Refactor etcd Chart
Refactor etcd chart to align with OSH standards Change-Id: Ie71fcf045b3ec896dcdd03bb3455fb85af8f2e7a
This commit is contained in:
parent
5c70bbef58
commit
3b4b4661a4
|
@ -1,3 +1,17 @@
|
|||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
description: A chart for a DaemonSet-based etcd deployment.
|
||||
name: etcd
|
||||
|
|
|
@ -1,3 +1,17 @@
|
|||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
dependencies:
|
||||
- name: helm-toolkit
|
||||
repository: http://localhost:8879/charts
|
||||
|
|
|
@ -1,11 +1,20 @@
|
|||
#!/bin/sh
|
||||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
set -x
|
||||
|
||||
export CLIENT_ENDPOINT=https://$POD_IP:{{ .Values.service.client.target_port }}
|
||||
export PEER_ENDPOINT=https://$POD_IP:{{ .Values.service.peer.target_port }}
|
||||
export MANIFEST_PATH=/manifests/{{ .Values.service.name }}.yaml
|
||||
|
||||
function copy_certificates {
|
||||
ETCD_NAME=$1
|
||||
|
||||
|
@ -28,89 +37,10 @@ function copy_certificates {
|
|||
}
|
||||
|
||||
function create_manifest {
|
||||
ETCD_INITIAL_CLUSTER=$1
|
||||
ETCD_INITIAL_CLUSTER_STATE=$2
|
||||
cat <<EODOC > $MANIFEST_PATH
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: {{ .Values.service.name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ .Values.service.name }}-service: enabled
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: etcd
|
||||
image: {{ .Values.images.etcd }}
|
||||
env:
|
||||
- name: ETCD_NAME
|
||||
value: $ETCD_NAME
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: ETCD_CLIENT_CERT_AUTH
|
||||
value: "true"
|
||||
- name: ETCD_PEER_CLIENT_CERT_AUTH
|
||||
value: "true"
|
||||
- name: ETCD_DATA_DIR
|
||||
value: /var/lib/etcd
|
||||
- name: ETCD_TRUSTED_CA_FILE
|
||||
value: /etc/etcd/tls/client-ca.pem
|
||||
- name: ETCD_CERT_FILE
|
||||
value: /etc/etcd/tls/etcd-client.pem
|
||||
- name: ETCD_STRICT_RECONFIG_CHECK
|
||||
value: "true"
|
||||
- name: ETCD_KEY_FILE
|
||||
value: /etc/etcd/tls/etcd-client-key.pem
|
||||
- name: ETCD_PEER_TRUSTED_CA_FILE
|
||||
value: /etc/etcd/tls/peer-ca.pem
|
||||
- name: ETCD_PEER_CERT_FILE
|
||||
value: /etc/etcd/tls/etcd-peer.pem
|
||||
- name: ETCD_PEER_KEY_FILE
|
||||
value: /etc/etcd/tls/etcd-peer-key.pem
|
||||
- name: ETCD_ADVERTISE_CLIENT_URLS
|
||||
value: https://\$(POD_IP):{{ .Values.service.client.target_port }}
|
||||
- name: ETCD_INITIAL_ADVERTISE_PEER_URLS
|
||||
value: https://\$(POD_IP):{{ .Values.service.peer.target_port }}
|
||||
- name: ETCD_INITIAL_CLUSTER_TOKEN
|
||||
value: {{ .Values.service.name }}-init-token
|
||||
- name: ETCD_LISTEN_CLIENT_URLS
|
||||
value: https://0.0.0.0:{{ .Values.service.client.target_port }}
|
||||
- name: ETCD_LISTEN_PEER_URLS
|
||||
value: https://0.0.0.0:{{ .Values.service.peer.target_port }}
|
||||
- name: ETCD_INITIAL_CLUSTER_STATE
|
||||
value: $ETCD_INITIAL_CLUSTER_STATE
|
||||
- name: ETCD_INITIAL_CLUSTER
|
||||
value: $ETCD_INITIAL_CLUSTER
|
||||
- name: ETCDCTL_API
|
||||
value: '3'
|
||||
- name: ETCDCTL_DIAL_TIMEOUT
|
||||
value: 3s
|
||||
- name: ETCDCTL_ENDPOINTS
|
||||
value: https://127.0.0.1:{{ .Values.service.client.target_port }}
|
||||
- name: ETCDCTL_CACERT
|
||||
value: \$(ETCD_TRUSTED_CA_FILE)
|
||||
- name: ETCDCTL_CERT
|
||||
value: \$(ETCD_CERT_FILE)
|
||||
- name: ETCDCTL_KEY
|
||||
value: \$(ETCD_KEY_FILE)
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /var/lib/etcd
|
||||
- name: etc
|
||||
mountPath: /etc/etcd
|
||||
volumes:
|
||||
- name: data
|
||||
hostPath:
|
||||
path: {{ .Values.etcd.host_data_path }}
|
||||
- name: etc
|
||||
hostPath:
|
||||
path: {{ .Values.etcd.host_etc_path }}
|
||||
...
