improbable-eng · FlorinPeter · Nov 6, 2020
diff --git a/api/v1alpha1/etcdcluster_types.go b/api/v1alpha1/etcdcluster_types.go
@@ -26,6 +26,9 @@ type EtcdClusterSpec struct {
 	// rejected.
 	// +optional
 	PodTemplate *EtcdPodTemplateSpec `json:"podTemplate,omitempty"`
+
+	// TLS configuration
+	TLS *TLS `json:"tls,omitempty"`
 }
 
 // EtcdPodTemplateSpec supports a subset of a normal `v1/PodTemplateSpec` that the operator explicitly permits. We don't
@@ -44,6 +47,10 @@ type EtcdPodTemplateSpec struct {
 	// Affinity is the affinity scheduling rules to be applied to the underlying pods.
 	// +optional
 	Affinity *corev1.Affinity `json:"affinity,omitempty"`
+
+	// Tolerations is the allowed taints that the deployment tolerates on nodes.
+	// +optional
+	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
 }
 
 // EtcdPodTemplateObjectMeta supports a subset of the features of a normal ObjectMeta. In particular the ones we allow.
@@ -64,6 +71,15 @@ type EtcdMember struct {
 	ID string `json:"id"`
 }
 
+// TLS configuration for a secure cluster
+type TLS struct {
+
+	// Enabled allows to setup a secure cluster
+	// +optional
+	Enabled bool `json:"enabled,omitempty"`
+}
+
+
 // EtcdClusterStatus defines the observed state of EtcdCluster
 type EtcdClusterStatus struct {
 	// Replicas is the number of etcd peer resources we are managing. This doesn't mean the number of pods that exist
@@ -80,6 +96,10 @@ type EtcdClusterStatus struct {
 	// ClusterVersion contains the cluster API version
 	// +optional
 	ClusterVersion string `json:"clusterVersion"`
+
+	// TLS configuration
+	// +optional
+	TLSEnabled bool `json:"tlsEnabled"`
 }
 
 // +kubebuilder:object:root=true

diff --git a/api/v1alpha1/etcdpeer_types.go b/api/v1alpha1/etcdpeer_types.go
@@ -76,6 +76,9 @@ type EtcdPeerSpec struct {
 	// names starting with `etcd.improbable.io`, and pod templates containing these are considered invalid and will be
 	// rejected.
 	PodTemplate *EtcdPodTemplateSpec `json:"podTemplate,omitempty"`
+
+	// TLS configuration
+	TLS *TLS `json:"tls,omitempty"`
 }
 
 // EtcdPeerStorage defines the desired storage for an EtcdPeer
@@ -92,6 +95,10 @@ type EtcdPeerStorage struct {
 type EtcdPeerStatus struct {
 	// ServerVersion contains the Member server version
 	ServerVersion string `json:"serverVersion"`
+
+	// TLS configuration
+	// +optional
+	TLSEnabled bool `json:"tlsEnabled"`
 }
 
 // +kubebuilder:object:root=true

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/etcd.improbable.io_etcdclusters.yaml b/config/crd/bases/etcd.improbable.io_etcdclusters.yaml
diff --git a/config/crd/bases/etcd.improbable.io_etcdpeers.yaml b/config/crd/bases/etcd.improbable.io_etcdpeers.yaml
diff --git a/config/crd/bases/etcd.improbable.io_etcdrestores.yaml b/config/crd/bases/etcd.improbable.io_etcdrestores.yaml
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
diff --git a/config/samples/etcd_v1alpha1_etcdcluster_tls_v3.yaml b/config/samples/etcd_v1alpha1_etcdcluster_tls_v3.yaml
@@ -0,0 +1,35 @@
+apiVersion: etcd.improbable.io/v1alpha1
+kind: EtcdCluster
+metadata:
+  name: my-cluster
+spec:
+  replicas: 3
+  version: 3.3.25
+  tls:
+    enabled: true
+  storage:
+    volumeClaimTemplate:
+      storageClassName: standard
+      resources:
+        requests:
+          storage: 1Mi
+  podTemplate:
+    resources:
+      requests:
+        cpu: 200m
+        memory: 200Mi
+      limits:
+        cpu: 200m
+        memory: 200Mi
+    affinity:
+      podAntiAffinity:
+        preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                  - key: etcd.improbable.io/cluster-name
+                    operator: In
+                    values:
+                      - my-cluster
+              topologyKey: kubernetes.io/hostname