summaryrefslogtreecommitdiffstats
path: root/site/intel-pod17/software/charts/kubernetes
diff options
context:
space:
mode:
authorJames Gu <james.gu@att.com>2020-05-04 13:57:29 -0700
committerJames Gu <james.gu@att.com>2020-10-05 21:25:18 +0000
commitda4f1540dec64779c01f7d0258b1a748ace9b131 (patch)
tree47856f75607849dc848dadcbcb1a7d048f91f7f7 /site/intel-pod17/software/charts/kubernetes
parent05686a28172cd3e79c71987cf495e0e67e064eb1 (diff)
Treasuremap 1.8 integration
Upgrade pod 17 to Treasuremap 1.8 prime for CNTT RI-1. Added deploy script enhancement to include pregenesis, certs, and wrapper for shipyard cli command. Added clean-genesis script to properly clean genesis node for redeployment. Signed-off-by: James Gu <james.gu@att.com> Change-Id: I4c150ef216d5eb631a0980c72b3c6c80a55788d0 Signed-off-by: James Gu <james.gu@att.com>
Diffstat (limited to 'site/intel-pod17/software/charts/kubernetes')
-rw-r--r--site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml127
-rw-r--r--site/intel-pod17/software/charts/kubernetes/container-networking/policies.yaml135
-rw-r--r--site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml131
3 files changed, 135 insertions, 258 deletions
diff --git a/site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml b/site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml
deleted file mode 100644
index 8d397e4..0000000
--- a/site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml
+++ /dev/null
@@ -1,127 +0,0 @@
----
-# The purpose of this file is to build the list of calico etcd nodes and the
-# calico etcd certs for those nodes in the environment.
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-calico-etcd
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: kubernetes-calico-etcd-global
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
- substitutions:
- # Generate a list of control plane nodes (i.e. genesis node + master node
- # list) on which calico etcd will run and will need certs. It is assumed
- # that Airship sites will have 3 control plane nodes, so this should not need to
- # change for a new site.
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .genesis.hostname
- dest:
- path: .values.nodes[0].name
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .masters[0].hostname
- dest:
- path: .values.nodes[1].name
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .masters[1].hostname
- dest:
- path: .values.nodes[2].name
-
- # Certificate substitutions for the node names assembled on the above list.
- # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
- # to change with a standard Airship deployment. However, the names of each
- # deckhand certficiate should be updated with the correct hostnames for your
- # environment. The ordering is important (Genesis is index 0, then master
- # nodes in the order they are specified in common-addresses).
-
- # Genesis hostname - pod17-node1
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-pod17-node1
- path: .
- dest:
- path: .values.nodes[0].tls.client.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-pod17-node1
- path: .
- dest:
- path: .values.nodes[0].tls.client.key
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-pod17-node1-peer
- path: .
- dest:
- path: .values.nodes[0].tls.peer.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-pod17-node1-peer
- path: .
- dest:
- path: .values.nodes[0].tls.peer.key
-
- # master node 1 hostname - pod17-node2
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-pod17-node2
- path: .
- dest:
- path: .values.nodes[1].tls.client.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-pod17-node2
- path: .
- dest:
- path: .values.nodes[1].tls.client.key
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-pod17-node2-peer
- path: .
- dest:
- path: .values.nodes[1].tls.peer.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-pod17-node2-peer
- path: .
- dest:
- path: .values.nodes[1].tls.peer.key
-
- # master node 2 hostname - pod17-node3
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-pod17-node3
- path: .
- dest:
- path: .values.nodes[2].tls.client.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-pod17-node3
- path: .
- dest:
- path: .values.nodes[2].tls.client.key
- - src:
- schema: deckhand/Certificate/v1
- name: calico-etcd-pod17-node3-peer
- path: .
- dest:
- path: .values.nodes[2].tls.peer.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: calico-etcd-pod17-node3-peer
- path: .
- dest:
- path: .values.nodes[2].tls.peer.key
-
-data: {}
-...
diff --git a/site/intel-pod17/software/charts/kubernetes/container-networking/policies.yaml b/site/intel-pod17/software/charts/kubernetes/container-networking/policies.yaml
new file mode 100644
index 0000000..1d34c8a
--- /dev/null
+++ b/site/intel-pod17/software/charts/kubernetes/container-networking/policies.yaml
@@ -0,0 +1,135 @@
+---
+schema: nc/Policy/v1
+metadata:
+ schema: metadata/Document/v1
+ name: site-policy
+ labels:
+ name: site-policy
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: type-policy
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ policy:
+ sitelevel:
+ priority: 5
+ rules: []
+ hostendpoints:
+ priority: 9
+ rules:
+ - apiVersion: projectcalico.org/v3
+ kind: HostEndpoint
+ metadata:
+ name: pod17-node1-oam
+ labels:
+ host: nc-control
+ intf-alias: oam
+ spec:
+ interfaceName: dmz.170
+ node: pod17-node1
+ expectedIPs:
+ - 10.10.170.21
+ - apiVersion: projectcalico.org/v3
+ kind: HostEndpoint
+ metadata:
+ name: pod17-node1-ksn
+ labels:
