-
Notifications
You must be signed in to change notification settings - Fork 47
/
etcd-bootstrap-configmap.yaml
148 lines (128 loc) · 4.82 KB
/
etcd-bootstrap-configmap.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.configMapName }}
namespace: {{ .Release.Namespace }}
labels:
name: etcd
instance: {{ .Values.name }}
{{- if .Values.labels }}
{{ toYaml .Values.labels | indent 4 }}
{{- end }}
ownerReferences:
- apiVersion: druid.gardener.cloud/v1alpha1
blockOwnerDeletion: true
controller: true
kind: Etcd
name: {{ .Values.name }}
uid: {{ .Values.uid }}
data:
bootstrap.sh: |-
#!/bin/sh
VALIDATION_MARKER=/var/etcd/data/validation_marker
{{- if .Values.etcd.enableTLS }}
# Add self-signed CA to list of root CA-certificates
cat /var/etcd/ssl/ca/ca.crt >> /etc/ssl/certs/ca-certificates.crt
if [ $? -ne 0 ]
then
echo "failed to update root certificate list"
exit 1
fi
{{- end }}
trap_and_propagate() {
PID=$1
shift
for sig in "$@" ; do
trap "kill -$sig $PID" "$sig"
done
}
start_managed_etcd(){
rm -rf $VALIDATION_MARKER
etcd --config-file /var/etcd/config/etcd.conf.yaml &
ETCDPID=$!
trap_and_propagate $ETCDPID INT TERM
wait $ETCDPID
RET=$?
echo $RET > $VALIDATION_MARKER
exit $RET
}
check_and_start_etcd(){
while true;
do
wget "http{{ if .Values.etcd.enableTLS }}s{{ end }}://{{ .Values.name }}-local:{{ .Values.backup.port }}/initialization/status" -S -O status;
STATUS=$(cat status);
case $STATUS in
"New")
wget "http{{ if .Values.etcd.enableTLS }}s{{ end }}://{{ .Values.name }}-local:{{ .Values.backup.port }}/initialization/start?mode=$1{{- if .Values.backup.failBelowRevision }}&failbelowrevision={{ int $.Values.backup.failBelowRevision }}{{- end }}" -S -O - ;;
"Progress")
sleep 1;
continue;;
"Failed")
continue;;
"Successful")
echo "Bootstrap preprocessing end time: $(date)"
start_managed_etcd
break
;;
esac;
done
}
echo "Bootstrap preprocessing start time: $(date)"
if [ ! -f $VALIDATION_MARKER ] ;
then
echo "No $VALIDATION_MARKER file. Perform complete initialization routine and start etcd."
check_and_start_etcd full
else
echo "$VALIDATION_MARKER file present. Check return status and decide on initialization"
run_status=$(cat $VALIDATION_MARKER)
echo "$VALIDATION_MARKER content: $run_status"
if [ $run_status == '143' ] || [ $run_status == '130' ] || [ $run_status == '0' ] ; then
echo "Requesting sidecar to perform sanity validation"
check_and_start_etcd sanity
else
echo "Requesting sidecar to perform full validation"
check_and_start_etcd full
fi
fi
etcd.conf.yaml: |-
# Human-readable name for this member.
name: etcd-{{ printf "%.6s" .Values.uid }}
# Path to the data directory.
data-dir: /var/etcd/data/new.etcd
# metrics configuration
metrics: {{ .Values.etcd.metrics }}
# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 75000
# Accept etcd V2 client requests
enable-v2: false
# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
{{- if .Values.backup.etcdQuotaBytes }}
quota-backend-bytes: {{ int $.Values.backup.etcdQuotaBytes }}
{{- end }}
# List of comma separated URLs to listen on for client traffic.
listen-client-urls: {{ if .Values.etcd.enableTLS }}https{{ else }}http{{ end }}://0.0.0.0:{{ .Values.etcd.clientPort }}
# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: {{ if .Values.etcd.enableTLS }}https{{ else }}http{{ end }}://0.0.0.0:{{ .Values.etcd.clientPort }}
# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: {{ .Values.etcd.initialClusterToken }}
# Initial cluster state ('new' or 'existing').
initial-cluster-state: {{ .Values.etcd.initialClusterState }}
# keep one day of history
auto-compaction-mode: periodic
auto-compaction-retention: "24"
{{- if .Values.etcd.enableTLS }}
client-transport-security:
# Path to the client server TLS cert file.
cert-file: /var/etcd/ssl/server/tls.crt
# Path to the client server TLS key file.
key-file: /var/etcd/ssl/server/tls.key
# Enable client cert authentication.
client-cert-auth: true
# Path to the client server TLS trusted CA cert file.
trusted-ca-file: /var/etcd/ssl/ca/ca.crt
# Client TLS using generated certificates
auto-tls: false
{{- end }}