Skip to content

Commit

Permalink
refactor etcd-defrag
Browse files Browse the repository at this point in the history
  • Loading branch information
@cwrau
cwrau committed Jul 1, 2024
1 parent 02a7849 commit 0b92f77
Show file tree
Hide file tree
Showing 3 changed files with 92 additions and 92 deletions.
87 changes: 87 additions & 0 deletions charts/t8s-cluster/templates/_etcd-defrag.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
{{- define "t8s-cluster.etcd-defrag" -}}
{{- $_ := merge . (pick .context "Values" "Release" "Chart") -}}
apiVersion: batch/v1
kind: CronJob
metadata:
name: kube-etcd-defrag
namespace: {{ .hosted | ternary .Release.Namespace "kube-system" }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
spec:
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 10
successfulJobsHistoryLimit: 1
schedule: '42 * * * *'
jobTemplate:
spec:
backoffLimit: 6
template:
spec:
automountServiceAccountToken: false
containers:
- command:
- etcdctl
- defrag
- --cluster
- --cacert=/etc/kubernetes/pki/etcd/ca.crt
- --cert=/etc/kubernetes/pki/etcd/peer.crt
- --key=/etc/kubernetes/pki/etcd/peer.key
env:
- name: ETCDCTL_API
value: "3"
- name: ETCDCTL_ENDPOINTS
value: {{ .hosted | ternary (printf "kmc-%s-etcd:2379" .Release.Name) "localhost:2379" }}
image: {{ include "common.images.image" (dict "imageRoot" .Values.global.etcd.image "global" .Values.global) }}
imagePullPolicy: IfNotPresent
name: etcd-defrag
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /etc/kubernetes/pki/etcd
name: etcd-certs
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: OnFailure
{{- if not .hosted }}
hostNetwork: true
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
{{- end }}
volumes:
- name: etcd-certs
{{- if .hosted }}
projected:
defaultMode: 420
sources:
- secret:
items:
- key: tls.crt
path: ca.crt
name: {{ printf "%s-etcd" .Release.Name }}
- secret:
items:
- key: tls.crt
path: peer.crt
- key: tls.key
path: peer.key
name: {{ printf "%s-etcd-peer" .Release.Name }}
{{- else }}
hostPath:
path: /etc/kubernetes/pki/etcd
type: Directory
{{- end }}
{{- end -}}
3 changes: 3 additions & 0 deletions charts/t8s-cluster/templates/management-cluster/etcd-defrag.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{{- if .Values.controlPlane.hosted -}}
{{- include "t8s-cluster.etcd-defrag" (dict "context" $ "hosted" true) | nindent 0 -}}
{{- end -}}
94 changes: 2 additions & 92 deletions charts/t8s-cluster/templates/workload-cluster/etcd-defrag.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,93 +1,3 @@
{{- if .Values.controlPlane.hosted -}}
{{- include "t8s-cluster.etcd-defrag" (dict "context" $) | nindent 0 -}}
{{- else -}}
{{- include "t8s-cluster.helm.resourceIntoCluster" (dict "name" "etcd-defrag" "resource" (include "t8s-cluster.etcd-defrag" (dict "context" $)) "context" $ "additionalLabels" (dict "app.kubernetes.io/component" "etcd")) | nindent 0 -}}
{{- end -}}

{{- define "t8s-cluster.etcd-defrag" -}}
{{- $_ := merge . (pick .context "Values" "Release" "Chart") -}}
apiVersion: batch/v1
kind: CronJob
metadata:
name: kube-etcd-defrag
namespace: {{ .Values.controlPlane.hosted | ternary .Release.Namespace "kube-system" }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
spec:
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 10
successfulJobsHistoryLimit: 1
schedule: '42 * * * *'
jobTemplate:
spec:
backoffLimit: 6
template:
spec:
automountServiceAccountToken: false
containers:
- command:
- etcdctl
- defrag
- --cluster
- --cacert=/etc/kubernetes/pki/etcd/ca.crt
- --cert=/etc/kubernetes/pki/etcd/peer.crt
- --key=/etc/kubernetes/pki/etcd/peer.key
env:
- name: ETCDCTL_API
value: "3"
- name: ETCDCTL_ENDPOINTS
value: {{ .Values.controlPlane.hosted | ternary (printf "kmc-%s-etcd:2379" .Release.Name) "localhost:2379" }}
image: {{ include "common.images.image" (dict "imageRoot" .Values.global.etcd.image "global" .Values.global) }}
imagePullPolicy: IfNotPresent
name: etcd-defrag
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /etc/kubernetes/pki/etcd
name: etcd-certs
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: OnFailure
{{- if not .Values.controlPlane.hosted }}
hostNetwork: true
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
{{- end }}
volumes:
- name: etcd-certs
{{- if .Values.controlPlane.hosted }}
projected:
defaultMode: 420
sources:
- secret:
items:
- key: tls.crt
path: ca.crt
name: {{ printf "%s-etcd" .Release.Name }}
- secret:
items:
- key: tls.crt
path: peer.crt
- key: tls.key
path: peer.key
name: {{ printf "%s-etcd-peer" .Release.Name }}
{{- else }}
hostPath:
path: /etc/kubernetes/pki/etcd
type: Directory
{{- end }}
{{- if not .Values.controlPlane.hosted -}}
{{- include "t8s-cluster.helm.resourceIntoCluster" (dict "name" "etcd-defrag" "resource" (include "t8s-cluster.etcd-defrag" (dict "context" $ "hosted" false)) "context" $ "additionalLabels" (dict "app.kubernetes.io/component" "etcd")) | nindent 0 -}}
{{- end -}}

0 comments on commit 0b92f77

Please sign in to comment.