+ host: nc-control
+ intf-alias: ksn
+ spec:
+ interfaceName: data1.172
+ node: pod17-node1
+ - apiVersion: projectcalico.org/v3
+ kind: HostEndpoint
+ metadata:
+ name: pod17-node2-oam
+ labels:
+ host: nc-control
+ intf-alias: oam
+ spec:
+ interfaceName: dmz.170
+ node: pod17-node2
+ expectedIPs:
+ - 10.10.170.22
+ - apiVersion: projectcalico.org/v3
+ kind: HostEndpoint
+ metadata:
+ name: pod17-node2-ksn
+ labels:
+ host: nc-control
+ intf-alias: ksn
+ spec:
+ interfaceName: data1.172
+ node: pod17-node2
+ - apiVersion: projectcalico.org/v3
+ kind: HostEndpoint
+ metadata:
+ name: pod17-node3-oam
+ labels:
+ host: nc-control
+ intf-alias: oam
+ spec:
+ interfaceName: dmz.170
+ node: pod17-node3
+ expectedIPs:
+ - 10.10.170.23
+ - apiVersion: projectcalico.org/v3
+ kind: HostEndpoint
+ metadata:
+ name: pod17-node3-ksn
+ labels:
+ host: nc-control
+ intf-alias: ksn
+ spec:
+ interfaceName: data1.172
+ node: pod17-node3
+ - apiVersion: projectcalico.org/v3
+ kind: HostEndpoint
+ metadata:
+ name: pod17-node4-oam
+ labels:
+ host: nc-compute
+ intf-alias: oam
+ spec:
+ interfaceName: dmz.170
+ node: pod17-node4
+ expectedIPs:
+ - 10.10.170.24
+ - apiVersion: projectcalico.org/v3
+ kind: HostEndpoint
+ metadata:
+ name: pod17-node4-ksn
+ labels:
+ host: nc-compute
+ intf-alias: ksn
+ spec:
+ interfaceName: data1.172
+ node: pod17-node4
+ - apiVersion: projectcalico.org/v3
+ kind: HostEndpoint
+ metadata:
+ name: pod17-node5-oam
+ labels:
+ host: nc-compute
+ intf-alias: oam
+ spec:
+ interfaceName: dmz.170
+ node: pod17-node5
+ expectedIPs:
+ - 10.10.170.25
+ - apiVersion: projectcalico.org/v3
+ kind: HostEndpoint
+ metadata:
+ name: pod17-node5-ksn
+ labels:
+ host: nc-compute
+ intf-alias: ksn
+ spec:
+ interfaceName: data1.172
+ node: pod17-node5
+...
diff --git a/site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml b/site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml
deleted file mode 100644
index dd24889..0000000
--- a/site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml
+++ /dev/null
@@ -1,131 +0,0 @@
----
-# The purpose of this file is to build the list of k8s etcd nodes and the
-# k8s etcd certs for those nodes in the environment.
-schema: armada/Chart/v1
-metadata:
- schema: metadata/Document/v1
- name: kubernetes-etcd
- layeringDefinition:
- abstract: false
- layer: site
- parentSelector:
- name: kubernetes-etcd-global
- actions:
- - method: merge
- path: .
- storagePolicy: cleartext
- substitutions:
- # Generate a list of control plane nodes (i.e. genesis node + master node
- # list) on which k8s etcd will run and will need certs. It is assumed
- # that Airship sites will have 3 control plane nodes, so this should not need to
- # change for a new site.
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .genesis.hostname
- dest:
- path: .values.nodes[0].name
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .masters[0].hostname
- dest:
- path: .values.nodes[1].name
- - src:
- schema: pegleg/CommonAddresses/v1
- name: common-addresses
- path: .masters[1].hostname
- dest:
- path: .values.nodes[2].name
-
- # Certificate substitutions for the node names assembled on the above list.
- # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
- # to change with a standard Airship deployment. However, the names of each
- # deckhand certficiate should be updated with the correct hostnames for your
- # environment. The ordering is important (Genesis is index 0, then master
- # nodes in the order they are specified in common-addresses).
-
- # Genesis Exception*
- # *NOTE: This is an exception in that `genesis` is not the hostname of the
- # genesis node, but `genesis` is reference here in the certificate names
- # because of certain Promenade assumptions that may be addressed in the
- # future. Therefore `genesis` is used instead of `pod17-node1` here.
- - src:
- schema: deckhand/Certificate/v1
- name: kubernetes-etcd-genesis
- path: .
- dest:
- path: .values.nodes[0].tls.client.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-genesis
- path: .
- dest:
- path: .values.nodes[0].tls.client.key
- - src:
- schema: deckhand/Certificate/v1
- name: kubernetes-etcd-genesis-peer
- path: .
- dest:
- path: .values.nodes[0].tls.peer.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-genesis-peer
- path: .
- dest:
- path: .values.nodes[0].tls.peer.key
-
- # master node 1 hostname - pod17-node2
- - src:
- schema: deckhand/Certificate/v1
- name: kubernetes-etcd-pod17-node2
- path: .
- dest:
- path: .values.nodes[1].tls.client.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-pod17-node2
- path: .
- dest:
- path: .values.nodes[1].tls.client.key
- - src:
- schema: deckhand/Certificate/v1
- name: kubernetes-etcd-pod17-node2-peer
- path: .
- dest:
- path: .values.nodes[1].tls.peer.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-pod17-node2-peer
- path: .
- dest:
- path: .values.nodes[1].tls.peer.key
-
- # master node 2 hostname - pod17-node3
- - src:
- schema: deckhand/Certificate/v1
- name: kubernetes-etcd-pod17-node3
- path: .
- dest:
- path: .values.nodes[2].tls.client.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-pod17-node3
- path: .
- dest:
- path: .values.nodes[2].tls.client.key
- - src:
- schema: deckhand/Certificate/v1
- name: kubernetes-etcd-pod17-node3-peer
- path: .
- dest:
- path: .values.nodes[2].tls.peer.cert
- - src:
- schema: deckhand/CertificateKey/v1
- name: kubernetes-etcd-pod17-node3-peer
- path: $
- dest:
- path: .values.nodes[2].tls.peer.key
-
-data: {}
-...