Merge pull request #232 from Mirantis/cleanup
cleanup opencontrail metadata/remove unused gluster definition for ke…
diff --git a/README.rst b/README.rst
index 539b6d2..1f1c8f4 100644
--- a/README.rst
+++ b/README.rst
@@ -78,3 +78,19 @@
# Enabling 7 VFs on eth4 PF
echo 7 > /sys/class/net/eth4/device/sriov_numvfs; sleep 2; ip link set eth4 up
exit 0
+
+
+Nagios Monitoring
+=================
+
+Configure Hosts dynamically
+---------------------------
+
+The nagios formula looks up grains.items throught Salt mines to discover hosts.
+There are two different parameters that tell the nagios formula how to determine
+the hosts' IP address:
+
+- nagios_monitoring_network: IP subnet(s) in CIDR notation (can be a list)
+- nagios_monitoring_interface: interface name(s). Default ['eth0', 'ens3'].
+
+'nagios_monitoring_network' parameter takes precedence over 'nagios_monitoring_interface' list.
diff --git a/devops_portal/service/pushkin.yml b/devops_portal/service/pushkin.yml
new file mode 100644
index 0000000..82a073c
--- /dev/null
+++ b/devops_portal/service/pushkin.yml
@@ -0,0 +1,10 @@
+parameters:
+ devops_portal:
+ config:
+ service:
+ pushkin:
+ configure_proxy: true
+ endpoint:
+ address: ${_param:haproxy_pushkin_bind_host}
+ port: ${_param:haproxy_pushkin_bind_port}
+ https: ${_param:haproxy_pushkin_ssl:enabled}
diff --git a/docker/swarm/service/elasticsearch.yml b/docker/swarm/service/elasticsearch.yml
index 02dea57..4d49494 100644
--- a/docker/swarm/service/elasticsearch.yml
+++ b/docker/swarm/service/elasticsearch.yml
@@ -16,4 +16,4 @@
elasticsearch:
type: bind
source: /srv/volumes/elasticsearch
- destination: /var/lib/elasticsearch/data
+ destination: /usr/share/elasticsearch/data
diff --git a/docker/swarm/service/pushkin.yml b/docker/swarm/service/pushkin.yml
index e4fe424..d01842d 100644
--- a/docker/swarm/service/pushkin.yml
+++ b/docker/swarm/service/pushkin.yml
@@ -25,4 +25,4 @@
pushkin:
type: bind
source: /srv/volumes/pushkin/logs
- destination: /var/log/pushkin/logs
\ No newline at end of file
+ destination: /var/log/pushkin
\ No newline at end of file
diff --git a/galera/server/database/nova.yml b/galera/server/database/nova.yml
index 619c5df..86d4821 100644
--- a/galera/server/database/nova.yml
+++ b/galera/server/database/nova.yml
@@ -24,3 +24,14 @@
password: ${_param:mysql_nova_password}
host: ${_param:cluster_local_address}
rights: all
+ nova_cell0:
+ encoding: utf8
+ users:
+ - name: nova
+ password: ${_param:mysql_nova_password}
+ host: '%'
+ rights: all
+ - name: nova
+ password: ${_param:mysql_nova_password}
+ host: ${_param:cluster_local_address}
+ rights: all
diff --git a/glusterfs/client/volume/pushkin.yml b/glusterfs/client/volume/pushkin.yml
index 1853863..6191cb4 100644
--- a/glusterfs/client/volume/pushkin.yml
+++ b/glusterfs/client/volume/pushkin.yml
@@ -7,4 +7,4 @@
pushkin:
path: /srv/volumes/pushkin
server: ${_param:pushkin_glusterfs_service_host}
- opts: 'defaults'
+ opts: 'defaults'
\ No newline at end of file
diff --git a/haproxy/proxy/listen/openstack/nova-placement.yml b/haproxy/proxy/listen/openstack/nova-placement.yml
new file mode 100644
index 0000000..e3b72b7
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/nova-placement.yml
