Merge pull request #77 from Mirantis/mos92
MOS 9.2 repos
diff --git a/haproxy/proxy/listen/kubernetes/apiserver.yml b/haproxy/proxy/listen/kubernetes/apiserver.yml
index a365c51..a45a71a 100644
--- a/haproxy/proxy/listen/kubernetes/apiserver.yml
+++ b/haproxy/proxy/listen/kubernetes/apiserver.yml
@@ -2,39 +2,23 @@
haproxy:
proxy:
listen:
- k8s_cluster:
+ k8s_secure:
type: kubernetes
+ options:
+ - ssl-hello-chk
binds:
- address: ${_param:cluster_vip_address}
- port: 8080
+ port: 443
servers:
- name: ${_param:cluster_node01_hostname}
host: ${_param:cluster_node01_address}
- port: 8080
+ port: 443
params: check
- name: ${_param:cluster_node02_hostname}
host: ${_param:cluster_node02_address}
- port: 8080
+ port: 443
params: check
- name: ${_param:cluster_node03_hostname}
host: ${_param:cluster_node03_address}
- port: 8080
- params: check
- k8s_cluster_localhost:
- type: kubernetes
- binds:
- - address: localhost
- port: 8080
- servers:
- - name: ${_param:cluster_node01_hostname}
- host: ${_param:cluster_node01_address}
- port: 8080
- params: check
- - name: ${_param:cluster_node02_hostname}
- host: ${_param:cluster_node02_address}
- port: 8080
- params: check
- - name: ${_param:cluster_node03_hostname}
- host: ${_param:cluster_node03_address}
- port: 8080
+ port: 443
params: check
\ No newline at end of file
diff --git a/haproxy/proxy/listen/kubernetes/apiserver_insecure.yml b/haproxy/proxy/listen/kubernetes/apiserver_insecure.yml
new file mode 100644
index 0000000..a365c51
--- /dev/null
+++ b/haproxy/proxy/listen/kubernetes/apiserver_insecure.yml
@@ -0,0 +1,40 @@
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ k8s_cluster:
+ type: kubernetes
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 8080
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 8080
+ params: check
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 8080
+ params: check
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 8080
+ params: check
+ k8s_cluster_localhost:
+ type: kubernetes
+ binds:
+ - address: localhost
+ port: 8080
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 8080
+ params: check
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 8080
+ params: check
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 8080
+ params: check
\ No newline at end of file
diff --git a/openssh/server/team/ccp_team.yml b/openssh/server/team/ccp_team.yml
index c809ec9..3355dc1 100644
--- a/openssh/server/team/ccp_team.yml
+++ b/openssh/server/team/ccp_team.yml
@@ -16,6 +16,34 @@
full_name: Sergey Reshetnyak
home: /home/sreshetnyak
email: sreshetnyak@mirantis.com
+ apavlov:
+ enabled: true
+ name: apavlov
+ sudo: true
+ full_name: Andrey Pavlov
+ home: /home/apavlov
+ email: apavlov@mirantis.com
+ sryabin:
+ enabled: true
+ name: sryabin
+ sudo: true
+ full_name: Sergey Ryabin
+ home: /home/sryabin
+ email: sryabin@mirantis.com
+ slukjanov:
+ enabled: true
+ name: slukjanov
+ sudo: true
+ full_name: Sergey Lukjanov
+ home: /home/slukjanov
+ email: slukjanov@mirantis.com
+ ytaraday:
+ enabled: true
+ name: ytaraday
+ sudo: true
+ full_name: Yuriy Taraday
+ home: /home/ytaraday
+ email: ytaraday@mirantis.com
openssh:
server:
enabled: true
@@ -30,8 +58,36 @@
public_keys:
- ${public_keys:sreshetnyak}
user: ${linux:system:user:sreshetnyak}
+ apavlov:
+ enabled: true
+ public_keys:
+ - ${public_keys:apavlov}
+ user: ${linux:system:user:apavlov}
+ sryabin:
+ enabled: true
+ public_keys:
+ - ${public_keys:sryabin}
+ user: ${linux:system:user:sryabin}
+ slukjanov:
+ enabled: true
+ public_keys:
+ - ${public_keys:slukjanov}
+ user: ${linux:system:user:slukjanov}
+ ytaraday:
+ enabled: true
+ public_keys:
+ - ${public_keys:ytaraday}
+ user: ${linux:system:user:ytaraday}
public_keys:
kproskurin:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBvuPnwVjS5AuxOp4Bd3zRFhE1IB7g5R8LMwfCpqokolV0pHw1QGbCFprBcahvR0daGla/lB0buUu1sCLmFm0QH/m3VD9PkY8VE/4XW58yCtA5/ANYqLchWaNxaaaQG8Sg3gxtcMwLUQ92HFejZT9c0jgQDRc8pTHHuPj/HuV1I2Cw2a/DHZtrMbMT27aAglrPFiMty+P1Gd5mdHAXK8sfK+LSZ9/PZ2IbW0fCGL3tE8rTwL7FG5rN7eeaX56lWwO3oQMu184Wi1vL/ukIt2sdRi6qvKAYfeELPzffo8GOhesQAq+BXzjpIo2HUT2gSkZid0YzX7lRLPWhAi1sdq3V oloremo@iHAL9000-2.local
