Definition for deploying behind a proxy
Change-Id: I80ee226f33f4f67e5a3fb6dd39b7622f6c750757
This commit is contained in:
parent
833539a250
commit
fe78c087b8
|
@ -6,6 +6,8 @@ metadata:
|
|||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: global
|
||||
labels:
|
||||
name: ucp-maas
|
||||
storagePolicy: cleartext
|
||||
substitutions:
|
||||
# Chart source
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
---
|
||||
schema: shipyard/DeploymentConfiguration/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: deployment-configuration
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
physical_provisioner:
|
||||
deployment_strategy: all-at-once
|
||||
deploy_interval: 30
|
||||
deploy_timeout: 3600
|
||||
destroy_interval: 30
|
||||
destroy_timeout: 900
|
||||
join_wait: 120
|
||||
prepare_node_interval: 30
|
||||
prepare_node_timeout: 1000
|
||||
prepare_site_interval: 10
|
||||
prepare_site_timeout: 300
|
||||
verify_interval: 10
|
||||
verify_timeout: 60
|
||||
kubernetes_provisioner:
|
||||
drain_timeout: 3600
|
||||
drain_grace_period: 1800
|
||||
clear_labels_timeout: 1800
|
||||
remove_etcd_timeout: 1800
|
||||
etcd_ready_timeout: 600
|
||||
armada:
|
||||
manifest: 'full-site'
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
schema: dev/Configurables/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: dev-configurables
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
# Data section provided by deploy_ucp.sh script
|
|
@ -0,0 +1,103 @@
|
|||
---
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: common-addresses
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
substitutions:
|
||||
# Chart source
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .interface
|
||||
dest:
|
||||
path: .calico.ip_autodetection_method
|
||||
pattern: REPLACEME
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostname
|
||||
dest:
|
||||
path: .genesis.hostname
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostip
|
||||
dest:
|
||||
path: .genesis.ip
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostip
|
||||
dest:
|
||||
path: .bootstrap.ip
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostcidr
|
||||
dest:
|
||||
path: .storage.ceph.public_cidr
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostcidr
|
||||
dest:
|
||||
path: .storage.ceph.cluster_cidr
|
||||
|
||||
|
||||
data:
|
||||
calico:
|
||||
ip_autodetection_method: 'interface=REPLACEME'
|
||||
etcd:
|
||||
service_ip: 10.96.232.136
|
||||
|
||||
dns:
|
||||
cluster_domain: cluster.local
|
||||
service_ip: 10.96.0.10
|
||||
upstream_servers:
|
||||
- 8.8.8.8
|
||||
- 8.8.4.4
|
||||
upstream_servers_joined: 8.8.8.8,8.8.4.4
|
||||
|
||||
genesis:
|
||||
hostname: REPLACEME
|
||||
ip: REPLACEME
|
||||
|
||||
bootstrap:
|
||||
ip: REPLACEME
|
||||
|
||||
kubernetes:
|
||||
api_service_ip: 10.96.0.1
|
||||
etcd_service_ip: 10.96.0.2
|
||||
pod_cidr: 10.97.0.0/16
|
||||
service_cidr: 10.96.0.0/16
|
||||
apiserver_port: 6443
|
||||
haproxy_port: 6553
|
||||
|
||||
etcd:
|
||||
container_port: 2379
|
||||
haproxy_port: 2378
|
||||
|
||||
proxy:
|
||||
http: http://proxy.foo.com:8080
|
||||
https: http://proxy.foo.com:8080
|
||||
no_proxy: '.foo.com,.cluster.local,localhost,127.0.0.1'
|
||||
|
||||
node_ports:
|
||||
drydock_api: 30000
|
||||
maas_api: 30001
|
||||
maas_proxy: 31800
|
||||
shipyard_api: 30003
|
||||
airflow_web: 30004
|
||||
|
||||
ntp:
|
||||
servers_joined: ntp.ubuntu.com
|
||||
|
||||
storage:
|
||||
ceph:
|
||||
public_cidr: REPLACEME
|
||||
cluster_cidr: REPLACEME
|
||||
...
