ETCD-688: add readyZ for restore pods

Signed-off-by: Thomas Jungblut <tjungblu@redhat.com>
openshift · Nov 12, 2024 · 9434853 · 9434853
1 parent 0079c87
commit 9434853
Show file tree

Hide file tree

Showing 3 changed files with 140 additions and 0 deletions.
diff --git a/bindata/etcd/quorum-restore-pod.yaml b/bindata/etcd/quorum-restore-pod.yaml
@@ -82,6 +82,41 @@ ${COMPUTED_ENV_VARS}
         name: data-dir
       - mountPath: /var/lib/etcd-backup/
         name: backup-dir
+  - name: etcd-readyz
+    image: ${OPERATOR_IMAGE}
+    imagePullPolicy: IfNotPresent
+    terminationMessagePolicy: FallbackToLogsOnError
+    command:
+      - /bin/sh
+      - -c
+      - |
+        #!/bin/sh
+        set -euo pipefail
+        
+        exec nice -n -18 cluster-etcd-operator readyz \
+          --target=https://localhost:2379 \
+          --listen-port=9980 \
+          --serving-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \
+          --serving-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \
+          --client-cert-file=$(ETCDCTL_CERT) \
+          --client-key-file=$(ETCDCTL_KEY) \
+          --client-cacert-file=$(ETCDCTL_CACERT) \
+          --listen-cipher-suites=$(ETCD_CIPHER_SUITES)
+    securityContext:
+      privileged: true
+    ports:
+      - containerPort: 9980
+        name: readyz
+        protocol: TCP
+    resources:
+      requests:
+        memory: 50Mi
+        cpu: 10m
+    env:
+${COMPUTED_ENV_VARS}
+    volumeMounts:
+    - mountPath: /etc/kubernetes/static-pod-certs
+      name: cert-dir
   hostNetwork: true
   priorityClassName: system-node-critical
   tolerations:

diff --git a/bindata/etcd/restore-pod.yaml b/bindata/etcd/restore-pod.yaml
@@ -138,6 +138,41 @@ ${COMPUTED_ENV_VARS}
         name: data-dir
       - mountPath: /var/lib/etcd-backup/
         name: backup-dir
+  - name: etcd-readyz
+    image: ${OPERATOR_IMAGE}
+    imagePullPolicy: IfNotPresent
+    terminationMessagePolicy: FallbackToLogsOnError
+    command:
+      - /bin/sh
+      - -c
+      - |
+        #!/bin/sh
+        set -euo pipefail
+        
+        exec nice -n -18 cluster-etcd-operator readyz \
+          --target=https://localhost:2379 \
+          --listen-port=9980 \
+          --serving-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \
+          --serving-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \
+          --client-cert-file=$(ETCDCTL_CERT) \
+          --client-key-file=$(ETCDCTL_KEY) \
+          --client-cacert-file=$(ETCDCTL_CACERT) \
+          --listen-cipher-suites=$(ETCD_CIPHER_SUITES)
+    securityContext:
+      privileged: true
+    ports:
+      - containerPort: 9980
+        name: readyz
+        protocol: TCP
+    resources:
+      requests:
+        memory: 50Mi
+        cpu: 10m
+    env:
+${COMPUTED_ENV_VARS}
+    volumeMounts:
+    - mountPath: /etc/kubernetes/static-pod-certs
+      name: cert-dir
   hostNetwork: true
   priorityClassName: system-node-critical
   tolerations:

diff --git a/pkg/operator/etcd_assets/bindata.go b/pkg/operator/etcd_assets/bindata.go