--- apiVersion: v1 items: - apiVersion: v1 data: install-config: | additionalTrustBundlePolicy: Proxyonly apiVersion: v1 baseDomain: openstack.lab compute: - architecture: amd64 hyperthreading: Enabled name: worker platform: {} replicas: 0 controlPlane: architecture: amd64 hyperthreading: Enabled name: master platform: {} replicas: 3 metadata: creationTimestamp: null name: ocp networking: clusterNetwork: - cidr: 10.128.0.0/14 hostPrefix: 23 machineNetwork: - cidr: 192.168.32.0/20 networkType: OVNKubernetes serviceNetwork: - 172.30.0.0/16 platform: none: {} publish: External pullSecret: "" sshKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC62fkgDPZ2PDRHs4A6XeLKSCXPvBHOrnekhCGjWg2SkmPMhCBBvBYpJs2t4KkUR0Eh5UOrtLBAnLW/hTkq6gr3jlZ2nTHtnXsCKLaq7ARUMeVDpJbQIzTa7Sko1bRapGzibtodr+s3GJOmnyAZrGBDii+0xpaafxx9BTxQLcMBZU7JkpwEgevrvMVk0UZtBnzlRxc9PS5OuWK9XMY1o6g9RddMRFtOAeEMoFPorOcLj2cYPRQiHv+3xedg+InbtuNBN1XQamKReVIejwmHZyxIPcaWWIIqEC2sjeyKTNn7XJpz0plWCVGVWZ0mt4L7XyksL45PSfw9Z4qdEFFIhewz kind: ConfigMap metadata: annotations: kubernetes.io/description: The install-config content used to create the cluster. The cluster configuration may have evolved since installation, so check cluster configuration resources directly if you are interested in the current cluster state. creationTimestamp: "2025-10-11T10:28:22Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:install-config: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:28:22Z" name: cluster-config-v1 namespace: openshift-etcd resourceVersion: "5244" uid: 473da1b1-fc65-4c2d-a032-046fe4d690c8 - apiVersion: v1 data: metrics-ca-bundle.crt: | -----BEGIN CERTIFICATE----- MIIDUzCCAjugAwIBAgIIPasoZ+2HW58wDQYJKoZIhvcNAQELBQAwNzE1MDMGA1UE Awwsb3BlbnNoaWZ0LWV0Y2RfZXRjZC1tZXRyaWMtc2lnbmVyQDE3NjAxNzgxNzMw HhcNMjUxMDExMTAyMjUyWhcNMzAxMDEwMTAyMjUzWjA3MTUwMwYDVQQDDCxvcGVu c2hpZnQtZXRjZF9ldGNkLW1ldHJpYy1zaWduZXJAMTc2MDE3ODE3MzCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1BiQoe8ZI/qgSDxVLFCRz4L/dk52RW hMeWwqJ/U6sU69l3o5Q5T9A+NpDyC4dTc21xp92YhqrR8uqjVRoNCw9B+S+2KyrY 7LWru5bUGo+XLYw1C1AKUfsXcxtO9E96mIw2sZEGwt6+l0TS4I9ZSil1L5vUja3O FSRozP9iARFNslGNWfCJEbey4EZUUNch4MpALpwgr8e2N4eXcV8qsjFWZkt97Rv6 nIIxxDPSvrZk7nn5NYCuWO9LV4Q+z/SQEvagXQ578RT9p0je7kpaGqoyz0ZcyMIx h/tlXL2MJt3GiJZDiOXDtwZ2tvD1Avp2zMtEi7Ie2+9SzYyKCSKHH6ECAwEAAaNj MGEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIkc rZ6bH5vnpAXAo4onFET8OtgZMB8GA1UdIwQYMBaAFIkcrZ6bH5vnpAXAo4onFET8 OtgZMA0GCSqGSIb3DQEBCwUAA4IBAQBp1jCI3W62UqtO9zhMdj1zY51256rfNZRs VW2QN/Tbncwa/rZcYOkJV248vOcgfbw1kKWFHdZrsMprmGSjeSLpE+F8fBlSe3Jr jm+oQH2CTOfCgIHh0t4JKQn3OBzoywMrkVobi7QLjL/CmycdWpRQPCWDO6SwtDcr mTsR+4oKCxdfRofTwp6Z6agY0vxLoYr/fvFxBfn6E8IleNdJ52sRC4R22Q+Qm4Mf 5UPFz5xxFx1ZlUylUakT+AeDegGUV59Bn1QF6biRbT0nGMS06aFhIVhUUoxWZLS4 fu6MwDGRmvmVgrDwaBcu5je/cXW4dCTTIWJE8D6dtc40HnYdmq87 -----END CERTIFICATE----- server-ca-bundle.crt: | -----BEGIN CERTIFICATE----- MIIDRTCCAi2gAwIBAgIILREC0dUuVFAwDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UE Awwlb3BlbnNoaWZ0LWV0Y2RfZXRjZC1zaWduZXJAMTc2MDE3ODE3MzAeFw0yNTEw MTExMDIyNTJaFw0zMDEwMTAxMDIyNTNaMDAxLjAsBgNVBAMMJW9wZW5zaGlmdC1l dGNkX2V0Y2Qtc2lnbmVyQDE3NjAxNzgxNzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDDpkXyuB4kZOtrBc/Wbkg6MmjqbwYzjvBmRImbZdD4c6K1HbMp pL6d87x6XQLrFOtCTV6HTcnzRWOpDw6cbz4UemgUIofDN7f/MpeEkKIvVPuWoXhJ PW+K2faijYpkUDCpC3Ulx45WOw7XqmT509IXH95cTzvne6pRTxhKHSTtlToN70DN flDHVAWa/y/Oh0u8veNPsV8EuYoAdNg0btS8li6V7P4ZQp3BFvIHRbvQN/4hni41 wVjokow59YrPbCPgVTG4Q45I9rZ0CTzKK+BdDUHL8YqK8c5pD2rd9FwX2E7YoQDb lHb9lsZNL6D66D8Bt+oPilxNpOnBzIo3+CffAgMBAAGjYzBhMA4GA1UdDwEB/wQE AwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQMMajTyWsG8/sCx9j06Pa2 OcDRRTAfBgNVHSMEGDAWgBQMMajTyWsG8/sCx9j06Pa2OcDRRTANBgkqhkiG9w0B AQsFAAOCAQEALNXxGsVAJ6mn0B7ptyR1jRvYEXuoSXUEglqGnofAY343W3l3Kqeh 93nUgYnMt01gWMevitCwwlYqjmj1v/NbMTXmmCXz3mxy9hOZc19sShXnp0vJOiz9 8LfAXFDaUR6tMvdc+8Z2ebtwvD58kSwb0xdTkPA9aHiyDfFzaHvhbG+HAP1KOKWa JidaR0oaT6Ke9+z8PWhIZaWWJLHmDJe/z+9DixMueOsvMrDMtYZSuOC/R8jjyaVf r57jykv0Fnx78YFfRZCOEVGRRfmBq/Jv9/y4R94qq2XkIPIPArRxrjGalJMsQHwQ r3e7B4iaPly1BefnKJABzX07DzsSe1Czyg== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: openshift.io/ceo-bundle-rollout-revision: "0" openshift.io/owning-component: Etcd creationTimestamp: "2025-10-11T10:24:47Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:metrics-ca-bundle.crt: {} f:server-ca-bundle.crt: {} f:metadata: f:annotations: .: {} f:openshift.io/ceo-bundle-rollout-revision: {} f:openshift.io/owning-component: {} manager: cluster-bootstrap operation: Update time: "2025-10-11T10:24:47Z" name: etcd-all-bundles namespace: openshift-etcd resourceVersion: "569" uid: ba87f9a8-61af-420a-b8a8-4fedeaedf777 - apiVersion: v1 data: metrics-ca-bundle.crt: | -----BEGIN CERTIFICATE----- MIIDUzCCAjugAwIBAgIIPasoZ+2HW58wDQYJKoZIhvcNAQELBQAwNzE1MDMGA1UE Awwsb3BlbnNoaWZ0LWV0Y2RfZXRjZC1tZXRyaWMtc2lnbmVyQDE3NjAxNzgxNzMw HhcNMjUxMDExMTAyMjUyWhcNMzAxMDEwMTAyMjUzWjA3MTUwMwYDVQQDDCxvcGVu c2hpZnQtZXRjZF9ldGNkLW1ldHJpYy1zaWduZXJAMTc2MDE3ODE3MzCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1BiQoe8ZI/qgSDxVLFCRz4L/dk52RW hMeWwqJ/U6sU69l3o5Q5T9A+NpDyC4dTc21xp92YhqrR8uqjVRoNCw9B+S+2KyrY 7LWru5bUGo+XLYw1C1AKUfsXcxtO9E96mIw2sZEGwt6+l0TS4I9ZSil1L5vUja3O FSRozP9iARFNslGNWfCJEbey4EZUUNch4MpALpwgr8e2N4eXcV8qsjFWZkt97Rv6 nIIxxDPSvrZk7nn5NYCuWO9LV4Q+z/SQEvagXQ578RT9p0je7kpaGqoyz0ZcyMIx h/tlXL2MJt3GiJZDiOXDtwZ2tvD1Avp2zMtEi7Ie2+9SzYyKCSKHH6ECAwEAAaNj MGEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIkc rZ6bH5vnpAXAo4onFET8OtgZMB8GA1UdIwQYMBaAFIkcrZ6bH5vnpAXAo4onFET8 OtgZMA0GCSqGSIb3DQEBCwUAA4IBAQBp1jCI3W62UqtO9zhMdj1zY51256rfNZRs VW2QN/Tbncwa/rZcYOkJV248vOcgfbw1kKWFHdZrsMprmGSjeSLpE+F8fBlSe3Jr jm+oQH2CTOfCgIHh0t4JKQn3OBzoywMrkVobi7QLjL/CmycdWpRQPCWDO6SwtDcr mTsR+4oKCxdfRofTwp6Z6agY0vxLoYr/fvFxBfn6E8IleNdJ52sRC4R22Q+Qm4Mf 5UPFz5xxFx1ZlUylUakT+AeDegGUV59Bn1QF6biRbT0nGMS06aFhIVhUUoxWZLS4 fu6MwDGRmvmVgrDwaBcu5je/cXW4dCTTIWJE8D6dtc40HnYdmq87 -----END CERTIFICATE----- server-ca-bundle.crt: | -----BEGIN CERTIFICATE----- MIIDRTCCAi2gAwIBAgIILREC0dUuVFAwDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UE Awwlb3BlbnNoaWZ0LWV0Y2RfZXRjZC1zaWduZXJAMTc2MDE3ODE3MzAeFw0yNTEw MTExMDIyNTJaFw0zMDEwMTAxMDIyNTNaMDAxLjAsBgNVBAMMJW9wZW5zaGlmdC1l dGNkX2V0Y2Qtc2lnbmVyQDE3NjAxNzgxNzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDDpkXyuB4kZOtrBc/Wbkg6MmjqbwYzjvBmRImbZdD4c6K1HbMp pL6d87x6XQLrFOtCTV6HTcnzRWOpDw6cbz4UemgUIofDN7f/MpeEkKIvVPuWoXhJ PW+K2faijYpkUDCpC3Ulx45WOw7XqmT509IXH95cTzvne6pRTxhKHSTtlToN70DN flDHVAWa/y/Oh0u8veNPsV8EuYoAdNg0btS8li6V7P4ZQp3BFvIHRbvQN/4hni41 wVjokow59YrPbCPgVTG4Q45I9rZ0CTzKK+BdDUHL8YqK8c5pD2rd9FwX2E7YoQDb lHb9lsZNL6D66D8Bt+oPilxNpOnBzIo3+CffAgMBAAGjYzBhMA4GA1UdDwEB/wQE AwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQMMajTyWsG8/sCx9j06Pa2 OcDRRTAfBgNVHSMEGDAWgBQMMajTyWsG8/sCx9j06Pa2OcDRRTANBgkqhkiG9w0B AQsFAAOCAQEALNXxGsVAJ6mn0B7ptyR1jRvYEXuoSXUEglqGnofAY343W3l3Kqeh 93nUgYnMt01gWMevitCwwlYqjmj1v/NbMTXmmCXz3mxy9hOZc19sShXnp0vJOiz9 8LfAXFDaUR6tMvdc+8Z2ebtwvD58kSwb0xdTkPA9aHiyDfFzaHvhbG+HAP1KOKWa JidaR0oaT6Ke9+z8PWhIZaWWJLHmDJe/z+9DixMueOsvMrDMtYZSuOC/R8jjyaVf r57jykv0Fnx78YFfRZCOEVGRRfmBq/Jv9/y4R94qq2XkIPIPArRxrjGalJMsQHwQ r3e7B4iaPly1BefnKJABzX07DzsSe1Czyg== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: openshift.io/ceo-bundle-rollout-revision: "0" openshift.io/owning-component: Etcd creationTimestamp: "2025-10-11T10:42:00Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:metrics-ca-bundle.crt: {} f:server-ca-bundle.crt: {} f:metadata: f:annotations: .: {} f:openshift.io/ceo-bundle-rollout-revision: {} f:openshift.io/owning-component: {} f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} f:ownerReferences: .: {} k:{"uid":"454be649-df0f-4169-8ab6-2610cf2907c9"}: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:42:00Z" name: etcd-all-bundles-10 namespace: openshift-etcd ownerReferences: - apiVersion: v1 kind: ConfigMap name: revision-status-10 uid: 454be649-df0f-4169-8ab6-2610cf2907c9 resourceVersion: "22148" uid: 8855134a-7091-4c71-bd03-b6f9a442937e - apiVersion: v1 data: metrics-ca-bundle.crt: | -----BEGIN CERTIFICATE----- MIIDUzCCAjugAwIBAgIIPasoZ+2HW58wDQYJKoZIhvcNAQELBQAwNzE1MDMGA1UE Awwsb3BlbnNoaWZ0LWV0Y2RfZXRjZC1tZXRyaWMtc2lnbmVyQDE3NjAxNzgxNzMw HhcNMjUxMDExMTAyMjUyWhcNMzAxMDEwMTAyMjUzWjA3MTUwMwYDVQQDDCxvcGVu c2hpZnQtZXRjZF9ldGNkLW1ldHJpYy1zaWduZXJAMTc2MDE3ODE3MzCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1BiQoe8ZI/qgSDxVLFCRz4L/dk52RW hMeWwqJ/U6sU69l3o5Q5T9A+NpDyC4dTc21xp92YhqrR8uqjVRoNCw9B+S+2KyrY 7LWru5bUGo+XLYw1C1AKUfsXcxtO9E96mIw2sZEGwt6+l0TS4I9ZSil1L5vUja3O FSRozP9iARFNslGNWfCJEbey4EZUUNch4MpALpwgr8e2N4eXcV8qsjFWZkt97Rv6 nIIxxDPSvrZk7nn5NYCuWO9LV4Q+z/SQEvagXQ578RT9p0je7kpaGqoyz0ZcyMIx h/tlXL2MJt3GiJZDiOXDtwZ2tvD1Avp2zMtEi7Ie2+9SzYyKCSKHH6ECAwEAAaNj MGEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIkc rZ6bH5vnpAXAo4onFET8OtgZMB8GA1UdIwQYMBaAFIkcrZ6bH5vnpAXAo4onFET8 OtgZMA0GCSqGSIb3DQEBCwUAA4IBAQBp1jCI3W62UqtO9zhMdj1zY51256rfNZRs VW2QN/Tbncwa/rZcYOkJV248vOcgfbw1kKWFHdZrsMprmGSjeSLpE+F8fBlSe3Jr jm+oQH2CTOfCgIHh0t4JKQn3OBzoywMrkVobi7QLjL/CmycdWpRQPCWDO6SwtDcr mTsR+4oKCxdfRofTwp6Z6agY0vxLoYr/fvFxBfn6E8IleNdJ52sRC4R22Q+Qm4Mf 5UPFz5xxFx1ZlUylUakT+AeDegGUV59Bn1QF6biRbT0nGMS06aFhIVhUUoxWZLS4 fu6MwDGRmvmVgrDwaBcu5je/cXW4dCTTIWJE8D6dtc40HnYdmq87 -----END CERTIFICATE----- server-ca-bundle.crt: | -----BEGIN CERTIFICATE----- MIIDRTCCAi2gAwIBAgIILREC0dUuVFAwDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UE Awwlb3BlbnNoaWZ0LWV0Y2RfZXRjZC1zaWduZXJAMTc2MDE3ODE3MzAeFw0yNTEw MTExMDIyNTJaFw0zMDEwMTAxMDIyNTNaMDAxLjAsBgNVBAMMJW9wZW5zaGlmdC1l dGNkX2V0Y2Qtc2lnbmVyQDE3NjAxNzgxNzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDDpkXyuB4kZOtrBc/Wbkg6MmjqbwYzjvBmRImbZdD4c6K1HbMp pL6d87x6XQLrFOtCTV6HTcnzRWOpDw6cbz4UemgUIofDN7f/MpeEkKIvVPuWoXhJ PW+K2faijYpkUDCpC3Ulx45WOw7XqmT509IXH95cTzvne6pRTxhKHSTtlToN70DN flDHVAWa/y/Oh0u8veNPsV8EuYoAdNg0btS8li6V7P4ZQp3BFvIHRbvQN/4hni41 wVjokow59YrPbCPgVTG4Q45I9rZ0CTzKK+BdDUHL8YqK8c5pD2rd9FwX2E7YoQDb lHb9lsZNL6D66D8Bt+oPilxNpOnBzIo3+CffAgMBAAGjYzBhMA4GA1UdDwEB/wQE AwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQMMajTyWsG8/sCx9j06Pa2 OcDRRTAfBgNVHSMEGDAWgBQMMajTyWsG8/sCx9j06Pa2OcDRRTANBgkqhkiG9w0B AQsFAAOCAQEALNXxGsVAJ6mn0B7ptyR1jRvYEXuoSXUEglqGnofAY343W3l3Kqeh 93nUgYnMt01gWMevitCwwlYqjmj1v/NbMTXmmCXz3mxy9hOZc19sShXnp0vJOiz9 8LfAXFDaUR6tMvdc+8Z2ebtwvD58kSwb0xdTkPA9aHiyDfFzaHvhbG+HAP1KOKWa JidaR0oaT6Ke9+z8PWhIZaWWJLHmDJe/z+9DixMueOsvMrDMtYZSuOC/R8jjyaVf r57jykv0Fnx78YFfRZCOEVGRRfmBq/Jv9/y4R94qq2XkIPIPArRxrjGalJMsQHwQ r3e7B4iaPly1BefnKJABzX07DzsSe1Czyg== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: openshift.io/ceo-bundle-rollout-revision: "0" openshift.io/owning-component: Etcd creationTimestamp: "2025-10-11T10:38:57Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:metrics-ca-bundle.crt: {} f:server-ca-bundle.crt: {} f:metadata: f:annotations: .: {} f:openshift.io/ceo-bundle-rollout-revision: {} f:openshift.io/owning-component: {} f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} f:ownerReferences: .: {} k:{"uid":"851e3dc1-74bc-4b3b-8e17-3db716f22d4e"}: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:38:57Z" name: etcd-all-bundles-6 namespace: openshift-etcd ownerReferences: - apiVersion: v1 kind: ConfigMap name: revision-status-6 uid: 851e3dc1-74bc-4b3b-8e17-3db716f22d4e resourceVersion: "19336" uid: 65613dd1-de88-4b4d-bcf1-db0665442616 - apiVersion: v1 data: metrics-ca-bundle.crt: | -----BEGIN CERTIFICATE----- MIIDUzCCAjugAwIBAgIIPasoZ+2HW58wDQYJKoZIhvcNAQELBQAwNzE1MDMGA1UE Awwsb3BlbnNoaWZ0LWV0Y2RfZXRjZC1tZXRyaWMtc2lnbmVyQDE3NjAxNzgxNzMw HhcNMjUxMDExMTAyMjUyWhcNMzAxMDEwMTAyMjUzWjA3MTUwMwYDVQQDDCxvcGVu c2hpZnQtZXRjZF9ldGNkLW1ldHJpYy1zaWduZXJAMTc2MDE3ODE3MzCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1BiQoe8ZI/qgSDxVLFCRz4L/dk52RW hMeWwqJ/U6sU69l3o5Q5T9A+NpDyC4dTc21xp92YhqrR8uqjVRoNCw9B+S+2KyrY 7LWru5bUGo+XLYw1C1AKUfsXcxtO9E96mIw2sZEGwt6+l0TS4I9ZSil1L5vUja3O FSRozP9iARFNslGNWfCJEbey4EZUUNch4MpALpwgr8e2N4eXcV8qsjFWZkt97Rv6 nIIxxDPSvrZk7nn5NYCuWO9LV4Q+z/SQEvagXQ578RT9p0je7kpaGqoyz0ZcyMIx h/tlXL2MJt3GiJZDiOXDtwZ2tvD1Avp2zMtEi7Ie2+9SzYyKCSKHH6ECAwEAAaNj MGEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIkc rZ6bH5vnpAXAo4onFET8OtgZMB8GA1UdIwQYMBaAFIkcrZ6bH5vnpAXAo4onFET8 OtgZMA0GCSqGSIb3DQEBCwUAA4IBAQBp1jCI3W62UqtO9zhMdj1zY51256rfNZRs VW2QN/Tbncwa/rZcYOkJV248vOcgfbw1kKWFHdZrsMprmGSjeSLpE+F8fBlSe3Jr jm+oQH2CTOfCgIHh0t4JKQn3OBzoywMrkVobi7QLjL/CmycdWpRQPCWDO6SwtDcr mTsR+4oKCxdfRofTwp6Z6agY0vxLoYr/fvFxBfn6E8IleNdJ52sRC4R22Q+Qm4Mf 5UPFz5xxFx1ZlUylUakT+AeDegGUV59Bn1QF6biRbT0nGMS06aFhIVhUUoxWZLS4 fu6MwDGRmvmVgrDwaBcu5je/cXW4dCTTIWJE8D6dtc40HnYdmq87 -----END CERTIFICATE----- server-ca-bundle.crt: | -----BEGIN CERTIFICATE----- MIIDRTCCAi2gAwIBAgIILREC0dUuVFAwDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UE Awwlb3BlbnNoaWZ0LWV0Y2RfZXRjZC1zaWduZXJAMTc2MDE3ODE3MzAeFw0yNTEw MTExMDIyNTJaFw0zMDEwMTAxMDIyNTNaMDAxLjAsBgNVBAMMJW9wZW5zaGlmdC1l dGNkX2V0Y2Qtc2lnbmVyQDE3NjAxNzgxNzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDDpkXyuB4kZOtrBc/Wbkg6MmjqbwYzjvBmRImbZdD4c6K1HbMp pL6d87x6XQLrFOtCTV6HTcnzRWOpDw6cbz4UemgUIofDN7f/MpeEkKIvVPuWoXhJ PW+K2faijYpkUDCpC3Ulx45WOw7XqmT509IXH95cTzvne6pRTxhKHSTtlToN70DN flDHVAWa/y/Oh0u8veNPsV8EuYoAdNg0btS8li6V7P4ZQp3BFvIHRbvQN/4hni41 wVjokow59YrPbCPgVTG4Q45I9rZ0CTzKK+BdDUHL8YqK8c5pD2rd9FwX2E7YoQDb lHb9lsZNL6D66D8Bt+oPilxNpOnBzIo3+CffAgMBAAGjYzBhMA4GA1UdDwEB/wQE AwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQMMajTyWsG8/sCx9j06Pa2 OcDRRTAfBgNVHSMEGDAWgBQMMajTyWsG8/sCx9j06Pa2OcDRRTANBgkqhkiG9w0B AQsFAAOCAQEALNXxGsVAJ6mn0B7ptyR1jRvYEXuoSXUEglqGnofAY343W3l3Kqeh 93nUgYnMt01gWMevitCwwlYqjmj1v/NbMTXmmCXz3mxy9hOZc19sShXnp0vJOiz9 8LfAXFDaUR6tMvdc+8Z2ebtwvD58kSwb0xdTkPA9aHiyDfFzaHvhbG+HAP1KOKWa JidaR0oaT6Ke9+z8PWhIZaWWJLHmDJe/z+9DixMueOsvMrDMtYZSuOC/R8jjyaVf r57jykv0Fnx78YFfRZCOEVGRRfmBq/Jv9/y4R94qq2XkIPIPArRxrjGalJMsQHwQ r3e7B4iaPly1BefnKJABzX07DzsSe1Czyg== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: openshift.io/ceo-bundle-rollout-revision: "0" openshift.io/owning-component: Etcd creationTimestamp: "2025-10-11T10:39:21Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:metrics-ca-bundle.crt: {} f:server-ca-bundle.crt: {} f:metadata: f:annotations: .: {} f:openshift.io/ceo-bundle-rollout-revision: {} f:openshift.io/owning-component: {} f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} f:ownerReferences: .: {} k:{"uid":"8cfe7c69-6292-463b-8d19-70e1b5629297"}: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:39:21Z" name: etcd-all-bundles-7 namespace: openshift-etcd ownerReferences: - apiVersion: v1 kind: ConfigMap name: revision-status-7 uid: 8cfe7c69-6292-463b-8d19-70e1b5629297 resourceVersion: "19679" uid: d04fb5ec-1a35-4a3a-9ffd-6aa46d3a135f - apiVersion: v1 data: metrics-ca-bundle.crt: | -----BEGIN CERTIFICATE----- MIIDUzCCAjugAwIBAgIIPasoZ+2HW58wDQYJKoZIhvcNAQELBQAwNzE1MDMGA1UE Awwsb3BlbnNoaWZ0LWV0Y2RfZXRjZC1tZXRyaWMtc2lnbmVyQDE3NjAxNzgxNzMw HhcNMjUxMDExMTAyMjUyWhcNMzAxMDEwMTAyMjUzWjA3MTUwMwYDVQQDDCxvcGVu c2hpZnQtZXRjZF9ldGNkLW1ldHJpYy1zaWduZXJAMTc2MDE3ODE3MzCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1BiQoe8ZI/qgSDxVLFCRz4L/dk52RW hMeWwqJ/U6sU69l3o5Q5T9A+NpDyC4dTc21xp92YhqrR8uqjVRoNCw9B+S+2KyrY 7LWru5bUGo+XLYw1C1AKUfsXcxtO9E96mIw2sZEGwt6+l0TS4I9ZSil1L5vUja3O FSRozP9iARFNslGNWfCJEbey4EZUUNch4MpALpwgr8e2N4eXcV8qsjFWZkt97Rv6 nIIxxDPSvrZk7nn5NYCuWO9LV4Q+z/SQEvagXQ578RT9p0je7kpaGqoyz0ZcyMIx h/tlXL2MJt3GiJZDiOXDtwZ2tvD1Avp2zMtEi7Ie2+9SzYyKCSKHH6ECAwEAAaNj MGEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIkc rZ6bH5vnpAXAo4onFET8OtgZMB8GA1UdIwQYMBaAFIkcrZ6bH5vnpAXAo4onFET8 OtgZMA0GCSqGSIb3DQEBCwUAA4IBAQBp1jCI3W62UqtO9zhMdj1zY51256rfNZRs VW2QN/Tbncwa/rZcYOkJV248vOcgfbw1kKWFHdZrsMprmGSjeSLpE+F8fBlSe3Jr jm+oQH2CTOfCgIHh0t4JKQn3OBzoywMrkVobi7QLjL/CmycdWpRQPCWDO6SwtDcr mTsR+4oKCxdfRofTwp6Z6agY0vxLoYr/fvFxBfn6E8IleNdJ52sRC4R22Q+Qm4Mf 5UPFz5xxFx1ZlUylUakT+AeDegGUV59Bn1QF6biRbT0nGMS06aFhIVhUUoxWZLS4 fu6MwDGRmvmVgrDwaBcu5je/cXW4dCTTIWJE8D6dtc40HnYdmq87 -----END CERTIFICATE----- server-ca-bundle.crt: | -----BEGIN CERTIFICATE----- MIIDRTCCAi2gAwIBAgIILREC0dUuVFAwDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UE Awwlb3BlbnNoaWZ0LWV0Y2RfZXRjZC1zaWduZXJAMTc2MDE3ODE3MzAeFw0yNTEw MTExMDIyNTJaFw0zMDEwMTAxMDIyNTNaMDAxLjAsBgNVBAMMJW9wZW5zaGlmdC1l dGNkX2V0Y2Qtc2lnbmVyQDE3NjAxNzgxNzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDDpkXyuB4kZOtrBc/Wbkg6MmjqbwYzjvBmRImbZdD4c6K1HbMp pL6d87x6XQLrFOtCTV6HTcnzRWOpDw6cbz4UemgUIofDN7f/MpeEkKIvVPuWoXhJ PW+K2faijYpkUDCpC3Ulx45WOw7XqmT509IXH95cTzvne6pRTxhKHSTtlToN70DN flDHVAWa/y/Oh0u8veNPsV8EuYoAdNg0btS8li6V7P4ZQp3BFvIHRbvQN/4hni41 wVjokow59YrPbCPgVTG4Q45I9rZ0CTzKK+BdDUHL8YqK8c5pD2rd9FwX2E7YoQDb lHb9lsZNL6D66D8Bt+oPilxNpOnBzIo3+CffAgMBAAGjYzBhMA4GA1UdDwEB/wQE AwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQMMajTyWsG8/sCx9j06Pa2 OcDRRTAfBgNVHSMEGDAWgBQMMajTyWsG8/sCx9j06Pa2OcDRRTANBgkqhkiG9w0B AQsFAAOCAQEALNXxGsVAJ6mn0B7ptyR1jRvYEXuoSXUEglqGnofAY343W3l3Kqeh 93nUgYnMt01gWMevitCwwlYqjmj1v/NbMTXmmCXz3mxy9hOZc19sShXnp0vJOiz9 8LfAXFDaUR6tMvdc+8Z2ebtwvD58kSwb0xdTkPA9aHiyDfFzaHvhbG+HAP1KOKWa JidaR0oaT6Ke9+z8PWhIZaWWJLHmDJe/z+9DixMueOsvMrDMtYZSuOC/R8jjyaVf r57jykv0Fnx78YFfRZCOEVGRRfmBq/Jv9/y4R94qq2XkIPIPArRxrjGalJMsQHwQ r3e7B4iaPly1BefnKJABzX07DzsSe1Czyg== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: openshift.io/ceo-bundle-rollout-revision: "0" openshift.io/owning-component: Etcd creationTimestamp: "2025-10-11T10:39:31Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:metrics-ca-bundle.crt: {} f:server-ca-bundle.crt: {} f:metadata: f:annotations: .: {} f:openshift.io/ceo-bundle-rollout-revision: {} f:openshift.io/owning-component: {} f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} f:ownerReferences: .: {} k:{"uid":"62c9648e-b3fc-4f81-b4c7-df4c8d8ae36d"}: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:39:31Z" name: etcd-all-bundles-8 namespace: openshift-etcd ownerReferences: - apiVersion: v1 kind: ConfigMap name: revision-status-8 uid: 62c9648e-b3fc-4f81-b4c7-df4c8d8ae36d resourceVersion: "19856" uid: 1990b40d-3e86-42fa-89b1-4b910733a769 - apiVersion: v1 data: metrics-ca-bundle.crt: | -----BEGIN CERTIFICATE----- MIIDUzCCAjugAwIBAgIIPasoZ+2HW58wDQYJKoZIhvcNAQELBQAwNzE1MDMGA1UE Awwsb3BlbnNoaWZ0LWV0Y2RfZXRjZC1tZXRyaWMtc2lnbmVyQDE3NjAxNzgxNzMw HhcNMjUxMDExMTAyMjUyWhcNMzAxMDEwMTAyMjUzWjA3MTUwMwYDVQQDDCxvcGVu c2hpZnQtZXRjZF9ldGNkLW1ldHJpYy1zaWduZXJAMTc2MDE3ODE3MzCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1BiQoe8ZI/qgSDxVLFCRz4L/dk52RW hMeWwqJ/U6sU69l3o5Q5T9A+NpDyC4dTc21xp92YhqrR8uqjVRoNCw9B+S+2KyrY 7LWru5bUGo+XLYw1C1AKUfsXcxtO9E96mIw2sZEGwt6+l0TS4I9ZSil1L5vUja3O FSRozP9iARFNslGNWfCJEbey4EZUUNch4MpALpwgr8e2N4eXcV8qsjFWZkt97Rv6 nIIxxDPSvrZk7nn5NYCuWO9LV4Q+z/SQEvagXQ578RT9p0je7kpaGqoyz0ZcyMIx h/tlXL2MJt3GiJZDiOXDtwZ2tvD1Avp2zMtEi7Ie2+9SzYyKCSKHH6ECAwEAAaNj MGEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIkc rZ6bH5vnpAXAo4onFET8OtgZMB8GA1UdIwQYMBaAFIkcrZ6bH5vnpAXAo4onFET8 OtgZMA0GCSqGSIb3DQEBCwUAA4IBAQBp1jCI3W62UqtO9zhMdj1zY51256rfNZRs VW2QN/Tbncwa/rZcYOkJV248vOcgfbw1kKWFHdZrsMprmGSjeSLpE+F8fBlSe3Jr jm+oQH2CTOfCgIHh0t4JKQn3OBzoywMrkVobi7QLjL/CmycdWpRQPCWDO6SwtDcr mTsR+4oKCxdfRofTwp6Z6agY0vxLoYr/fvFxBfn6E8IleNdJ52sRC4R22Q+Qm4Mf 5UPFz5xxFx1ZlUylUakT+AeDegGUV59Bn1QF6biRbT0nGMS06aFhIVhUUoxWZLS4 fu6MwDGRmvmVgrDwaBcu5je/cXW4dCTTIWJE8D6dtc40HnYdmq87 -----END CERTIFICATE----- server-ca-bundle.crt: | -----BEGIN