Upgrade intel pod 15 to Airship 1.8

Depends: https://gerrit.opnfv.org/gerrit/c/airship/+/70158 Change-Id: Ic9b8a56de430d02f2f21e053a40c9c29ab40433f Signed-off-by: James Gu <james.gu@att.com>
author: James Gu <james.gu@att.com> 2020-09-30 16:06:14 -0700
committer: James Gu <james.gu@att.com> 2020-10-05 14:33:43 -0700
commit: c700639e5a29b1907976519918969b752d5be1e7 (patch)
tree: 4d779c4ac7cc76190df43a1df74c2b718804ff11 /site/intel-pod15/software/charts/kubernetes
parent: da4f1540dec64779c01f7d0258b1a748ace9b131 (diff)
3 files changed, 135 insertions, 258 deletions
diff --git a/site/intel-pod15/software/charts/kubernetes/container-networking/etcd.yaml b/site/intel-pod15/software/charts/kubernetes/container-networking/etcd.yaml
deleted file mode 100644
index 4776953..0000000
--- a/site/intel-pod15/software/charts/kubernetes/container-networking/etcd.yaml
+++ /dev/null
@@ -1,127 +0,0 @@
----
-# The purpose of this file is to build the list of calico etcd nodes and the
-# calico etcd certs for those nodes in the environment.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-calico-etcd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: kubernetes-calico-etcd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    # Generate a list of control plane nodes (i.e. genesis node + master node
-    # list) on which calico etcd will run and will need certs. It is assumed
-    # that Airship sites will have 3 control plane nodes, so this should not need to
-    # change for a new site.
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .genesis.hostname
-      dest:
-        path: .values.nodes[0].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[0].hostname
-      dest:
-        path: .values.nodes[1].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[1].hostname
-      dest:
-        path: .values.nodes[2].name
-
-    # Certificate substitutions for the node names assembled on the above list.
-    # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
-    # to change with a standard Airship deployment. However, the names of each
-    # deckhand certficiate should be updated with the correct hostnames for your
-    # environment. The ordering is important (Genesis is index 0, then master
-    # nodes in the order they are specified in common-addresses).
-
-    # Genesis hostname - pod15-node1
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-pod15-node1
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-pod15-node1
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-pod15-node1-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-pod15-node1-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.key
-
-    # master node 1 hostname - pod15-node2
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-pod15-node2
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-pod15-node2
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-pod15-node2-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-pod15-node2-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.key
-
-    # master node 2 hostname - pod15-node3
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-pod15-node3
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-pod15-node3
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-pod15-node3-peer
-        path: .
-      dest:
-        path: .values.nodes[2].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-pod15-node3-peer
-        path: .
-      dest:
-        path: .values.nodes[2].tls.peer.key
-
-data: {}
-...
diff --git a/site/intel-pod15/software/charts/kubernetes/container-networking/policies.yaml b/site/intel-pod15/software/charts/kubernetes/container-networking/policies.yaml
new file mode 100644
index 0000000..c6a4f85
--- /dev/null
+++ b/site/intel-pod15/software/charts/kubernetes/container-networking/policies.yaml
@@ -0,0 +1,135 @@
+---
+schema: nc/Policy/v1
+metadata:
+  schema: metadata/Document/v1
+  name: site-policy
+  labels:
+    name: site-policy
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: type-policy
+    actions:
+    - method: merge
+      path: .
