diff --git a/.gitignore b/.gitignore index 01950163..c582ac25 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ # Sphinx documentation docs/_build/ -docs/build/ \ No newline at end of file +docs/build/ + +# OSX folder settings files +.DS_Store \ No newline at end of file diff --git a/deployment_files/global/common/layering-policy.yaml b/deployment_files/global/common/layering-policy.yaml new file mode 100644 index 00000000..e86d0bab --- /dev/null +++ b/deployment_files/global/common/layering-policy.yaml @@ -0,0 +1,10 @@ +--- +schema: deckhand/LayeringPolicy/v1 +metadata: + schema: metadata/Control/v1 + name: layering-policy +data: + layerOrder: + - global + - type + - site diff --git a/deployment_files/global/common/schemas/pegleg/SiteDefinition/v1.yaml b/deployment_files/global/common/schemas/pegleg/SiteDefinition/v1.yaml new file mode 100644 index 00000000..3878eb3b --- /dev/null +++ b/deployment_files/global/common/schemas/pegleg/SiteDefinition/v1.yaml @@ -0,0 +1,19 @@ +--- +schema: deckhand/DataSchema/v1 +metadata: + schema: metadata/Control/v1 + name: pegleg/SiteDefinition/v1 +data: + $schema: http://json-schema.org/schema# + type: object + + properties: + revision: + type: string + pattern: '^v.+$' + site_type: + type: string + required: + - revision + - site_type + additionalProperties: false diff --git a/deployment_files/global/v1.0u/profiles/genesis.yaml b/deployment_files/global/v1.0u/profiles/genesis.yaml new file mode 100644 index 00000000..fa50c386 --- /dev/null +++ b/deployment_files/global/v1.0u/profiles/genesis.yaml @@ -0,0 +1,86 @@ +--- +schema: promenade/Genesis/v1 +metadata: + schema: metadata/Document/v1 + name: genesis + labels: + genesis: enabled + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Software versions for bootstrapping phase + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ucp.armada.api + dest: + path: .images.armada + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ucp.armada.tiller + dest: + path: .images.helm.tiller + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.kubernetes.apiserver.apiserver + dest: + path: .images.kubernetes.apiserver + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.kubernetes.controller-manager.controller_manager + dest: + path: .images.kubernetes.controller-manager + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.kubernetes.etcd.etcd + dest: + path: .images.kubernetes.etcd + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.kubernetes.scheduler.scheduler + dest: + path: .images.kubernetes.scheduler + + # Site-specific configuration + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .hostname + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.ip + dest: + path: .ip +data: + armada: + target_manifest: cluster-bootstrap + labels: + dynamic: + - calico-etcd=enabled + - ceph-mds=enabled + - ceph-mon=enabled + - ceph-osd=enabled + - ceph-rgw=enabled + - ceph-mgr=enabled + - kube-ingress=enabled + - kubernetes-apiserver=enabled + - kubernetes-controller-manager=enabled + - kubernetes-etcd=enabled + - kubernetes-scheduler=enabled + - promenade-genesis=enabled + - ucp-control-plane=enabled + files: + - path: /var/lib/anchor/calico-etcd-bootstrap + content: "# placeholder for triggering calico etcd bootstrapping\n# this file will be deleted" + mode: 0644 +... diff --git a/deployment_files/global/v1.0u/profiles/kubernetes-host.yaml b/deployment_files/global/v1.0u/profiles/kubernetes-host.yaml new file mode 100644 index 00000000..f900664a --- /dev/null +++ b/deployment_files/global/v1.0u/profiles/kubernetes-host.yaml @@ -0,0 +1,127 @@ +--- +schema: promenade/HostSystem/v1 +metadata: + schema: metadata/Document/v1 + name: host-system + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .files.kubelet + dest: + path: .files[0].tar_url + + # Initial CoreDNS image (used during node Genesis and node join) + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.kubernetes.coredns.coredns + dest: + path: .images.coredns + + # Initial CoreDNS image (used during node Genesis and node join) + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.kubernetes.haproxy.haproxy + dest: + path: .images.haproxy + + # Operational tools + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ucp.armada.helm + dest: + path: .images.helm.helm + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.kubernetes.kubectl + dest: + path: .images.kubernetes.kubectl + + # System packages + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .packages.named.docker + dest: + path: .packages.required.docker + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .packages.named.socat + dest: + path: .packages.required.socat + + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .packages.unnamed + dest: + path: .packages.additional + +data: + files: + - path: /opt/kubernetes/bin/kubelet + tar_path: kubernetes/node/bin/kubelet + mode: 0555 + - path: /etc/logrotate.d/json-logrotate + mode: 0444 + content: |- + /var/lib/docker/containers/*/*-json.log + { + compress + copytruncate + create 0644 root root + daily + dateext + dateformat -%Y%m%d-%s + maxsize 10M + missingok + notifempty + su root root + rotate 1 + } + packages: + # NOTE(mb874d): This method for specified repositories and keys will be + # change to align with Drydock's approach. Until then, we will specify + # it here. + repositories: + - deb http://apt.dockerproject.org/repo ubuntu-xenial main + keys: + - |- + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mQINBFWln24BEADrBl5p99uKh8+rpvqJ48u4eTtjeXAWbslJotmC/CakbNSqOb9o + ddfzRvGVeJVERt/Q/mlvEqgnyTQy+e6oEYN2Y2kqXceUhXagThnqCoxcEJ3+KM4R + mYdoe/BJ/J/6rHOjq7Omk24z2qB3RU1uAv57iY5VGw5p45uZB4C4pNNsBJXoCvPn + TGAs/7IrekFZDDgVraPx/hdiwopQ8NltSfZCyu/jPpWFK28TR8yfVlzYFwibj5WK + dHM7ZTqlA1tHIG+agyPf3Rae0jPMsHR6q+arXVwMccyOi+ULU0z8mHUJ3iEMIrpT + X+80KaN/ZjibfsBOCjcfiJSB/acn4nxQQgNZigna32velafhQivsNREFeJpzENiG + HOoyC6qVeOgKrRiKxzymj0FIMLru/iFF5pSWcBQB7PYlt8J0G80lAcPr6VCiN+4c + NKv03SdvA69dCOj79PuO9IIvQsJXsSq96HB+TeEmmL+xSdpGtGdCJHHM1fDeCqkZ + hT+RtBGQL2SEdWjxbF43oQopocT8cHvyX6Zaltn0svoGs+wX3Z/H6/8P5anog43U + 65c0A+64Jj00rNDr8j31izhtQMRo892kGeQAaaxg4Pz6HnS7hRC+cOMHUU4HA7iM + zHrouAdYeTZeZEQOA7SxtCME9ZnGwe2grxPXh/U/80WJGkzLFNcTKdv+rwARAQAB + tDdEb2NrZXIgUmVsZWFzZSBUb29sIChyZWxlYXNlZG9ja2VyKSA8ZG9ja2VyQGRv + Y2tlci5jb20+iQI4BBMBAgAiBQJVpZ9uAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe + AQIXgAAKCRD3YiFXLFJgnbRfEAC9Uai7Rv20QIDlDogRzd+Vebg4ahyoUdj0CH+n + Ak40RIoq6G26u1e+sdgjpCa8jF6vrx+smpgd1HeJdmpahUX0XN3X9f9qU9oj9A4I + 1WDalRWJh+tP5WNv2ySy6AwcP9QnjuBMRTnTK27pk1sEMg9oJHK5p+ts8hlSC4Sl + uyMKH5NMVy9c+A9yqq9NF6M6d6/ehKfBFFLG9BX+XLBATvf1ZemGVHQusCQebTGv + 0C0V9yqtdPdRWVIEhHxyNHATaVYOafTj/EF0lDxLl6zDT6trRV5n9F1VCEh4Aal8 + L5MxVPcIZVO7NHT2EkQgn8CvWjV3oKl2GopZF8V4XdJRl90U/WDv/6cmfI08GkzD + YBHhS8ULWRFwGKobsSTyIvnbk4NtKdnTGyTJCQ8+6i52s+C54PiNgfj2ieNn6oOR + 7d+bNCcG1CdOYY+ZXVOcsjl73UYvtJrO0Rl/NpYERkZ5d/tzw4jZ6FCXgggA/Zxc + jk6Y1ZvIm8Mt8wLRFH9Nww+FVsCtaCXJLP8DlJLASMD9rl5QS9Ku3u7ZNrr5HWXP + HXITX660jglyshch6CWeiUATqjIAzkEQom/kEnOrvJAtkypRJ59vYQOedZ1sFVEL + MXg2UCkD/FwojfnVtjzYaTCeGwFQeqzHmM241iuOmBYPeyTY5veF49aBJA1gEJOQ + TvBR8Q== + =Fm3p + -----END PGP PUBLIC KEY BLOCK----- diff --git a/deployment_files/global/v1.0u/schemas/aic/AccountCatalogue/v1.yaml b/deployment_files/global/v1.0u/schemas/aic/AccountCatalogue/v1.yaml new file mode 100644 index 00000000..a8433050 --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/aic/AccountCatalogue/v1.yaml @@ -0,0 +1,259 @@ +--- +schema: 'deckhand/DataSchema/v1' +metadata: + schema: metadata/Control/v1 + name: pegleg/AccountCatalogue/v1 +data: + $schema: 'http://json-schema.org/schema#' + type: object + properties: + ucp: + type: object + properties: + postgres: + type: object + properties: + admin: + type: object + properties: + username: + type: string + oslo_db: + type: object + properties: + admin: + type: object + properties: + username: + type: string + oslo_messaging: + type: object + properties: + admin: + type: object + properties: + username: + type: string + keystone: + type: object + properties: + admin: + type: object + properties: + region_name: + type: string + username: + type: string + project_name: + type: string + user_domain_name: + type: string + project_domain_name: + type: string + oslo_messaging: + type: object + properties: + username: + type: string + oslo_db: + type: object + properties: + username: + type: string + database: + type: string + promenade: + type: object + properties: + keystone: + type: object + properties: + region_name: + type: string + role: + type: string + project_name: + type: string + project_domain_name: + type: string + user_domain_name: + type: string + username: + type: string + drydock: + type: object + properties: + keystone: + type: object + properties: + region_name: + type: string + role: + type: string + project_name: + type: string + project_domain_name: + type: string + user_domain_name: + type: string + username: + type: string + postgres: + type: object + properties: + username: + type: string + database: + type: string + shipyard: + type: object + properties: + keystone: + type: object + properties: + region_name: + type: string + role: + type: string + project_name: + type: string + project_domain_name: + type: string + user_domain_name: + type: string + username: + type: string + postgres: + type: object + properties: + username: + type: string + database: + type: string + airflow: + type: object + properties: + postgres: + type: object + properties: + username: + type: string + database: + type: string + oslo_messaging: + type: object + properties: + username: + type: string + maas: + type: object + properties: + admin: + type: object + properties: + username: + type: string + email: + type: string + postgres: + type: object + properties: + username: + type: string + database: + type: string + barbican: + type: object + properties: + keystone: + type: object + properties: + region_name: + type: string + role: + type: string + project_name: + type: string + project_domain_name: + type: string + user_domain_name: + type: string + username: + type: string + oslo_db: + type: object + properties: + username: + type: string + database: + type: string + oslo_messaging: + type: object + properties: + username: + type: string + armada: + type: object + properties: + keystone: + type: object + properties: + project_domain_name: + type: string + project_name: + type: string + region_name: + type: string + role: + type: string + user_domain_name: + type: string + username: + type: string + deckhand: + type: object + properties: + keystone: + type: object + properties: + region_name: + type: string + role: + type: string + project_name: + type: string + project_domain_name: + type: string + user_domain_name: + type: string + username: + type: string + postgres: + type: object + properties: + username: + type: string + database: + type: string + ceph: + type: object + properties: + swift: + type: object + properties: + keystone: + type: object + properties: + role: + type: string + region_name: + type: string + username: + type: string + project_name: + type: string + user_domain_name: + type: string + project_domain_name: + type: string +... diff --git a/deployment_files/global/v1.0u/schemas/aic/CommonAddresses/v1.yaml b/deployment_files/global/v1.0u/schemas/aic/CommonAddresses/v1.yaml new file mode 100644 index 00000000..277425aa --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/aic/CommonAddresses/v1.yaml @@ -0,0 +1,107 @@ +--- +schema: 'deckhand/DataSchema/v1' +metadata: + schema: metadata/Control/v1 + name: pegleg/CommonAddresses/v1 +data: + $schema: 'http://json-schema.org/schema#' + type: object + properties: + calico: + type: object + properties: + ip_autodetection_method: + type: string + etcd: + type: object + properties: + service_ip: + type: string + dns: + type: object + properties: + cluster_domain: + type: string + service_ip: + type: string + upstream_servers: + type: array + items: + type: string + upstream_servers_joined: + type: string + genesis: + type: object + properties: + hostname: + type: string + ip: + type: string + bootstrap: + type: object + properties: + ip: + type: string + kubernetes: + type: object + properties: + api_service_ip: + type: string + etcd_service_ip: + type: string + pod_cidr: + type: string + service_cidr: + type: string + apiserver_port: + type: number + haproxy_port: + type: number + etcd: + type: object + properties: + container_port: + type: number + haproxy_port: + type: number + masters: + type: array + items: + type: object + properties: + hostname: + type: string + node_ports: + type: object + properties: + drydock_api: + type: number + maas_api: + type: number + maas_proxy: + type: number + shipyard_api: + type: number + airflow_web: + type: number + ntp: + type: object + properties: + servers_joined: + type: string + openvswitch: + type: object + properties: + external_iface: + type: string + storage: + type: object + properties: + ceph: + type: object + properties: + public_cidr: + type: string + cluster_cidr: + type: string +... diff --git a/deployment_files/global/v1.0u/schemas/aic/EndpointCatalogue/v1.yaml b/deployment_files/global/v1.0u/schemas/aic/EndpointCatalogue/v1.yaml new file mode 100644 index 00000000..a61db819 --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/aic/EndpointCatalogue/v1.yaml @@ -0,0 +1,84 @@ +--- +schema: 'deckhand/DataSchema/v1' +metadata: + schema: metadata/Control/v1 + name: pegleg/EndpointCatalogue/v1 +data: + $schema: 'http://json-schema.org/schema#' + type: 'object' + # Namespace the list of endpoints + additionalProperties: + type: 'object' + additionalProperties: + type: 'object' + properties: + name: + type: string + auth: + type: object + hosts: + type: object + properties: + default: + type: string + public: + type: string + internal: + type: string + additionalProperties: + type: string + host_fqdn_override: + oneOf: + - type: object + properties: + default: + oneOf: + - type: string + - type: "null" + public: + type: string + internal: + type: string + additionalProperties: + type: string + - type: "null" + path: + oneOf: + - type: object + properties: + default: + type: string + public: + type: string + internal: + type: string + additionalProperties: + type: string + - type: string + scheme: + oneOf: + - type: object + properties: + default: + type: string + public: + type: string + internal: + type: string + additionalProperties: + type: string + - type: string + port: + type: object + additionalProperties: + type: object + properties: + default: + type: number + public: + type: number + internal: + type: number + additionalProperties: + type: number +... diff --git a/deployment_files/global/v1.0u/schemas/aic/SoftwareVersions/v1.yaml b/deployment_files/global/v1.0u/schemas/aic/SoftwareVersions/v1.yaml new file mode 100644 index 00000000..00ec56f8 --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/aic/SoftwareVersions/v1.yaml @@ -0,0 +1,747 @@ +--- +schema: 'deckhand/DataSchema/v1' +metadata: + schema: metadata/Control/v1 + name: pegleg/SoftwareVersions/v1 +data: + $schema: 'http://json-schema.org/schema#' + type: object + properties: + charts: + type: object + properties: + kubernetes: + type: object + properties: + calico: + type: object + properties: + etcd: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + etcd-htk: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + calico: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + apiserver: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + apiserver-htk: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + ucp-helm-toolkit: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + controller-manager: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + controller-manager-htk: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + coredns: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + coredns-htk: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + haroxy: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + haroxy-htk: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + etcd: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + etcd-htk: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + ingress: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + ingress-htk: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + proxy: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + proxy-htk: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + scheduler: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + scheduler-htk: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + ucp: + type: object + properties: + armada: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + barbican: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + ceph: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + deckhand: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + drydock: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + ingress: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + postgresql: + type: object + + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + promenade: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + keystone: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + maas: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + mariadb: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + memcached: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + rabbitmq: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + rabbitmq-etcd: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + shipyard: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + tiller: + type: object + properties: + type: + type: string + location: + type: string + subpath: + type: string + reference: + type: string + files: + type: object + properties: + kubelet: + type: string + images: + type: object + properties: + ucp: + type: object + properties: + armada: + type: object + properties: + api: + type: string + dep_check: + type: string + ks_endpoints: + type: string + ks_service: + type: string + ks_user: + type: string + helm: + type: string + tiller: + type: string + promenade: + type: object + properties: + dep_check: + type: string + promenade: + type: string + ks_user: + type: string + ks_service: + type: string + ks_endpoints: + type: string + deckhand: + type: object + properties: + deckhand: + type: string + dep_check: + type: string + db_init: + type: string + db_sync: + type: string + ks_endpoints: + type: string + ks_service: + type: string + ks_user: + type: string + barbican: + type: object + properties: + bootstrap: + type: string + dep_check: + type: string + scripted_test: + type: string + db_init: + type: string + barbican_db_sync: + type: string + db_drop: + type: string + ks_endpoints: + type: string + ks_service: + type: string + ks_user: + type: string + barbican_api: + type: string + drydock: + type: object + properties: + drydock: + type: string + dep_check: + type: string + ks_endpoints: + type: string + ks_service: + type: string + ks_user: + type: string + drydock_db_init: + type: string + drydock_db_sync: + type: string + shipyard: + type: object + properties: + airflow: + type: string + shipyard: + type: string + dep_check: + type: string + shipyard_db_init: + type: string + shipyard_db_sync: + type: string + airflow_db_init: + type: string + airflow_db_sync: + type: string + ks_user: + type: string + ks_service: + type: string + ks_endpoints: + type: string + maas: + type: object + properties: + db_init: + type: string + db_sync: + type: string + maas_rack: + type: string + maas_region: + type: string + bootstrap: + type: string + export_api_key: + type: string + maas_cache: + type: string + dep_check: + type: string + keystone: + type: object + properties: + keystone_bootstrap: + type: string + test: + type: string + db_init: + type: string + keystone_db_sync: + type: string + db_drop: + type: string + keystone_fernet_setup: + type: string + keystone_fernet_rotate: + type: string + keystone_credential_setup: + type: string + keystone_credential_rotate: + type: string + keystone_api: + type: string + dep_check: + type: string + tiller: + type: object + properties: + tiller: + type: string + mariadb: + type: object + properties: + mariadb: + type: string + dep_check: + type: string + postgresql: + type: object + properties: + postgresql: + type: string + dep_check: + type: string + memcached: + type: object + properties: + memcached: + type: string + dep_check: + type: string + rabbitmq: + type: object + properties: + rabbitmq: + type: string + dep_check: + type: string + ceph: + type: object + properties: + ceph: + type: object + properties: + ks_endpoints: + type: string + ks_service: + type: string + ks_user: + type: string + ceph_bootstrap: + type: string + dep_check: + type: string + ceph_daemon: + type: string + ceph_config_helper: + type: string + ceph_rbd_provisioner: + type: string + ceph_cephfs_provisioner: + type: string + kubernetes: + type: object + properties: + apiserver: + type: object + properties: + anchor: + type: string + apiserver: + type: string + dep_check: + type: string + controller-manager: + type: object + properties: + anchor: + type: string + controller_manager: + type: string + dep_check: + type: string + coredns: + type: object + properties: + coredns: + type: string + haproxy: + type: object + properties: + haproxy: + type: string + anchor: + type: string + etcd: + type: object + properties: + etcd: + type: string + etcdctl: + type: string + kubectl: + type: string + pause: + type: string + scheduler: + type: object + properties: + anchor: + type: string + scheduler: + type: string + proxy: + type: object + properties: + proxy: + type: string + calico: + type: object + properties: + etcd: + type: object + properties: + etcd: + type: string + etcdctl: + type: string + calico: + type: object + properties: + cni: + type: string + ctl: + type: string + node: + type: string + policy_controller: + type: string + packages: + type: object + properties: + repositories: + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + distributions: + type: array + items: + type: string + components: + type: array + items: + type: string + gpgkey: + type: string + named: + type: object + properties: + docker: + type: string + socat: + type: string + unnamed: + type: array + items: + type: string +... diff --git a/deployment_files/global/v1.0u/schemas/armada/Chart/v1.yaml b/deployment_files/global/v1.0u/schemas/armada/Chart/v1.yaml new file mode 100644 index 00000000..86fede8e --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/armada/Chart/v1.yaml @@ -0,0 +1,12 @@ +--- +schema: 'deckhand/DataSchema/v1' +metadata: + schema: metadata/Control/v1 + name: armada/Chart/v1 + labels: + application: armada +data: + $schema: 'http://json-schema.org/schema#' + type: 'object' + additionalProperties: true +... diff --git a/deployment_files/global/v1.0u/schemas/armada/ChartGroup/v1.yaml b/deployment_files/global/v1.0u/schemas/armada/ChartGroup/v1.yaml new file mode 100644 index 00000000..76f21dfc --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/armada/ChartGroup/v1.yaml @@ -0,0 +1,12 @@ +--- +schema: 'deckhand/DataSchema/v1' +metadata: + schema: metadata/Control/v1 + name: armada/ChartGroup/v1 + labels: + application: armada +data: + $schema: 'http://json-schema.org/schema#' + type: 'object' + additionalProperties: true +... diff --git a/deployment_files/global/v1.0u/schemas/armada/Manifest/v1.yaml b/deployment_files/global/v1.0u/schemas/armada/Manifest/v1.yaml new file mode 100644 index 00000000..cca2e100 --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/armada/Manifest/v1.yaml @@ -0,0 +1,12 @@ +--- +schema: 'deckhand/DataSchema/v1' +metadata: + schema: metadata/Control/v1 + name: armada/Manifest/v1 + labels: + application: armada +data: + $schema: 'http://json-schema.org/schema#' + type: 'object' + additionalProperties: true +... diff --git a/deployment_files/global/v1.0u/schemas/drydock/BaremetalNode/v1.yaml b/deployment_files/global/v1.0u/schemas/drydock/BaremetalNode/v1.yaml new file mode 100644 index 00000000..52f06215 --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/drydock/BaremetalNode/v1.yaml @@ -0,0 +1,164 @@ +--- +schema: 'deckhand/DataSchema/v1' +metadata: + schema: metadata/Control/v1 + name: drydock/BaremetalNode/v1 + labels: + application: drydock +data: + $schema: 'http://json-schema.org/schema#' + id: 'http://att.com/att-comdev/drydock/baremetalNode.yaml' + type: 'object' + properties: + addressing: + type: 'array' + items: + type: 'object' + properties: + address: + type: 'string' + network: + type: 'string' + oob: + type: 'object' + properties: + type: + type: 'string' + network: + type: 'string' + account: + type: 'string' + credetial: + type: 'string' + additionalProperties: true + storage: + type: 'object' + properties: + physical_devices: + type: 'object' + additionalProperties: + type: 'object' + properties: + labels: + type: 'object' + additionalProperties: + type: 'string' + volume_group: + type: 'string' + partitions: + type: 'array' + items: + type: 'object' + properties: + name: + type: 'string' + size: + type: 'string' + part_uuid: + type: 'string' + volume_group: + type: 'string' + labels: + type: 'object' + additionalProperties: + type: 'string' + bootable: + type: 'boolean' + volume_group: + type: 'string' + filesystem: + type: 'object' + properties: + mountpoint: + type: 'string' + fstype: + type: 'string' + mount_options: + type: 'string' + fs_uuid: + type: 'string' + fs_label: + type: 'string' + additionalProperties: false + additionalProperties: false + volume_groups: + type: 'object' + additionalProperties: + type: 'object' + properties: + vg_uuid: + type: 'string' + logical_volumes: + type: 'array' + items: + type: 'object' + properties: + name: + type: 'string' + lv_uuid: + type: 'string' + size: + type: 'string' + filesystem: + type: 'object' + properties: + mountpoint: + type: 'string' + fstype: + type: 'string' + mount_options: + type: 'string' + fs_uuid: + type: 'string' + fs_label: + type: 'string' + platform: + type: 'object' + properties: + image: + type: 'string' + kernel: + type: 'string' + kernel_params: + type: 'object' + additionalProperties: true + additionalProperties: false + metadata: + type: 'object' + properties: + tags: + type: 'array' + items: + type: 'string' + owner_data: + type: 'object' + additionalProperties: + type: 'string' + rack: + type: 'string' + boot_mac: + type: 'string' + additionalProperties: false + host_profile: + type: 'string' + hardware_profile: + type: 'string' + primary_network: + type: 'string' + interfaces: + type: 'object' + additionalProperties: + type: 'object' + properties: + device_link: + type: 'string' + slaves: + type: 'array' + items: + type: 'string' + networks: + type: 'array' + items: + type: 'string' + additionalProperties: false +... diff --git a/deployment_files/global/v1.0u/schemas/drydock/BootAction/v1.yaml b/deployment_files/global/v1.0u/schemas/drydock/BootAction/v1.yaml new file mode 100644 index 00000000..d35e6683 --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/drydock/BootAction/v1.yaml @@ -0,0 +1,94 @@ +--- +schema: 'deckhand/DataSchema/v1' +metadata: + schema: metadata/Control/v1 + name: drydock/BootAction/v1 + labels: + application: drydock +data: + $schema: 'http://json-schema.org/schema#' + id: 'http://att.com/att-comdev/drydock/bootaction.yaml' + type: 'object' + additionalProperties: false + properties: + signaling: + type: 'boolean' + assets: + type: 'array' + items: + type: 'object' + additionalProperties: false + properties: + path: + type: 'string' + pattern: '^/.+' + location: + type: 'string' + type: + type: 'string' + enum: + - 'unit' + - 'file' + - 'pkg_list' + data: + type: 'string' + location_pipeline: + type: 'array' + items: + type: 'string' + enum: + - 'template' + data_pipeline: + type: 'array' + items: + type: 'string' + enum: + - 'base64_encode' + - 'template' + - 'base64_decode' + - 'utf8_encode' + - 'utf8_decode' + permissions: + type: 'string' + pattern: '\d{3}' + required: + - 'type' + node_filter: + type: 'object' + additionalProperties: false + properties: + filter_set_type: + type: 'string' + enum: + - 'intersection' + - 'union' + filter_set: + type: 'array' + items: + type: 'object' + additionalProperties: false + properties: + filter_type: + type: 'string' + enum: + - 'intersection' + - 'union' + node_names: + type: 'array' + items: + type: 'string' + node_tags: + type: 'array' + items: + type: 'string' + node_labels: + type: 'object' + additionalProperties: true + rack_names: + type: 'array' + items: + type: 'string' + rack_labels: + type: 'object' + additionalProperties: true +... diff --git a/deployment_files/global/v1.0u/schemas/drydock/HardwareProfile/v1.yaml b/deployment_files/global/v1.0u/schemas/drydock/HardwareProfile/v1.yaml new file mode 100644 index 00000000..9fd110a1 --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/drydock/HardwareProfile/v1.yaml @@ -0,0 +1,37 @@ +--- +schema: 'deckhand/DataSchema/v1' +metadata: + schema: metadata/Control/v1 + name: drydock/HardwareProfile/v1 + labels: + application: drydock +data: + $schema: 'http://json-schema.org/schema#' + id: 'http://att.com/att-comdev/drydock/hardwareProfile.yaml' + type: 'object' + properties: + vendor: + type: 'string' + generation: + type: 'string' + hw_version: + type: 'string' + bios_version: + type: 'string' + boot_mode: + type: 'string' + enum: + - 'bios' + - 'uefi' + bootstrap_protocol: + type: 'string' + enum: + - 'pxe' + - 'usb' + - 'hdd' + pxe_interface: + type: 'number' + device_aliases: + type: 'object' + additionalProperties: true + additionalProperties: false diff --git a/deployment_files/global/v1.0u/schemas/drydock/HostProfile/v1.yaml b/deployment_files/global/v1.0u/schemas/drydock/HostProfile/v1.yaml new file mode 100644 index 00000000..e4eb48e2 --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/drydock/HostProfile/v1.yaml @@ -0,0 +1,155 @@ +--- +schema: 'deckhand/DataSchema/v1' +metadata: + schema: metadata/Control/v1 + name: drydock/HostProfile/v1 + labels: + application: drydock +data: + $schema: 'http://json-schema.org/schema#' + id: 'http://att.com/att-comdev/drydock/hostProfile.yaml' + type: 'object' + properties: + oob: + type: 'object' + properties: + type: + type: 'string' + network: + type: 'string' + account: + type: 'string' + credetial: + type: 'string' + additionalProperties: true + storage: + type: 'object' + properties: + physical_devices: + type: 'object' + additionalProperties: + type: 'object' + properties: + labels: + type: 'object' + additionalProperties: + type: 'string' + volume_group: + type: 'string' + partitions: + type: 'array' + items: + type: 'object' + properties: + name: + type: 'string' + size: + type: 'string' + part_uuid: + type: 'string' + volume_group: + type: 'string' + labels: + type: 'object' + additionalProperties: + type: 'string' + bootable: + type: 'boolean' + volume_group: + type: 'string' + filesystem: + type: 'object' + properties: + mountpoint: + type: 'string' + fstype: + type: 'string' + mount_options: + type: 'string' + fs_uuid: + type: 'string' + fs_label: + type: 'string' + additionalProperties: false + additionalProperties: false + volume_groups: + type: 'object' + additionalProperties: + type: 'object' + properties: + vg_uuid: + type: 'string' + logical_volumes: + type: 'array' + items: + type: 'object' + properties: + name: + type: 'string' + lv_uuid: + type: 'string' + size: + type: 'string' + filesystem: + type: 'object' + properties: + mountpoint: + type: 'string' + fstype: + type: 'string' + mount_options: + type: 'string' + fs_uuid: + type: 'string' + fs_label: + type: 'string' + platform: + type: 'object' + properties: + image: + type: 'string' + kernel: + type: 'string' + kernel_params: + type: 'object' + additionalProperties: true + additionalProperties: false + metadata: + type: 'object' + properties: + tags: + type: 'array' + items: + type: 'string' + owner_data: + type: 'object' + additionalProperties: + type: 'string' + rack: + type: 'string' + boot_mac: + type: 'string' + additionalProperties: false + host_profile: + type: 'string' + hardware_profile: + type: 'string' + primary_network: + type: 'string' + interfaces: + type: 'object' + additionalProperties: + type: 'object' + properties: + device_link: + type: 'string' + slaves: + type: 'array' + items: + type: 'string' + networks: + type: 'array' + items: + type: 'string' + additionalProperties: false +... diff --git a/deployment_files/global/v1.0u/schemas/drydock/Network/v1.yaml b/deployment_files/global/v1.0u/schemas/drydock/Network/v1.yaml new file mode 100644 index 00000000..4eaaf11d --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/drydock/Network/v1.yaml @@ -0,0 +1,71 @@ +--- +schema: 'deckhand/DataSchema/v1' +metadata: + schema: metadata/Control/v1 + name: drydock/Network/v1 + labels: + application: drydock +data: + $schema: 'http://json-schema.org/schema#' + id: 'http://att.com/att-comdev/drydock/network.yaml' + type: 'object' + properties: + cidr: + type: 'string' + ranges: + type: 'array' + items: + type: 'object' + properties: + type: + type: 'string' + start: + type: 'string' + format: 'ipv4' + end: + type: 'string' + format: 'ipv4' + additionalProperties: false + dns: + type: 'object' + properties: + domain: + type: 'string' + servers: + type: 'string' + additionalProperties: false + dhcp_relay: + type: 'object' + properties: + self_ip: + type: 'string' + format: 'ipv4' + upstream_target: + type: 'string' + format: 'ipv4' + additionalProperties: false + mtu: + type: 'number' + vlan: + type: 'string' + routedomain: + type: 'string' + routes: + type: 'array' + items: + type: 'object' + properties: + subnet: + type: 'string' + gateway: + type: 'string' + format: 'ipv4' + metric: + type: 'number' + routedomain: + type: 'string' + additionalProperties: false + labels: + type: 'object' + additionalProperties: true + additionalProperties: false diff --git a/deployment_files/global/v1.0u/schemas/drydock/NetworkLink/v1.yaml b/deployment_files/global/v1.0u/schemas/drydock/NetworkLink/v1.yaml new file mode 100644 index 00000000..e0f7e34d --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/drydock/NetworkLink/v1.yaml @@ -0,0 +1,48 @@ +--- +schema: 'deckhand/DataSchema/v1' +metadata: + schema: metadata/Control/v1 + name: drydock/NetworkLink/v1 + labels: + application: drydock +data: + $schema: 'http://json-schema.org/schema#' + id: 'http://att.com/att-comdev/drydock/networkLink.yaml' + type: 'object' + properties: + bonding: + type: 'object' + properties: + mode: + type: 'string' + hash: + type: 'string' + peer_rate: + type: 'string' + mon_rate: + type: 'number' + up_delay: + type: 'number' + down_delay: + type: 'number' + additionalProperties: false + mtu: + type: 'number' + linkspeed: + type: 'string' + trunking: + type: 'object' + properties: + mode: + type: 'string' + default_network: + type: 'string' + additionalProperties: false + allowed_networks: + type: 'array' + items: + type: 'string' + labels: + type: 'object' + additionalProperties: true + additionalProperties: false diff --git a/deployment_files/global/v1.0u/schemas/drydock/Rack/v1.yaml b/deployment_files/global/v1.0u/schemas/drydock/Rack/v1.yaml new file mode 100644 index 00000000..65fe5d13 --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/drydock/Rack/v1.yaml @@ -0,0 +1,36 @@ +--- +schema: 'deckhand/DataSchema/v1' +metadata: + schema: metadata/Control/v1 + name: drydock/Rack/v1 + labels: + application: drydock +data: + $schema: 'http://json-schema.org/schema#' + id: 'http://att.com/att-comdev/drydock/rack.yaml' + type: 'object' + properties: + tor_switches: + type: 'object' + properties: + mgmt_ip: + type: 'string' + format: 'ipv4' + sdn_api_uri: + type: 'string' + format: 'uri' + location: + type: 'object' + properties: + clli: + type: 'string' + grid: + type: 'string' + local_networks: + type: 'array' + items: + type: 'string' + labels: + type: 'object' + additionalProperties: true + additionalProperties: false diff --git a/deployment_files/global/v1.0u/schemas/drydock/Region/v1.yaml b/deployment_files/global/v1.0u/schemas/drydock/Region/v1.yaml new file mode 100644 index 00000000..37e4da8c --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/drydock/Region/v1.yaml @@ -0,0 +1,31 @@ +--- +schema: 'deckhand/DataSchema/v1' +metadata: + schema: metadata/Control/v1 + name: drydock/Region/v1 + labels: + application: drydock +data: + $schema: 'http://json-schema.org/schema#' + id: 'http://att.com/att-comdev/drydock/region.yaml' + type: 'object' + properties: + tag_definitions: + type: 'array' + items: + type: 'object' + properties: + tag: + type: 'string' + definition_type: + type: 'string' + enum: + - 'lshw_xpath' + definition: + type: 'string' + additionalProperties: false + authorized_keys: + type: 'array' + items: + type: 'string' + additionalProperties: false diff --git a/deployment_files/global/v1.0u/schemas/promenade/Docker/v1.yaml b/deployment_files/global/v1.0u/schemas/promenade/Docker/v1.yaml new file mode 100644 index 00000000..f2dc517f --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/promenade/Docker/v1.yaml @@ -0,0 +1,16 @@ +--- +schema: deckhand/DataSchema/v1 +metadata: + schema: metadata/Control/v1 + name: promenade/Docker/v1 + labels: + application: promenade +data: + $schema: http://json-schema.org/schema# + type: object + properties: + config: + type: object + required: + - config + additionalProperties: false diff --git a/deployment_files/global/v1.0u/schemas/promenade/Genesis/v1.yaml b/deployment_files/global/v1.0u/schemas/promenade/Genesis/v1.yaml new file mode 100644 index 00000000..c6f90bf4 --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/promenade/Genesis/v1.yaml @@ -0,0 +1,131 @@ +--- +schema: deckhand/DataSchema/v1 +metadata: + schema: metadata/Control/v1 + name: promenade/Genesis/v1 + labels: + application: promenade +data: + $schema: http://json-schema.org/schema# + definitions: + abs_path: + type: string + pattern: '^/.+$' + hostname: + type: string + pattern: '^[a-z][a-z0-9-]+$' + file: + properties: + path: + $ref: '#/definitions/abs_path' + content: + type: string + mode: + type: integer + minimum: 0 + tar_url: + $ref: '#/definitions/url' + tar_path: + $ref: '#/definitions/rel_path' + + requried: + - mode + - path + oneOf: + - type: object + required: + - content + - type: object + allOf: + - type: object + required: + - tar_url + - tar_path + additionalProperties: false + image: + type: string + # XXX add regex + ip_address: + type: string + pattern: '^(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))$' + kubernetes_label: + type: string + # XXX add regex + rel_path: + type: string + # XXX add regex + + type: object + properties: + files: + type: array + items: + $ref: '#/definitions/file' + + hostname: + $ref: '#/definitions/hostname' + + ip: + $ref: '#/definitions/ip_address' + + armada: + properties: + target_manifest: + type: string + additionalProperties: false + + labels: + properties: + static: + type: array + items: + $ref: '#/definitions/kubernetes_label' + dynamic: + type: array + items: + $ref: '#/definitions/kubernetes_label' + additionalProperties: false + + images: + type: object + properties: + armada: + $ref: '#/definitions/image' + helm: + type: object + properties: + tiller: + $ref: '#/definitions/image' + required: + - tiller + additionalProperties: false + kubernetes: + type: object + properties: + apiserver: + $ref: '#/definitions/image' + controller-manager: + $ref: '#/definitions/image' + etcd: + $ref: '#/definitions/image' + scheduler: + $ref: '#/definitions/image' + required: + - apiserver + - controller-manager + - etcd + - scheduler + additionalProperties: false + required: + - armada + - helm + - kubernetes + additionalProperties: false + + required: + - hostname + - ip + - armada + - images + - labels + additionalProperties: false diff --git a/deployment_files/global/v1.0u/schemas/promenade/HostSystem/v1.yaml b/deployment_files/global/v1.0u/schemas/promenade/HostSystem/v1.yaml new file mode 100644 index 00000000..87452383 --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/promenade/HostSystem/v1.yaml @@ -0,0 +1,137 @@ +--- +schema: deckhand/DataSchema/v1 +metadata: + schema: metadata/Control/v1 + name: promenade/HostSystem/v1 + labels: + application: promenade +data: + $schema: http://json-schema.org/schema# + definitions: + abs_path: + type: string + pattern: '^/.+$' + apt_source_line: + type: string + # XXX add regex + file: + properties: + path: + $ref: '#/definitions/abs_path' + content: + type: string + mode: + type: integer + minimum: 0 + tar_url: + $ref: '#/definitions/url' + tar_path: + $ref: '#/definitions/rel_path' + + requried: + - mode + - path + oneOf: + - type: object + required: + - content + - type: object + allOf: + - type: object + required: + - tar_url + - tar_path + additionalProperties: false + + image: + type: string + # XXX add regex + package: + type: string + # XXX add regex + public_key: + type: string + # XXX add regex + rel_path: + type: string + # XXX add regex + url: + type: string + # XXX add regex + + type: object + + properties: + files: + type: array + items: + type: object + items: + $ref: '#/definitions/file' + images: + type: object + properties: + haproxy: + $ref: '#/definitions/image' + coredns: + $ref: '#/definitions/image' + helm: + type: object + properties: + helm: + $ref: '#/definitions/image' + required: + - helm + additionalProperties: false + kubernetes: + type: object + properties: + kubectl: + $ref: '#/definitions/image' + required: + - kubectl + additionalProperties: false + required: + - haproxy + - coredns + - helm + - kubernetes + additionalProperties: false + + packages: + type: object + properties: + additional: + type: array + items: + $ref: '#/definitions/package' + keys: + type: array + items: + $ref: '#/definitions/public_key' + + required: + type: object + properties: + docker: + $ref: '#/definitions/package' + socat: + $ref: '#/definitions/package' + required: + - docker + - socat + additionalProperties: false + + repositories: + type: array + items: + $ref: '#/definitions/apt_source_line' + + required: + - required + additionalProperties: false + + required: + - images + - packages + additionalProperties: false diff --git a/deployment_files/global/v1.0u/schemas/promenade/Kubelet/v1.yaml b/deployment_files/global/v1.0u/schemas/promenade/Kubelet/v1.yaml new file mode 100644 index 00000000..eb3d6939 --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/promenade/Kubelet/v1.yaml @@ -0,0 +1,31 @@ +--- +schema: deckhand/DataSchema/v1 +metadata: + schema: metadata/Control/v1 + name: promenade/Kubelet/v1 + labels: + application: promenade +data: + $schema: http://json-schema.org/schema# + type: object + definitions: + image: + type: string + # XXX add regex + + properties: + images: + type: object + properties: + pause: + $ref: '#/definitions/image' + required: + - pause + additionalProperties: false + arguments: + type: array + items: + type: string + required: + - images + additionalProperties: false diff --git a/deployment_files/global/v1.0u/schemas/promenade/KubernetesNetwork/v1.yaml b/deployment_files/global/v1.0u/schemas/promenade/KubernetesNetwork/v1.yaml new file mode 100644 index 00000000..ab3574e2 --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/promenade/KubernetesNetwork/v1.yaml @@ -0,0 +1,118 @@ +--- +schema: deckhand/DataSchema/v1 +metadata: + schema: metadata/Control/v1 + name: promenade/KubernetesNetwork/v1 + labels: + application: promenade +data: + $schema: http://json-schema.org/schema# + definitions: + cidr: + type: string + pattern: '^(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\/([0-9]|[1-2][0-9]|3[0-2])$' + domain_name: + type: string + pattern: '^([a-z][a-z0-9-]+\.)+[a-z]+\.?$' + hostname: + type: string + pattern: '^([a-z][a-z0-9-]+)(\.+[a-z]+\.)?$' + hostname_or_ip_address: + type: string + pattern: '^(([a-z][a-z0-9-]+)(\.+[a-z]+\.)?