|
|
@ -0,0 +1,180 @@
|
|||
---
|
||||
schema: promenade/PKICatalog/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: cluster-certificates
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
substitutions:
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostname
|
||||
dest:
|
||||
path: .certificate_authorities.kubernetes.certificates[1].hosts[0]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostip
|
||||
dest:
|
||||
path: .certificate_authorities.kubernetes.certificates[1].hosts[1]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostname
|
||||
dest:
|
||||
path: .certificate_authorities.kubernetes.certificates[1].common_name
|
||||
pattern: HOSTNAME
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostname
|
||||
dest:
|
||||
path: .certificate_authorities.kubernetes.certificates[1].common_name
|
||||
pattern: HOSTNAME
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostname
|
||||
dest:
|
||||
path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[0]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostip
|
||||
dest:
|
||||
path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[1]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostname
|
||||
dest:
|
||||
path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[0]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostip
|
||||
dest:
|
||||
path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[1]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostname
|
||||
dest:
|
||||
path: .certificate_authorities.calico-etcd.certificates[1].hosts[0]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostip
|
||||
dest:
|
||||
path: .certificate_authorities.calico-etcd.certificates[1].hosts[1]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostname
|
||||
dest:
|
||||
path: .certificate_authorities.calico-etcd-peer.certificates[1].hosts[0]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostip
|
||||
dest:
|
||||
path: .certificate_authorities.calico-etcd-peer.certificates[1].hosts[1]
|
||||
data:
|
||||
certificate_authorities:
|
||||
kubernetes:
|
||||
description: CA for Kubernetes components
|
||||
certificates:
|
||||
- document_name: apiserver
|
||||
description: Service certificate for Kubernetes apiserver
|
||||
common_name: apiserver
|
||||
hosts:
|
||||
- localhost
|
||||
- 127.0.0.1
|
||||
- 10.96.0.1
|
||||
kubernetes_service_names:
|
||||
- kubernetes.default.svc.cluster.local
|
||||
- document_name: kubelet-genesis
|
||||
common_name: system:node:HOSTNAME
|
||||
hosts:
|
||||
- REPLACEME_HOST_NAME
|
||||
- REPLACEME_HOST_IP
|
||||
groups:
|
||||
- system:nodes
|
||||
- document_name: scheduler
|
||||
description: Service certificate for Kubernetes scheduler
|
||||
common_name: system:kube-scheduler
|
||||
- document_name: controller-manager
|
||||
description: certificate for controller-manager
|
||||
common_name: system:kube-controller-manager
|
||||
- document_name: admin
|
||||
common_name: admin
|
||||
groups:
|
||||
- system:masters
|
||||
- document_name: armada
|
||||
common_name: armada
|
||||
groups:
|
||||
- system:masters
|
||||
kubernetes-etcd:
|
||||
description: Certificates for Kubernetes's etcd servers
|
||||
certificates:
|
||||
- document_name: apiserver-etcd
|
||||
description: etcd client certificate for use by Kubernetes apiserver
|
||||
common_name: apiserver
|
||||
- document_name: kubernetes-etcd-anchor
|
||||
description: anchor
|
||||
common_name: anchor
|
||||
- document_name: kubernetes-etcd-genesis
|
||||
common_name: kubernetes-etcd-genesis
|
||||
hosts:
|
||||
- REPLACEME_HOST_NAME
|
||||
- REPLACEME_HOST_IP
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
kubernetes-etcd-peer:
|
||||
certificates:
|
||||
- document_name: kubernetes-etcd-genesis-peer
|
||||
common_name: kubernetes-etcd-genesis-peer
|
||||
hosts:
|
||||
- REPLACEME_HOST_NAME
|
||||
- REPLACEME_HOST_IP
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
calico-etcd:
|
||||
description: Certificates for Calico etcd client traffic
|
||||
certificates:
|
||||
- document_name: calico-etcd-anchor
|
||||
description: anchor
|
||||
common_name: anchor
|
||||
- document_name: calico-etcd-genesis
|
||||
common_name: calico-etcd-genesis
|
||||
hosts:
|
||||
- REPLACEME_HOST_NAME
|
||||
- REPLACEME_HOST_IP
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-node
|
||||
common_name: calcico-node
|
||||
calico-etcd-peer:
|
||||
description: Certificates for Calico etcd clients
|
||||
certificates:
|
||||
- document_name: calico-etcd-genesis-peer
|
||||
common_name: calico-etcd-genesis-peer
|
||||
hosts:
|
||||
- REPLACEME_HOST_NAME
|
||||
- REPLACEME_HOST_IP
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-node-peer
|
||||
common_name: calcico-node-peer
|
||||
keypairs:
|
||||
- name: service-account
|
||||
description: Service account signing key for use by Kubernetes controller-manager.
