# Copyright 2017 AT&T Intellectual Property. All other rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. images: tags: etcd: quay.io/coreos/etcd:v3.5.4 etcdctl: quay.io/coreos/etcd:v3.5.4 etcdctl_backup: "quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_bionic" dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic pull_policy: "IfNotPresent" local_registry: active: false exclude: - dep_check - image_repo_sync labels: anchor: node_selector_key: etcd-example node_selector_value: enabled job: node_selector_key: example-etcd node_selector_value: enabled anchor: dns_policy: ClusterFirstWithHostNet enable_cleanup: true etcdctl_endpoint: example-etcd host_data_path: /var/lib/etcd/example # How many monitoring loops the anchor goes through with an unhealthy member # before removing the member from the cluster and recreating saddness_threshold: 3 kubelet: manifest_path: /etc/kubernetes/manifests period: 15 health_wait_period: 60 etcd: host_etc_path: /etc/etcd-example host_data_path: /var/lib/etcd/example cleanup_data: true etcdctl_api: "3" logging: # Set individual etcd subpackages to specific log levels. # An example being etcdserver=WARNING,security=DEBUG log_level: - etcdserver=DEBUG - security=DEBUG backup: enabled: true host_backup_path: /var/backups backup_log_file: /var/log/etcd-backup.log no_backup_keep: 10 etcdctl_dial_timeout: 15s remote_backup: enabled: false container_name: etcd days_to_keep: 14 storage_policy: default-placement number_of_retries: 5 delay_range: min: 30 max: 60 endpoints: identity: name: backup-storage-auth namespace: null auth: example-admin: # Auth URL of null indicates local authentication # HTK will form the URL unless specified here auth_url: null region_name: RegionOne username: example-admin password: password project_name: admin user_domain_name: default project_domain_name: default example-etcd: # Auth URL of null indicates local authentication # HTK will form the URL unless specified here auth_url: null role: admin region_name: RegionOne username: example-etcd-backup-user password: password project_name: service user_domain_name: service project_domain_name: service hosts: default: keystone internal: keystone-api host_fqdn_override: default: null path: default: /v3 scheme: default: 'http' port: api: default: 80 internal: 5000 network: service_client: name: service_client port: 2379 target_port: 2379 enable_node_port: false service_peer: name: service_peer port: 2380 target_port: 2380 enable_node_port: false service: # requires override for a specific use case e.g. calico-etcd or kubernetes-etcd name: example-etcd ip: null bootstrapping: enabled: false host_directory: /var/lib/anchor/etcd-example filename: bootstrap # XXX Can I just generalize to an anchor timeout? timeout: 300 secrets: tls: client: ca: placeholder peer: ca: placeholder anchor: tls: cert: placeholder key: placeholder etcd: backup_restore: etcd-backup-restore identity: example-admin: example-admin-user example-etcd: example-backup-user nodes: - name: example-0 tls: client: cert: placeholder key: placeholder peer: cert: placeholder key: placeholder dependencies: static: backup_etcd: jobs: - etcd-ks-user pod: security_context: anchor: pod: runAsUser: 65534 container: etcdctl: runAsUser: 0 readOnlyRootFilesystem: false etcd_backup: pod: runAsUser: 65534 container: etcd_backup: runAsUser: 0 readOnlyRootFilesystem: false etcd: pod: runAsUser: 65534 container: etcd: runAsUser: 0 readOnlyRootFilesystem: false etcd_test: pod: runAsUser: 65534 container: etcd_test: runAsUser: 0 readOnlyRootFilesystem: false probes: etcd: etcd: liveness: enabled: true params: failureThreshold: 10 initialDelaySeconds: 15 periodSeconds: 30 timeoutSeconds: 3 readiness: enabled: true params: failureThreshold: 10 initialDelaySeconds: 5 periodSeconds: 30 mounts: daemonset_anchor: daemonset_anchor: replicas: apiserver: 3 lifecycle: upgrades: daemonsets: pod_replacement_strategy: RollingUpdate anchor: enabled: false min_ready_seconds: 0 max_unavailable: 1 termination_grace_period: daemonset_anchor: timeout: 3600 resources: enabled: false daemonset_anchor: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" etcd_pod: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" test: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" jobs: etcdbackup: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" ks_user: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" mandatory_access_control: type: apparmor # requires override for a specific use case e.g. calico-etcd or kubernetes-etcd etcd: etcd: runtime/default etcd-anchor: etcdctl: runtime/default etcd-test: etcd-test: runtime/default etcd-backup: etcd-backup: runtime/default env: etcd: # can be used for tuning, e.g. https://etcd.io/docs/v3.4.0/tuning/ # or other flags, e.g. https://etcd.io/docs/v3.4.0/op-guide/configuration/ # ETCD_HEARTBEAT_INTERVAL: 100 # ETCD_ELECTION_TIMEOUT: 1000 # ETCD_SNAPSHOT_COUNT: 10000 jobs: etcd_backup: cron: "0 */12 * * *" history: success: 3 failed: 1 manifests: configmap_bin: true configmap_certs: true configmap_etc: true daemonset_anchor: true secret: true secret_backup_restore: false service: true test_etcd_health: true cron_etcd_backup: true job_ks_user: false