Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Migrating etcd-quorum-guard from MCO.
- Loading branch information
retroflexer
committed
Jul 15, 2020
1 parent
4dc84e7
commit b64cb41
Showing
2 changed files
with
114 additions
and
0 deletions.
There are no files selected for viewing
102 changes: 102 additions & 0 deletions
102
manifests/0000_12_etcd-operator_08_etcdquorumguard_deployment.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: etcd-quorum-guard | ||
namespace: openshift-etcd-operator | ||
annotations: | ||
exclude.release.openshift.io/internal-openshift-hosted: "true" | ||
spec: | ||
replicas: 3 | ||
selector: | ||
matchLabels: | ||
k8s-app: etcd-quorum-guard | ||
strategy: | ||
rollingUpdate: | ||
maxSurge: 0 | ||
maxUnavailable: 1 | ||
type: RollingUpdate | ||
template: | ||
metadata: | ||
labels: | ||
name: etcd-quorum-guard | ||
k8s-app: etcd-quorum-guard | ||
spec: | ||
hostNetwork: true | ||
affinity: | ||
podAntiAffinity: | ||
requiredDuringSchedulingIgnoredDuringExecution: | ||
- labelSelector: | ||
matchExpressions: | ||
- key: k8s-app | ||
operator: In | ||
values: | ||
- "etcd-quorum-guard" | ||
topologyKey: kubernetes.io/hostname | ||
nodeSelector: | ||
node-role.kubernetes.io/master: "" | ||
priorityClassName: "system-cluster-critical" | ||
terminationGracePeriodSeconds: 3 | ||
tolerations: | ||
- key: node-role.kubernetes.io/master | ||
effect: NoSchedule | ||
operator: Exists | ||
- key: node.kubernetes.io/not-ready | ||
effect: NoExecute | ||
operator: Exists | ||
tolerationSeconds: 120 | ||
- key: node.kubernetes.io/unreachable | ||
effect: NoExecute | ||
operator: Exists | ||
tolerationSeconds: 120 | ||
- key: node-role.kubernetes.io/etcd | ||
operator: Exists | ||
effect: NoSchedule | ||
containers: | ||
- name: guard | ||
image: quay.io/openshift/origin-cli:latest | ||
imagePullPolicy: IfNotPresent | ||
terminationMessagePolicy: FallbackToLogsOnError | ||
volumeMounts: | ||
- mountPath: /var/run/secrets/etcd-client | ||
name: etcd-client | ||
- mountPath: /var/run/configmaps/etcd-ca | ||
name: etcd-ca | ||
command: | ||
- /bin/bash | ||
args: | ||
- -c | ||
- | | ||
# properly handle TERM and exit as soon as it is signaled | ||
set -euo pipefail | ||
trap 'jobs -p | xargs -r kill; exit 0' TERM | ||
sleep infinity & wait | ||
readinessProbe: | ||
exec: | ||
command: | ||
- /bin/sh | ||
- -c | ||
- | | ||
declare -r health_endpoint="https://localhost:2379/health" | ||
declare -r cert="/var/run/secrets/etcd-client/tls.crt" | ||
declare -r key="/var/run/secrets/etcd-client/tls.key" | ||
declare -r cacert="/var/run/configmaps/etcd-ca/ca-bundle.crt" | ||
export NSS_SDB_USE_CACHE=no | ||
[[ -z $cert || -z $key ]] && exit 1 | ||
curl --max-time 2 --silent --cert "${cert//:/\:}" --key "$key" --cacert "$cacert" "$health_endpoint" |grep '{ *"health" *: *"true" *}' | ||
initialDelaySeconds: 5 | ||
periodSeconds: 5 | ||
failureThreshold: 3 | ||
timeoutSeconds: 3 | ||
resources: | ||
requests: | ||
cpu: 10m | ||
memory: 5Mi | ||
securityContext: | ||
privileged: true | ||
volumes: | ||
- name: etcd-client | ||
secret: | ||
secretName: etcd-client | ||
- name: etcd-ca | ||
configMap: | ||
name: etcd-ca-bundle |
12 changes: 12 additions & 0 deletions
12
manifests/0000_12_etcd-operator_09_etcdquorumguard_pdb.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
apiVersion: policy/v1beta1 | ||
kind: PodDisruptionBudget | ||
metadata: | ||
namespace: openshift-etcd-operator | ||
name: etcd-quorum-guard | ||
annotations: | ||
exclude.release.openshift.io/internal-openshift-hosted: "true" | ||
spec: | ||
maxUnavailable: 1 | ||
selector: | ||
matchLabels: | ||
k8s-app: etcd-quorum-guard |