2 # The purpose of this file is to build the list of k8s etcd nodes and the
3 # k8s etcd certs for those nodes in the environment.
4 schema: armada/Chart/v1
6 schema: metadata/Document/v1
12 name: kubernetes-etcd-global
16 storagePolicy: cleartext
18 # Generate a list of control plane nodes (i.e. genesis node + master node
19 # list) on which k8s etcd will run and will need certs. It is assumed
20 # that Airship sites will have 4 control plane nodes, so this should not need to
21 # change for a new site.
23 schema: pegleg/CommonAddresses/v1
24 name: common-addresses
25 path: .genesis.hostname
27 path: .values.nodes[0].name
29 schema: pegleg/CommonAddresses/v1
30 name: common-addresses
31 path: .masters[0].hostname
33 path: .values.nodes[1].name
35 schema: pegleg/CommonAddresses/v1
36 name: common-addresses
37 path: .masters[1].hostname
39 path: .values.nodes[2].name
41 schema: pegleg/CommonAddresses/v1
42 name: common-addresses
43 path: .masters[2].hostname
45 path: .values.nodes[3].name
47 # Certificate substitutions for the node names assembled on the above list.
48 # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
49 # to change with a standard Airship deployment. However, the names of each
50 # deckhand certficiate should be updated with the correct hostnames for your
51 # environment. The ordering is important (Genesis is index 0, then master
52 # nodes in the order they are specified in common-addresses).
55 # *NOTE: This is an exception in that `genesis` is not the hostname of the
56 # genesis node, but `genesis` is reference here in the certificate names
57 # because of certain Promenade assumptions that may be addressed in the
58 # future. Therefore `genesis` is used instead of `cab23-r720-11` here.
60 schema: deckhand/Certificate/v1
61 name: kubernetes-etcd-genesis
64 path: .values.nodes[0].tls.client.cert
66 schema: deckhand/CertificateKey/v1
67 name: kubernetes-etcd-genesis
70 path: .values.nodes[0].tls.client.key
72 schema: deckhand/Certificate/v1
73 name: kubernetes-etcd-genesis-peer
76 path: .values.nodes[0].tls.peer.cert
78 schema: deckhand/CertificateKey/v1
79 name: kubernetes-etcd-genesis-peer
82 path: .values.nodes[0].tls.peer.key
84 # master node 1 hostname - cab23-r720-12
86 schema: deckhand/Certificate/v1
87 name: kubernetes-etcd-cab23-r720-12
90 path: .values.nodes[1].tls.client.cert
92 schema: deckhand/CertificateKey/v1
93 name: kubernetes-etcd-cab23-r720-12
96 path: .values.nodes[1].tls.client.key
98 schema: deckhand/Certificate/v1
99 name: kubernetes-etcd-cab23-r720-12-peer
102 path: .values.nodes[1].tls.peer.cert
104 schema: deckhand/CertificateKey/v1
105 name: kubernetes-etcd-cab23-r720-12-peer
108 path: .values.nodes[1].tls.peer.key
110 # master node 2 hostname - cab23-r720-13
112 schema: deckhand/Certificate/v1
113 name: kubernetes-etcd-cab23-r720-13
116 path: .values.nodes[2].tls.client.cert
118 schema: deckhand/CertificateKey/v1
119 name: kubernetes-etcd-cab23-r720-13
122 path: .values.nodes[2].tls.client.key
124 schema: deckhand/Certificate/v1
125 name: kubernetes-etcd-cab23-r720-13-peer
128 path: .values.nodes[2].tls.peer.cert
130 schema: deckhand/CertificateKey/v1
131 name: kubernetes-etcd-cab23-r720-13-peer
134 path: .values.nodes[2].tls.peer.key
136 # master node 3 hostname - cab23-r720-14
138 schema: deckhand/Certificate/v1
139 name: kubernetes-etcd-cab23-r720-14
142 path: .values.nodes[3].tls.client.cert
144 schema: deckhand/CertificateKey/v1
145 name: kubernetes-etcd-cab23-r720-14
148 path: .values.nodes[3].tls.client.key
150 schema: deckhand/Certificate/v1
151 name: kubernetes-etcd-cab23-r720-14-peer
154 path: .values.nodes[3].tls.peer.cert
156 schema: deckhand/CertificateKey/v1
157 name: kubernetes-etcd-cab23-r720-14-peer
160 path: .values.nodes[3].tls.peer.key