249 lines
8.8 KiB
YAML
249 lines
8.8 KiB
YAML
---
|
|
schema: promenade/PKICatalog/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: kubernetes-etcd
|
|
labels:
|
|
name: kubernetes-etcd-type
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: type
|
|
substitutions:
|
|
# Service IP substitutions
|
|
- src:
|
|
schema: pegleg/CommonAddresses/v1
|
|
name: common-addresses
|
|
path: .kubernetes.etcd_service_ip
|
|
dest:
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[0].hosts[2]
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[1].hosts[2]
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[2]
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[3].hosts[2]
|
|
|
|
# Substitutions for bootstrapping Genesis etcd
|
|
- src:
|
|
schema: nc/ControlPlaneAddresses/v1
|
|
name: control-plane-addresses
|
|
path: .genesis.hostname
|
|
dest:
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[0].hosts[3]
|
|
- path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[2]
|
|
|
|
- src:
|
|
schema: nc/ControlPlaneAddresses/v1
|
|
name: control-plane-addresses
|
|
path: .genesis.ip.oam
|
|
dest:
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[0].hosts[4]
|
|
- path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[3]
|
|
|
|
- src:
|
|
schema: nc/ControlPlaneAddresses/v1
|
|
name: control-plane-addresses
|
|
path: .genesis.ip.ksn
|
|
dest:
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[0].hosts[5]
|
|
- path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[4]
|
|
|
|
# Substitutions for master 0
|
|
- src:
|
|
schema: nc/ControlPlaneAddresses/v1
|
|
name: control-plane-addresses
|
|
path: .masters[0].hostname
|
|
dest:
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[1].common_name
|
|
pattern: HOSTNAME
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[1].hosts[3]
|
|
|
|
- path: .certificate_authorities.kubernetes-etcd-peer.certificates[1].common_name
|
|
pattern: HOSTNAME
|
|
- path: .certificate_authorities.kubernetes-etcd-peer.certificates[1].hosts[2]
|
|
|
|
- src:
|
|
schema: nc/ControlPlaneAddresses/v1
|
|
name: control-plane-addresses
|
|
path: .masters[0].ip.oam
|
|
dest:
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[1].hosts[4]
|
|
- path: .certificate_authorities.kubernetes-etcd-peer.certificates[1].hosts[3]
|
|
|
|
- src:
|
|
schema: nc/ControlPlaneAddresses/v1
|
|
name: control-plane-addresses
|
|
path: .masters[0].ip.ksn
|
|
dest:
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[1].hosts[5]
|
|
- path: .certificate_authorities.kubernetes-etcd-peer.certificates[1].hosts[4]
|
|
|
|
# Substitutions for master 1
|
|
- src:
|
|
schema: nc/ControlPlaneAddresses/v1
|
|
name: control-plane-addresses
|
|
path: .masters[1].hostname
|
|
dest:
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[2].common_name
|
|
pattern: HOSTNAME
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[3]
|
|
|
|
- path: .certificate_authorities.kubernetes-etcd-peer.certificates[2].common_name
|
|
pattern: HOSTNAME
|
|
- path: .certificate_authorities.kubernetes-etcd-peer.certificates[2].hosts[2]
|
|
|
|
- src:
|
|
schema: nc/ControlPlaneAddresses/v1
|
|
name: control-plane-addresses
|
|
path: .masters[1].ip.oam
|
|
dest:
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[4]
|
|
- path: .certificate_authorities.kubernetes-etcd-peer.certificates[2].hosts[3]
|
|
|
|
- src:
|
|
schema: nc/ControlPlaneAddresses/v1
|
|
name: control-plane-addresses
|
|
path: .masters[1].ip.ksn
|
|
dest:
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[5]
|
|
- path: .certificate_authorities.kubernetes-etcd-peer.certificates[2].hosts[4]
|
|
|
|
# Substitutions for master 2
|
|
- src:
|
|
schema: nc/ControlPlaneAddresses/v1
|
|
name: control-plane-addresses
|
|
path: .masters[2].hostname
|
|
dest:
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[3].common_name
|
|
pattern: HOSTNAME
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[3].hosts[3]
