* remove healthcheck sidecar, perform probes in etcd
container itself, failing liveness probes in sidecar
do not restart problematic etcd container;
* verify that etcdctl member list cmd in anchor is
always successfull;
* adjust ETCDCTL_ENDPOINTS env in etcd container to
POD_IP variable instead of localhost (127.0.0.1);
* add liveness/readiness probes to auxiliary etcd as
well as properly passing etcd configuration variables
as strings;
* monitor current leader in initial etcd cluster, in case
if aux member is current leader pass it to permenant
member, same check applies for aux suicide process;
* etcd aux pod will be alive unless all permanent nodes
come up and join the cluster plus apiserver no longer
relies on aux members;
* add 5 seconds sleep between aux member remove for more
smooth transition process.
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Change-Id: I7918072a6ba5a6b22b359d1616def8c31425462d
Since after v3.5.6 etcd-io switched to a
distroless base image. Etcd anchor pods
are now using etcd-utility and etcd is
running a sidecar for health checks.
Change-Id: I198dca1209097de4d60a53a7568f0c4790679599
The kubernetes-etcd pods are leaving behind zombie processes and
setting 'shareProcessNamespace: true' eliminates that problem.
When you enable process namespace sharing for a Pod, Kubernetes uses a
single process namespace for all the containers in that Pod. The
Kubernetes Pod infrastructure container becomes PID 1 and automatically
reaps orphaned processes. [0]
[0]https://cloud.google.com/solutions/best-practices-for-building-containers#solution_2_enable_process_namespace_sharing_in_kubernetes
Change-Id: I61566fb71258baafa709b0e5367c71f13e980f6f
Allows extra environment variables to be applied to the etcd pods. Can
be used to apply tuning parameters, enable experimental flags, etc.
Change-Id: I9d82514b6e3a292edc472d885c0a61d5c81199f5
This commit enables configuration of probes
for etcd pod by manipulating/overriding values in
values.yaml or through manifests.
Change-Id: I69eabd13f8ea8b97a33281ad993ec2e88b9280bc
This updates the etcd chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to false
Change-Id: I34a8ab3e850779192491b9b127a82b82f05fa00b
The probe script is not being mounted into this pod, causing failures at runtime.
This reverts commit a2e452ae42.
Change-Id: If005ff4244159262c88bfcd85bf2c48caf4b279b
This commit is to add liveness probe to calico-etcd-anchor pod
and both liveness/readiness probe to calico-etcd pod.
Change-Id: I2f856fa9d73152073accd753e715558457ff59e2
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. This can be used, for example, to force an
artificial manifest change in CICD scenarios, for upgradability
testing purposes.
Change-Id: I8d0ffac306258f940c63799e86e7e26b5c2c5add
- Update Makefile to more closely match UCP standards
- Add resource limits to any Pods missing them
Change-Id: Ia791a6b207c2baca7dd3141be71aef513c916661
Ruslan Aliev