Skip to content

Commit

Permalink
Merge branch 'main' into small-refactoring
Browse files Browse the repository at this point in the history
  • Loading branch information
sergeimonakhov committed Apr 13, 2024
2 parents 268f550 + 6966064 commit 1a201b2
Show file tree
Hide file tree
Showing 3 changed files with 334 additions and 119 deletions.
4 changes: 2 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ KIND_CLUSTER_NAME ?= etcd-operator-kind
NAMESPACE ?= etcd-operator-system

# renovate: datasource=github-tags depName=prometheus-operator/prometheus-operator
PROMETHEUS_OPERATOR_VERSION ?= v0.73.0
PROMETHEUS_OPERATOR_VERSION ?= v0.73.1
# renovate: datasource=github-tags depName=jetstack/cert-manager
CERT_MANAGER_VERSION ?= v1.14.4

Expand Down Expand Up @@ -237,7 +237,7 @@ KIND_VERSION ?= v0.22.0
# renovate: datasource=github-tags depName=helm/helm
HELM_VERSION ?= v3.14.4
# renovate: datasource=github-tags depName=losisin/helm-values-schema-json
HELM_SCHEMA_VERSION ?= v1.2.2
HELM_SCHEMA_VERSION ?= v1.2.4
# renovate: datasource=github-tags depName=norwoodj/helm-docs
HELM_DOCS_VERSION ?= v1.13.1
# renovate: datasource=github-tags depName=mikefarah/yq
Expand Down
216 changes: 216 additions & 0 deletions examples/manifests/etcdcluster-kamaji.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,216 @@
---
apiVersion: etcd.aenix.io/v1alpha1
kind: EtcdCluster
metadata:
name: etcd
namespace: kamaji-system
spec:
storage: {}
security:
tls:
peerTrustedCASecret: etcd-peer-ca-tls
peerSecret: etcd-peer-tls
serverSecret: etcd-server-tls
clientTrustedCASecret: etcd-ca-tls
clientSecret: etcd-client-tls
---
apiVersion: kamaji.clastix.io/v1alpha1
kind: DataStore
metadata:
name: default
spec:
driver: etcd
endpoints:
- etcd-0.etcd.kamaji-system.svc:2379
- etcd-1.etcd.kamaji-system.svc:2379
- etcd-2.etcd.kamaji-system.svc:2379
tlsConfig:
certificateAuthority:
certificate:
secretReference:
keyPath: tls.crt
name: etcd-ca-tls
namespace: kamaji-system
privateKey:
secretReference:
keyPath: tls.key
name: etcd-ca-tls
namespace: kamaji-system
clientCertificate:
certificate:
secretReference:
keyPath: tls.crt
name: etcd-client-tls
namespace: kamaji-system
privateKey:
secretReference:
keyPath: tls.key
name: etcd-client-tls
namespace: kamaji-system
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: etcd-selfsigning-issuer
namespace: kamaji-system
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: etcd-peer-ca
namespace: kamaji-system
spec:
isCA: true
usages:
- "signing"
- "key encipherment"
- "cert sign"
commonName: etcd-peer-ca
subject:
organizations:
- ACME Inc.
organizationalUnits:
- Widgets
secretName: etcd-peer-ca-tls
privateKey:
algorithm: RSA
size: 4096
issuerRef:
name: etcd-selfsigning-issuer
kind: Issuer
group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: etcd-ca
namespace: kamaji-system
spec:
isCA: true
usages:
- "signing"
- "key encipherment"
- "cert sign"
commonName: etcd-ca
subject:
organizations:
- ACME Inc.
organizationalUnits:
- Widgets
secretName: etcd-ca-tls
privateKey:
algorithm: RSA
size: 4096
issuerRef:
name: etcd-selfsigning-issuer
kind: Issuer
group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: etcd-peer-issuer
namespace: kamaji-system
spec:
ca:
secretName: etcd-peer-ca-tls
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: etcd-issuer
namespace: kamaji-system
spec:
ca:
secretName: etcd-ca-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: etcd-server
namespace: kamaji-system
spec:
secretName: etcd-server-tls
isCA: false
usages:
- "server auth"
- "signing"
- "key encipherment"
dnsNames:
- etcd-0
- etcd-0.etcd
- etcd-0.etcd.kamaji-system.svc
- etcd-0.etcd.kamaji-system.svc.cluster.local
- etcd-1
- etcd-1.etcd
- etcd-1.etcd.kamaji-system.svc
- etcd-1.etcd.kamaji-system.svc.cluster.local
- etcd-2
- etcd-2.etcd
- etcd-2.etcd.kamaji-system.svc
- etcd-2.etcd.kamaji-system.svc.cluster.local
- localhost
- "127.0.0.1"
privateKey:
rotationPolicy: Always
algorithm: RSA
size: 4096
issuerRef:
name: etcd-issuer
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: etcd-peer
namespace: kamaji-system
spec:
secretName: etcd-peer-tls
isCA: false
usages:
- "server auth"
- "client auth"
- "signing"
- "key encipherment"
dnsNames:
- etcd-0
- etcd-0.etcd
- etcd-0.etcd.kamaji-system.svc
- etcd-0.etcd.kamaji-system.svc.cluster.local
- etcd-1
- etcd-1.etcd
- etcd-1.etcd.kamaji-system.svc
- etcd-1.etcd.kamaji-system.svc.cluster.local
- etcd-2
- etcd-2.etcd
- etcd-2.etcd.kamaji-system.svc
- etcd-2.etcd.kamaji-system.svc.cluster.local
- localhost
- "127.0.0.1"
privateKey:
rotationPolicy: Always
algorithm: RSA
size: 4096
issuerRef:
name: etcd-peer-issuer
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: etcd-client
namespace: kamaji-system
spec:
commonName: root
secretName: etcd-client-tls
usages:
- "signing"
- "key encipherment"
- "client auth"
privateKey:
rotationPolicy: Always
algorithm: RSA
size: 4096
issuerRef:
name: etcd-issuer
kind: Issuer
Loading

0 comments on commit 1a201b2

Please sign in to comment.