--- /dev/null
+---
+# The purpose of this file is to build the list of calico etcd nodes and the
+# calico etcd certs for those nodes in the environment.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-calico-etcd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: kubernetes-calico-etcd-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ # Generate a list of control plane nodes (i.e. genesis node + master node
+ # list) on which calico etcd will run and will need certs. It is assumed
+ # that Airship sites will have 4 control plane nodes, so this should not need to
+ # change for a new site.
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .genesis.hostname
+ dest:
+ path: .values.nodes[0].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[0].hostname
+ dest:
+ path: .values.nodes[1].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[1].hostname
+ dest:
+ path: .values.nodes[2].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[2].hostname
+ dest:
+ path: .values.nodes[3].name
+
+ # Certificate substitutions for the node names assembled on the above list.
+ # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
+ # to change with a standard Airship deployment. However, the names of each
+ # deckhand certficiate should be updated with the correct hostnames for your
+ # environment. The ordering is important (Genesis is index 0, then master
+ # nodes in the order they are specified in common-addresses).
+
+ # Genesis hostname - cab23-r720-11
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-cab23-r720-11
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-cab23-r720-11
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-cab23-r720-11-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-cab23-r720-11-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.key
+
+ # master node 1 hostname - cab23-r720-12
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-cab23-r720-12
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-cab23-r720-12
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-cab23-r720-12-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-cab23-r720-12-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.key
+
+ # master node 2 hostname - cab23-r720-13
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-cab23-r720-13
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-cab23-r720-13
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-cab23-r720-13-peer
+ path: .
+ dest:
+ path: .values.nodes[2].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-cab23-r720-13-peer
+ path: .
+ dest:
+ path: .values.nodes[2].tls.peer.key
+
+ # master node 3 hostname - cab23-r720-14
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-cab23-r720-14
+ path: .
+ dest:
+ path: .values.nodes[3].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-cab23-r720-14
+ path: .
+ dest:
+ path: .values.nodes[3].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-cab23-r720-14-peer
+ path: .
+ dest:
+ path: .values.nodes[3].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-cab23-r720-14-peer
+ path: $
+ dest:
+ path: .values.nodes[3].tls.peer.key
+
+data: {}
+...