@@ -0,0 +1,29 @@
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ nova_placement_api:
+ mode: http
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 8778
+ options:
+ - httpclose
+ - httplog
+ health-check:
+ http:
+ options:
+ - expect status 401
+ servers:
+ - name: ctl01
+ host: ${_param:cluster_node01_address}
+ port: 8778
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ctl02
+ host: ${_param:cluster_node02_address}
+ port: 8778
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ctl03
+ host: ${_param:cluster_node03_address}
+ port: 8778
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
diff --git a/haproxy/proxy/listen/oss/pushkin.yml b/haproxy/proxy/listen/oss/pushkin.yml
index 458a226..db33352 100644
--- a/haproxy/proxy/listen/oss/pushkin.yml
+++ b/haproxy/proxy/listen/oss/pushkin.yml
@@ -11,13 +11,13 @@
pushkin:
mode: http
options:
- - httpchk get /apps
+ - httpchk GET /apps
balance: source
http_request:
- action: "add-header X-Forwarded-Proto https"
condition: "if { ssl_fc }"
sticks:
- - http-check expect ! rstatus ^5
+ - http-check expect status 200
binds:
- address: ${_param:haproxy_pushkin_bind_host}
port: ${_param:haproxy_pushkin_bind_port}
diff --git a/haproxy/proxy/listen/oss/pushkin_db.yml b/haproxy/proxy/listen/oss/pushkin_db.yml
index 74b15a2..c67c591 100644
--- a/haproxy/proxy/listen/oss/pushkin_db.yml
+++ b/haproxy/proxy/listen/oss/pushkin_db.yml
@@ -12,7 +12,7 @@
mode: tcp
balance: source
options:
- - pgsql-check user ${_param:pushkin_db_user}
+ - tcp-check
binds:
- address: ${_param:haproxy_pushkin_db_bind_host}
port: ${_param:haproxy_pushkin_db_bind_port}
@@ -21,12 +21,12 @@
- name: ${_param:cluster_node01_name}
host: ${_param:cluster_node01_address}
port: ${_param:haproxy_pushkin_db_exposed_port}
- params: check
+ params: check port ${_param:haproxy_pushkin_db_exposed_port}
- name: ${_param:cluster_node02_name}
host: ${_param:cluster_node02_address}
port: ${_param:haproxy_pushkin_db_exposed_port}
- params: backup check
+ params: backup check port ${_param:haproxy_pushkin_db_exposed_port}
- name: ${_param:cluster_node03_name}
host: ${_param:cluster_node03_address}
port: ${_param:haproxy_pushkin_db_exposed_port}
- params: backup check
+ params: backup check port ${_param:haproxy_pushkin_db_exposed_port}
diff --git a/jenkins/client/job/git-mirrors/downstream/templates.yml b/jenkins/client/job/git-mirrors/downstream/templates.yml
index 50e9152..ef504af 100644
--- a/jenkins/client/job/git-mirrors/downstream/templates.yml
+++ b/jenkins/client/job/git-mirrors/downstream/templates.yml
@@ -5,9 +5,9 @@
jenkins_git_mirror_downstream_jobs:
- name: cookiecutter-templates
downstream: mk/cookiecutter-templates
- upstream: "https://github.com/Mirantis/mk2x-cookiecutter-reclass-model"
+ upstream: "git@github.com:Mirantis/mk2x-cookiecutter-reclass-model"
branches: master
- name: heat-templates
downstream: mk/heat-templates
- upstream: "https://github.com/Mirantis/mk-lab-heat-templates"
- branches: master
\ No newline at end of file
+ upstream: "git@github.com:Mirantis/mk-lab-heat-templates"
+ branches: master
diff --git a/jenkins/client/job/git-mirrors/upstream/docker_images.yml b/jenkins/client/job/git-mirrors/upstream/docker_images.yml
