config/static-pods/master/etcd.yaml

apiVersion: v1
kind: Pod
metadata:
    namespace: kube-system
    name: k8s-etcd
    annotations:
      novit.io/bootstrap-prio: "300"
    labels:
        component: k8s-etcd
        tier: control-plane
spec:
    hostNetwork: true
    dnsPolicy: Default
    priorityClassName: system-cluster-critical
    automountServiceAccountToken: false
    tolerations:
    - key: node.kubernetes.io/not-ready
      effect: NoSchedule
    containers:
        - name: etcd
          image: {{.vars.etcd.image}}:{{.vars.etcd.version}}
          command:
          - etcd
          - --name={{ .host.name }}
          - --data-dir=/var/lib/etcd
          - --trusted-ca-file=/tls/etcd-server/ca.crt
          - --key-file=/tls/etcd-server/tls.key
          - --cert-file=/tls/etcd-server/tls.crt
          - --client-cert-auth=true
          - --trusted-ca-file=/tls/etcd-server/ca.crt
          - --listen-client-urls=https://127.0.0.1:2379,https://{{ .host.ip }}:2379
          - --advertise-client-urls=https://{{ .host.ip }}:2379
          - --listen-peer-urls=https://{{ .host.ip }}:2380
          - --peer-trusted-ca-file=/tls/etcd-peer/ca.crt
          - --peer-key-file=/tls/etcd-peer/tls.key
          - --peer-cert-file=/tls/etcd-peer/tls.crt
          - --peer-client-cert-auth=true
          - --initial-advertise-peer-urls=https://{{ .host.ip }}:2380
          env:
          - name:  ETCD_INITIAL_CLUSTER
            value: {{ range $i, $host := hosts_by_group "master" }}{{ if gt $i 0 }},{{end}}{{$host.name}}=https://{{$host.ip}}:2380{{end}}
          - name:  ETCD_INITIAL_CLUSTER_STATE
            value: {{ .vars.etcd.cluster_state }}
          - name:  ETCD_INITIAL_CLUSTER_TOKEN
            value: '{{ token "etcd-initial-cluster" }}'
          - name:  ETCDCTL_ENDPOINTS
            value: {{ range $i, $host := hosts_by_group "master" }}{{ if gt $i 0 }},{{end}}https://{{$host.ip}}:2379{{end}}
          - name:  ETCDCTL_CACERT
            value: /tls/etcd-peer/ca.crt
          - name:  ETCDCTL_CERT
            value: /tls/etcd-peer/tls.crt
          - name:  ETCDCTL_KEY
            value: /tls/etcd-peer/tls.key
{{ if .vars.control_plane.reserve_resources }}
          resources:
            requests:
              cpu: 200m
              memory: 1.2Gi
{{ end }}
          volumeMounts:
          - name: etc-certs
            mountPath: /etc/ssl/certs
          - name: tls-etcd-server
            mountPath: /tls/etcd-server
          - name: tls-etcd-peer
            mountPath: /tls/etcd-peer
          - name: k8s
            mountPath: /etc/kubernetes
          - name: data
            mountPath: /var/lib/etcd
    volumes:
        - name: etc-certs
          hostPath:
              path: /etc/ssl/certs
        - name: tls-etcd-server
          hostPath:
              path: /etc/tls/etcd-server
        - name: tls-etcd-peer
          hostPath:
              path: /etc/tls/etcd-peer
        - name: k8s
          hostPath:
              path: /etc/kubernetes
        - name: data
          hostPath:
              path: /var/lib/etcd