|
||||
EODOC
|
||||
sed -i -e 's#_ETCD_INITIAL_CLUSTER_STATE_#'$2'#g' /anchor-etcd/{{ .Values.service.name }}.yaml
|
||||
sed -i -e 's#_ETCD_INITIAL_CLUSTER_#'$1'#g' /anchor-etcd/{{ .Values.service.name }}.yaml
|
||||
|
||||
cp /anchor-etcd/{{ .Values.service.name }}.yaml $MANIFEST_PATH
|
||||
}
|
||||
|
||||
while true; do
|
||||
|
@ -141,7 +71,7 @@ while true; do
|
|||
if [ -e /bootstrapping/{{ .Values.bootstrapping.filename }} ]; then
|
||||
# Bootstrap the first node
|
||||
copy_certificates ${ETCD_NAME}
|
||||
ETCD_INITIAL_CLUSTER=${ETCD_NAME}=$PEER_ENDPOINT
|
||||
ETCD_INITIAL_CLUSTER=${ETCD_NAME}=https://\$\(POD_IP\):{{ .Values.network.service_peer.target_port }}
|
||||
ETCD_INITIAL_CLUSTER_STATE=new
|
||||
create_manifest $ETCD_INITIAL_CLUSTER $ETCD_INITIAL_CLUSTER_STATE
|
||||
|
||||
|
@ -188,7 +118,7 @@ while true; do
|
|||
ETCD_INITIAL_CLUSTER=$(grep -v $PEER_ENDPOINT /tmp/members \
|
||||
| awk -F ', ' '{ print $3 "=" $4 }' \
|
||||
| tr '\n' ',' \
|
||||
| sed "s;\$;$ETCD_NAME=$PEER_ENDPOINT;")
|
||||
| sed "s;\$;$ETCD_NAME=https://\$\(POD_IP\):{{ .Values.network.service_peer.target_port }};")
|
||||
ETCD_INITIAL_CLUSTER_STATE=existing
|
||||
|
||||
create_manifest $ETCD_INITIAL_CLUSTER $ETCD_INITIAL_CLUSTER_STATE
|
||||
|
|
|
@ -1,10 +1,20 @@
|
|||
#!/bin/sh
|
||||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
set -x
|
||||
|
||||
export PEER_ENDPOINT=https://$POD_IP:{{ .Values.service.peer.target_port }}
|
||||
export MANIFEST_PATH=/manifests/{{ .Values.service.name }}.yaml
|
||||
|
||||
function cleanup_host {
|
||||
rm -f $MANIFEST_PATH
|
||||
rm -rf /etcd-etc/tls/
|
||||
|
|
|
@ -1,7 +1,20 @@
|
|||
#!/bin/sh
|
||||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
set -ex
|
||||
|
||||
export ETCDCTL_ENDPOINTS=https://$POD_IP:{{ .Values.service.client.target_port }}
|
||||
export ETCDCTL_ENDPOINTS=https://$POD_IP:{{ .Values.network.service_client.target_port }}
|
||||
|
||||
etcdctl endpoint health
|
||||
|
|
|
@ -1,3 +1,22 @@
|
|||
{{/*
|
||||
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.configmap_bin }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
|
@ -10,3 +29,4 @@ data:
|
|||
{{ tuple "bin/_pre_stop.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
readiness: |+
|
||||
{{ tuple "bin/_readiness.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,3 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.configmap_certs }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -5,12 +22,12 @@ kind: ConfigMap
|
|||
metadata:
|
||||
name: {{ $envAll.Values.service.name }}-certs
|
||||
data:
|
||||
anchor-etcd-client.pem: {{ $envAll.Values.anchor.tls.cert | quote }}
|
||||
client-ca.pem: {{ $envAll.Values.tls.client.ca | quote }}
|
||||
peer-ca.pem: {{ $envAll.Values.tls.peer.ca | quote }}
|
||||
anchor-etcd-client.pem: {{ $envAll.Values.secrets.anchor.tls.cert | quote }}
|
||||
client-ca.pem: {{ $envAll.Values.secrets.tls.client.ca | quote }}
|
||||
peer-ca.pem: {{ $envAll.Values.secrets.tls.peer.ca | quote }}
|
||||
{{- range .Values.nodes }}
|
||||
{{- $node := . }}
|
||||
{{ $node.name }}-etcd-client.pem: {{ $node.tls.client.cert | quote }}
|
||||
{{ $node.name }}-etcd-peer.pem: {{ $node.tls.peer.cert | quote }}
|
||||
{{- end }}
|
||||
...
|
||||
{{- end }}
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
{{/*
|
||||
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.configmap_etc }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ $envAll.Values.service.name }}-etc
|
||||
data:
|
||||
{{ .Values.service.name }}.yaml: |+
|
||||
{{ tuple "etc/_kubernetes-etcd.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- end }}
|
|
@ -1,31 +1,51 @@
|
|||
{{/*
|
||||
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.daemonset_anchor }}
|
||||
{{- $envAll := . }}
|
||||
{{- $mounts_daemonset_anchor := .Values.pod.mounts.daemonset_anchor.daemonset_anchor }}
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: {{ .Values.service.name }}-anchor
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{ .Values.service.name | quote }}: anchor
|
||||
{{ tuple $envAll "anchor" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
labels:
|
||||
{{ .Values.service.name | quote }}: anchor
|
||||
{{ tuple $envAll "kubernetes" "anchor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
hostNetwork: true
|
||||
dnsPolicy: {{ .Values.anchor.dns_policy }}
|
||||
nodeSelector:
|
||||
{{ .Values.anchor.node_selector.key }}: {{ .Values.anchor.node_selector.value }}
|
||||
{{ .Values.labels.anchor.node_selector_key }}: {{ .Values.labels.anchor.node_selector_value }}
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/master
|
||||
effect: NoSchedule
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.daemonset_anchor.timeout }}
|
||||
containers:
|
||||
- name: etcdctl
|
||||
image: {{ .Values.images.etcdctl }}
|
||||
image: {{ .Values.images.tags.etcdctl }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.daemonset_anchor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
- /tmp/etcdctl_anchor
|
||||
env:
|
||||
|
@ -42,13 +62,19 @@ spec:
|
|||
- name: ETCDCTL_DIAL_TIMEOUT
|
||||
value: 3s
|
||||
- name: ETCDCTL_ENDPOINTS
|
||||
value: https://{{ .Values.anchor.etcdctl_endpoint }}:{{ .Values.service.client.port }}
|
||||
value: https://{{ .Values.anchor.etcdctl_endpoint }}:{{ .Values.network.service_client.port }}
|
||||
- name: ETCDCTL_CACERT
|
||||
value: /etc/etcd/tls/certs/client-ca.pem
|
||||
- name: ETCDCTL_CERT
|
||||
value: /etc/etcd/tls/certs/anchor-etcd-client.pem
|
||||
- name: ETCDCTL_KEY
|
||||
value: /etc/etcd/tls/keys/anchor-etcd-client-key.pem
|
||||
- name: CLIENT_ENDPOINT
|
||||
value: https://$(POD_IP):{{ .Values.network.service_client.target_port }}
|
||||
- name: PEER_ENDPOINT
|
||||
value: https://$(POD_IP):{{ .Values.network.service_peer.target_port }}
|
||||
- name: MANIFEST_PATH
|
||||
value: /manifests/{{ .Values.service.name }}.yaml
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
@ -61,13 +87,13 @@ spec:
|
|||
command:
|
||||
- /tmp/pre_stop
|
||||
volumeMounts:
|
||||
- name: bin
|
||||
- name: {{ .Values.service.name }}-bin
|
||||
mountPath: /tmp
|
||||
{{- if .Values.bootstrapping.enabled }}
|
||||
- name: bootstrapping
|
||||
mountPath: /bootstrapping
|
||||
{{- end }}
|
||||
- name: certs
|
||||
- name: {{ .Values.service.name }}-certs
|
||||
mountPath: /etc/etcd/tls/certs
|
||||
- name: etcd-etc
|
||||
mountPath: /etcd-etc
|
||||
|
@ -75,13 +101,15 @@ spec:
|
|||
- name: etcd-data
|
||||
mountPath: /etcd-data
|
||||
{{- end }}
|
||||
- name: keys
|
||||
- name: {{ .Values.service.name }}-keys
|
||||
mountPath: /etc/etcd/tls/keys
|
||||
- name: kubelet-manifests
|
||||
mountPath: /manifests
|
||||
terminationGracePeriodSeconds: {{ .Values.anchor.termination_grace_period }}
|
||||
- name: {{ .Values.service.name }}-etc
|
||||
mountPath: /anchor-etcd
|
||||
{{ if $mounts_daemonset_anchor.volumeMounts }}{{ toYaml $mounts_daemonset_anchor.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: bin
|
||||
- name: {{ .Values.service.name }}-bin
|
||||
configMap:
|
||||
name: {{ .Values.service.name }}-bin
|
||||
defaultMode: 0555
|
||||
|
@ -90,7 +118,7 @@ spec:
|
|||
hostPath:
|
||||
path: {{ .Values.bootstrapping.host_directory }}
|
||||
{{- end }}
|
||||
- name: certs
|
||||
- name: {{ .Values.service.name }}-certs
|
||||
configMap:
|
||||
name: {{ .Values.service.name }}-certs
|
||||
defaultMode: 0444
|
||||
|
@ -99,7 +127,7 @@ spec:
|
|||
hostPath:
|
||||
path: {{ .Values.etcd.host_data_path }}