index b4de3e2..2dc60b3 100644
--- a/jenkins/client/job/git-mirrors/upstream/docker_images.yml
+++ b/jenkins/client/job/git-mirrors/upstream/docker_images.yml
@@ -18,4 +18,8 @@
- name: docker-phpldapadmin
downstream: mk/docker-phpldapadmin
upstream: "git@github.com:Mirantis/docker-phpldapadmin"
+ branches: stable,master
+ - name: docker-openldap
+ downstream: mk/docker-openldap
+ upstream: "git@github.com:Mirantis/docker-openldap"
branches: stable,master
\ No newline at end of file
diff --git a/jenkins/client/job/opencontrail/build/generic.yml b/jenkins/client/job/opencontrail/build/generic.yml
index 7cd226e..75ba8bf 100644
--- a/jenkins/client/job/opencontrail/build/generic.yml
+++ b/jenkins/client/job/opencontrail/build/generic.yml
@@ -106,27 +106,57 @@
trigger:
gerrit:
project:
- contrail/contrail-controller:
- branches:
- - "{{branch}}"
- contrail/contrail-vrouter:
- branches:
- - "{{branch}}"
- contrail/contrail-packages:
- branches:
- - "{{branch}}"
- contrail/contrail-vrouter:
- branches:
- - "{{branch}}"
- contrail/contrail-web-core:
- branches:
- - "{{branch}}"
- contrail/contrail-web-controller:
- branches:
- - "{{branch}}"
- contrail/contrail-third-party:
- branches:
- - "{{branch}}"
+ contrail/contrail-pipeline:
+ branches:
+ - "{{branch}}"
+ contrail/contrail-build:
+ branches:
+ - "{{branch}}"
+ contrail/contrail-controller:
+ branches:
+ - "{{branch}}"
+ contrail/contrail-vrouter:
+ branches:
+ - "{{branch}}"
+ contrail/contrail-third-party:
+ branches:
+ - "{{branch}}"
+ contrail/contrail-generateDS:
+ branches:
+ - "{{branch}}"
+ contrail/contrail-sandesh:
+ branches:
+ - "{{branch}}"
+ contrail/contrail-packages:
+ branches:
+ - "{{branch}}"
+ contrail/contrail-nova-vif-driver:
+ branches:
+ - "{{branch}}"
+ contrail/contrail-neutron-plugin:
+ branches:
+ - "{{branch}}"
+ contrail/contrail-nova-extensions:
+ branches:
+ - "{{branch}}"
+ contrail/contrail-heat:
+ branches:
+ - "{{branch}}"
+ contrail/contrail-web-storage:
+ branches:
+ - "{{branch}}"
+ contrail/contrail-web-server-manager:
+ branches:
+ - "{{branch}}"
+ contrail/contrail-web-controller:
+ branches:
+ - "{{branch}}"
+ contrail/contrail-web-core:
+ branches:
+ - "{{branch}}"
+ contrail/contrail-webui-third-party:
+ branches:
+ - "{{branch}}"
event:
comment:
- addedContains:
diff --git a/jenkins/client/job/opencontrail/git-mirrors/downstream.yml b/jenkins/client/job/opencontrail/git-mirrors/downstream.yml
index 0cf3a33..b49a1a0 100644
--- a/jenkins/client/job/opencontrail/git-mirrors/downstream.yml
+++ b/jenkins/client/job/opencontrail/git-mirrors/downstream.yml
@@ -8,24 +8,43 @@
name: git-mirror-{{name}}
jobs:
- name: contrail-build
+ branches: ${_param:contrail_branches}
- name: contrail-controller
+ branches: ${_param:contrail_branches}
- name: contrail-vrouter
+ branches: ${_param:contrail_branches}
- name: contrail-third-party
+ branches: ${_param:contrail_branches}
- name: contrail-generateDS
+ branches: ${_param:contrail_branches}
- name: contrail-sandesh
+ branches: ${_param:contrail_branches}
- name: contrail-packages
+ branches: ${_param:contrail_branches}
- name: contrail-nova-vif-driver
