--- ############################################################################## # Copyright © 2018 AT&T Intellectual Property. All rights reserved. # # # # Licensed under the Apache License, Version 2.0 (the "License"); you may # # not use this file except in compliance with the License. # # # # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # # # Unless required by applicable law or agreed to in writing, software # # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # # See the License for the specific language governing permissions and # # limitations under the License. # ############################################################################## schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: kubernetes-calico layeringDefinition: abstract: false layer: site parentSelector: name: kubernetes-calico-global actions: - method: delete path: .values.calico - method: delete path: .values.etcd - method: merge path: . storagePolicy: cleartext substitutions: # IP addresses - src: schema: pegleg/CommonAddresses/v1 name: common-addresses path: .calico.etcd.service_ip dest: path: .values.endpoints.etcd.host_fqdn_override.default - src: schema: pegleg/CommonAddresses/v1 name: common-addresses path: .kubernetes.pod_cidr dest: path: .values.networking.podSubnet - src: schema: pegleg/CommonAddresses/v1 name: common-addresses path: .kubernetes.api_service_ip dest: path: .values.conf.policy_controller.K8S_API pattern: SUB_KUBERNETES_IP # Other site-specific configuration - src: schema: pegleg/CommonAddresses/v1 name: common-addresses path: .calico.ip_autodetection_method dest: path: .values.conf.node.IP_AUTODETECTION_METHOD # Certificates - src: schema: deckhand/CertificateAuthority/v1 name: calico-etcd path: . dest: path: .values.endpoints.etcd.auth.client.tls.ca - src: schema: deckhand/Certificate/v1 name: calico-node path: . dest: path: .values.endpoints.etcd.auth.client.tls.crt - src: schema: deckhand/CertificateKey/v1 name: calico-node path: . dest: path: .values.endpoints.etcd.auth.client.tls.key data: chart_name: calico release: calico namespace: kube-system timeout: 600 upgrade: no_hooks: true values: conf: cni_network_config: name: k8s-pod-network cniVersion: 0.1.0 type: calico etcd_endpoints: __ETCD_ENDPOINTS__ etcd_ca_cert_file: /etc/calico/pki/ca etcd_cert_file: /etc/calico/pki/crt etcd_key_file: /etc/calico/pki/key log_level: info mtu: 1500 ipam: type: calico-ipam policy: type: k8s k8s_api_root: https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__ k8s_auth_token: __SERVICEACCOUNT_TOKEN__ policy_controller: K8S_API: "https://SUB_KUBERNETES_IP:443" node: CALICO_STARTUP_LOGLEVEL: INFO CLUSTER_TYPE: - k8s - bgp WAIT_FOR_STORAGE: "true" endpoints: etcd: hosts: default: calico-etcd scheme: default: https networking: mtu: 1500 settings: mesh: "off" ippool: ipip: enabled: "false" mode: "cross-subnet" bgp: asnumber: {{yaml.networks.ksn.local_asnumber}} ipv4: additional_cidrs: {% for add_cidr in yaml.networks.ksn.additional_cidrs %} - {{add_cidr}} {% endfor %} peers: {% for peer in yaml.networks.ksn.peers %} - apiVersion: v1 kind: bgpPeer metadata: peerIP: {{peer.ip}} scope: {{peer.scope}} spec: asnumber: {{peer.asnumber}} {% endfor %} manifests: daemonset_calico_etcd: false job_image_repo_sync: false service_calico_etcd: false ...