|
||||
{{- end }}
|
||||
- name: keys
|
||||
- name: {{ .Values.service.name }}-keys
|
||||
secret:
|
||||
secretName: {{ .Values.service.name }}-keys
|
||||
defaultMode: 0444
|
||||
|
@ -109,3 +137,9 @@ spec:
|
|||
- name: kubelet-manifests
|
||||
hostPath:
|
||||
path: {{ .Values.anchor.kubelet.manifest_path }}
|
||||
- name: {{ .Values.service.name }}-etc
|
||||
configMap:
|
||||
name: {{ .Values.service.name }}-etc
|
||||
defaultMode: 0444
|
||||
{{ if $mounts_daemonset_anchor.volumes }}{{ toYaml $mounts_daemonset_anchor.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -0,0 +1,106 @@
|
|||
{{/*
|
||||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.service }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: {{ .Values.service.name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ .Values.service.name }}-service: enabled
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: etcd
|
||||
image: {{ .Values.images.tags.etcd }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
env:
|
||||
- name: ETCD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: ETCD_CLIENT_CERT_AUTH
|
||||
value: "true"
|
||||
- name: ETCD_PEER_CLIENT_CERT_AUTH
|
||||
value: "true"
|
||||
- name: ETCD_DATA_DIR
|
||||
value: /var/lib/etcd
|
||||
- name: ETCD_TRUSTED_CA_FILE
|
||||
value: /etc/etcd/tls/client-ca.pem
|
||||
- name: ETCD_CERT_FILE
|
||||
value: /etc/etcd/tls/etcd-client.pem
|
||||
- name: ETCD_STRICT_RECONFIG_CHECK
|
||||
value: "true"
|
||||
- name: ETCD_KEY_FILE
|
||||
value: /etc/etcd/tls/etcd-client-key.pem
|
||||
- name: ETCD_PEER_TRUSTED_CA_FILE
|
||||
value: /etc/etcd/tls/peer-ca.pem
|
||||
- name: ETCD_PEER_CERT_FILE
|
||||
value: /etc/etcd/tls/etcd-peer.pem
|
||||
- name: ETCD_PEER_KEY_FILE
|
||||
value: /etc/etcd/tls/etcd-peer-key.pem
|
||||
- name: ETCD_ADVERTISE_CLIENT_URLS
|
||||
value: https://$(POD_IP):{{ .Values.network.service_client.target_port }}
|
||||
- name: ETCD_INITIAL_ADVERTISE_PEER_URLS
|
||||
value: https://$(POD_IP):{{ .Values.network.service_peer.target_port }}
|
||||
- name: ETCD_INITIAL_CLUSTER_TOKEN
|
||||
value: {{ .Values.service.name }}-init-token
|
||||
- name: ETCD_LISTEN_CLIENT_URLS
|
||||
value: https://0.0.0.0:{{ .Values.network.service_client.target_port }}
|
||||
- name: ETCD_LISTEN_PEER_URLS
|
||||
value: https://0.0.0.0:{{ .Values.network.service_peer.target_port }}
|
||||
- name: ETCD_INITIAL_CLUSTER_STATE
|
||||
value: _ETCD_INITIAL_CLUSTER_STATE_
|
||||
- name: ETCD_INITIAL_CLUSTER
|
||||
value: _ETCD_INITIAL_CLUSTER_
|
||||
- name: ETCDCTL_API
|
||||
value: '3'
|
||||
- name: ETCDCTL_DIAL_TIMEOUT
|
||||
value: 3s
|
||||
- name: ETCDCTL_ENDPOINTS
|
||||
value: https://127.0.0.1:{{ .Values.network.service_client.target_port }}
|
||||
- name: ETCDCTL_CACERT
|
||||
value: $(ETCD_TRUSTED_CA_FILE)
|
||||
- name: ETCDCTL_CERT
|
||||
value: $(ETCD_CERT_FILE)
|
||||
- name: ETCDCTL_KEY
|
||||
value: $(ETCD_KEY_FILE)
|
||||
- name: CLIENT_ENDPOINT
|
||||
value: https://$(POD_IP):{{ .Values.network.service_client.target_port }}
|
||||
- name: PEER_ENDPOINT
|
||||
value: https://$(POD_IP):{{ .Values.network.service_peer.target_port }}
|
||||
- name: MANIFEST_PATH
|
||||
value: /manifests/{{ .Values.service.name }}.yaml
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /var/lib/etcd
|
||||
- name: etc
|
||||
mountPath: /etc/etcd
|
||||
volumes:
|
||||
- name: data
|
||||
hostPath:
|
||||
path: {{ .Values.etcd.host_data_path }}
|
||||
- name: etc
|
||||
hostPath:
|
||||
path: {{ .Values.etcd.host_etc_path }}
|
||||
{{- end }}
|
|
@ -1,3 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.secret }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -6,9 +23,10 @@ metadata:
|
|||
name: {{ $envAll.Values.service.name }}-keys
|
||||
type: Opaque
|
||||
data:
|
||||
anchor-etcd-client-key.pem: {{ $envAll.Values.anchor.tls.key | b64enc }}
|
||||
anchor-etcd-client-key.pem: {{ $envAll.Values.secrets.anchor.tls.key | b64enc }}
|
||||
{{- range .Values.nodes }}
|
||||
{{- $node := . }}
|
||||
{{ $node.name }}-etcd-client-key.pem: {{ $node.tls.client.key | b64enc }}
|
||||
{{ $node.name }}-etcd-peer-key.pem: {{ $node.tls.peer.key | b64enc }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,3 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.service }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -5,12 +22,22 @@ kind: Service
