Merge pull request #108 from embik/istio-ready

Make etcd service more Istio-friendly
kcp-dev · Oct 7, 2024 · b2de66f · b2de66f
2 parents 6fbb5af + c64a6db
commit b2de66f
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 0 deletions.
diff --git a/charts/kcp/templates/etcd-certificates.yaml b/charts/kcp/templates/etcd-certificates.yaml
@@ -29,6 +29,11 @@ spec:
     - {{ include "etcd.fullname" . }}-2.{{ include "etcd.fullname" . }}
   ipAddresses:
     - 0.0.0.0
+    {{- with .Values.certificates.ipAddresses }}
+    {{- range $ip := . }}
+    - {{ $ip }}
+    {{- end }}
+    {{- end }}
   issuerRef:
     name: {{ include "etcd.fullname" . }}-client-issuer
 
@@ -62,6 +67,11 @@ spec:
     - {{ include "etcd.fullname" . }}-2.{{ include "etcd.fullname" . }}
   ipAddresses:
     - 0.0.0.0
+    {{- with .Values.certificates.ipAddresses }}
+    {{- range $ip := . }}
+    - {{ $ip }}
+    {{- end }}
+    {{- end }}
   issuerRef:
     name: {{ include "etcd.fullname" . }}-peer-issuer
 {{- end }}
diff --git a/charts/kcp/templates/etcd-statefulset.yaml b/charts/kcp/templates/etcd-statefulset.yaml
@@ -11,8 +11,10 @@ spec:
   ports:
     - port: 2379
       name: client
+      appProtocol: https
     - port: 2380
       name: peer
+      appProtocol: https
   selector:
     {{- include "common.labels.selector" . | nindent 4 }}
     app.kubernetes.io/component: "etcd"

diff --git a/charts/kcp/values.yaml b/charts/kcp/values.yaml
@@ -240,6 +240,8 @@ certificates:
   # add additional dns names that should be embedded into the kcp server certificate.
   dnsNames:
   - localhost
+  # additional ip addresses to be embedded in the etcd server and peer certs. Can be useful e.g. when using Istio you can pass "127.0.0.6" so the sidecar IP is included.
+  ipAddresses: []
 letsEncrypt:
   enabled: false
   staging: