Etcd proxy added to caas-etcd

[ta/caas-etcd.git] / ansible / roles / etcd / templates / etcd.yml

diff --git a/ansible/roles/etcd/templates/etcd.yml b/ansible/roles/etcd/templates/etcd.yml
index 0133870..3be70a8 100644 (file)
--- a/ansible/roles/etcd/templates/etcd.yml
+++ b/ansible/roles/etcd/templates/etcd.yml
@@ -63,24 +63,25 @@ spec:
           value: "/etc/etcd/ssl/etcd{{ nodeindex }}.pem"
         - name: ETCD_PEER_KEY_FILE
           value: "/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem"
-{% if nodename | search("caas_master1") %}
         - name: ETCD_INITIAL_CLUSTER
-          value: "etcd1=https://{{ hostvars[groups.caas_master[0]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }}"
-{% else %}
+{% set etcdclusternodes = [] -%}
+{%- for nodenumber in range(nodeindex|int) -%}
+{%- if etcdclusternodes.append('etcd' + ((nodenumber+1)|string) + '=https://' + (hostvars[groups.caas_master[nodenumber]]['networking']['infra_internal']['ip']|string) + ':' + (caas.etcd_peer_port|string) ) -%}{%- endif -%}
+{%- endfor %}
+          value: "{{ etcdclusternodes|join(",") }}"
+{% if not nodename | search("caas_master1") %}
         - name: ETCD_INITIAL_CLUSTER_STATE
           value: "existing"
-{% endif %}
-{% if nodename | search("caas_master2") %}
-        - name: ETCD_INITIAL_CLUSTER
-          value: "etcd1=https://{{ hostvars[groups.caas_master[0]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }},etcd2=https://{{ hostvars[groups.caas_master[1]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }}"
-{% endif %}
-{% if nodename | search("caas_master3") %}
-        - name: ETCD_INITIAL_CLUSTER
-          value: "etcd1=https://{{ hostvars[groups.caas_master[0]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }},etcd2=https://{{ hostvars[groups.caas_master[1]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }},etcd3=https://{{ hostvars[groups.caas_master[2]]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_peer_port }}"
 {% endif %}
         - name: ETCD_LISTENONINTERFACE
           value: "{{ networking.infra_internal.interface }}"
+      resources:
+        requests:
+          cpu: "60m"
       volumeMounts:
+        - name: time-mount
+          mountPath: /etc/localtime
+          readOnly: true
         - name: store
           mountPath: /var/lib/etcd
         - name: etcd-config
@@ -88,7 +89,39 @@ spec:
         - name: secret
           mountPath: /etc/etcd/ssl
           readOnly: true
+    - name: kube-etcd-proxy
+      image: {{ container_image_names | select('search', '/etcd') | list | last }}
+{% set etcdproxys = [] -%}
+{%- for nodenumber in range(groups['caas_master']|length|int) -%}
+{%- if etcdproxys.append('https://' + (hostvars[groups.caas_master[nodenumber]]['networking']['infra_internal']['ip']|string) + ':' + (caas.etcd_api_port|string) ) -%}{%- endif -%}
+{%- endfor %}
+      command:
+      - /usr/bin/etcd
+      args:
+      - grpc-proxy
+      - start
+      - --endpoints={{ etcdproxys|join(',')}}
+      - --listen-addr={{ ansible_host }}:{{ caas.etcd_proxy_port }}
+      - --advertise-client-url={{ ansible_host }}:{{ caas.etcd_proxy_port }}
+      - --resolver-prefix='___grpc_proxy_endpoint'
+      - --resolver-ttl=60
+      - --cert=/etc/etcd/ssl/etcd{{ nodeindex }}.pem
+      - --key=/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem
+      - --cacert=/etc/etcd/ssl/ca.pem
+      resources:
+        requests:
+          cpu: "10m"
+      volumeMounts:
+        - name: time-mount
+          mountPath: /etc/localtime
+          readOnly: true
+        - name: secret
+          mountPath: /etc/etcd/ssl
+          readOnly: true
   volumes:
+    - name: time-mount
+      hostPath:
+        path: /etc/localtime
     - name: store
       hostPath:
         path: /var/lib/etcd