--- # The purpose of this file is to build the list of calico etcd nodes and the # calico etcd certs for those nodes in the environment. schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: kubernetes-calico-etcd layeringDefinition: abstract: false layer: site parentSelector: name: kubernetes-calico-etcd-global actions: - method: merge path: . storagePolicy: cleartext substitutions: # Generate a list of control plane nodes (i.e. genesis node + master node # list) on which calico etcd will run and will need certs. It is assumed # that Airship sites will have 4 control plane nodes, so this should not need to # change for a new site. - src: schema: pegleg/CommonAddresses/v1 name: common-addresses path: .genesis.hostname dest: path: .values.nodes[0].name - src: schema: pegleg/CommonAddresses/v1 name: common-addresses path: .masters[0].hostname dest: path: .values.nodes[1].name - src: schema: pegleg/CommonAddresses/v1 name: common-addresses path: .masters[1].hostname dest: path: .values.nodes[2].name - src: schema: pegleg/CommonAddresses/v1 name: common-addresses path: .masters[2].hostname dest: path: .values.nodes[3].name # Certificate substitutions for the node names assembled on the above list. # Genesis hostname - n0 - src: schema: deckhand/Certificate/v1 name: calico-etcd-n0 path: . dest: path: .values.nodes[0].tls.client.cert - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-n0 path: . dest: path: .values.nodes[0].tls.client.key - src: schema: deckhand/Certificate/v1 name: calico-etcd-n0-peer path: . dest: path: .values.nodes[0].tls.peer.cert - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-n0-peer path: . dest: path: .values.nodes[0].tls.peer.key # master node 1 hostname - n1 - src: schema: deckhand/Certificate/v1 name: calico-etcd-n1 path: . dest: path: .values.nodes[1].tls.client.cert - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-n1 path: . dest: path: .values.nodes[1].tls.client.key - src: schema: deckhand/Certificate/v1 name: calico-etcd-n1-peer path: . dest: path: .values.nodes[1].tls.peer.cert - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-n1-peer path: . dest: path: .values.nodes[1].tls.peer.key # master node 2 hostname - n2 - src: schema: deckhand/Certificate/v1 name: calico-etcd-n2 path: . dest: path: .values.nodes[2].tls.client.cert - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-n2 path: . dest: path: .values.nodes[2].tls.client.key - src: schema: deckhand/Certificate/v1 name: calico-etcd-n2-peer path: . dest: path: .values.nodes[2].tls.peer.cert - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-n2-peer path: . dest: path: .values.nodes[2].tls.peer.key # master node 3 hostname - n3 - src: schema: deckhand/Certificate/v1 name: calico-etcd-n3 path: . dest: path: .values.nodes[3].tls.client.cert - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-n3 path: . dest: path: .values.nodes[3].tls.client.key - src: schema: deckhand/Certificate/v1 name: calico-etcd-n3-peer path: . dest: path: .values.nodes[3].tls.peer.cert - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-n3-peer path: $ dest: path: .values.nodes[3].tls.peer.key data: {} ...