+ branches: ${_param:contrail_branches}
- name: contrail-neutron-plugin
+ branches: ${_param:contrail_branches}
- name: contrail-nova-extensions
+ branches: ${_param:contrail_branches}
- name: contrail-ceilometer-plugin
+ branches: ${_param:contrail_ceilometer_plugin_branches}
- name: contrail-heat
+ branches: ${_param:contrail_branches}
- name: contrail-web-storage
+ branches: ${_param:contrail_branches}
- name: contrail-web-server-manager
+ branches: ${_param:contrail_branches}
- name: contrail-web-controller
+ branches: ${_param:contrail_branches}
- name: contrail-web-core
+ branches: ${_param:contrail_branches}
- name: contrail-webui-third-party
+ branches: ${_param:contrail_branches}
- name: contrail-dpdk-extra-packages
+ branches: ${_param:contrail_dpdk_extra_branches}
- name: contrail-kubernetes
+ branches: ${_param:contrail_kubernetes_branches}
template:
discard:
build:
@@ -57,7 +76,7 @@
default: "gerrit"
BRANCHES:
type: string
- default: ${_param:contrail_branches}
+ default: "{{branches}}"
job:
git-mirror-ifmap-python-client:
discard:
diff --git a/jenkins/client/job/opencontrail/init.yml b/jenkins/client/job/opencontrail/init.yml
index b41a357..63e4215 100644
--- a/jenkins/client/job/opencontrail/init.yml
+++ b/jenkins/client/job/opencontrail/init.yml
@@ -7,6 +7,7 @@
contrail_kubernetes_branches: "master,release-1.2"
contrail_dpdk_extra_branches: "mitaka,kilo,liberty-multiqueue"
contrail_ceilometer_plugin_branches: "master"
+ contrail_kubernetes_branches: "master,origin-1.1,origin-1.1.3,release-1.1,release-1.2"
jenkins:
client:
view:
diff --git a/jenkins/client/job/test_devops_portal.yml b/jenkins/client/job/test_devops_portal.yml
index 0d9f2df..2771e85 100644
--- a/jenkins/client/job/test_devops_portal.yml
+++ b/jenkins/client/job/test_devops_portal.yml
@@ -2,8 +2,8 @@
jenkins:
client:
job:
- test-devops-portal-unittests:
- name: test-devops-portal-unittests
+ test-oss-devops-portal:
+ name: test-oss-devops-portal
discard:
build:
keep_num: 10
diff --git a/keepalived/cluster/instance/prometheus_server_vip.yml b/keepalived/cluster/instance/prometheus_server_vip.yml
new file mode 100644
index 0000000..7bde702
--- /dev/null
+++ b/keepalived/cluster/instance/prometheus_server_vip.yml
@@ -0,0 +1,18 @@
+applications:
+- keepalived
+classes:
+- service.keepalived.support
+parameters:
+ _param:
+ keepalived_vip_priority: 101
+ keepalived:
+ cluster:
+ enabled: true
+ instance:
+ prometheus_server_vip:
+ address: ${_param:keepalived_prometheus_vip_address}
+ password: ${_param:keepalived_prometheus_vip_password}
+ interface: ${_param:keepalived_prometheus_vip_interface}
+ virtual_router_id: 105
+ priority: ${_param:keepalived_vip_priority}
+
diff --git a/keystone/client/service/nova-placement.yml b/keystone/client/service/nova-placement.yml
new file mode 100644
index 0000000..61b5455
--- /dev/null
+++ b/keystone/client/service/nova-placement.yml
@@ -0,0 +1,23 @@
+parameters:
+ _param:
+ cluster_public_protocol: https
+ keystone:
+ client:
+ server:
+ identity:
+ service:
+ placement:
+ type: placement
+ description: OpenStack Placement API
+ endpoints:
+ - region: ${_param:openstack_region}
+ public_address: ${_param:cluster_public_host}
