  72 {% if not nodename | search("caas_master1") %}
  73         - name: ETCD_INITIAL_CLUSTER_STATE
  74           value: "existing"
  75 {% endif %}
  76         - name: ETCD_LISTENONINTERFACE
  77           value: "{{ networking.infra_internal.interface }}"
  78       volumeMounts:
  79         - name: time-mount
  80           mountPath: /etc/localtime
  81           readOnly: true
  82         - name: store
  83           mountPath: /var/lib/etcd
  84         - name: etcd-config
  85           mountPath: /etcd-config
  86         - name: secret
  87           mountPath: /etc/etcd/ssl
  88           readOnly: true
  89   volumes:
  90     - name: time-mount
  91       hostPath:
  92         path: /etc/localtime
  93     - name: store
  94       hostPath:
  95         path: /var/lib/etcd
  96     - name: etcd-config
  97       emptyDir: {}
  98     - name: secret
  99       hostPath:
 100         path: /etc/etcd/ssl