badb432230
Includes hooks for triggering calico, kubelet, and kube-apiserver restarts if etcd certs changed.
21 lines
975 B
Django/Jinja
21 lines
975 B
Django/Jinja
ETCD_DATA_DIR=/var/lib/etcd
|
|
ETCD_ADVERTISE_CLIENT_URLS={{ etcd_client_url }}
|
|
ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_peer_url }}
|
|
ETCD_INITIAL_CLUSTER_STATE={% if etcd_cluster_is_healthy.rc != 0 | bool %}new{% else %}existing{% endif %}
|
|
|
|
ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address }}:2379,https://127.0.0.1:2379
|
|
ETCD_ELECTION_TIMEOUT=10000
|
|
ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd
|
|
ETCD_LISTEN_PEER_URLS=https://{{ etcd_address }}:2380
|
|
ETCD_NAME={{ etcd_member_name }}
|
|
ETCD_PROXY=off
|
|
ETCD_INITIAL_CLUSTER={{ etcd_peer_addresses }}
|
|
|
|
# TLS settings
|
|
ETCD_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
|
|
ETCD_CERT_FILE={{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem
|
|
ETCD_KEY_FILE={{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem
|
|
ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
|
|
ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
|
|
ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
|
|
ETCD_PEER_CLIENT_CERT_AUTH=true
|