+ public_protocol: ${_param:cluster_public_protocol}
+ public_port: '8778'
+ public_path: ''
+ internal_address: ${_param:nova_service_host}
+ internal_port: '8778'
+ internal_path: ''
+ admin_address: ${_param:nova_service_host}
+ admin_port: '8778'
+ admin_path: ''
diff --git a/linux/system/repo_local/mcp/contrail.yml b/linux/system/repo_local/mcp/contrail.yml
index 158fda5..89a7236 100644
--- a/linux/system/repo_local/mcp/contrail.yml
+++ b/linux/system/repo_local/mcp/contrail.yml
@@ -6,7 +6,7 @@
linux:
system:
repo:
- mcp_opencontrail_${_param:linux_repo_contrail_component}:
+ mcp_opencontrail:
refresh_db: ${_param:linux_repo_refresh_db}
source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu-${_param:linux_system_codename}/ ${_param:apt_mk_version} ${_param:linux_repo_contrail_component}"
architectures: amd64
diff --git a/mysql/client/database/nova_api.yml b/mysql/client/database/nova_api.yml
index 9380445..a8fbd59 100644
--- a/mysql/client/database/nova_api.yml
+++ b/mysql/client/database/nova_api.yml
@@ -15,3 +15,14 @@
password: ${_param:mysql_nova_password}
host: ${_param:single_address}
rights: all
+ nova_cell0:
+ encoding: utf8
+ users:
+ - name: nova
+ password: ${_param:mysql_nova_password}
+ host: '%'
+ rights: all
+ - name: nova
+ password: ${_param:mysql_nova_password}
+ host: ${_param:single_address}
+ rights: all
diff --git a/nagios/server/init.yml b/nagios/server/init.yml
index e495915..3a027a2 100644
--- a/nagios/server/init.yml
+++ b/nagios/server/init.yml
@@ -3,6 +3,10 @@
nagios_notification_email: root@localhost
nagios_host_dimension_key: nagios_host
nagios_default_host_alarm_clusters: 00-clusters
+ nagios_monitoring_network: []
+ nagios_monitoring_interface:
+ - eth0
+ - ens3
nagios :
server:
enabled: true
@@ -45,9 +49,9 @@
grain_hostname: 'host'
hostname_suffix: ${_param:stacklight_environment}
hostgroups:
- - target: '*'
+ - target: 'G@services:openssh'
name: All
- expr_from: glob
+ expr_from: compound
- target: 'G@roles:nova.controller'
expr_from: compound # the default
name: Nova Controller
@@ -63,10 +67,8 @@
- target: 'G@services:openssh'
contact_groups: Operator
use: generic_host_tpl
- interface:
- - eth0
- - ens3
- - p4p1.602
+ interface: ${_param:nagios_monitoring_interface}
+ network: ${_param:nagios_monitoring_network}
services:
- target: 'G@roles:openssh.server'
name: SSH
diff --git a/nginx/server/proxy/monitoring/prometheus_alertmanager.yml b/nginx/server/proxy/monitoring/prometheus_alertmanager.yml
new file mode 100644
index 0000000..2430104
--- /dev/null
+++ b/nginx/server/proxy/monitoring/prometheus_alertmanager.yml
@@ -0,0 +1,16 @@
+parameters:
+ nginx:
+ server:
+ enabled: true
+ site:
+ nginx_proxy_prometheus_alertmanager:
+ enabled: true
+ type: nginx_proxy
+ name: prometheus_alertmanager
+ proxy:
+ host: ${_param:prometheus_control_address}
+ port: 15011
+ protocol: http
+ host:
+ name: ${_param:cluster_public_host}
+ port: 15011
diff --git a/nginx/server/proxy/monitoring/prometheus_server.yml b/nginx/server/proxy/monitoring/prometheus_server.yml
new file mode 100644
index 0000000..76ff56a
--- /dev/null
+++ b/nginx/server/proxy/monitoring/prometheus_server.yml
@@ -0,0 +1,16 @@
+parameters:
+ nginx:
+ server:
