unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add etcd cluster

Browse Source
This commit is contained in:
Ben Vincent 2025-03-13 21:00:48 +11:00
parent deae960cc1
commit e17f9170f2
3 changed files with 77 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hieradata/roles/infra/etcd/k8s.eyaml Normal file
View File

@ -0,0 +1,2 @@
---
profiles::etcd::node::initial_cluster_token: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAhLyXszXUU6Dkiw9bEJTH0RXGaV2751NzvLH94i7QHfNukvOslF/kaDOA+FwqG06xSKSKo24Qyj4ewYA3BzhN8XLf2E9uW2LuDrUoA6aXUP2tYPqiTw8zmmgsVV5t7Y5PeNcleV3KmfcJZJKp33yGCKtGF7ggvNvnied5slO6E1BDkcVnqO7sdyI0MqSvsvH4IvEmeiSWAcBRBnwVLIwfn10frIvUg0fH4uZR7DASfO/HstYWKAEacz4xYBv74TtVVtYHlPvnVwC20YIYDMrgBsm3XngyWIQvruQCgyIkRzHjUKCpp76HpyEqzdJdEdaywkODYNOT6ab1B5uUu9WaMjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBADXLPOqFHdnVgJW5+iXJYcgCDK1Eyr+RwvMA+3VszYALU5B6OCH5maplwC5aUgiQZ7ew==]

64
hieradata/roles/infra/etcd/k8s.yaml Normal file
View File

@ -0,0 +1,64 @@
---
hiera_include:
- profiles::etcd::node
profiles::etcd::node::members_lookup: true
profiles::etcd::node::members_role: roles::infra::etcd::k8s
profiles::etcd::node::config:
data-dir: /data/etcd
client-cert-auth: false
client-transport-security:
cert-file: /etc/pki/tls/vault/certificate.crt
key-file: /etc/pki/tls/vault/private.key
client-cert-auth: false
auto-tls: false
peer-transport-security:
cert-file: /etc/pki/tls/vault/certificate.crt
key-file: /etc/pki/tls/vault/private.key
client-cert-auth: false
auto-tls: false
allowed-cn:
max-wals: 5
max-snapshots: 5
snapshot-count: 10000
heartbeat-interval: 100
election-timeout: 1000
cipher-suites: [
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
]
tls-min-version: 'TLS1.2'
tls-max-version: 'TLS1.3'
profiles::pki::vault::alt_names:
- etcd-k8s.service.consul
- etcd-k8s.query.consul
- "etcd-k8s.service.%{facts.country}-%{facts.region}.consul"
profiles::ssh::sign::principals:
- etcd-k8s.query.consul
- etcd-k8s.service.consul
- etcd-k8s.service.%{facts.country}-%{facts.region}.consul
consul::services:
etcd:
service_name: 'etcd-k8s'
tags:
- 'etcd'
- 'k8s'
- 'etcd-k8s'
address: "%{facts.networking.ip}"
port: 2379
checks:
- id: 'etcd_http_health_check'
name: 'ETCD HTTP Health Check'
http: "https://%{facts.networking.ip}:2379/health"
method: 'GET'
interval: '10s'
timeout: '1s'
tls_skip_verify: true
profiles::consul::client::node_rules:
- resource: service
segment: etcd-k8s
disposition: write

11
site/roles/manifests/infra/etcd/k8s.pp Normal file
View File

@ -0,0 +1,11 @@
# a role to deploy etcd for k8s
class roles::infra::etcd::k8s {
if $facts['firstrun'] {
include profiles::defaults
include profiles::firstrun::init
}else{
include profiles::defaults
include profiles::base
include profiles::base::datavol
}
}