X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=site_type%2Fsriov-a13%2Ftemplates%2Fsoftware%2Fcharts%2Fkubernetes%2Fetcd%2Fetcd.j2;fp=site_type%2Fsriov-a13%2Ftemplates%2Fsoftware%2Fcharts%2Fkubernetes%2Fetcd%2Fetcd.j2;h=b99a105c2d1c2304038aa569dbdaff7670b2812d;hb=fbb206730195c6f03ded7658d08f1ef708ebf88b;hp=0000000000000000000000000000000000000000;hpb=3395a537e26721ec33a80f66686ca932f9328722;p=yaml_builds.git diff --git a/site_type/sriov-a13/templates/software/charts/kubernetes/etcd/etcd.j2 b/site_type/sriov-a13/templates/software/charts/kubernetes/etcd/etcd.j2 new file mode 100644 index 0000000..b99a105 --- /dev/null +++ b/site_type/sriov-a13/templates/software/charts/kubernetes/etcd/etcd.j2 @@ -0,0 +1,105 @@ +--- +# The purpose of this file is to build the list of k8s etcd nodes and the +# k8s etcd certs for those nodes in the environment. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + # Generate a list of control plane nodes (i.e. genesis node + master node + # list) on which k8s etcd will run and will need certs. It is assumed + # that Airship sites will have 4 control plane nodes, so this should not need to + # change for a new site. + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[0].name +{% for server in yaml.masters %} + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[{{loop.index-1}}].hostname + dest: + path: .values.nodes[{{loop.index}}].name +{% endfor %} + + # Certificate substitutions for the node names assembled on the above list. + # NEWSITE-CHANGEME: Per above, the number of substitutions should not need + # to change with a standard Airship deployment. However, the names of each + # deckhand certficiate should be updated with the correct hostnames for your + # environment. The ordering is important (Genesis is index 0, then master + # nodes in the order they are specified in common-addresses). + + # Genesis Exception* + # *NOTE: This is an exception in that `genesis` is not the hostname of the + # genesis node, but `genesis` is reference here in the certificate names + # because of certain Promenade assumptions that may be addressed in the + # future. Therefore `genesis` is used instead of `cab23-r720-11` here. + + # Genesis node {{yaml.genesis.name}} + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[0].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[0].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: .values.nodes[0].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: .values.nodes[0].tls.peer.key +{% for server in yaml.masters %} + + # Master node {{loop.index}} hostname - {{server.name}} + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-{{server.name}} + path: . + dest: + path: .values.nodes[{{loop.index}}].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-{{server.name}} + path: . + dest: + path: .values.nodes[{{loop.index}}].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-{{server.name}}-peer + path: . + dest: + path: .values.nodes[{{loop.index}}].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-{{server.name}}-peer + path: . + dest: + path: .values.nodes[{{loop.index}}].tls.peer.key +{% endfor %} + +data: {} +...