blob: 8d397e4228ee9c23e498579c2bb0ff2e4536ae69 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
---
# The purpose of this file is to build the list of calico etcd nodes and the
# calico etcd certs for those nodes in the environment.
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-calico-etcd
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: kubernetes-calico-etcd-global
actions:
- method: merge
path: .
storagePolicy: cleartext
substitutions:
# Generate a list of control plane nodes (i.e. genesis node + master node
# list) on which calico etcd will run and will need certs. It is assumed
# that Airship sites will have 3 control plane nodes, so this should not need to
# change for a new site.
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .genesis.hostname
dest:
path: .values.nodes[0].name
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .masters[0].hostname
dest:
path: .values.nodes[1].name
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .masters[1].hostname
dest:
path: .values.nodes[2].name
# Certificate substitutions for the node names assembled on the above list.
# NEWSITE-CHANGEME: Per above, the number of substitutions should not need
# to change with a standard Airship deployment. However, the names of each
# deckhand certficiate should be updated with the correct hostnames for your
# environment. The ordering is important (Genesis is index 0, then master
# nodes in the order they are specified in common-addresses).
# Genesis hostname - pod17-node1
- src:
schema: deckhand/Certificate/v1
name: calico-etcd-pod17-node1
path: .
dest:
path: .values.nodes[0].tls.client.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-pod17-node1
path: .
dest:
path: .values.nodes[0].tls.client.key
- src:
schema: deckhand/Certificate/v1
name: calico-etcd-pod17-node1-peer
path: .
dest:
path: .values.nodes[0].tls.peer.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-pod17-node1-peer
path: .
dest:
path: .values.nodes[0].tls.peer.key
# master node 1 hostname - pod17-node2
- src:
schema: deckhand/Certificate/v1
name: calico-etcd-pod17-node2
path: .
dest:
path: .values.nodes[1].tls.client.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-pod17-node2
path: .
dest:
path: .values.nodes[1].tls.client.key
- src:
schema: deckhand/Certificate/v1
name: calico-etcd-pod17-node2-peer
path: .
dest:
path: .values.nodes[1].tls.peer.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-pod17-node2-peer
path: .
dest:
path: .values.nodes[1].tls.peer.key
# master node 2 hostname - pod17-node3
- src:
schema: deckhand/Certificate/v1
name: calico-etcd-pod17-node3
path: .
dest:
path: .values.nodes[2].tls.client.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-pod17-node3
path: .
dest:
path: .values.nodes[2].tls.client.key
- src:
schema: deckhand/Certificate/v1
name: calico-etcd-pod17-node3-peer
path: .
dest:
path: .values.nodes[2].tls.peer.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-pod17-node3-peer
path: .
dest:
path: .values.nodes[2].tls.peer.key
data: {}
...
|