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ceph_swift_keystone_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password1
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ipmi_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: calvin
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: maas-region-key
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: 3858f62230ac3c915f300c664312c63f
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_airflow_postgres_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password2
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_armada_keystone_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password3
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_barbican_keystone_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password4
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_barbican_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password5
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_deckhand_keystone_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password6
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_deckhand_postgres_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password7
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_drydock_keystone_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password8
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_drydock_postgres_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password9
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_keystone_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password10
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_keystone_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password11
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_maas_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password12
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_maas_postgres_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password13
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_oslo_db_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password14
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_oslo_messaging_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password15
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_postgres_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password16
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_promenade_keystone_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password17
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_rabbitmq_erlang_cookie
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: 111df8c05b0f041d4764
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_shipyard_keystone_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password18
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_shipyard_postgres_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password19
|
||||
...
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
data:
|
||||
revision: v1.0u
|
||||
site_type: single-node-proxy
|
||||
metadata:
|
||||
layeringDefinition: {abstract: false, layer: site}
|
||||
name: dev
|
||||
schema: metadata/Document/v1
|
||||
storagePolicy: cleartext
|
||||
schema: pegleg/SiteDefinition/v1
|
||||
...
|
|
@ -0,0 +1,122 @@
|
|||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: kubernetes-calico-etcd
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
parentSelector:
|
||||
name: kubernetes-calico-etcd-global
|
||||
actions:
|
||||
- method: merge
|
||||
path: .
|
||||
storagePolicy: cleartext
|
||||
substitutions:
|
||||
|
||||
# Chart source
|
||||
- src:
|
||||
schema: pegleg/SoftwareVersions/v1
|
||||
name: software-versions
|
||||
path: .charts.kubernetes.calico.etcd
|
||||
dest:
|
||||
path: .source
|
||||
|
||||
# Image versions
|
||||
- src:
|
||||
schema: pegleg/SoftwareVersions/v1
|
||||
name: software-versions
|
||||
path: .images.calico.etcd
|
||||
dest:
|
||||
path: .values.images.tags
|
||||
|
||||
# IP addresses
|
||||
-
|
||||
src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .calico.etcd.service_ip
|
||||
dest:
|
||||
path: .values.service.ip
|
||||
-
|
||||
src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .calico.etcd.service_ip
|
||||
dest:
|
||||
path: .values.anchor.etcdctl_endpoint
|
||||
|
||||
# CAs
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateAuthority/v1
|
||||
name: calico-etcd
|
||||
path: .
|
||||
dest:
|
||||
path: .values.secrets.tls.client.ca
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateAuthority/v1
|
||||
name: calico-etcd-peer
|
||||
path: .
|
||||
dest:
|
||||
path: .values.secrets.tls.peer.ca
|
||||
|
||||
# Anchor client cert
|
||||
-
|
||||
src:
|
||||
schema: deckhand/Certificate/v1
|
||||
name: calico-etcd-anchor
|
||||
path: .
|
||||
dest:
|
||||
path: .values.secrets.anchor.tls.cert
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: calico-etcd-anchor
|
||||
path: .
|
||||
dest:
|
||||
path: .values.secrets.anchor.tls.key
|
||||
|
||||
# Node names
|
||||
-
|
||||
src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .genesis.hostname
|
||||
dest:
|
||||
path: .values.nodes[0].name
|
||||
|
||||
# Server certs
|
||||
-
|
||||
src:
|
||||
schema: deckhand/Certificate/v1
|
||||
name: calico-etcd-genesis
|
||||
path: .
|
||||
dest:
|
||||
path: .values.nodes[0].tls.client.cert
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: calico-etcd-genesis
|
||||
path: .
