This chart bootstraps an etcd-operator and allows the deployment of etcd-cluster(s).
Official project documentation found here
- Kubernetes
>=1.22with stable APIs
To install the chart with the release name my-release:
# If you check out this code locally
$ git clone https://github.com/pgporada/etcd-operator-helm-chart
$ helm install etcd-operator ~/etcd-operator-helm-chart -f /tmp/values.yaml --namespace testflume
# Installing it via my helm repository, for better or worse, probably worse :shrug:
$ helm repo add pgporada https://www.philporada.com/charts/
$ helm search repo pgporada/etcd-operator --versions
NAME CHART VERSION APP VERSION DESCRIPTION
pgporada/etcd-operator 0.11.2 1.2.0 Fork of CoreOS etcd-operator Helm chart for Kub...
$ helm install etcd-operator pgporada/etcd-operator -f /tmp/values.yaml --namespace testflumeNote that by default chart installs etcd operator only. If you want to also deploy etcd cluster, enable customResources.createEtcdClusterCRD flag:
$ helm install --name my-release --set customResources.createEtcdClusterCRD=true pgporada/etcd-operatorTo uninstall/delete the my-release deployment:
$ helm delete my-releaseThe command removes all the Kubernetes components EXCEPT the persistent volume.
Once you have a new chart version, you can update your deployment with:
$ helm upgrade -f ./helm-configs/etcd-operator-values.yaml etcd-operator ~/etcd-operator-helm-chart --namespace testflume
Example resizing etcd cluster from 3 to 5 nodes during helm upgrade:
$ helm upgrade my-release --set etcdCluster.size=5 --set customResources.createEtcdClusterCRD=true pgporada/etcd-operatorThe following table lists the configurable parameters of the etcd-operator chart and their default values.
| Parameter | Description | Default |
|---|---|---|
rbac.create |
Install required RBAC service account, roles and rolebindings | true |
rbac.apiVersion |
RBAC api version v1 |
v1 |
serviceAccount.create |
Flag to create the service account | true |
serviceAccount.name |
Name of the service account resource when RBAC is enabled | etcd-operator-sa |
deployments.etcdOperator |
Deploy the etcd cluster operator | true |
deployments.backupOperator |
Deploy the etcd backup operator | true |
deployments.restoreOperator |
Deploy the etcd restore operator | true |
customResources.createEtcdClusterCRD |
Create a custom resource: EtcdCluster | false |
customResources.createBackupCRD |
Create an a custom resource: EtcdBackup | false |
customResources.createRestoreCRD |
Create an a custom resource: EtcdRestore | false |
etcdOperator.name |
Etcd Operator name | etcd-operator |
etcdOperator.replicaCount |
Number of operator replicas to create (only 1 is supported) | 1 |
etcdOperator.image.repository |
etcd-operator container image | ghcr.io/on2itsecurity/etcd-operator |
etcdOperator.image.tag |
etcd-operator container image tag | v1.2.0 |
etcdOperator.image.pullpolicy |
etcd-operator container image pull policy | Always |
etcdOperator.resources.cpu |
CPU limit per etcd-operator pod | 100m |
etcdOperator.resources.memory |
Memory limit per etcd-operator pod | 128Mi |
etcdOperator.securityContext |
SecurityContext for etcd operator | {} |
etcdOperator.nodeSelector |
Node labels for etcd operator pod assignment | {} |
etcdOperator.podAnnotations |
Annotations for the etcd operator pod | {} |
etcdOperator.commandArgs |
Additional command arguments | {} |
etcdOperator.priorityClassName |
Priority class for the etcd-operator pod(s) | "" |
backupOperator.name |
Backup operator name | etcd-backup-operator |
backupOperator.replicaCount |
Number of operator replicas to create (only 1 is supported) | 1 |
backupOperator.image.repository |
Operator container image | quay.io/coreos/etcd-operator |
backupOperator.image.tag |
Operator container image tag | v0.9.3 |
backupOperator.image.pullpolicy |
Operator container image pull policy | Always |
backupOperator.resources.cpu |
CPU limit per etcd-operator pod | 100m |
backupOperator.resources.memory |
Memory limit per etcd-operator pod | 128Mi |
