rancher-partner-charts/charts/clastix/kamaji/templates/etcd_job_postinstall.yaml

{{- if .Values.etcd.deploy }}
apiVersion: batch/v1
kind: Job
metadata:
  labels:
    {{- include "etcd.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": post-install
    "helm.sh/hook-weight": "-5"
    "helm.sh/hook-delete-policy": "hook-succeeded,hook-failed"
  name: "{{ .Release.Name }}-etcd-setup"
  namespace: {{ .Release.Namespace }}
spec:
  template:
    metadata:
      name: "{{ .Release.Name }}"
    spec:
      serviceAccountName: {{ include "etcd.serviceAccountName" . }}
      restartPolicy: Never
      initContainers:
        - name: kubectl
          image: {{ printf "clastix/kubectl:%s" (include "etcd.jobsTagKubeVersion" .) }}
          command:
            - sh
            - -c
            - |-
              kubectl --namespace={{ .Release.Namespace }} rollout status sts/etcd --timeout=300s              
      containers:
        - command:
            - bash
            - -c
            - |-
              etcdctl member list -w table &&
              etcdctl user add --no-password=true root &&
              etcdctl role add root &&
              etcdctl user grant-role root root &&
              etcdctl auth enable              
          env:
            - name: ETCDCTL_ENDPOINTS
              value: https://etcd-0.{{ include "etcd.serviceName" . }}.{{ .Release.Namespace }}.svc.cluster.local:2379
            - name: ETCDCTL_CACERT
              value: /opt/certs/ca/ca.crt
            - name: ETCDCTL_CERT
              value: /opt/certs/root-certs/tls.crt
            - name: ETCDCTL_KEY
              value: /opt/certs/root-certs/tls.key
          image: quay.io/coreos/etcd:v3.5.1
          imagePullPolicy: Always
          name: etcd-client
          volumeMounts:
            - name: root-certs
              mountPath: /opt/certs/root-certs
            - name: certs
              mountPath: /opt/certs/ca
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
      volumes:
        - name: root-certs
          secret:
            secretName: {{ include "etcd.clientSecretName" . }}
        - name: certs
          secret:
            secretName: {{ include "etcd.caSecretName" . }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
{{- end }}