sreshetnyak:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbc8cUMy2Stjq4qS8TaVGvTIUGetpgTcLCiW3NnG5Yqe+s+nlQnIL3ezvgSKHin4/PYHl8vV9FnmLdPLk+4eefoek1px8soW/B+Ri0KN6aQUy1ztcecMxcxRH9g4VLZWTbazqGsADwRCQVPXmyIQVQN5wMKd0IzXUp5c03dWv/I1PE7QPdKySrdhjjyo+1Npx/tQjtJaSnGCaUJrXfHXBxiiENzmHuY+se14nWV9RyYN3zRWsa8Yt1n2hWNNiKNfT89h6yFwZAxdsS+jGhzbGTLcWyAqq3sfvvgm0yeL5FEm0AKaOMv7AuM5LqjPkQE4zzCGA0j19EQlAjsVcvKHGH sreshetniak@workstation
+ apavlov:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC13FvtJl6OdwdiaLFYfJO5WaA7YUMi2/DJJECWtrjJPObGPeAQ1Z8zxQWanwZVhDO7E5oR7n/LmuKHaJkRIFyQEZY3mHS3k4yybg0Vqu2FcGWQO4P3R16v6qDLvuvu9S4sUkYF3k8oYDzwN/Vc+o7a4AkL5U5rjB3vbLWVdGg8G61jFjdekXbJdFCb0liPpcQrUe1yZmjE2E4ERPOZLCVADPiVzXJhtbKigbn/nwdk4D0g+eq3NW0AwJfkyCu6mt1xXfk6gmhUrBPh1ostWv6mSpD9bXvxIKv/QnIM4SUJ/RhJH0uhWtpH4GeXvnPXHs0bxfyq1GtQt5bD3gqCHruz apavlov@Andreys-MacBook-Pro.local
+ sryabin:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5KZguajyeerULef0PxEZGOvY2yzaFd+Ob9sdM1v57RZBOyu8EdfNwso1OuLRwrZP6o6V8OBJ95O1AKE0ay5PQzu3VlbZgQfVTazc7ngKOqvIZP7JYlxM58cHcU+Hu1fvtdDYbc0cOzIP1Cu+AA4ZRiqa9YxMbI8i8bKR+MdgX+yKErXiEeM6wMmg8MEyGFFLxNmeOY78pS4xxlFsyd78JkS+TCAStULIahffPDcJI02Kt1Af9lGRyM3fKoFlNx0/lsPncvTGz/trgjAae1Q6f1CrH2saXNtFSwi58Qs6sP4A9lxMTtkGhbUMhkInYg5w+9QnZcGYfBNqXvhA6qbrH
+ slukjanov:
+ key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOV5dNsXJ6aJMml7JSd4cJ54qYhOya18QNEdb7NJ88yo
+ ytaraday:
+ key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtcRlAQg3baU14eBh8THRv+1T5sHCGAIeFaReEB/KRT
diff --git a/salt/master/formula/git/ccp.yml b/salt/master/formula/git/ccp.yml
index b124870..c8f1c65 100644
--- a/salt/master/formula/git/ccp.yml
+++ b/salt/master/formula/git/ccp.yml
@@ -6,5 +6,5 @@
formula:
ccp:
source: git
- address: '{_param:salt_master_environment_repository}/salt-formula-ccp.git'
+ address: '${_param:salt_master_environment_repository}/salt-formula-ccp.git'
revision: ${_param:salt_master_environment_revision}
diff --git a/salt/minion/cert/k8s_client_certificate.yml b/salt/minion/cert/k8s_client.yml
similarity index 90%
rename from salt/minion/cert/k8s_client_certificate.yml
rename to salt/minion/cert/k8s_client.yml
index 37bf618..06d83c4 100644
--- a/salt/minion/cert/k8s_client_certificate.yml
+++ b/salt/minion/cert/k8s_client.yml
@@ -7,6 +7,7 @@
authority: ${_param:salt_minion_ca_authority}
key_file: /etc/kubernetes/ssl/kubelet-client.key
cert_file: /etc/kubernetes/ssl/kubelet-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
common_name: kubelet-client
signing_policy: cert_client
alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
\ No newline at end of file
diff --git a/salt/minion/cert/k8s_server.yml b/salt/minion/cert/k8s_server.yml
new file mode 100644
index 0000000..d9b1da6
--- /dev/null
+++ b/salt/minion/cert/k8s_server.yml
@@ -0,0 +1,13 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ k8s_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: kubernetes-server
+ key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.key
+ cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt
+ all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem
+ signing_policy: cert_server
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
diff --git a/salt/minion/cert/k8s_server_certificate.yml b/salt/minion/cert/k8s_server_certificate.yml
deleted file mode 100644
index 835f043..0000000
--- a/salt/minion/cert/k8s_server_certificate.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-parameters:
- salt:
- minion:
- cert:
- k8s_server:
- host: ${_param:salt_minion_ca_host}
- authority: ${_param:salt_minion_ca_authority}
- common_name: kubernetes-server
- key_file: /etc/kubernetes/ssl/kubernetes-server.key
- cert_file: /etc/kubernetes/ssl/kubernetes-server.crt
- ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
- signing_policy: cert_server
- alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
\ No newline at end of file