X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=site_type%2Fovsdpdk%2Fairship-treasuremap%2Fsite%2Fairship-seaworthy%2Fpki%2Fpki-catalog.yaml;fp=site_type%2Fovsdpdk%2Fairship-treasuremap%2Fsite%2Fairship-seaworthy%2Fpki%2Fpki-catalog.yaml;h=0000000000000000000000000000000000000000;hb=d0a8cc561d32ce83499a52d9893482124bfa2871;hp=758c3ab5c061bc7a0e37b9faaaa63cf4674b615d;hpb=267230d53447c489d10905f260f503f2e71d414f;p=yaml_builds.git diff --git a/site_type/ovsdpdk/airship-treasuremap/site/airship-seaworthy/pki/pki-catalog.yaml b/site_type/ovsdpdk/airship-treasuremap/site/airship-seaworthy/pki/pki-catalog.yaml deleted file mode 100644 index 758c3ab..0000000 --- a/site_type/ovsdpdk/airship-treasuremap/site/airship-seaworthy/pki/pki-catalog.yaml +++ /dev/null @@ -1,358 +0,0 @@ ---- -# The purpose of this file is to define the PKI certificates for the environment -# -# NOTE: When deploying a new site, this file should not be configured until -# baremetal/nodes.yaml is complete. -# -schema: promenade/PKICatalog/v1 -metadata: - schema: metadata/Document/v1 - name: cluster-certificates - layeringDefinition: - abstract: false - layer: site - storagePolicy: cleartext -data: - certificate_authorities: - kubernetes: - description: CA for Kubernetes components - certificates: - - document_name: apiserver - description: Service certificate for Kubernetes apiserver - common_name: apiserver - hosts: - - localhost - - 127.0.0.1 - # FIXME: Repetition of api_service_ip in common-addresses; use - # substitution - - 10.96.0.1 - kubernetes_service_names: - - kubernetes.default.svc.cluster.local - - # NEWSITE-CHANGEME: The following should be a list of all the nodes in - # the environment (genesis, control plane, data plane, everything). - # Add/delete from this list as necessary until all nodes are listed. - # For each node, the `hosts` list should be comprised of: - # 1. The node's hostname, as already defined in baremetal/nodes.yaml - # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml - # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml - # NOTE: This list also needs to include the Genesis node, which is not - # listed in baremetal/nodes.yaml, but by convention should be allocated - # the first non-reserved IP in each logical network allocation range - # defined in networks/physical/networks.yaml - # NOTE: The genesis node needs to be defined twice (the first two entries - # on this list) with all of the same paramters except the document_name. - # In the first case the document_name is `kubelet-genesis`, and in the - # second case the document_name format is `kubelete-YOUR_GENESIS_HOSTNAME`. - - document_name: kubelet-genesis - common_name: system:node:cab23-r720-11 - hosts: - - cab23-r720-11 - - 10.23.21.11 - - 10.23.22.11 - groups: - - system:nodes - - document_name: kubelet-cab23-r720-11 - common_name: system:node:cab23-r720-11 - hosts: - - cab23-r720-11 - - 10.23.21.11 - - 10.23.22.11 - groups: - - system:nodes - - document_name: kubelet-cab23-r720-12 - common_name: system:node:cab23-r720-12 - hosts: - - cab23-r720-12 - - 10.23.21.12 - - 10.23.22.12 - groups: - - system:nodes - - document_name: kubelet-cab23-r720-13 - common_name: system:node:cab23-r720-13 - hosts: - - cab23-r720-13 - - 10.23.21.13 - - 10.23.22.13 - groups: - - system:nodes - - document_name: kubelet-cab23-r720-14 - common_name: system:node:cab23-r720-14 - hosts: - - cab23-r720-14 - - 10.23.21.14 - - 10.23.22.14 - groups: - - system:nodes - - document_name: kubelet-cab23-r720-17 - common_name: system:node:cab23-r720-17 - hosts: - - cab23-r720-17 - - 10.23.21.17 - - 10.23.22.17 - groups: - - system:nodes - - document_name: kubelet-cab23-r720-19 - common_name: system:node:cab23-r720-19 - hosts: - - cab23-r720-19 - - 10.23.21.19 - - 10.23.22.19 - groups: - - system:nodes - # End node list - - document_name: scheduler - description: Service certificate for Kubernetes scheduler - common_name: system:kube-scheduler - - document_name: controller-manager - description: certificate for controller-manager - common_name: system:kube-controller-manager - - document_name: admin - common_name: admin - groups: - - system:masters - - document_name: armada - common_name: armada - groups: - - system:masters - kubernetes-etcd: - description: Certificates for Kubernetes's etcd servers - certificates: - - document_name: apiserver-etcd - description: etcd client certificate for use by Kubernetes apiserver - common_name: apiserver - # NOTE(mark-burnett): hosts not required for client certificates - - document_name: kubernetes-etcd-anchor - description: anchor - common_name: anchor - # NEWSITE-CHANGEME: The following should be a list of the control plane - # nodes in the environment, including genesis. - # For each node, the `hosts` list should be comprised of: - # 1. The node's hostname, as already defined in baremetal/nodes.yaml - # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml - # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml - # 4. 127.0.0.1 - # 5. localhost - # 6. kubernetes-etcd.kube-system.svc.cluster.local - # NOTE: This list also needs to include the Genesis node, which is not - # listed in baremetal/nodes.yaml, but by convention should be allocated - # the first non-reserved IP in each logical network allocation range - # defined in networks/physical/networks.yaml, except for the kubernetes - # service_cidr where it should start with the second IP in the range. - # NOTE: The genesis node is defined twice with the same `hosts` data: - # Once with its hostname in the common/document name, and once with - # `genesis` defined instead of the host. For now, this duplicated - # genesis definition is required. FIXME: Remove duplicate definition - # after Promenade addresses this issue. - - document_name: kubernetes-etcd-genesis - common_name: kubernetes-etcd-genesis - hosts: - - cab23-r720-11 - - 10.23.21.11 - - 10.23.22.11 - - 127.0.0.1 - - localhost - - kubernetes-etcd.kube-system.svc.cluster.local - - 10.96.0.2 - - document_name: kubernetes-etcd-cab23-r720-11 - common_name: kubernetes-etcd-cab23-r720-11 - hosts: - - cab23-r720-11 - - 10.23.21.11 - - 10.23.22.11 - - 127.0.0.1 - - localhost - - kubernetes-etcd.kube-system.svc.cluster.local - - 10.96.0.2 - - document_name: kubernetes-etcd-cab23-r720-12 - common_name: kubernetes-etcd-cab23-r720-12 - hosts: - - cab23-r720-12 - - 10.23.21.12 - - 10.23.22.12 - - 127.0.0.1 - - localhost - - kubernetes-etcd.kube-system.svc.cluster.local - - 10.96.0.2 - - document_name: kubernetes-etcd-cab23-r720-13 - common_name: kubernetes-etcd-cab23-r720-13 - hosts: - - cab23-r720-13 - - 10.23.21.13 - - 10.23.22.13 - - 127.0.0.1 - - localhost - - kubernetes-etcd.kube-system.svc.cluster.local - - 10.96.0.2 - - document_name: kubernetes-etcd-cab23-r720-14 - common_name: kubernetes-etcd-cab23-r720-14 - hosts: - - cab23-r720-14 - - 10.23.21.14 - - 10.23.22.14 - - 127.0.0.1 - - localhost - - kubernetes-etcd.kube-system.svc.cluster.local - - 10.96.0.2 - # End node list - kubernetes-etcd-peer: - certificates: - # NEWSITE-CHANGEME: This list should be identical to the previous list, - # except that `-peer` has been appended to the document/common names. - - document_name: kubernetes-etcd-genesis-peer - common_name: kubernetes-etcd-genesis-peer - hosts: - - cab23-r720-11 - - 10.23.21.11 - - 10.23.22.11 - - 127.0.0.1 - - localhost - - kubernetes-etcd.kube-system.svc.cluster.local - - 10.96.0.2 - - document_name: kubernetes-etcd-cab23-r720-11-peer - common_name: kubernetes-etcd-cab23-r720-11-peer - hosts: - - cab23-r720-11 - - 10.23.21.11 - - 10.23.22.11 - - 127.0.0.1 - - localhost - - kubernetes-etcd.kube-system.svc.cluster.local - - 10.96.0.2 - - document_name: kubernetes-etcd-cab23-r720-12-peer - common_name: kubernetes-etcd-cab23-r720-12-peer - hosts: - - cab23-r720-12 - - 10.23.21.12 - - 10.23.22.12 - - 127.0.0.1 - - localhost - - kubernetes-etcd.kube-system.svc.cluster.local - - 10.96.0.2 - - document_name: kubernetes-etcd-cab23-r720-13-peer - common_name: kubernetes-etcd-cab23-r720-13-peer - hosts: - - cab23-r720-13 - - 10.23.21.13 - - 10.23.22.13 - - 127.0.0.1 - - localhost - - kubernetes-etcd.kube-system.svc.cluster.local - - 10.96.0.2 - - document_name: kubernetes-etcd-cab23-r720-14-peer - common_name: kubernetes-etcd-cab23-r720-14-peer - hosts: - - cab23-r720-14 - - 10.23.21.14 - - 10.23.22.14 - - 127.0.0.1 - - localhost - - kubernetes-etcd.kube-system.svc.cluster.local - - 10.96.0.2 - # End node list - calico-etcd: - description: Certificates for Calico etcd client traffic - certificates: - - document_name: calico-etcd-anchor - description: anchor - common_name: anchor - # NEWSITE-CHANGEME: The following should be a list of the control plane - # nodes in the environment, including genesis. - # For each node, the `hosts` list should be comprised of: - # 1. The node's hostname, as already defined in baremetal/nodes.yaml - # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml - # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml - # 4. 127.0.0.1 - # 5. localhost - # 6. The calico/etcd/service_ip defined in networks/common-addresses.yaml - # NOTE: This list also needs to include the Genesis node, which is not - # listed in baremetal/nodes.yaml, but by convention should be allocated - # the first non-reserved IP in each logical network allocation range - # defined in networks/physical/networks.yaml - - document_name: calico-etcd-cab23-r720-11 - common_name: calico-etcd-cab23-r720-11 - hosts: - - cab23-r720-11 - - 10.23.21.11 - - 10.23.22.11 - - 127.0.0.1 - - localhost - - 10.96.232.136 - - document_name: calico-etcd-cab23-r720-12 - common_name: calico-etcd-cab23-r720-12 - hosts: - - cab23-r720-12 - - 10.23.21.12 - - 10.23.22.12 - - 127.0.0.1 - - localhost - - 10.96.232.136 - - document_name: calico-etcd-cab23-r720-13 - common_name: calico-etcd-cab23-r720-13 - hosts: - - cab23-r720-13 - - 10.23.21.13 - - 10.23.22.13 - - 127.0.0.1 - - localhost - - 10.96.232.136 - - document_name: calico-etcd-cab23-r720-14 - common_name: calico-etcd-cab23-r720-14 - hosts: - - cab23-r720-14 - - 10.23.21.14 - - 10.23.22.14 - - 127.0.0.1 - - localhost - - 10.96.232.136 - - document_name: calico-node - common_name: calcico-node - # End node list - calico-etcd-peer: - description: Certificates for Calico etcd clients - certificates: - # NEWSITE-CHANGEME: This list should be identical to the previous list, - # except that `-peer` has been appended to the document/common names. - - document_name: calico-etcd-cab23-r720-11-peer - common_name: calico-etcd-cab23-r720-11-peer - hosts: - - cab23-r720-11 - - 10.23.21.11 - - 10.23.22.11 - - 127.0.0.1 - - localhost - - 10.96.232.136 - - document_name: calico-etcd-cab23-r720-12-peer - common_name: calico-etcd-cab23-r720-12-peer - hosts: - - cab23-r720-12 - - 10.23.21.12 - - 10.23.22.12 - - 127.0.0.1 - - localhost - - 10.96.232.136 - - document_name: calico-etcd-cab23-r720-13-peer - common_name: calico-etcd-cab23-r720-13-peer - hosts: - - cab23-r720-13 - - 10.23.21.13 - - 10.23.22.13 - - 127.0.0.1 - - localhost - - 10.96.232.136 - - document_name: calico-etcd-cab23-r720-14-peer - common_name: calico-etcd-cab23-r720-14-peer - hosts: - - cab23-r720-14 - - 10.23.21.14 - - 10.23.22.14 - - 127.0.0.1 - - localhost - - 10.96.232.136 - - document_name: calico-node-peer - common_name: calcico-node-peer - # End node list - keypairs: - - name: service-account - description: Service account signing key for use by Kubernetes controller-manager. -...