X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=site_type%2Fovsdpdk%2Ftemplates%2Fpki%2Fpki-catalog.j2;fp=site_type%2Fovsdpdk%2Ftemplates%2Fpki%2Fpki-catalog.j2;h=0000000000000000000000000000000000000000;hb=d0a8cc561d32ce83499a52d9893482124bfa2871;hp=ae5ab0b42337c29f87507ed81f316b6bbf684d1a;hpb=267230d53447c489d10905f260f503f2e71d414f;p=yaml_builds.git diff --git a/site_type/ovsdpdk/templates/pki/pki-catalog.j2 b/site_type/ovsdpdk/templates/pki/pki-catalog.j2 deleted file mode 100644 index ae5ab0b..0000000 --- a/site_type/ovsdpdk/templates/pki/pki-catalog.j2 +++ /dev/null @@ -1,236 +0,0 @@ ---- -############################################################################## -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); you may # -# not use this file except in compliance with the License. # -# # -# You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -############################################################################## - -schema: promenade/PKICatalog/v1 -metadata: - schema: metadata/Document/v1 - name: cluster-certificates - layeringDefinition: - abstract: false - layer: site - storagePolicy: cleartext -data: - certificate_authorities: - kubernetes: - description: CA for Kubernetes components - certificates: - - document_name: apiserver - description: Service certificate for Kubernetes apiserver - common_name: apiserver - hosts: - - localhost - - 127.0.0.1 - - {{yaml.kubernetes.api_service_ip}} - kubernetes_service_names: - - kubernetes.default.svc.cluster.local - - document_name: kubelet-genesis - common_name: system:node:{{yaml.genesis.name}} - hosts: - - {{yaml.genesis.name}} - - {{yaml.genesis.host}} - - {{yaml.genesis.ksn}} - - {{yaml.genesis.pxe}} - groups: - - system:nodes - - document_name: kubelet-{{yaml.genesis.name}} - common_name: system:node:{{yaml.genesis.name}} - hosts: - - {{yaml.genesis.name}} - - {{yaml.genesis.host}} - - {{yaml.genesis.ksn}} - - {{yaml.genesis.pxe}} - groups: - - system:nodes -{% for server in yaml.masters %} - - document_name: kubelet-{{ server.name }} - common_name: system:node:{{ server.name }} - hosts: - - {{server.name}} - - {{server.host}} - - {{server.ksn}} - - {{server.pxe}} - groups: - - system:nodes -{% endfor %} -{% if 'workers' in yaml %}{% for server in yaml.workers %} - - document_name: kubelet-{{ server.name }} - common_name: system:node:{{ server.name }} - hosts: - - {{server.name}} - - {{server.host}} - - {{server.ksn}} - - {{server.pxe}} - groups: - - system:nodes -{% endfor %}{% endif %} - - document_name: scheduler - description: Service certificate for Kubernetes scheduler - common_name: system:kube-scheduler - - document_name: controller-manager - description: certificate for controller-manager - common_name: system:kube-controller-manager - - document_name: admin - common_name: admin - groups: - - system:masters - - document_name: armada - common_name: armada - groups: - - system:masters - kubernetes-etcd: - description: Certificates for Kubernetes's etcd servers - certificates: - - document_name: apiserver-etcd - description: etcd client certificate for use by Kubernetes apiserver - common_name: apiserver - # NOTE(mark-burnett): hosts not required for client certificates - - document_name: kubernetes-etcd-anchor - description: anchor - common_name: anchor - - document_name: kubernetes-etcd-genesis - common_name: kubernetes-etcd-genesis - hosts: - - {{yaml.genesis.name}} - - {{yaml.genesis.host}} - - {{yaml.genesis.ksn}} - - {{yaml.genesis.pxe}} - - 