diff --git a/templates/master/00-master/_base/files/etc-kubernetes-manifests-etcd-member.yaml b/templates/master/00-master/_base/files/etc-kubernetes-manifests-etcd-member.yaml deleted file mode 100644 index 9aa1b7c979..0000000000 --- a/templates/master/00-master/_base/files/etc-kubernetes-manifests-etcd-member.yaml +++ /dev/null @@ -1,276 +0,0 @@ -filesystem: "root" -mode: 0644 -path: "/etc/kubernetes/manifests/etcd-member.yaml" -contents: - inline: | - apiVersion: v1 - kind: Pod - metadata: - name: etcd-member - namespace: openshift-etcd - labels: - k8s-app: etcd - spec: - initContainers: - {{if .Images.clusterEtcdOperatorImageKey}} - - name: wait-for-kube - image: "{{.Images.clusterEtcdOperatorImageKey}}" - command: ["/usr/bin/cluster-etcd-operator"] - args: - - "wait-for-kube" - securityContext: - privileged: true - volumeMounts: - - name: sa - mountPath: /var/run/secrets/kubernetes.io/serviceaccount/ - - name: data-dir - mountPath: /var/lib/etcd/ - {{end}} - - name: discovery - image: "{{.Images.setupEtcdEnvKey}}" - command: ["/usr/bin/setup-etcd-environment"] - args: - - "run" - - "--discovery-srv={{.EtcdDiscoveryDomain}}" - - "--output-file=/run/etcd/environment" - - "--bootstrap-srv={{if .Images.clusterEtcdOperatorImageKey}}{{false}}{{else}}{{true}}{{end}}" - - "--v=4" - securityContext: - privileged: true - volumeMounts: - - name: discovery - mountPath: /run/etcd/ - - name: data-dir - mountPath: /var/lib/etcd/ - - name: certs - mountPath: /etc/ssl/etcd/ - {{if .Images.clusterEtcdOperatorImageKey}} - - name: sa - mountPath: /var/run/secrets/kubernetes.io/serviceaccount/ - {{end}} - env: - - name: ETCD_DATA_DIR - value: "/var/lib/etcd" - - name: ETCD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: certs - image: {{if .Images.clusterEtcdOperatorImageKey }}"{{.Images.clusterEtcdOperatorImageKey}}"{{else}}"{{.Images.kubeClientAgentImageKey}}"{{end}} - command: - - /bin/sh - - -c - - | - #!/bin/sh - set -euxo pipefail - - source /run/etcd/environment - - [ -e /etc/ssl/etcd/system:etcd-server:${ETCD_DNS_NAME}.crt -a \ - -e /etc/ssl/etcd/system:etcd-server:${ETCD_DNS_NAME}.key ] || \{{range etcdServerCertCommand .}} - {{.}}{{end}} - - [ -e /etc/ssl/etcd/system:etcd-peer:${ETCD_DNS_NAME}.crt -a \ - -e /etc/ssl/etcd/system:etcd-peer:${ETCD_DNS_NAME}.key ] || \{{range etcdPeerCertCommand .}} - {{.}}{{end}} - - [ -e /etc/ssl/etcd/system:etcd-metric:${ETCD_DNS_NAME}.crt -a \ - -e /etc/ssl/etcd/system:etcd-metric:${ETCD_DNS_NAME}.key ] || \{{range etcdMetricCertCommand .}} - {{.}}{{end}} - - securityContext: - privileged: true - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: discovery - mountPath: /run/etcd/ - - name: certs - mountPath: /etc/ssl/etcd/ - - name: kubeconfig - mountPath: /etc/kubernetes/kubeconfig - {{if .Images.clusterEtcdOperatorImageKey}} - - name: sa - mountPath: /var/run/secrets/kubernetes.io/serviceaccount/ - {{end}} - {{if .Images.clusterEtcdOperatorImageKey}} - - name: membership - image: "{{.Images.etcdKey}}" - command: - - /bin/sh - - -c - - | - #!/bin/sh - set -euxo pipefail - - source /run/etcd/environment - - # no validation required if member is existing - [ ! -e "/var/lib/etcd/member/snap/db" ] || { - echo "etcd has previously been initialized as a member" - exit 0 - } - - export ETCDCTL_API=3 ETCDCTL_CACERT=/etc/ssl/etcd/ca.crt ETCDCTL_CERT=$(find /etc/ssl/ -name *peer*crt) ETCDCTL_KEY=$(find /etc/ssl/ -name *peer*key) \ - ETCDCTL_ENDPOINTS="$ETCD_ENDPOINTS" - - until $(etcdctl member list | grep $ETCD_DNS_NAME>/dev/null) - do - echo "waiting for $ETCD_DNS_NAME to be added to etcd membership" - sleep 2 - done - securityContext: - privileged: true - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: discovery - mountPath: /run/etcd/ - - name: certs - mountPath: /etc/ssl/etcd/ - - name: data-dir - mountPath: /var/lib/etcd/ - {{end}} - containers: - - name: etcd-member - image: "{{.Images.etcdKey}}" - readinessProbe: - exec: - command: - - /bin/sh - - -ec - - "lsof -n -i :2380 | grep LISTEN" - failureThreshold: 3 - initialDelaySeconds: 3 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - command: - - /bin/sh - - -c - - | - #!