|
||||
dest:
|
||||
path: .values.nodes[0].tls.client.key
|
||||
-
|
||||
src:
|
||||
schema: deckhand/Certificate/v1
|
||||
name: calico-etcd-genesis-peer
|
||||
path: .
|
||||
dest:
|
||||
path: .values.nodes[0].tls.peer.cert
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: calico-etcd-genesis-peer
|
||||
path: .
|
||||
dest:
|
||||
path: .values.nodes[0].tls.peer.key
|
||||
|
||||
data: {}
|
||||
|
||||
...
|
|
@ -0,0 +1,121 @@
|
|||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: kubernetes-etcd
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
parentSelector:
|
||||
name: kubernetes-etcd-global
|
||||
actions:
|
||||
- method: merge
|
||||
path: .
|
||||
storagePolicy: cleartext
|
||||
substitutions:
|
||||
|
||||
# Chart source
|
||||
- src:
|
||||
schema: pegleg/SoftwareVersions/v1
|
||||
name: software-versions
|
||||
path: .charts.kubernetes.etcd
|
||||
dest:
|
||||
path: .source
|
||||
|
||||
# Images
|
||||
- src:
|
||||
schema: pegleg/SoftwareVersions/v1
|
||||
name: software-versions
|
||||
path: .images.kubernetes.etcd
|
||||
dest:
|
||||
path: .values.images.tags
|
||||
|
||||
# IP addresses
|
||||
-
|
||||
src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .kubernetes.etcd_service_ip
|
||||
dest:
|
||||
path: .values.service.ip
|
||||
-
|
||||
src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .kubernetes.etcd_service_ip
|
||||
dest:
|
||||
path: .values.anchor.etcdctl_endpoint
|
||||
|
||||
# CAs
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateAuthority/v1
|
||||
name: kubernetes-etcd
|
||||
path: .
|
||||
dest:
|
||||
path: .values.secrets.tls.client.ca
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateAuthority/v1
|
||||
name: kubernetes-etcd-peer
|
||||
path: .
|
||||
dest:
|
||||
path: .values.secrets.tls.peer.ca
|
||||
|
||||
-
|
||||
src:
|
||||
schema: deckhand/Certificate/v1
|
||||
name: kubernetes-etcd-anchor
|
||||
path: .
|
||||
dest:
|
||||
path: .values.secrets.anchor.tls.cert
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: kubernetes-etcd-anchor
|
||||
path: .
|
||||
dest:
|
||||
path: .values.secrets.anchor.tls.key
|
||||
|
||||
# Node names
|
||||
-
|
||||
src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostname
|
||||
dest:
|
||||
path: .values.nodes[0].name
|
||||
|
||||
# Server certs
|
||||
-
|
||||
src:
|
||||
schema: deckhand/Certificate/v1
|
||||
name: kubernetes-etcd-genesis
|
||||
path: .
|
||||
dest:
|
||||
path: '.values.nodes[0].tls.client.cert'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: kubernetes-etcd-genesis
|
||||
path: .
|
||||
dest:
|
||||
path: '.values.nodes[0].tls.client.key'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/Certificate/v1
|
||||
name: kubernetes-etcd-genesis-peer
|
||||
path: .
|
||||
dest:
|
||||
path: '.values.nodes[0].tls.peer.cert'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: kubernetes-etcd-genesis-peer
|
||||
path: .
|
||||
dest:
|
||||
path: '.values.nodes[0].tls.peer.key'
|
||||
|
||||
data: {}
|
||||
|
||||
...
