value: "/etc/etcd/ssl/etcd{{ nodeindex }}.pem"
- name: ETCD_PEER_KEY_FILE
value: "/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem"
-{% if nodename | search("caas_master1") %}
- name: ETCD_INITIAL_CLUSTER
- value: "etcd1=https://{{ hostvars[groups.caas_master[0]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }}"
-{% else %}
+{% set etcdclusternodes = [] -%}
+{%- for nodenumber in range(nodeindex|int) -%}
+{%- if etcdclusternodes.append('etcd' + ((nodenumber+1)|string) + '=https://' + (hostvars[groups.caas_master[nodenumber]]['networking']['infra_internal']['ip']|string) + ':' + (caas.etcd_peer_port|string) ) -%}{%- endif -%}
+{%- endfor %}
+ value: "{{ etcdclusternodes|join(",") }}"
+{% if not nodename | search("caas_master1") %}
- name: ETCD_INITIAL_CLUSTER_STATE
value: "existing"
-{% endif %}
-{% if nodename | search("caas_master2") %}
- - name: ETCD_INITIAL_CLUSTER
- value: "etcd1=https://{{ hostvars[groups.caas_master[0]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }},etcd2=https://{{ hostvars[groups.caas_master[1]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }}"
-{% endif %}
-{% if nodename | search("caas_master3") %}
- - name: ETCD_INITIAL_CLUSTER
- value: "etcd1=https://{{ hostvars[groups.caas_master[0]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }},etcd2=https://{{ hostvars[groups.caas_master[1]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }},etcd3=https://{{ hostvars[groups.caas_master[2]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }}"
{% endif %}
- name: ETCD_LISTENONINTERFACE
value: "{{ networking.infra_internal.interface }}"
+ resources:
+ requests:
+ cpu: "60m"
volumeMounts:
+ - name: time-mount
+ mountPath: /etc/localtime
+ readOnly: true
- name: store
mountPath: /var/lib/etcd
- name: etcd-config
- name: secret
mountPath: /etc/etcd/ssl
readOnly: true
+ - name: kube-etcd-proxy
+ image: {{ container_image_names | select('search', '/etcd') | list | last }}
+{% set etcdproxys = [] -%}
+{%- for nodenumber in range(groups['caas_master']|length|int) -%}
+{%- if etcdproxys.append('https://' + (hostvars[groups.caas_master[nodenumber]]['networking']['infra_internal']['ip']|string) + ':' + (caas.etcd_api_port|string) ) -%}{%- endif -%}
+{%- endfor %}
+ command:
+ - /usr/bin/etcd
+ args:
+ - grpc-proxy
+ - start
+ - --endpoints={{ etcdproxys|join(',')}}
+ - --listen-addr={{ ansible_host }}:{{ caas.etcd_proxy_port }}
+ - --advertise-client-url={{ ansible_host }}:{{ caas.etcd_proxy_port }}
+ - --resolver-prefix='___grpc_proxy_endpoint'
+ - --resolver-ttl=60
+ - --cert=/etc/etcd/ssl/etcd{{ nodeindex }}.pem
+ - --key=/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem
+ - --cacert=/etc/etcd/ssl/ca.pem
+ resources:
+ requests:
+ cpu: "10m"
+ volumeMounts:
+ - name: time-mount
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: secret
+ mountPath: /etc/etcd/ssl
+ readOnly: true
volumes:
+ - name: time-mount
+ hostPath:
+ path: /etc/localtime
- name: store
hostPath:
path: /var/lib/etcd