--- schema: 'deckhand/LayeringPolicy/v1' metadata: schema: 'metadata/Control/v1' name: layering-policy data: layerOrder: - site --- schema: armada/ChartGroup/v1 metadata: schema: metadata/Document/v1 name: kubernetes-proxy layeringDefinition: abstract: false layer: site storagePolicy: cleartext data: description: Kubernetes proxy sequenced: true chart_group: - kubernetes-proxy --- schema: armada/ChartGroup/v1 metadata: schema: metadata/Document/v1 name: container-networking layeringDefinition: abstract: false layer: site storagePolicy: cleartext data: description: Container networking via Calico sequenced: true chart_group: - calico-etcd - calico --- schema: armada/ChartGroup/v1 metadata: schema: metadata/Document/v1 name: dns layeringDefinition: abstract: false layer: site storagePolicy: cleartext data: description: Cluster DNS chart_group: - coredns --- schema: armada/ChartGroup/v1 metadata: schema: metadata/Document/v1 name: kubernetes layeringDefinition: abstract: false layer: site storagePolicy: cleartext data: description: Kubernetes components chart_group: - haproxy - kubernetes-etcd - kubernetes-apiserver - kubernetes-controller-manager - kubernetes-scheduler - tiller --- schema: armada/ChartGroup/v1 metadata: schema: metadata/Document/v1 name: ingress-system layeringDefinition: abstract: false layer: site storagePolicy: cleartext data: description: Ingress for the site chart_group: - ingress-kube-system --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: helm-toolkit layeringDefinition: abstract: false layer: site storagePolicy: cleartext data: chart_name: helm-toolkit release: helm-toolkit namespace: helm-toolkit timeout: 600 upgrade: no_hooks: true values: {} source: type: git location: ${HTK_CHART_REPO} subpath: ${HTK_CHART_PATH} reference: ${HTK_CHART_BRANCH} dependencies: [] --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: kubernetes-proxy layeringDefinition: abstract: false layer: site data: chart_name: proxy release: kubernetes-proxy namespace: kube-system timeout: 600 upgrade: no_hooks: true values: images: tags: proxy: ${KUBE_PROXY_IMAGE} network: kubernetes_netloc: 127.0.0.1:6553 pod_cidr: 10.97.0.0/16 source: type: local location: /etc/genesis/armada/assets/charts subpath: proxy dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: calico-etcd layeringDefinition: abstract: false layer: site substitutions: - src: schema: deckhand/CertificateAuthority/v1 name: calico-etcd path: . dest: path: '.values.secrets.tls.client.ca' - src: schema: deckhand/CertificateAuthority/v1 name: calico-etcd-peer path: . dest: path: '.values.secrets.tls.peer.ca' - src: schema: deckhand/Certificate/v1 name: calico-etcd-anchor path: . dest: path: '.values.secrets.anchor.tls.cert' - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-anchor path: . dest: path: '.values.secrets.anchor.tls.key' - src: schema: deckhand/Certificate/v1 name: calico-etcd-${GENESIS_NODE_NAME} path: . dest: path: '.values.nodes[0].tls.client.cert' - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-${GENESIS_NODE_NAME} path: . dest: path: '.values.nodes[0].tls.client.key' - src: schema: deckhand/Certificate/v1 name: calico-etcd-${GENESIS_NODE_NAME}-peer path: . dest: path: '.values.nodes[0].tls.peer.cert' - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-${GENESIS_NODE_NAME}-peer path: . dest: path: '.values.nodes[0].tls.peer.key' - src: schema: deckhand/Certificate/v1 name: calico-etcd-${MASTER_NODE_NAME} path: . dest: path: '.values.nodes[1].tls.client.cert' - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-${MASTER_NODE_NAME} path: . dest: path: '.values.nodes[1].tls.client.key' - src: schema: deckhand/Certificate/v1 name: calico-etcd-${MASTER_NODE_NAME}-peer path: . dest: path: '.values.nodes[1].tls.peer.cert' - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-${MASTER_NODE_NAME}-peer path: . dest: path: '.values.nodes[1].tls.peer.key' data: chart_name: etcd release: calico-etcd namespace: kube-system timeout: 600 upgrade: no_hooks: true values: anchor: etcdctl_endpoint: 10.96.232.136 labels: anchor: node_selector_key: calico-etcd node_selector_value: enabled secrets: anchor: tls: cert: placeholder key: placeholder tls: client: ca: placeholder peer: ca: placeholder etcd: host_data_path: ${ETCD_CALICO_DATA_PATH} host_etc_path: ${ETCD_CALICO_ETC_PATH} bootstrapping: enabled: true host_directory: /var/lib/anchor filename: calico-etcd-bootstrap images: tags: etcd: ${CALICO_ETCD_IMAGE} etcdctl: ${CALICO_ETCDCTL_IMAGE} nodes: - name: ${GENESIS_NODE_NAME} tls: client: cert: placeholder key: placeholder peer: cert: placeholder key: placeholder - name: ${MASTER_NODE_NAME} tls: client: cert: placeholder key: placeholder peer: cert: placeholder key: placeholder service: name: calico-etcd ip: 10.96.232.136 network: service_client: name: service_client port: 6666 target_port: 6666 service_peer: name: service_peer port: 6667 target_port: 6667 source: type: local location: /etc/genesis/armada/assets/charts subpath: etcd dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: calico layeringDefinition: abstract: false layer: site substitutions: - src: schema: deckhand/CertificateAuthority/v1 name: calico-etcd path: . dest: path: '.values.etcd.tls.ca' - src: schema: deckhand/Certificate/v1 name: calico-node path: . dest: path: '.values.etcd.tls.cert' - src: schema: deckhand/CertificateKey/v1 name: calico-node path: . dest: path: '.values.etcd.tls.key' data: chart_name: calico release: calico namespace: kube-system timeout: 600 upgrade: no_hooks: true values: calico: ip_autodetection_method: interface=${NODE_NET_IFACE} pod_ip_cidr: 10.97.0.0/16 ctl: install_on_host: true etcd: service: ip: 10.96.232.136 port: 6666 tls: ca: placeholder cert: placeholder key: placeholder images: cni: ${CALICO_CNI_IMAGE} ctl: ${CALICO_CTL_IMAGE} node: ${CALICO_NODE_IMAGE} policy_controller: ${CALICO_POLICYCTLR_IMAGE} source: type: local location: /etc/genesis/armada/assets/charts subpath: calico dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: coredns layeringDefinition: abstract: false layer: site data: chart_name: coredns release: coredns namespace: kube-system timeout: 600 upgrade: no_hooks: true values: images: tags: coredns: ${KUBE_COREDNS_IMAGE} test: ${KUBE_COREDNS_IMAGE} source: type: local location: /etc/genesis/armada/assets/charts subpath: coredns dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: haproxy layeringDefinition: abstract: false layer: site data: chart_name: haproxy release: haproxy namespace: kube-system timeout: 600 wait: timeout: 600 upgrade: no_hooks: true values: conf: anchor: kubernetes_url: https://kubernetes.default:443 services: default: kubernetes: server_opts: "check" conf_parts: frontend: - mode tcp - option tcpka - bind *:6553 backend: - mode tcp - option tcpka kube-system: kubernetes-etcd: server_opts: "check" conf_parts: frontend: - mode tcp - option tcpka - bind *:2378 backend: - mode tcp - option tcpka images: tags: anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6 haproxy: haproxy:1.8.3 source: type: local location: /etc/genesis/armada/assets/charts subpath: haproxy dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: kubernetes-apiserver layeringDefinition: abstract: false layer: site