+  storagePolicy: cleartext
+data:
+  policy:
+    sitelevel:
+      priority: 5
+      rules: []
+    hostendpoints:
+      priority: 9
+      rules:
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod15-node1-oam
+          labels:
+            host: nc-control
+            intf-alias: oam
+        spec:
+          interfaceName: dmz.150
+          node: pod15-node1
+          expectedIPs:
+          - 10.10.150.21
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod15-node1-ksn
+          labels:
+            host: nc-control
+            intf-alias: ksn
+        spec:
+          interfaceName: data1.152
+          node: pod15-node1
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod15-node2-oam
+          labels:
+            host: nc-control
+            intf-alias: oam
+        spec:
+          interfaceName: dmz.150
+          node: pod15-node2
+          expectedIPs:
+          - 10.10.150.22
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod15-node2-ksn
+          labels:
+            host: nc-control
+            intf-alias: ksn
+        spec:
+          interfaceName: data1.152
+          node: pod15-node2
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod15-node3-oam
+          labels:
+            host: nc-control
+            intf-alias: oam
+        spec:
+          interfaceName: dmz.150
+          node: pod15-node3
+          expectedIPs:
+          - 10.10.150.23
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod15-node3-ksn
+          labels:
+            host: nc-control
+            intf-alias: ksn
+        spec:
+          interfaceName: data1.152
+          node: pod15-node3
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod15-node4-oam
+          labels:
+            host: nc-compute
+            intf-alias: oam
+        spec:
+          interfaceName: dmz.150
+          node: pod15-node4
+          expectedIPs:
+          - 10.10.150.24
+      - apiVersion: projectcalico.org/v3
+        kind: HostEndpoint
+        metadata:
+          name: pod15-node4-ksn
+          labels:
+            host: nc-compute
+            intf-alias: ksn
+        spec:
+          interfaceName: data1.152
+          node: pod15-node4
+#      - apiVersion: projectcalico.org/v3
+#        kind: HostEndpoint
+#        metadata:
+#          name: pod15-node5-oam
+#          labels:
+#            host: nc-compute
+#            intf-alias: oam
+#        spec:
+#          interfaceName: dmz.150
+#          node: pod15-node5
+#          expectedIPs:
+#          - 10.10.150.25
+#      - apiVersion: projectcalico.org/v3
+#        kind: HostEndpoint
+#        metadata:
+#          name: pod15-node5-ksn
+#          labels:
+#            host: nc-compute
+#            intf-alias: ksn
+#        spec:
+#          interfaceName: data1.152
+#          node: pod15-node5
+...
diff --git a/site/intel-pod15/software/charts/kubernetes/etcd/etcd.yaml b/site/intel-pod15/software/charts/kubernetes/etcd/etcd.yaml
deleted file mode 100644
index a0dda4c..0000000
--- a/site/intel-pod15/software/charts/kubernetes/etcd/etcd.yaml
+++ /dev/null
@@ -1,131 +0,0 @@
----
-# The purpose of this file is to build the list of k8s etcd nodes and the
-# k8s etcd certs for those nodes in the environment.
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-etcd
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: kubernetes-etcd-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-  substitutions:
-    # Generate a list of control plane nodes (i.e. genesis node + master node
-    # list) on which k8s etcd will run and will need certs. It is assumed
-    # that Airship sites will have 3 control plane nodes, so this should not need to
-    # change for a new site.
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .genesis.hostname
-      dest:
-        path: .values.nodes[0].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[0].hostname
-      dest:
-        path: .values.nodes[1].name
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[1].hostname
-      dest:
-        path: .values.nodes[2].name
-
-    # Certificate substitutions for the node names assembled on the above list.
-    # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
-    # to change with a standard Airship deployment. However, the names of each
-    # deckhand certficiate should be updated with the correct hostnames for your
-    # environment. The ordering is important (Genesis is index 0, then master
-    # nodes in the order they are specified in common-addresses).
-
-    # Genesis Exception*
-    # *NOTE: This is an exception in that `genesis` is not the hostname of the
-    # genesis node, but `genesis` is reference here in the certificate names
-    # because of certain Promenade assumptions that may be addressed in the
-    # future. Therefore `genesis` is used instead of `pod15-node1` here.
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-genesis
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-genesis
-        path: .
-      dest:
-        path: .values.nodes[0].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-genesis-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-genesis-peer
-        path: .
-      dest:
-        path: .values.nodes[0].tls.peer.key
-
-    # master node 1 hostname - pod15-node2
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-pod15-node2
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-pod15-node2
-        path: .
-      dest:
-        path: .values.nodes[1].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-pod15-node2-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-pod15-node2-peer
-        path: .
-      dest:
-        path: .values.nodes[1].tls.peer.key
-
-    # master node 2 hostname - pod15-node3
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-pod15-node3
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-pod15-node3
-        path: .
-      dest:
-        path: .values.nodes[2].tls.client.key
-    - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-pod15-node3-peer
-        path: .
-      dest:
-        path: .values.nodes[2].tls.peer.cert
-    - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-pod15-node3-peer
-        path: $
-      dest:
-        path: .values.nodes[2].tls.peer.key
-
-data: {}
-...
author	James Gu <james.gu@att.com>	2020-09-30 16:06:14 -0700
committer	James Gu <james.gu@att.com>	2020-10-05 14:33:43 -0700
commit	c700639e5a29b1907976519918969b752d5be1e7 (patch)
tree	4d779c4ac7cc76190df43a1df74c2b718804ff11 /site/intel-pod15/software/charts/kubernetes
parent	da4f1540dec64779c01f7d0258b1a748ace9b131 (diff)