treasuremap/site/airskiff/software/charts/kubernetes/container-networking/etcd.yaml

162 lines
4.7 KiB
YAML

---
# NOTE: This file is ignored by Airskiff and is copied from the seaworthy site.
# The purpose of this file is to build the list of calico etcd nodes and the
# calico etcd certs for those nodes in the environment.
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-calico-etcd
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: kubernetes-calico-etcd-global
actions:
- method: merge
path: .
storagePolicy: cleartext
substitutions:
# Generate a list of control plane nodes (i.e. genesis node + master node
# list) on which calico etcd will run and will need certs. It is assumed
# that Airship sites will have 4 control plane nodes, so this should not need to
# change for a new site.
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .genesis.hostname
dest:
path: .values.nodes[0].name
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .masters[0].hostname
dest:
path: .values.nodes[1].name
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .masters[1].hostname
dest:
path: .values.nodes[2].name
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .masters[2].hostname
dest:
path: .values.nodes[3].name
# Certificate substitutions for the node names assembled on the above list.
# NEWSITE-CHANGEME: Per above, the number of substitutions should not need
# to change with a standard Airship deployment. However, the names of each
# deckhand certficiate should be updated with the correct hostnames for your
# environment. The ordering is important (Genesis is index 0, then master
# nodes in the order they are specified in common-addresses).
# Genesis hostname - cab23-r720-11
- src:
schema: deckhand/Certificate/v1
name: calico-etcd-cab23-r720-11
path: .
dest:
path: .values.nodes[0].tls.client.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-cab23-r720-11
path: .
dest:
path: .values.nodes[0].tls.client.key
- src:
schema: deckhand/Certificate/v1
name: calico-etcd-cab23-r720-11-peer
path: .
dest:
path: .values.nodes[0].tls.peer.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-cab23-r720-11-peer
path: .
dest:
path: .values.nodes[0].tls.peer.key
# master node 1 hostname - cab23-r720-12
- src:
schema: deckhand/Certificate/v1
name: calico-etcd-cab23-r720-12
path: .
dest:
path: .values.nodes[1].tls.client.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-cab23-r720-12
path: .
dest:
path: .values.nodes[1].tls.client.key
- src:
schema: deckhand/Certificate/v1
name: calico-etcd-cab23-r720-12-peer
path: .
dest:
path: .values.nodes[1].tls.peer.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-cab23-r720-12-peer
path: .
dest:
path: .values.nodes[1].tls.peer.key
# master node 2 hostname - cab23-r720-13
- src:
schema: deckhand/Certificate/v1
name: calico-etcd-cab23-r720-13
path: .
dest:
path: .values.nodes[2].tls.client.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-cab23-r720-13
path: .
dest:
path: .values.nodes[2].tls.client.key
- src:
schema: deckhand/Certificate/v1
name: calico-etcd-cab23-r720-13-peer
path: .
dest:
path: .values.nodes[2].tls.peer.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-cab23-r720-13-peer
path: .
dest:
path: .values.nodes[2].tls.peer.key
# master node 3 hostname - cab23-r720-14
- src:
schema: deckhand/Certificate/v1
name: calico-etcd-cab23-r720-14
path: .
dest:
path: .values.nodes[3].tls.client.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-cab23-r720-14
path: .
dest:
path: .values.nodes[3].tls.client.key
- src:
schema: deckhand/Certificate/v1
name: calico-etcd-cab23-r720-14-peer
path: .
dest:
path: .values.nodes[3].tls.peer.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-cab23-r720-14-peer
path: $
dest:
path: .values.nodes[3].tls.peer.key
data: {}
...