|(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5])))$' + ip_address: + type: string + pattern: '^(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))$' + url: + type: string + # XXX add regex + + type: object + properties: + dns: + type: object + properties: + bootstrap_validation_checks: + type: array + items: + $ref: '#/definitions/domain_name' + cluster_domain: + $ref: '#/definitions/domain_name' + service_ip: + $ref: '#/definitions/ip_address' + upstream_servers: + type: array + items: + $ref: '#/definitions/ip_address' + required: + - cluster_domain + - service_ip + additionalProperties: false + + kubernetes: + type: object + properties: + pod_cidr: + $ref: '#/definitions/cidr' + service_ip: + $ref: '#/definitions/ip_address' + service_cidr: + $ref: '#/definitions/cidr' + apiserver_port: + type: number + minimum: 0 + haproxy_port: + type: number + minimum: 0 + required: + - pod_cidr + - service_cidr + - service_ip + - apiserver_port + - haproxy_port + additionalProperties: false + etcd: + type: object + properties: + service_ip: + $ref: '#/definitions/ip_address' + container_port: + type: number + minimum: 0 + haproxy_port: + type: number + minimum: 0 + required: + - service_ip + - container_port + - haproxy_port + additionalProperties: false + hosts_entries: + type: array + items: + type: object + properties: + ip: + $ref: '#/definitions/ip_address' + names: + type: array + items: + $ref: '#/definitions/hostname' + + proxy: + type: object + properties: + additional_no_proxy: + type: array + items: + $ref: '#/definitions/hostname_or_ip_address' + url: + $ref: '#/definitions/url' + required: + - url + additionalFields: false + + required: + - dns + - kubernetes + additionalProperties: false diff --git a/deployment_files/global/v1.0u/schemas/promenade/KubernetesNode/v1.yaml b/deployment_files/global/v1.0u/schemas/promenade/KubernetesNode/v1.yaml new file mode 100644 index 00000000..1b7598e2 --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/promenade/KubernetesNode/v1.yaml @@ -0,0 +1,47 @@ +--- +schema: deckhand/DataSchema/v1 +metadata: + schema: metadata/Control/v1 + name: promenade/KubernetesNode/v1 + labels: + application: promenade +data: + $schema: http://json-schema.org/schema# + definitions: + hostname: + type: string + pattern: '^[a-z][a-z0-9-]+$' + ip_address: + type: string + pattern: '^(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))$' + kubernetes_label: + type: string + # XXX add regex + + type: object + properties: + hostname: + $ref: '#/definitions/hostname' + + ip: + $ref: '#/definitions/ip_address' + + join_ip: + $ref: '#/definitions/ip_address' + + labels: + properties: + static: + type: array + items: + $ref: '#/definitions/kubernetes_label' + dynamic: + type: array + items: + $ref: '#/definitions/kubernetes_label' + additionalProperties: false + + required: + - ip + - join_ip + additionalProperties: false diff --git a/deployment_files/global/v1.0u/schemas/promenade/PKICatalog/PKICatalog.yaml b/deployment_files/global/v1.0u/schemas/promenade/PKICatalog/PKICatalog.yaml new file mode 100644 index 00000000..ae64c54c --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/promenade/PKICatalog/PKICatalog.yaml @@ -0,0 +1,43 @@ +--- +schema: deckhand/DataSchema/v1 +metadata: + schema: metadata/Control/v1 + name: promenade/PKICatalog/v1 + labels: + application: promenade +data: + $schema: http://json-schema.org/schema# + certificate_authorities: + type: array + items: + type: object + properties: + description: + type: string + certificates: + type: array + items: + type: object + properties: + document_name: + type: string + description: + type: string + common_name: + type: string + hosts: + type: array + items: string + groups: + type: array + items: string + keypairs: + type: array + items: + type: object + properties: + name: + type: string + description: + type: string +... diff --git a/deployment_files/global/v1.0u/schemas/shipyard/DeploymentConfiguration/v1.yaml b/deployment_files/global/v1.0u/schemas/shipyard/DeploymentConfiguration/v1.yaml new file mode 100644 index 00000000..79e7781d --- /dev/null +++ b/deployment_files/global/v1.0u/schemas/shipyard/DeploymentConfiguration/v1.yaml @@ -0,0 +1,75 @@ +--- +schema: 'deckhand/DataSchema/v1' +metadata: + schema: metadata/Control/v1 + name: shipyard/DeploymentConfiguration/v1 + labels: + application: shipyard +data: + $schema: 'http://json-schema.org/schema#' + id: 'https://github.com/att-comdev/shipyard/deploymentConfiguration.yaml' + type: 'object' + properties: + physical_provisioner: + type: 'object' + properties: + deployment_strategy: + type: 'string' + enum: + - 'all-at-once' + deploy_interval: + type: 'integer' + deploy_timeout: + type: 'integer' + destroy_interval: + type: 'integer' + destroy_timeout: + type: 'integer' + join_wait: + type: 'integer' + prepare_node_interval: + type: 'integer' + prepare_node_timeout: + type: 'integer' + prepare_site_interval: + type: 'integer' + prepare_site_timeout: + type: 'integer' + verify_interval: + type: 'integer' + verify_timeout: + type: 'integer' + additionalProperties: false + kubernetes: + type: 'object' + properties: + node_status_interval: + type: 'integer' + node_status_timeout: + type: 'integer' + additionalProperties: false + kubernetes_provisioner: + type: 'object' + properties: + drain_timeout: + type: 'integer' + drain_grace_period: + type: 'integer' + clear_labels_timeout: + type: 'integer' + remove_etcd_timeout: + type: 'integer' + etcd_ready_timeout: + type: 'integer' + additionalProperties: false + armada: + type: 'object' + properties: + manifest: + type: 'string' + additionalProperties: false + required: + - manifest + additionalProperties: false + required: + - armada diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/container-networking/calico.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/container-networking/calico.yaml new file mode 100644 index 00000000..448f4385 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/container-networking/calico.yaml @@ -0,0 +1,90 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-calico + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.calico.calico + dest: + path: .source + + # Image versions + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.calico.calico + dest: + path: .values.images + + # IP addresses + - + src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .calico.etcd.service_ip + dest: + path: .values.etcd.service.ip + - + src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.pod_cidr + dest: + path: .values.calico.pod_ip_cidr + + # Other site-specific configuration + - + src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .calico.ip_autodetection_method + dest: + path: .values.calico.ip_autodetection_method + + # Certificates + - + src: + schema: deckhand/CertificateAuthority/v1 + name: calico-etcd + path: . + dest: + path: .values.etcd.tls.ca + - + src: + schema: deckhand/Certificate/v1 + name: calico-node + path: . + dest: + path: .values.etcd.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-node + path: . + dest: + path: .values.etcd.tls.key +data: + chart_name: calico + release: kubernetes-calico + namespace: kube-system + timeout: 600 + wait: + timeout: 600 + upgrade: + no_hooks: true + values: + calico: + ctl: + install_on_host: true + etcd: + service: + port: 6666 + dependencies: [] diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/container-networking/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/container-networking/chart-group.yaml new file mode 100644 index 00000000..4d1cfbda --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/container-networking/chart-group.yaml @@ -0,0 +1,15 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-container-networking + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: Container networking via Calico + sequenced: true + chart_group: + - kubernetes-calico-etcd + - kubernetes-calico diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/container-networking/etcd.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/container-networking/etcd.yaml new file mode 100644 index 00000000..3c855a15 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/container-networking/etcd.yaml @@ -0,0 +1,135 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-calico-etcd-global + layeringDefinition: + abstract: true + layer: global + labels: + name: kubernetes-calico-etcd-global + storagePolicy: cleartext + substitutions: + + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.calico.etcd + dest: + path: .source + + # Image versions + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.calico.etcd + dest: + path: .values.images.tags + + # IP addresses + - + src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .calico.etcd.service_ip + dest: + path: .values.service.ip + - + src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .calico.etcd.service_ip + dest: + path: .values.anchor.etcdctl_endpoint + + # CAs + - + src: + schema: deckhand/CertificateAuthority/v1 + name: calico-etcd + path: . + dest: + path: .values.secrets.tls.client.ca + - + src: + schema: deckhand/CertificateAuthority/v1 + name: calico-etcd-peer + path: . + dest: + path: .values.secrets.tls.peer.ca + + # Anchor client cert + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-anchor + path: . + dest: + path: .values.secrets.anchor.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-anchor + path: . + dest: + path: .values.secrets.anchor.tls.key + +data: + chart_name: etcd + release: kubernetes-calico-etcd + namespace: kube-system + timeout: 600 + wait: + timeout: 600 + upgrade: + no_hooks: true + values: + labels: + anchor: + node_selector_key: calico-etcd + node_selector_value: enabled + etcd: + host_data_path: /var/lib/etcd/calico + host_etc_path: /etc/etcd/calico + bootstrapping: + enabled: true + host_directory: /var/lib/anchor + filename: calico-etcd-bootstrap + service: + name: calico-etcd + network: + service_client: + name: service_client + port: 6666 + target_port: 6666 + service_peer: + name: service_peer + port: 6667 + target_port: 6667 + dependencies: + - kubernetes-calico-etcd-htk +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-calico-etcd-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.calico.etcd-htk + dest: + path: .source +data: + chart_name: kubernetes-calico-etcd-htk + release: kubernetes-calico-etcd-htk + namespace: kubernetes-calico-etcd-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/core/apiserver.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/core/apiserver.yaml new file mode 100644 index 00000000..24e44411 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/core/apiserver.yaml @@ -0,0 +1,138 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-apiserver + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.apiserver + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.kubernetes.apiserver + dest: + path: .values.images.tags + + # IP addresses + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.api_service_ip + dest: + path: .values.network.kubernetes_service_ip + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.pod_cidr + dest: + path: .values.network.pod_cidr + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.service_cidr + dest: + path: .values.network.service_cidr + + # CA + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes + path: . + dest: + path: .values.secrets.tls.ca + + # Certificates + - + src: + schema: deckhand/Certificate/v1 + name: apiserver + path: . + dest: + path: .values.secrets.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: apiserver + path: . + dest: + path: .values.secrets.tls.key + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes-etcd + path: . + dest: + path: .values.secrets.etcd.tls.ca + - + src: + schema: deckhand/Certificate/v1 + name: apiserver-etcd + path: . + dest: + path: .values.secrets.etcd.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: apiserver-etcd + path: . + dest: + path: .values.secrets.etcd.tls.key + - + src: + schema: deckhand/PublicKey/v1 + name: service-account + path: . + dest: + path: .values.secrets.service_account.public_key + +data: + chart_name: apiserver + release: kubernetes-apiserver + namespace: kube-system + timeout: 600 + wait: + timeout: 600 + upgrade: + no_hooks: true + values: + apiserver: + etcd: + endpoints: https://127.0.0.1:2378 + dependencies: + - kubernetes-apiserver-htk +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-apiserver-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.apiserver-htk + dest: + path: .source +data: + chart_name: kubernetes-apiserver-htk + release: kubernetes-apiserver-htk + namespace: kubernetes-apiserver-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/core/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/core/chart-group.yaml new file mode 100644 index 00000000..6e8560d5 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/core/chart-group.yaml @@ -0,0 +1,15 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-core + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: Kubernetes components + chart_group: + - kubernetes-apiserver + - kubernetes-controller-manager + - kubernetes-scheduler diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/core/controller-manager.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/core/controller-manager.yaml new file mode 100644 index 00000000..c4f6cb89 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/core/controller-manager.yaml @@ -0,0 +1,112 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-controller-manager + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.controller-manager + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.kubernetes.controller-manager + dest: + path: .values.images.tags + + # IP addresses + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.pod_cidr + dest: + path: .values.network.pod_cidr + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .values.kubernetes.service_cidr + dest: + path: .values.network.service_cidr + + # CA + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes + path: . + dest: + path: .values.secrets.tls.ca + + # Certificates + - + src: + schema: deckhand/Certificate/v1 + name: controller-manager + path: . + dest: + path: .values.secrets.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: controller-manager + path: . + dest: + path: .values.secrets.tls.key + + # Private key for Kubernetes service account token signing + - + src: + schema: deckhand/PrivateKey/v1 + name: service-account + path: . + dest: + path: .values.secrets.service_account.private_key + +data: + chart_name: controller-manager + release: kubernetes-controller-manager + namespace: kube-system + timeout: 600 + wait: + timeout: 600 + upgrade: + no_hooks: true + values: + network: + kubernetes_netloc: 127.0.0.1:6553 + dependencies: + - kubernetes-controller-manager-htk +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-controller-manager-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.controller-manager-htk + dest: + path: .source +data: + chart_name: kubernetes-controller-manager-htk + release: kubernetes-controller-manager-htk + namespace: kubernetes-controller-manager-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/core/scheduler.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/core/scheduler.yaml new file mode 100644 index 00000000..38be5788 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/core/scheduler.yaml @@ -0,0 +1,89 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-scheduler + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.scheduler + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.kubernetes.scheduler + dest: + path: .values.images.tags + + # CA + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes + path: . + dest: + path: .values.secrets.tls.ca + + # Certificates + - + src: + schema: deckhand/Certificate/v1 + name: scheduler + path: . + dest: + path: .values.secrets.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: scheduler + path: . + dest: + path: .values.secrets.tls.key + +data: + chart_name: scheduler + release: kubernetes-scheduler + namespace: kube-system + timeout: 600 + wait: + timeout: 600 + upgrade: + no_hooks: true + values: + network: + kubernetes_netloc: 127.0.0.1:6553 + dependencies: + - kubernetes-scheduler-htk +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-scheduler-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.scheduler-htk + dest: + path: .source +data: + chart_name: kubernetes-scheduler-htk + release: kubernetes-scheduler-htk + namespace: kubernetes-scheduler-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/dns/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/dns/chart-group.yaml new file mode 100644 index 00000000..1c8abf03 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/dns/chart-group.yaml @@ -0,0 +1,13 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-dns + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: Cluster DNS + chart_group: + - coredns diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/dns/coredns.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/dns/coredns.yaml new file mode 100644 index 00000000..8ac4b8d0 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/dns/coredns.yaml @@ -0,0 +1,62 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: coredns + layeringDefinition: + abstract: false + layer: global + labels: + name: coredns + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.coredns + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.kubernetes.coredns + dest: + path: .values.images +data: + chart_name: coredns + release: coredns + namespace: kube-system + timeout: 600 + wait: + timeout: 600 + upgrade: + no_hooks: true + dependencies: + - coredns-htk +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: coredns-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.coredns-htk + dest: + path: .source +data: + chart_name: coredns-htk + release: coredns-htk + namespace: coredns-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/etcd/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/etcd/chart-group.yaml new file mode 100644 index 00000000..5a951d13 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/etcd/chart-group.yaml @@ -0,0 +1,13 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-etcd + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: Kubernetes etcd + chart_group: + - kubernetes-etcd diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/etcd/etcd.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/etcd/etcd.yaml new file mode 100644 index 00000000..4ce966a1 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/etcd/etcd.yaml @@ -0,0 +1,125 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-etcd-global + layeringDefinition: + abstract: true + layer: global + labels: + name: kubernetes-etcd-global + storagePolicy: cleartext + substitutions: + + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.etcd + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.kubernetes.etcd + dest: + path: .values.images.tags + + # IP addresses + - + src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.etcd_service_ip + dest: + path: .values.service.ip + + # CAs + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes-etcd + path: . + dest: + path: .values.secrets.tls.client.ca + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes-etcd-peer + path: . + dest: + path: .values.secrets.tls.peer.ca + + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-anchor + path: . + dest: + path: .values.secrets.anchor.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-anchor + path: . + dest: + path: .values.secrets.anchor.tls.key + +data: + chart_name: etcd + release: kubernetes-etcd + namespace: kube-system + timeout: 600 + wait: + timeout: 600 + upgrade: + no_hooks: true + values: + anchor: + etcdctl_endpoint: kubernetes-etcd.kube-system.svc.cluster.local + labels: + anchor: + node_selector_key: kubernetes-etcd + node_selector_value: enabled + etcd: + host_data_path: /var/lib/etcd/kubernetes + host_etc_path: /etc/etcd/kubernetes + service: + name: kubernetes-etcd + network: + service_client: + name: service_client + port: 2379 + target_port: 2379 + service_peer: + name: service_peer + port: 2380 + target_port: 2380 + dependencies: + - kubernetes-etcd-htk +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-etcd-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.etcd-htk + dest: + path: .source +data: + chart_name: kubernetes-etcd-htk + release: kubernetes-etcd-htk + namespace: kubernetes-etcd-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/haproxy/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/haproxy/chart-group.yaml new file mode 100644 index 00000000..63a24f5f --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/haproxy/chart-group.yaml @@ -0,0 +1,13 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-haproxy + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: HAProxy for Kubernetes + chart_group: + - haproxy diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/haproxy/haproxy.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/haproxy/haproxy.yaml new file mode 100644 index 00000000..142d91d6 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/haproxy/haproxy.yaml @@ -0,0 +1,90 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: haproxy + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.haproxy + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.kubernetes.haproxy + dest: + path: .values.images +data: + chart_name: haproxy + release: haproxy + namespace: kube-system + timeout: 600 + wait: + timeout: 600 + upgrade: + no_hooks: true + values: + conf: + anchor: + + # TODO(alanmeadows) this should be substituted + kubernetes_url: https://10.96.0.1:443 + services: + default: + kubernetes: + server_opts: "check" + conf_parts: + frontend: + - mode tcp + - option tcpka + - bind *:6553 + backend: + - mode tcp + - option tcpka + kube-system: + kubernetes-etcd: + server_opts: "check" + conf_parts: + frontend: + - mode tcp + - option tcpka + - bind *:2378 + backend: + - mode tcp + - option tcpka + dependencies: + - haproxy-htk +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: haproxy-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.haproxy-htk + dest: + path: .source +data: + chart_name: haproxy-htk + release: haproxy-htk + namespace: haproxy-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/ingress/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/ingress/chart-group.yaml new file mode 100644 index 00000000..11197f69 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/ingress/chart-group.yaml @@ -0,0 +1,13 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: ingress-kube-system + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: Ingress for the site + chart_group: + - ingress-kube-system diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/ingress/ingress.