|
|
@ -0,0 +1,235 @@
|
|||
---
|
||||
schema: pegleg/EndpointCatalogue/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_endpoints
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
ucp:
|
||||
identity:
|
||||
namespace: ucp
|
||||
name: keystone
|
||||
hosts:
|
||||
default: keystone-api
|
||||
public: keystone
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: /v3
|
||||
scheme:
|
||||
default: http
|
||||
port:
|
||||
admin:
|
||||
default: 35357
|
||||
api:
|
||||
default: 80
|
||||
armada:
|
||||
name: armada
|
||||
hosts:
|
||||
default: armada-api
|
||||
public: armada
|
||||
port:
|
||||
api:
|
||||
default: 8000
|
||||
path:
|
||||
default: /api/v1.0
|
||||
scheme:
|
||||
default: http
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
deckhand:
|
||||
name: deckhand
|
||||
hosts:
|
||||
default: deckhand-int
|
||||
public: deckhand-api
|
||||
port:
|
||||
api:
|
||||
default: 9000
|
||||
path:
|
||||
default: /api/v1.0
|
||||
scheme:
|
||||
default: http
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
postgresql:
|
||||
name: postgresql
|
||||
hosts:
|
||||
default: postgresql
|
||||
path: /DB_NAME
|
||||
scheme: postgresql+psycopg2
|
||||
port:
|
||||
postgresql:
|
||||
default: 5432
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
oslo_db:
|
||||
hosts:
|
||||
default: mariadb
|
||||
discovery: mariadb-discovery
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path: /DB_NAME
|
||||
scheme: mysql+pymysql
|
||||
port:
|
||||
mysql:
|
||||
default: 3306
|
||||
wsrep:
|
||||
default: 4567
|
||||
key_manager:
|
||||
name: barbican
|
||||
hosts:
|
||||
default: barbican-api
|
||||
public: barbican
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: /v1
|
||||
scheme:
|
||||
default: http
|
||||
port:
|
||||
api:
|
||||
default: 9311
|
||||
public: 80
|
||||
oslo_messaging:
|
||||
namespace: null
|
||||
hosts:
|
||||
default: rabbitmq
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path: /openstack
|
||||
scheme: rabbit
|
||||
port:
|
||||
amqp:
|
||||
default: 5672
|
||||
oslo_cache:
|
||||
hosts:
|
||||
default: memcached
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
port:
|
||||
memcache:
|
||||
default: 11211
|
||||
physicalprovisioner:
|
||||
name: drydock
|
||||
hosts:
|
||||
default: drydock-api
|
||||
port:
|
||||
api:
|
||||
default: 9000
|
||||
nodeport: 31900
|
||||
path:
|
||||
default: /api/v1.0
|
||||
scheme:
|
||||
default: http
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
maas_region_ui:
|
||||
name: maas-region-ui
|
||||
hosts:
|
||||
default: maas-region-ui
|
||||
public: maas
|
||||
path:
|
||||
default: /MAAS
|
||||
scheme:
|
||||
default: "http"
|
||||
port:
|
||||
region_ui:
|
||||
default: 80
|
||||
public: 80
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
kubernetesprovisioner:
|
||||
name: promenade
|
||||
hosts:
|
||||
default: promenade-api
|
||||
port:
|
||||
api:
|
||||
default: 80
|
||||
path:
|
||||
default: /api/v1.0
|
||||
scheme:
|
||||
default: http
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
shipyard:
|
||||
name: shipyard
|
||||
hosts:
|
||||
default: shipyard-int
|
||||
public: shipyard-api
|
||||
port:
|
||||
api:
|
||||
default: 9000
|
||||
public: 80
|
||||
path:
|
||||
default: /api/v1.0
|
||||
scheme:
|
||||
default: http
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
airflow_web:
|
||||
name: airflow-web
|
||||
hosts:
|
||||
default: airflow-web-int
|
||||
public: airflow-web
|
||||
port:
|
||||
airflow_web:
|
||||
default: 8080
|
||||
path:
|
||||
default: /
|
||||
scheme:
|
||||
default: http
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
airflow_flower:
|
||||
name: airflow-flower
|
||||
hosts:
|
||||
default: airflow-flower
|
||||
port:
|
||||
airflow_flower:
|
||||
default: 5555
|
||||
path:
|
||||
default: /
|
||||
scheme:
|
||||
default: http
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
ceph:
|
||||
object_store:
|
||||
name: swift
|
||||
namespace: ceph
|
||||
hosts:
|
||||
default: ceph-rgw
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: /swift/v1
|
||||
scheme:
|
||||
default: http
|
||||
port:
|
||||
api:
|
||||
default: 8088
|
||||
ceph_mon:
|
||||
namespace: ceph
|
||||
hosts:
|
||||
default: ceph-mon
|
||||
discovery: ceph-mon-discovery
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
port:
|
||||
mon:
|
||||
default: 6789
|
||||
ceph_mgr:
|
||||
namespace: ceph
|
||||
hosts:
|
||||
default: ceph-mgr
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
port:
|
||||
mgr:
|
||||
default: 7000
|
||||
scheme:
|
||||
default: http
|
||||
...