|
|
|
|
- path: .certificate_authorities.kubernetes-etcd-peer.certificates[3].common_name
|
|
pattern: HOSTNAME
|
|
- path: .certificate_authorities.kubernetes-etcd-peer.certificates[3].hosts[2]
|
|
|
|
- src:
|
|
schema: nc/ControlPlaneAddresses/v1
|
|
name: control-plane-addresses
|
|
path: .masters[2].ip.oam
|
|
dest:
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[3].hosts[4]
|
|
- path: .certificate_authorities.kubernetes-etcd-peer.certificates[3].hosts[3]
|
|
|
|
- src:
|
|
schema: nc/ControlPlaneAddresses/v1
|
|
name: control-plane-addresses
|
|
path: .masters[2].ip.ksn
|
|
dest:
|
|
- path: .certificate_authorities.kubernetes-etcd.certificates[3].hosts[5]
|
|
- path: .certificate_authorities.kubernetes-etcd-peer.certificates[3].hosts[4]
|
|
|
|
storagePolicy: cleartext
|
|
data:
|
|
certificate_authorities:
|
|
kubernetes-etcd:
|
|
description: Certificates for Kubernetes's etcd servers
|
|
certificates:
|
|
- document_name: kubernetes-etcd-genesis
|
|
common_name: kubernetes-etcd-genesis
|
|
hosts:
|
|
- 127.0.0.1
|
|
- localhost
|
|
# NOTE(mb874d): These are stubs and get replaced via substitution
|
|
- KUBERNETES_ETCD_SERVICE_IP
|
|
- GENESIS_HOSTNAME
|
|
- GENESIS_OAM_IP
|
|
- GENESIS_KSN_IP
|
|
kubernetes_service_names:
|
|
- kubernetes-etcd.kube-system.svc.cluster.local
|
|
|
|
- document_name: kubernetes-etcd-master-0
|
|
common_name: kubernetes-etcd-HOSTNAME
|
|
hosts:
|
|
- 127.0.0.1
|
|
- localhost
|
|
# NOTE(mb874d): These are stubs and get replaced via substitution
|
|
- KUBERNETES_ETCD_SERVICE_IP
|
|
- HOSTNAME
|
|
- OAM_IP
|
|
- KSN_IP
|
|
kubernetes_service_names:
|
|
- kubernetes-etcd.kube-system.svc.cluster.local
|
|
|
|
- document_name: kubernetes-etcd-master-1
|
|
common_name: kubernetes-etcd-HOSTNAME
|
|
hosts:
|
|
- 127.0.0.1
|
|
- localhost
|
|
# NOTE(mb874d): These are stubs and get replaced via substitution
|
|
- KUBERNETES_ETCD_SERVICE_IP
|
|
- HOSTNAME
|
|
- OAM_IP
|
|
- KSN_IP
|
|
kubernetes_service_names:
|
|
- kubernetes-etcd.kube-system.svc.cluster.local
|
|
|
|
- document_name: kubernetes-etcd-master-2
|
|
common_name: kubernetes-etcd-HOSTNAME
|
|
hosts:
|
|
- 127.0.0.1
|
|
- localhost
|
|
# NOTE(mb874d): These are stubs and get replaced via substitution
|
|
- KUBERNETES_ETCD_SERVICE_IP
|
|
- HOSTNAME
|
|
- OAM_IP
|
|
- KSN_IP
|
|
kubernetes_service_names:
|
|
- kubernetes-etcd.kube-system.svc.cluster.local
|
|
|
|
- document_name: apiserver-etcd
|
|
description: etcd client certificate for use by Kubernetes apiserver
|
|
common_name: apiserver
|
|
- document_name: kubernetes-etcd-anchor
|
|
description: anchor
|
|
common_name: anchor
|
|
|
|
- document_name: apiserver-webhook-etcd
|
|
description: etcd client certificate for use by Kubernetes apiserver with webhook
|
|
common_name: apiserver_webhook
|
|
|
|
kubernetes-etcd-peer:
|
|
certificates:
|
|
- document_name: kubernetes-etcd-genesis-peer
|
|
common_name: kubernetes-etcd-genesis-peer
|
|
hosts:
|
|
- 127.0.0.1
|
|
- localhost
|
|
# NOTE(mb874d): These are stubs and get replaced via substitution
|
|
- GENESIS_HOSTNAME
|
|
- GENESIS_OAM_IP
|
|
- GENESIS_KSN_IP
|
|
|
|
- document_name: kubernetes-etcd-master-0-peer
|
|
common_name: kubernetes-etcd-HOSTNAME-peer
|
|
hosts:
|
|
- 127.0.0.1
|
|
- localhost
|
|
# NOTE(mb874d): These are stubs and get replaced via substitution
|
|
- HOSTNAME
|
|
- OAM_IP
|
|
- KSN_IP
|
|
|
|
- document_name: kubernetes-etcd-master-1-peer
|
|
common_name: kubernetes-etcd-HOSTNAME-peer
|
|
hosts:
|
|
- 127.0.0.1
|
|
- localhost
|
|
# NOTE(mb874d): These are stubs and get replaced via substitution
|
|
- HOSTNAME
|
|
- OAM_IP
|
|
- KSN_IP
|
|
|
|
- document_name: kubernetes-etcd-master-2-peer
|
|
common_name: kubernetes-etcd-HOSTNAME-peer
|
|
hosts:
|
|
- 127.0.0.1
|
|
- localhost
|
|
# NOTE(mb874d): These are stubs and get replaced via substitution
|
|
- HOSTNAME
|
|
- OAM_IP
|
|
- KSN_IP
|
|
...
|