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/ingress/ingress.yaml new file mode 100644 index 00000000..b2904031 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/ingress/ingress.yaml @@ -0,0 +1,70 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ingress-kube-system + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.ingress + dest: + path: .source +data: + chart_name: ingress-kube-system + release: ingress-kube-system + namespace: kube-system + timeout: 300 + install: + no_hooks: false + upgrade: + no_hooks: false + values: + labels: + server: + node_selector_key: kube-ingress + node_selector_value: enabled + error_server: + node_selector_key: kube-ingress + node_selector_value: enabled + deployment: + mode: cluster + type: DaemonSet + network: + host_namespace: true + ingress: + annotations: + nginx.ingress.kubernetes.io/proxy-read-timeout: "603" + pod: + replicas: + error_page: 2 + dependencies: + - ingress-kube-system-htk +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ingress-kube-system-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.ingress-htk + dest: + path: .source +data: + chart_name: ingress-kube-system-htk + release: ingress-kube-system-htk + namespace: ingress-kube-system-htk + timeout: 100 + values: {} + dependencies: [] diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/proxy/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/proxy/chart-group.yaml new file mode 100644 index 00000000..a083dd3d --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/proxy/chart-group.yaml @@ -0,0 +1,14 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-proxy + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: Kubernetes proxy + sequenced: true + chart_group: + - kubernetes-proxy diff --git a/deployment_files/global/v1.0u/software/charts/kubernetes/proxy/kubernetes-proxy.yaml b/deployment_files/global/v1.0u/software/charts/kubernetes/proxy/kubernetes-proxy.yaml new file mode 100644 index 00000000..ffd09686 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/kubernetes/proxy/kubernetes-proxy.yaml @@ -0,0 +1,63 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-proxy + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.proxy + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.kubernetes.proxy + dest: + path: .values.images.tags +data: + chart_name: proxy + release: kubernetes-proxy + namespace: kube-system + timeout: 600 + wait: + timeout: 600 + upgrade: + no_hooks: true + values: + network: + kubernetes_netloc: 127.0.0.1:6553 + dependencies: + - kubernetes-proxy-htk +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-proxy-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.proxy-htk + dest: + path: .source +data: + chart_name: kubernetes-proxy-htk + release: kubernetes-proxy-htk + namespace: kubernetes-proxy-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/ucp/armada/armada.yaml b/deployment_files/global/v1.0u/software/charts/ucp/armada/armada.yaml new file mode 100644 index 00000000..944a6d27 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/armada/armada.yaml @@ -0,0 +1,112 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-armada + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.armada + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ucp.armada + dest: + path: .values.images.tags + + # Endpoints + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.identity + dest: + path: .values.endpoints.identity + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.armada + dest: + path: .values.endpoints.armada + + # Credentials + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.keystone.admin + dest: + path: .values.endpoints.identity.auth.admin + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.armada.keystone + dest: + path: .values.endpoints.identity.auth.user + + # Secrets + - dest: + path: .values.endpoints.identity.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_keystone_admin_password + path: . + - dest: + path: .values.endpoints.identity.auth.user.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_armada_keystone_password + path: . +data: + chart_name: armada + release: ucp-armada + namespace: ucp + timeout: 100 + install: + no_hooks: false + upgrade: + no_hooks: false + values: + replicas: + api: 1 + armada: + DEFAULT: + debug: true + manifests: + deployment_tiller: false + service_tiller: false + dependencies: + - armada-htk +... +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: armada-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.armada-htk + dest: + path: .source +data: + chart_name: armada-htk + release: armada-htk + namespace: armada-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/ucp/armada/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/ucp/armada/chart-group.yaml new file mode 100644 index 00000000..01e6d06f --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/armada/chart-group.yaml @@ -0,0 +1,15 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-armada + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: Armada + sequenced: true + chart_group: + - ucp-tiller + - ucp-armada diff --git a/deployment_files/global/v1.0u/software/charts/ucp/armada/tiller.yaml b/deployment_files/global/v1.0u/software/charts/ucp/armada/tiller.yaml new file mode 100644 index 00000000..0a9ed04e --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/armada/tiller.yaml @@ -0,0 +1,63 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-tiller + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.tiller + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ucp.tiller + dest: + path: .values.images.tags + +data: + chart_name: tiller + release: ucp-tiller + namespace: kube-system + timeout: 100 + install: + no_hooks: false + upgrade: + no_hooks: false + values: {} + dependencies: + - tiller-htk +... +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: tiller-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.tiller-htk + dest: + path: .source +data: + chart_name: tiller-htk + release: tiller-htk + namespace: tiller-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/ucp/ceph-config/ceph-config.yaml b/deployment_files/global/v1.0u/software/charts/ucp/ceph-config/ceph-config.yaml new file mode 100644 index 00000000..7d81b6d3 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/ceph-config/ceph-config.yaml @@ -0,0 +1,129 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-config + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.ceph + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ceph.ceph + dest: + path: .values.images.tags + + # IP addresses + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .storage.ceph.public_cidr + dest: + path: .values.network.public + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .storage.ceph.cluster_cidr + dest: + path: .values.network.cluster + + # Endpoints + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.identity + dest: + path: .values.endpoints.identity + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ceph.object_store + dest: + path: .values.endpoints.object_store + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ceph.ceph_mon + dest: + path: .values.endpoints.ceph_mon + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ceph.ceph_mgr + dest: + path: .values.endpoints.ceph_mgr + + # Credentials + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.keystone.admin + dest: + path: .values.endpoints.identity.auth.admin + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ceph.swift.keystone + dest: + path: .values.endpoints.identity.auth.swift + + # Secrets + - dest: + path: .values.endpoints.identity.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_keystone_admin_password + path: . + - dest: + path: .values.endpoints.identity.auth.swift.password + src: + schema: deckhand/Passphrase/v1 + name: ceph_swift_keystone_password + path: . + +data: + chart_name: ucp-ceph-config + release: ucp-ceph-config + namespace: ucp + timeout: 3600 + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: + - type: job + labels: + application: ceph + component: namespace-client-key-generator + values: + labels: + job: + node_selector_key: ucp-control-plane + node_selector_value: enabled + provisioner: + node_selector_key: ucp-control-plane + node_selector_value: enabled + ceph: + rgw_keystone_auth: true + deployment: + storage_secrets: false + ceph: false + rbd_provisioner: false + cephfs_provisioner: false + client_secrets: true + rgw_keystone_user_and_endpoints: false + dependencies: + - ceph_htk +... diff --git a/deployment_files/global/v1.0u/software/charts/ucp/ceph-config/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/ucp/ceph-config/chart-group.yaml new file mode 100644 index 00000000..efda7bd6 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/ceph-config/chart-group.yaml @@ -0,0 +1,15 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-config + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: Ceph config for UCP namespace(s) + chart_group: + # NOTE(mb874d): This will probably expand into one config per UCP namespace + # that requires ceph access. + - ucp-ceph-config diff --git a/deployment_files/global/v1.0u/software/charts/ucp/ceph/ceph.yaml b/deployment_files/global/v1.0u/software/charts/ucp/ceph/ceph.yaml new file mode 100644 index 00000000..8ea2b97f --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/ceph/ceph.yaml @@ -0,0 +1,278 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.ceph + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ceph.ceph + dest: + path: .values.images.tags + + # IP addresses + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostcidr + dest: + path: .values.network.public + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostcidr + dest: + path: .values.network.cluster + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.identity + dest: + path: .values.endpoints.identity + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ceph.object_store + dest: + path: .values.endpoints.object_store + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ceph.ceph_mon + dest: + path: .values.endpoints.ceph_mon + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ceph.ceph_mgr + dest: + path: .values.endpoints.ceph_mgr + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.keystone.admin + dest: + path: .values.endpoints.identity.auth.admin + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ceph.swift.keystone + dest: + path: .values.endpoints.identity.auth.swift + + # Secrets + - dest: + path: .values.endpoints.identity.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_keystone_admin_password + path: . + - dest: + path: .values.endpoints.identity.auth.swift.password + src: + schema: deckhand/Passphrase/v1 + name: ceph_swift_keystone_password + path: . +data: + chart_name: ceph + release: ucp-ceph + namespace: ceph + timeout: 900 + wait: + timeout: 900 + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: + - type: job + labels: + application: ceph + component: bootstrap + - type: job + labels: + application: ceph + component: mds-keyring-generator + - type: job + labels: + application: ceph + component: mon-keyring-generator + - type: job + labels: + application: ceph + component: rgw-keyring-generator + - type: job + labels: + application: ceph + component: storage-keys-generator + - type: job + labels: + application: ceph + component: osd-keyring-generator + values: + labels: + job: + node_selector_key: ucp-control-plane + node_selector_value: enabled + provisioner: + node_selector_key: ucp-control-plane + node_selector_value: enabled + endpoints: + identity: + namespace: openstack + object_store: + namespace: ceph + ceph_mon: + namespace: ceph + ceph: + rgw_keystone_auth: true + deployment: + ceph: true + client_secrets: false + rbd_provisioner: true + cephfs_provisioner: true + rgw_keystone_user_and_endpoints: false + storage_secrets: true + bootstrap: + enabled: true + conf: + storage: + osd: + - data: + type: directory + location: /var/lib/openstack-helm/ceph/osd/osd-one + journal: + type: directory + location: /var/lib/openstack-helm/ceph/osd/journal-one + rgw_ks: + enabled: true + ceph: + global: + fsid: '88904ebb-f6fc-48b1-80ec-e1915cfa84a9' + osd_pool_default_size: 1 + osd: + osd_crush_chooseleaf_type: 0 + pool: + crush: + tunables: 'hammer' + target: + osd: 1 + pg_per_osd: 100 + default: + crush_rule: same_host + spec: + # RBD pool + - name: rbd + application: rbd + replication: 1 + percent_total_data: 40 + # CephFS pools + - name: cephfs_metadata + application: cephfs + replication: 1 + percent_total_data: 5 + - name: cephfs_data + application: cephfs + replication: 1 + percent_total_data: 10 + # RadosGW pools + - name: .rgw.root + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.control + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.data.root + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.gc + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.log + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.intent-log + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.meta + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.usage + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.keys + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.email + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.swift + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.uid + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.buckets.extra + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.buckets.index + application: rgw + replication: 1 + percent_total_data: 3 + - name: default.rgw.buckets.data + application: rgw + replication: 1 + percent_total_data: 34.8 + dependencies: + - ceph_htk +... +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ceph_htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + chart_name: ceph_htk + release: ceph_htk + namespace: ceph_htk + timeout: 100 + values: {} + source: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: d5f880c1ee5111c0e6889323fa4b7138c36f2673 + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/ucp/ceph/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/ucp/ceph/chart-group.yaml new file mode 100644 index 00000000..45dfaff6 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/ceph/chart-group.yaml @@ -0,0 +1,14 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: Ceph Storage + sequenced: true + chart_group: + - ucp-ceph diff --git a/deployment_files/global/v1.0u/software/charts/ucp/core/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/ucp/core/chart-group.yaml new file mode 100644 index 00000000..147b8bcc --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/core/chart-group.yaml @@ -0,0 +1,17 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-core + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: Common UCP Components + chart_group: + - ucp-ingress + - ucp-mariadb + - ucp-postgresql + - ucp-rabbitmq +... diff --git a/deployment_files/global/v1.0u/software/charts/ucp/core/ingress.yaml b/deployment_files/global/v1.0u/software/charts/ucp/core/ingress.yaml new file mode 100644 index 00000000..776679c8 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/core/ingress.yaml @@ -0,0 +1,69 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ingress + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.ingress + dest: + path: .source +data: + chart_name: ingress + release: ingress + namespace: ucp + timeout: 600 + wait: + timeout: 600 + install: + no_hooks: false + upgrade: + no_hooks: false + values: + labels: + server: + node_selector_key: ucp-control-plane + node_selector_value: enabled + error_server: + node_selector_key: ucp-control-plane + node_selector_value: enabled + pod: + replicas: + ingress: 1 + error_page: 1 + network: + ingress: + annotations: + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + dependencies: + - ucp-ingress-htk +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ingress-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.ingress-htk + dest: + path: .source +data: + chart_name: ucp-ingress-htk + release: ucp-ingress-htk + namespace: ucp-ingress-htk + timeout: 100 + values: {} + dependencies: [] diff --git a/deployment_files/global/v1.0u/software/charts/ucp/core/mariadb.yaml b/deployment_files/global/v1.0u/software/charts/ucp/core/mariadb.yaml new file mode 100644 index 00000000..a91b1997 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/core/mariadb.yaml @@ -0,0 +1,95 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-mariadb + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.mariadb + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ucp.mariadb + dest: + path: .values.images.tags + + # Endpoints + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.oslo_db + dest: + path: .values.endpoints.olso_db + # Accounts + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.oslo_db.admin + dest: + path: .values.endpoints.oslo_db.auth.admin + + # Secrets + - dest: + path: .values.endpoints.oslo_db.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_oslo_db_admin_password + path: . + +data: + chart_name: ucp-mariadb + release: ucp-mariadb + namespace: ucp + install: + no_hooks: false + upgrade: + no_hooks: false + values: + labels: + server: + node_selector_key: ucp-control-plane + node_selector_value: enabled + prometheus_mysql_exporter: + node_selector_key: ucp-control-plane + node_selector_value: enabled + pod: + replicas: + server: 1 + dependencies: + - mariadb-htk +... +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: mariadb-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.mariadb-htk + dest: + path: .source +data: + chart_name: mariadb-htk + release: mariadb-htk + namespace: mariadb-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/ucp/core/postgresql.yaml b/deployment_files/global/v1.0u/software/charts/ucp/core/postgresql.yaml new file mode 100644 index 00000000..392d1267 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/core/postgresql.yaml @@ -0,0 +1,95 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-postgresql + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.postgresql + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ucp.postgresql + dest: + path: .values.images.tags + + # Endpoints + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.postgresql + dest: + path: .values.endpoints.postgresql + # Credentials + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.postgres.admin + dest: + path: .values.endpoints.postgresql.auth.admin + + # Secrets + - dest: + path: .values.endpoints.postgresql.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_postgres_admin_password + path: . +data: + chart_name: ucp-postgresql + release: ucp-postgresql + namespace: ucp + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: [] + create: [] + post: + create: [] + values: + development: + enabled: false + labels: + server: + node_selector_key: ucp-control-plane + node_selector_value: enabled + dependencies: + - postgres-htk +... +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: postgres-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.postgresql-htk + dest: + path: .source +data: + chart_name: postgres-htk + release: postgres-htk + namespace: postgres-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/ucp/core/rabbitmq.yaml b/deployment_files/global/v1.0u/software/charts/ucp/core/rabbitmq.yaml new file mode 100644 index 00000000..a6e7e891 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/core/rabbitmq.yaml @@ -0,0 +1,102 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-rabbitmq + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.rabbitmq + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ucp.rabbitmq + dest: + path: .values.images.tags + + # Endpoints + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.oslo_messaging + dest: + path: .values.endpoints.oslo_messaging + + # Credentials + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.oslo_messaging.admin + dest: + path: .values.endpoints.oslo_messaging.auth.user + + # Secrets + + - src: + schema: deckhand/Passphrase/v1 + name: ucp_rabbitmq_erlang_cookie + path: . + dest: + path: .values.endpoints.oslo_messaging.auth.erlang_cookie + - src: + schema: deckhand/Passphrase/v1 + name: ucp_oslo_messaging_password + path: . + dest: + path: .values.endpoints.oslo_messaging.auth.user.password +data: + chart_name: ucp-rabbitmq + release: ucp-rabbitmq + namespace: ucp + install: + no_hooks: false + upgrade: + no_hooks: false + values: + pod: + replicas: + server: 1 + labels: + server: + node_selector_key: ucp-control-plane + node_selector_value: enabled + prometheus_rabbitmq_exporter: + node_selector_key: ucp-control-plane + node_selector_value: enabled + dependencies: + - ucp-rabbitmq-htk +... +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-rabbitmq-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.rabbitmq-htk + dest: + path: .source +data: + chart_name: ucp-rabbitmq-htk + release: ucp-rabbitmq-htk + namespace: ucp-rabbitmq-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/ucp/deckhand/barbican.yaml b/deployment_files/global/v1.0u/software/charts/ucp/deckhand/barbican.yaml new file mode 100644 index 00000000..9a48bbff --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/deckhand/barbican.yaml @@ -0,0 +1,182 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-barbican + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.barbican + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ucp.barbican + dest: + path: .values.images.tags + + # Endpoints + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.identity + dest: + path: .values.endpoints.identity + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.key_manager + dest: + path: .values.endpoints.key_manager + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.oslo_db + dest: + path: .values.endpoints.oslo_db + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.oslo_cache + dest: + path: .values.endpoints.oslo_cache + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.oslo_messaging + dest: + path: .values.endpoints.oslo_messaging + + # Credentials + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.barbican.keystone + dest: + path: .values.endpoints.identity.auth.barbican + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.keystone.admin + dest: + path: .values.endpoints.identity.auth.admin + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.barbican.oslo_db + dest: + path: .values.endpoints.oslo_db.auth.barbican + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.barbican.oslo_db.database + dest: + path: .values.endpoints.oslo_db.path + pattern: DB_NAME + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.barbican.oslo_messaging + dest: + path: .values.endpoints.oslo_messaging.auth + + # Secrets + - dest: + path: .values.endpoints.identity.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_keystone_admin_password + path: . + - dest: + path: .values.endpoints.oslo_db.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_oslo_db_admin_password + path: . + - dest: + path: .values.endpoints.identity.auth.barbican.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_barbican_keystone_password + path: . + - dest: + path: .values.endpoints.oslo_db.auth.barbican.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_barbican_oslo_db_password + path: . + - dest: + path: .values.endpoints.oslo_messaging.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_oslo_messaging_password + path: . + - dest: + path: .values.endpoints.oslo_messaging.auth.barbican.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_oslo_messaging_password + path: . +data: + chart_name: ucp-barbican + release: ucp-barbican + namespace: ucp + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: [] + create: [] + post: + create: [] + values: + labels: + api: + node_selector_key: ucp-control-plane + node_selector_value: enabled + job: + node_selector_key: ucp-control-plane + node_selector_value: enabled + test: + node_selector_key: ucp-control-plane + node_selector_value: enabled + pod: + replicas: + api: 1 + dependencies: + - ucp-barbican-htk +... +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-barbican-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.barbican-htk + dest: + path: .source +data: + chart_name: ucp-barbican-htk + release: ucp-barbican-htk + namespace: ucp-barbican-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/ucp/deckhand/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/ucp/deckhand/chart-group.yaml new file mode 100644 index 00000000..0b7bee7a --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/deckhand/chart-group.yaml @@ -0,0 +1,16 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-deckhand + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: Deckhand + chart_group: + # NOTE(mb874d): Find and add the dogtag chart + # - ucp-dogtag + - ucp-barbican + - ucp-deckhand diff --git a/deployment_files/global/v1.0u/software/charts/ucp/deckhand/deckhand.yaml b/deployment_files/global/v1.0u/software/charts/ucp/deckhand/deckhand.yaml new file mode 100644 index 00000000..c30609b9 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/deckhand/deckhand.yaml @@ -0,0 +1,171 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-deckhand + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.deckhand + dest: + path: .source + + # Images + + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ucp.deckhand + dest: + path: .values.images.tags + + # Endpoints + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.identity + dest: + path: .values.endpoints.identity + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.postgresql + dest: + path: .values.endpoints.postgresql + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.deckhand + dest: + path: .values.endpoints.deckhand + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.key_manager + dest: + path: .values.endpoints.key_manager + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.oslo_cache + dest: + path: .values.endpoints.oslo_cache + # Credentials + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.postgres.admin + dest: + path: .values.endpoints.postgresql.auth.admin + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.deckhand.postgres + dest: + path: .values.endpoints.postgresql.auth.user + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.deckhand.postgres.database + dest: + path: .values.endpoints.postgresql.path + pattern: DB_NAME + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.deckhand.keystone + dest: + path: .values.endpoints.identity.auth.user + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.keystone.admin + dest: + path: .values.endpoints.identity.auth.admin + + # Secrets + - dest: + path: .values.endpoints.identity.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_keystone_admin_password + path: . + - dest: + path: .values.endpoints.postgresql.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_postgres_admin_password + path: . + - dest: + path: .values.endpoints.identity.auth.user.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_deckhand_keystone_password + path: . + - dest: + path: .values.endpoints.postgresql.auth.user.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_deckhand_postgres_password + path: . +data: + chart_name: ucp-deckhand + release: ucp-deckhand + namespace: ucp + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: + - type: 'job' + labels: + application: 'deckhand' + create: [] + post: + create: [] + values: + pod: + replicas: + api: 1 + conf: + deckhand: + DEFAULT: + debug: true + use_stderr: true + use_syslog: true + keystone_authtoken: + memcache_security_strategy: None + dependencies: + - deckhand-htk +... +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: deckhand-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.deckhand-htk + dest: + path: .source +data: + chart_name: deckhand-htk + release: deckhand-htk + namespace: deckhand-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/ucp/divingbell/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/ucp/divingbell/chart-group.yaml new file mode 100644 index 00000000..e67a6e20 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/divingbell/chart-group.yaml @@ -0,0 +1,13 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-divingbell + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: Divingbell + chart_group: + - ucp-divingbell diff --git a/deployment_files/global/v1.0u/software/charts/ucp/divingbell/divingbell.yaml b/deployment_files/global/v1.0u/software/charts/ucp/divingbell/divingbell.yaml new file mode 100644 index 00000000..aca0052a --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/divingbell/divingbell.yaml @@ -0,0 +1,86 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-divingbell + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.divingbell + dest: + path: .source +data: + chart_name: divingbell + release: divingbell + namespace: ucp + timeout: 300 + install: + no_hooks: false + upgrade: + no_hooks: false + values: + conf: + sysctl: + net.nf_conntrack_max: '1048576' + kernel.panic: '60' + net.ipv4.conf.default.arp_accept: '1' + net.core.netdev_max_backlog: '261144' + net.ipv4.tcp_keepalive_intvl: '3' + net.ipv4.tcp_keepalive_time: '30' + net.ipv4.tcp_keepalive_probes: '8' + net.ipv4.conf.all.arp_accept: '1' + net.ipv4.tcp_retries2: '5' + net.ipv4.neigh.default.gc_thresh1: '4096' + net.ipv4.neigh.default.gc_thresh2: '8192' + net.ipv4.neigh.default.gc_thresh3: '16384' + net.bridge.bridge-nf-call-iptables: '1' + net.bridge.bridge-nf-call-arptables: '1' + net.bridge.bridge-nf-call-ip6tables: '1' + net.ipv4.conf.default.rp_filter: '0' + net.netfilter.nf_conntrack_acct: '1' + overrides: + divingbell_mounts: + labels: + - label: + key: hosttype + values: + - "nd-global" + - "nv-global" + conf: + mounts: + mnt1: + mnt_tgt: /run/hugepages/kvm + device: hugetlbfs-kvm + type: hugetlbfs + options: 'mode=775' + dependencies: + - ucp-divingbell-htk +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-divingbell-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.divingbell-htk + dest: + path: .source +data: + chart_name: ucp-divingbell-htk + release: ucp-divingbell-htk + namespace: ucp-divingbell-htk + timeout: 100 + values: {} + dependencies: [] diff --git a/deployment_files/global/v1.0u/software/charts/ucp/drydock/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/ucp/drydock/chart-group.yaml new file mode 100644 index 00000000..498e5e31 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/drydock/chart-group.yaml @@ -0,0 +1,14 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-drydock + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: Drydock + chart_group: + - ucp-maas + - ucp-drydock diff --git a/deployment_files/global/v1.0u/software/charts/ucp/drydock/drydock.yaml b/deployment_files/global/v1.0u/software/charts/ucp/drydock/drydock.yaml new file mode 100644 index 00000000..741169ec --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/drydock/drydock.yaml @@ -0,0 +1,189 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-drydock + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.drydock + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ucp.drydock + dest: + path: .values.images.tags + + # Endpoints + + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.identity + dest: + path: .values.endpoints.identity + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.postgresql + dest: + path: .values.endpoints.postgresql + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.physicalprovisioner + dest: + path: .values.endpoints.physicalprovisioner + + # Drydock IPs + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .node_ports.drydock_api + dest: + path: .values.network.drydock.node_port.port + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .node_ports.drydock_api + dest: + path: .values.endpoints.physicalprovisioner.port.api.nodeport + + # MaaS IPs + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + # TODO(mb874d): Can change once we have an accessible VIP from fresh nodes. + path: .genesis.ip + dest: + path: .values.conf.drydock.maasdriver.maas_api_url + pattern: 'MAAS_IP' + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .node_ports.maas_api + dest: + path: .values.conf.drydock.maasdriver.maas_api_url + pattern: 'MAAS_PORT' + + # Credentials + + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.postgres.admin + dest: + path: .values.endpoints.postgresql.auth.admin + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.drydock.postgres + dest: + path: .values.endpoints.postgresql.auth.user + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.drydock.postgres.database + dest: + path: .values.endpoints.postgresql.path + pattern: DB_NAME + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.drydock.keystone + dest: + path: .values.endpoints.identity.auth.user + + # Secrets + - dest: + path: .values.endpoints.identity.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_keystone_admin_password + path: . + - dest: + path: .values.endpoints.postgresql.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_postgres_admin_password + path: . + - dest: + path: .values.endpoints.identity.auth.user.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_drydock_keystone_password + path: . + - dest: + path: .values.endpoints.postgresql.auth.user.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_drydock_postgres_password + path: . + +data: + chart_name: drydock + release: drydock + namespace: ucp + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: + - type: 'job' + labels: + application: 'drydock' + values: + replicas: + drydock: 1 + labels: + node_selector_key: ucp-control-plane + node_selector_value: enabled + network: + drydock: + node_port: + enabled: true + conf: + drydock: + maasdriver: + maas_api_url: http://MAAS_IP:MAAS_PORT/MAAS/api/2.0/ + plugins: + ingester: drydock_provisioner.ingester.plugins.deckhand.DeckhandIngester + dependencies: + - drydock-htk +... +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: drydock-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.drydock-htk + dest: + path: .source +data: + chart_name: drydock-htk + release: drydock-htk + namespace: drydock-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/ucp/drydock/maas.yaml b/deployment_files/global/v1.0u/software/charts/ucp/drydock/maas.yaml new file mode 100644 index 00000000..a5565376 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/drydock/maas.yaml @@ -0,0 +1,221 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-maas + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.maas + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ucp.maas + dest: + path: .values.images.tags + + # Drydock IPs + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + # TODO(mb874d): Can change once we have an accessible VIP from fresh nodes. + path: .bootstrap.ip + dest: + path: .values.conf.drydock.bootaction_url + pattern: '(DRYDOCK_IP)' + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .node_ports.drydock_api + dest: + path: .values.conf.drydock.bootaction_url + pattern: '(DRYDOCK_PORT)' + + # MaaS IPs + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + # TODO(mb874d): Can change once we have an accessible VIP from fresh nodes. + path: .bootstrap.ip + dest: + path: .values.conf.maas.url.maas_url + pattern: '(MAAS_IP)' + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .node_ports.maas_api + dest: + path: .values.conf.maas.url.maas_url + pattern: '(MAAS_PORT)' + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .node_ports.maas_api + dest: + path: .values.network.gui.node_port.port + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .node_ports.maas_proxy + dest: + path: .values.network.proxy.node_port.port + + # MaaS Config + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.upstream_servers_joined + dest: + path: .values.conf.maas.dns.dns_servers + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .ntp.servers_joined + dest: + path: .values.conf.maas.ntp.ntp_servers + - src: + schema: deckhand/Passphrase/v1 + name: maas-region-key + path: . + dest: + path: .values.secrets.maas_region.value + + # Endpoint substitutions + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.postgresql + dest: + path: .values.endpoints.maas_db + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.maas_region_ui + dest: + path: .values.endpoints.maas_region_ui + + # Account and credential substitutions + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.postgres.admin + dest: + path: .values.endpoints.maas_db.auth.admin + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.maas.postgres + dest: + path: .values.endpoints.maas_db.auth.user + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.maas.postgres.database + dest: + path: .values.endpoints.maas_db.path + pattern: DB_NAME + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.maas.admin + dest: + path: .values.endpoints.maas_region_ui.auth.admin + + # Secrets + - dest: + path: .values.endpoints.maas_region_ui.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_maas_admin_password + path: . + - dest: + path: .values.endpoints.maas_db.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_postgres_admin_password + path: . + - dest: + path: .values.endpoints.maas_db.auth.user.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_maas_postgres_password + path: . +data: + chart_name: maas + release: maas + namespace: ucp + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: + - type: 'job' + labels: + application: 'maas' + values: + labels: + rack: + node_selector_key: ucp-control-plane + node_selector_value: enabled + region: + node_selector_key: ucp-control-plane + node_selector_value: enabled + network: + proxy: + node_port: + enabled: true + conf: + cache: + enabled: false + drydock: + bootaction_url: http://DRYDOCK_IP:DRYDOCK_PORT/api/v1.0/bootactions/nodes/ + maas: + credentials: + secret: + namespace: ucp + url: + maas_url: http://MAAS_IP:MAAS_PORT/MAAS + proxy: + proxy_enabled: 'false' + ntp: + use_external_only: 'false' + dns: + require_dnssec: 'no' + dependencies: + - maas-htk +... +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: maas-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.maas-htk + dest: + path: .source +data: + chart_name: maas-htk + release: maas-htk + namespace: maas-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/ucp/keystone/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/ucp/keystone/chart-group.yaml new file mode 100644 index 00000000..1baf7e75 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/keystone/chart-group.yaml @@ -0,0 +1,14 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-keystone + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: UCP Keystone components + chart_group: + - ucp-keystone-memcached + - ucp-keystone diff --git a/deployment_files/global/v1.0u/software/charts/ucp/keystone/keystone.yaml b/deployment_files/global/v1.0u/software/charts/ucp/keystone/keystone.yaml new file mode 100644 index 00000000..b7c6f7f1 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/keystone/keystone.yaml @@ -0,0 +1,169 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-keystone + labels: + component: keystone + configuration: ldap-backed + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.keystone + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ucp.keystone + dest: + path: .values.images.tags + + # Endpoints + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.identity + dest: + path: .values.endpoints.identity + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.oslo_db + dest: + path: .values.endpoints.oslo_db + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.oslo_messaging + dest: + path: .values.endpoints.oslo_messaging + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.oslo_cache + dest: + path: .values.endpoints.oslo_cache + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.keystone.admin + dest: + path: .values.endpoints.identity.auth.admin + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.keystone.oslo_messaging + dest: + path: .values.endpoints.oslo_messaging.auth + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.keystone.oslo_db + dest: + path: .values.endpoints.oslo_db.auth.keystone + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.keystone.oslo_db.database + dest: + path: .values.endpoints.oslo_db.path + pattern: DB_NAME + + # Secrets + - dest: + path: .values.endpoints.identity.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_keystone_admin_password + path: . + - dest: + path: .values.endpoints.oslo_messaging.auth.keystone.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_oslo_messaging_password + path: . + - dest: + path: .values.endpoints.oslo_messaging.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_oslo_messaging_password + path: . + - dest: + path: .values.endpoints.oslo_db.auth.keystone.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_keystone_oslo_db_password + path: . + - dest: + path: .values.endpoints.oslo_db.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_oslo_db_admin_password + path: . +data: + chart_name: ucp-keystone + release: ucp-keystone + namespace: ucp + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: + - type: job + labels: + job-name: keystone-db-sync + - type: job + labels: + job-name: keystone-db-init + post: + create: [] + values: + pods: + replicas: + api: 1 + labels: + api: + node_selector_key: ucp-control-plane + node_selector_value: enabled + job: + node_selector_key: ucp-control-plane + node_selector_value: enabled + + + dependencies: + - ucp-keystone-htk +... +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-keystone-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.keystone-htk + dest: + path: .source +data: + chart_name: ucp-keystone-htk + release: ucp-keystone-htk + namespace: ucp-keystone-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/ucp/keystone/memcached.yaml b/deployment_files/global/v1.0u/software/charts/ucp/keystone/memcached.yaml new file mode 100644 index 00000000..f1bfbc31 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/keystone/memcached.yaml @@ -0,0 +1,72 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-keystone-memcached + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.memcached + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ucp.memcached + dest: + path: .values.images.tags + + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.oslo_cache + dest: + path: .values.endpoints.oslo_cache +data: + chart_name: ucp-keystone-memcached + release: ucp-keystone-memcached + namespace: ucp + install: + no_hooks: false + upgrade: + no_hooks: false + values: + labels: + server: + node_selector_key: ucp-control-plane + node_selector_value: enabled + dependencies: + - ucp-memcached-htk +... +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-memcached-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.memcached-htk + dest: + path: .source +data: + chart_name: ucp-memcached-htk + release: ucp-memcached-htk + namespace: ucp-memcached-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/ucp/promenade/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/ucp/promenade/chart-group.yaml new file mode 100644 index 00000000..dcea4468 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/promenade/chart-group.yaml @@ -0,0 +1,13 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-promenade + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: Promenade + chart_group: + - ucp-promenade diff --git a/deployment_files/global/v1.0u/software/charts/ucp/promenade/promenade.yaml b/deployment_files/global/v1.0u/software/charts/ucp/promenade/promenade.yaml new file mode 100644 index 00000000..7b957030 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/promenade/promenade.yaml @@ -0,0 +1,118 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-promenade + layeringDefinition: + abstract: false + layer: global + labels: + name: ucp-promenade + storagePolicy: cleartext + substitutions: + + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.promenade + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ucp.promenade + dest: + path: .values.images.tags + + # Endpoints + + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.identity + dest: + path: .values.endpoints.identity + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.kubernetesprovisioner + dest: + path: .values.endpoints.kubernetesprovisioner + + # Credentials + + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.keystone.admin + dest: + path: .values.endpoints.identity.auth.admin + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.promenade.keystone + dest: + path: .values.endpoints.identity.auth.user + + # Secrets + - dest: + path: .values.endpoints.identity.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_keystone_admin_password + path: . + - dest: + path: .values.endpoints.identity.auth.user.