|
|||
metadata:
|
||||
name: {{ $envAll.Values.service.name }}
|
||||
spec:
|
||||
ports:
|
||||
{{ if .Values.network.service_client.enable_node_port }}
|
||||
- name: etcd
|
||||
nodePort: {{ .Values.network.service_client.node_port }}
|
||||
port: {{ .Values.network.service_client.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.network.service_client.target_port }}
|
||||
{{ else }}
|
||||
- name: etcd
|
||||
port: {{ .Values.network.service_client.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.network.service_client.target_port }}
|
||||
{{ end }}
|
||||
selector:
|
||||
{{ $envAll.Values.service.name }}-service: enabled
|
||||
{{- if $envAll.Values.service.ip }}
|
||||
clusterIP: {{ $envAll.Values.service.ip }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: etcd
|
||||
port: {{ $envAll.Values.service.client.port }}
|
||||
targetPort: {{ $envAll.Values.service.client.target_port }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,3 +1,29 @@
|
|||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
images:
|
||||
tags:
|
||||
etcd: quay.io/coreos/etcd:v3.2.7
|
||||
etcdctl: quay.io/coreos/etcd:v3.2.7
|
||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
||||
pull_policy: "IfNotPresent"
|
||||
|
||||
labels:
|
||||
anchor:
|
||||
node_selector_key: etcd-example
|
||||
node_selector_value: enabled
|
||||
|
||||
anchor:
|
||||
dns_policy: Default
|
||||
etcdctl_endpoint: example-etcd
|
||||
|
@ -6,31 +32,28 @@ anchor:
|
|||
kubelet:
|
||||
manifest_path: /etc/kubernetes/manifests
|
||||
|
||||
node_selector:
|
||||
key: etcd-example
|
||||
value: enabled
|
||||
|
||||
termination_grace_period: 3600
|
||||
period: 15
|
||||
|
||||
tls:
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
|
||||
etcd:
|
||||
host_etc_path: /etc/etcd-example
|
||||
host_data_path: /var/lib/etcd/example
|
||||
cleanup_data: true
|
||||
|
||||
network:
|
||||
service_client:
|
||||
name: service_client
|
||||
port: 2379
|
||||
target_port: 2379
|
||||
enable_node_port: false
|
||||
service_peer:
|
||||
name: service_peer
|
||||
port: 2380
|
||||
target_port: 2380
|
||||
enable_node_port: false
|
||||
|
||||
service:
|
||||
name: example-etcd
|
||||
ip: null
|
||||
client:
|
||||
port: 2379
|
||||
target_port: 2379
|
||||
peer:
|
||||
port: 2380
|
||||
target_port: 2380
|
||||
|
||||
bootstrapping:
|
||||
enabled: false
|
||||
|
@ -39,11 +62,16 @@ bootstrapping:
|
|||
# XXX Can I just generalize to an anchor timeout?
|
||||
timeout: 300
|
||||
|
||||
tls:
|
||||
client:
|
||||
ca: placeholder
|
||||
peer:
|
||||
ca: placeholder
|
||||
secrets:
|
||||
tls:
|
||||
client:
|
||||
ca: placeholder
|
||||
peer:
|
||||
ca: placeholder
|
||||
anchor:
|
||||
tls:
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
|
||||
nodes:
|
||||
- name: example-0
|
||||
|
@ -55,6 +83,37 @@ nodes:
|
|||
cert: placeholder
|
||||
key: placeholder
|
||||
|
||||
images:
|
||||
etcd: quay.io/coreos/etcd:v3.2.7
|
||||
etcdctl: quay.io/coreos/etcd:v3.2.7
|
||||
pod:
|
||||
mounts:
|
||||
daemonset_anchor:
|
||||
daemonset_anchor:
|
||||
replicas:
|
||||
apiserver: 3
|
||||
lifecycle:
|
||||
upgrades:
|
||||
daemonsets:
|
||||
pod_replacement_strategy: RollingUpdate
|
||||
anchor:
|
||||
enabled: false
|
||||
min_ready_seconds: 0
|
||||
max_unavailable: 1
|
||||
termination_grace_period:
|
||||
daemonset_anchor:
|
||||
timeout: 3600
|
||||
resources:
|
||||
enabled: false
|
||||
daemonset_anchor:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
|
||||
manifests:
|
||||
configmap_bin: true
|
||||
configmap_certs: true
|
||||
configmap_etc: true
|
||||
daemonset_anchor: true
|
||||
secret: true
|
||||
service: true
|
||||
|
|
|
@ -182,14 +182,14 @@ metadata:
|
|||
name: calico-etcd
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.client.ca'
|
||||
path: '$.values.secrets.tls.client.ca'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateAuthority/v1
|
||||
name: calico-etcd-peer
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.peer.ca'
|
||||
path: '$.values.secrets.tls.peer.ca'
|
||||
|
||||
-
|
||||
src:
|
||||
|
@ -197,14 +197,14 @@ metadata:
|
|||
name: calico-etcd-anchor
