apiVersion: v1
kind: Pod
metadata:
  labels:
    component: etcd
    tier: control-plane
  name: etcd
  namespace: kube-system
spec:
  containers:
    - command:
        - etcd
        - --advertise-client-urls=https://10.10.12.5:2379
        - --cert-file=/etc/kubernetes/pki/etcd/server.crt
        - --client-cert-auth=true
        - --data-dir=/var/lib/etcd
        - --experimental-initial-corrupt-check=true
        - --experimental-watch-progress-notify-interval=5s
        - --initial-advertise-peer-urls=https://10.10.12.5:2380
        - --initial-cluster=s2-worker-1=https://10.10.12.5:2380,s2-master-1=https://10.10.12.3:2380,
        - --initial-cluster-state=existing
        - --key-file=/etc/kubernetes/pki/etcd/server.key
        - --listen-client-urls=https://127.0.0.1:2379,https://10.10.12.5:2379
        - --listen-metrics-urls=http://127.0.0.1:2381
        - --listen-peer-urls=https://10.10.12.5:2380
        - --name=s2-worker-1
        - --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt
        - --peer-client-cert-auth=true
        - --peer-key-file=/etc/kubernetes/pki/etcd/peer.key
        - --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
        - --snapshot-count=10000
        - --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
      image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/thirdparty/registry.k8s.io/etcd:3.5.6-0
      name: etcd
      imagePullPolicy: IfNotPresent
      livenessProbe:
        failureThreshold: 8
        initialDelaySeconds: 10
        timeoutSeconds: 15
        periodSeconds: 10
        httpGet:
          host: 127.0.0.1
          path: /health?exclude=NOSPACE&serializable=true
          port: 2381
          scheme: HTTP
      startupProbe:
        failureThreshold: 24
        initialDelaySeconds: 10
        timeoutSeconds: 15
        periodSeconds: 10
        httpGet:
          host: 127.0.0.1
          path: /health?exclude=NOSPACE&serializable=true
          port: 2381
          scheme: HTTP
      volumeMounts:
        - name: etcd-data
          mountPath: /var/lib/etcd
        - name: etcd-certs
          mountPath: /etc/kubernetes/pki/etcd
      resources:
        requests:
          cpu: 100m
          memory: 100Mi
  initContainers:
    - command:
        - kube-apiserver
        - --version
      image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/thirdparty/registry.k8s.io/kube-apiserver:v1.26.3
      name: init-apiserver-image
    - command:
        - kube-controller-manager
        - --version
      image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/thirdparty/registry.k8s.io/kube-controller-manager:v1.26.3
      name: init-kube-controller-manager-image
  volumes:
    - name: etcd-certs
      hostPath:
        path: /etc/kubernetes/pki/etcd
        type: Directory
    - name: etcd-data
      hostPath:
        path: /var/lib/etcd
        type: DirectoryOrCreate
  hostNetwork: true
  securityContext:
    seccompProfile:
      type: RuntimeDefault
  priorityClassName: system-node-critical