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_promenade_keystone_password + path: . + +data: + chart_name: promenade + release: ucp-promenade + namespace: ucp + install: + no_hooks: false + upgrade: + no_hooks: false + values: + conf: + paste: + filter:authtoken: + paste.filter_factory: keystonemiddleware.auth_token:filter_factory + admin_tenant_name: service + admin_user: promenade + delay_auth_decision: true + identity_uri: http://keystone-api.ucp.svc.cluster.local/ + service_token_roles_required: true + dependencies: + - promenade-htk +... +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: promenade-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.promenade-htk + dest: + path: .source +data: + chart_name: promenade-htk + release: promenade-htk + namespace: promenade-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/charts/ucp/shipyard/chart-group.yaml b/deployment_files/global/v1.0u/software/charts/ucp/shipyard/chart-group.yaml new file mode 100644 index 00000000..4dffc6e0 --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/shipyard/chart-group.yaml @@ -0,0 +1,13 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-shipyard + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + description: Shipyard + chart_group: + - ucp-shipyard diff --git a/deployment_files/global/v1.0u/software/charts/ucp/shipyard/shipyard.yaml b/deployment_files/global/v1.0u/software/charts/ucp/shipyard/shipyard.yaml new file mode 100644 index 00000000..93c2fbda --- /dev/null +++ b/deployment_files/global/v1.0u/software/charts/ucp/shipyard/shipyard.yaml @@ -0,0 +1,289 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-shipyard + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.shipyard + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.ucp.shipyard + dest: + path: .values.images.tags + + # Node ports + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .node_ports.shipyard_api + dest: + path: .values.network.shipyard.node_port + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .node_ports.airflow_web + dest: + path: .values.network.airflow.web.node_port + + # Endpoints + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.identity + dest: + path: .values.endpoints.identity + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.postgresql + dest: + path: .values.endpoints.postgresql_shipyard_db + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.postgresql + dest: + path: .values.endpoints.postgresql_airflow_db + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.shipyard + dest: + path: .values.endpoints.shipyard + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.airflow_web + dest: + path: .values.endpoints.airflow_web + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.airflow_flower + dest: + path: .values.endpoints.airflow_flower + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.oslo_messaging + dest: + path: .values.endpoints.olso_messaging + - src: + schema: pegleg/EndpointCatalogue/v1 + name: ucp_endpoints + path: .ucp.oslo_cache + dest: + path: .values.endpoints.oslo_cache + + # Database path + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.shipyard.postgres.database + dest: + path: .values.endpoints.postgresql_shipyard_db.path + pattern: 'DB_NAME' + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.airflow.postgres.database + dest: + path: .values.endpoints.postgresql_airflow_db.path + pattern: 'DB_NAME' + # Credentials + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.postgres.admin + dest: + path: .values.endpoints.postgresql_shipyard_db.auth.admin + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.postgres.admin + dest: + path: .values.endpoints.postgresql_airflow_db.auth.admin + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.keystone.admin + dest: + path: .values.endpoints.identity.auth.admin + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.shipyard.postgres + dest: + path: .values.endpoints.postgresql_shipyard_db.auth.user + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.airflow.postgres + dest: + path: .values.endpoints.postgresql_airflow_db.auth.user + - src: + schema: pegleg/AccountCatalogue/v1 + name: ucp_service_accounts + path: .ucp.airflow.oslo_messaging + dest: + path: .values.endpoints.oslo_messaging.auth.user + + # Secrets + - dest: + path: .values.endpoints.identity.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_keystone_admin_password + path: . + - dest: + path: .values.endpoints.postgresql_shipyard_db.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_postgres_admin_password + path: . + - dest: + path: .values.endpoints.postgresql_airflow_db.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_postgres_admin_password + path: . + - dest: + path: .values.endpoints.postgresql_airflow_celery_db.auth.admin.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_postgres_admin_password + path: . + - dest: + path: .values.endpoints.identity.auth.user.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_shipyard_keystone_password + path: . + - dest: + path: .values.endpoints.postgresql_shipyard_db.auth.user.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_shipyard_postgres_password + path: . + - dest: + path: .values.endpoints.postgresql_airflow_db.auth.user.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_airflow_postgres_password + path: . + - dest: + path: .values.endpoints.postgresql_airflow_celery_db.auth.user.password + src: + schema: deckhand/Passphrase/v1 + name: ucp_airflow_postgres_password + path: . + - src: + schema: deckhand/Passphrase/v1 + name: ucp_oslo_messaging_password + path: . + dest: + path: .values.endpoints.oslo_messaging.auth.user.password + +data: + chart_name: shipyard + release: ucp-shipyard + namespace: ucp + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: + - type: 'job' + labels: + application: 'shipyard' + - type: 'job' + labels: + application: 'airflow' + values: + endpoints: + postgresql_airflow_db: + name: postgresql + hosts: + default: postgresql + path: /DB_NAME + scheme: postgresql+psycopg2 + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + postgresql_shipyard_db: + name: postgresql + hosts: + default: postgresql + path: /DB_NAME + scheme: postgresql+psycopg2 + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + prod_environment: true + pod: + replicas: + shipyard: + api: 1 + airflow: + web: 1 + worker: 1 + flower: 1 + scheduler: 1 + labels: + node_selector_key: ucp-control-plane + node_selector_value: enabled + network: + shipyard: + enable_node_port: true + airflow: + web: + enable_node_port: true + conf: + shipyard: + keystone_authtoken: + memcache_security_strategy: None + dependencies: + - shipyard-htk +... +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: shipyard-htk + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.ucp.shipyard-htk + dest: + path: .source +data: + chart_name: shipyard-htk + release: shipyard-htk + namespace: shipyard-htk + timeout: 100 + values: {} + dependencies: [] +... diff --git a/deployment_files/global/v1.0u/software/config/Docker.yaml b/deployment_files/global/v1.0u/software/config/Docker.yaml new file mode 100644 index 00000000..3e59635d --- /dev/null +++ b/deployment_files/global/v1.0u/software/config/Docker.yaml @@ -0,0 +1,17 @@ +--- +schema: promenade/Docker/v1 +metadata: + schema: metadata/Document/v1 + name: docker-global + labels: + promenade: enabled + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + config: + live-restore: true + storage-driver: overlay2 + insecure-registries: + - artifacts-aic.atlantafoundry.com diff --git a/deployment_files/global/v1.0u/software/config/Kubelet.yaml b/deployment_files/global/v1.0u/software/config/Kubelet.yaml new file mode 100644 index 00000000..89aac09c --- /dev/null +++ b/deployment_files/global/v1.0u/software/config/Kubelet.yaml @@ -0,0 +1,25 @@ +--- +schema: promenade/Kubelet/v1 +metadata: + schema: metadata/Document/v1 + name: kubelet + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.kubernetes.pause + dest: + path: .images.pause +data: + arguments: + - --cni-bin-dir=/opt/cni/bin + - --cni-conf-dir=/etc/cni/net.d + - --eviction-max-pod-grace-period=-1 + - --network-plugin=cni + - --node-status-update-frequency=5s + - --serialize-image-pulls=false + - --v=5 diff --git a/deployment_files/global/v1.0u/software/config/versions.yaml b/deployment_files/global/v1.0u/software/config/versions.yaml new file mode 100644 index 00000000..62e4b24a --- /dev/null +++ b/deployment_files/global/v1.0u/software/config/versions.yaml @@ -0,0 +1,453 @@ +--- +schema: pegleg/SoftwareVersions/v1 +metadata: + schema: metadata/Document/v1 + name: software-versions + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + charts: + dependencies: + ucp-helm-toolkit: + type: git + location: https://git.openstack.org/openstack/openstack-helm + subpath: helm-toolkit + reference: master + kubernetes: + calico: + etcd: + type: git + location: https://github.com/att-comdev/promenade + subpath: charts/etcd + reference: 34e2992389b9ce2755ad62e27105a01e9767d6ea + etcd-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + calico: + type: git + location: https://github.com/att-comdev/promenade + subpath: charts/calico + reference: 34e2992389b9ce2755ad62e27105a01e9767d6ea + apiserver: + type: git + location: https://github.com/att-comdev/promenade + subpath: charts/apiserver + reference: 34e2992389b9ce2755ad62e27105a01e9767d6ea + apiserver-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + controller-manager: + type: git + location: https://github.com/att-comdev/promenade + subpath: charts/controller_manager + reference: 34e2992389b9ce2755ad62e27105a01e9767d6ea + controller-manager-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + coredns: + type: git + location: https://github.com/att-comdev/promenade + subpath: charts/coredns + reference: 34e2992389b9ce2755ad62e27105a01e9767d6ea + coredns-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + haproxy: + type: git + location: https://github.com/att-comdev/promenade + subpath: charts/haproxy + reference: 34e2992389b9ce2755ad62e27105a01e9767d6ea + haproxy-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + etcd: + type: git + location: https://github.com/att-comdev/promenade + subpath: charts/etcd + reference: 34e2992389b9ce2755ad62e27105a01e9767d6ea + etcd-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + ingress: + type: git + location: https://github.com/openstack/openstack-helm + subpath: ingress + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + ingress-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + proxy: + type: git + location: https://github.com/att-comdev/promenade + subpath: charts/proxy + reference: 34e2992389b9ce2755ad62e27105a01e9767d6ea + proxy-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + scheduler: + type: git + location: https://github.com/att-comdev/promenade + subpath: charts/scheduler + reference: 34e2992389b9ce2755ad62e27105a01e9767d6ea + scheduler-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + ucp: + armada: + type: git + location: https://github.com/att-comdev/armada + subpath: charts/armada + reference: 2f1997c8b1acfc25b59275d10db0e3539e8b15b8 + armada-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + barbican: + type: git + location: https://github.com/openstack/openstack-helm + subpath: barbican + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + barbican-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + ceph: + type: git + location: https://github.com/openstack/openstack-helm + subpath: ceph + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + ceph-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + deckhand: + type: git + location: https://github.com/att-comdev/deckhand + subpath: charts/deckhand + reference: 99e3064eda9da0227780b57ee30baeb264b3040d + deckhand-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + divingbell: + type: git + location: https://github.com/att-comdev/divingbell + subpath: divingbell + reference: 9e7028416e8b6798c1b2bf04770bd165e398b5c1 + divingbell-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + drydock: + type: git + location: https://github.com/att-comdev/drydock + subpath: charts/drydock + reference: be667ab3c01663693a18c679d283ce572023d376 + drydock-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + ingress: + type: git + location: https://github.com/openstack/openstack-helm + subpath: ingress + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + ingress-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + postgresql: + type: git + location: https://github.com/openstack/openstack-helm + subpath: postgresql + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + postgresql-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + promenade: + type: git + location: https://github.com/att-comdev/promenade + subpath: charts/promenade + reference: ccd372a97490971d4a5b2281424be7595c55c1b0 + promenade-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + keystone: + type: git + location: https://github.com/openstack/openstack-helm + subpath: keystone + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + keystone-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + maas: + type: git + location: https://github.com/att-comdev/maas + subpath: charts/maas + reference: 9ea2358c7f7c2086d58c756696dfbcf3d15d3afa + maas-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + mariadb: + type: git + location: https://github.com/openstack/openstack-helm + subpath: mariadb + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + mariadb-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + memcached: + type: git + location: https://github.com/openstack/openstack-helm + subpath: memcached + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + memcached-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + rabbitmq: + type: git + location: https://github.com/openstack/openstack-helm + subpath: rabbitmq + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + rabbitmq-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + shipyard: + type: git + location: https://github.com/att-comdev/shipyard + subpath: charts/shipyard + reference: ac4dac972dfaee6b2c1b9878af4ca781193f9725 + shipyard-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + tiller: + type: git + location: https://github.com/att-comdev/armada + subpath: charts/tiller + reference: 35b426db32a7440d862c88e7ac3eef3a453acfc9 + tiller-htk: + type: git + location: https://github.com/openstack/openstack-helm + subpath: helm-toolkit + reference: 16c6d31155a9831bf040ddf934b6626247d43583 + files: + kubelet: https://dl.k8s.io/v1.8.6/kubernetes-node-linux-amd64.tar.gz + images: + ucp: + armada: + api: artifacts-aic.atlantafoundry.com/att-comdev/armada:2f1997c8b1acfc25b59275d10db0e3539e8b15b8 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + helm: lachlanevenson/k8s-helm:v2.7.2 + tiller: gcr.io/kubernetes-helm/tiller:v2.7.2 + promenade: + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + promenade: artifacts-aic.atlantafoundry.com/att-comdev/promenade:ccd372a97490971d4a5b2281424be7595c55c1b0 + ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + deckhand: + deckhand: artifacts-aic.atlantafoundry.com/att-comdev/deckhand:99e3064eda9da0227780b57ee30baeb264b3040d + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + db_init: docker.io/postgres:9.5 + db_sync: docker.io/postgres:9.5 + ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + barbican: + bootstrap: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + scripted_test: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + db_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + barbican_db_sync: docker.io/kolla/ubuntu-source-barbican-api:3.0.3 + db_drop: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + barbican_api: docker.io/kolla/ubuntu-source-barbican-api:3.0.3 + drydock: + drydock: artifacts-aic.atlantafoundry.com/att-comdev/drydock:be667ab3c01663693a18c679d283ce572023d376 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + drydock_db_init: docker.io/postgres:9.5 + drydock_db_sync: artifacts-aic.atlantafoundry.com/att-comdev/drydock:be667ab3c01663693a18c679d283ce572023d376 + shipyard: + airflow: artifacts-aic.atlantafoundry.com/att-comdev/airflow:ac4dac972dfaee6b2c1b9878af4ca781193f9725 + shipyard: artifacts-aic.atlantafoundry.com/att-comdev/shipyard:ac4dac972dfaee6b2c1b9878af4ca781193f9725 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + shipyard_db_init: docker.io/postgres:9.5 + shipyard_db_sync: artifacts-aic.atlantafoundry.com/att-comdev/shipyard:ac4dac972dfaee6b2c1b9878af4ca781193f9725 + airflow_db_init: docker.io/postgres:9.5 + airflow_db_sync: artifacts-aic.atlantafoundry.com/att-comdev/airflow:ac4dac972dfaee6b2c1b9878af4ca781193f9725 + ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + maas: + db_init: docker.io/postgres:9.5 + db_sync: artifacts-aic.atlantafoundry.com/att-comdev/maas-region-controller:9ea2358c7f7c2086d58c756696dfbcf3d15d3afa + maas_rack: artifacts-aic.atlantafoundry.com/att-comdev/maas-rack-controller:9ea2358c7f7c2086d58c756696dfbcf3d15d3afa + maas_region: artifacts-aic.atlantafoundry.com/att-comdev/maas-region-controller:9ea2358c7f7c2086d58c756696dfbcf3d15d3afa + bootstrap: artifacts-aic.atlantafoundry.com/att-comdev/maas-region-controller:9ea2358c7f7c2086d58c756696dfbcf3d15d3afa + export_api_key: artifacts-aic.atlantafoundry.com/att-comdev/maas-region-controller:9ea2358c7f7c2086d58c756696dfbcf3d15d3afa + maas_cache: artifacts-aic.atlantafoundry.com/att-comdev/sstream-cache@sha256:70aa6cc9cdf0d07ed933c99f232ecc82cb89048ffdb030811e44a537bdfad67e + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + keystone: + keystone_bootstrap: docker.io/kolla/ubuntu-source-keystone:3.0.3 + test: docker.io/kolla/ubuntu-source-rally:4.0.0 + db_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + keystone_db_sync: docker.io/kolla/ubuntu-source-keystone:3.0.3 + db_drop: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + keystone_fernet_setup: docker.io/kolla/ubuntu-source-keystone:3.0.3 + keystone_fernet_rotate: docker.io/kolla/ubuntu-source-keystone:3.0.3 + keystone_credential_setup: docker.io/kolla/ubuntu-source-keystone:3.0.3 + keystone_credential_rotate: docker.io/kolla/ubuntu-source-keystone:3.0.3 + keystone_api: docker.io/kolla/ubuntu-source-keystone:3.0.3 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + tiller: + tiller: gcr.io/kubernetes-helm/tiller:v2.7.2 + mariadb: + mariadb: docker.io/mariadb:10.1.23 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + postgresql: + postgresql: docker.io/postgres:9.5 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + memcached: + memcached: docker.io/memcached:1.5.5 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + rabbitmq: + rabbitmq: docker.io/rabbitmq:3.7 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + ceph: + ceph: + ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ceph_bootstrap: docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + ceph_daemon: docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04 + ceph_config_helper: docker.io/port/ceph-config-helper:v1.7.5 + ceph_rbd_provisioner: quay.io/external_storage/rbd-provisioner:v0.1.1 + ceph_cephfs_provisioner: quay.io/external_storage/cephfs-provisioner:v0.1.1 + kubernetes: + apiserver: + anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6 + apiserver: gcr.io/google_containers/hyperkube-amd64:v1.8.6 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + controller-manager: + anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6 + controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.8.6 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + coredns: + coredns: coredns/coredns:1.0.5 + haproxy: + haproxy: haproxy:1.8.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6 + etcd: + etcd: quay.io/coreos/etcd:v3.2.14 + etcdctl: quay.io/coreos/etcd:v3.2.14 + kubectl: gcr.io/google_containers/hyperkube-amd64:v1.8.6 + pause: gcr.io/google_containers/pause-amd64:3.0 + scheduler: + anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6 + scheduler: gcr.io/google_containers/hyperkube-amd64:v1.8.6 + proxy: + proxy: gcr.io/google_containers/hyperkube-amd64:v1.8.6 + calico: + etcd: + etcd: quay.io/coreos/etcd:v3.2.14 + etcdctl: quay.io/coreos/etcd:v3.2.14 + calico: + cni: quay.io/calico/cni:v1.11.2 + ctl: quay.io/calico/ctl:v1.6.3 + node: quay.io/calico/node:v2.6.5 + policy_controller: quay.io/calico/kube-controllers:v1.0.2 + packages: + repositories: + - name: docker + url: http://apt.dockerproject.org/repo + distributions: + - ubuntu-xenial + components: + - main + gpgkey: |- + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mQINBFWln24BEADrBl5p99uKh8+rpvqJ48u4eTtjeXAWbslJotmC/CakbNSqOb9o + ddfzRvGVeJVERt/Q/mlvEqgnyTQy+e6oEYN2Y2kqXceUhXagThnqCoxcEJ3+KM4R + mYdoe/BJ/J/6rHOjq7Omk24z2qB3RU1uAv57iY5VGw5p45uZB4C4pNNsBJXoCvPn + TGAs/7IrekFZDDgVraPx/hdiwopQ8NltSfZCyu/jPpWFK28TR8yfVlzYFwibj5WK + dHM7ZTqlA1tHIG+agyPf3Rae0jPMsHR6q+arXVwMccyOi+ULU0z8mHUJ3iEMIrpT + X+80KaN/ZjibfsBOCjcfiJSB/acn4nxQQgNZigna32velafhQivsNREFeJpzENiG + HOoyC6qVeOgKrRiKxzymj0FIMLru/iFF5pSWcBQB7PYlt8J0G80lAcPr6VCiN+4c + NKv03SdvA69dCOj79PuO9IIvQsJXsSq96HB+TeEmmL+xSdpGtGdCJHHM1fDeCqkZ + hT+RtBGQL2SEdWjxbF43oQopocT8cHvyX6Zaltn0svoGs+wX3Z/H6/8P5anog43U + 65c0A+64Jj00rNDr8j31izhtQMRo892kGeQAaaxg4Pz6HnS7hRC+cOMHUU4HA7iM + zHrouAdYeTZeZEQOA7SxtCME9ZnGwe2grxPXh/U/80WJGkzLFNcTKdv+rwARAQAB + tDdEb2NrZXIgUmVsZWFzZSBUb29sIChyZWxlYXNlZG9ja2VyKSA8ZG9ja2VyQGRv + Y2tlci5jb20+iQI4BBMBAgAiBQJVpZ9uAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe + AQIXgAAKCRD3YiFXLFJgnbRfEAC9Uai7Rv20QIDlDogRzd+Vebg4ahyoUdj0CH+n + Ak40RIoq6G26u1e+sdgjpCa8jF6vrx+smpgd1HeJdmpahUX0XN3X9f9qU9oj9A4I + 1WDalRWJh+tP5WNv2ySy6AwcP9QnjuBMRTnTK27pk1sEMg9oJHK5p+ts8hlSC4Sl + uyMKH5NMVy9c+A9yqq9NF6M6d6/ehKfBFFLG9BX+XLBATvf1ZemGVHQusCQebTGv + 0C0V9yqtdPdRWVIEhHxyNHATaVYOafTj/EF0lDxLl6zDT6trRV5n9F1VCEh4Aal8 + L5MxVPcIZVO7NHT2EkQgn8CvWjV3oKl2GopZF8V4XdJRl90U/WDv/6cmfI08GkzD + YBHhS8ULWRFwGKobsSTyIvnbk4NtKdnTGyTJCQ8+6i52s+C54PiNgfj2ieNn6oOR + 7d+bNCcG1CdOYY+ZXVOcsjl73UYvtJrO0Rl/NpYERkZ5d/tzw4jZ6FCXgggA/Zxc + jk6Y1ZvIm8Mt8wLRFH9Nww+FVsCtaCXJLP8DlJLASMD9rl5QS9Ku3u7ZNrr5HWXP + HXITX660jglyshch6CWeiUATqjIAzkEQom/kEnOrvJAtkypRJ59vYQOedZ1sFVEL + MXg2UCkD/FwojfnVtjzYaTCeGwFQeqzHmM241iuOmBYPeyTY5veF49aBJA1gEJOQ + TvBR8Q== + =Fm3p + -----END PGP PUBLIC KEY BLOCK----- + named: + docker: docker-engine=1.13.1-0~ubuntu-xenial + socat: socat=1.7.3.1-1 + unnamed: + - ceph-common=10.2.9-0ubuntu0.16.04.1 diff --git a/deployment_files/global/v1.0u/software/manifests/bootstrap.yaml b/deployment_files/global/v1.0u/software/manifests/bootstrap.yaml new file mode 100644 index 00000000..856f15be --- /dev/null +++ b/deployment_files/global/v1.0u/software/manifests/bootstrap.yaml @@ -0,0 +1,32 @@ +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + name: cluster-bootstrap + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + release_prefix: aic + chart_groups: + - kubernetes-proxy + - kubernetes-container-networking + - kubernetes-dns + - kubernetes-etcd + - kubernetes-core + - ingress-kube-system + - ucp-ceph + - ucp-ceph-config + - ucp-core + - ucp-keystone +# TODO(bryan-strassner) +# Excluding diving bell for now - crash loop on uamlite in this env +# might be missing configuration, might be a symptom of running in a VM +# same change in full-site