--- apiVersion: v1 kind: Pod metadata: name: auxiliary-etcd namespace: kube-system labels: component: auxiliary-etcd promenade: genesis spec: hostNetwork: true containers: - name: auxiliary-etcd-0 image: quay.io/coreos/etcd:v3.0.17 env: - name: ETCD_NAME value: auxiliary-etcd-0 - name: ETCD_CLIENT_CERT_AUTH value: "true" - name: ETCD_PEER_CLIENT_CERT_AUTH value: "true" - name: ETCD_DATA_DIR value: /var/lib/auxiliary-etcd-0 - name: ETCD_TRUSTED_CA_FILE value: /etc/kubernetes/auxiliary-etcd-0/pki/client-ca.pem - name: ETCD_CERT_FILE value: /etc/kubernetes/auxiliary-etcd-0/pki/etcd-client.pem - name: ETCD_KEY_FILE value: /etc/kubernetes/auxiliary-etcd-0/pki/etcd-client-key.pem - name: ETCD_PEER_TRUSTED_CA_FILE value: /etc/kubernetes/auxiliary-etcd-0/pki/peer-ca.pem - name: ETCD_PEER_CERT_FILE value: /etc/kubernetes/auxiliary-etcd-0/pki/etcd-peer.pem - name: ETCD_PEER_KEY_FILE value: /etc/kubernetes/auxiliary-etcd-0/pki/etcd-peer-key.pem - name: ETCD_ADVERTISE_CLIENT_URLS value: https://{{ config['Node']['hostname'] }}:12379 - name: ETCD_INITIAL_ADVERTISE_PEER_URLS value: https://{{ config['Node']['hostname'] }}:12380 - name: ETCD_INITIAL_CLUSTER_TOKEN value: promenade-kube-etcd-token - name: ETCD_LISTEN_CLIENT_URLS value: https://0.0.0.0:12379 - name: ETCD_LISTEN_PEER_URLS value: https://0.0.0.0:12380 - name: ETCD_INITIAL_CLUSTER_STATE value: {{ config['Etcd']['initial_cluster_state'] }} - name: ETCD_INITIAL_CLUSTER value: {{ config['Etcd']['initial_cluster'] | join(',') }} ports: - name: client containerPort: 12379 - name: peer containerPort: 12380 resources: limits: cpu: 100m requests: cpu: 100m volumeMounts: - name: data-0 mountPath: /var/lib/auxiliary-etcd-0 - name: pki-0 mountPath: /etc/kubernetes/auxiliary-etcd-0/pki readOnly: true - name: auxiliary-etcd-1 image: quay.io/coreos/etcd:v3.0.17 env: - name: ETCD_NAME value: auxiliary-etcd-1 - name: ETCD_CLIENT_CERT_AUTH value: "true" - name: ETCD_PEER_CLIENT_CERT_AUTH value: "true" - name: ETCD_DATA_DIR value: /var/lib/auxiliary-etcd-1 - name: ETCD_TRUSTED_CA_FILE value: /etc/kubernetes/auxiliary-etcd-1/pki/client-ca.pem - name: ETCD_CERT_FILE value: /etc/kubernetes/auxiliary-etcd-1/pki/etcd-client.pem - name: ETCD_KEY_FILE value: /etc/kubernetes/auxiliary-etcd-1/pki/etcd-client-key.pem - name: ETCD_PEER_TRUSTED_CA_FILE value: /etc/kubernetes/auxiliary-etcd-1/pki/peer-ca.pem - name: ETCD_PEER_CERT_FILE value: /etc/kubernetes/auxiliary-etcd-1/pki/etcd-peer.pem - name: ETCD_PEER_KEY_FILE value: /etc/kubernetes/auxiliary-etcd-1/pki/etcd-peer-key.pem - name: ETCD_ADVERTISE_CLIENT_URLS value: https://{{ config['Node']['hostname'] }}:22379 - name: ETCD_INITIAL_ADVERTISE_PEER_URLS value: https://{{ config['Node']['hostname'] }}:22380 - name: ETCD_INITIAL_CLUSTER_TOKEN value: promenade-kube-etcd-token - name: ETCD_LISTEN_CLIENT_URLS value: https://0.0.0.0:22379 - name: ETCD_LISTEN_PEER_URLS value: https://0.0.0.0:22380 - name: ETCD_INITIAL_CLUSTER_STATE value: {{ config['Etcd']['initial_cluster_state'] }} - name: ETCD_INITIAL_CLUSTER value: {{ config['Etcd']['initial_cluster'] | join(',') }} ports: - name: client containerPort: 22379 - name: peer containerPort: 22380 resources: limits: cpu: 100m requests: cpu: 100m volumeMounts: - name: data-1 mountPath: /var/lib/auxiliary-etcd-1 - name: pki-1 mountPath: /etc/kubernetes/auxiliary-etcd-1/pki readOnly: true - name: cluster-monitor image: quay.io/coreos/etcd:v3.0.17 command: - sh - -c - |- set -x while true; do if [ $(etcdctl member list | grep -v unstarted | wc -l || echo 0) -ge {{ config['Masters']['nodes'] | length }} ]; then {%- for master in config['Masters']['nodes'] %} etcdctl member add {{ master['hostname'] }} --peer-urls https://{{ master['hostname'] }}:2380 {%- endfor %} break fi done while true; do sleep 5 if [ $(etcdctl member list | grep -v unstarted | wc -l || echo 0) -eq {{ 2 + (config['Masters']['nodes'] | length) }} ]; then etcdctl member remove $(etcdctl member list | grep auxiliary-etcd-1 | cut -d , -f 1) etcdctl member remove $(etcdctl member list | grep auxiliary-etcd-0 | cut -d , -f 1) sleep 60 rm -rf \ /var/lib/auxiliary-etcd-0 \ /var/lib/auxiliary-etcd-1 \ /etc/kubernetes/auxiliary-etcd-0 \ /etc/kubernetes/auxiliary-etcd-1 \ /etc/kubernetes/kubelet/manifests/auxiliary-etcd.yaml sleep 10000 fi done resources: limits: cpu: 100m requests: cpu: 100m env: - name: ETCDCTL_API value: "3" - name: ETCDCTL_CACERT value: /etc/kubernetes/etcd/pki/client-ca.pem - name: ETCDCTL_CERT value: /etc/kubernetes/etcd/pki/etcd-client.pem - name: ETCDCTL_ENDPOINTS value: https://{{ config['Node']['ip'] }}:2379 - name: ETCDCTL_KEY value: /etc/kubernetes/etcd/pki/etcd-client-key.pem volumeMounts: - name: pki mountPath: /etc/kubernetes/etcd/pki readOnly: true - name: manifests mountPath: /etc/kubernetes/kubelet/manifests - name: varlib mountPath: /var/lib volumes: - name: data-0 hostPath: path: /var/lib/auxiliary-etcd-0 - name: data-1 hostPath: path: /var/lib/auxiliary-etcd-1 - name: pki hostPath: path: /etc/kubernetes/etcd/pki - name: pki-0 hostPath: path: /etc/kubernetes/auxiliary-etcd-0/pki - name: pki-1 hostPath: path: /etc/kubernetes/auxiliary-etcd-1/pki - name: manifests hostPath: path: /etc/kubernetes/kubelet/manifests - name: varlib hostPath: path: /var/lib