in operator/pkg/controllers/etcd/pod.go [36:173]
func podSpecFor(controlPlane *v1alpha1.ControlPlane) *v1.PodSpec {
return &v1.PodSpec{
TerminationGracePeriodSeconds: aws.Int64(1),
HostNetwork: true,
DNSPolicy: v1.DNSClusterFirstWithHostNet,
NodeSelector: nodeSelector(controlPlane.ClusterName()),
TopologySpreadConstraints: []v1.TopologySpreadConstraint{{
MaxSkew: int32(1),
TopologyKey: "topology.kubernetes.io/zone",
WhenUnsatisfiable: v1.DoNotSchedule,
LabelSelector: &metav1.LabelSelector{
MatchLabels: labelsFor(controlPlane.ClusterName()),
},
}, {
MaxSkew: int32(1),
TopologyKey: "kubernetes.io/hostname",
WhenUnsatisfiable: v1.DoNotSchedule,
LabelSelector: &metav1.LabelSelector{
MatchLabels: labelsFor(controlPlane.ClusterName()),
},
}},
Containers: []v1.Container{{
Name: "etcd",
Image: imageprovider.ETCD(),
Ports: []v1.ContainerPort{{
ContainerPort: 2379,
Name: "etcd",
}, {
ContainerPort: 2380,
Name: "etcd-peer",
}},
VolumeMounts: []v1.VolumeMount{{
Name: "etcd-data",
MountPath: "/var/lib/etcd",
}, {
Name: "etcd-ca",
MountPath: "/etc/kubernetes/pki",
}, {
Name: "etcd-peer-certs",
MountPath: "/etc/kubernetes/pki/etcd/peer",
}, {
Name: "etcd-server-certs",
MountPath: "/etc/kubernetes/pki/etcd/server",
}},
Command: []string{"etcd"},
Args: []string{
"--cert-file=/etc/kubernetes/pki/etcd/server/server.crt",
"--initial-cluster=" + initialClusterFlag(controlPlane),
"--data-dir=/var/lib/etcd",
"--initial-cluster-state=new",
"--initial-cluster-token=etcd-cluster-1",
"--key-file=/etc/kubernetes/pki/etcd/server/server.key",
"--advertise-client-urls=" + advertizeClusterURL(controlPlane),
"--initial-advertise-peer-urls=" + advertizePeerURL(controlPlane),
"--listen-client-urls=https://$(NODE_IP):2379,https://127.0.0.1:2379",
"--listen-metrics-urls=http://127.0.0.1:2381",
"--listen-peer-urls=https://$(NODE_IP):2380",
"--name=$(NODE_ID)",
"--peer-cert-file=/etc/kubernetes/pki/etcd/peer/peer.crt",
"--peer-client-cert-auth=true",
"--peer-key-file=/etc/kubernetes/pki/etcd/peer/peer.key",
"--peer-trusted-ca-file=/etc/kubernetes/pki/ca.crt",
"--snapshot-count=10000",
"--trusted-ca-file=/etc/kubernetes/pki/ca.crt",
"--logger=zap",
"--quota-backend-bytes=8589934592",
},
Env: []v1.EnvVar{{
Name: "NODE_IP",
ValueFrom: &v1.EnvVarSource{
FieldRef: &v1.ObjectFieldSelector{
FieldPath: "status.podIP",
},
},
}, {
Name: "NODE_ID",
ValueFrom: &v1.EnvVarSource{
FieldRef: &v1.ObjectFieldSelector{
FieldPath: "metadata.name",
},
},
}},
}},
Volumes: []v1.Volume{{
Name: "etcd-data",
VolumeSource: v1.VolumeSource{
HostPath: &v1.HostPathVolumeSource{
Path: "/var/lib/etcd",
},
},
}, {
Name: "etcd-ca",
VolumeSource: v1.VolumeSource{
Secret: &v1.SecretVolumeSource{
SecretName: CASecretNameFor(controlPlane.ClusterName()),
DefaultMode: aws.Int32(0400),
Items: []v1.KeyToPath{{
Key: secrets.SecretPublicKey,
Path: "ca.crt",
}, {
Key: secrets.SecretPrivateKey,
Path: "ca.key",
}},
},
},
}, {
Name: "etcd-peer-certs",
VolumeSource: v1.VolumeSource{
Secret: &v1.SecretVolumeSource{
SecretName: caPeerName(controlPlane),
DefaultMode: aws.Int32(0400),
Items: []v1.KeyToPath{{
Key: secrets.SecretPublicKey,
Path: "peer.crt",
}, {
Key: secrets.SecretPrivateKey,
Path: "peer.key",
}},
},
},
}, {
Name: "etcd-server-certs",
VolumeSource: v1.VolumeSource{
Secret: &v1.SecretVolumeSource{
SecretName: caServerName(controlPlane),
DefaultMode: aws.Int32(0400),
Items: []v1.KeyToPath{{
Key: secrets.SecretPublicKey,
Path: "server.crt",
}, {
Key: secrets.SecretPrivateKey,
Path: "server.key",
}},
},
},
}},
}
}