CERTIFICATE----- MIIDRTCCAi2gAwIBAgIILREC0dUuVFAwDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UE Awwlb3BlbnNoaWZ0LWV0Y2RfZXRjZC1zaWduZXJAMTc2MDE3ODE3MzAeFw0yNTEw MTExMDIyNTJaFw0zMDEwMTAxMDIyNTNaMDAxLjAsBgNVBAMMJW9wZW5zaGlmdC1l dGNkX2V0Y2Qtc2lnbmVyQDE3NjAxNzgxNzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDDpkXyuB4kZOtrBc/Wbkg6MmjqbwYzjvBmRImbZdD4c6K1HbMp pL6d87x6XQLrFOtCTV6HTcnzRWOpDw6cbz4UemgUIofDN7f/MpeEkKIvVPuWoXhJ PW+K2faijYpkUDCpC3Ulx45WOw7XqmT509IXH95cTzvne6pRTxhKHSTtlToN70DN flDHVAWa/y/Oh0u8veNPsV8EuYoAdNg0btS8li6V7P4ZQp3BFvIHRbvQN/4hni41 wVjokow59YrPbCPgVTG4Q45I9rZ0CTzKK+BdDUHL8YqK8c5pD2rd9FwX2E7YoQDb lHb9lsZNL6D66D8Bt+oPilxNpOnBzIo3+CffAgMBAAGjYzBhMA4GA1UdDwEB/wQE AwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQMMajTyWsG8/sCx9j06Pa2 OcDRRTAfBgNVHSMEGDAWgBQMMajTyWsG8/sCx9j06Pa2OcDRRTANBgkqhkiG9w0B AQsFAAOCAQEALNXxGsVAJ6mn0B7ptyR1jRvYEXuoSXUEglqGnofAY343W3l3Kqeh 93nUgYnMt01gWMevitCwwlYqjmj1v/NbMTXmmCXz3mxy9hOZc19sShXnp0vJOiz9 8LfAXFDaUR6tMvdc+8Z2ebtwvD58kSwb0xdTkPA9aHiyDfFzaHvhbG+HAP1KOKWa JidaR0oaT6Ke9+z8PWhIZaWWJLHmDJe/z+9DixMueOsvMrDMtYZSuOC/R8jjyaVf r57jykv0Fnx78YFfRZCOEVGRRfmBq/Jv9/y4R94qq2XkIPIPArRxrjGalJMsQHwQ r3e7B4iaPly1BefnKJABzX07DzsSe1Czyg== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: openshift.io/ceo-bundle-rollout-revision: "0" openshift.io/owning-component: Etcd creationTimestamp: "2025-10-11T10:41:49Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:metrics-ca-bundle.crt: {} f:server-ca-bundle.crt: {} f:metadata: f:annotations: .: {} f:openshift.io/ceo-bundle-rollout-revision: {} f:openshift.io/owning-component: {} f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} f:ownerReferences: .: {} k:{"uid":"6f5fd341-70d0-4ee2-916b-4a40010e4337"}: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:41:49Z" name: etcd-all-bundles-9 namespace: openshift-etcd ownerReferences: - apiVersion: v1 kind: ConfigMap name: revision-status-9 uid: 6f5fd341-70d0-4ee2-916b-4a40010e4337 resourceVersion: "22059" uid: 8e5c6923-45a4-48b1-8824-6c79e5f0363b - apiVersion: v1 data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- MIIDRTCCAi2gAwIBAgIILREC0dUuVFAwDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UE Awwlb3BlbnNoaWZ0LWV0Y2RfZXRjZC1zaWduZXJAMTc2MDE3ODE3MzAeFw0yNTEw MTExMDIyNTJaFw0zMDEwMTAxMDIyNTNaMDAxLjAsBgNVBAMMJW9wZW5zaGlmdC1l dGNkX2V0Y2Qtc2lnbmVyQDE3NjAxNzgxNzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDDpkXyuB4kZOtrBc/Wbkg6MmjqbwYzjvBmRImbZdD4c6K1HbMp pL6d87x6XQLrFOtCTV6HTcnzRWOpDw6cbz4UemgUIofDN7f/MpeEkKIvVPuWoXhJ PW+K2faijYpkUDCpC3Ulx45WOw7XqmT509IXH95cTzvne6pRTxhKHSTtlToN70DN flDHVAWa/y/Oh0u8veNPsV8EuYoAdNg0btS8li6V7P4ZQp3BFvIHRbvQN/4hni41 wVjokow59YrPbCPgVTG4Q45I9rZ0CTzKK+BdDUHL8YqK8c5pD2rd9FwX2E7YoQDb lHb9lsZNL6D66D8Bt+oPilxNpOnBzIo3+CffAgMBAAGjYzBhMA4GA1UdDwEB/wQE AwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQMMajTyWsG8/sCx9j06Pa2 OcDRRTAfBgNVHSMEGDAWgBQMMajTyWsG8/sCx9j06Pa2OcDRRTANBgkqhkiG9w0B AQsFAAOCAQEALNXxGsVAJ6mn0B7ptyR1jRvYEXuoSXUEglqGnofAY343W3l3Kqeh 93nUgYnMt01gWMevitCwwlYqjmj1v/NbMTXmmCXz3mxy9hOZc19sShXnp0vJOiz9 8LfAXFDaUR6tMvdc+8Z2ebtwvD58kSwb0xdTkPA9aHiyDfFzaHvhbG+HAP1KOKWa JidaR0oaT6Ke9+z8PWhIZaWWJLHmDJe/z+9DixMueOsvMrDMtYZSuOC/R8jjyaVf r57jykv0Fnx78YFfRZCOEVGRRfmBq/Jv9/y4R94qq2XkIPIPArRxrjGalJMsQHwQ r3e7B4iaPly1BefnKJABzX07DzsSe1Czyg== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: openshift.io/description: Generated by cluster-etcd-operator for etcd and is used to authenticate clients and peers of etcd. openshift.io/owning-component: etcd creationTimestamp: "2025-10-11T10:24:48Z" labels: auth.openshift.io/managed-certificate-type: ca-bundle managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca-bundle.crt: {} f:metadata: f:annotations: .: {} f:openshift.io/description: {} f:openshift.io/owning-component: {} f:labels: .: {} f:auth.openshift.io/managed-certificate-type: {} manager: cluster-bootstrap operation: Update time: "2025-10-11T10:24:48Z" name: etcd-ca-bundle namespace: openshift-etcd resourceVersion: "573" uid: 41719f33-fccc-459a-b51b-ab43fca45bca - apiVersion: v1 data: 89129dd6e523c196: 192.168.34.10 b6aa02f9e0e1cf1c: 192.168.34.12 eb45e713c55263d: 192.168.34.11 kind: ConfigMap metadata: creationTimestamp: "2025-10-11T10:24:57Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:89129dd6e523c196: {} f:b6aa02f9e0e1cf1c: {} f:eb45e713c55263d: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:41:41Z" name: etcd-endpoints namespace: openshift-etcd resourceVersion: "21863" uid: 9bb02359-60db-46a4-85e9-d51062b3d95a - apiVersion: v1 data: 89129dd6e523c196: 192.168.34.10 b6aa02f9e0e1cf1c: 192.168.34.12 eb45e713c55263d: 192.168.34.11 kind: ConfigMap metadata: creationTimestamp: "2025-10-11T10:41:58Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:89129dd6e523c196: {} f:b6aa02f9e0e1cf1c: {} f:eb45e713c55263d: {} f:metadata: f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} f:ownerReferences: .: {} k:{"uid":"454be649-df0f-4169-8ab6-2610cf2907c9"}: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:41:58Z" name: etcd-endpoints-10 namespace: openshift-etcd ownerReferences: - apiVersion: v1 kind: ConfigMap name: revision-status-10 uid: 454be649-df0f-4169-8ab6-2610cf2907c9 resourceVersion: "22134" uid: 3b0bc607-8586-43ff-9e7e-2a8c1bab99bf - apiVersion: v1 data: b6aa02f9e0e1cf1c: 192.168.34.12 eb45e713c55263d: 192.168.34.11 kind: ConfigMap metadata: creationTimestamp: "2025-10-11T10:38:56Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:b6aa02f9e0e1cf1c: {} f:eb45e713c55263d: {} f:metadata: f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} f:ownerReferences: .: {} k:{"uid":"851e3dc1-74bc-4b3b-8e17-3db716f22d4e"}: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:38:56Z" name: etcd-endpoints-6 namespace: openshift-etcd ownerReferences: - apiVersion: v1 kind: ConfigMap name: revision-status-6 uid: 851e3dc1-74bc-4b3b-8e17-3db716f22d4e resourceVersion: "19318" uid: 56afc959-c6b0-45ef-89b9-f47094f6e512 - apiVersion: v1 data: b6aa02f9e0e1cf1c: 192.168.34.12 eb45e713c55263d: 192.168.34.11 kind: ConfigMap metadata: creationTimestamp: "2025-10-11T10:39:19Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:b6aa02f9e0e1cf1c: {} f:eb45e713c55263d: {} f:metadata: f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} f:ownerReferences: .: {} k:{"uid":"8cfe7c69-6292-463b-8d19-70e1b5629297"}: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:39:19Z" name: etcd-endpoints-7 namespace: openshift-etcd ownerReferences: - apiVersion: v1 kind: ConfigMap name: revision-status-7 uid: 8cfe7c69-6292-463b-8d19-70e1b5629297 resourceVersion: "19669" uid: a4016a38-d184-447c-8a64-ae7f0156f7ae - apiVersion: v1 data: b6aa02f9e0e1cf1c: 192.168.34.12 eb45e713c55263d: 192.168.34.11 kind: ConfigMap metadata: creationTimestamp: "2025-10-11T10:39:29Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:b6aa02f9e0e1cf1c: {} f:eb45e713c55263d: {} f:metadata: f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} f:ownerReferences: .: {} k:{"uid":"62c9648e-b3fc-4f81-b4c7-df4c8d8ae36d"}: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:39:29Z" name: etcd-endpoints-8 namespace: openshift-etcd ownerReferences: - apiVersion: v1 kind: ConfigMap name: revision-status-8 uid: 62c9648e-b3fc-4f81-b4c7-df4c8d8ae36d resourceVersion: "19836" uid: 839029f5-2d2f-4612-a48f-67ad6da45b82 - apiVersion: v1 data: 89129dd6e523c196: 192.168.34.10 b6aa02f9e0e1cf1c: 192.168.34.12 eb45e713c55263d: 192.168.34.11 kind: ConfigMap metadata: creationTimestamp: "2025-10-11T10:41:47Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:89129dd6e523c196: {} f:b6aa02f9e0e1cf1c: {} f:eb45e713c55263d: {} f:metadata: f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} f:ownerReferences: .: {} k:{"uid":"6f5fd341-70d0-4ee2-916b-4a40010e4337"}: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:41:47Z" name: etcd-endpoints-9 namespace: openshift-etcd ownerReferences: - apiVersion: v1 kind: ConfigMap name: revision-status-9 uid: 6f5fd341-70d0-4ee2-916b-4a40010e4337 resourceVersion: "21993" uid: 21754fc0-18d2-4bf7-ab1e-e05381147dc3 - apiVersion: v1 data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- MIIDUzCCAjugAwIBAgIIPasoZ+2HW58wDQYJKoZIhvcNAQELBQAwNzE1MDMGA1UE Awwsb3BlbnNoaWZ0LWV0Y2RfZXRjZC1tZXRyaWMtc2lnbmVyQDE3NjAxNzgxNzMw HhcNMjUxMDExMTAyMjUyWhcNMzAxMDEwMTAyMjUzWjA3MTUwMwYDVQQDDCxvcGVu c2hpZnQtZXRjZF9ldGNkLW1ldHJpYy1zaWduZXJAMTc2MDE3ODE3MzCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1BiQoe8ZI/qgSDxVLFCRz4L/dk52RW hMeWwqJ/U6sU69l3o5Q5T9A+NpDyC4dTc21xp92YhqrR8uqjVRoNCw9B+S+2KyrY 7LWru5bUGo+XLYw1C1AKUfsXcxtO9E96mIw2sZEGwt6+l0TS4I9ZSil1L5vUja3O FSRozP9iARFNslGNWfCJEbey4EZUUNch4MpALpwgr8e2N4eXcV8qsjFWZkt97Rv6 nIIxxDPSvrZk7nn5NYCuWO9LV4Q+z/SQEvagXQ578RT9p0je7kpaGqoyz0ZcyMIx h/tlXL2MJt3GiJZDiOXDtwZ2tvD1Avp2zMtEi7Ie2+9SzYyKCSKHH6ECAwEAAaNj MGEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIkc rZ6bH5vnpAXAo4onFET8OtgZMB8GA1UdIwQYMBaAFIkcrZ6bH5vnpAXAo4onFET8 OtgZMA0GCSqGSIb3DQEBCwUAA4IBAQBp1jCI3W62UqtO9zhMdj1zY51256rfNZRs VW2QN/Tbncwa/rZcYOkJV248vOcgfbw1kKWFHdZrsMprmGSjeSLpE+F8fBlSe3Jr jm+oQH2CTOfCgIHh0t4JKQn3OBzoywMrkVobi7QLjL/CmycdWpRQPCWDO6SwtDcr mTsR+4oKCxdfRofTwp6Z6agY0vxLoYr/fvFxBfn6E8IleNdJ52sRC4R22Q+Qm4Mf 5UPFz5xxFx1ZlUylUakT+AeDegGUV59Bn1QF6biRbT0nGMS06aFhIVhUUoxWZLS4 fu6MwDGRmvmVgrDwaBcu5je/cXW4dCTTIWJE8D6dtc40HnYdmq87 -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: openshift.io/description: Generated by cluster-etcd-operator for etcd and is used to authenticate Prometheus ServiceMonitors reaching etcd. openshift.io/owning-component: etcd creationTimestamp: "2025-10-11T10:24:49Z" labels: auth.openshift.io/managed-certificate-type: ca-bundle managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca-bundle.crt: {} f:metadata: f:annotations: .: {} f:openshift.io/description: {} f:openshift.io/owning-component: {} f:labels: .: {} f:auth.openshift.io/managed-certificate-type: {} manager: cluster-bootstrap operation: Update time: "2025-10-11T10:24:49Z" name: etcd-metrics-ca-bundle namespace: openshift-etcd resourceVersion: "578" uid: b2afd7ec-274d-4234-aada-0b9600838010 - apiVersion: v1 data: forceRedeploymentReason: "" pod.yaml: "apiVersion: v1\nkind: Pod\nmetadata:\n name: etcd\n namespace: openshift-etcd\n \ annotations:\n kubectl.kubernetes.io/default-container: etcd\n target.workload.openshift.io/management: '{\"effect\": \"PreferredDuringScheduling\"}'\n labels:\n app: etcd\n k8s-app: etcd\n etcd: \"true\"\n revision: \"REVISION\"\nspec:\n initContainers:\n \ - name: setup\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ echo -n \"Fixing etcd log permissions.\"\n mkdir -p /var/log/etcd \ && chmod 0600 /var/log/etcd\n echo -n \"Fixing etcd auto backup permissions.\"\n \ mkdir -p /var/lib/etcd-auto-backup && chmod 0600 /var/lib/etcd-auto-backup\n \ securityContext:\n privileged: true\n resources:\n requests:\n \ memory: 50Mi\n cpu: 5m\n volumeMounts:\n - mountPath: /var/log/etcd\n name: log-dir\n - name: etcd-ensure-env-vars\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ set -euo pipefail\n\n : \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST?not set}\"\n : \"${NODE_NODE_ENVVAR_NAME_ETCD_NAME?not set}\"\n : \"${NODE_NODE_ENVVAR_NAME_IP?not set}\"\n\n # check for ipv4 addresses as well as ipv6 addresses with extra square brackets\n if [[ \"${NODE_NODE_ENVVAR_NAME_IP}\" != \"${NODE_IP}\" && \"${NODE_NODE_ENVVAR_NAME_IP}\" != \"[${NODE_IP}]\" ]]; then\n # echo the error message to stderr\n echo \"Expected node IP to be ${NODE_IP} got ${NODE_NODE_ENVVAR_NAME_IP}\" >&2\n exit 1\n fi\n\n # check for ipv4 addresses as well as ipv6 addresses with extra square brackets\n if [[ \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" != \"${NODE_IP}\" && \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" != \"[${NODE_IP}]\" ]]; then\n # echo the error message to stderr\n echo \"Expected etcd url host to be ${NODE_IP} got ${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" >&2\n exit 1\n fi\n\n resources:\n requests:\n \ memory: 60Mi\n cpu: 10m\n securityContext:\n privileged: true\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n \ value: \"true\"\n - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n \ value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n \ value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n \ value: \"5s\"\n - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n \ - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n \ - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n \ value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n \ value: \"192.168.34.10\"\n - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n \ - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: NODE_IP\n valueFrom:\n fieldRef:\n fieldPath: status.podIP\n \ - name: etcd-resources-copy\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ set -euo pipefail\n\n rm -f $(grep -l '^### Created by cluster-etcd-operator' /usr/local/bin/*)\n cp -p /etc/kubernetes/static-pod-certs/configmaps/etcd-scripts/*.sh /usr/local/bin\n\n resources:\n requests:\n memory: 60Mi\n \ cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n \ - mountPath: /etc/kubernetes/static-pod-resources\n name: resource-dir\n \ - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n \ - mountPath: /usr/local/bin\n name: usr-local-bin\n containers:\n \ # The etcdctl container should always be first. It is intended to be used\n \ # to open a remote shell via `oc rsh` that is ready to run `etcdctl`.\n - name: etcdctl\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - \"/bin/bash\"\n - \"-c\"\n - \"trap TERM INT; sleep infinity & wait\"\n resources:\n requests:\n memory: 60Mi\n \ cpu: 10m\n volumeMounts:\n - mountPath: /etc/kubernetes/manifests\n \ name: static-pod-dir\n - mountPath: /etc/kubernetes/static-pod-resources\n \ name: resource-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n \ env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n value: \"192.168.34.10\"\n \ - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n\n - name: etcd\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n\n etcdctl member list || true\n\n # this has a non-zero return code if the command is non-zero. If you use an export first, it doesn't and you\n # will succeed when you should fail.\n ETCD_INITIAL_CLUSTER=$(discover-etcd-initial-cluster \\\n --cacert=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --cert=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --key=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --endpoints=${ALL_ETCD_ENDPOINTS} \\\n --data-dir=/var/lib/etcd \\\n --target-peer-url-host=${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST} \\\n --target-name=NODE_NAME)\n export ETCD_INITIAL_CLUSTER\n\n \ # we cannot use the \"normal\" port conflict initcontainer because when we upgrade, the existing static pod will never yield,\n # so we do the detection in etcd container itself.\n echo -n \"Waiting for ports 2379, 2380 and 9978 to be released.\"\n time while [ -n \"$(ss -Htan '( sport = 2379 or sport = 2380 or sport = 9978 )')\" ]; do\n echo -n \".\"\n \ sleep 1\n done\n\n export ETCD_NAME=${NODE_NODE_ENVVAR_NAME_ETCD_NAME}\n \ env | grep ETCD | grep -v NODE\n\n set -x\n # See https://etcd.io/docs/v3.4.0/tuning/ for why we use ionice\n exec nice -n -19 ionice -c2 -n0 etcd \\\n --logger=zap \\\n --log-level=info \\\n --experimental-initial-corrupt-check=true \\\n --snapshot-count=10000 \\\n --initial-advertise-peer-urls=https://${NODE_NODE_ENVVAR_NAME_IP}:2380 \\\n --cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \\\n --key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \\\n --trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --client-cert-auth=true \\\n --peer-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --peer-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --peer-trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --peer-client-cert-auth=true \\\n --advertise-client-urls=https://${NODE_NODE_ENVVAR_NAME_IP}:2379 \\\n --listen-client-urls=https://0.0.0.0:2379,unixs://${NODE_NODE_ENVVAR_NAME_IP}:0 \\\n --listen-peer-urls=https://0.0.0.0:2380 \\\n --metrics=extensive \\\n --listen-metrics-urls=https://0.0.0.0:9978 || mv /etc/kubernetes/etcd-backup-dir/etcd-member.yaml /etc/kubernetes/manifests\n ports:\n - containerPort: 2379\n name: etcd\n protocol: TCP\n - containerPort: 2380\n name: etcd-peer\n \ protocol: TCP\n - containerPort: 9978\n name: etcd-metrics\n protocol: TCP\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n value: \"192.168.34.10\"\n \ - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n resources:\n requests:\n \ memory: 600Mi\n cpu: 300m\n readinessProbe:\n httpGet:\n \ port: 9980\n path: readyz\n scheme: HTTPS\n timeoutSeconds: 30\n failureThreshold: 5\n periodSeconds: 5\n successThreshold: 1\n livenessProbe:\n httpGet:\n path: healthz\n port: 9980\n scheme: HTTPS\n timeoutSeconds: 30\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 5\n startupProbe:\n \ httpGet:\n port: 9980\n path: readyz\n scheme: HTTPS\n \ initialDelaySeconds: 10\n timeoutSeconds: 1\n periodSeconds: 10\n successThreshold: 1\n failureThreshold: 18\n securityContext:\n \ privileged: true\n volumeMounts:\n - mountPath: /etc/kubernetes/manifests\n \ name: static-pod-dir\n - mountPath: /etc/kubernetes/static-pod-resources\n \ name: resource-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n\n \ - name: etcd-metrics\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n\n export ETCD_NAME=${NODE_NODE_ENVVAR_NAME_ETCD_NAME}\n\n \ exec nice -n -18 etcd grpc-proxy start \\\n --endpoints https://${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}:9978 \\\n --metrics-addr https://0.0.0.0:9979 \\\n --listen-addr 127.0.0.1:9977 \\\n --advertise-client-url \"\" \\\n --key /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --key-file /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-metrics-NODE_NAME.key \\\n --cert /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --cert-file /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-metrics-NODE_NAME.crt \\\n --cacert /etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --trusted-ca-file /etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/metrics-ca-bundle.crt \\\n --listen-cipher-suites TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \\\n --tls-min-version $(ETCD_TLS_MIN_VERSION)\n ports:\n - containerPort: 9979\n name: proxy-metrics\n protocol: TCP\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ \n - name: \"ETCDCTL_API\"\n value: \"3\"\n \n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ \n - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ \n - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ \n - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ \n - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ \n - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n \n \ - name: \"ETCD_ELECTION_TIMEOUT\"\n value: \"2500\"\n \n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \n - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n \ value: \"3\"\n \n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n \ value: \"200ms\"\n \n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n \ value: \"5s\"\n \n - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n \n - name: \"ETCD_IMAGE\"\n