manifest. +# - ucp-divingbell + - ucp-armada + - ucp-deckhand + - ucp-drydock + - ucp-promenade + - ucp-shipyard diff --git a/deployment_files/global/v1.0u/software/manifests/full-site.yaml b/deployment_files/global/v1.0u/software/manifests/full-site.yaml new file mode 100644 index 00000000..72638125 --- /dev/null +++ b/deployment_files/global/v1.0u/software/manifests/full-site.yaml @@ -0,0 +1,32 @@ +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + name: full-site + layeringDefinition: + abstract: false + layer: global + storagePolicy: cleartext +data: + release_prefix: aic + chart_groups: + - kubernetes-proxy + - kubernetes-container-networking + - kubernetes-dns + - kubernetes-etcd + - kubernetes-core + - ingress-kube-system + - ucp-ceph + - ucp-ceph-config + - ucp-core + - ucp-keystone +# TODO(bryan-strassner) +# Excluding diving bell for now - crash loop on uamlite in this env +# might be missing configuration, might be a symptom of running in a VM +# same change in bootstrap manifest. +# - ucp-divingbell + - ucp-armada + - ucp-deckhand + - ucp-drydock + - ucp-promenade + - ucp-shipyard diff --git a/deployment_files/site/dev/deployment/deploymentConfiguration.yaml b/deployment_files/site/dev/deployment/deploymentConfiguration.yaml new file mode 100644 index 00000000..14521bad --- /dev/null +++ b/deployment_files/site/dev/deployment/deploymentConfiguration.yaml @@ -0,0 +1,31 @@ +--- +schema: shipyard/DeploymentConfiguration/v1 +metadata: + schema: metadata/Document/v1 + name: deployment-configuration + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + physical_provisioner: + deployment_strategy: all-at-once + deploy_interval: 30 + deploy_timeout: 3600 + destroy_interval: 30 + destroy_timeout: 900 + join_wait: 120 + prepare_node_interval: 30 + prepare_node_timeout: 1000 + prepare_site_interval: 10 + prepare_site_timeout: 300 + verify_interval: 10 + verify_timeout: 60 + kubernetes_provisioner: + drain_timeout: 3600 + drain_grace_period: 1800 + clear_labels_timeout: 1800 + remove_etcd_timeout: 1800 + etcd_ready_timeout: 600 + armada: + manifest: 'full-site' diff --git a/deployment_files/site/dev/deployment/dev-configurables.yaml b/deployment_files/site/dev/deployment/dev-configurables.yaml new file mode 100644 index 00000000..ad6da40f --- /dev/null +++ b/deployment_files/site/dev/deployment/dev-configurables.yaml @@ -0,0 +1,10 @@ +--- +schema: dev/Configurables/v1 +metadata: + schema: metadata/Document/v1 + name: dev-configurables + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# Data section provided by deploy_ucp.sh script diff --git a/deployment_files/site/dev/networks/common-addresses.yaml b/deployment_files/site/dev/networks/common-addresses.yaml new file mode 100644 index 00000000..4440f113 --- /dev/null +++ b/deployment_files/site/dev/networks/common-addresses.yaml @@ -0,0 +1,103 @@ +--- +schema: pegleg/CommonAddresses/v1 +metadata: + schema: metadata/Document/v1 + name: common-addresses + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .interface + dest: + path: .calico.ip_autodetection_method + pattern: REPLACEME + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostname + dest: + path: .genesis.hostname + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostip + dest: + path: .genesis.ip + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostip + dest: + path: .bootstrap.ip + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostcidr + dest: + path: .storage.ceph.public_cidr + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostcidr + dest: + path: .storage.ceph.cluster_cidr + + +data: + calico: + ip_autodetection_method: 'interface=REPLACEME' + etcd: + service_ip: 10.96.232.136 + + dns: + cluster_domain: cluster.local + service_ip: 10.96.0.10 + upstream_servers: + - 8.8.8.8 + - 8.8.4.4 + upstream_servers_joined: 8.8.8.8,8.8.4.4 + + genesis: + hostname: REPLACEME + ip: REPLACEME + + bootstrap: + ip: REPLACEME + + kubernetes: + api_service_ip: 10.96.0.1 + etcd_service_ip: 10.96.0.2 + pod_cidr: 10.97.0.0/16 + service_cidr: 10.96.0.0/16 + apiserver_port: 6443 + haproxy_port: 6553 + + etcd: + container_port: 2379 + haproxy_port: 2378 + + proxy: + http: + https: + no_proxy: + + node_ports: + drydock_api: 30000 + maas_api: 30001 + maas_proxy: 31800 + shipyard_api: 30003 + airflow_web: 30004 + + ntp: + servers_joined: ntp.ubuntu.com + + storage: + ceph: + public_cidr: REPLACEME + cluster_cidr: REPLACEME +... diff --git a/deployment_files/site/dev/pki/pki-catalog.yaml b/deployment_files/site/dev/pki/pki-catalog.yaml new file mode 100644 index 00000000..2ece7105 --- /dev/null +++ b/deployment_files/site/dev/pki/pki-catalog.yaml @@ -0,0 +1,180 @@ +--- +schema: promenade/PKICatalog/v1 +metadata: + schema: metadata/Document/v1 + name: cluster-certificates + layeringDefinition: + abstract: false + layer: site + substitutions: + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostname + dest: + path: .certificate_authorities.kubernetes.certificates[1].hosts[0] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostip + dest: + path: .certificate_authorities.kubernetes.certificates[1].hosts[1] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostname + dest: + path: .certificate_authorities.kubernetes.certificates[1].common_name + pattern: HOSTNAME + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostname + dest: + path: .certificate_authorities.kubernetes.certificates[1].common_name + pattern: HOSTNAME + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostname + dest: + path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[0] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostip + dest: + path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[1] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostname + dest: + path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[0] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostip + dest: + path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[1] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostname + dest: + path: .certificate_authorities.calico-etcd.certificates[1].hosts[0] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostip + dest: + path: .certificate_authorities.calico-etcd.certificates[1].hosts[1] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostname + dest: + path: .certificate_authorities.calico-etcd-peer.certificates[1].hosts[0] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostip + dest: + path: .certificate_authorities.calico-etcd-peer.certificates[1].hosts[1] +data: + certificate_authorities: + kubernetes: + description: CA for Kubernetes components + certificates: + - document_name: apiserver + description: Service certificate for Kubernetes apiserver + common_name: apiserver + hosts: + - localhost + - 127.0.0.1 + - 10.96.0.1 + kubernetes_service_names: + - kubernetes.default.svc.cluster.local + - document_name: kubelet-genesis + common_name: system:node:HOSTNAME + hosts: + - REPLACEME_HOST_NAME + - REPLACEME_HOST_IP + groups: + - system:nodes + - document_name: scheduler + description: Service certificate for Kubernetes scheduler + common_name: system:kube-scheduler + - document_name: controller-manager + description: certificate for controller-manager + common_name: system:kube-controller-manager + - document_name: admin + common_name: admin + groups: + - system:masters + - document_name: armada + common_name: armada + groups: + - system:masters + kubernetes-etcd: + description: Certificates for Kubernetes's etcd servers + certificates: + - document_name: apiserver-etcd + description: etcd client certificate for use by Kubernetes apiserver + common_name: apiserver + - document_name: kubernetes-etcd-anchor + description: anchor + common_name: anchor + - document_name: kubernetes-etcd-genesis + common_name: kubernetes-etcd-genesis + hosts: + - REPLACEME_HOST_NAME + - REPLACEME_HOST_IP + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + kubernetes-etcd-peer: + certificates: + - document_name: kubernetes-etcd-genesis-peer + common_name: kubernetes-etcd-genesis-peer + hosts: + - REPLACEME_HOST_NAME + - REPLACEME_HOST_IP + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + calico-etcd: + description: Certificates for Calico etcd client traffic + certificates: + - document_name: calico-etcd-anchor + description: anchor + common_name: anchor + - document_name: calico-etcd-genesis + common_name: calico-etcd-genesis + hosts: + - REPLACEME_HOST_NAME + - REPLACEME_HOST_IP + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-node + common_name: calcico-node + calico-etcd-peer: + description: Certificates for Calico etcd clients + certificates: + - document_name: calico-etcd-genesis-peer + common_name: calico-etcd-genesis-peer + hosts: + - REPLACEME_HOST_NAME + - REPLACEME_HOST_IP + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-node-peer + common_name: calcico-node-peer + keypairs: + - name: service-account + description: Service account signing key for use by Kubernetes controller-manager. +... diff --git a/deployment_files/site/dev/secrets/passphrases/ceph_swift_keystone_password.yaml b/deployment_files/site/dev/secrets/passphrases/ceph_swift_keystone_password.yaml new file mode 100644 index 00000000..4f45cbe0 --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ceph_swift_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ceph_swift_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password1 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ipmi_admin_password.yaml b/deployment_files/site/dev/secrets/passphrases/ipmi_admin_password.yaml new file mode 100644 index 00000000..7f2e7941 --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ipmi_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ipmi_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: calvin +... diff --git a/deployment_files/site/dev/secrets/passphrases/maas_region_secret.yaml b/deployment_files/site/dev/secrets/passphrases/maas_region_secret.yaml new file mode 100644 index 00000000..aedf9281 --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/maas_region_secret.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: maas-region-key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: 3858f62230ac3c915f300c664312c63f +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_airflow_postgres_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_airflow_postgres_password.yaml new file mode 100644 index 00000000..119a8a40 --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_airflow_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_airflow_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password2 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_armada_keystone_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_armada_keystone_password.yaml new file mode 100644 index 00000000..cbb8575e --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_armada_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_armada_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password3 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_barbican_keystone_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_barbican_keystone_password.yaml new file mode 100644 index 00000000..e786cbb3 --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_barbican_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_barbican_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password4 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_barbican_oslo_db_password.yaml new file mode 100644 index 00000000..7f21161f --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_barbican_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_barbican_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password5 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_deckhand_keystone_password.yaml new file mode 100644 index 00000000..6532aae8 --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_deckhand_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_deckhand_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password6 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_deckhand_postgres_password.yaml new file mode 100644 index 00000000..d78dde68 --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_deckhand_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_deckhand_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password7 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_drydock_keystone_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_drydock_keystone_password.yaml new file mode 100644 index 00000000..9a97f8f6 --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_drydock_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_drydock_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password8 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_drydock_postgres_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_drydock_postgres_password.yaml new file mode 100644 index 00000000..de755270 --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_drydock_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_drydock_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password9 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_keystone_admin_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_keystone_admin_password.yaml new file mode 100644 index 00000000..76e00856 --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_keystone_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_keystone_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password10 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_keystone_oslo_db_password.yaml new file mode 100644 index 00000000..c06c742f --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_keystone_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_keystone_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password11 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_maas_admin_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_maas_admin_password.yaml new file mode 100644 index 00000000..4242f37e --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_maas_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_maas_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password12 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_maas_postgres_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_maas_postgres_password.yaml new file mode 100644 index 00000000..e3a83ecc --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_maas_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_maas_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password13 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_oslo_db_admin_password.yaml new file mode 100644 index 00000000..bb77ab63 --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_oslo_db_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_oslo_db_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password14 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_oslo_messaging_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_oslo_messaging_password.yaml new file mode 100644 index 00000000..0ff710c6 --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password15 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_postgres_admin_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_postgres_admin_password.yaml new file mode 100644 index 00000000..85f97901 --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_postgres_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_postgres_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password16 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_promenade_keystone_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_promenade_keystone_password.yaml new file mode 100644 index 00000000..17668eed --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_promenade_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_promenade_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password17 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml new file mode 100644 index 00000000..99d8d8b8 --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: 111df8c05b0f041d4764 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_shipyard_keystone_password.yaml new file mode 100644 index 00000000..ff5b8240 --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_shipyard_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_shipyard_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password18 +... diff --git a/deployment_files/site/dev/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/deployment_files/site/dev/secrets/passphrases/ucp_shipyard_postgres_password.yaml new file mode 100644 index 00000000..d6c8044c --- /dev/null +++ b/deployment_files/site/dev/secrets/passphrases/ucp_shipyard_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_shipyard_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password19 +... diff --git a/deployment_files/site/dev/site-definition.yaml b/deployment_files/site/dev/site-definition.yaml new file mode 100644 index 00000000..608ffddb --- /dev/null +++ b/deployment_files/site/dev/site-definition.yaml @@ -0,0 +1,11 @@ +--- +data: + revision: v1.0u + site_type: single-node +metadata: + layeringDefinition: {abstract: false, layer: site} + name: dev + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: pegleg/SiteDefinition/v1 +... diff --git a/deployment_files/site/dev/software/charts/kubernetes/container-networking/etcd.yaml b/deployment_files/site/dev/software/charts/kubernetes/container-networking/etcd.yaml new file mode 100644 index 00000000..ba982651 --- /dev/null +++ b/deployment_files/site/dev/software/charts/kubernetes/container-networking/etcd.yaml @@ -0,0 +1,122 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-calico-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-calico-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.calico.etcd + dest: + path: .source + + # Image versions + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.calico.etcd + dest: + path: .values.images.tags + + # IP addresses + - + src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .calico.etcd.service_ip + dest: + path: .values.service.ip + - + src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .calico.etcd.service_ip + dest: + path: .values.anchor.etcdctl_endpoint + + # CAs + - + src: + schema: deckhand/CertificateAuthority/v1 + name: calico-etcd + path: . + dest: + path: .values.secrets.tls.client.ca + - + src: + schema: deckhand/CertificateAuthority/v1 + name: calico-etcd-peer + path: . + dest: + path: .values.secrets.tls.peer.ca + + # Anchor client cert + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-anchor + path: . + dest: + path: .values.secrets.anchor.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-anchor + path: . + dest: + path: .values.secrets.anchor.tls.key + + # Node names + - + src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[0].name + + # Server certs + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-genesis + path: . + dest: + path: .values.nodes[0].tls.client.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-genesis + path: . + dest: + path: .values.nodes[0].tls.client.key + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-genesis-peer + path: . + dest: + path: .values.nodes[0].tls.peer.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-genesis-peer + path: . + dest: + path: .values.nodes[0].tls.peer.key + +data: {} + +... diff --git a/deployment_files/site/dev/software/charts/kubernetes/etcd/etcd.yaml b/deployment_files/site/dev/software/charts/kubernetes/etcd/etcd.yaml new file mode 100644 index 00000000..1bd02c83 --- /dev/null +++ b/deployment_files/site/dev/software/charts/kubernetes/etcd/etcd.yaml @@ -0,0 +1,121 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.etcd + dest: + path: .source + + # Images + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.kubernetes.etcd + dest: + path: .values.images.tags + + # IP addresses + - + src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.etcd_service_ip + dest: + path: .values.service.ip + - + src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.etcd_service_ip + dest: + path: .values.anchor.etcdctl_endpoint + + # CAs + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes-etcd + path: . + dest: + path: .values.secrets.tls.client.ca + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes-etcd-peer + path: . + dest: + path: .values.secrets.tls.peer.ca + + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-anchor + path: . + dest: + path: .values.secrets.anchor.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-anchor + path: . + dest: + path: .values.secrets.anchor.tls.key + + # Node names + - + src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostname + dest: + path: .values.nodes[0].name + + # Server certs + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: '.values.nodes[0].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: '.values.nodes[0].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: '.values.nodes[0].