substitutions: - src: schema: deckhand/CertificateAuthority/v1 name: kubernetes path: . dest: path: .values.secrets.tls.ca - src: schema: deckhand/Certificate/v1 name: apiserver path: . dest: path: .values.secrets.tls.cert - src: schema: deckhand/CertificateKey/v1 name: apiserver path: . dest: path: .values.secrets.tls.key - src: schema: deckhand/CertificateAuthority/v1 name: kubernetes-etcd path: . dest: path: .values.secrets.etcd.tls.ca - src: schema: deckhand/Certificate/v1 name: apiserver-etcd path: . dest: path: .values.secrets.etcd.tls.cert - src: schema: deckhand/CertificateKey/v1 name: apiserver-etcd path: . dest: path: .values.secrets.etcd.tls.key - src: schema: deckhand/PublicKey/v1 name: service-account path: . dest: path: .values.secrets.service_account.public_key data: chart_name: apiserver release: kubernetes-apiserver namespace: kube-system timeout: 600 upgrade: no_hooks: true values: apiserver: etcd: endpoints: https://127.0.0.1:2378 images: tags: anchor: ${KUBE_ANCHOR_IMAGE} apiserver: ${KUBE_APISERVER_IMAGE} secrets: service_account: public_key: placeholder tls: ca: placeholder cert: placeholder key: placeholder etcd: tls: ca: placeholder cert: placeholder key: placeholder network: kubernetes_service_ip: 10.96.0.1 pod_cidr: 10.97.0.0/16 service_cidr: 10.96.0.0/16 source: type: local location: /etc/genesis/armada/assets/charts subpath: apiserver dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: kubernetes-controller-manager layeringDefinition: abstract: false layer: site substitutions: - src: schema: deckhand/CertificateAuthority/v1 name: kubernetes path: . dest: path: .values.secrets.tls.ca - src: schema: deckhand/Certificate/v1 name: controller-manager path: . dest: path: .values.secrets.tls.cert - src: schema: deckhand/CertificateKey/v1 name: controller-manager path: . dest: path: .values.secrets.tls.key - src: schema: deckhand/PrivateKey/v1 name: service-account path: . dest: path: .values.secrets.service_account.private_key data: chart_name: controller_manager release: kubernetes-controller-manager namespace: kube-system timeout: 600 upgrade: no_hooks: true values: images: anchor: ${KUBE_ANCHOR_IMAGE} controller_manager: ${KUBE_CTLRMGR_IMAGE} secrets: service_account: private_key: placeholder tls: ca: placeholder cert: placeholder key: placeholder network: kubernetes_netloc: 127.0.0.1:6553 pod_cidr: 10.97.0.0/16 service_cidr: 10.96.0.0/16 source: type: local location: /etc/genesis/armada/assets/charts subpath: controller_manager dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: kubernetes-scheduler layeringDefinition: abstract: false layer: site substitutions: - src: schema: deckhand/CertificateAuthority/v1 name: kubernetes path: . dest: path: .values.secrets.tls.ca - src: schema: deckhand/Certificate/v1 name: scheduler path: . dest: path: .values.secrets.tls.cert - src: schema: deckhand/CertificateKey/v1 name: scheduler path: . dest: path: .values.secrets.tls.key data: chart_name: scheduler release: kubernetes-scheduler namespace: kube-system timeout: 600 upgrade: no_hooks: true values: secrets: tls: ca: placeholder cert: placeholder key: placeholder network: kubernetes_netloc: 127.0.0.1:6553 images: tags: anchor: ${KUBE_ANCHOR_IMAGE} scheduler: ${KUBE_SCHED_IMAGE} source: type: local location: /etc/genesis/armada/assets/charts subpath: scheduler dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: kubernetes-etcd layeringDefinition: abstract: false layer: site substitutions: - src: schema: deckhand/CertificateAuthority/v1 name: kubernetes-etcd path: . dest: path: '.values.secrets.tls.client.ca' - src: schema: deckhand/CertificateAuthority/v1 