|
|
@ -0,0 +1,124 @@
|
|||
---
|
||||
schema: pegleg/AccountCatalogue/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_service_accounts
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
ucp:
|
||||
postgres:
|
||||
admin:
|
||||
username: postgres
|
||||
oslo_db:
|
||||
admin:
|
||||
username: root
|
||||
oslo_messaging:
|
||||
admin:
|
||||
username: rabbitmq
|
||||
keystone:
|
||||
admin:
|
||||
region_name: RegionOne
|
||||
username: admin
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
oslo_messaging:
|
||||
admin:
|
||||
username: rabbitmq
|
||||
keystone:
|
||||
username: keystone
|
||||
oslo_db:
|
||||
username: keystone
|
||||
database: keystone
|
||||
promenade:
|
||||
keystone:
|
||||
region_name: RegionOne
|
||||
role: admin
|
||||
project_name: service
|
||||
project_domain_name: default
|
||||
user_domain_name: default
|
||||
username: promenade
|
||||
drydock:
|
||||
keystone:
|
||||
region_name: RegionOne
|
||||
role: admin
|
||||
project_name: service
|
||||
project_domain_name: default
|
||||
user_domain_name: default
|
||||
username: drydock
|
||||
postgres:
|
||||
username: drydock
|
||||
database: drydock
|
||||
shipyard:
|
||||
keystone:
|
||||
region_name: RegionOne
|
||||
role: admin
|
||||
project_name: service
|
||||
project_domain_name: default
|
||||
user_domain_name: default
|
||||
username: shipyard
|
||||
postgres:
|
||||
username: shipyard
|
||||
database: shipyard
|
||||
airflow:
|
||||
postgres:
|
||||
username: airflow
|
||||
database: airflow
|
||||
oslo_messaging:
|
||||
username: rabbitmq
|
||||
maas:
|
||||
admin:
|
||||
username: admin
|
||||
email: none@none
|
||||
postgres:
|
||||
username: maas
|
||||
database: maasdb
|
||||
barbican:
|
||||
keystone:
|
||||
region_name: RegionOne
|
||||
role: admin
|
||||
project_name: service
|
||||
project_domain_name: default
|
||||
user_domain_name: default
|
||||
username: barbican
|
||||
oslo_db:
|
||||
username: barbican
|
||||
database: barbican
|
||||
oslo_messaging:
|
||||
admin:
|
||||
username: rabbitmq
|
||||
keystone:
|
||||
username: keystone
|
||||
armada:
|
||||
keystone:
|
||||
project_domain_name: default
|
||||
user_domain_name: default
|
||||
project_name: service
|
||||
region_name: RegionOne
|
||||
role: admin
|
||||
user_domain_name: default
|
||||
username: armada
|
||||
deckhand:
|
||||
keystone:
|
||||
region_name: RegionOne
|
||||
role: admin
|
||||
project_name: service
|
||||
project_domain_name: default
|
||||
user_domain_name: default
|
||||
username: deckhand
|
||||
postgres:
|
||||
username: deckhand
|
||||
database: deckhand
|
||||
ceph:
|
||||
swift:
|
||||
keystone:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: swift
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
...