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: '.values.nodes[0].tls.peer.key' + +data: {} + +... diff --git a/deployment_files/site/dev/software/configs/endpoints.yaml b/deployment_files/site/dev/software/configs/endpoints.yaml new file mode 100644 index 00000000..5a8558af --- /dev/null +++ b/deployment_files/site/dev/software/configs/endpoints.yaml @@ -0,0 +1,235 @@ +--- +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + ucp: + identity: + namespace: ucp + name: keystone + hosts: + default: keystone-api + public: keystone + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + admin: + default: 35357 + api: + default: 80 + armada: + name: armada + hosts: + default: armada-api + public: armada + port: + api: + default: 8000 + path: + default: /api/v1.0 + scheme: + default: http + host_fqdn_override: + default: null + deckhand: + name: deckhand + hosts: + default: deckhand-int + public: deckhand-api + port: + api: + default: 9000 + path: + default: /api/v1.0 + scheme: + default: http + host_fqdn_override: + default: null + postgresql: + name: postgresql + hosts: + default: postgresql + path: /DB_NAME + scheme: postgresql+psycopg2 + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + oslo_db: + hosts: + default: mariadb + discovery: mariadb-discovery + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + wsrep: + default: 4567 + key_manager: + name: barbican + hosts: + default: barbican-api + public: barbican + host_fqdn_override: + default: null + path: + default: /v1 + scheme: + default: http + port: + api: + default: 9311 + public: 80 + oslo_messaging: + namespace: null + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /openstack + scheme: rabbit + port: + amqp: + default: 5672 + oslo_cache: + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + physicalprovisioner: + name: drydock + hosts: + default: drydock-api + port: + api: + default: 9000 + nodeport: 31900 + path: + default: /api/v1.0 + scheme: + default: http + host_fqdn_override: + default: null + maas_region_ui: + name: maas-region-ui + hosts: + default: maas-region-ui + public: maas + path: + default: /MAAS + scheme: + default: "http" + port: + region_ui: + default: 80 + public: 80 + host_fqdn_override: + default: null + kubernetesprovisioner: + name: promenade + hosts: + default: promenade-api + port: + api: + default: 80 + path: + default: /api/v1.0 + scheme: + default: http + host_fqdn_override: + default: null + shipyard: + name: shipyard + hosts: + default: shipyard-int + public: shipyard-api + port: + api: + default: 9000 + public: 80 + path: + default: /api/v1.0 + scheme: + default: http + host_fqdn_override: + default: null + airflow_web: + name: airflow-web + hosts: + default: airflow-web-int + public: airflow-web + port: + airflow_web: + default: 8080 + path: + default: / + scheme: + default: http + host_fqdn_override: + default: null + airflow_flower: + name: airflow-flower + hosts: + default: airflow-flower + port: + airflow_flower: + default: 5555 + path: + default: / + scheme: + default: http + host_fqdn_override: + default: null + ceph: + object_store: + name: swift + namespace: ceph + hosts: + default: ceph-rgw + host_fqdn_override: + default: null + path: + default: /swift/v1 + scheme: + default: http + port: + api: + default: 8088 + ceph_mon: + namespace: ceph + hosts: + default: ceph-mon + discovery: ceph-mon-discovery + host_fqdn_override: + default: null + port: + mon: + default: 6789 + ceph_mgr: + namespace: ceph + hosts: + default: ceph-mgr + host_fqdn_override: + default: null + port: + mgr: + default: 7000 + scheme: + default: http +... diff --git a/deployment_files/site/dev/software/configs/service_accounts.yaml b/deployment_files/site/dev/software/configs/service_accounts.yaml new file mode 100644 index 00000000..50e1abc4 --- /dev/null +++ b/deployment_files/site/dev/software/configs/service_accounts.yaml @@ -0,0 +1,124 @@ +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + ucp: + postgres: + admin: + username: postgres + oslo_db: + admin: + username: root + oslo_messaging: + admin: + username: rabbitmq + keystone: + admin: + region_name: RegionOne + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + oslo_db: + username: keystone + database: keystone + promenade: + keystone: + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: promenade + drydock: + keystone: + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: drydock + postgres: + username: drydock + database: drydock + shipyard: + keystone: + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: shipyard + postgres: + username: shipyard + database: shipyard + airflow: + postgres: + username: airflow + database: airflow + oslo_messaging: + username: rabbitmq + maas: + admin: + username: admin + email: none@none + postgres: + username: maas + database: maasdb + barbican: + keystone: + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: barbican + oslo_db: + username: barbican + database: barbican + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + armada: + keystone: + project_domain_name: default + user_domain_name: default + project_name: service + region_name: RegionOne + role: admin + user_domain_name: default + username: armada + deckhand: + keystone: + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: deckhand + postgres: + username: deckhand + database: deckhand + ceph: + swift: + keystone: + role: admin + region_name: RegionOne + username: swift + project_name: service + user_domain_name: default + project_domain_name: default +... diff --git a/deployment_files/type/single-node/v1.0u/network/KubernetesNetwork.yaml b/deployment_files/type/single-node/v1.0u/network/KubernetesNetwork.yaml new file mode 100644 index 00000000..4903556f --- /dev/null +++ b/deployment_files/type/single-node/v1.0u/network/KubernetesNetwork.yaml @@ -0,0 +1,87 @@ +--- +schema: promenade/KubernetesNetwork/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-network + layeringDefinition: + abstract: false + layer: type + storagePolicy: cleartext + substitutions: + # DNS + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.cluster_domain + dest: + path: .dns.cluster_domain + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.service_ip + dest: + path: .dns.service_ip + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.upstream_servers + dest: + path: .dns.upstream_servers + + # Kubernetes IPs + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.api_service_ip + dest: + path: .kubernetes.service_ip + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.pod_cidr + dest: + path: .kubernetes.pod_cidr + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.service_cidr + dest: + path: .kubernetes.service_cidr + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.etcd_service_ip + dest: + path: .etcd.service_ip + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .etcd.container_port + dest: + path: .etcd.container_port + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .etcd.haproxy_port + dest: + path: .etcd.haproxy_port + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.apiserver_port + dest: + path: .kubernetes.apiserver_port + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.haproxy_port + dest: + path: .kubernetes.haproxy_port + +data: + dns: + bootstrap_validation_checks: + - calico-etcd.kube-system.svc.cluster.local + - kubernetes-etcd.kube-system.svc.cluster.local + - kubernetes.default.svc.cluster.local +... diff --git a/manifests/dev_single_node/README.txt b/manifests/dev_single_node/README.txt new file mode 100644 index 00000000..36dc9b65 --- /dev/null +++ b/manifests/dev_single_node/README.txt @@ -0,0 +1,90 @@ +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dev_single_node +=============== + +Sets up and deploys an instance of UCP using the images pinned in the versions +file of the targeted deployment_files based site definitions. +versions file: deployment_files/global/v1.0u/software/config/versions.yaml + +Running deploy-ucp will download and build into the /root/deploy directory. + +Process +------- +1) Set up as large a VM as you can reasonably set up. 8 core/16GB is + recommended +2) become root. All the commands are run as root. +3) update etc/hosts with IP/Hostname of your VM. e.g. 10.0.0.15 testvm1 +4) go to /root and clone ucp integration. Pull the latest patchset if needed + (a) if you instead clone ucp integration into /root/deploy (the workspace + used by the deploy script), ucp-integration will not be re-cloned during + deployment. This allows you to modify the deployment_files directory + contents that will be used by the deployment - which would enable + deployment of charts and/or images with versions other than those that + are specified by the committed contents. (i.e. you can configure the + deployment contents this way) +5) cd into ucp-integration/manifests/dev_single_node +6) Update the set-env.sh with the hostname and ip on the appropriate lines. +7) set the UCP integration repo and refspec to the gerrithub & patchset of the + deployment you want to use. (if you used 4.a, this is not necessary) + +E.g.: + +export UCP_INTEGRATION_REPO="https://review.gerrithub.io/att-comdev/ucp-integration" +export UCP_INTEGRATION_REFSPEC="refs/changes/03/404203/32" + +8) set the pegleg image, since :latest is not right as of 3/21/2018 + +export PEGLEG_IMAGE="artifacts-aic.atlantafoundry.com/att-comdev/pegleg:f019b4ff594db7d13a2ac444c001f867b3a67c50" + +9) source set-env.sh +10) ./deploy-ucp.sh + +If you want to stop the deployment before it starts running genesis and inspect +the produced files, comment the last few lines of the deploy-ucp.sh to not +trigger the genesis steps. + +Next Steps +---------- +All of the documents used for a subsequent deploy_site action are now placed +into the /root/deploy/site direectory for ease of use - instructions are +provided by the script at the end of a successful genesis process. + +In the same directory as the deploy-ucp.sh script, there is a file creds.sh +that can be sourced to set environment variables that will enable keystone +authoriation to use for running shipyard. + +Example: + +. creds.sh + + +The files produced into the /root/deploy/genesis directory contain two yaml +files: certificates.yaml and deployment_files.yaml. These files can be used as +input to shipyard using the script found at /root/deploy/shipyard/tools/run_shipyard.sh + +Example: (assuming creds.sh is sourced as above) + +cd /root/deploy/shipyard/tools +cp /root/deploy/genesis/*.yaml /root/deploy/shipyard/tools +# Note that /home/shipyard/host is where the host's pwd is mounted in the shipyard container. +./run_shipyard.sh create configdocs design --filename=/home/shipyard/host/deployment_files.yaml +./run_shipyard.sh create configdocs secrets --filename=/home/shipyard/host/certificates.yaml --append + +Please note: The deployment_files.yaml document may have the SiteDefinition +document defined twice in it due to a bug in how the documents are gathered by +Pegleg. Simply deleting the second copy of the SiteDefinition (at the very end +of the deployment_files.yaml) will allow the documents to be loaded without a +"conflict" response. diff --git a/manifests/dev_single_node/creds.sh b/manifests/dev_single_node/creds.sh new file mode 100644 index 00000000..bc6de66f --- /dev/null +++ b/manifests/dev_single_node/creds.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Credentials that can be exported to work with Shipyard. +# Note that if the password was changed before the deployment, it will need to +# be changed to match here. +# To set your environment variables to the values in this script, run using: +# source creds.sh +# +export OS_USER_DOMAIN_NAME=default +export OS_PROJECT_DOMAIN_NAME=default +export OS_PROJECT_NAME=service +export OS_USERNAME=shipyard +export OS_PASSWORD=password18 +export OS_AUTH_URL=http://keystone.ucp.svc.cluster.local:80/v3 \ No newline at end of file diff --git a/manifests/dev_single_node/deploy-ucp.sh b/manifests/dev_single_node/deploy-ucp.sh new file mode 100755 index 00000000..5e1acde7 --- /dev/null +++ b/manifests/dev_single_node/deploy-ucp.sh @@ -0,0 +1,307 @@ +#!/bin/bash +# +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +############################################################################### +# # +# Set up and deploy a UCP environment for development/testing purposes. # +# Many of the defaults and sources used here are NOT production ready, and # +# this should not be used as a copy/paste source for any production use. # +# # +############################################################################### + +set -x + +# IMPORTANT: +# If the directory for ucp-integration is already cloned into $WORKSPACE, +# it will not be re-cloned. This can be used to set up different tests, like +# changing the versions and contents of the design before running this script + +# The directory that will contain the copies of designs and repos from this script +WORKSPACE=${WORKSPACE:-"/root/deploy"} +export WORKSPACE +# The site to deploy +TARGET_SITE=${TARGET_SITE:-"dev"} +# The hostname for the genesis node + +# The host name for the single-node deployment. e.g.: 'genesis' +HOSTNAME=${HOSTNAME:-""} +# The host ip for this single-node deployment. e.g.: '10.0.0.9' +HOSTIP=${HOSTIP:-""} +# The cidr for the network for the host. e.g.: '10.0.0.0/24' +HOSTCIDR=${HOSTCIDR:-""} +# The interface on the host/genesis node. e.g.: 'ens3' +NODE_NET_IFACE=${NODE_NET_IFACE:-""} + + +# Repositories +UCP_INTEGRATION_REPO=${UCP_INTEGRATION_REPO:-"https://github.com/att-comdev/ucp-integration"} +UCP_INTEGRATION_REFSPEC=${UCP_INTEGRATION_REFSPEC:-""} +PEGLEG_REPO=${PEGLEG_REPO:-"https://github.com/att-comdev/pegleg.git"} +PEGLEG_REFSPEC=${PEGLEG_REFSPEC:-""} +SHIPYARD_REPO=${SHIPYARD_REPO:-"https://github.com/att-comdev/shipyard.git"} +SHIPYARD_REFSPEC=${SHIPYARD_REFSPEC:-""} + +# Images +PEGLEG_IMAGE=${PEGLEG_IMAGE:-"artifacts-aic.atlantafoundry.com/att-comdev/pegleg:latest"} +PROMENADE_IMAGE=${PROMENADE_IMAGE:-"quay.io/attcomdev/promenade:latest"} + +# Command shortcuts +PEGLEG=${WORKSPACE}/pegleg/tools/pegleg.sh + +function check_preconditions() { + set +x + fail=false + if ! [ $(id -u) = 0 ] ; then + echo "Please execute this script as root!" + fail=true + fi + if [ -z ${HOSTIP} ] ; then + echo "The HOSTIP variable must be set. E.g. 10.0.0.9" + fail=true + fi + if [ -z ${HOSTNAME} ] ; then + echo "The HOSTNAME variable must be set. E.g. testvm1" + fail=true + fi + if [ -z ${HOSTCIDR} ] ; then + echo "The HOSTCIDR variable must be set. E.g. 10.0.0.0/24" + fail=true + fi + if [ -z ${NODE_NET_IFACE} ] ; then + echo "The NODE_NET_IFACE variable must be set. E.g. ens3" + fail=true + fi + if [[ -z $(grep $HOSTNAME /etc/hosts | grep $HOSTIP) ]] + then + echo "No /etc/hosts entry found for $HOSTNAME. Please add one." + fail=true + fi + if [ $fail = true ] ; then + echo "Preconditions failed" + exit 1 + fi + set -x +} + +function setup_workspace() { + # Setup workspace directories + mkdir -p ${WORKSPACE}/collected + mkdir -p ${WORKSPACE}/genesis + # Open permissions for output from promenade + chmod -R 777 ${WORKSPACE}/genesis +} + +function get_repo() { + # Setup a repository in the workspace + # + # $1 = name of directory the repo will clone to + # $2 = repository url + # $3 = refspec of repo pull + cd ${WORKSPACE} + if [ ! -d "$1" ] ; then + git clone $2 + if [ -n "$3" ] ; then + cd $1 + git pull $2 $3 + cd .. + fi + fi +} + +function setup_repos() { + # Clone and pull the various git repos + # Get pegleg for the script only. Image is separately referenced. + get_repo pegleg ${PEGLEG_REPO} ${PEGLEG_REFSPEC} + # Get ucp-integration for the design + get_repo ucp-integration ${UCP_INTEGRATION_REPO} ${UCP_INTEGRATION_REFSPEC} + # Get Shipyard for use after genesis + get_repo shipyard ${SHIPYARD_REPO} ${SHIPYARD_REFSPEC} +} + +function configure_dev_configurables() { + cat << EOF >> ${WORKSPACE}/ucp-integration/deployment_files/site/${TARGET_SITE}/deployment/dev-configurables.yaml +data: + hostname: ${HOSTNAME} + hostip: ${HOSTIP} + hostcidr: ${HOSTCIDR} + interface: ${NODE_NET_IFACE} +EOF +} + +function install_intermediate_certs() { + set +x + echo "Installing intermediate certs for AT&T cLCP Artifactory." + set -x + curl -L --insecure -o /usr/local/share/ca-certificates/gd_bundle-g2.crt https://certs.godaddy.com/repository/gd_bundle-g2.crt + update-ca-certificates +} + +function install_dependencies() { + apt -qq update + # Install docker + apt -y install docker.io jq +} + +function run_pegleg_collect() { + # Runs pegleg collect to get the documents combined + IMAGE=${PEGLEG_IMAGE} ${PEGLEG} site -p /workspace/ucp-integration/deployment_files collect ${TARGET_SITE} -s /workspace/collected +} + +function generate_certs() { + # Runs the generation of certs by promenade and builds bootstrap scripts + # Note: In the really real world, CAs and certs would be provided as part of + # the supplied design. In this dev/test environment, self signed is fine. + # Moves the generated certificates from /genesis to the design, so that a + # Lint can be run + set +x + echo "=== Generating updated certificates ===" + set -x + # Copy the collected yamls into the target for the certs + cp "${WORKSPACE}/collected"/*.yaml ${WORKSPACE}/genesis + + docker run --rm -t \ + -e http_proxy=$PROXY \ + -e https_proxy=$PROXY \ + -w /target \ + -e PROMENADE_DEBUG=false \ + -v ${WORKSPACE}/genesis:/target \ + ${PROMENADE_IMAGE} \ + promenade \ + generate-certs \ + -o /target \ + $(ls ${WORKSPACE}/genesis) + + # Copy the generated certs back into the deployment_files structure + cp ${WORKSPACE}/genesis/certificates.yaml ${WORKSPACE}/ucp-integration/deployment_files/site/${TARGET_SITE}/secrets +} + +function lint_design() { + # After the certificates are in the deployment files run a pegleg lint + IMAGE=${PEGLEG_IMAGE} ${PEGLEG} lint -p /workspace/ucp-integration/deployment_files +} + +function generate_genesis() { + # Generate the genesis scripts + docker run --rm -t \ + -e http_proxy=$PROXY \ + -e https_proxy=$PROXY \ + -w /target \ + -e PROMENADE_DEBUG=false \ + -v ${WORKSPACE}/genesis:/target \ + ${PROMENADE_IMAGE} \ + promenade \ + build-all \ + -o /target \ + --validators \ + $(ls ${WORKSPACE}/genesis) +} + +function run_genesis() { + # Runs the genesis script that was generated + ${WORKSPACE}/genesis/genesis.sh +} + +function validate_genesis() { + # Vaidates the genesis deployment + ${WORKSPACE}/genesis/validate-genesis.sh +} + +function genesis_complete() { + # Setup kubeconfig + if [ ! -d "~/.kube" ] ; then + mkdir ~/.kube + fi + cp -r /etc/kubernetes/admin/pki ~/.kube/pki + cat /etc/kubernetes/admin/kubeconfig.yaml | sed -e 's/\/etc\/kubernetes\/admin/./' > ~/.kube/config + + # signals that genesis completed + set +x + echo "Genesis complete. " + echo "The .yaml files in ${WORKSPACE} contain the site design that may be suitable for use with Shipyard. " + echo "The Shipyard Keystone password may be found in ${WORKSPACE}/ucp-integration/deployment_files/site/${TARGET_SITE}/secrets/passphrases/ucp_shipyard_keystone_password.yaml" + cat ${WORKSPACE}/ucp-integration/deployment_files/site/${TARGET_SITE}/secrets/passphrases/ucp_shipyard_keystone_password.yaml + echo " " + set -x +} + +function setup_deploy_site() { + # creates a directory /${WORKSPACE}/site with all the things necessary to run + # deploy_site + mkdir -p ${WORKSPACE}/site + cp ${WORKSPACE}/ucp-integration/manifests/dev_single_node/creds.sh ${WORKSPACE}/site + cp ${WORKSPACE}/genesis/*.yaml ${WORKSPACE}/site + cp ${WORKSPACE}/shipyard/tools/run_shipyard.sh ${WORKSPACE}/site + cp ${WORKSPACE}/shipyard/tools/shipyard_docker_base_command.sh ${WORKSPACE}/site + set +x + echo " " + echo "${WORKSPACE}/site is now set up with creds.sh which can be sourced to set up credentials for use in running Shipyard" + echo "${WORKSPACE}/site contains .yaml files that represent the single-node site deployment. (deployment_files.yaml, certificats.yaml)" + echo " " + echo "NOTE 2018-03-23: due to a bug in pegleg's document gathering, deployment_files.yaml may need to be updated to remove the duplicate SiteDefinition at the tail end of the file." + echo "NOTE: If you changed the Shipyard keystone password (see above printouts), the creds.sh file needs to be updated to match before use." + echo " " + echo "----------------------------------------------------------------------------------" + echo "The following commands will execute shipyard to setup and run a deploy_site action" + echo "----------------------------------------------------------------------------------" + echo "cd ${WORKSPACE}/site" + echo "source creds.sh" + echo "./run_shipyard.sh create configdocs design --filename=/home/shipyard/host/deployment_files.yaml" + echo "./run_shipyard.sh create configdocs secrets --filename=/home/shipyard/host/certificates.yaml --append" + echo "./run_shipyard.sh commit configdocs" + echo "./run_shipyard.sh create action deploy_site" + echo " " + echo "-----------" + echo "Other Notes" + echo "-----------" + echo "If you need to run armada directly to deploy charts (fix something broken?), the following maybe of use:" + echo "export ARMADA_IMAGE=artifacts-aic.atlantafoundry.com/att-comdev/armada" + echo "docker run -t -v ~/.kube:/armada/.kube -v ${WORKSPACE}/site:/target --net=host '${ARMADA_IMAGE}' apply /target/your-yaml.yaml" + echo " " + set -x +} + + +function clean() { + # Perform any cleanup of temporary or unused artifacts + set +x + echo "To remove files generated during this script's execution, delete ${WORKSPACE}." + set -x +} + +function error() { + # Processes errors + set +x + echo "Error when $1." + set -x + exit 1 +} + +trap clean EXIT + +check_preconditions || error "checking for preconditions" +setup_workspace || error "setting up workspace directories" +setup_repos || error "setting up Git repos" +configure_dev_configurables || error "adding dev-configurables values" +install_intermediate_certs || error "installing intermediate certificates" +install_dependencies || error "installing dependencies" +run_pegleg_collect || error "running pegleg collect" +generate_certs || error "setting up certs with Promenade" +lint_design || error "linting the design" +generate_genesis || error "generating genesis" +run_genesis || error "running genesis" +validate_genesis || error "validating genesis" +genesis_complete || error "printing out some info about next steps" +setup_deploy_site || error "preparing the /site directory for deploy_site" \ No newline at end of file diff --git a/manifests/dev_single_node/set-env.sh b/manifests/dev_single_node/set-env.sh new file mode 100644 index 00000000..70eb0936 --- /dev/null +++ b/manifests/dev_single_node/set-env.sh @@ -0,0 +1,51 @@ +#!/bin/bash +# +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +############################################################################### +# # +# Example environment customization # +# # +############################################################################### + +# For use with most lab VMs, the first 4 values are probably the most +# frequently changed + +# The hostname for the genesis node +export HOSTNAME=testvm1 +# The IP address of the genesis node +export HOSTIP=10.0.0.9 +# The CIDR of the network for the genesis node +export HOSTCIDR=10.0.0.0/24 +# The network interface on the genesis node +export NODE_NET_IFACE=ens3 + +# Repositories +# export UCP_INTEGRATION_REPO="https://github.com/att-comdev/ucp-integration" +# export UCP_INTEGRATION_REFSPEC="" +# export PEGLEG_REPO="https://github.com/att-comdev/pegleg.git" +# export PEGLEG_REFSPEC="" +# export SHIPYARD_REPO="https://github.com/att-comdev/shipyard.git"" +# export SHIPYARD_REFSPEC="" + +# Images +# export PEGLEG_IMAGE="artifacts-aic.atlantafoundry.com/att-comdev/pegleg:latest" +# export PROMENADE_IMAGE="quay.io/attcomdev/promenade:latest" + +# The directory that will contain the copies of designs and repos from this script +# export WORKSPACE="/root/deploy" + +# The site to deploy +#export TARGET_SITE="dev"