name: kubernetes-etcd-peer path: . dest: path: '.values.secrets.tls.peer.ca' - src: schema: deckhand/Certificate/v1 name: kubernetes-etcd-anchor path: . dest: path: '.values.secrets.anchor.tls.cert' - src: schema: deckhand/CertificateKey/v1 name: kubernetes-etcd-anchor path: . dest: path: '.values.secrets.anchor.tls.key' - src: schema: deckhand/Certificate/v1 name: kubernetes-etcd-${GENESIS_NODE_NAME} path: . dest: path: '.values.nodes[0].tls.client.cert' - src: schema: deckhand/CertificateKey/v1 name: kubernetes-etcd-${GENESIS_NODE_NAME} path: . dest: path: '.values.nodes[0].tls.client.key' - src: schema: deckhand/Certificate/v1 name: kubernetes-etcd-${GENESIS_NODE_NAME}-peer path: . dest: path: '.values.nodes[0].tls.peer.cert' - src: schema: deckhand/CertificateKey/v1 name: kubernetes-etcd-${GENESIS_NODE_NAME}-peer path: . dest: path: '.values.nodes[0].tls.peer.key' - src: schema: deckhand/Certificate/v1 name: kubernetes-etcd-${MASTER_NODE_NAME} path: . dest: path: '.values.nodes[1].tls.client.cert' - src: schema: deckhand/CertificateKey/v1 name: kubernetes-etcd-${MASTER_NODE_NAME} path: . dest: path: '.values.nodes[1].tls.client.key' - src: schema: deckhand/Certificate/v1 name: kubernetes-etcd-${MASTER_NODE_NAME}-peer path: . dest: path: '.values.nodes[1].tls.peer.cert' - src: schema: deckhand/CertificateKey/v1 name: kubernetes-etcd-${MASTER_NODE_NAME}-peer path: . dest: path: '.values.nodes[1].tls.peer.key' data: chart_name: etcd release: kubernetes-etcd namespace: kube-system timeout: 600 upgrade: no_hooks: true values: anchor: etcdctl_endpoint: 10.96.0.2 labels: anchor: node_selector_key: kubernetes-etcd node_selector_value: enabled secrets: anchor: tls: cert: placeholder key: placeholder tls: client: ca: placeholder peer: ca: placeholder etcd: host_data_path: ${ETCD_KUBE_DATA_PATH} host_etc_path: ${ETCD_KUBE_ETC_PATH} images: tags: etcd: ${KUBE_ETCD_IMAGE} etcdctl: ${KUBE_ETCDCTL_IMAGE} nodes: - name: ${GENESIS_NODE_NAME} tls: client: cert: placeholder key: placeholder peer: cert: placeholder key: placeholder - name: ${MASTER_NODE_NAME} tls: client: cert: placeholder key: placeholder peer: cert: placeholder key: placeholder service: name: kubernetes-etcd ip: 10.96.0.2 network: service_client: name: service_client port: 2379 target_port: 2379 service_peer: name: service_peer port: 2380 target_port: 2380 source: type: local location: /etc/genesis/armada/assets/charts subpath: etcd dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: ingress-kube-system layeringDefinition: abstract: false layer: site data: chart_name: ingress-kube-system release: ingress-kube-system namespace: kube-system timeout: 300 install: no_hooks: false upgrade: no_hooks: false values: labels: server: node_selector_key: kube-ingress node_selector_value: enabled error_server: node_selector_key: kube-ingress node_selector_value: enabled deployment: mode: cluster type: DaemonSet network: host_namespace: true pod: replicas: error_page: 2 conf: services: udp: 53: 'kube-system/coredns:53' source: type: git location: https://github.com/openstack/openstack-helm subpath: ingress reference: master dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: tiller layeringDefinition: abstract: false layer: site data: chart_name: tiller release: tiller namespace: kube-system install: no_hooks: false upgrade: no_hooks: false values: images: tags: tiller: ${TILLER_IMAGE} labels: node_selector_key: ucp-control-plane node_selector_value: enabled source: type: git location: ${TILLER_CHART_REPO} subpath: ${TILLER_CHART_PATH} reference: ${TILLER_CHART_BRANCH} dependencies: - helm-toolkit ...