first commit. almost all claude. now time to review

1 files changed, 45 insertions, 0 deletions

diff --git a/systemd/etcd.service b/systemd/etcd.service
new file mode 100644
index 0000000..831d3eb
--- /dev/null
+++ b/systemd/etcd.service
@@ -0,0 +1,45 @@
+[Unit]
+Description=etcd key-value store
+Documentation=https://etcd.io/docs/
+After=network.target cluster-detect.service
+Before=kube-apiserver.service
+
+[Service]
+Type=notify
+EnvironmentFile=/etc/cluster-config/environment/etcd.env
+ExecStartPre=/usr/local/bin/etcd-config-generator.sh
+ExecStart=/usr/bin/etcd \
+  --name=${ETCD_NAME} \
+  --data-dir=/var/lib/etcd \
+  --listen-client-urls=https://${NODE_IP}:2379,https://127.0.0.1:2379 \
+  --advertise-client-urls=https://${NODE_IP}:2379 \
+  --listen-peer-urls=https://${NODE_IP}:2380 \
+  --initial-advertise-peer-urls=https://${NODE_IP}:2380 \
+  --initial-cluster=${ETCD_INITIAL_CLUSTER} \
+  --initial-cluster-token=etcd-cluster \
+  --initial-cluster-state=new \
+  --cert-file=/etc/kubernetes/pki/etcd/server.crt \
+  --key-file=/etc/kubernetes/pki/etcd/server.key \
+  --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt \
+  --peer-key-file=/etc/kubernetes/pki/etcd/peer.key \
+  --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt \
+  --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt \
+  --peer-client-cert-auth \
+  --client-cert-auth \
+  --snapshot-count=10000 \
+  --heartbeat-interval=100 \
+  --election-timeout=1000
+
+Restart=always
+RestartSec=10
+
+# Security
+NoNewPrivileges=true
+ProtectHome=true
+ProtectSystem=strict
+ReadWritePaths=/var/lib/etcd
+
+LimitNOFILE=65536
+
+[Install]
+WantedBy=kubernetes-master.target