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.anchor.tls.cert'
|
||||
path: '$.values.secrets.anchor.tls.cert'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: calico-etcd-anchor
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.anchor.tls.key'
|
||||
path: '$.values.secrets.anchor.tls.key'
|
||||
|
||||
-
|
||||
src:
|
||||
|
@ -332,12 +332,20 @@ data:
|
|||
values:
|
||||
anchor:
|
||||
etcdctl_endpoint: 10.96.232.136
|
||||
node_selector:
|
||||
key: calico-etcd
|
||||
value: enabled
|
||||
labels:
|
||||
anchor:
|
||||
node_selector_key: calico-etcd
|
||||
node_selector_value: enabled
|
||||
secrets:
|
||||
anchor:
|
||||
tls:
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
tls:
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
client:
|
||||
ca: placeholder
|
||||
peer:
|
||||
ca: placeholder
|
||||
etcd:
|
||||
host_data_path: /var/lib/etcd/calico
|
||||
host_etc_path: /etc/etcd/calico
|
||||
|
@ -346,8 +354,9 @@ data:
|
|||
host_directory: /var/lib/anchor
|
||||
filename: calico-etcd-bootstrap
|
||||
images:
|
||||
etcd: quay.io/coreos/etcd:v3.0.17
|
||||
etcdctl: quay.io/coreos/etcd:v3.0.17
|
||||
tags:
|
||||
etcd: quay.io/coreos/etcd:v3.0.17
|
||||
etcdctl: quay.io/coreos/etcd:v3.0.17
|
||||
nodes:
|
||||
- name: n0
|
||||
tls:
|
||||
|
@ -385,17 +394,15 @@ data:
|
|||
service:
|
||||
name: calico-etcd
|
||||
ip: 10.96.232.136
|
||||
client:
|
||||
network:
|
||||
service_client:
|
||||
name: service_client
|
||||
port: 6666
|
||||
target_port: 6666
|
||||
peer:
|
||||
service_peer:
|
||||
name: service_peer
|
||||
port: 6667
|
||||
target_port: 6667
|
||||
tls:
|
||||
client:
|
||||
ca: placeholder
|
||||
peer:
|
||||
ca: placeholder
|
||||
source:
|
||||
type: local
|
||||
location: /etc/genesis/armada/assets/charts
|
||||
|
@ -781,14 +788,14 @@ metadata:
|
|||
name: kubernetes-etcd
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.client.ca'
|
||||
path: '$.values.secrets.tls.client.ca'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateAuthority/v1
|
||||
name: kubernetes-etcd-peer
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.peer.ca'
|
||||
path: '$.values.secrets.tls.peer.ca'
|
||||
|
||||
-
|
||||
src:
|
||||
|
@ -796,14 +803,14 @@ metadata:
|
|||
name: kubernetes-etcd-anchor
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.anchor.tls.cert'
|
||||
path: '$.values.secrets.anchor.tls.cert'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: kubernetes-etcd-anchor
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.anchor.tls.key'
|
||||
path: '$.values.secrets.anchor.tls.key'
|
||||
|
||||
-
|
||||
src:
|
||||
|
@ -931,18 +938,27 @@ data:
|
|||
values:
|
||||
anchor:
|
||||
etcdctl_endpoint: 10.96.0.2
|
||||
node_selector:
|
||||
key: kubernetes-etcd
|
||||
value: enabled
|
||||
labels:
|
||||
anchor:
|
||||
node_selector_key: kubernetes-etcd
|
||||
node_selector_value: enabled
|
||||
secrets:
|
||||
anchor:
|
||||
tls:
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
tls:
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
client:
|
||||
ca: placeholder
|
||||
peer:
|
||||
ca: placeholder
|
||||
etcd:
|
||||
host_data_path: /var/lib/etcd/kubernetes
|
||||
host_etc_path: /etc/etcd/kubernetes
|
||||
images:
|
||||
etcd: quay.io/coreos/etcd:v3.0.17
|
||||
etcdctl: quay.io/coreos/etcd:v3.0.17
|
||||
tags:
|
||||
etcd: quay.io/coreos/etcd:v3.0.17
|
||||
etcdctl: quay.io/coreos/etcd:v3.0.17
|
||||
nodes:
|
||||
- name: n0
|
||||
tls:
|
||||
|
@ -979,17 +995,15 @@ data:
|
|||
service:
|
||||
name: kubernetes-etcd
|
||||
ip: 10.96.0.2
|
||||
client:
|
||||
network:
|
||||
service_client:
|
||||
name: service_client
|
||||
port: 2379
|
||||
target_port: 2379
|
||||
peer:
|
||||
service_peer:
|
||||
name: service_peer
|
||||
port: 2380
|
||||
target_port: 2380
|
||||
tls:
|
||||
client:
|
||||
ca: placeholder
|
||||
peer:
|
||||
ca: placeholder
|
||||
source:
|
||||
type: local
|
||||
location: /etc/genesis/armada/assets/charts
|
||||
|
|
|
@ -213,14 +213,14 @@ metadata:
|
|||
name: calico-etcd
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.client.ca'
|
||||
path: '$.values.secrets.tls.client.ca'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateAuthority/v1
|
||||
name: calico-etcd-peer
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.peer.ca'
|
||||
path: '$.values.secrets.tls.peer.ca'
|
||||
|
||||
-
|
||||
src:
|
||||
|
@ -228,14 +228,14 @@ metadata:
|
|||
name: calico-etcd-anchor
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.anchor.tls.cert'
|
||||
path: '$.values.secrets.anchor.tls.cert'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: calico-etcd-anchor
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.anchor.tls.key'
|
||||
path: '$.values.secrets.anchor.tls.key'
|
||||
|
||||
-
|
||||
src:
|
||||
|
@ -363,12 +363,20 @@ data:
|
|||
values:
|
||||
anchor:
|
||||
etcdctl_endpoint: 10.96.232.136
|
||||
node_selector:
|
||||
key: calico-etcd
|
||||
value: enabled
|
||||
labels:
|
||||
anchor:
|
||||
node_selector_key: calico-etcd
|
||||
node_selector_value: enabled
|
||||
secrets:
|
||||
anchor:
|
||||
tls:
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
tls:
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
client:
|
||||
ca: placeholder
|
||||
peer:
|
||||
ca: placeholder
|
||||
etcd:
|
||||
host_data_path: /var/lib/etcd/calico
|
||||
host_etc_path: /etc/etcd/calico
|
||||
|
@ -377,8 +385,9 @@ data:
|
|||
host_directory: /var/lib/anchor
|
||||
filename: calico-etcd-bootstrap
|
||||
images:
|
||||
etcd: quay.io/coreos/etcd:v3.0.17
|
||||
etcdctl: quay.io/coreos/etcd:v3.0.17
|
||||
tags:
|
||||
etcd: quay.io/coreos/etcd:v3.0.17
|
||||
etcdctl: quay.io/coreos/etcd:v3.0.17
|
||||
nodes:
|
||||
- name: n0
|
||||
tls:
|
||||
|
@ -416,17 +425,15 @@ data:
|
|||
service:
|
||||
name: calico-etcd
|
||||
ip: 10.96.232.136
|
||||
client:
|
||||
network:
|
||||
service_client:
|
||||
name: service_client
|
||||
port: 6666
|
||||
target_port: 6666
|
||||
peer:
|
||||
service_peer:
|
||||
name: service_peer
|
||||
port: 6667
|
||||
target_port: 6667
|
||||
tls:
|
||||
client:
|
||||
ca: placeholder
|
||||
peer:
|
||||
ca: placeholder
|
||||
source:
|
||||
type: local
|
||||
location: /etc/genesis/armada/assets/charts
|
||||
|
@ -812,14 +819,14 @@ metadata:
|
|||
name: kubernetes-etcd
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.client.ca'
|
||||
path: '$.values.secrets.tls.client.ca'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateAuthority/v1
|
||||
name: kubernetes-etcd-peer
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.peer.ca'
|
||||
path: '$.values.secrets.tls.peer.ca'
|
||||
|
||||
-
|
||||
src:
|
||||
|
@ -827,14 +834,14 @@ metadata:
|
|||
name: kubernetes-etcd-anchor
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.anchor.tls.cert'
|
||||
path: '$.values.secrets.anchor.tls.cert'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: kubernetes-etcd-anchor
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.anchor.tls.key'
|
||||
path: '$.values.secrets.anchor.tls.key'
|
||||
|
||||
-
|
||||
src:
|
||||
|
@ -962,18 +969,27 @@ data:
|
|||
values:
|
||||
anchor:
|
||||
etcdctl_endpoint: 10.96.0.2
|
||||
node_selector:
|
||||
key: kubernetes-etcd
|
||||
value: enabled
|
||||
labels:
|
||||
anchor:
|
||||
node_selector_key: kubernetes-etcd
|
||||
node_selector_value: enabled
|
||||
secrets:
|
||||
anchor:
|
||||
tls:
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
tls:
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
client:
|
||||
ca: placeholder
|
||||
peer:
|
||||
ca: placeholder
|
||||
etcd:
|
||||
host_data_path: /var/lib/etcd/kubernetes
|
||||
host_etc_path: /etc/etcd/kubernetes
|
||||
images:
|
||||
etcd: quay.io/coreos/etcd:v3.0.17
|
||||
etcdctl: quay.io/coreos/etcd:v3.0.17
|
||||
tags:
|
||||
etcd: quay.io/coreos/etcd:v3.0.17
|
||||
etcdctl: quay.io/coreos/etcd:v3.0.17
|
||||
nodes:
|
||||
- name: n0
|
||||
tls:
|
||||
|
@ -1010,17 +1026,15 @@ data:
|
|||
service:
|
||||
name: kubernetes-etcd
|
||||
ip: 10.96.0.2
|
||||
client:
|
||||
network:
|
||||
service_client:
|
||||
name: service_client
|
||||
port: 2379
|
||||
target_port: 2379
|
||||
peer:
|
||||
service_peer:
|
||||
name: service_peer
|
||||
port: 2380
|
||||
target_port: 2380
|
||||
tls:
|
||||
client:
|
||||
ca: placeholder
|
||||
peer:
|
||||
ca: placeholder
|
||||
source:
|
||||
type: local
|
||||
location: /etc/genesis/armada/assets/charts
|
||||
|
|
|
@ -182,14 +182,14 @@ metadata:
|
|||
name: calico-etcd
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.client.ca'
|
||||
