2 # The purpose of this file is to build the list of k8s etcd nodes and the
3 # k8s etcd certs for those nodes in the environment.
4 schema: armada/Chart/v1
6 schema: metadata/Document/v1
12 name: kubernetes-etcd-global
16 storagePolicy: cleartext
18 # Generate a list of control plane nodes (i.e. genesis node + master node
19 # list) on which k8s etcd will run and will need certs. It is assumed
20 # that Airship sites will have 4 control plane nodes, so this should not need to
21 # change for a new site.
23 schema: pegleg/CommonAddresses/v1
24 name: common-addresses
25 path: .genesis.hostname
27 path: .values.nodes[0].name
28 {% for server in yaml.masters %}
30 schema: pegleg/CommonAddresses/v1
31 name: common-addresses
32 path: .masters[{{loop.index-1}}].hostname
34 path: .values.nodes[{{loop.index}}].name
37 # Certificate substitutions for the node names assembled on the above list.
38 # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
39 # to change with a standard Airship deployment. However, the names of each
40 # deckhand certficiate should be updated with the correct hostnames for your
41 # environment. The ordering is important (Genesis is index 0, then master
42 # nodes in the order they are specified in common-addresses).
45 # *NOTE: This is an exception in that `genesis` is not the hostname of the
46 # genesis node, but `genesis` is reference here in the certificate names
47 # because of certain Promenade assumptions that may be addressed in the
48 # future. Therefore `genesis` is used instead of `cab23-r720-11` here.
50 # Genesis node {{yaml.genesis.name}}
52 schema: deckhand/Certificate/v1
53 name: kubernetes-etcd-genesis
56 path: .values.nodes[0].tls.client.cert
58 schema: deckhand/CertificateKey/v1
59 name: kubernetes-etcd-genesis
62 path: .values.nodes[0].tls.client.key
64 schema: deckhand/Certificate/v1
65 name: kubernetes-etcd-genesis-peer
68 path: .values.nodes[0].tls.peer.cert
70 schema: deckhand/CertificateKey/v1
71 name: kubernetes-etcd-genesis-peer
74 path: .values.nodes[0].tls.peer.key
75 {% for server in yaml.masters %}
77 # Master node {{loop.index}} hostname - {{server.name}}
79 schema: deckhand/Certificate/v1
80 name: kubernetes-etcd-{{server.name}}
83 path: .values.nodes[{{loop.index}}].tls.client.cert
85 schema: deckhand/CertificateKey/v1
86 name: kubernetes-etcd-{{server.name}}
89 path: .values.nodes[{{loop.index}}].tls.client.key
91 schema: deckhand/Certificate/v1
92 name: kubernetes-etcd-{{server.name}}-peer
95 path: .values.nodes[{{loop.index}}].tls.peer.cert
97 schema: deckhand/CertificateKey/v1
98 name: kubernetes-etcd-{{server.name}}-peer
101 path: .values.nodes[{{loop.index}}].tls.peer.key