|
|
@ -0,0 +1,101 @@
|
|||
---
|
||||
schema: promenade/KubernetesNetwork/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: kubernetes-network
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: type
|
||||
storagePolicy: cleartext
|
||||
substitutions:
|
||||
# DNS
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .dns.cluster_domain
|
||||
dest:
|
||||
path: .dns.cluster_domain
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .dns.service_ip
|
||||
dest:
|
||||
path: .dns.service_ip
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .dns.upstream_servers
|
||||
dest:
|
||||
path: .dns.upstream_servers
|
||||
|
||||
# HTTP Proxy config
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .proxy.https
|
||||
dest:
|
||||
path: .proxy.url
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .proxy.no_proxy
|
||||
dest:
|
||||
path: .proxy.additional_no_proxy[0]
|
||||
|
||||
# Kubernetes IPs
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .kubernetes.api_service_ip
|
||||
dest:
|
||||
path: .kubernetes.service_ip
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .kubernetes.pod_cidr
|
||||
dest:
|
||||
path: .kubernetes.pod_cidr
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .kubernetes.service_cidr
|
||||
dest:
|
||||
path: .kubernetes.service_cidr
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .kubernetes.etcd_service_ip
|
||||
dest:
|
||||
path: .etcd.service_ip
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .etcd.container_port
|
||||
dest:
|
||||
path: .etcd.container_port
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .etcd.haproxy_port
|
||||
dest:
|
||||
path: .etcd.haproxy_port
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .kubernetes.apiserver_port
|
||||
dest:
|
||||
path: .kubernetes.apiserver_port
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .kubernetes.haproxy_port
|
||||
dest:
|
||||
path: .kubernetes.haproxy_port
|
||||
|
||||
data:
|
||||
dns:
|
||||
bootstrap_validation_checks:
|
||||
- calico-etcd.kube-system.svc.cluster.local
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- kubernetes.default.svc.cluster.local
|
||||
...
|
|
@ -0,0 +1,29 @@
|
|||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp-maas
|
||||
replacement: true
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: type
|
||||
parentSelector:
|
||||
name: ucp-maas
|
||||
actions:
|
||||
- method: merge
|
||||
path: .
|
||||
storagePolicy: cleartext
|
||||
substitutions:
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .proxy.https
|
||||
- dest:
|
||||
path: .values.conf.maas.proxy.proxy_server
|
||||
data:
|
||||
values:
|
||||
conf:
|
||||
maas:
|
||||
proxy:
|
||||
proxy_enabled: 'true'
|
||||
...
|
|
@ -0,0 +1,37 @@
|
|||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp-promenade
|
||||
replacement: true
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: type
|
||||
parentSelector:
|
||||
name: ucp-promenade
|
||||
actions:
|
||||
- method: merge
|
||||
path: .
|
||||
storagePolicy: cleartext
|
||||
substitutions:
|
||||
# HTTP Proxy env
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .proxy.http
|
||||
dest:
|
||||
path: .values.pod.env.promenade_api.http_proxy
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .proxy.https
|
||||
dest:
|
||||
path: .values.pod.env.promenade_api.https_proxy
|
||||
- src:
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
name: common-addresses
|
||||
path: .proxy.no_proxy
|
||||
dest:
|
||||
path: .values.pod.env.promenade_api.no_proxy
|
||||
data: {}
|
||||
...
|
|
@ -50,6 +50,12 @@ export UCP_INTEGRATION_REFSPEC="refs/changes/03/404203/32"
|
|||
export PEGLEG_IMAGE="artifacts-aic.atlantafoundry.com/att-comdev/pegleg:f019b4ff594db7d13a2ac444c001f867b3a67c50"
|
||||
|
||||
9) source set-env.sh
|
||||
|
||||
NOTE: If running this behind a corporate proxy, you will need to update the
|
||||
file deployment_files/site/dev-proxy/networks/common-addresses.yaml to
|
||||
specify your proxy server and appropriate no_proxy list. Also change set-env.sh
|
||||
to use TARGET_SITE of 'dev-proxy'.
|
||||
|
||||
10) ./deploy-ucp.sh
|
||||
|
||||
If you want to stop the deployment before it starts running genesis and inspect
|
||||
|
@ -59,7 +65,7 @@ trigger the genesis steps.
|
|||
Next Steps
|
||||
----------
|
||||
All of the documents used for a subsequent deploy_site action are now placed
|
||||
into the /root/deploy/site direectory for ease of use - instructions are
|
||||
into the /root/deploy/site directory for ease of use - instructions are
|
||||
provided by the script at the end of a successful genesis process.
|
||||
|
||||
In the same directory as the deploy-ucp.sh script, there is a file creds.sh
|
||||
|
|
|
@ -48,4 +48,6 @@ export NODE_NET_IFACE=ens3
|
|||
# export WORKSPACE="/root/deploy"
|
||||
|
||||
# The site to deploy
|
||||
#export TARGET_SITE="dev"
|
||||
export TARGET_SITE="dev"
|
||||
# If running behind a proxy
|
||||
# export TARGET_SITE="dev-proxy"
|
||||
|
|
Loading…
Reference in New Issue