backupOperator.securityContext |
SecurityContext for etcd backup operator | {} |
backupOperator.spec.storageType |
Storage to use for backup file, currently only S3 supported | S3 |
backupOperator.spec.s3.s3Bucket |
Bucket in S3 to store backup file | |
backupOperator.spec.s3.awsSecret |
Name of kubernetes secret containing aws credentials | |
backupOperator.nodeSelector |
Node labels for etcd operator pod assignment | {} |
backupOperator.commandArgs |
Additional command arguments | {} |
backupOperator.priorityClassName |
Priority class for the etcd-backuop-operator pod(s) | "" |
restoreOperator.name |
Restore operator name | etcd-backup-operator |
restoreOperator.replicaCount |
Number of operator replicas to create (only 1 is supported) | 1 |
restoreOperator.image.repository |
Operator container image | quay.io/coreos/etcd-operator |
restoreOperator.image.tag |
Operator container image tag | v0.9.3 |
restoreOperator.image.pullpolicy |
Operator container image pull policy | Always |
restoreOperator.resources.cpu |
CPU limit per etcd-operator pod | 100m |
restoreOperator.resources.memory |
Memory limit per etcd-operator pod | 128Mi |
restoreOperator.securityContext |
SecurityContext for etcd restore operator | {} |
restoreOperator.spec.s3.path |
Path in S3 bucket containing the backup file | |
restoreOperator.spec.s3.awsSecret |
Name of kubernetes secret containing aws credentials | |
restoreOperator.nodeSelector |
Node labels for etcd operator pod assignment | {} |
restoreOperator.commandArgs |
Additional command arguments | {} |
restoreOperator.priorityClassName |
Priority class for the etcd-restore-operator pod(s) | "" |
etcdCluster.name |
etcd cluster name | etcd-cluster |
etcdCluster.size |
etcd cluster size | 3 |
etcdCluster.version |
etcd cluster version | 3.4.18 |
etcdCluster.image.repository |
etcd container image | quay.io/coreos/etcd-operator |
etcdCluster.image.tag |
etcd container image tag | v3.2.25 |
etcdCluster.image.pullPolicy |
etcd container image pull policy | Always |
etcdCluster.enableTLS |
Enable use of TLS | false |
etcdCluster.tls.static.member.peerSecret |
Kubernetes secret containing TLS peer certs | etcd-peer-tls |
etcdCluster.tls.static.member.serverSecret |
Kubernetes secret containing TLS server certs | etcd-server-tls |
etcdCluster.tls.static.operatorSecret |
Kubernetes secret containing TLS client certs | etcd-client-tls |
etcdCluster.pod.antiAffinity |
Whether etcd cluster pods should have an antiAffinity | false |
etcdCluster.pod.resources.limits.cpu |
CPU limit per etcd cluster pod | 100m |
etcdCluster.pod.resources.limits.memory |
Memory limit per etcd cluster pod | 128Mi |
etcdCluster.pod.resources.requests.cpu |
CPU request per etcd cluster pod | 100m |
etcdCluster.pod.resources.requests.memory |
Memory request per etcd cluster pod | 128Mi |
etcdCluster.pod.nodeSelector |
Node labels for etcd cluster pod assignment | {} |
Specify each parameter using the --set key=value[,key=value] argument to helm install. For example:
$ helm install --name my-release --set image.tag=v1.2.0 pgporada/etcd-operatorAlternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example:
$ helm install --name my-release --values values.yaml pgporada/etcd-operatorBy default the chart will install the recommended RBAC roles and rolebindings.
To determine if your cluster supports this running the following:
$ kubectl api-versions | grep rbacYou also need to have the following parameter on the api server. See the following document for how to enable RBAC
--authorization-mode=RBAC
If the output contains "beta" or both "alpha" and "beta" you can may install rbac by default, if not, you may turn RBAC off as described below.
RBAC resources are enabled by default. To disable RBAC do the following:
$ helm install --name my-release pgporada/etcd-operator --set rbac.create=falseBy default the RBAC resources are generated with the "v1beta1" apiVersion. To use "v1alpha1" do the following:
$ helm install --name my-release pgporada/etcd-operator --set rbac.install=true,rbac.apiVersion=v1alpha1