127.0.0.1 - - localhost - - kubernetes-etcd.kube-system.svc.cluster.local - - {{yaml.kubernetes.etcd_service_ip}} - - document_name: kubernetes-etcd-{{yaml.genesis.name}} - common_name: kubernetes-etcd-{{yaml.genesis.name}} - hosts: - - {{yaml.genesis.name}} - - {{yaml.genesis.host}} - - {{yaml.genesis.ksn}} - - {{yaml.genesis.pxe}} - - 127.0.0.1 - - localhost - - kubernetes-etcd.kube-system.svc.cluster.local - - {{yaml.kubernetes.etcd_service_ip}} -{% for server in yaml.masters %} - - document_name: kubernetes-etcd-{{ server.name }} - common_name: kubernetes-etcd-{{ server.name }} - hosts: - - {{ server.name }} - - {{server.host}} - - {{server.ksn}} - - {{server.pxe}} - - 127.0.0.1 - - localhost - - kubernetes-etcd.kube-system.svc.cluster.local - - {{yaml.kubernetes.etcd_service_ip}} -{% endfor %} - kubernetes-etcd-peer: - certificates: - - document_name: kubernetes-etcd-genesis-peer - common_name: kubernetes-etcd-genesis-peer - hosts: - - {{yaml.genesis.name}} - - {{yaml.genesis.host}} - - {{yaml.genesis.ksn}} - - {{yaml.genesis.pxe}} - - 127.0.0.1 - - localhost - - kubernetes-etcd.kube-system.svc.cluster.local - - {{yaml.kubernetes.etcd_service_ip}} - - document_name: kubernetes-etcd-{{yaml.genesis.name}}-peer - common_name: kubernetes-etcd-{{yaml.genesis.name}}-peer - hosts: - - {{yaml.genesis.name}} - - {{yaml.genesis.host}} - - {{yaml.genesis.ksn}} - - {{yaml.genesis.pxe}} - - 127.0.0.1 - - localhost - - kubernetes-etcd.kube-system.svc.cluster.local - - {{yaml.kubernetes.etcd_service_ip}} -{% for server in yaml.masters %} - - document_name: kubernetes-etcd-{{server.name}}-peer - common_name: kubernetes-etcd-{{server.name}}-peer - hosts: - - {{server.name}} - - {{server.host}} - - {{server.ksn}} - - {{server.pxe}} - - 127.0.0.1 - - localhost - - kubernetes-etcd.kube-system.svc.cluster.local - - {{yaml.kubernetes.etcd_service_ip}} -{% endfor %} - calico-etcd: - description: Certificates for Calico etcd client traffic - certificates: - - document_name: calico-etcd-anchor - description: anchor - common_name: anchor - - document_name: calico-etcd-{{yaml.genesis.name}} - common_name: calico-etcd-{{yaml.genesis.name}} - hosts: - - {{yaml.genesis.name}} - - {{yaml.genesis.host}} - - {{yaml.genesis.ksn}} - - {{yaml.genesis.pxe}} - - 127.0.0.1 - - localhost - - 10.96.232.136 -{% for server in yaml.masters %} - - document_name: calico-etcd-{{server.name}} - common_name: calico-etcd-{{server.name}} - hosts: - - {{server.name}} - - {{server.host}} - - {{server.ksn}} - - {{server.pxe}} - - 127.0.0.1 - - localhost - - 10.96.232.136 -{% endfor %} - - document_name: calico-node - common_name: calcico-node - calico-etcd-peer: - description: Certificates for Calico etcd clients - certificates: - - document_name: calico-etcd-{{yaml.genesis.name}}-peer - common_name: calico-etcd-{{yaml.genesis.name}}-peer - hosts: - - {{yaml.genesis.name}} - - {{yaml.genesis.host}} - - {{yaml.genesis.ksn}} - - {{yaml.genesis.pxe}} - - 127.0.0.1 - - localhost - - 10.96.232.136 -{% for server in yaml.masters %} - - document_name: calico-etcd-{{server.name}}-peer - common_name: calico-etcd-{{server.name}}-peer - hosts: - - {{server.name}} - - {{server.host}} - - {{server.ksn}} - - {{server.pxe}} - - 127.0.0.1 - - localhost - - 10.96.232.136 -{% endfor %} - - document_name: calico-node-peer - common_name: calcico-node-peer - keypairs: - - name: service-account - description: Service account signing key for use by Kubernetes controller-manager. -...