github.com/cockroachdb/cockroach@v20.2.0-alpha.1+incompatible/cloud/kubernetes/v1.7/cluster-init-secure.yaml (about) 1 apiVersion: batch/v1 2 kind: Job 3 metadata: 4 name: cluster-init-secure 5 labels: 6 app: cockroachdb 7 spec: 8 template: 9 spec: 10 serviceAccountName: cockroachdb 11 initContainers: 12 # The init-certs container sends a certificate signing request to the 13 # kubernetes cluster. 14 # You can see pending requests using: kubectl get csr 15 # CSRs can be approved using: kubectl certificate approve <csr name> 16 # 17 # In addition to the client certificate and key, the init-certs entrypoint will symlink 18 # the cluster CA to the certs directory. 19 - name: init-certs 20 image: cockroachdb/cockroach-k8s-request-cert:0.4 21 imagePullPolicy: IfNotPresent 22 command: 23 - "/bin/ash" 24 - "-ecx" 25 - "/request-cert -namespace=${POD_NAMESPACE} -certs-dir=/cockroach-certs -type=client -user=root -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" 26 env: 27 - name: POD_NAMESPACE 28 valueFrom: 29 fieldRef: 30 fieldPath: metadata.namespace 31 volumeMounts: 32 - name: client-certs 33 mountPath: /cockroach-certs 34 containers: 35 - name: cluster-init 36 image: cockroachdb/cockroach:v20.1.1 37 imagePullPolicy: IfNotPresent 38 volumeMounts: 39 - name: client-certs 40 mountPath: /cockroach-certs 41 command: 42 - "/cockroach/cockroach" 43 - "init" 44 - "--certs-dir=/cockroach-certs" 45 - "--host=cockroachdb-0.cockroachdb" 46 restartPolicy: OnFailure 47 volumes: 48 - name: client-certs 49 emptyDir: {}