From 1d5a278039e92e3d35627c2f5cd4f5db954fa03a Mon Sep 17 00:00:00 2001 From: Roy Tang Date: Wed, 11 Sep 2019 20:05:46 +0000 Subject: Create initial set of site artifacts for pod18 Change-Id: If297227865597354c85467b918405cf5cf170355 Signed-off-by: Roy Tang --- .../kubernetes/container-networking/etcd.yaml | 127 ++++++++++++++++++++ .../software/charts/kubernetes/etcd/etcd.yaml | 131 +++++++++++++++++++++ .../software/charts/ucp/divingbell/divingbell.yaml | 101 ++++++++++++++++ .../software/config/common-software-config.yaml | 16 +++ 4 files changed, 375 insertions(+) create mode 100644 site/intel-pod18/software/charts/kubernetes/container-networking/etcd.yaml create mode 100644 site/intel-pod18/software/charts/kubernetes/etcd/etcd.yaml create mode 100644 site/intel-pod18/software/charts/ucp/divingbell/divingbell.yaml create mode 100644 site/intel-pod18/software/config/common-software-config.yaml (limited to 'site/intel-pod18/software') diff --git a/site/intel-pod18/software/charts/kubernetes/container-networking/etcd.yaml b/site/intel-pod18/software/charts/kubernetes/container-networking/etcd.yaml new file mode 100644 index 0000000..9241013 --- /dev/null +++ b/site/intel-pod18/software/charts/kubernetes/container-networking/etcd.yaml @@ -0,0 +1,127 @@ +--- +# The purpose of this file is to build the list of calico etcd nodes and the +# calico etcd certs for those nodes in the environment. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-calico-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-calico-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + # Generate a list of control plane nodes (i.e. genesis node + master node + # list) on which calico etcd will run and will need certs. It is assumed + # that Airship sites will have 4 control plane nodes, so this should not need to + # change for a new site. + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[0].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[0].hostname + dest: + path: .values.nodes[1].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[1].hostname + dest: + path: .values.nodes[2].name + + # Certificate substitutions for the node names assembled on the above list. + # NEWSITE-CHANGEME: Per above, the number of substitutions should not need + # to change with a standard Airship deployment. However, the names of each + # deckhand certficiate should be updated with the correct hostnames for your + # environment. The ordering is important (Genesis is index 0, then master + # nodes in the order they are specified in common-addresses). + + # Genesis hostname - pod18-node1 + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod18-node1 + path: . + dest: + path: .values.nodes[0].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod18-node1 + path: . + dest: + path: .values.nodes[0].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod18-node1-peer + path: . + dest: + path: .values.nodes[0].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod18-node1-peer + path: . + dest: + path: .values.nodes[0].tls.peer.key + + # master node 1 hostname - pod18-node2 + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod18-node2 + path: . + dest: + path: .values.nodes[1].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod18-node2 + path: . + dest: + path: .values.nodes[1].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod18-node2-peer + path: . + dest: + path: .values.nodes[1].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod18-node2-peer + path: . + dest: + path: .values.nodes[1].tls.peer.key + + # master node 2 hostname - pod18-node3 + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod18-node3 + path: . + dest: + path: .values.nodes[2].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod18-node3 + path: . + dest: + path: .values.nodes[2].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod18-node3-peer + path: . + dest: + path: .values.nodes[2].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod18-node3-peer + path: . + dest: + path: .values.nodes[2].tls.peer.key + +data: {} +... diff --git a/site/intel-pod18/software/charts/kubernetes/etcd/etcd.yaml b/site/intel-pod18/software/charts/kubernetes/etcd/etcd.yaml new file mode 100644 index 0000000..54bfbe8 --- /dev/null +++ b/site/intel-pod18/software/charts/kubernetes/etcd/etcd.yaml @@ -0,0 +1,131 @@ +--- +# The purpose of this file is to build the list of k8s etcd nodes and the +# k8s etcd certs for those nodes in the environment. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + # Generate a list of control plane nodes (i.e. genesis node + master node + # list) on which k8s etcd will run and will need certs. It is assumed + # that Airship sites will have 4 control plane nodes, so this should not need to + # change for a new site. + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[0].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[0].hostname + dest: + path: .values.nodes[1].