65 lines
1.6 KiB
YAML
65 lines
1.6 KiB
YAML
---
|
|
hiera_include:
|
|
- profiles::etcd::node
|
|
|
|
profiles::etcd::node::members_lookup: true
|
|
profiles::etcd::node::members_role: roles::infra::etcd::k8s
|
|
|
|
profiles::etcd::node::config:
|
|
data-dir: /data/etcd
|
|
client-cert-auth: false
|
|
client-transport-security:
|
|
cert-file: /etc/pki/tls/vault/certificate.crt
|
|
key-file: /etc/pki/tls/vault/private.key
|
|
client-cert-auth: false
|
|
auto-tls: false
|
|
peer-transport-security:
|
|
cert-file: /etc/pki/tls/vault/certificate.crt
|
|
key-file: /etc/pki/tls/vault/private.key
|
|
client-cert-auth: false
|
|
auto-tls: false
|
|
allowed-cn:
|
|
max-wals: 5
|
|
max-snapshots: 5
|
|
snapshot-count: 10000
|
|
heartbeat-interval: 100
|
|
election-timeout: 1000
|
|
cipher-suites: [
|
|
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
]
|
|
tls-min-version: 'TLS1.2'
|
|
tls-max-version: 'TLS1.3'
|
|
|
|
profiles::pki::vault::alt_names:
|
|
- etcd-k8s.service.consul
|
|
- etcd-k8s.query.consul
|
|
- "etcd-k8s.service.%{facts.country}-%{facts.region}.consul"
|
|
|
|
profiles::ssh::sign::principals:
|
|
- etcd-k8s.query.consul
|
|
- etcd-k8s.service.consul
|
|
- etcd-k8s.service.%{facts.country}-%{facts.region}.consul
|
|
|
|
consul::services:
|
|
etcd:
|
|
service_name: 'etcd-k8s'
|
|
tags:
|
|
- 'etcd'
|
|
- 'k8s'
|
|
- 'etcd-k8s'
|
|
address: "%{facts.networking.ip}"
|
|
port: 2379
|
|
checks:
|
|
- id: 'etcd_http_health_check'
|
|
name: 'ETCD HTTP Health Check'
|
|
http: "https://%{facts.networking.ip}:2379/health"
|
|
method: 'GET'
|
|
interval: '10s'
|
|
timeout: '1s'
|
|
tls_skip_verify: true
|
|
profiles::consul::client::node_rules:
|
|
- resource: service
|
|
segment: etcd-k8s
|
|
disposition: write
|