apiVersion: v1 kind: Pod metadata: namespace: kube-system name: k8s-etcd annotations: novit.io/bootstrap-prio: "300" labels: component: k8s-etcd tier: control-plane spec: hostNetwork: true dnsPolicy: Default priorityClassName: system-cluster-critical automountServiceAccountToken: false tolerations: - key: node.kubernetes.io/not-ready effect: NoSchedule containers: - name: etcd image: {{.vars.etcd.image}}:{{.vars.etcd.version}} command: - etcd - --name={{ .host.name }} - --data-dir=/var/lib/etcd - --trusted-ca-file=/tls/etcd-server/ca.crt - --key-file=/tls/etcd-server/tls.key - --cert-file=/tls/etcd-server/tls.crt - --client-cert-auth=true - --trusted-ca-file=/tls/etcd-server/ca.crt - --listen-client-urls=https://127.0.0.1:2379,https://{{ .host.ip }}:2379 - --advertise-client-urls=https://{{ .host.ip }}:2379 - --listen-peer-urls=https://{{ .host.ip }}:2380 - --peer-trusted-ca-file=/tls/etcd-peer/ca.crt - --peer-key-file=/tls/etcd-peer/tls.key - --peer-cert-file=/tls/etcd-peer/tls.crt - --peer-client-cert-auth=true - --initial-advertise-peer-urls=https://{{ .host.ip }}:2380 env: - name: ETCD_INITIAL_CLUSTER value: {{ range $i, $host := hosts_by_group "master" }}{{ if gt $i 0 }},{{end}}{{$host.name}}=https://{{$host.ip}}:2380{{end}} - name: ETCD_INITIAL_CLUSTER_STATE value: {{ .vars.etcd.cluster_state }} - name: ETCD_INITIAL_CLUSTER_TOKEN value: '{{ token "etcd-initial-cluster" }}' - name: ETCDCTL_ENDPOINTS value: {{ range $i, $host := hosts_by_group "master" }}{{ if gt $i 0 }},{{end}}https://{{$host.ip}}:2379{{end}} - name: ETCDCTL_CACERT value: /tls/etcd-peer/ca.crt - name: ETCDCTL_CERT value: /tls/etcd-peer/tls.crt - name: ETCDCTL_KEY value: /tls/etcd-peer/tls.key {{ if .vars.control_plane.reserve_resources }} resources: requests: cpu: 200m memory: 1.2Gi {{ end }} volumeMounts: - name: etc-certs mountPath: /etc/ssl/certs - name: tls-etcd-server mountPath: /tls/etcd-server - name: tls-etcd-peer mountPath: /tls/etcd-peer - name: k8s mountPath: /etc/kubernetes - name: data mountPath: /var/lib/etcd volumes: - name: etc-certs hostPath: path: /etc/ssl/certs - name: tls-etcd-server hostPath: path: /etc/tls/etcd-server - name: tls-etcd-peer hostPath: path: /etc/tls/etcd-peer - name: k8s hostPath: path: /etc/kubernetes - name: data hostPath: path: /var/lib/etcd