Etcd proxy added to caas-etcd

[ta/caas-etcd.git] / ansible / roles / etcd / templates / etcd.yml

diff --git a/ansible/roles/etcd/templates/etcd.yml b/ansible/roles/etcd/templates/etcd.yml
index c54017f..3be70a8 100644 (file)
--- a/ansible/roles/etcd/templates/etcd.yml
+++ b/ansible/roles/etcd/templates/etcd.yml
@@ -89,6 +89,35 @@ spec:
         - name: secret
           mountPath: /etc/etcd/ssl
           readOnly: true
+    - name: kube-etcd-proxy
+      image: {{ container_image_names | select('search', '/etcd') | list | last }}
+{% set etcdproxys = [] -%}
+{%- for nodenumber in range(groups['caas_master']|length|int) -%}
+{%- if etcdproxys.append('https://' + (hostvars[groups.caas_master[nodenumber]]['networking']['infra_internal']['ip']|string) + ':' + (caas.etcd_api_port|string) ) -%}{%- endif -%}
+{%- endfor %}
+      command:
+      - /usr/bin/etcd
+      args:
+      - grpc-proxy
+      - start
+      - --endpoints={{ etcdproxys|join(',')}}
+      - --listen-addr={{ ansible_host }}:{{ caas.etcd_proxy_port }}
+      - --advertise-client-url={{ ansible_host }}:{{ caas.etcd_proxy_port }}
+      - --resolver-prefix='___grpc_proxy_endpoint'
+      - --resolver-ttl=60
+      - --cert=/etc/etcd/ssl/etcd{{ nodeindex }}.pem
+      - --key=/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem
+      - --cacert=/etc/etcd/ssl/ca.pem
+      resources:
+        requests:
+          cpu: "10m"
+      volumeMounts:
+        - name: time-mount
+          mountPath: /etc/localtime
+          readOnly: true
+        - name: secret
+          mountPath: /etc/etcd/ssl
+          readOnly: true
   volumes:
     - name: time-mount
       hostPath: