Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-16 06:47:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
5534f5eee7e03b06679909fe43b24e415b96f16a
charts/bitnami/etcd/templates/NOTES.txt
juan131 e5776f95aa [bitnami/elasticsearch] Lint chart 
Signed-off-by: juan131 <juan@bitnami.com>
2019-11-18 17:01:40 +01:00

92 lines
4.5 KiB
Plaintext
Raw Blame History

{{- if contains .Values.service.type "LoadBalancer" }}
{{- if .Values.allowNoneAuthentication }}
-------------------------------------------------------------------------------
WARNING
By specifying "service.type=LoadBalancer" and "allowNoneAuthentication=true" you
have most likely exposed the etcd service externally without any authentication
mechanism.
For security reasons, we strongly suggest that you switch to "ClusterIP" or
"NodePort". As alternative, you can also switch to "usePassword=true"
providing a valid password on "password" parameter.
-------------------------------------------------------------------------------
{{- end }}
{{- end }}
** Please be patient while the chart is being deployed **
etcd can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster:
{{ template "etcd.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
To set a key run the following command:
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "etcd.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl exec -it $POD_NAME -- etcdctl put /message Hello
To get a key run the following command:
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "etcd.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl exec -it $POD_NAME -- etcdctl get /message
To connect to your etcd server from outside the cluster execute the following commands:
{{- if contains "NodePort" .Values.service.type }}
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "etcd.fullname" . }})
echo "etcd URL: http://$NODE_IP:$NODE_PORT/"
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "etcd.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "etcd.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo "etcd URL: http://$SERVICE_IP:{{ .Values.service.port }}/"
{{- else if contains "ClusterIP" .Values.service.type }}
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "etcd.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} &
echo "etcd URL: http://127.0.0.1:{{ .Values.service.port }}"
{{- end }}
{{- if .Values.auth.rbac.enabled }}
* As rbac is enabled you should add the flag `--user root:$ETCD_ROOT_PASSWORD` to the etcdctl commands. Use the command below to export the password:
export ETCD_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "etcd.fullname" . }} -o jsonpath="{.data.etcd-root-password}" | base64 --decode)
{{- end }}
{{- if .Values.auth.client.secureTransport }}
{{- if .Values.auth.client.useAutoTLS }}
* As TLS is enabled you should add the flag `--cert-file {{ template "etcd.dataDir" . }}/fixtures/client/cert.pem --key-file {{ template "etcd.dataDir" .}}/fixtures/client/key.pem` to the etcdctl commands.
{{- else }}
* As TLS is enabled you should add the flag `--cert-file /opt/bitnami/etcd/certs/client/cert.pem --key-file /opt/bitnami/etcd/certs/client/key.pem` to the etcdctl commands.
{{- end }}
* You should also export a proper etcdctl endpoint using the https schema. Eg.
export ETCDCTL_ENDPOINTS=https://{{ template "etcd.fullname" . }}-0:{{ .Values.service.port }}
{{- end }}
{{- if .Values.auth.client.enableAuthentication }}
* As TLS host authentication is enabled you should add the flag `--ca-file /opt/bitnami/etcd/certs/client/ca.crt` to the etcdctl commands.
{{- end }}
{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}
{{ include "etcd.validateValues" . }}
Reference in New Issue View Git Blame Copy Permalink