2 # The purpose of this file is to build the list of calico etcd nodes and the
3 # calico etcd certs for those nodes in the environment.
4 schema: armada/Chart/v1
6 schema: metadata/Document/v1
7 name: kubernetes-calico-etcd
12 name: kubernetes-calico-etcd-global
16 storagePolicy: cleartext
18 # Generate a list of control plane nodes (i.e. genesis node + master node
19 # list) on which calico etcd will run and will need certs. It is assumed
20 # that Airship sites will have 4 control plane nodes, so this should not need to
21 # change for a new site.
23 schema: pegleg/CommonAddresses/v1
24 name: common-addresses
25 path: .genesis.hostname
27 path: .values.nodes[0].name
29 schema: pegleg/CommonAddresses/v1
30 name: common-addresses
31 path: .masters[0].hostname
33 path: .values.nodes[1].name
35 schema: pegleg/CommonAddresses/v1
36 name: common-addresses
37 path: .masters[1].hostname
39 path: .values.nodes[2].name
41 schema: pegleg/CommonAddresses/v1
42 name: common-addresses
43 path: .masters[2].hostname
45 path: .values.nodes[3].name
47 # Certificate substitutions for the node names assembled on the above list.
48 # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
49 # to change with a standard Airship deployment. However, the names of each
50 # deckhand certficiate should be updated with the correct hostnames for your
51 # environment. The ordering is important (Genesis is index 0, then master
52 # nodes in the order they are specified in common-addresses).
54 # Genesis hostname - cab23-r720-11
56 schema: deckhand/Certificate/v1
57 name: calico-etcd-cab23-r720-11
60 path: .values.nodes[0].tls.client.cert
62 schema: deckhand/CertificateKey/v1
63 name: calico-etcd-cab23-r720-11
66 path: .values.nodes[0].tls.client.key
68 schema: deckhand/Certificate/v1
69 name: calico-etcd-cab23-r720-11-peer
72 path: .values.nodes[0].tls.peer.cert
74 schema: deckhand/CertificateKey/v1
75 name: calico-etcd-cab23-r720-11-peer
78 path: .values.nodes[0].tls.peer.key
80 # master node 1 hostname - cab23-r720-12
82 schema: deckhand/Certificate/v1
83 name: calico-etcd-cab23-r720-12
86 path: .values.nodes[1].tls.client.cert
88 schema: deckhand/CertificateKey/v1
89 name: calico-etcd-cab23-r720-12
92 path: .values.nodes[1].tls.client.key
94 schema: deckhand/Certificate/v1
95 name: calico-etcd-cab23-r720-12-peer
98 path: .values.nodes[1].tls.peer.cert
100 schema: deckhand/CertificateKey/v1
101 name: calico-etcd-cab23-r720-12-peer
104 path: .values.nodes[1].tls.peer.key
106 # master node 2 hostname - cab23-r720-13
108 schema: deckhand/Certificate/v1
109 name: calico-etcd-cab23-r720-13
112 path: .values.nodes[2].tls.client.cert
114 schema: deckhand/CertificateKey/v1
115 name: calico-etcd-cab23-r720-13
118 path: .values.nodes[2].tls.client.key
120 schema: deckhand/Certificate/v1
121 name: calico-etcd-cab23-r720-13-peer
124 path: .values.nodes[2].tls.peer.cert
126 schema: deckhand/CertificateKey/v1
127 name: calico-etcd-cab23-r720-13-peer
130 path: .values.nodes[2].tls.peer.key
132 # master node 3 hostname - cab23-r720-14
134 schema: deckhand/Certificate/v1
135 name: calico-etcd-cab23-r720-14
138 path: .values.nodes[3].tls.client.cert
140 schema: deckhand/CertificateKey/v1
141 name: calico-etcd-cab23-r720-14
144 path: .values.nodes[3].tls.client.key
146 schema: deckhand/Certificate/v1
147 name: calico-etcd-cab23-r720-14-peer
150 path: .values.nodes[3].tls.peer.cert
152 schema: deckhand/CertificateKey/v1
153 name: calico-etcd-cab23-r720-14-peer
156 path: .values.nodes[3].tls.peer.key