+ enabled: true
+ site:
+ nginx_proxy_prometheus_server:
+ enabled: true
+ type: nginx_proxy
+ name: prometheus_server
+ proxy:
+ host: ${_param:prometheus_control_address}
+ port: 15010
+ protocol: http
+ host:
+ name: ${_param:cluster_public_host}
+ port: 15010
diff --git a/openssh/server/team/mcp_qa.yml b/openssh/server/team/mcp_qa.yml
index 582882f..5fc30d4 100644
--- a/openssh/server/team/mcp_qa.yml
+++ b/openssh/server/team/mcp_qa.yml
@@ -133,6 +133,13 @@
full_name: Vlad Naumov
home: /home/vnaumov
email: vnaumov@mirantis.com
+ ekhomyakova:
+ enabled: true
+ name: ekhomyakova
+ sudo: true
+ full_name: Ekaterina Khomyakova
+ home: /home/ekhomyakova
+ email: ekhomyakova@mirantis.com
group:
libvirtd:
enabled: true
@@ -246,6 +253,11 @@
public_keys:
- ${public_keys:vnaumov}
user: ${linux:system:user:vnaumov}
+ ekhomyakova:
+ enable: true
+ public_keys:
+ - ${public_keys:ekhomyakova}
+ user: ${linux:system:user:ekhomyakova}
public_keys:
ddmitriev:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDuD4wJ8hzkchQ0pfgdwWukQyps1xYRfHOsjosmDu/mmgaXVud5mnpwb2q35E2YYTox2mx+ulJqyS+099gz6MPg4P8D5qdMuRbAsJqbceLaaIGQhdT8qgSo7ESrl5pwvYnfWzKLKF0z5s7nrW0nvArC40zhV9o9XpvzzzSFByepWfkwA8ReldGUYVvTKp8YXaCrqEdMZrU42adPM2nl+fYBbGF+h4/Ka247aVjPeER0blV3znFXbv2Kf38G+i/TEGaktgpBdtGGDi1tX2loMypmTJeqZRJnM0Eoly0BnynB7CSxn11eoIXBUe1mVYNqmQd1hw6uh59iymhK5j939v9J ddmitriev@dis_xcom
@@ -289,3 +301,5 @@
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCti9e5kyNEtX3MEns+eehUCzaxZmI8FWkWrLeRQY3jLUGzI3+N12tA7gKffczGIDP/ttnDg1hl98Yw28mkrIfYYMwRMqsBkGmYZyu6EXccyde6/5U/dgKVFGYLjWmbAAcaIaO2YoxqUJKvIanfLNHTRI29KwgxpaMCtjB7+jHiw/V0MF2xKi8yJgajZgh8iXPiv50BGjICx1BuqgqZb5jjxouV0FpU28mBOobqtaphOHeFPHk1Uool9MBt+2ocAjLbFhozmx0xryBVG4FGreovK60Zz4PuGCUL98rSTt8fbebfVokqkCG+sjykTcEQ8h5/0BUR4sPXw5mxATHD/AOv rkhozinov@rkhw
vnaumov:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDno7VX9jiveRCF7d1C/FK24WLZwCArdrBBOQ1uHqpkUfUYtG6vrYgt/K2n2FXoX55lbeoJAwuNC9HviaY+vQAekCI4W2s02iD+j/GRUwitpv+lJZXSmt/q2PgLz3OFUIsJV0EwyNl+bexM4+2jYTmHeDMrXAsHL4I2GUv5sFycA11UhxZ/Qm2QMKlRZhje/IJieX9u2BhgYuPYffASVl4AhwtDagYdqquwUXrfu/dQRt/U9w0Di9alApcyPqiW9LbXUgwha1G9+ScQnxmp8WvmaV8YR+nf2OFxQHvOZPYjCzniRnYpaQUMeUAkJKxDwqR1dAKYnaQY5TfXtFwfzsjN vnaumov@vnaumov
+ ekhomyakova:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEaWwPVtsj39s0A2efRQ1ejL5B7ZetFPmXJDi/8W/gTWIIII3xP750H8QWZfvbjiJ+KBCxOndDL8aL3SHC/iRCvmzrVkgXBgf5J9vTu8uas7BNGf7oiDBuB75fryDtkg57Pam/A47IlgxJTCwYz+ofUGHb6WrWwQ+MUTEWAk9PB+RPyxjwNC4XxEwtULkKQMgFmg52kauESpx0R0ni8/LLKUJucdse7NCcUTvEcafppnXsxdZ640G0K82ADS1neg1CDwdtCPKLG57GZYs4iL3sPcOhQxnVUoONXsRpBD8kQTKOMl5R6hTDJHBd3oimUPEXlPqeb/XeGKatVraRA6nJ ekhomyakova@ekhomyakova
diff --git a/salt/minion/cert/k8s_server.yml b/salt/minion/cert/k8s_server.yml
index e340b52..603d369 100644
--- a/salt/minion/cert/k8s_server.yml
+++ b/salt/minion/cert/k8s_server.yml
@@ -10,4 +10,4 @@
cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt
all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem
signing_policy: cert_server
- alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address},DNS:kubernetes.default
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address},DNS:kubernetes.default,DNS:kubernetes.default.svc