154 lines
4.0 KiB
YAML
154 lines
4.0 KiB
YAML
---
|
|
# The purpose of this file is to build the list of calico etcd nodes and the
|
|
# calico etcd certs for those nodes in the environment.
|
|
schema: armada/Chart/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: kubernetes-calico-etcd
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: site
|
|
parentSelector:
|
|
name: kubernetes-calico-etcd-global
|
|
actions:
|
|
- method: merge
|
|
path: .
|
|
storagePolicy: cleartext
|
|
substitutions:
|
|
# Generate a list of control plane nodes (i.e. genesis node + master node
|
|
# list) on which calico etcd will run and will need certs. It is assumed
|
|
# that Airship sites will have 4 control plane nodes, so this should not need to
|
|
# change for a new site.
|
|
- src:
|
|
schema: pegleg/CommonAddresses/v1
|
|
name: common-addresses
|
|
path: .genesis.hostname
|
|
dest:
|
|
path: .values.nodes[0].name
|
|
- src:
|
|
schema: pegleg/CommonAddresses/v1
|
|
name: common-addresses
|
|
path: .masters[0].hostname
|
|
dest:
|
|
path: .values.nodes[1].name
|
|
- src:
|
|
schema: pegleg/CommonAddresses/v1
|
|
name: common-addresses
|
|
path: .masters[1].hostname
|
|
dest:
|
|
path: .values.nodes[2].name
|
|
- src:
|
|
schema: pegleg/CommonAddresses/v1
|
|
name: common-addresses
|
|
path: .masters[2].hostname
|
|
dest:
|
|
path: .values.nodes[3].name
|
|
|
|
# Certificate substitutions for the node names assembled on the above list.
|
|
# Genesis hostname - n0
|
|
- src:
|
|
schema: deckhand/Certificate/v1
|
|
name: calico-etcd-n0
|
|
path: .
|
|
dest:
|
|
path: .values.nodes[0].tls.client.cert
|
|
- src:
|
|
schema: deckhand/CertificateKey/v1
|
|
name: calico-etcd-n0
|
|
path: .
|
|
dest:
|
|
path: .values.nodes[0].tls.client.key
|
|
- src:
|
|
schema: deckhand/Certificate/v1
|
|
name: calico-etcd-n0-peer
|
|
path: .
|
|
dest:
|
|
path: .values.nodes[0].tls.peer.cert
|
|
- src:
|
|
schema: deckhand/CertificateKey/v1
|
|
name: calico-etcd-n0-peer
|
|
path: .
|
|
dest:
|
|
path: .values.nodes[0].tls.peer.key
|
|
|
|
# master node 1 hostname - n1
|
|
- src:
|
|
schema: deckhand/Certificate/v1
|
|
name: calico-etcd-n1
|
|
path: .
|
|
dest:
|
|
path: .values.nodes[1].tls.client.cert
|
|
- src:
|
|
schema: deckhand/CertificateKey/v1
|
|
name: calico-etcd-n1
|
|
path: .
|
|
dest:
|
|
path: .values.nodes[1].tls.client.key
|
|
- src:
|
|
schema: deckhand/Certificate/v1
|
|
name: calico-etcd-n1-peer
|
|
path: .
|
|
dest:
|
|
path: .values.nodes[1].tls.peer.cert
|
|
- src:
|
|
schema: deckhand/CertificateKey/v1
|
|
name: calico-etcd-n1-peer
|
|
path: .
|
|
dest:
|
|
path: .values.nodes[1].tls.peer.key
|
|
|
|
# master node 2 hostname - n2
|
|
- src:
|
|
schema: deckhand/Certificate/v1
|
|
name: calico-etcd-n2
|
|
path: .
|
|
dest:
|
|
path: .values.nodes[2].tls.client.cert
|
|
- src:
|
|
schema: deckhand/CertificateKey/v1
|
|
name: calico-etcd-n2
|
|
path: .
|
|
dest:
|
|
path: .values.nodes[2].tls.client.key
|
|
- src:
|
|
schema: deckhand/Certificate/v1
|
|
name: calico-etcd-n2-peer
|
|
path: .
|
|
dest:
|
|
path: .values.nodes[2].tls.peer.cert
|
|
- src:
|
|
schema: deckhand/CertificateKey/v1
|
|
name: calico-etcd-n2-peer
|
|
path: .
|
|
dest:
|
|
path: .values.nodes[2].tls.peer.key
|
|
|
|
# master node 3 hostname - n3
|
|
- src:
|
|
schema: deckhand/Certificate/v1
|
|
name: calico-etcd-n3
|
|
path: .
|
|
dest:
|
|
path: .values.nodes[3].tls.client.cert
|
|
- src:
|
|
schema: deckhand/CertificateKey/v1
|
|
name: calico-etcd-n3
|
|
path: .
|
|
dest:
|
|
path: .values.nodes[3].tls.client.key
|
|
- src:
|
|
schema: deckhand/Certificate/v1
|
|
name: calico-etcd-n3-peer
|
|
path: .
|
|
dest:
|
|
path: .values.nodes[3].tls.peer.cert
|
|
- src:
|
|
schema: deckhand/CertificateKey/v1
|
|
name: calico-etcd-n3-peer
|
|
path: $
|
|
dest:
|
|
path: .values.nodes[3].tls.peer.key
|
|
|
|
data: {}
|
|
...
|