New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get a working build for the etcd operator #1
base: master
Are you sure you want to change the base?
Conversation
RBAC rules
I have code for an "out of cluster" config -- it lets me run the operator from my computer as a regular process, respecting my |
@xrl Feel free, thanks! |
Turns out the architecture is not compatible with running in local mode, the operator wants to use an etcd client against the replicas. I can't do that easily from an out of cluster process. So I'm just going to forget about it. |
The helm chart isn't accessible the way it has been configured, github's raw HTTP server won't follow the symlink on works: https://raw.githubusercontent.com/neoaggelos/etcd-operator/revive/chart/v0.1.0/etcd-operator-0.1.0.tgz another issue, the index.yaml lists the My hack for testing:
|
I am running this in a rancher cluster with some security constraints in place, I had to add this to the deployment.yaml:
might be good to make this a mountable object in the helm config, something like:
what do you think? |
@xrl Thank you for the catch. Fixed the latest issue, the Also added the securityContext option under I have been keeping this PR open for a while in case issues crop up, but I am considering merging it soon |
FYI, 3.5.2 is no longer considered "production ready" |
Thanks for the heads up |
I have hit a problem with the TLS example, I ran the example
I'll work to sort it out now. I wonder why I don't have a tmp folder. |
I recommend changing |
Awesome, thanks for the heads up! Have you had any luck/progress with the TLS issues? |
I think I will wait for etcd-io/etcd#13948 to be resolved, and skip to 3.5.4 directly. |
I did get TLS working! I ended up switching the operator image to ubuntu so it has a Now the next problem is how to automate the management the CA and generation the peer/server/client certs, but that's out of scope for this repo. Here's the script for creating an appropriate set of secrets for the
I would submit PRs to you but I have an internal branch which includes some Also, waiting for |
The fact that |
I went ahead and tried it, seems to be working OK. Would you mind trying it out? |
Yeah, that does work but I'm not sure it's the deployment's responsibility to fix a flaw in the base image. I think the Dockerfile could be modified to include a tmp file but it would require |
But I agree, it is curious the code was error about a |
Yes, indeed. Perhaps an alpine image image could be a good middle ground. This would also give the operator image a basic |
Summary
Update dependencies and upgrade to Go 1.17