--- schema: armada/ChartGroup/v1 metadata: schema: metadata/Document/v1 name: kubernetes-proxy layeringDefinition: abstract: false layer: site data: description: Kubernetes proxy sequenced: true chart_group: - kubernetes-proxy --- schema: armada/ChartGroup/v1 metadata: schema: metadata/Document/v1 name: container-networking layeringDefinition: abstract: false layer: site data: description: Container networking via Calico sequenced: true chart_group: - calico-etcd - calico --- schema: armada/ChartGroup/v1 metadata: schema: metadata/Document/v1 name: dns layeringDefinition: abstract: false layer: site data: description: Cluster DNS chart_group: - coredns --- schema: armada/ChartGroup/v1 metadata: schema: metadata/Document/v1 name: kubernetes-rbac layeringDefinition: abstract: false layer: site data: description: Role Based Access Control configuration for Kubernetes sequenced: true chart_group: - kubernetes-rbac --- schema: armada/ChartGroup/v1 metadata: schema: metadata/Document/v1 name: ceph layeringDefinition: abstract: false layer: site data: description: Ceph Storage sequenced: true chart_group: - ceph - ucp-ceph-config --- schema: armada/ChartGroup/v1 metadata: schema: metadata/Document/v1 name: kubernetes layeringDefinition: abstract: false layer: site data: description: Kubernetes components chart_group: - kubernetes-etcd - kubernetes-apiserver - kubernetes-controller-manager - kubernetes-scheduler --- schema: armada/ChartGroup/v1 metadata: schema: metadata/Document/v1 name: ucp-infra layeringDefinition: abstract: false layer: site data: description: UCP Infrastructure sequenced: false chart_group: - ucp-mariadb - ucp-memcached - ucp-keystone --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: helm-toolkit data: chart_name: helm-toolkit release: helm-toolkit namespace: helm-toolkit timeout: 600 upgrade: no_hooks: true values: {} source: type: git location: https://git.openstack.org/openstack/openstack-helm-infra subpath: helm-toolkit reference: master dependencies: [] --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: kubernetes-proxy layeringDefinition: abstract: false layer: site substitutions: - src: schema: deckhand/CertificateAuthority/v1 name: kubernetes path: $ dest: path: '$.values.tls.ca' - src: schema: deckhand/Certificate/v1 name: proxy path: $ dest: path: '$.values.tls.cert' - src: schema: deckhand/CertificateKey/v1 name: proxy path: $ dest: path: '$.values.tls.key' data: chart_name: proxy release: kubernetes-proxy namespace: kube-system timeout: 600 upgrade: no_hooks: true values: tls: ca: placeholder cert: placeholder key: placeholder images: proxy: gcr.io/google_containers/hyperkube-amd64:v1.8.0 network: kubernetes_netloc: apiserver.kubernetes.promenade:6443 pod_cidr: 10.97.0.0/16 source: type: local location: /etc/genesis/armada/assets/charts subpath: proxy dependencies: [] --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: calico-etcd layeringDefinition: abstract: false layer: site substitutions: - src: schema: deckhand/CertificateAuthority/v1 name: calico-etcd path: $ dest: path: '$.values.tls.client.ca' - src: schema: deckhand/CertificateAuthority/v1 name: calico-etcd-peer path: $ dest: path: '$.values.tls.peer.ca' - src: schema: deckhand/Certificate/v1 name: calico-etcd-anchor path: $ dest: path: '$.values.anchor.tls.cert' - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-anchor path: $ dest: path: '$.values.anchor.tls.key' - src: schema: deckhand/Certificate/v1 name: calico-etcd-n0 path: $ dest: path: '$.values.nodes[0].tls.client.cert' - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-n0 path: $ dest: path: '$.values.nodes[0].tls.client.key' - src: schema: deckhand/Certificate/v1 name: calico-etcd-n0-peer path: $ dest: path: '$.values.nodes[0].tls.peer.cert' - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-n0-peer path: $ dest: path: '$.values.nodes[0].tls.peer.key' - src: schema: deckhand/Certificate/v1 name: calico-etcd-n1 path: $ dest: path: '$.values.nodes[1].tls.client.cert' - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-n1 path: $ dest: path: '$.values.nodes[1].tls.client.key' - src: schema: deckhand/Certificate/v1 name: calico-etcd-n1-peer path: $ dest: path: '$.values.nodes[1].tls.peer.cert' - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-n1-peer path: $ dest: path: '$.values.nodes[1].tls.peer.key' - src: schema: deckhand/Certificate/v1 name: calico-etcd-n2 path: $ dest: path: '$.values.nodes[2].tls.client.cert' - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-n2 path: $ dest: path: '$.values.nodes[2].tls.client.key' - src: schema: deckhand/Certificate/v1 name: calico-etcd-n2-peer path: $ dest: path: '$.values.nodes[2].tls.peer.cert' - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-n2-peer path: $ dest: path: '$.values.nodes[2].tls.peer.key' - src: schema: deckhand/Certificate/v1 name: calico-etcd-n3 path: $ dest: path: '$.values.nodes[3].tls.client.cert' - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-n3 path: $ dest: path: '$.values.nodes[3].tls.client.key' - src: schema: deckhand/Certificate/v1 name: calico-etcd-n3-peer path: $ dest: path: '$.values.nodes[3].tls.peer.cert' - src: schema: deckhand/CertificateKey/v1 name: calico-etcd-n3-peer path: $ dest: path: '$.values.nodes[3].tls.peer.key' data: chart_name: etcd release: calico-etcd namespace: kube-system timeout: 600 upgrade: no_hooks: true values: anchor: etcdctl_endpoint: 10.96.232.136 node_selector: key: calico-etcd value: enabled tls: cert: placeholder key: placeholder etcd: host_data_path: /var/lib/etcd/calico host_etc_path: /etc/etcd/calico bootstrapping: enabled: true host_directory: /var/lib/anchor filename: calico-etcd-bootstrap images: etcd: quay.io/coreos/etcd:v3.0.17 etcdctl: quay.io/coreos/etcd:v3.0.17 nodes: - name: n0 tls: client: cert: placeholder key: placeholder peer: cert: placeholder key: placeholder - name: n1 tls: client: cert: placeholder key: placeholder peer: cert: placeholder key: placeholder - name: n2 tls: client: cert: placeholder key: placeholder peer: cert: placeholder key: placeholder # n3 is here to demonstrate movability of the cluster - name: n3 tls: client: cert: placeholder key: placeholder peer: cert: placeholder key: placeholder service: name: calico-etcd ip: 10.96.232.136 client: port: 6666 target_port: 6666 peer: port: 6667 target_port: 6667 tls: client: ca: placeholder peer: ca: placeholder source: type: local location: /etc/genesis/armada/assets/charts subpath: etcd dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: calico layeringDefinition: abstract: false layer: site substitutions: - src: schema: deckhand/CertificateAuthority/v1 name: calico-etcd path: $ dest: path: '$.values.etcd.tls.ca' - src: schema: deckhand/Certificate/v1 name: calico-node path: $ dest: path: '$.values.etcd.tls.cert' - src: schema: deckhand/CertificateKey/v1 name: calico-node path: $ dest: path: '$.values.etcd.tls.key' data: chart_name: calico release: calico namespace: kube-system timeout: 600 upgrade: no_hooks: true values: calico: ip_autodetection_method: interface=ens3 pod_ip_cidr: 10.97.0.0/16 ctl: install_on_host: true etcd: service: ip: 10.96.232.136 port: 6666 tls: ca: placeholder cert: placeholder key: placeholder images: cni: quay.io/calico/cni:v1.11.0 ctl: quay.io/calico/ctl:v1.6.1 node: quay.io/calico/node:v2.6.1 policy_controller: quay.io/calico/kube-controllers:v1.0.0 source: type: local location: /etc/genesis/armada/assets/charts subpath: calico dependencies: [] --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: coredns layeringDefinition: abstract: false layer: site substitutions: - src: schema: deckhand/CertificateAuthority/v1 name: kubernetes path: $ dest: path: '$.values.tls.ca' - src: schema: deckhand/Certificate/v1 name: coredns path: $ dest: path: '$.values.tls.cert' - src: schema: deckhand/CertificateKey/v1 name: coredns path: $ dest: path: '$.values.tls.key' data: chart_name: coredns release: coredns namespace: kube-system timeout: 600 upgrade: no_hooks: true values: coredns: kubernetes_zones: - cluster.local - 10.96.0.0/16 - 10.97.0.0/16 upstream_nameservers: - 8.8.8.8 - 8.8.4.4 zones: - name: promenade services: - bind_name: apiserver.kubernetes service: name: kubernetes-apiserver namespace: kube-system - bind_name: etcd.kubernetes service: name: kubernetes-etcd namespace: kube-system - bind_name: etcd.calico service: name: calico-etcd namespace: kube-system images: anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.0 coredns: coredns/coredns:0.9.9 tls: ca: placeholder cert: placeholder key: placeholder network: kubernetes_netloc: apiserver.kubernetes.promenade:6443 source: type: local location: /etc/genesis/armada/assets/charts subpath: coredns dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: kubernetes-apiserver layeringDefinition: abstract: false layer: site substitutions: - src: schema: deckhand/CertificateAuthority/v1 name: kubernetes path: $ dest: path: $.values.tls.ca - src: schema: deckhand/Certificate/v1 name: apiserver path: $ dest: path: $.values.tls.cert - src: schema: deckhand/CertificateKey/v1 name: apiserver path: $ dest: path: $.values.tls.key - src: schema: deckhand/CertificateAuthority/v1 name: kubernetes-etcd path: $ dest: path: $.values.apiserver.etcd.tls.ca - src: schema: deckhand/Certificate/v1 name: apiserver-etcd path: $ dest: path: $.values.apiserver.etcd.tls.cert - src: schema: deckhand/CertificateKey/v1 name: apiserver-etcd path: $ dest: path: $.values.apiserver.etcd.tls.key - src: schema: deckhand/PublicKey/v1 name: service-account path: $ dest: path: $.values.service_account.public_key data: chart_name: apiserver release: kubernetes-apiserver namespace: kube-system timeout: 600 upgrade: no_hooks: true values: apiserver: etcd: endpoints: https://etcd.kubernetes.promenade:2379 tls: ca: placeholder cert: placeholder key: placeholder images: anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.0 apiserver: gcr.io/google_containers/hyperkube-amd64:v1.8.0 service_account: public_key: placeholder tls: ca: placeholder cert: placeholder key: placeholder network: kubernetes_service_ip: 10.96.0.1 pod_cidr: 10.97.0.0/16 service_cidr: 10.96.0.0/16 source: type: local location: /etc/genesis/armada/assets/charts subpath: apiserver dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: kubernetes-controller-manager layeringDefinition: abstract: false layer: site substitutions: - src: schema: deckhand/CertificateAuthority/v1 name: kubernetes path: $ dest: path: $.values.tls.ca - src: schema: deckhand/Certificate/v1 name: controller-manager path: $ dest: path: $.values.tls.cert - src: schema: deckhand/CertificateKey/v1 name: controller-manager path: $ dest: path: $.values.tls.key - src: schema: deckhand/PrivateKey/v1 name: service-account path: $ dest: path: $.values.service_account.private_key data: chart_name: controller_manager release: kubernetes-controller-manager namespace: kube-system timeout: 600 upgrade: no_hooks: true values: images: anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.0 controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.8.0 service_account: private_key: placeholder tls: ca: placeholder cert: placeholder key: placeholder network: kubernetes_netloc: apiserver.kubernetes.promenade:6443 pod_cidr: 10.97.0.0/16 service_cidr: 10.96.0.0/16 source: type: local location: /etc/genesis/armada/assets/charts subpath: controller_manager dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: kubernetes-scheduler layeringDefinition: abstract: false layer: site substitutions: - src: schema: deckhand/CertificateAuthority/v1 name: kubernetes path: $ dest: path: $.values.tls.ca - src: schema: deckhand/Certificate/v1 name: scheduler path: $ dest: path: $.values.tls.cert - src: schema: deckhand/CertificateKey/v1 name: scheduler path: $ dest: path: $.values.tls.key data: chart_name: scheduler release: kubernetes-scheduler namespace: kube-system timeout: 600 upgrade: no_hooks: true values: tls: ca: placeholder cert: placeholder key: placeholder network: kubernetes_netloc: apiserver.kubernetes.promenade:6443 images: anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.0 scheduler: gcr.io/google_containers/hyperkube-amd64:v1.8.0 source: type: local location: /etc/genesis/armada/assets/charts subpath: scheduler dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: kubernetes-etcd layeringDefinition: abstract: false layer: site substitutions: - src: schema: deckhand/CertificateAuthority/v1 name: kubernetes-etcd path: $ dest: path: '$.values.tls.client.ca' - src: schema: deckhand/CertificateAuthority/v1 name: kubernetes-etcd-peer path: $ dest: path: '$.values.tls.peer.ca' - src: schema: deckhand/Certificate/v1 name: kubernetes-etcd-anchor path: $ dest: path: '$.values.anchor.tls.cert' - src: schema: deckhand/CertificateKey/v1 name: kubernetes-etcd-anchor path: $ dest: path: '$.values.anchor.tls.key' - src: schema: deckhand/Certificate/v1 name: kubernetes-etcd-n0 path: $ dest: path: '$.values.nodes[0].tls.client.cert' - src: schema: deckhand/CertificateKey/v1 name: kubernetes-etcd-n0 path: $ dest: path: '$.values.nodes[0].tls.client.key' - src: schema: deckhand/Certificate/v1 name: kubernetes-etcd-n0-peer path: $ dest: path: '$.values.nodes[0].tls.peer.cert' - src: schema: deckhand/CertificateKey/v1 name: kubernetes-etcd-n0-peer path: $ dest: path: '$.values.nodes[0].tls.peer.key' - src: schema: deckhand/Certificate/v1 name: kubernetes-etcd-n1 path: $ dest: path: '$.values.nodes[1].tls.client.cert' - src: schema: deckhand/CertificateKey/v1 name: kubernetes-etcd-n1 path: $ dest: path: '$.values.nodes[1].tls.client.key' - src: schema: deckhand/Certificate/v1 name: kubernetes-etcd-n1-peer path: $ dest: path: '$.values.nodes[1].tls.peer.cert' - src: schema: deckhand/CertificateKey/v1 name: kubernetes-etcd-n1-peer path: $ dest: path: '$.values.nodes[1].tls.peer.key' - src: schema: deckhand/Certificate/v1 name: kubernetes-etcd-n2 path: $ dest: path: '$.values.nodes[2].tls.client.cert' - src: schema: deckhand/CertificateKey/v1 name: kubernetes-etcd-n2 path: $ dest: path: '$.values.nodes[2].tls.client.key' - src: schema: deckhand/Certificate/v1 name: kubernetes-etcd-n2-peer path: $ dest: path: '$.values.nodes[2].tls.peer.cert' - src: schema: deckhand/CertificateKey/v1 name: kubernetes-etcd-n2-peer path: $ dest: path: '$.values.nodes[2].tls.peer.key' - src: schema: deckhand/Certificate/v1 name: kubernetes-etcd-n3 path: $ dest: path: '$.values.nodes[3].tls.client.cert' - src: schema: deckhand/CertificateKey/v1 name: kubernetes-etcd-n3 path: $ dest: path: '$.values.nodes[3].tls.client.key' - src: schema: deckhand/Certificate/v1 name: kubernetes-etcd-n3-peer path: $ dest: path: '$.values.nodes[3].tls.peer.cert' - src: schema: deckhand/CertificateKey/v1 name: kubernetes-etcd-n3-peer path: $ dest: path: '$.values.nodes[3].tls.peer.key' data: chart_name: etcd release: kubernetes-etcd namespace: kube-system timeout: 600 upgrade: no_hooks: true values: anchor: etcdctl_endpoint: 10.96.0.2 node_selector: key: kubernetes-etcd value: enabled tls: cert: placeholder key: placeholder etcd: host_data_path: /var/lib/etcd/kubernetes host_etc_path: /etc/etcd/kubernetes images: etcd: quay.io/coreos/etcd:v3.0.17 etcdctl: quay.io/coreos/etcd:v3.0.17 nodes: - name: n0 tls: client: cert: placeholder key: placeholder peer: cert: placeholder key: placeholder - name: n1 tls: client: cert: placeholder key: placeholder peer: cert: placeholder key: placeholder - name: n2 tls: client: cert: placeholder key: placeholder peer: cert: placeholder key: placeholder - name: n3 tls: client: cert: placeholder key: placeholder peer: cert: placeholder key: placeholder service: name: kubernetes-etcd ip: 10.96.0.2 client: port: 2379 target_port: 2379 peer: port: 2380 target_port: 2380 tls: client: ca: placeholder peer: ca: placeholder source: type: local location: /etc/genesis/armada/assets/charts subpath: etcd dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: kubernetes-rbac layeringDefinition: abstract: false layer: site data: chart_name: rbac release: rbac namespace: kube-system timeout: 600 values: {} upgrade: no_hooks: true source: type: local location: /etc/genesis/armada/assets/charts subpath: rbac dependencies: [] --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: ceph data: chart_name: ceph release: ceph namespace: ceph timeout: 3600 install: no_hooks: false upgrade: no_hooks: false pre: delete: - name: ceph-bootstrap type: job labels: - application: ceph - component: bootstrap - release_group: armada-ucp - name: ceph-mds-keyring-generator type: job labels: - application: ceph - component: mds-keyring-generator - release_group: armada-ucp - name: ceph-mon-keyring-generator type: job labels: - application: ceph - component: mon-keyring-generator - release_group: armada-ucp - name: ceph-rgw-keyring-generator type: job labels: - application: ceph - component: rgw-keyring-generator - release_group: armada-ucp - name: ceph-storage-keys-generator type: job labels: - application: ceph - component: storage-keys-generator - release_group: armada-ucp - name: ceph-osd-keyring-generator type: job labels: - application: ceph - component: osd-keyring-generator - release_group: armada-ucp values: labels: jobs: node_selector_key: ucp-control-plane node_selector_value: enabled endpoints: identity: namespace: ucp object_store: namespace: ceph ceph_mon: namespace: ceph ceph: rgw_keystone_auth: true storage: osd_directory: /var/lib/openstack-helm/ceph/osd network: public: 192.168.77.0/24 cluster: 192.168.77.0/24 deployment: storage_secrets: true ceph: true rbd_provisioner: true client_secrets: false rgw_keystone_user_and_endpoints: false bootstrap: enabled: true images: tags: ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 bootstrap: quay.io/attcomdev/ceph-daemon:tag-build-master-jewel-ubuntu-16.04 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 daemon: quay.io/attcomdev/ceph-daemon:tag-build-master-jewel-ubuntu-16.04 ceph_config_helper: docker.io/port/ceph-config-helper:v1.7.5 rbd_provisioner: quay.io/external_storage/rbd-provisioner:v0.1.1 source: type: git location: https://git.openstack.org/openstack/openstack-helm subpath: ceph reference: master dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: ucp-ceph-config data: chart_name: ucp-ceph-config release: ucp-ceph-config namespace: ucp timeout: 3600 install: no_hooks: false upgrade: no_hooks: false pre: delete: - name: ceph-namespace-client-key-generator type: job labels: - application: ceph - component: namespace-client-key-generator - release_group: armada-ucp values: labels: jobs: node_selector_key: ucp-control-plane node_selector_value: enabled endpoints: identity: namespace: ucp object_store: namespace: ceph ceph_mon: namespace: ceph ceph: rgw_keystone_auth: true network: public: 192.168.77.0/24 cluster: 192.168.77.0/24 deployment: storage_secrets: false ceph: false rbd_provisioner: false client_secrets: true rgw_keystone_user_and_endpoints: false source: type: git location: https://git.openstack.org/openstack/openstack-helm subpath: ceph reference: master dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: ucp-mariadb data: chart_name: ucp-mariadb release: ucp-mariadb namespace: ucp install: no_hooks: false upgrade: no_hooks: false values: images: tags: mariadb: docker.io/mariadb:10.1.23 labels: node_selector_key: ucp-control-plane node_selector_value: enabled pod: replicas: server: 1 source: type: git location: https://git.openstack.org/openstack/openstack-helm subpath: mariadb dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: ucp-memcached data: chart_name: ucp-memcached release: ucp-memcached namespace: ucp install: no_hooks: false upgrade: no_hooks: false values: images: tags: memcached: docker.io/memcached:1.4 labels: node_selector_key: ucp-control-plane node_selector_value: enabled source: type: git location: https://git.openstack.org/openstack/openstack-helm subpath: memcached dependencies: - helm-toolkit --- schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: ucp-keystone data: chart_name: ucp-keystone release: keystone namespace: ucp install: no_hooks: false upgrade: no_hooks: false pre: delete: - name: keystone-db-sync type: job labels: - job-name: keystone-db-sync - name: keystone-db-init type: job labels: - job-name: keystone-db-init post: delete: [] create: [] values: conf: keystone: override: paste: override: images: tags: bootstrap: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 test: docker.io/kolla/ubuntu-source-rally:4.0.0 db_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 db_sync: docker.io/kolla/ubuntu-source-keystone:3.0.3 db_drop: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 fernet_setup: docker.io/kolla/ubuntu-source-keystone:3.0.3 fernet_rotate: docker.io/kolla/ubuntu-source-keystone:3.0.3 credential_setup: docker.io/kolla/ubuntu-source-keystone:3.0.3 credential_rotate: docker.io/kolla/ubuntu-source-keystone:3.0.3 api: docker.io/kolla/ubuntu-source-keystone:3.0.3 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 pod: replicas: api: 1 labels: node_selector_key: ucp-control-plane node_selector_value: enabled source: type: git location: https://git.openstack.org/openstack/openstack-helm subpath: keystone dependencies: - helm-toolkit ...