value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ \n - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n \ \n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n \ \n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n \n \ - name: \"ETCD_TLS_MIN_VERSION\"\n value: \"TLS1.2\"\n \n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n \n - name: \"NODE_master_0_ETCD_URL_HOST\"\n \ value: \"192.168.34.10\"\n \n - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n \n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n \n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n \n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n \ \n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ \n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n resources:\n \ requests:\n memory: 200Mi\n cpu: 40m\n securityContext:\n \ privileged: true\n volumeMounts:\n - mountPath: /etc/kubernetes/static-pod-resources\n \ name: resource-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n \ - name: etcd-readyz\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0117f94d9f2894980a318780f3c0ab2efba02e72bc7ccb267bd44c4900eb0174\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n \n exec nice -n -18 cluster-etcd-operator readyz \\\n --target=https://localhost:2379 \\\n --listen-port=9980 \\\n --serving-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \\\n --serving-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \\\n --client-cert-file=$(ETCDCTL_CERT) \\\n --client-key-file=$(ETCDCTL_KEY) \\\n --client-cacert-file=$(ETCDCTL_CACERT) \\\n --listen-cipher-suites TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \\\n --listen-tls-min-version=$(ETCD_TLS_MIN_VERSION)\n securityContext:\n \ privileged: true\n ports:\n - containerPort: 9980\n name: readyz\n \ protocol: TCP\n resources:\n requests:\n memory: 50Mi\n \ cpu: 10m\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n value: \"192.168.34.10\"\n \ - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n volumeMounts:\n \ - mountPath: /var/log/etcd/\n name: log-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n - name: etcd-rev\n \ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0117f94d9f2894980a318780f3c0ab2efba02e72bc7ccb267bd44c4900eb0174\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n \n cluster-etcd-operator rev \\\n --endpoints=$(ALL_ETCD_ENDPOINTS) \\\n --client-cert-file=$(ETCDCTL_CERT) \\\n --client-key-file=$(ETCDCTL_KEY) \\\n --client-cacert-file=$(ETCDCTL_CACERT)\n securityContext:\n \ privileged: true\n resources:\n requests:\n memory: 50Mi\n \ cpu: 10m\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n value: \"192.168.34.10\"\n \ - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n volumeMounts:\n \ - mountPath: /var/lib/etcd\n name: data-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n hostNetwork: true\n priorityClassName: system-node-critical\n \ tolerations:\n - operator: \"Exists\"\n volumes:\n - hostPath:\n path: /etc/kubernetes/manifests\n name: static-pod-dir\n - hostPath:\n path: /etc/kubernetes/static-pod-resources/etcd-pod-REVISION\n name: resource-dir\n \ - hostPath:\n path: /etc/kubernetes/static-pod-resources/etcd-certs\n \ name: cert-dir\n - hostPath:\n path: /var/lib/etcd\n type: \"\"\n name: data-dir\n - hostPath:\n path: /usr/local/bin\n \ name: usr-local-bin\n - hostPath:\n path: /var/log/etcd\n name: log-dir\n - hostPath:\n path: /etc/kubernetes\n name: config-dir\n \ - hostPath:\n path: /var/lib/etcd-auto-backup\n name: etcd-auto-backup-dir\n" version: 4.18.0-202509240837.p2.g0f87d4a.assembly.stream.el9-0f87d4a kind: ConfigMap metadata: creationTimestamp: "2025-10-11T10:28:40Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:forceRedeploymentReason: {} f:pod.yaml: {} f:version: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:41:48Z" name: etcd-pod namespace: openshift-etcd resourceVersion: "22051" uid: 5f47b45f-cfdf-4933-8259-cae40822abfc - apiVersion: v1 data: forceRedeploymentReason: "" pod.yaml: "apiVersion: v1\nkind: Pod\nmetadata:\n name: etcd\n namespace: openshift-etcd\n \ annotations:\n kubectl.kubernetes.io/default-container: etcd\n target.workload.openshift.io/management: '{\"effect\": \"PreferredDuringScheduling\"}'\n labels:\n app: etcd\n k8s-app: etcd\n etcd: \"true\"\n revision: \"REVISION\"\nspec:\n initContainers:\n \ - name: setup\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ echo -n \"Fixing etcd log permissions.\"\n mkdir -p /var/log/etcd \ && chmod 0600 /var/log/etcd\n echo -n \"Fixing etcd auto backup permissions.\"\n \ mkdir -p /var/lib/etcd-auto-backup && chmod 0600 /var/lib/etcd-auto-backup\n \ securityContext:\n privileged: true\n resources:\n requests:\n \ memory: 50Mi\n cpu: 5m\n volumeMounts:\n - mountPath: /var/log/etcd\n name: log-dir\n - name: etcd-ensure-env-vars\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ set -euo pipefail\n\n : \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST?not set}\"\n : \"${NODE_NODE_ENVVAR_NAME_ETCD_NAME?not set}\"\n : \"${NODE_NODE_ENVVAR_NAME_IP?not set}\"\n\n # check for ipv4 addresses as well as ipv6 addresses with extra square brackets\n if [[ \"${NODE_NODE_ENVVAR_NAME_IP}\" != \"${NODE_IP}\" && \"${NODE_NODE_ENVVAR_NAME_IP}\" != \"[${NODE_IP}]\" ]]; then\n # echo the error message to stderr\n echo \"Expected node IP to be ${NODE_IP} got ${NODE_NODE_ENVVAR_NAME_IP}\" >&2\n exit 1\n fi\n\n # check for ipv4 addresses as well as ipv6 addresses with extra square brackets\n if [[ \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" != \"${NODE_IP}\" && \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" != \"[${NODE_IP}]\" ]]; then\n # echo the error message to stderr\n echo \"Expected etcd url host to be ${NODE_IP} got ${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" >&2\n exit 1\n fi\n\n resources:\n requests:\n \ memory: 60Mi\n cpu: 10m\n securityContext:\n privileged: true\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n \ value: \"true\"\n - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n \ value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n \ value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n \ value: \"5s\"\n - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n \ - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n \ - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n \ value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n \ value: \"192.168.34.10\"\n - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n \ - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: NODE_IP\n valueFrom:\n fieldRef:\n fieldPath: status.podIP\n \ - name: etcd-resources-copy\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ set -euo pipefail\n\n rm -f $(grep -l '^### Created by cluster-etcd-operator' /usr/local/bin/*)\n cp -p /etc/kubernetes/static-pod-certs/configmaps/etcd-scripts/*.sh /usr/local/bin\n\n resources:\n requests:\n memory: 60Mi\n \ cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n \ - mountPath: /etc/kubernetes/static-pod-resources\n name: resource-dir\n \ - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n \ - mountPath: /usr/local/bin\n name: usr-local-bin\n containers:\n \ # The etcdctl container should always be first. It is intended to be used\n \ # to open a remote shell via `oc rsh` that is ready to run `etcdctl`.\n - name: etcdctl\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - \"/bin/bash\"\n - \"-c\"\n - \"trap TERM INT; sleep infinity & wait\"\n resources:\n requests:\n memory: 60Mi\n \ cpu: 10m\n volumeMounts:\n - mountPath: /etc/kubernetes/manifests\n \ name: static-pod-dir\n - mountPath: /etc/kubernetes/static-pod-resources\n \ name: resource-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n \ env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n value: \"192.168.34.10\"\n \ - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n\n - name: etcd\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n\n etcdctl member list || true\n\n # this has a non-zero return code if the command is non-zero. If you use an export first, it doesn't and you\n # will succeed when you should fail.\n ETCD_INITIAL_CLUSTER=$(discover-etcd-initial-cluster \\\n --cacert=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --cert=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --key=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --endpoints=${ALL_ETCD_ENDPOINTS} \\\n --data-dir=/var/lib/etcd \\\n --target-peer-url-host=${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST} \\\n --target-name=NODE_NAME)\n export ETCD_INITIAL_CLUSTER\n\n \ # we cannot use the \"normal\" port conflict initcontainer because when we upgrade, the existing static pod will never yield,\n # so we do the detection in etcd container itself.\n echo -n \"Waiting for ports 2379, 2380 and 9978 to be released.\"\n time while [ -n \"$(ss -Htan '( sport = 2379 or sport = 2380 or sport = 9978 )')\" ]; do\n echo -n \".\"\n \ sleep 1\n done\n\n export ETCD_NAME=${NODE_NODE_ENVVAR_NAME_ETCD_NAME}\n \ env | grep ETCD | grep -v NODE\n\n set -x\n # See https://etcd.io/docs/v3.4.0/tuning/ for why we use ionice\n exec nice -n -19 ionice -c2 -n0 etcd \\\n --logger=zap \\\n --log-level=info \\\n --experimental-initial-corrupt-check=true \\\n --snapshot-count=10000 \\\n --initial-advertise-peer-urls=https://${NODE_NODE_ENVVAR_NAME_IP}:2380 \\\n --cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \\\n --key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \\\n --trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --client-cert-auth=true \\\n --peer-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --peer-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --peer-trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --peer-client-cert-auth=true \\\n --advertise-client-urls=https://${NODE_NODE_ENVVAR_NAME_IP}:2379 \\\n --listen-client-urls=https://0.0.0.0:2379,unixs://${NODE_NODE_ENVVAR_NAME_IP}:0 \\\n --listen-peer-urls=https://0.0.0.0:2380 \\\n --metrics=extensive \\\n --listen-metrics-urls=https://0.0.0.0:9978 || mv /etc/kubernetes/etcd-backup-dir/etcd-member.yaml /etc/kubernetes/manifests\n ports:\n - containerPort: 2379\n name: etcd\n protocol: TCP\n - containerPort: 2380\n name: etcd-peer\n \ protocol: TCP\n - containerPort: 9978\n name: etcd-metrics\n protocol: TCP\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n value: \"192.168.34.10\"\n \ - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n resources:\n requests:\n \ memory: 600Mi\n cpu: 300m\n readinessProbe:\n httpGet:\n \ port: 9980\n path: readyz\n scheme: HTTPS\n timeoutSeconds: 30\n failureThreshold: 5\n periodSeconds: 5\n successThreshold: 1\n livenessProbe:\n httpGet:\n path: healthz\n port: 9980\n scheme: HTTPS\n timeoutSeconds: 30\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 5\n startupProbe:\n \ httpGet:\n port: 9980\n path: readyz\n scheme: HTTPS\n \ initialDelaySeconds: 10\n timeoutSeconds: 1\n periodSeconds: 10\n successThreshold: 1\n failureThreshold: 18\n securityContext:\n \ privileged: true\n volumeMounts:\n - mountPath: /etc/kubernetes/manifests\n \ name: static-pod-dir\n - mountPath: /etc/kubernetes/static-pod-resources\n \ name: resource-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n\n \ - name: etcd-metrics\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n\n export ETCD_NAME=${NODE_NODE_ENVVAR_NAME_ETCD_NAME}\n\n \ exec nice -n -18 etcd grpc-proxy start \\\n --endpoints https://${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}:9978 \\\n --metrics-addr https://0.0.0.0:9979 \\\n --listen-addr 127.0.0.1:9977 \\\n --advertise-client-url \"\" \\\n --key /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --key-file /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-metrics-NODE_NAME.key \\\n --cert /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --cert-file /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-metrics-NODE_NAME.crt \\\n --cacert /etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --trusted-ca-file /etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/metrics-ca-bundle.crt \\\n --listen-cipher-suites TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \\\n --tls-min-version $(ETCD_TLS_MIN_VERSION)\n ports:\n - containerPort: 9979\n name: proxy-metrics\n protocol: TCP\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ \n - name: \"ETCDCTL_API\"\n value: \"3\"\n \n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ \n - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ \n - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ \n - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ \n - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ \n - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n \n \ - name: \"ETCD_ELECTION_TIMEOUT\"\n value: \"2500\"\n \n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \n - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n \ value: \"3\"\n \n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n \ value: \"200ms\"\n \n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n \ value: \"5s\"\n \n - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n \n - name: \"ETCD_IMAGE\"\n value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ \n - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n \ \n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n \ \n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n \n \ - name: \"ETCD_TLS_MIN_VERSION\"\n value: \"TLS1.2\"\n \n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n \n - name: \"NODE_master_0_ETCD_URL_HOST\"\n \ value: \"192.168.34.10\"\n \n - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n \n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n \n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n \n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n \ \n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ \n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n resources:\n \ requests:\n memory: 200Mi\n cpu: 40m\n securityContext:\n \ privileged: true\n volumeMounts:\n - mountPath: /etc/kubernetes/static-pod-resources\n \ name: resource-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n \ - name: etcd-readyz\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0117f94d9f2894980a318780f3c0ab2efba02e72bc7ccb267bd44c4900eb0174\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n \n exec nice -n -18 cluster-etcd-operator readyz \\\n --target=https://localhost:2379 \\\n --listen-port=9980 \\\n --serving-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \\\n --serving-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \\\n --client-cert-file=$(ETCDCTL_CERT) \\\n --client-key-file=$(ETCDCTL_KEY) \\\n --client-cacert-file=$(ETCDCTL_CACERT) \\\n --listen-cipher-suites TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \\\n --listen-tls-min-version=$(ETCD_TLS_MIN_VERSION)\n securityContext:\n \ privileged: true\n ports:\n - containerPort: 9980\n name: readyz\n \ protocol: TCP\n resources:\n requests:\n memory: 50Mi\n \ cpu: 10m\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n value: \"192.168.34.10\"\n \ - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n volumeMounts:\n \ - mountPath: /var/log/etcd/\n name: log-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n - name: etcd-rev\n \ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0117f94d9f2894980a318780f3c0ab2efba02e72bc7ccb267bd44c4900eb0174\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n \n cluster-etcd-operator rev \\\n --endpoints=$(ALL_ETCD_ENDPOINTS) \\\n --client-cert-file=$(ETCDCTL_CERT) \\\n --client-key-file=$(ETCDCTL_KEY) \\\n --client-cacert-file=$(ETCDCTL_CACERT)\n securityContext:\n \ privileged: true\n resources:\n requests:\n memory: 50Mi\n \ cpu: 10m\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n value: \"192.168.34.10\"\n \ - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n volumeMounts:\n \ - mountPath: /var/lib/etcd\n name: data-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n hostNetwork: true\n priorityClassName: system-node-critical\n \ tolerations:\n - operator: \"Exists\"\n volumes:\n - hostPath:\n path: /etc/kubernetes/manifests\n name: static-pod-dir\n - hostPath:\n path: /etc/kubernetes/static-pod-resources/etcd-pod-REVISION\n name: resource-dir\n \ - hostPath:\n path: /etc/kubernetes/static-pod-resources/etcd-certs\n \ name: cert-dir\n - hostPath:\n path: /var/lib/etcd\n type: \"\"\n name: data-dir\n - hostPath:\n path: /usr/local/bin\n \ name: usr-local-bin\n - hostPath:\n path: /var/log/etcd\n name: log-dir\n - hostPath:\n path: /etc/kubernetes\n name: config-dir\n \ - hostPath:\n path: /var/lib/etcd-auto-backup\n name: etcd-auto-backup-dir\n" version: 4.18.0-202509240837.p2.g0f87d4a.assembly.stream.el9-0f87d4a kind: ConfigMap metadata: creationTimestamp: "2025-10-11T10:41:56Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:forceRedeploymentReason: {} f:pod.yaml: {} f:version: {} f:metadata: f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} f:ownerReferences: .: {} k:{"uid":"454be649-df0f-4169-8ab6-2610cf2907c9"}: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:41:56Z" name: etcd-pod-10 namespace: openshift-etcd ownerReferences: - apiVersion: v1 kind: ConfigMap name: revision-status-10 uid: 454be649-df0f-4169-8ab6-2610cf2907c9 resourceVersion: "22111" uid: b61738d0-57fa-4603-8d35-0d625ea0c48d - apiVersion: v1 data: forceRedeploymentReason: "" pod.yaml: "apiVersion: v1\nkind: Pod\nmetadata:\n name: etcd\n namespace: openshift-etcd\n \ annotations:\n kubectl.kubernetes.io/default-container: etcd\n target.workload.openshift.io/management: '{\"effect\": \"PreferredDuringScheduling\"}'\n labels:\n app: etcd\n k8s-app: etcd\n etcd: \"true\"\n revision: \"REVISION\"\nspec:\n initContainers:\n \ - name: setup\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ echo -n \"Fixing etcd log permissions.\"\n mkdir -p /var/log/etcd \ && chmod 0600 /var/log/etcd\n echo -n \"Fixing etcd auto backup permissions.\"\n \ mkdir -p /var/lib/etcd-auto-backup && chmod 0600 /var/lib/etcd-auto-backup\n \ securityContext:\n privileged: true\n resources:\n requests:\n \ memory: 50Mi\n cpu: 5m\n volumeMounts:\n - mountPath: /var/log/etcd\n name: log-dir\n - name: etcd-ensure-env-vars\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ set -euo pipefail\n\n : \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST?not set}\"\n : \"${NODE_NODE_ENVVAR_NAME_ETCD_NAME?not set}\"\n : \"${NODE_NODE_ENVVAR_NAME_IP?not set}\"\n\n # check for ipv4 addresses as well as ipv6 addresses with extra square brackets\n if [[ \"${NODE_NODE_ENVVAR_NAME_IP}\" != \"${NODE_IP}\" && \"${NODE_NODE_ENVVAR_NAME_IP}\" != \"[${NODE_IP}]\" ]]; then\n # echo the error message to stderr\n echo \"Expected node IP to be ${NODE_IP} got ${NODE_NODE_ENVVAR_NAME_IP}\" >&2\n exit 1\n fi\n\n # check for ipv4 addresses as well as ipv6 addresses with extra square brackets\n if [[ \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" != \"${NODE_IP}\" && \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" != \"[${NODE_IP}]\" ]]; then\n # echo the error message to stderr\n echo \"Expected etcd url host to be ${NODE_IP} got ${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" >&2\n exit 1\n fi\n\n resources:\n requests:\n \ memory: 60Mi\n cpu: 10m\n securityContext:\n privileged: true\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n \ value: \"true\"\n - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n \ value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n \ value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n \ value: \"5s\"\n - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n \ - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n \ - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n value: \"TLS1.2\"\n - name: \"NODE_master_1_ETCD_NAME\"\n \ value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n \ - name: NODE_IP\n valueFrom:\n fieldRef:\n fieldPath: status.podIP\n - name: etcd-resources-copy\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ set -euo pipefail\n\n rm -f $(grep -l '^### Created by cluster-etcd-operator' /usr/local/bin/*)\n cp -p /etc/kubernetes/static-pod-certs/configmaps/etcd-scripts/*.sh /usr/local/bin\n\n resources:\n requests:\n memory: 60Mi\n \ cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n \ - mountPath: /etc/kubernetes/static-pod-resources\n name: resource-dir\n \ - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n \ - mountPath: /usr/local/bin\n name: usr-local-bin\n containers:\n \ # The etcdctl container should always be first. It is intended to be used\n \ # to open a remote shell via `oc rsh` that is ready to run `etcdctl`.\n - name: etcdctl\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - \"/bin/bash\"\n - \"-c\"\n - \"trap TERM INT; sleep infinity & wait\"\n resources:\n requests:\n memory: 60Mi\n \ cpu: 10m\n volumeMounts:\n - mountPath: /etc/kubernetes/manifests\n \ name: static-pod-dir\n - mountPath: /etc/kubernetes/static-pod-resources\n \ name: resource-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n \ env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n \ - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n \ value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n\n \ - name: etcd\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n\n etcdctl member list || true\n\n # this has a non-zero return code if the command is non-zero. If you use an export first, it doesn't and you\n # will succeed when you should fail.\n ETCD_INITIAL_CLUSTER=$(discover-etcd-initial-cluster \\\n --cacert=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --cert=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --key=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --endpoints=${ALL_ETCD_ENDPOINTS} \\\n --data-dir=/var/lib/etcd \\\n --target-peer-url-host=${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST} \\\n --target-name=NODE_NAME)\n export ETCD_INITIAL_CLUSTER\n\n \ # we cannot use the \"normal\" port conflict initcontainer because when we upgrade, the existing static pod will never yield,\n # so we do the detection in etcd container itself.\n echo -n \"Waiting for ports 2379, 2380 and 9978 to be released.\"\n time while [ -n \"$(ss -Htan '( sport = 2379 or sport = 2380 or sport = 9978 )')\" ]; do\n echo -n \".\"\n \ sleep 1\n done\n\n export ETCD_NAME=${NODE_NODE_ENVVAR_NAME_ETCD_NAME}\n \ env | grep ETCD | grep -v NODE\n\n set -x\n # See https://etcd.io/docs/v3.4.0/tuning/ for why we use ionice\n exec nice -n -19 ionice -c2 -n0 etcd \\\n --logger=zap \\\n --log-level=info \\\n --experimental-initial-corrupt-check=true \\\n --snapshot-count=10000 \\\n --initial-advertise-peer-urls=https://${NODE_NODE_ENVVAR_NAME_IP}:2380 \\\n --cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \\\n --key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \\\n --trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --client-cert-auth=true \\\n --peer-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --peer-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --peer-trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --peer-client-cert-auth=true \\\n --advertise-client-urls=https://${NODE_NODE_ENVVAR_NAME_IP}:2379 \\\n --listen-client-urls=https://0.0.0.0:2379,unixs://${NODE_NODE_ENVVAR_NAME_IP}:0 \\\n --listen-peer-urls=https://0.0.0.0:2380 \\\n --metrics=extensive \\\n --listen-metrics-urls=https://0.0.0.0:9978 || mv /etc/kubernetes/etcd-backup-dir/etcd-member.yaml /etc/kubernetes/manifests\n ports:\n - containerPort: 2379\n name: etcd\n protocol: TCP\n - containerPort: 2380\n name: etcd-peer\n \ protocol: TCP\n - containerPort: 9978\n name: etcd-metrics\n protocol: TCP\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n \ - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n \ value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n \ resources:\n requests:\n memory: 600Mi\n cpu: 300m\n \ readinessProbe:\n httpGet:\n port: 9980\n path: readyz\n \ scheme: HTTPS\n timeoutSeconds: 30\n failureThreshold: 5\n \ periodSeconds: 5\n successThreshold: 1\n livenessProbe:\n httpGet:\n \ path: healthz\n port: 9980\n scheme: HTTPS\n timeoutSeconds: 30\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 5\n startupProbe:\n httpGet:\n port: 9980\n path: readyz\n \ scheme: HTTPS\n initialDelaySeconds: 10\n timeoutSeconds: 1\n periodSeconds: 10\n successThreshold: 1\n failureThreshold: 18\n securityContext:\n privileged: true\n volumeMounts:\n - mountPath: /etc/kubernetes/manifests\n name: static-pod-dir\n - mountPath: /etc/kubernetes/static-pod-resources\n name: resource-dir\n \ - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n \ - mountPath: /var/lib/etcd/\n name: data-dir\n\n - name: etcd-metrics\n \ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n\n export ETCD_NAME=${NODE_NODE_ENVVAR_NAME_ETCD_NAME}\n\n \ exec nice -n -18 etcd grpc-proxy start \\\n --endpoints https://${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}:9978 \\\n --metrics-addr https://0.0.0.0:9979 \\\n --listen-addr 127.0.0.1:9977 \\\n --advertise-client-url \"\" \\\n --key /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --key-file /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-metrics-NODE_NAME.key \\\n --cert /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --cert-file /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-metrics-NODE_NAME.crt \\\n --cacert /etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --trusted-ca-file /etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/metrics-ca-bundle.crt \\\n --listen-cipher-suites TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \\\n --tls-min-version $(ETCD_TLS_MIN_VERSION)\n ports:\n - containerPort: 9979\n name: proxy-metrics\n protocol: TCP\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ \n - name: \"ETCDCTL_API\"\n value: \"3\"\n \n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ \n - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ \n - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ \n - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ \n - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ \n - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n \n \ - name: \"ETCD_ELECTION_TIMEOUT\"\n value: \"2500\"\n \n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \n - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n \ value: \"3\"\n \n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n \ value: \"200ms\"\n \n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n \ value: \"5s\"\n \n - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n \n - name: \"ETCD_IMAGE\"\n value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ \n - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n \ \n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n \ \n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n \n \ - name: \"ETCD_TLS_MIN_VERSION\"\n value: \"TLS1.2\"\n \n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n \n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n \n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n \n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \n - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n \ - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n resources:\n \ requests:\n memory: 200Mi\n cpu: 40m\n securityContext:\n \ privileged: true\n volumeMounts:\n - mountPath: /etc/kubernetes/static-pod-resources\n \ name: resource-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n \ - name: etcd-readyz\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0117f94d9f2894980a318780f3c0ab2efba02e72bc7ccb267bd44c4900eb0174\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n \n exec nice -n -18 cluster-etcd-operator readyz \\\n --target=https://localhost:2379 \\\n --listen-port=9980 \\\n --serving-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \\\n --serving-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \\\n --client-cert-file=$(ETCDCTL_CERT) \\\n --client-key-file=$(ETCDCTL_KEY) \\\n --client-cacert-file=$(ETCDCTL_CACERT) \\\n --listen-cipher-suites TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \\\n --listen-tls-min-version=$(ETCD_TLS_MIN_VERSION)\n securityContext:\n \ privileged: true\n ports:\n - containerPort: 9980\n name: readyz\n \ protocol: TCP\n resources:\n requests:\n memory: 50Mi\n \ cpu: 10m\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n - name: \"ETCDCTL_API\"\n \ value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n \ - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n \ value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n volumeMounts:\n - mountPath: /var/log/etcd/\n name: log-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n - name: etcd-rev\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0117f94d9f2894980a318780f3c0ab2efba02e72bc7ccb267bd44c4900eb0174\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n \n cluster-etcd-operator rev \\\n --endpoints=$(ALL_ETCD_ENDPOINTS) \\\n --client-cert-file=$(ETCDCTL_CERT) \\\n --client-key-file=$(ETCDCTL_KEY) \\\n --client-cacert-file=$(ETCDCTL_CACERT)\n securityContext:\n \ privileged: true\n resources:\n requests:\n memory: 50Mi\n \ cpu: 10m\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n - name: \"ETCDCTL_API\"\n \ value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n \ - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n \ value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n volumeMounts:\n - mountPath: /var/lib/etcd\n name: data-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n \ hostNetwork: true\n priorityClassName: system-node-critical\n tolerations:\n \ - operator: \"Exists\"\n volumes:\n - hostPath:\n path: /etc/kubernetes/manifests\n \ name: static-pod-dir\n - hostPath:\n path: /etc/kubernetes/static-pod-resources/etcd-pod-REVISION\n \ name: resource-dir\n - hostPath:\n path: /etc/kubernetes/static-pod-resources/etcd-certs\n \ name: cert-dir\n - hostPath:\n path: /var/lib/etcd\n type: \"\"\n name: data-dir\n - hostPath:\n path: /usr/local/bin\n \ name: usr-local-bin\n - hostPath:\n path: /var/log/etcd\n name: log-dir\n - hostPath:\n path: /etc/kubernetes\n name: config-dir\n \ - hostPath:\n path: /var/lib/etcd-auto-backup\n name: etcd-auto-backup-dir\n" version: 4.18.0-202509240837.p2.g0f87d4a.assembly.stream.el9-0f87d4a kind: ConfigMap metadata: creationTimestamp: "2025-10-11T10:38:54Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:forceRedeploymentReason: {} f:pod.yaml: {} f:version: {} f:metadata: f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} f:ownerReferences: .: {} k:{"uid":"851e3dc1-74bc-4b3b-8e17-3db716f22d4e"}: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:38:54Z" name: etcd-pod-6 namespace: openshift-etcd ownerReferences: - apiVersion: v1 kind: ConfigMap name: revision-status-6 uid: 851e3dc1-74bc-4b3b-8e17-3db716f22d4e resourceVersion: "19291" uid: 1965987a-dffd-44d0-8bec-4074afd12fc8 - apiVersion: v1 data: forceRedeploymentReason: "" pod.yaml: "apiVersion: v1\nkind: Pod\nmetadata:\n name: etcd\n namespace: openshift-etcd\n \ annotations:\n kubectl.kubernetes.io/default-container: etcd\n target.workload.openshift.io/management: '{\"effect\": \"PreferredDuringScheduling\"}'\n labels:\n app: etcd\n k8s-app: etcd\n etcd: \"true\"\n revision: \"REVISION\"\nspec:\n initContainers:\n \ - name: setup\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ echo -n \"Fixing etcd log permissions.\"\n mkdir -p /var/log/etcd \ && chmod 0600 /var/log/etcd\n echo -n \"Fixing etcd auto backup permissions.\"\n \ mkdir -p /var/lib/etcd-auto-backup && chmod 0600 /var/lib/etcd-auto-backup\n \ securityContext:\n privileged: true\n resources:\n requests:\n \ memory: 50Mi\n cpu: 5m\n volumeMounts:\n - mountPath: /var/log/etcd\n name: log-dir\n - name: etcd-ensure-env-vars\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ set -euo pipefail\n\n : \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST?not set}\"\n : \"${NODE_NODE_ENVVAR_NAME_ETCD_NAME?not set}\"\n : \"${NODE_NODE_ENVVAR_NAME_IP?not set}\"\n\n # check for ipv4 addresses as well as ipv6 addresses with extra square brackets\n if [[ \"${NODE_NODE_ENVVAR_NAME_IP}\" != \"${NODE_IP}\" && \"${NODE_NODE_ENVVAR_NAME_IP}\" != \"[${NODE_IP}]\" ]]; then\n # echo the error message to stderr\n echo \"Expected node IP to be ${NODE_IP} got ${NODE_NODE_ENVVAR_NAME_IP}\" >&2\n exit 1\n fi\n\n # check for ipv4 addresses as well as ipv6 addresses with extra square brackets\n if [[ \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" != \"${NODE_IP}\" && \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" != \"[${NODE_IP}]\" ]]; then\n # echo the error message to stderr\n echo \"Expected etcd url host to be ${NODE_IP} got ${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" >&2\n exit 1\n fi\n\n resources:\n requests:\n \ memory: 60Mi\n cpu: 10m\n securityContext:\n privileged: true\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n \ value: \"true\"\n - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n \ value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n \ value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n \ value: \"5s\"\n - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n \ - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n \ - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n value: \"TLS1.2\"\n - name: \"NODE_master_1_ETCD_NAME\"\n \ value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n \ - name: NODE_IP\n valueFrom:\n fieldRef:\n fieldPath: status.podIP\n - name: etcd-resources-copy\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ set -euo pipefail\n\n rm -f $(grep -l '^### Created by cluster-etcd-operator' /usr/local/bin/*)\n cp -p /etc/kubernetes/static-pod-certs/configmaps/etcd-scripts/*.sh /usr/local/bin\n\n resources:\n requests:\n memory: 60Mi\n \ cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n \ - mountPath: /etc/kubernetes/static-pod-resources\n name: resource-dir\n \ - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n \ - mountPath: /usr/local/bin\n name: usr-local-bin\n containers:\n \ # The etcdctl container should always be first. It is intended to be used\n \ # to open a remote shell via `oc rsh` that is ready to run `etcdctl`.\n - name: etcdctl\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - \"/bin/bash\"\n - \"-c\"\n - \"trap TERM INT; sleep infinity & wait\"\n resources:\n requests:\n memory: 60Mi\n \ cpu: 10m\n volumeMounts:\n - mountPath: /etc/kubernetes/manifests\n \ name: static-pod-dir\n - mountPath: /etc/kubernetes/static-pod-resources\n \ name: resource-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n \ env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n \ - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n \ value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n\n \ - name: etcd\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n\n etcdctl member list || true\n\n # this has a non-zero return code if the command is non-zero. If you use an export first, it doesn't and you\n # will succeed when you should fail.\n ETCD_INITIAL_CLUSTER=$(discover-etcd-initial-cluster \\\n --cacert=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --cert=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --key=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --endpoints=${ALL_ETCD_ENDPOINTS} \\\n --data-dir=/var/lib/etcd \\\n --target-peer-url-host=${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST} \\\n --target-name=NODE_NAME)\n export ETCD_INITIAL_CLUSTER\n\n \ # we cannot use the \"normal\" port conflict initcontainer because when we upgrade, the existing static pod will never yield,\n # so we do the detection in etcd container itself.\n echo -n \"Waiting for ports 2379, 2380 and 9978 to be released.\"\n time while [ -n \"$(ss -Htan '( sport = 2379 or sport = 2380 or sport = 9978 )')\" ]; do\n echo -n \".\"\n \ sleep 1\n done\n\n export ETCD_NAME=${NODE_NODE_ENVVAR_NAME_ETCD_NAME}\n \ env | grep ETCD | grep -v NODE\n\n set -x\n # See https://etcd.io/docs/v3.4.0/tuning/ for why we use ionice\n exec nice -n -19 ionice -c2 -n0 etcd \\\n --logger=zap \\\n --log-level=info \\\n --experimental-initial-corrupt-check=true \\\n --snapshot-count=10000 \\\n --initial-advertise-peer-urls=https://${NODE_NODE_ENVVAR_NAME_IP}:2380 \\\n --cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \\\n --key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \\\n --trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --client-cert-auth=true \\\n --peer-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --peer-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --peer-trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --peer-client-cert-auth=true \\\n --advertise-client-urls=https://${NODE_NODE_ENVVAR_NAME_IP}:2379 \\\n --listen-client-urls=https://0.0.0.0:2379,unixs://${NODE_NODE_ENVVAR_NAME_IP}:0 \\\n --listen-peer-urls=https://0.0.0.0:2380 \\\n --metrics=extensive \\\n --listen-metrics-urls=https://0.0.0.0:9978 || mv /etc/kubernetes/etcd-backup-dir/etcd-member.yaml /etc/kubernetes/manifests\n ports:\n - containerPort: 2379\n name: etcd\n protocol: TCP\n - containerPort: 2380\n name: etcd-peer\n \ protocol: TCP\n - containerPort: 9978\n name: etcd-metrics\n protocol: TCP\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n \ - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n \ value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n \ resources:\n requests:\n memory: 600Mi\n cpu: 300m\n \ readinessProbe:\n httpGet:\n port: 9980\n path: readyz\n \ scheme: HTTPS\n timeoutSeconds: 30\n failureThreshold: 5\n \ periodSeconds: 5\n successThreshold: 1\n livenessProbe:\n httpGet:\n \ path: healthz\n port: 9980\n scheme: HTTPS\n timeoutSeconds: 30\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 5\n startupProbe:\n httpGet:\n port: 9980\n path: readyz\n \ scheme: HTTPS\n initialDelaySeconds: 10\n timeoutSeconds: 1\n periodSeconds: 10\n successThreshold: 1\n failureThreshold: 18\n securityContext:\n privileged: true\n volumeMounts:\n - mountPath: /etc/kubernetes/manifests\n name: static-pod-dir\n - mountPath: /etc/kubernetes/static-pod-resources\n name: resource-dir\n \ - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n \ - mountPath: /var/lib/etcd/\n name: data-dir\n\n - name: etcd-metrics\n \ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n\n export ETCD_NAME=${NODE_NODE_ENVVAR_NAME_ETCD_NAME}\n\n \ exec nice -n -18 etcd grpc-proxy start \\\n --endpoints https://${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}:9978 \\\n --metrics-addr https://0.0.0.0:9979 \\\n --listen-addr 127.0.0.1:9977 \\\n --advertise-client-url \"\" \\\n --key /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --key-file /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-metrics-NODE_NAME.key \\\n --cert /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --cert-file /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-metrics-NODE_NAME.crt \\\n --cacert /etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --trusted-ca-file /etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/metrics-ca-bundle.crt \\\n --listen-cipher-suites TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \\\n --tls-min-version $(ETCD_TLS_MIN_VERSION)\n ports:\n - containerPort: 9979\n name: proxy-metrics\n protocol: TCP\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ \n - name: \"ETCDCTL_API\"\n value: \"3\"\n \n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ \n - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ \n - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ \n - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ \n - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ \n - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n \n \ - name: \"ETCD_ELECTION_TIMEOUT\"\n value: \"2500\"\n \n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \n - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n \ value: \"3\"\n \n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n \ value: \"200ms\"\n \n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n \ value: \"5s\"\n \n - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n \n - name: \"ETCD_IMAGE\"\n value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ \n - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n \ \n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n \ \n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n \n \ - name: \"ETCD_TLS_MIN_VERSION\"\n value: \"TLS1.2\"\n \n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n \n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n \n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n \n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \n - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n \ - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n resources:\n \ requests:\n memory: 200Mi\n cpu: 40m\n securityContext:\n \ privileged: true\n volumeMounts:\n - mountPath: /etc/kubernetes/static-pod-resources\n \ name: resource-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n \ - name: etcd-readyz\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0117f94d9f2894980a318780f3c0ab2efba02e72bc7ccb267bd44c4900eb0174\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n \n exec nice -n -18 cluster-etcd-operator readyz \\\n --target=https://localhost:2379 \\\n --listen-port=9980 \\\n --serving-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \\\n --serving-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \\\n --client-cert-file=$(ETCDCTL_CERT) \\\n --client-key-file=$(ETCDCTL_KEY) \\\n --client-cacert-file=$(ETCDCTL_CACERT) \\\n --listen-cipher-suites TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \\\n --listen-tls-min-version=$(ETCD_TLS_MIN_VERSION)\n securityContext:\n \ privileged: true\n ports:\n - containerPort: 9980\n name: readyz\n \ protocol: TCP\n resources:\n requests:\n memory: 50Mi\n \ cpu: 10m\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n - name: \"ETCDCTL_API\"\n \ value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n \ - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n \ value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n volumeMounts:\n - mountPath: /var/log/etcd/\n name: log-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n - name: etcd-rev\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0117f94d9f2894980a318780f3c0ab2efba02e72bc7ccb267bd44c4900eb0174\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n \n cluster-etcd-operator rev \\\n --endpoints=$(ALL_ETCD_ENDPOINTS) \\\n --client-cert-file=$(ETCDCTL_CERT) \\\n --client-key-file=$(ETCDCTL_KEY) \\\n --client-cacert-file=$(ETCDCTL_CACERT)\n securityContext:\n \ privileged: true\n resources:\n requests:\n memory: 50Mi\n \ cpu: 10m\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n - name: \"ETCDCTL_API\"\n \ value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n \ - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n \ value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n volumeMounts:\n - mountPath: /var/lib/etcd\n name: data-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n \ hostNetwork: true\n priorityClassName: system-node-critical\n tolerations:\n \ - operator: \"Exists\"\n volumes:\n - hostPath:\n path: /etc/kubernetes/manifests\n \ name: static-pod-dir\n - hostPath:\n path: /etc/kubernetes/static-pod-resources/etcd-pod-REVISION\n \ name: resource-dir\n - hostPath:\n path: /etc/kubernetes/static-pod-resources/etcd-certs\n \ name: cert-dir\n - hostPath:\n path: /var/lib/etcd\n type: \"\"\n name: data-dir\n - hostPath:\n path: /usr/local/bin\n \ name: usr-local-bin\n - hostPath:\n path: /var/log/etcd\n name: log-dir\n - hostPath:\n path: /etc/kubernetes\n name: config-dir\n \ - hostPath:\n path: /var/lib/etcd-auto-backup\n name: etcd-auto-backup-dir\n" version: 4.18.0-202509240837.p2.g0f87d4a.assembly.stream.el9-0f87d4a kind: ConfigMap metadata: creationTimestamp: "2025-10-11T10:39:18Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:forceRedeploymentReason: {} f:pod.yaml: {} f:version: {} f:metadata: f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} f:ownerReferences: .: {} k:{"uid":"8cfe7c69-6292-463b-8d19-70e1b5629297"}: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:39:18Z" name: etcd-pod-7 namespace: openshift-etcd ownerReferences: - apiVersion: v1 kind: ConfigMap name: revision-status-7 uid: 8cfe7c69-6292-463b-8d19-70e1b5629297 resourceVersion: "19661" uid: 3f50908a-3867-4ae5-8bd4-b416a03fbbb2 - apiVersion: v1 data: forceRedeploymentReason: "" pod.yaml: "apiVersion: v1\nkind: Pod\nmetadata:\n name: etcd\n namespace: openshift-etcd\n \ annotations:\n kubectl.kubernetes.io/default-container: etcd\n target.workload.openshift.io/management: '{\"effect\": \"PreferredDuringScheduling\"}'\n labels:\n app: etcd\n k8s-app: etcd\n etcd: \"true\"\n revision: \"REVISION\"\nspec:\n initContainers:\n \ - name: setup\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ echo -n \"Fixing etcd log permissions.\"\n mkdir -p /var/log/etcd \ && chmod 0600 /var/log/etcd\n echo -n \"Fixing etcd auto backup permissions.\"\n \ mkdir -p /var/lib/etcd-auto-backup && chmod 0600 /var/lib/etcd-auto-backup\n \ securityContext:\n privileged: true\n resources:\n requests:\n \ memory: 50Mi\n cpu: 5m\n volumeMounts:\n - mountPath: /var/log/etcd\n name: log-dir\n - name: etcd-ensure-env-vars\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ set -euo pipefail\n\n : \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST?not set}\"\n : \"${NODE_NODE_ENVVAR_NAME_ETCD_NAME?not set}\"\n : \"${NODE_NODE_ENVVAR_NAME_IP?not set}\"\n\n # check for ipv4 addresses as well as ipv6 addresses with extra square brackets\n if [[ \"${NODE_NODE_ENVVAR_NAME_IP}\" != \"${NODE_IP}\" && \"${NODE_NODE_ENVVAR_NAME_IP}\" != \"[${NODE_IP}]\" ]]; then\n # echo the error message to stderr\n echo \"Expected node IP to be ${NODE_IP} got ${NODE_NODE_ENVVAR_NAME_IP}\" >&2\n exit 1\n fi\n\n # check for ipv4 addresses as well as ipv6 addresses with extra square brackets\n if [[ \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" != \"${NODE_IP}\" && \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" != \"[${NODE_IP}]\" ]]; then\n # echo the error message to stderr\n echo \"Expected etcd url host to be ${NODE_IP} got ${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" >&2\n exit 1\n fi\n\n resources:\n requests:\n \ memory: 60Mi\n cpu: 10m\n securityContext:\n privileged: true\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n \ value: \"true\"\n - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n \ value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n \ value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n \ value: \"5s\"\n - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n \ - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n \ - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n \ value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n \ value: \"192.168.34.10\"\n - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n \ - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: NODE_IP\n valueFrom:\n fieldRef:\n fieldPath: status.podIP\n \ - name: etcd-resources-copy\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ set -euo pipefail\n\n rm -f $(grep -l '^### Created by cluster-etcd-operator' /usr/local/bin/*)\n cp -p /etc/kubernetes/static-pod-certs/configmaps/etcd-scripts/*.sh /usr/local/bin\n\n resources:\n requests:\n memory: 60Mi\n \ cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n \ - mountPath: /etc/kubernetes/static-pod-resources\n name: resource-dir\n \ - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n \ - mountPath: /usr/local/bin\n name: usr-local-bin\n containers:\n \ # The etcdctl container should always be first. It is intended to be used\n \ # to open a remote shell via `oc rsh` that is ready to run `etcdctl`.\n - name: etcdctl\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - \"/bin/bash\"\n - \"-c\"\n - \"trap TERM INT; sleep infinity & wait\"\n resources:\n requests:\n memory: 60Mi\n \ cpu: 10m\n volumeMounts:\n - mountPath: /etc/kubernetes/manifests\n \ name: static-pod-dir\n - mountPath: /etc/kubernetes/static-pod-resources\n \ name: resource-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n \ env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n value: \"192.168.34.10\"\n \ - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n\n - name: etcd\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n\n etcdctl member list || true\n\n # this has a non-zero return code if the command is non-zero. If you use an export first, it doesn't and you\n # will succeed when you should fail.\n ETCD_INITIAL_CLUSTER=$(discover-etcd-initial-cluster \\\n --cacert=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --cert=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --key=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --endpoints=${ALL_ETCD_ENDPOINTS} \\\n --data-dir=/var/lib/etcd \\\n --target-peer-url-host=${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST} \\\n --target-name=NODE_NAME)\n export ETCD_INITIAL_CLUSTER\n\n \ # we cannot use the \"normal\" port conflict initcontainer because when we upgrade, the existing static pod will never yield,\n # so we do the detection in etcd container itself.\n echo -n \"Waiting for ports 2379, 2380 and 9978 to be released.\"\n time while [ -n \"$(ss -Htan '( sport = 2379 or sport = 2380 or sport = 9978 )')\" ]; do\n echo -n \".\"\n \ sleep 1\n done\n\n export ETCD_NAME=${NODE_NODE_ENVVAR_NAME_ETCD_NAME}\n \ env | grep ETCD | grep -v NODE\n\n set -x\n # See https://etcd.io/docs/v3.4.0/tuning/ for why we use ionice\n exec nice -n -19 ionice -c2 -n0 etcd \\\n --logger=zap \\\n --log-level=info \\\n --experimental-initial-corrupt-check=true \\\n --snapshot-count=10000 \\\n --initial-advertise-peer-urls=https://${NODE_NODE_ENVVAR_NAME_IP}:2380 \\\n --cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \\\n --key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \\\n --trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --client-cert-auth=true \\\n --peer-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --peer-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --peer-trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --peer-client-cert-auth=true \\\n --advertise-client-urls=https://${NODE_NODE_ENVVAR_NAME_IP}:2379 \\\n --listen-client-urls=https://0.0.0.0:2379,unixs://${NODE_NODE_ENVVAR_NAME_IP}:0 \\\n --listen-peer-urls=https://0.0.0.0:2380 \\\n --metrics=extensive \\\n --listen-metrics-urls=https://0.0.0.0:9978 || mv /etc/kubernetes/etcd-backup-dir/etcd-member.yaml /etc/kubernetes/manifests\n ports:\n - containerPort: 2379\n name: etcd\n protocol: TCP\n - containerPort: 2380\n name: etcd-peer\n \ protocol: TCP\n - containerPort: 9978\n name: etcd-metrics\n protocol: TCP\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n value: \"192.168.34.10\"\n \ - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n resources:\n requests:\n \ memory: 600Mi\n cpu: 300m\n readinessProbe:\n httpGet:\n \ port: 9980\n path: readyz\n scheme: HTTPS\n timeoutSeconds: 30\n failureThreshold: 5\n periodSeconds: 5\n successThreshold: 1\n livenessProbe:\n httpGet:\n path: healthz\n port: 9980\n scheme: HTTPS\n timeoutSeconds: 30\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 5\n startupProbe:\n \ httpGet:\n port: 9980\n path: readyz\n scheme: HTTPS\n \ initialDelaySeconds: 10\n timeoutSeconds: 1\n periodSeconds: 10\n successThreshold: 1\n failureThreshold: 18\n securityContext:\n \ privileged: true\n volumeMounts:\n - mountPath: /etc/kubernetes/manifests\n \ name: static-pod-dir\n - mountPath: /etc/kubernetes/static-pod-resources\n \ name: resource-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n\n \ - name: etcd-metrics\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n\n export ETCD_NAME=${NODE_NODE_ENVVAR_NAME_ETCD_NAME}\n\n \ exec nice -n -18 etcd grpc-proxy start \\\n --endpoints https://${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}:9978 \\\n --metrics-addr https://0.0.0.0:9979 \\\n --listen-addr 127.0.0.1:9977 \\\n --advertise-client-url \"\" \\\n --key /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --key-file /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-metrics-NODE_NAME.key \\\n --cert /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --cert-file /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-metrics-NODE_NAME.crt \\\n --cacert /etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --trusted-ca-file /etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/metrics-ca-bundle.crt \\\n --listen-cipher-suites TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \\\n --tls-min-version $(ETCD_TLS_MIN_VERSION)\n ports:\n - containerPort: 9979\n name: proxy-metrics\n protocol: TCP\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ \n - name: \"ETCDCTL_API\"\n value: \"3\"\n \n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ \n - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ \n - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ \n - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ \n - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ \n - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n \n \ - name: \"ETCD_ELECTION_TIMEOUT\"\n value: \"2500\"\n \n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \n - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n \ value: \"3\"\n \n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n \ value: \"200ms\"\n \n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n \ value: \"5s\"\n \n - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n \n - name: \"ETCD_IMAGE\"\n value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ \n - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n \ \n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n \ \n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n \n \ - name: \"ETCD_TLS_MIN_VERSION\"\n value: \"TLS1.2\"\n \n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n \n - name: \"NODE_master_0_ETCD_URL_HOST\"\n \ value: \"192.168.34.10\"\n \n - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n \n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n \n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n \n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n \ \n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ \n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n resources:\n \ requests:\n memory: 200Mi\n cpu: 40m\n securityContext:\n \ privileged: true\n volumeMounts:\n - mountPath: /etc/kubernetes/static-pod-resources\n \ name: resource-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n \ - name: etcd-readyz\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0117f94d9f2894980a318780f3c0ab2efba02e72bc7ccb267bd44c4900eb0174\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n \n exec nice -n -18 cluster-etcd-operator readyz \\\n --target=https://localhost:2379 \\\n --listen-port=9980 \\\n --serving-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \\\n --serving-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \\\n --client-cert-file=$(ETCDCTL_CERT) \\\n --client-key-file=$(ETCDCTL_KEY) \\\n --client-cacert-file=$(ETCDCTL_CACERT) \\\n --listen-cipher-suites TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \\\n --listen-tls-min-version=$(ETCD_TLS_MIN_VERSION)\n securityContext:\n \ privileged: true\n ports:\n - containerPort: 9980\n name: readyz\n \ protocol: TCP\n resources:\n requests:\n memory: 50Mi\n \ cpu: 10m\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n - name: \"ETCDCTL_API\"\n \ value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n value: \"192.168.34.10\"\n \ - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n volumeMounts:\n \ - mountPath: /var/log/etcd/\n name: log-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n - name: etcd-rev\n \ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0117f94d9f2894980a318780f3c0ab2efba02e72bc7ccb267bd44c4900eb0174\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n \n cluster-etcd-operator rev \\\n --endpoints=$(ALL_ETCD_ENDPOINTS) \\\n --client-cert-file=$(ETCDCTL_CERT) \\\n --client-key-file=$(ETCDCTL_KEY) \\\n --client-cacert-file=$(ETCDCTL_CACERT)\n securityContext:\n \ privileged: true\n resources:\n requests:\n memory: 50Mi\n \ cpu: 10m\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n - name: \"ETCDCTL_API\"\n \ value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n value: \"192.168.34.10\"\n \ - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n volumeMounts:\n \ - mountPath: /var/lib/etcd\n name: data-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n hostNetwork: true\n priorityClassName: system-node-critical\n \ tolerations:\n - operator: \"Exists\"\n volumes:\n - hostPath:\n path: /etc/kubernetes/manifests\n name: static-pod-dir\n - hostPath:\n path: /etc/kubernetes/static-pod-resources/etcd-pod-REVISION\n name: resource-dir\n \ - hostPath:\n path: /etc/kubernetes/static-pod-resources/etcd-certs\n \ name: cert-dir\n - hostPath:\n path: /var/lib/etcd\n type: \"\"\n name: data-dir\n - hostPath:\n path: /usr/local/bin\n \ name: usr-local-bin\n - hostPath:\n path: /var/log/etcd\n name: log-dir\n - hostPath:\n path: /etc/kubernetes\n name: config-dir\n \ - hostPath:\n path: /var/lib/etcd-auto-backup\n name: etcd-auto-backup-dir\n" version: 4.18.0-202509240837.p2.g0f87d4a.assembly.stream.el9-0f87d4a kind: ConfigMap metadata: creationTimestamp: "2025-10-11T10:39:27Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:forceRedeploymentReason: {} f:pod.yaml: {} f:version: {} f:metadata: f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} f:ownerReferences: .: {} k:{"uid":"62c9648e-b3fc-4f81-b4c7-df4c8d8ae36d"}: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:39:27Z" name: etcd-pod-8 namespace: openshift-etcd ownerReferences: - apiVersion: v1 kind: ConfigMap name: revision-status-8 uid: 62c9648e-b3fc-4f81-b4c7-df4c8d8ae36d resourceVersion: "19819" uid: dfb28e84-ffde-4c79-8fd2-20dc95741e03 - apiVersion: v1 data: forceRedeploymentReason: "" pod.yaml: "apiVersion: v1\nkind: Pod\nmetadata:\n name: etcd\n namespace: openshift-etcd\n \ annotations:\n kubectl.kubernetes.io/default-container: etcd\n target.workload.openshift.io/management: '{\"effect\": \"PreferredDuringScheduling\"}'\n labels:\n app: etcd\n k8s-app: etcd\n etcd: \"true\"\n revision: \"REVISION\"\nspec:\n initContainers:\n \ - name: setup\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ echo -n \"Fixing etcd log permissions.\"\n mkdir -p /var/log/etcd \ && chmod 0600 /var/log/etcd\n echo -n \"Fixing etcd auto backup permissions.\"\n \ mkdir -p /var/lib/etcd-auto-backup && chmod 0600 /var/lib/etcd-auto-backup\n \ securityContext:\n privileged: true\n resources:\n requests:\n \ memory: 50Mi\n cpu: 5m\n volumeMounts:\n - mountPath: /var/log/etcd\n name: log-dir\n - name: etcd-ensure-env-vars\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ set -euo pipefail\n\n : \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST?not set}\"\n : \"${NODE_NODE_ENVVAR_NAME_ETCD_NAME?not set}\"\n : \"${NODE_NODE_ENVVAR_NAME_IP?not set}\"\n\n # check for ipv4 addresses as well as ipv6 addresses with extra square brackets\n if [[ \"${NODE_NODE_ENVVAR_NAME_IP}\" != \"${NODE_IP}\" && \"${NODE_NODE_ENVVAR_NAME_IP}\" != \"[${NODE_IP}]\" ]]; then\n # echo the error message to stderr\n echo \"Expected node IP to be ${NODE_IP} got ${NODE_NODE_ENVVAR_NAME_IP}\" >&2\n exit 1\n fi\n\n # check for ipv4 addresses as well as ipv6 addresses with extra square brackets\n if [[ \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" != \"${NODE_IP}\" && \"${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" != \"[${NODE_IP}]\" ]]; then\n # echo the error message to stderr\n echo \"Expected etcd url host to be ${NODE_IP} got ${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}\" >&2\n exit 1\n fi\n\n resources:\n requests:\n \ memory: 60Mi\n cpu: 10m\n securityContext:\n privileged: true\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n \ value: \"true\"\n - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n \ value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n \ value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n \ value: \"5s\"\n - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n \ - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n \ - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n \ value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n \ value: \"192.168.34.10\"\n - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n \ - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: NODE_IP\n valueFrom:\n fieldRef:\n fieldPath: status.podIP\n \ - name: etcd-resources-copy\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n \ set -euo pipefail\n\n rm -f $(grep -l '^### Created by cluster-etcd-operator' /usr/local/bin/*)\n cp -p /etc/kubernetes/static-pod-certs/configmaps/etcd-scripts/*.sh /usr/local/bin\n\n resources:\n requests:\n memory: 60Mi\n \ cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n \ - mountPath: /etc/kubernetes/static-pod-resources\n name: resource-dir\n \ - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n \ - mountPath: /usr/local/bin\n name: usr-local-bin\n containers:\n \ # The etcdctl container should always be first. It is intended to be used\n \ # to open a remote shell via `oc rsh` that is ready to run `etcdctl`.\n - name: etcdctl\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - \"/bin/bash\"\n - \"-c\"\n - \"trap TERM INT; sleep infinity & wait\"\n resources:\n requests:\n memory: 60Mi\n \ cpu: 10m\n volumeMounts:\n - mountPath: /etc/kubernetes/manifests\n \ name: static-pod-dir\n - mountPath: /etc/kubernetes/static-pod-resources\n \ name: resource-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n \ env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n value: \"192.168.34.10\"\n \ - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n\n - name: etcd\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n\n etcdctl member list || true\n\n # this has a non-zero return code if the command is non-zero. If you use an export first, it doesn't and you\n # will succeed when you should fail.\n ETCD_INITIAL_CLUSTER=$(discover-etcd-initial-cluster \\\n --cacert=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --cert=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --key=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --endpoints=${ALL_ETCD_ENDPOINTS} \\\n --data-dir=/var/lib/etcd \\\n --target-peer-url-host=${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST} \\\n --target-name=NODE_NAME)\n export ETCD_INITIAL_CLUSTER\n\n \ # we cannot use the \"normal\" port conflict initcontainer because when we upgrade, the existing static pod will never yield,\n # so we do the detection in etcd container itself.\n echo -n \"Waiting for ports 2379, 2380 and 9978 to be released.\"\n time while [ -n \"$(ss -Htan '( sport = 2379 or sport = 2380 or sport = 9978 )')\" ]; do\n echo -n \".\"\n \ sleep 1\n done\n\n export ETCD_NAME=${NODE_NODE_ENVVAR_NAME_ETCD_NAME}\n \ env | grep ETCD | grep -v NODE\n\n set -x\n # See https://etcd.io/docs/v3.4.0/tuning/ for why we use ionice\n exec nice -n -19 ionice -c2 -n0 etcd \\\n --logger=zap \\\n --log-level=info \\\n --experimental-initial-corrupt-check=true \\\n --snapshot-count=10000 \\\n --initial-advertise-peer-urls=https://${NODE_NODE_ENVVAR_NAME_IP}:2380 \\\n --cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \\\n --key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \\\n --trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --client-cert-auth=true \\\n --peer-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --peer-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --peer-trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --peer-client-cert-auth=true \\\n --advertise-client-urls=https://${NODE_NODE_ENVVAR_NAME_IP}:2379 \\\n --listen-client-urls=https://0.0.0.0:2379,unixs://${NODE_NODE_ENVVAR_NAME_IP}:0 \\\n --listen-peer-urls=https://0.0.0.0:2380 \\\n --metrics=extensive \\\n --listen-metrics-urls=https://0.0.0.0:9978 || mv /etc/kubernetes/etcd-backup-dir/etcd-member.yaml /etc/kubernetes/manifests\n ports:\n - containerPort: 2379\n name: etcd\n protocol: TCP\n - containerPort: 2380\n name: etcd-peer\n \ protocol: TCP\n - containerPort: 9978\n name: etcd-metrics\n protocol: TCP\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n value: \"192.168.34.10\"\n \ - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n resources:\n requests:\n \ memory: 600Mi\n cpu: 300m\n readinessProbe:\n httpGet:\n \ port: 9980\n path: readyz\n scheme: HTTPS\n timeoutSeconds: 30\n failureThreshold: 5\n periodSeconds: 5\n successThreshold: 1\n livenessProbe:\n httpGet:\n path: healthz\n port: 9980\n scheme: HTTPS\n timeoutSeconds: 30\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 5\n startupProbe:\n \ httpGet:\n port: 9980\n path: readyz\n scheme: HTTPS\n \ initialDelaySeconds: 10\n timeoutSeconds: 1\n periodSeconds: 10\n successThreshold: 1\n failureThreshold: 18\n securityContext:\n \ privileged: true\n volumeMounts:\n - mountPath: /etc/kubernetes/manifests\n \ name: static-pod-dir\n - mountPath: /etc/kubernetes/static-pod-resources\n \ name: resource-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n\n \ - name: etcd-metrics\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n\n export ETCD_NAME=${NODE_NODE_ENVVAR_NAME_ETCD_NAME}\n\n \ exec nice -n -18 etcd grpc-proxy start \\\n --endpoints https://${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}:9978 \\\n --metrics-addr https://0.0.0.0:9979 \\\n --listen-addr 127.0.0.1:9977 \\\n --advertise-client-url \"\" \\\n --key /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --key-file /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-metrics-NODE_NAME.key \\\n --cert /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --cert-file /etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-metrics-NODE_NAME.crt \\\n --cacert /etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --trusted-ca-file /etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/metrics-ca-bundle.crt \\\n --listen-cipher-suites TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \\\n --tls-min-version $(ETCD_TLS_MIN_VERSION)\n ports:\n - containerPort: 9979\n name: proxy-metrics\n protocol: TCP\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ \n - name: \"ETCDCTL_API\"\n value: \"3\"\n \n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ \n - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ \n - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ \n - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ \n - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ \n - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n \n \ - name: \"ETCD_ELECTION_TIMEOUT\"\n value: \"2500\"\n \n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \n - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n \ value: \"3\"\n \n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n \ value: \"200ms\"\n \n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n \ value: \"5s\"\n \n - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n \n - name: \"ETCD_IMAGE\"\n value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ \n - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n \ \n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n \ \n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n \n \ - name: \"ETCD_TLS_MIN_VERSION\"\n value: \"TLS1.2\"\n \n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n \n - name: \"NODE_master_0_ETCD_URL_HOST\"\n \ value: \"192.168.34.10\"\n \n - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n \n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n \n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n \n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n \ \n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ \n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_VERSION\"\n value: \"REVISION\"\n resources:\n \ requests:\n memory: 200Mi\n cpu: 40m\n securityContext:\n \ privileged: true\n volumeMounts:\n - mountPath: /etc/kubernetes/static-pod-resources\n \ name: resource-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n \ - name: etcd-readyz\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0117f94d9f2894980a318780f3c0ab2efba02e72bc7ccb267bd44c4900eb0174\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n \n exec nice -n -18 cluster-etcd-operator readyz \\\n --target=https://localhost:2379 \\\n --listen-port=9980 \\\n --serving-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \\\n --serving-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \\\n --client-cert-file=$(ETCDCTL_CERT) \\\n --client-key-file=$(ETCDCTL_KEY) \\\n --client-cacert-file=$(ETCDCTL_CACERT) \\\n --listen-cipher-suites TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \\\n --listen-tls-min-version=$(ETCD_TLS_MIN_VERSION)\n securityContext:\n \ privileged: true\n ports:\n - containerPort: 9980\n name: readyz\n \ protocol: TCP\n resources:\n requests:\n memory: 50Mi\n \ cpu: 10m\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n - name: \"ETCDCTL_API\"\n \ value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n value: \"192.168.34.10\"\n \ - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n volumeMounts:\n \ - mountPath: /var/log/etcd/\n name: log-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n - name: etcd-rev\n \ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0117f94d9f2894980a318780f3c0ab2efba02e72bc7ccb267bd44c4900eb0174\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n \n cluster-etcd-operator rev \\\n --endpoints=$(ALL_ETCD_ENDPOINTS) \\\n --client-cert-file=$(ETCDCTL_CERT) \\\n --client-key-file=$(ETCDCTL_KEY) \\\n --client-cacert-file=$(ETCDCTL_CACERT)\n securityContext:\n \ privileged: true\n resources:\n requests:\n memory: 50Mi\n \ cpu: 10m\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n - name: \"ETCDCTL_API\"\n \ value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n \ value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n value: \"true\"\n \ - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n value: \"5s\"\n \ - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n \ value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n \ value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n value: \"192.168.34.10\"\n \ - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n \ value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n \ - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n \ - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n volumeMounts:\n \ - mountPath: /var/lib/etcd\n name: data-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n \ name: cert-dir\n hostNetwork: true\n priorityClassName: system-node-critical\n \ tolerations:\n - operator: \"Exists\"\n volumes:\n - hostPath:\n path: /etc/kubernetes/manifests\n name: static-pod-dir\n - hostPath:\n path: /etc/kubernetes/static-pod-resources/etcd-pod-REVISION\n name: resource-dir\n \ - hostPath:\n path: /etc/kubernetes/static-pod-resources/etcd-certs\n \ name: cert-dir\n - hostPath:\n path: /var/lib/etcd\n type: \"\"\n name: data-dir\n - hostPath:\n path: /usr/local/bin\n \ name: usr-local-bin\n - hostPath:\n path: /var/log/etcd\n name: log-dir\n - hostPath:\n path: /etc/kubernetes\n name: config-dir\n \ - hostPath:\n path: /var/lib/etcd-auto-backup\n name: etcd-auto-backup-dir\n" version: 4.18.0-202509240837.p2.g0f87d4a.assembly.stream.el9-0f87d4a kind: ConfigMap metadata: creationTimestamp: "2025-10-11T10:41:45Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:forceRedeploymentReason: {} f:pod.yaml: {} f:version: {} f:metadata: f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} f:ownerReferences: .: {} k:{"uid":"6f5fd341-70d0-4ee2-916b-4a40010e4337"}: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:41:45Z" name: etcd-pod-9 namespace: openshift-etcd ownerReferences: - apiVersion: v1 kind: ConfigMap name: revision-status-9 uid: 6f5fd341-70d0-4ee2-916b-4a40010e4337 resourceVersion: "21930" uid: 437e75d3-6541-4387-bcae-2098de8403fe - apiVersion: v1 data: cluster-backup.sh: | #!/usr/bin/env bash ### Created by cluster-etcd-operator. DO NOT edit. set -o errexit set -o pipefail set -o errtrace # example # cluster-backup.sh $path-to-snapshot if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" exit 1 fi function usage { echo 'Path to backup dir required: ./cluster-backup.sh [--force] ' exit 1 } IS_DIRTY="" if [ "$1" == "--force" ]; then IS_DIRTY="__POSSIBLY_DIRTY__" shift fi # If the first argument is missing, or it is an existing file, then print usage and exit if [ -z "$1" ] || [ -f "$1" ]; then usage fi if [ ! -d "$1" ]; then mkdir -p "$1" fi function check_if_operator_is_progressing { local operator="$1" if [ ! -f "${KUBECONFIG}" ]; then echo "Valid kubeconfig is not found in kube-apiserver-certs. Exiting!" exit 1 fi progressing=$(oc get co "${operator}" -o jsonpath='{.status.conditions[?(@.type=="Progressing")].status}') || true if [ "$progressing" == "" ]; then echo "Could not find the status of the $operator. Check if the API server is running. Pass the --force flag to skip checks." exit 1 elif [ "$progressing" != "False" ]; then echo "Currently the $operator operator is progressing. A reliable backup requires that a rollout is not in progress. Aborting!" exit 1 fi } # backup latest static pod resources function backup_latest_kube_static_resources { local backup_tar_file="$1" local backup_resource_list=("kube-apiserver" "kube-controller-manager" "kube-scheduler" "etcd") local latest_resource_dirs=() for resource in "${backup_resource_list[@]}"; do if [ ! -f "/etc/kubernetes/manifests/${resource}-pod.yaml" ]; then echo "error finding manifests for the ${resource} pod. please check if it is running." exit 1 fi local latest_resource latest_resource=$(grep -o -m 1 "/etc/kubernetes/static-pod-resources/${resource}-pod-[0-9]*" "/etc/kubernetes/manifests/${resource}-pod.yaml") || true if [ -z "${latest_resource}" ]; then echo "error finding static-pod-resources for the ${resource} pod. please check if it is running." exit 1 fi if [ "${IS_DIRTY}" == "" ]; then check_if_operator_is_progressing "${resource}" fi echo "found latest ${resource}: ${latest_resource}" latest_resource_dirs+=("${latest_resource#${CONFIG_FILE_DIR}/}") done # tar latest resources with the path relative to CONFIG_FILE_DIR tar -cpzf "$backup_tar_file" -C "${CONFIG_FILE_DIR}" "${latest_resource_dirs[@]}" chmod 600 "$backup_tar_file" } function source_required_dependency { local src_path="$1" if [ ! -f "${src_path}" ]; then echo "required dependencies not found, please ensure this script is run on a node with a functional etcd static pod" exit 1 fi # shellcheck disable=SC1090 source "${src_path}" } BACKUP_DIR="$1" DATESTRING=$(date "+%F_%H%M%S") BACKUP_TAR_FILE=${BACKUP_DIR}/static_kuberesources_${DATESTRING}${IS_DIRTY}.tar.gz SNAPSHOT_FILE="${BACKUP_DIR}/snapshot_${DATESTRING}${IS_DIRTY}.db" trap 'rm -f ${BACKUP_TAR_FILE} ${SNAPSHOT_FILE}' ERR source_required_dependency /etc/kubernetes/static-pod-resources/etcd-certs/configmaps/etcd-scripts/etcd.env source_required_dependency /etc/kubernetes/static-pod-resources/etcd-certs/configmaps/etcd-scripts/etcd-common-tools # replacing the value of variables sourced form etcd.env to use the local node folders if the script is not running into the cluster-backup pod if [ ! -f "${ETCDCTL_CACERT}" ]; then echo "Certificate ${ETCDCTL_CACERT} is missing. Checking in different directory" export ETCDCTL_CACERT=$(echo ${ETCDCTL_CACERT} | sed -e "s|static-pod-certs|static-pod-resources/etcd-certs|") export ETCDCTL_CERT=$(echo ${ETCDCTL_CERT} | sed -e "s|static-pod-certs|static-pod-resources/etcd-certs|") export ETCDCTL_KEY=$(echo ${ETCDCTL_KEY} | sed -e "s|static-pod-certs|static-pod-resources/etcd-certs|") if [ ! -f "${ETCDCTL_CACERT}" ]; then echo "Certificate ${ETCDCTL_CACERT} is also missing in the second directory. Exiting!" exit 1 else echo "Certificate ${ETCDCTL_CACERT} found!" fi fi backup_latest_kube_static_resources "${BACKUP_TAR_FILE}" # Download etcdctl and get the etcd snapshot dl_etcdctl # snapshot save will continue to stay in etcdctl ETCDCTL_ENDPOINTS="https://${NODE_NODE_ENVVAR_NAME_IP}:2379" etcdctl snapshot save "${SNAPSHOT_FILE}" # Check the integrity of the snapshot check_snapshot_status "${SNAPSHOT_FILE}" snapshot_failed=$? # If check_snapshot_status returned 1 it failed, so exit with code 1 if [[ $snapshot_failed -eq 1 ]]; then echo "snapshot failed with exit code ${snapshot_failed}" exit 1 fi echo "snapshot db and kube resources are successfully saved to ${BACKUP_DIR}" cluster-restore.sh: |+ #!/usr/bin/env bash ### Created by cluster-etcd-operator. DO NOT edit. set -o errexit set -o pipefail set -o errtrace # example # ./cluster-restore.sh $path-to-backup # ETCD_ETCDCTL_RESTORE - when set this script will use `etcdctl snapshot restore` instead of a restore pod yaml, # which can be used when restoring a single member (e.g. on single node OCP). # Syncing very big snapshots (>8GiB) from the leader might also be expensive, this aids in # keeping the amount of data pulled to a minimum. This option will neither rev-bump nor mark-compact. if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" exit 1 fi function source_required_dependency { local src_path="$1" if [ ! -f "${src_path}" ]; then echo "required dependencies not found, please ensure this script is run on a node with a functional etcd static pod" exit 1 fi # shellcheck disable=SC1090 source "${src_path}" } source_required_dependency /etc/kubernetes/static-pod-resources/etcd-certs/configmaps/etcd-scripts/etcd.env source_required_dependency /etc/kubernetes/static-pod-resources/etcd-certs/configmaps/etcd-scripts/etcd-common-tools function usage() { echo 'Path to the directory containing backup files is required: ./cluster-restore.sh ' echo 'The backup directory is expected to be contain two files:' echo ' 1. etcd snapshot' echo ' 2. A copy of the Static POD resources at the time of backup' exit 1 } # If the argument is not passed, or if it is not a directory, print usage and exit. if [ "$1" == "" ] || [ ! -d "$1" ]; then usage fi function restore_static_pods() { local backup_file="$1" shift local static_pods=("$@") for pod_file_name in "${static_pods[@]}"; do backup_pod_path=$(tar -tvf "${backup_file}" "*${pod_file_name}" | awk '{ print $6 }') || true if [ -z "${backup_pod_path}" ]; then echo "${pod_file_name} does not exist in ${backup_file}" exit 1 fi echo "starting ${pod_file_name}" tar -xvf "${backup_file}" --strip-components=2 -C "${MANIFEST_DIR}"/ "${backup_pod_path}" done } BACKUP_DIR="$1" # shellcheck disable=SC2012 BACKUP_FILE=$(ls -vd "${BACKUP_DIR}"/static_kuberesources*.tar.gz | tail -1) || true # shellcheck disable=SC2012 SNAPSHOT_FILE=$(ls -vd "${BACKUP_DIR}"/snapshot*.db | tail -1) || true ETCD_STATIC_POD_LIST=("etcd-pod.yaml") ETCD_STATIC_POD_CONTAINERS=("etcd" "etcdctl" "etcd-metrics" "etcd-readyz" "etcd-rev" "etcd-backup-server") if [ ! -f "${SNAPSHOT_FILE}" ]; then echo "etcd snapshot ${SNAPSHOT_FILE} does not exist" exit 1 fi # Download etcdctl and check the snapshot status dl_etcdctl check_snapshot_status "${SNAPSHOT_FILE}" ETCD_CLIENT="${ETCD_ETCDCTL_BIN+etcdctl}" if [ -n "${ETCD_ETCDUTL_BIN}" ]; then ETCD_CLIENT="${ETCD_ETCDUTL_BIN}" fi # always move etcd pod and wait for all containers to exit mv_static_pods "${ETCD_STATIC_POD_LIST[@]}" wait_for_containers_to_stop "${ETCD_STATIC_POD_CONTAINERS[@]}" if [ ! -d "${ETCD_DATA_DIR_BACKUP}" ]; then mkdir -p "${ETCD_DATA_DIR_BACKUP}" fi # backup old data-dir if [ -d "${ETCD_DATA_DIR}/member" ]; then if [ -d "${ETCD_DATA_DIR_BACKUP}/member" ]; then echo "removing previous backup ${ETCD_DATA_DIR_BACKUP}/member" rm -rf "${ETCD_DATA_DIR_BACKUP}"/member fi echo "Moving etcd data-dir ${ETCD_DATA_DIR}/member to ${ETCD_DATA_DIR_BACKUP}" mv "${ETCD_DATA_DIR}"/member "${ETCD_DATA_DIR_BACKUP}"/ fi if [ -z "${ETCD_ETCDCTL_RESTORE}" ]; then # Restore static pod resources tar -C "${CONFIG_FILE_DIR}" -xzf "${BACKUP_FILE}" static-pod-resources # Copy snapshot to backupdir cp -p "${SNAPSHOT_FILE}" "${ETCD_DATA_DIR_BACKUP}"/snapshot.db # Move the revision.json when it exists [ ! -f "${ETCD_REV_JSON}" ] || mv -f "${ETCD_REV_JSON}" "${ETCD_DATA_DIR_BACKUP}"/revision.json # removing any fio perf files left behind that could be deleted without problems rm -f "${ETCD_DATA_DIR}"/etcd_perf* # ensure the folder is really empty, otherwise the restore pod will crash loop if [ -n "$(ls -A "${ETCD_DATA_DIR}")" ]; then echo "folder ${ETCD_DATA_DIR} is not empty, please review and remove all files in it" exit 1 fi echo "starting restore-etcd static pod" cp -p "${RESTORE_ETCD_POD_YAML}" "${MANIFEST_DIR}/etcd-pod.yaml" else echo "removing etcd data dir..." rm -rf "${ETCD_DATA_DIR}" mkdir -p "${ETCD_DATA_DIR}" echo "starting snapshot restore through etcdctl..." # We are never going to rev-bump here to ensure we don't cause a revision split between the # remainder of the running cluster and this restore member. Imagine your non-restore quorum members run at rev 100, # we would attempt to rev bump this with snapshot at rev 120, now this member is 20 revisions ahead and RAFT is confused. if ! ${ETCD_CLIENT} snapshot restore "${SNAPSHOT_FILE}" --data-dir="${ETCD_DATA_DIR}"; then echo "Snapshot restore failed. Aborting!" exit 1 fi # start the original etcd static pod again through the new snapshot echo "restoring old etcd pod to start etcd again" mv "${MANIFEST_STOPPED_DIR}/etcd-pod.yaml" "${MANIFEST_DIR}/etcd-pod.yaml" fi disable-etcd.sh: | #!/usr/bin/env bash ### Created by cluster-etcd-operator. DO NOT edit. set -o errexit set -o pipefail set -o errtrace # disable-etcd.sh # This script will move the etcd static pod into the home/core/assets/manifests-stopped folder and wait for all containers to exit. if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" exit 1 fi function source_required_dependency { local src_path="$1" if [ ! -f "${src_path}" ]; then echo "required dependencies not found, please ensure this script is run on a node with a functional etcd static pod" exit 1 fi # shellcheck disable=SC1090 source "${src_path}" } source_required_dependency /etc/kubernetes/static-pod-resources/etcd-certs/configmaps/etcd-scripts/etcd.env source_required_dependency /etc/kubernetes/static-pod-resources/etcd-certs/configmaps/etcd-scripts/etcd-common-tools ETCD_STATIC_POD_LIST=("etcd-pod.yaml") ETCD_STATIC_POD_CONTAINERS=("etcd" "etcdctl" "etcd-metrics" "etcd-readyz" "etcd-rev" "etcd-backup-server") # always move etcd pod and wait for all containers to exit mv_static_pods "${ETCD_STATIC_POD_LIST[@]}" wait_for_containers_to_stop "${ETCD_STATIC_POD_CONTAINERS[@]}" etcd-common-tools: | # Common environment variables ASSET_DIR="/home/core/assets" CONFIG_FILE_DIR="/etc/kubernetes" MANIFEST_DIR="${CONFIG_FILE_DIR}/manifests" ETCD_DATA_DIR="/var/lib/etcd" ETCD_DATA_DIR_BACKUP="/var/lib/etcd-backup" ETCD_REV_JSON="${ETCD_DATA_DIR}/revision.json" MANIFEST_STOPPED_DIR="${ASSET_DIR}/manifests-stopped" RESTORE_ETCD_POD_YAML="${CONFIG_FILE_DIR}/static-pod-resources/etcd-certs/configmaps/restore-etcd-pod/pod.yaml" QUORUM_RESTORE_ETCD_POD_YAML="${CONFIG_FILE_DIR}/static-pod-resources/etcd-certs/configmaps/restore-etcd-pod/quorum-restore-pod.yaml" ETCDCTL_BIN_DIR="${CONFIG_FILE_DIR}/static-pod-resources/bin" PATH=${PATH}:${ETCDCTL_BIN_DIR} export KUBECONFIG="/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/node-kubeconfigs/localhost.kubeconfig" export ETCD_ETCDCTL_BIN="etcdctl" # download etcdctl from download release image function dl_etcdctl { # Avoid caching the binary when podman exists, the etcd image is always available locally and we need a way to update etcdctl. # When we're running from an etcd image there's no podman and we can continue without a download. if ([ -n "$(command -v podman)" ]); then local etcdimg=${ETCD_IMAGE} local etcdctr=$(podman create --authfile=/var/lib/kubelet/config.json ${etcdimg}) local etcdmnt=$(podman mount "${etcdctr}") [ ! -d ${ETCDCTL_BIN_DIR} ] && mkdir -p ${ETCDCTL_BIN_DIR} cp ${etcdmnt}/bin/etcdctl ${ETCDCTL_BIN_DIR}/ if [ -f "${etcdmnt}/bin/etcdutl" ]; then cp ${etcdmnt}/bin/etcdutl ${ETCDCTL_BIN_DIR}/ export ETCD_ETCDUTL_BIN=etcdutl fi if ! [ -x "$(command -v jq)" ]; then cp ${etcdmnt}/bin/jq ${ETCDCTL_BIN_DIR}/ fi umount "${etcdmnt}" podman rm "${etcdctr}" etcdctl version return fi if ([ -x "$(command -v etcdctl)" ]); then echo "etcdctl is already installed" if [ -x "$(command -v etcdutl)" ]; then echo "etcdutl is already installed" export ETCD_ETCDUTL_BIN=etcdutl fi return fi echo "Could neither pull etcdctl nor find it locally in cache. Aborting!" exit 1 } function check_snapshot_status() { local snap_file="$1" ETCD_CLIENT="${ETCD_ETCDCTL_BIN}" if [ -n "${ETCD_ETCDUTL_BIN}" ]; then ETCD_CLIENT="${ETCD_ETCDUTL_BIN}" fi if ! ${ETCD_CLIENT} snapshot status "${snap_file}" -w json; then echo "Backup integrity verification failed. Backup appears corrupted. Aborting!" return 1 fi } function wait_for_containers_to_stop() { local containers=("$@") for container_name in "${containers[@]}"; do echo "Waiting for container ${container_name} to stop" while [[ -n $(crictl ps --label io.kubernetes.container.name="${container_name}" -q) ]]; do echo -n "." sleep 1 done echo "complete" done } function mv_static_pods() { local containers=("$@") # Move manifests and stop static pods if [ ! -d "$MANIFEST_STOPPED_DIR" ]; then mkdir -p "$MANIFEST_STOPPED_DIR" fi for POD_FILE_NAME in "${containers[@]}"; do echo "...stopping ${POD_FILE_NAME}" [ ! -f "${MANIFEST_DIR}/${POD_FILE_NAME}" ] && continue mv "${MANIFEST_DIR}/${POD_FILE_NAME}" "${MANIFEST_STOPPED_DIR}" done } etcd.env: | export ALL_ETCD_ENDPOINTS="https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379" export ETCDCTL_API="3" export ETCDCTL_CACERT="/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt" export ETCDCTL_CERT="/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt" export ETCDCTL_ENDPOINTS="https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379" export ETCDCTL_KEY="/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key" export ETCD_CIPHER_SUITES="TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" export ETCD_DATA_DIR="/var/lib/etcd" export ETCD_ELECTION_TIMEOUT="2500" export ETCD_ENABLE_PPROF="true" export ETCD_EXPERIMENTAL_MAX_LEARNERS="3" export ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION="200ms" export ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL="5s" export ETCD_HEARTBEAT_INTERVAL="500" export ETCD_IMAGE="quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8" export ETCD_INITIAL_CLUSTER_STATE="existing" export ETCD_QUOTA_BACKEND_BYTES="8589934592" export ETCD_SOCKET_REUSE_ADDRESS="true" export ETCD_TLS_MIN_VERSION="TLS1.2" export NODE_master_0_ETCD_NAME="master-0" export NODE_master_0_ETCD_URL_HOST="192.168.34.10" export NODE_master_0_IP="192.168.34.10" export NODE_master_1_ETCD_NAME="master-1" export NODE_master_1_ETCD_URL_HOST="192.168.34.11" export NODE_master_1_IP="192.168.34.11" export NODE_master_2_ETCD_NAME="master-2" export NODE_master_2_ETCD_URL_HOST="192.168.34.12" export NODE_master_2_IP="192.168.34.12" quorum-restore.sh: | #!/usr/bin/env bash ### Created by cluster-etcd-operator. DO NOT edit. set -o errexit set -o pipefail set -o errtrace # ./quorum-restore.sh # This script attempts to restore quorum by spawning a revision-bumped etcd without membership information. if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" exit 1 fi function source_required_dependency { local src_path="$1" if [ ! -f "${src_path}" ]; then echo "required dependencies not found, please ensure this script is run on a node with a functional etcd static pod" exit 1 fi # shellcheck disable=SC1090 source "${src_path}" } source_required_dependency /etc/kubernetes/static-pod-resources/etcd-certs/configmaps/etcd-scripts/etcd.env source_required_dependency /etc/kubernetes/static-pod-resources/etcd-certs/configmaps/etcd-scripts/etcd-common-tools ETCD_STATIC_POD_LIST=("etcd-pod.yaml") ETCD_STATIC_POD_CONTAINERS=("etcd" "etcdctl" "etcd-metrics" "etcd-readyz" "etcd-rev" "etcd-backup-server") # always move etcd pod and wait for all containers to exit mv_static_pods "${ETCD_STATIC_POD_LIST[@]}" wait_for_containers_to_stop "${ETCD_STATIC_POD_CONTAINERS[@]}" echo "starting restore-etcd static pod" cp "${QUORUM_RESTORE_ETCD_POD_YAML}" "${MANIFEST_DIR}/etcd-pod.yaml" kind: ConfigMap metadata: creationTimestamp: "2025-10-11T10:28:40Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:cluster-backup.sh: {} f:cluster-restore.sh: {} f:disable-etcd.sh: {} f:etcd-common-tools: {} f:etcd.env: {} f:quorum-restore.sh: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:41:45Z" name: etcd-scripts namespace: openshift-etcd resourceVersion: "21928" uid: c1cbd509-346e-4cdc-8522-97921347a401 - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDMjCCAhqgAwIBAgIIUTYnMSIgGpEwDQYJKoZIhvcNAQELBQAwNzESMBAGA1UE CxMJb3BlbnNoaWZ0MSEwHwYDVQQDExhrdWJlLWFwaXNlcnZlci1sYi1zaWduZXIw HhcNMjUxMDExMTAxNDAxWhcNMzUxMDA5MTAxNDAxWjA3MRIwEAYDVQQLEwlvcGVu c2hpZnQxITAfBgNVBAMTGGt1YmUtYXBpc2VydmVyLWxiLXNpZ25lcjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVk0B0LFq7q+FPQcuz14PYBSUrsfZI9 gEMWyLLEaCYNuzQCMP5RuHATJ8Tw2BAXkplfaMvZztGQ7e8jgMHSdZEPd0Y5L/0v SCXJcmz7OUSGVWLk4Lv0SZdJ5yoIy2YPn6qOxWZFZfK5pHkCwk2D3c83YwThA9Dz MV8NiEJmTcQvu+ZdEFurYLiF8DzNEUYBcN4gY4tyBxGFFkxzHX0hoLq6EkfqW7++ Pf6GWuoMNDJM+/vz3vyE41tnT9GEOyFzjzhTOaZxS+Xsu9POk840/JBx1Ur1VMF1 3GafWiAtBDQIfrgNbHmAHw2ZlUfZBpLaqs0yAa/YF5ChTwgmxT9ycpECAwEAAaNC MEAwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAx7 ugoRXvd8xok92pCcrZ8xXYzhMA0GCSqGSIb3DQEBCwUAA4IBAQBT1rD25BvG6829 I/7i0sICiVm2X8JZs7kw4g+tbo8pqBEYPcAO+86K4mU/CgShV/RaYM1YPPqj6sbZ vtA7gj9hN8g4PrTjjyaPDPYZxFw6ugFgRcB8Z4okf7cobrNODfwML8Bjy7j99FPs XxcM+VbaUqRo82oBpdtLnYVk1FPKft5wEmPFzVE/b/t0ZKy9h4g/enyQxhsEbGHy hhz+L092nXRWtOwCDt8PpdoFMVzgAy0dV9/s3Km3XsNmq/G20IT4zgt1sgQGOpGT 4FcJr6QRuZVWh2ilPBMrQsPc/MB7jxuspCzwEx2w5zFM4Q7m+4PtUQcWj/mg2wDF jTDrDcuF -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDQDCCAiigAwIBAgIIY5FJXdkjfyIwDQYJKoZIhvcNAQELBQAwPjESMBAGA1UE CxMJb3BlbnNoaWZ0MSgwJgYDVQQDEx9rdWJlLWFwaXNlcnZlci1sb2NhbGhvc3Qt c2lnbmVyMB4XDTI1MTAxMTEwMTQwMVoXDTM1MTAwOTEwMTQwMVowPjESMBAGA1UE CxMJb3BlbnNoaWZ0MSgwJgYDVQQDEx9rdWJlLWFwaXNlcnZlci1sb2NhbGhvc3Qt c2lnbmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5XpmEMFMIsg bWc31ixnJY7LKS2kMlwjoTimuC1uIwbB3NmYuAr3up4fpAkdB/qD6hgnLWHJD2ax x6CFtcdT67KmTgsOD3B79YdxQnFRaZMOeZE9tyJhYp5Yl2saIXcTDUg26Zgzz7FH t0z/b+kzZR+RmiW/fMwbksMbgyOEP27HYAXXoo5vMzbXIVg2yEwjWKsh9fZHjctO CVlr9yIhopbEgpmehO2J7vKE3llK4xzrEgAGhvDozoEk18zotDjY55yUaQaL1QCs e9sGZwTzocd0uTpWgumyZ/RhvekLlDRBbFGY8Ojy5ujAk/1RXGVG7EdG1X9G43VO KTfsFwP1EQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zAdBgNVHQ4EFgQUjE5YJJRa3B85hvamDlaL3SaVvvUwDQYJKoZIhvcNAQELBQAD ggEBAGreTCu43KDfTJcSJ4EO4tSNO8CaWog9TBB6UlArt5OUAfxLTCQgqx+HZhqH olYURkpCmVTuBNXoHx07lVN1lQJNb3RhJmFUTzX4b+1PWEcDEJUYcuyi63soTVrj e2oKZVPkyBehzVIVCRaBKo3A1cGTUiT7OSCmNxSe18Mk2RuN/obJZoxV0ZNO+2Ud w5Kve0WyFMV/+I03hX85R/Hh8xZH98Bjv/XLoXPxWwWLP7WrYkiDRQO2akWX9jXo ww1VovJnWzZuxiYQw276yyuk0SdEOzV6C8+R7p0n+g+ZPkDWkBbjGCw7EqSAOOuT dq6IWoP++PamJSY7sEWrj4V4WW8= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDTDCCAjSgAwIBAgIIXxoegJMIf7wwDQYJKoZIhvcNAQELBQAwRDESMBAGA1UE CxMJb3BlbnNoaWZ0MS4wLAYDVQQDEyVrdWJlLWFwaXNlcnZlci1zZXJ2aWNlLW5l dHdvcmstc2lnbmVyMB4XDTI1MTAxMTEwMTQwMVoXDTM1MTAwOTEwMTQwMVowRDES MBAGA1UECxMJb3BlbnNoaWZ0MS4wLAYDVQQDEyVrdWJlLWFwaXNlcnZlci1zZXJ2 aWNlLW5ldHdvcmstc2lnbmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAwgbBKdesMPmQgd4QQ0bmc0OPXU+10SoYj34CLMEVPqJeHDFek5sTQ7f0oUSN NyvlyFb92PUXmJxI8J/Un9c7G0x1eSky9FCGJaDnEpRBlILmVvhylz8u/lXMTCG+ a9LF7jVTfHlNzZKInqfnpMiURWCP8y0wuVjMSQRQLvLcwlHU1XPRBiZ+DEoJP6o2 KAi/C0u4esWW//D3v6kmVyI0eX+Cn6dH0khEVpiTRXmTFO9fYJai7qZde1YNrYPV /2P/Ja8JY6r4Jeajtll37oLbn1LE+mZcF/nbVufvgvqGzqooAc3IDZHOvsIBlEGu hGVgahyLh6iBY3GQzvf6wIciOQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYD VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+oI6BoyosgV81gHU2AEEpugNXkowDQYJ KoZIhvcNAQELBQADggEBAIRemSi05feww6bRRhW8RavEcfm1f8EcaaHYzm2ycq2+ rPxmQGdSHjrkblC1v2YD19mraiYUIoIM5muYQCN6Z0Fvmq+qxCw1zpZA06GWy/W2 sZ0fSbdcHhR/35lZEIangTuByFBsfvcXizcxAln00czsIfh2887SbCJNRbTrem2z O7YXx7U7OgsDduAc1sRB7tTmpjHN3HThZdSOFnyy/7BLfJIq3UkBAKCmn8JEkU18 uRUh4ViYagWt4g7siGDeU6U0BbrL6xcuS5D1vxzpLVQk9oULl4CgxdCvqF7E2KkK Ync6dgesNR5UcgYhK073GClnv74EY6kw3k5JMymv+qs= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDlzCCAn+gAwIBAgIIXYAi/VS6n+MwDQYJKoZIhvcNAQELBQAwWTFXMFUGA1UE AwxOb3BlbnNoaWZ0LWt1YmUtYXBpc2VydmVyLW9wZXJhdG9yX2xvY2FsaG9zdC1y ZWNvdmVyeS1zZXJ2aW5nLXNpZ25lckAxNzYwMTc4NTAxMB4XDTI1MTAxMTEwMjgy MFoXDTM1MTAwOTEwMjgyMVowWTFXMFUGA1UEAwxOb3BlbnNoaWZ0LWt1YmUtYXBp c2VydmVyLW9wZXJhdG9yX2xvY2FsaG9zdC1yZWNvdmVyeS1zZXJ2aW5nLXNpZ25l ckAxNzYwMTc4NTAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUJ7 1a608DOXg+d+GAG6zNBPLr/TnPlx/Zq73iALqhu3Rc0BO2AG/b71Ao6bGk5q7KUl G8Q981ts/r8wootgqaGH7W+BoeiFOSAG1nrzjZnsIzDNlTXPA4Z16XnKuVDo6Mk3 VMVSY+fj53GPVT5tRSPncCcsLnxK8hzteLQevvpt+ZDCblZi4MsS43UmBU7Z3/si n+I+rdPd4oAti3ThP1YywQeAODpjQ2p6Ajj4zwbGoPbeR4hSmgIgTYKQQ2kNopg4 wSdz+vF40BRdMX7PVjj56y1l3oq4TjWrly5YgpJt6yMJkfYRcf9btQ1THChdSKCq hapfgqEPoG1IU63T2QIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/ BAUwAwEB/zAdBgNVHQ4EFgQUyeKT1952jdsIXbO2Ltzf4bA/2lkwHwYDVR0jBBgw FoAUyeKT1952jdsIXbO2Ltzf4bA/2lkwDQYJKoZIhvcNAQELBQADggEBAI2XSoVM f6P7kOCu3Mp4EhYifbtu7nglEwtSlLrCKWdGde/P3ghX1wguRqfqu7t0A3AGXIY8 kxzXxgrfEyU+/fGyiaMBUPRcWcUdgOW7fpHIcy7OYY0cdIC04hKBHwSN/o8r0Gg0 kpZuJDPtbn84OLr1LGkzgNynQL9OimvF2Gbc3oxyXviVEEu9E8U//ooeuxC8y3y5 alYNMJsU91iA9OMwWsfb50fE14UTVoHkG00lUH+kXHwZgkqGk/rHm1IttVNr/8Qf j92t+fTGgu4/jNxSldNYhJyYIHqczIS6FetPMpz5UOy/i0aLGQ2QuGHmuoCHJSjA qBuPet+qmPY2N5o= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDZzCCAk+gAwIBAgIIC/EnvtSGJRQwDQYJKoZIhvcNAQELBQAwJjEkMCIGA1UE AwwbaW5ncmVzcy1vcGVyYXRvckAxNzYwMTc4NTI3MB4XDTI1MTAxMTEwMjg0N1oX DTI3MTAxMTEwMjg0OFowIzEhMB8GA1UEAwwYKi5hcHBzLm9jcC5vcGVuc3RhY2su bGFiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk79+6fsaH5xsX8Re U5xBtanKB1qFCRfGUZkjZYqaQy1xlXq+4Ynns6DNgq2A3evGfXL/TF5BMG+ruZQP yDygd2OTcqWRo4E4nFPy/UAogTbEXTa9B+Mfm5ekGXCyYOTPKQjQL043zVHYk82B OZNQ9KhpzGPPUl54AMqtSyf+daGfdTF4z96VrzT1kux83vSZyRuLzcIgfYQr7xNC a5Ji/f5DAlNOMiXvA3JhExSxGf1KorgwuBIM9UE8GzSPKxhy5gNFHZqFEfLWdFMa AzN/nAO4q1mlNek04hsvsgTuacJIvYgXNWuUTzCzZUbboXHOwi42i/qwHTIYQSWB 7F1GmQIDAQABo4GbMIGYMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEF BQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSYcovBzhSdsdMFw1pft3VYyIlJ CzAfBgNVHSMEGDAWgBT7kOWpKPM1KbfS8dF3ELXqqARFLTAjBgNVHREEHDAaghgq LmFwcHMub2NwLm9wZW5zdGFjay5sYWIwDQYJKoZIhvcNAQELBQADggEBAHG11rdF Au/Oh7NTrcDZDCk3E/KmjZy7iGla0onSgqJ+iG512dMts8ozh3CGx7xsUM4Um8wP 2KkoENNPD3CtwXwTQkE9i3RwCk4wvqUYFfGqSFpi1J6X/7ULdi3ES9mEFBHd6tO7 AqwCVAqzBy/GXOkF/n4/9/AMP0hHpi5hxqTpl4awAsFEiIhBfQb/6VxbtsYFGNJV Mrr2+83fSJgA/XfdXRlu2s19n5Hum12ObwGsrGwsi+mejADxtzrelIQ2qm0Hkyu0 xCETs+6pk+YlHuEEQlKJ0Ml3IURcn6OHA+rYv68w2+oxa2cu1nVBM5zOn5k4XLzL hj/riXIBMuaX5TA= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDDDCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtpbmdy ZXNzLW9wZXJhdG9yQDE3NjAxNzg1MjcwHhcNMjUxMDExMTAyODQ2WhcNMjcxMDEx MTAyODQ3WjAmMSQwIgYDVQQDDBtpbmdyZXNzLW9wZXJhdG9yQDE3NjAxNzg1Mjcw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFXnDFqNlvUbJgtJo9NOkH rhLh6guRmXG2JjmgqspD198TRK4BK+sIOyNecFpgIBhktwKFtn45J+RekqGt35hx Z09nPH/ZRZZmvSizwOGMpWM5bBiROr6XRywcSId9j4jmRUmkpjw+P9Lts9VNQMDG 4aXqzNEkHmjPZWAnBek7t0gkS+vXPUgh+muaHKs8t8vRjIxJyQnavUwLmaVh2Jz2 IsgGB3BL0IZt8u61MBmjxv9PTQP3Y+jn2p9qjPb6ny9v/lMVJZV+JjkwQ+DnDaKS ScbUpy0i3vDyqXIiw7zuwEoDZNiaxgjw9IoY+26X1AJY6bewXvidPDmcq6Zn6bs5 AgMBAAGjRTBDMA4GA1UdDwEB/wQEAwICpDASBgNVHRMBAf8ECDAGAQH/AgEAMB0G A1UdDgQWBBT7kOWpKPM1KbfS8dF3ELXqqARFLTANBgkqhkiG9w0BAQsFAAOCAQEA tuVxiq1mzpWxhPbDTZXRNHXIY3Jkl2Mq1X1YkAOkwErLjhsUsGxbMXWoo/YVrcDx 8qEZ40CZb9qTaI6h8dhpsBtKE2qDV2h/FFbFkFQ2ICBns+zksP5HKy/bCO+bAUK9 +9/VLPCKvMdjwxCoZQVjnRP3/XMoERWSBmbf/A/XMaCiLX8jBlafHTRnG0GjqX1D TwLbV06vmqD42R3oqezFpvjLWUdDwS3QkqJWxpV97Sf/hVJCSq2xcQ/uJ+HcT/tQ 4pekoqc1T7RKjyKFxf1liYH8i27f+tFB8izBb3zCCHGhcL2ZYnArCcZ12IS5Q/qV udczrGf4t3eMaHz4tyhgQQ== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2025-10-11T10:24:35Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2025-10-11T10:35:39Z" name: kube-root-ca.crt namespace: openshift-etcd resourceVersion: "13822" uid: b45a5e44-3525-4539-b3c4-cd83e70f919e - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIILi99DFj68xcwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc2MDE3ODQ5OTAe Fw0yNTEwMTExMDI4MThaFw0yNzEyMTAxMDI4MTlaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NjAxNzg0OTkwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN2F/NrtYheDP52dirb64UnaTwYZyt09Lx fNk4CB/DgPRKIKlXI+Ym/lXQfY4w1af4nCMG5F7v9iH0G0t+bTls6zVwMPfOggbY FZQvLk3z/DUZgYDBNpI7jpXkS3zCFXyGtgEdNvK6+/R5XfSHrgt0zqDqhQozSHCt fx4ZxnNFp2s5C8NiQQh/X3k8xxu4P6o+giIihNMsYAKRZnZjBoxdnr+vxUGLCzIB VzuTNkI9GtVXhpeNI5m1tJp1m0CCEmzBEflExKk2YoYIKjhc067EocUhSlxzYek7 wYyDQTfTyBIlS0mRB0M90nikzzOncFm43pOb81k3FOuZwjqCIMaFAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQnUydn b4IFPQb6f7h04eVoOv/DbzAfBgNVHSMEGDAWgBQnUydnb4IFPQb6f7h04eVoOv/D bzANBgkqhkiG9w0BAQsFAAOCAQEApD3F5xbsO2JnAJGf8/9Etyj/b8vQ+my0t8W0 +GbJ7b5zVcVOpEcCShRYK4uSj2p8oBfB6GpRakYgRLTxSFoN5742mdwApu0WUiSl It7QRytlk86JkxRdaY99vbhk7SsRZA5HVwyg9LFgiT/hIzxasXUx5y0WSUV1T+3K EWC+mosyEEAtvgnIrEMrRXGzqCz6ti1McTHOZcE+p49r281X5swkgOpnnNtjZ13U 2ajLksN8qYkWK0Ehr4xOVagOZN6KMVJNg+ZqG0x61BtmN5Fxrtm91rGqYuBXeN2E TCf1j0pdR8xHoFSTQP2jvlZ4ldxBzT92SiXGO2KPPzQBhRJjFA== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2025-10-11T10:24:35Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2025-10-11T10:24:35Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2025-10-11T10:28:31Z" name: openshift-service-ca.crt namespace: openshift-etcd resourceVersion: "6143" uid: b9e6e6e4-d01f-4555-901f-917c4113571d - apiVersion: v1 data: forceRedeploymentReason: "" pod.yaml: "apiVersion: v1\nkind: Pod\nmetadata:\n name: etcd\n namespace: openshift-etcd\n \ labels:\n app: etcd\n k8s-app: etcd\n etcd: \"true\"\n revision: \"REVISION\"\nspec:\n containers:\n - name: etcd\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n \n export ETCD_NAME=${NODE_NODE_ENVVAR_NAME_ETCD_NAME}\n \ export ETCD_INITIAL_CLUSTER=\"${ETCD_NAME}=https://${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}:2380\"\n \ env | grep ETCD | grep -v NODE\n export ETCD_NODE_PEER_URL=https://${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}:2380\n \ export REV_JSON=\"/var/lib/etcd-backup/revision.json\"\n export SNAPSHOT_FILE=\"/var/lib/etcd-backup/snapshot.db\"\n\n # checking if data directory is empty, if not etcdctl restore will fail \n if [ -n \"$(ls -A \"/var/lib/etcd\")\" ]; then\n echo \"please delete the contents of the /var/lib/etcd directory before restoring, running the restore script will do this for you\"\n exit 1\n fi\n \n ETCD_ETCDCTL_BIN=\"etcdctl\"\n \ if [ -x \"$(command -v etcdutl)\" ]; then\n echo \"found etcdutl, using that instead of etcdctl for local operations\"\n ETCD_ETCDCTL_BIN=\"etcdutl\"\n \ fi \n\n # check if we have backup file to be restored\n \ # if the file exist, check if it has not changed size in last 5 seconds\n \ if [ ! -f \"${SNAPSHOT_FILE}\" ]; then\n echo \"please make a copy of the snapshot db file, then move that copy to ${SNAPSHOT_FILE}\"\n \ exit 1\n else\n filesize=$(stat --format=%s \"${SNAPSHOT_FILE}\")\n \ sleep 5\n newfilesize=$(stat --format=%s \"${SNAPSHOT_FILE}\")\n \ if [ \"$filesize\" != \"$newfilesize\" ]; then\n echo \"file size has changed since last 5 seconds, retry sometime after copying is complete\"\n \ exit 1\n fi\n fi\n \n SNAPSHOT_REV=$(etcdutl snapshot status -wjson \"$SNAPSHOT_FILE\" | jq -r \".revision\")\n echo \"snapshot is at revision ${SNAPSHOT_REV}\"\n \n if [ -n \"$(ls -A \"${REV_JSON}\")\" ]; then\n # this will bump by the amount of the last known live revision + 20% slack.\n # Note: the bump amount is an addition to the current revision stored in the snapshot.\n # We're avoiding to do any math with SNAPSHOT_REV, uint64 has plenty of space to double revisions\n # and we're assuming that full disaster restores are a very rare occurrence anyway.\n BUMP_REV=$(jq -r \"(.maxRaftIndex*1.2|floor)\" \"${REV_JSON}\")\n echo \"bumping revisions by ${BUMP_REV}\"\n else\n \ # we can't take SNAPSHOT_REV as an indicator here, because the snapshot might be much older\n # than any currently live served revision. \n \ # 1bn would be an etcd running at 1000 writes/s for about eleven days.\n echo \"no revision.json found, assuming a 1bn revision bump\"\n \ BUMP_REV=1000000000\n fi\n \n UUID=$(uuidgen)\n \ echo \"restoring to a single node cluster\"\n ${ETCD_ETCDCTL_BIN} snapshot restore \"${SNAPSHOT_FILE}\" \\\n --name $ETCD_NAME \\\n --initial-cluster=$ETCD_INITIAL_CLUSTER \\\n --initial-cluster-token \"openshift-etcd-${UUID}\" \\\n --initial-advertise-peer-urls $ETCD_NODE_PEER_URL \\\n --data-dir=\"/var/lib/etcd/restore-${UUID}\" \\\n --mark-compacted \\\n --bump-revision \"${BUMP_REV}\"\n\n \ mv /var/lib/etcd/restore-${UUID}/* /var/lib/etcd/\n # copy the revision.json back in case a second restore needs to be run afterwards\n if [ -n \"$(ls -A \"${REV_JSON}\")\" ]; then\n cp ${REV_JSON} /var/lib/etcd/\n \ fi\n\n rmdir /var/lib/etcd/restore-${UUID}\n rm /var/lib/etcd-backup/snapshot.db\n\n \ set -x\n exec etcd \\\n --logger=zap \\\n --log-level=info \\\n --initial-advertise-peer-urls=https://${NODE_NODE_ENVVAR_NAME_IP}:2380 \\\n --cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \\\n --key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \\\n --trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --client-cert-auth=true \\\n --peer-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --peer-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --peer-trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --peer-client-cert-auth=true \\\n --advertise-client-urls=https://${NODE_NODE_ENVVAR_NAME_IP}:2379 \\\n --listen-client-urls=https://0.0.0.0:2379 \\\n --listen-peer-urls=https://0.0.0.0:2380 \\\n --metrics=extensive \\\n --listen-metrics-urls=https://0.0.0.0:9978\n \ env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n \ value: \"true\"\n - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n \ value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n \ value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n \ value: \"5s\"\n - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n \ - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n \ - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n \ value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n \ value: \"192.168.34.10\"\n - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n \ - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_REV\"\n value: \"REVISION\"\n resources:\n requests:\n \ memory: 600Mi\n cpu: 300m\n readinessProbe:\n tcpSocket:\n \ port: 2380\n failureThreshold: 3\n initialDelaySeconds: 3\n \ periodSeconds: 5\n successThreshold: 1\n timeoutSeconds: 5\n \ securityContext:\n privileged: true\n volumeMounts:\n - mountPath: /etc/kubernetes/manifests\n name: static-pod-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n - mountPath: /var/lib/etcd-backup/\n \ name: backup-dir\n - name: etcd-readyz\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0117f94d9f2894980a318780f3c0ab2efba02e72bc7ccb267bd44c4900eb0174\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n \n exec nice -n -18 cluster-etcd-operator readyz \\\n --target=https://localhost:2379 \\\n --listen-port=9980 \\\n --serving-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \\\n --serving-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \\\n --client-cert-file=$(ETCDCTL_CERT) \\\n --client-key-file=$(ETCDCTL_KEY) \\\n --client-cacert-file=$(ETCDCTL_CACERT) \\\n --listen-cipher-suites=$(ETCD_CIPHER_SUITES)\n \ securityContext:\n privileged: true\n ports:\n - containerPort: 9980\n name: readyz\n protocol: TCP\n resources:\n requests:\n \ memory: 50Mi\n cpu: 10m\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n \ value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n \ value: \"true\"\n - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n \ value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n \ value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n \ value: \"5s\"\n - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n \ - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n \ - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n \ value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n \ value: \"192.168.34.10\"\n - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n \ - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n volumeMounts:\n \ - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n hostNetwork: true\n priorityClassName: system-node-critical\n tolerations:\n - operator: \"Exists\"\n volumes:\n - hostPath:\n path: /etc/kubernetes/manifests\n \ name: static-pod-dir\n - hostPath:\n path: /etc/kubernetes/static-pod-resources/etcd-certs\n \ name: cert-dir\n - hostPath:\n path: /var/lib/etcd\n type: \"\"\n name: data-dir\n - hostPath:\n path: /var/lib/etcd-backup\n \ type: \"\"\n name: backup-dir\n" quorum-restore-pod.yaml: "apiVersion: v1\nkind: Pod\nmetadata:\n name: etcd\n \ namespace: openshift-etcd\n labels:\n app: etcd\n k8s-app: etcd\n etcd: \"true\"\n revision: \"REVISION\"\nspec:\n containers:\n - name: etcd\n \ image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n \n export REV_JSON=\"/var/lib/etcd/revision.json\"\n \ \n if [ -n \"$(ls -A \"${REV_JSON}\")\" ]; then\n # this will bump by the amount of 20% of the last known live revision. \n \ BUMP_REV=$(jq -r \"(.maxRaftIndex*0.2|floor)\" \"${REV_JSON}\")\n \ echo \"bumping revisions by ${BUMP_REV}\"\n else\n # 1bn would be an etcd running at 1000 writes/s for about eleven days.\n echo \"no revision.json found, assuming a 1bn revision bump\"\n BUMP_REV=1000000000\n \ fi\n \n set -x\n exec etcd \\\n --logger=zap \\\n --log-level=info \\\n --force-new-cluster \\\n --force-new-cluster-bump-amount=\"${BUMP_REV}\" \\\n --name=\"${NODE_NODE_ENVVAR_NAME_ETCD_NAME}\" \\\n --initial-cluster=\"${NODE_NODE_ENVVAR_NAME_ETCD_NAME}=https://${NODE_NODE_ENVVAR_NAME_ETCD_URL_HOST}:2380\" \\\n --initial-advertise-peer-urls=https://${NODE_NODE_ENVVAR_NAME_IP}:2380 \\\n --cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \\\n --key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \\\n --trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --client-cert-auth=true \\\n --peer-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt \\\n --peer-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key \\\n --peer-trusted-ca-file=/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt \\\n --peer-client-cert-auth=true \\\n --advertise-client-urls=https://${NODE_NODE_ENVVAR_NAME_IP}:2379 \\\n --listen-client-urls=https://0.0.0.0:2379 \\\n --listen-peer-urls=https://0.0.0.0:2380 \\\n --metrics=extensive \\\n --listen-metrics-urls=https://0.0.0.0:9978\n \ env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n \ value: \"true\"\n - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n \ value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n \ value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n \ value: \"5s\"\n - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n \ - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n \ - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n \ value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n \ value: \"192.168.34.10\"\n - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n \ - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n - name: \"ETCD_STATIC_POD_REV\"\n value: \"REVISION\"\n resources:\n requests:\n \ memory: 600Mi\n cpu: 300m\n readinessProbe:\n tcpSocket:\n \ port: 2380\n failureThreshold: 3\n initialDelaySeconds: 3\n \ periodSeconds: 5\n successThreshold: 1\n timeoutSeconds: 5\n \ securityContext:\n privileged: true\n volumeMounts:\n - mountPath: /etc/kubernetes/manifests\n name: static-pod-dir\n - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n - mountPath: /var/lib/etcd/\n name: data-dir\n - mountPath: /var/lib/etcd-backup/\n \ name: backup-dir\n - name: etcd-readyz\n image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0117f94d9f2894980a318780f3c0ab2efba02e72bc7ccb267bd44c4900eb0174\n \ imagePullPolicy: IfNotPresent\n terminationMessagePolicy: FallbackToLogsOnError\n \ command:\n - /bin/sh\n - -c\n - |\n #!/bin/sh\n set -euo pipefail\n \n exec nice -n -18 cluster-etcd-operator readyz \\\n --target=https://localhost:2379 \\\n --listen-port=9980 \\\n --serving-cert-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.crt \\\n --serving-key-file=/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-serving-NODE_NAME.key \\\n --client-cert-file=$(ETCDCTL_CERT) \\\n --client-key-file=$(ETCDCTL_KEY) \\\n --client-cacert-file=$(ETCDCTL_CACERT) \\\n --listen-cipher-suites=$(ETCD_CIPHER_SUITES)\n \ securityContext:\n privileged: true\n ports:\n - containerPort: 9980\n name: readyz\n protocol: TCP\n resources:\n requests:\n \ memory: 50Mi\n cpu: 10m\n env:\n - name: \"ALL_ETCD_ENDPOINTS\"\n \ value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_API\"\n value: \"3\"\n - name: \"ETCDCTL_CACERT\"\n \ value: \"/etc/kubernetes/static-pod-certs/configmaps/etcd-all-bundles/server-ca-bundle.crt\"\n \ - name: \"ETCDCTL_CERT\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.crt\"\n \ - name: \"ETCDCTL_ENDPOINTS\"\n value: \"https://192.168.34.10:2379,https://192.168.34.11:2379,https://192.168.34.12:2379\"\n \ - name: \"ETCDCTL_KEY\"\n value: \"/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs/etcd-peer-NODE_NAME.key\"\n \ - name: \"ETCD_CIPHER_SUITES\"\n value: \"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"\n \ - name: \"ETCD_DATA_DIR\"\n value: \"/var/lib/etcd\"\n - name: \"ETCD_ELECTION_TIMEOUT\"\n value: \"2500\"\n - name: \"ETCD_ENABLE_PPROF\"\n \ value: \"true\"\n - name: \"ETCD_EXPERIMENTAL_MAX_LEARNERS\"\n \ value: \"3\"\n - name: \"ETCD_EXPERIMENTAL_WARNING_APPLY_DURATION\"\n \ value: \"200ms\"\n - name: \"ETCD_EXPERIMENTAL_WATCH_PROGRESS_NOTIFY_INTERVAL\"\n \ value: \"5s\"\n - name: \"ETCD_HEARTBEAT_INTERVAL\"\n value: \"500\"\n - name: \"ETCD_IMAGE\"\n value: \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145b8ac6899b60bd933b5fe64e3eb49ddbc7401a13f30fda6fd207697e8c9ab8\"\n \ - name: \"ETCD_INITIAL_CLUSTER_STATE\"\n value: \"existing\"\n \ - name: \"ETCD_QUOTA_BACKEND_BYTES\"\n value: \"8589934592\"\n \ - name: \"ETCD_SOCKET_REUSE_ADDRESS\"\n value: \"true\"\n - name: \"ETCD_TLS_MIN_VERSION\"\n value: \"TLS1.2\"\n - name: \"NODE_master_0_ETCD_NAME\"\n \ value: \"master-0\"\n - name: \"NODE_master_0_ETCD_URL_HOST\"\n \ value: \"192.168.34.10\"\n - name: \"NODE_master_0_IP\"\n value: \"192.168.34.10\"\n - name: \"NODE_master_1_ETCD_NAME\"\n value: \"master-1\"\n - name: \"NODE_master_1_ETCD_URL_HOST\"\n value: \"192.168.34.11\"\n - name: \"NODE_master_1_IP\"\n value: \"192.168.34.11\"\n \ - name: \"NODE_master_2_ETCD_NAME\"\n value: \"master-2\"\n - name: \"NODE_master_2_ETCD_URL_HOST\"\n value: \"192.168.34.12\"\n - name: \"NODE_master_2_IP\"\n value: \"192.168.34.12\"\n volumeMounts:\n \ - mountPath: /etc/kubernetes/static-pod-certs\n name: cert-dir\n hostNetwork: true\n priorityClassName: system-node-critical\n tolerations:\n - operator: \"Exists\"\n volumes:\n - hostPath:\n path: /etc/kubernetes/manifests\n \ name: static-pod-dir\n - hostPath:\n path: /etc/kubernetes/static-pod-resources/etcd-certs\n \ name: cert-dir\n - hostPath:\n path: /var/lib/etcd\n type: \"\"\n name: data-dir\n - hostPath:\n path: /var/lib/etcd-backup\n \ type: \"\"\n name: backup-dir\n" version: 4.18.0-202509240837.p2.g0f87d4a.assembly.stream.el9-0f87d4a kind: ConfigMap metadata: creationTimestamp: "2025-10-11T10:28:42Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:forceRedeploymentReason: {} f:pod.yaml: {} f:quorum-restore-pod.yaml: {} f:version: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:41:51Z" name: restore-etcd-pod namespace: openshift-etcd resourceVersion: "22073" uid: d90fa06d-ccff-4bc9-83a8-bea66163508c - apiVersion: v1 data: reason: required configmap/etcd-pod has changed revision: "10" kind: ConfigMap metadata: annotations: operator.openshift.io/revision-ready: "true" creationTimestamp: "2025-10-11T10:41:54Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:reason: {} f:revision: {} f:metadata: f:annotations: .: {} f:operator.openshift.io/revision-ready: {} f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:42:03Z" name: revision-status-10 namespace: openshift-etcd resourceVersion: "22192" uid: 454be649-df0f-4169-8ab6-2610cf2907c9 - apiVersion: v1 data: reason: required configmap/etcd-pod has changed revision: "6" kind: ConfigMap metadata: annotations: operator.openshift.io/revision-ready: "true" creationTimestamp: "2025-10-11T10:38:52Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:reason: {} f:revision: {} f:metadata: f:annotations: .: {} f:operator.openshift.io/revision-ready: {} f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:39:01Z" name: revision-status-6 namespace: openshift-etcd resourceVersion: "19499" uid: 851e3dc1-74bc-4b3b-8e17-3db716f22d4e - apiVersion: v1 data: reason: required secret/etcd-all-certs has changed revision: "7" kind: ConfigMap metadata: annotations: operator.openshift.io/revision-ready: "true" creationTimestamp: "2025-10-11T10:39:16Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:reason: {} f:revision: {} f:metadata: f:annotations: .: {} f:operator.openshift.io/revision-ready: {} f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:39:24Z" name: revision-status-7 namespace: openshift-etcd resourceVersion: "19715" uid: 8cfe7c69-6292-463b-8d19-70e1b5629297 - apiVersion: v1 data: reason: required configmap/etcd-pod has changed revision: "8" kind: ConfigMap metadata: annotations: operator.openshift.io/revision-ready: "true" creationTimestamp: "2025-10-11T10:39:26Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:reason: {} f:revision: {} f:metadata: f:annotations: .: {} f:operator.openshift.io/revision-ready: {} f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:39:35Z" name: revision-status-8 namespace: openshift-etcd resourceVersion: "19892" uid: 62c9648e-b3fc-4f81-b4c7-df4c8d8ae36d - apiVersion: v1 data: reason: required configmap/etcd-endpoints has changed revision: "9" kind: ConfigMap metadata: annotations: operator.openshift.io/revision-ready: "true" creationTimestamp: "2025-10-11T10:41:43Z" labels: operator.openshift.io/controller-instance-name: etcd-RevisionController managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:reason: {} f:revision: {} f:metadata: f:annotations: .: {} f:operator.openshift.io/revision-ready: {} f:labels: .: {} f:operator.openshift.io/controller-instance-name: {} manager: cluster-etcd-operator operation: Update time: "2025-10-11T10:41:52Z" name: revision-status-9 namespace: openshift-etcd resourceVersion: "22086" uid: 6f5fd341-70d0-4ee2-916b-4a40010e4337 kind: ConfigMapList metadata: resourceVersion: "64409"