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[1].hostname + dest: + path: .values.nodes[2].name + + # Certificate substitutions for the node names assembled on the above list. + # NEWSITE-CHANGEME: Per above, the number of substitutions should not need + # to change with a standard Airship deployment. However, the names of each + # deckhand certficiate should be updated with the correct hostnames for your + # environment. The ordering is important (Genesis is index 0, then master + # nodes in the order they are specified in common-addresses). + + # Genesis Exception* + # *NOTE: This is an exception in that `genesis` is not the hostname of the + # genesis node, but `genesis` is reference here in the certificate names + # because of certain Promenade assumptions that may be addressed in the + # future. Therefore `genesis` is used instead of `pod18-node1` here. + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[0].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[0].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: .values.nodes[0].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: .values.nodes[0].tls.peer.key + + # master node 1 hostname - pod18-node2 + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-pod18-node2 + path: . + dest: + path: .values.nodes[1].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-pod18-node2 + path: . + dest: + path: .values.nodes[1].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-pod18-node2-peer + path: . + dest: + path: .values.nodes[1].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-pod18-node2-peer + path: . + dest: + path: .values.nodes[1].tls.peer.key + + # master node 2 hostname - pod18-node3 + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-pod18-node3 + path: . + dest: + path: .values.nodes[2].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-pod18-node3 + path: . + dest: + path: .values.nodes[2].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-pod18-node3-peer + path: . + dest: + path: .values.nodes[2].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-pod18-node3-peer + path: $ + dest: + path: .values.nodes[2].tls.peer.key + +data: {} +... diff --git a/site/intel-pod18/software/charts/ucp/divingbell/divingbell.yaml b/site/intel-pod18/software/charts/ucp/divingbell/divingbell.yaml new file mode 100644 index 0000000..50f8f48 --- /dev/null +++ b/site/intel-pod18/software/charts/ucp/divingbell/divingbell.yaml @@ -0,0 +1,101 @@ +--- +# The purpose of this file is to define site-specific parameters to the +# UAM-lite portion of the divingbell chart: +# 1. User accounts to create on bare metal +# 2. SSH public key for operationg system access to the bare metal +# 3. Passwords for operating system access via iDrac/iLo console. SSH password- +# based auth is disabled. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-divingbell + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-divingbell-global + actions: + - method: merge + path: . + labels: + name: ucp-divingbell-site + storagePolicy: cleartext + substitutions: + - dest: + path: .values.conf.uamlite.users[0].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: jenkins_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[1].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: grego_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[1].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: grego_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[2].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: kasparss_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[2].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: kasparss_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[3].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: jorgeas_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[4].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: trungdt_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[5].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: miniroy_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[5].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: miniroy_crypt_password + path: . +data: + values: + conf: + uamlite: + users: + - user_name: jenkins + user_sudo: true + user_sshkeys: [] + - user_name: grego + user_sudo: true + user_sshkeys: [] + - user_name: kasparss + user_sudo: true + user_sshkeys: [] + - user_name: jorgeas + user_sudo: true + user_sshkeys: [] + - user_name: trungdt + user_sudo: true + user_sshkeys: [] + - user_name: miniroy + user_sudo: true + user_sshkeys: [] +... diff --git a/site/intel-pod18/software/config/common-software-config.yaml b/site/intel-pod18/software/config/common-software-config.yaml new file mode 100644 index 0000000..b9f035f --- /dev/null +++ b/site/intel-pod18/software/config/common-software-config.yaml @@ -0,0 +1,16 @@ +--- +# The purpose of this file is to define site-specific common software config +# paramters. +schema: pegleg/CommonSoftwareConfig/v1 +metadata: + schema: metadata/Document/v1 + name: common-software-config + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + osh: + # NEWSITE-CHANGEME: Replace with the site name + region_name: intel-pod18 +... -- cgit 1.2.3-korg