Update to v1.32

2025-11-02 18:31:13 +01:00
parent 09e63cf400
commit de5971961c
43 changed files with 9492 additions and 1426 deletions
--- a/static-pods/master/etcd-events.yaml
+++ b/static-pods/master/etcd-events.yaml
@ -0,0 +1,88 @@
+{{ if .vars.etcd_split_events }}
+apiVersion: v1
+kind: Pod
+metadata:
+    namespace: kube-system
+    name: k8s-etcd
+    annotations:
+      novit.io/bootstrap-prio: "300"
+    labels:
+        component: k8s-etcd
+        tier: control-plane
+spec:
+    hostNetwork: true
+    dnsPolicy: Default
+    priorityClassName: system-cluster-critical
+    automountServiceAccountToken: false
+    tolerations:
+    - key: node.kubernetes.io/not-ready
+      effect: NoSchedule
+    containers:
+        - name: etcd
+          image: {{.vars.etcd_image}}:{{.vars.etcd_version}}
+          command:
+          - etcd
+          - --name={{ .host.name }}
+          - --data-dir=/var/lib/etcd
+          - --trusted-ca-file=/tls/etcd-server/ca.crt
+          - --key-file=/tls/etcd-server/tls.key
+          - --cert-file=/tls/etcd-server/tls.crt
+          - --client-cert-auth=true
+          - --trusted-ca-file=/tls/etcd-server/ca.crt
+          - --listen-client-urls=https://127.0.0.1:2381,https://{{ .host.ip }}:2381
+          - --advertise-client-urls=https://{{ .host.ip }}:2381
+          - --listen-peer-urls=https://{{ .host.ip }}:2382
+          - --peer-trusted-ca-file=/tls/etcd-peer/ca.crt
+          - --peer-key-file=/tls/etcd-peer/tls.key
+          - --peer-cert-file=/tls/etcd-peer/tls.crt
+          - --peer-client-cert-auth=true
+          - --initial-advertise-peer-urls=https://{{ .host.ip }}:2382
+          env:
+          - name:  ETCD_INITIAL_CLUSTER
+            value: {{ range $i, $host := hosts_by_group .vars.master_group }}{{ if gt $i 0 }},{{end}}{{$host.name}}=https://{{$host.ip}}:2382{{end}}
+          - name:  ETCD_INITIAL_CLUSTER_STATE
+            value: existing
+          - name:  ETCD_INITIAL_CLUSTER_TOKEN
+            value: '{{ token "etcd-events" }}'
+          - name:  ETCDCTL_ENDPOINTS
+            value: {{ range $i, $host := hosts_by_group .vars.master_group }}{{ if gt $i 0 }},{{end}}https://{{$host.ip}}:2381{{end}}
+          - name:  ETCDCTL_CACERT
+            value: /tls/etcd-peer/ca.crt
+          - name:  ETCDCTL_CERT
+            value: /tls/etcd-peer/tls.crt
+          - name:  ETCDCTL_KEY
+            value: /tls/etcd-peer/tls.key
+{{ if .vars.control_plane.reserve_resources }}
+          resources:
+            requests:
+              cpu: 200m
+              memory: 1.2Gi
+{{ end }}
+          volumeMounts:
+          - name: etc-certs
+            mountPath: /etc/ssl/certs
+          - name: tls-etcd-server
+            mountPath: /tls/etcd-server
+          - name: tls-etcd-peer
+            mountPath: /tls/etcd-peer
+          - name: k8s
+            mountPath: /etc/kubernetes
+          - name: data
+            mountPath: /var/lib/etcd
+    volumes:
+        - name: etc-certs
+          hostPath:
+              path: /etc/ssl/certs
+        - name: tls-etcd-server
+          hostPath:
+              path: /etc/tls/etcd-server
+        - name: tls-etcd-peer
+          hostPath:
+              path: /etc/tls/etcd-peer
+        - name: k8s
+          hostPath:
+              path: /etc/kubernetes
+        - name: data
+          hostPath:
+              path: /var/lib/etcd-events
+{{ end }}