path: '$.values.secrets.tls.client.ca'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateAuthority/v1
|
||||
name: calico-etcd-peer
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.peer.ca'
|
||||
path: '$.values.secrets.tls.peer.ca'
|
||||
|
||||
-
|
||||
src:
|
||||
|
@ -197,14 +197,14 @@ metadata:
|
|||
name: calico-etcd-anchor
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.anchor.tls.cert'
|
||||
path: '$.values.secrets.anchor.tls.cert'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: calico-etcd-anchor
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.anchor.tls.key'
|
||||
path: '$.values.secrets.anchor.tls.key'
|
||||
|
||||
-
|
||||
src:
|
||||
|
@ -332,12 +332,20 @@ data:
|
|||
values:
|
||||
anchor:
|
||||
etcdctl_endpoint: 10.96.232.136
|
||||
node_selector:
|
||||
key: calico-etcd
|
||||
value: enabled
|
||||
labels:
|
||||
anchor:
|
||||
node_selector_key: calico-etcd
|
||||
node_selector_value: enabled
|
||||
secrets:
|
||||
anchor:
|
||||
tls:
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
tls:
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
client:
|
||||
ca: placeholder
|
||||
peer:
|
||||
ca: placeholder
|
||||
etcd:
|
||||
host_data_path: /var/lib/etcd/calico
|
||||
host_etc_path: /etc/etcd/calico
|
||||
|
@ -346,8 +354,9 @@ data:
|
|||
host_directory: /var/lib/anchor
|
||||
filename: calico-etcd-bootstrap
|
||||
images:
|
||||
etcd: ${IMAGE_ETCD}
|
||||
etcdctl: ${IMAGE_ETCD}
|
||||
tags:
|
||||
etcd: ${IMAGE_ETCD}
|
||||
etcdctl: ${IMAGE_ETCD}
|
||||
nodes:
|
||||
- name: ${GENESIS_HOSTNAME}
|
||||
tls:
|
||||
|
@ -385,17 +394,15 @@ data:
|
|||
service:
|
||||
name: calico-etcd
|
||||
ip: 10.96.232.136
|
||||
client:
|
||||
network:
|
||||
service_client:
|
||||
name: service_client
|
||||
port: 6666
|
||||
target_port: 6666
|
||||
peer:
|
||||
service_peer:
|
||||
name: service_peer
|
||||
port: 6667
|
||||
target_port: 6667
|
||||
tls:
|
||||
client:
|
||||
ca: placeholder
|
||||
peer:
|
||||
ca: placeholder
|
||||
source:
|
||||
type: local
|
||||
location: /etc/genesis/armada/assets/charts
|
||||
|
@ -781,14 +788,14 @@ metadata:
|
|||
name: kubernetes-etcd
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.client.ca'
|
||||
path: '$.values.secrets.tls.client.ca'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateAuthority/v1
|
||||
name: kubernetes-etcd-peer
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.peer.ca'
|
||||
path: '$.values.secrets.tls.peer.ca'
|
||||
|
||||
-
|
||||
src:
|
||||
|
@ -796,14 +803,14 @@ metadata:
|
|||
name: kubernetes-etcd-anchor
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.anchor.tls.cert'
|
||||
path: '$.values.secrets.anchor.tls.cert'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: kubernetes-etcd-anchor
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.anchor.tls.key'
|
||||
path: '$.values.secrets.anchor.tls.key'
|
||||
|
||||
-
|
||||
src:
|
||||
|
@ -902,18 +909,27 @@ data:
|
|||
values:
|
||||
anchor:
|
||||
etcdctl_endpoint: 10.96.0.2
|
||||
node_selector:
|
||||
key: kubernetes-etcd
|
||||
value: enabled
|
||||
labels:
|
||||
anchor:
|
||||
node_selector_key: kubernetes-etcd
|
||||
node_selector_value: enabled
|
||||
secrets:
|
||||
anchor:
|
||||
tls:
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
tls:
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
client:
|
||||
ca: placeholder
|
||||
peer:
|
||||
ca: placeholder
|
||||
etcd:
|
||||
host_data_path: /var/lib/etcd/kubernetes
|
||||
host_etc_path: /etc/etcd/kubernetes
|
||||
images:
|
||||
etcd: ${IMAGE_ETCD}
|
||||
etcdctl: ${IMAGE_ETCD}
|
||||
tags:
|
||||
etcd: ${IMAGE_ETCD}
|
||||
etcdctl: ${IMAGE_ETCD}
|
||||
nodes:
|
||||
- name: ${GENESIS_HOSTNAME}
|
||||
tls:
|
||||
|
@ -942,17 +958,15 @@ data:
|
|||
service:
|
||||
name: kubernetes-etcd
|
||||
ip: 10.96.0.2
|
||||
client:
|
||||
network:
|
||||
service_client:
|
||||
name: service_client
|
||||
port: 2379
|
||||
target_port: 2379
|
||||
peer:
|
||||
service_peer:
|
||||
name: service_peer
|
||||
port: 2380
|
||||
target_port: 2380
|
||||
tls:
|
||||
client:
|
||||
ca: placeholder
|
||||
peer:
|
||||
ca: placeholder
|
||||
source:
|
||||
type: local
|
||||
location: /etc/genesis/armada/assets/charts
|
||||
|
|
Loading…
Reference in New Issue