/bin/sh - set -euo pipefail - - source /run/etcd/environment - - set -a - source /etc/etcd/etcd.conf - set +a - - exec etcd \ - --initial-advertise-peer-urls=https://${ETCD_ESCAPED_IP_ADDRESS}:2380 \ - --cert-file=/etc/ssl/etcd/system:etcd-server:${ETCD_DNS_NAME}.crt \ - --key-file=/etc/ssl/etcd/system:etcd-server:${ETCD_DNS_NAME}.key \ - --trusted-ca-file=/etc/ssl/etcd/ca.crt \ - --client-cert-auth=true \ - --peer-cert-file=/etc/ssl/etcd/system:etcd-peer:${ETCD_DNS_NAME}.crt \ - --peer-key-file=/etc/ssl/etcd/system:etcd-peer:${ETCD_DNS_NAME}.key \ - --peer-trusted-ca-file=/etc/ssl/etcd/ca.crt \ - --peer-client-cert-auth=true \ - --advertise-client-urls=https://${ETCD_ESCAPED_IP_ADDRESS}:2379 \ - --listen-client-urls=https://${ETCD_ESCAPED_ALL_IPS}:2379 \ - --listen-peer-urls=https://${ETCD_ESCAPED_ALL_IPS}:2380 \ - --listen-metrics-urls=https://${ETCD_ESCAPED_ALL_IPS}:9978 \ - securityContext: - privileged: true - resources: - requests: - memory: 600Mi - cpu: 300m - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: discovery - mountPath: /run/etcd/ - - name: certs - mountPath: /etc/ssl/etcd/ - - name: data-dir - mountPath: /var/lib/etcd/ - - name: conf - mountPath: /etc/etcd/ - lifecycle: - postStart: - exec: - command: - - /bin/sh - - -c - - echo 'export ETCDCTL_CACERT=/etc/ssl/etcd/ca.crt ETCDCTL_CERT=$(find /etc/ssl/ -name *peer*crt) ETCDCTL_KEY=$(find /etc/ssl/ -name *peer*key)' >> /root/.profile - - env: - - name: ETCDCTL_API - value: "3" - - name: ETCD_DATA_DIR - value: "/var/lib/etcd" - - name: ENV - value: "/root/.profile" - - name: ETCD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ports: - - name: peer - containerPort: 2380 - protocol: TCP - - name: server - containerPort: 2379 - protocol: TCP - - name: etcd-metrics - image: "{{.Images.etcdKey}}" - command: - - /bin/sh - - -c - - | - #!/bin/sh - set -euo pipefail - - source /run/etcd/environment - - exec etcd grpc-proxy start \ - --endpoints https://${ETCD_DNS_NAME}:9978 \ - --metrics-addr https://${ETCD_ESCAPED_ALL_IPS}:9979 \ - --listen-addr ${ETCD_ESCAPED_LOCALHOST_IP}:9977 \ - --key /etc/ssl/etcd/system:etcd-peer:${ETCD_DNS_NAME}.key \ - --key-file /etc/ssl/etcd/system:etcd-metric:${ETCD_DNS_NAME}.key \ - --cert /etc/ssl/etcd/system:etcd-peer:${ETCD_DNS_NAME}.crt \ - --cert-file /etc/ssl/etcd/system:etcd-metric:${ETCD_DNS_NAME}.crt \ - --cacert /etc/ssl/etcd/ca.crt \ - --trusted-ca-file /etc/ssl/etcd/metric-ca.crt \ - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: discovery - mountPath: /run/etcd/ - - name: certs - mountPath: /etc/ssl/etcd/ - env: - - name: ETCDCTL_API - value: "3" - ports: - - name: metric - containerPort: 9979 - protocol: TCP - securityContext: - privileged: true - hostNetwork: true - priorityClassName: system-node-critical - tolerations: - - operator: "Exists" - restartPolicy: Always - volumes: - - name: certs - hostPath: - path: /etc/kubernetes/static-pod-resources/etcd-member - - name: kubeconfig - hostPath: - path: /etc/kubernetes/kubeconfig - - name: discovery - hostPath: - path: /run/etcd - - name: data-dir - hostPath: - path: /var/lib/etcd - - name: conf - hostPath: - path: /etc/etcd - {{if .Images.clusterEtcdOperatorImageKey}} - - name: sa - hostPath: - path: /etc/kubernetes/static-pod-resources/etcd-member/secrets/kubernetes.io/sa-token - {{end}}