Definition for deploying behind a proxy

Change-Id: I80ee226f33f4f67e5a3fb6dd39b7622f6c750757
This commit is contained in:
Scott Hussey 2018-04-24 15:55:00 -05:00
parent 833539a250
commit fe78c087b8
37 changed files with 1358 additions and 2 deletions

View File

@ -6,6 +6,8 @@ metadata:
layeringDefinition:
abstract: false
layer: global
labels:
name: ucp-maas
storagePolicy: cleartext
substitutions:
# Chart source

View File

@ -0,0 +1,31 @@
---
schema: shipyard/DeploymentConfiguration/v1
metadata:
schema: metadata/Document/v1
name: deployment-configuration
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
physical_provisioner:
deployment_strategy: all-at-once
deploy_interval: 30
deploy_timeout: 3600
destroy_interval: 30
destroy_timeout: 900
join_wait: 120
prepare_node_interval: 30
prepare_node_timeout: 1000
prepare_site_interval: 10
prepare_site_timeout: 300
verify_interval: 10
verify_timeout: 60
kubernetes_provisioner:
drain_timeout: 3600
drain_grace_period: 1800
clear_labels_timeout: 1800
remove_etcd_timeout: 1800
etcd_ready_timeout: 600
armada:
manifest: 'full-site'

View File

@ -0,0 +1,10 @@
---
schema: dev/Configurables/v1
metadata:
schema: metadata/Document/v1
name: dev-configurables
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# Data section provided by deploy_ucp.sh script

View File

@ -0,0 +1,103 @@
---
schema: pegleg/CommonAddresses/v1
metadata:
schema: metadata/Document/v1
name: common-addresses
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .interface
dest:
path: .calico.ip_autodetection_method
pattern: REPLACEME
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostname
dest:
path: .genesis.hostname
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostip
dest:
path: .genesis.ip
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostip
dest:
path: .bootstrap.ip
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostcidr
dest:
path: .storage.ceph.public_cidr
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostcidr
dest:
path: .storage.ceph.cluster_cidr
data:
calico:
ip_autodetection_method: 'interface=REPLACEME'
etcd:
service_ip: 10.96.232.136
dns:
cluster_domain: cluster.local
service_ip: 10.96.0.10
upstream_servers:
- 8.8.8.8
- 8.8.4.4
upstream_servers_joined: 8.8.8.8,8.8.4.4
genesis:
hostname: REPLACEME
ip: REPLACEME
bootstrap:
ip: REPLACEME
kubernetes:
api_service_ip: 10.96.0.1
etcd_service_ip: 10.96.0.2
pod_cidr: 10.97.0.0/16
service_cidr: 10.96.0.0/16
apiserver_port: 6443
haproxy_port: 6553
etcd:
container_port: 2379
haproxy_port: 2378
proxy:
http: http://proxy.foo.com:8080
https: http://proxy.foo.com:8080
no_proxy: '.foo.com,.cluster.local,localhost,127.0.0.1'
node_ports:
drydock_api: 30000
maas_api: 30001
maas_proxy: 31800
shipyard_api: 30003
airflow_web: 30004
ntp:
servers_joined: ntp.ubuntu.com
storage:
ceph:
public_cidr: REPLACEME
cluster_cidr: REPLACEME
...

View File

@ -0,0 +1,180 @@
---
schema: promenade/PKICatalog/v1
metadata:
schema: metadata/Document/v1
name: cluster-certificates
layeringDefinition:
abstract: false
layer: site
substitutions:
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostname
dest:
path: .certificate_authorities.kubernetes.certificates[1].hosts[0]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostip
dest:
path: .certificate_authorities.kubernetes.certificates[1].hosts[1]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostname
dest:
path: .certificate_authorities.kubernetes.certificates[1].common_name
pattern: HOSTNAME
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostname
dest:
path: .certificate_authorities.kubernetes.certificates[1].common_name
pattern: HOSTNAME
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostname
dest:
path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[0]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostip
dest:
path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[1]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostname
dest:
path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[0]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostip
dest:
path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[1]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostname
dest:
path: .certificate_authorities.calico-etcd.certificates[1].hosts[0]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostip
dest:
path: .certificate_authorities.calico-etcd.certificates[1].hosts[1]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostname
dest:
path: .certificate_authorities.calico-etcd-peer.certificates[1].hosts[0]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostip
dest:
path: .certificate_authorities.calico-etcd-peer.certificates[1].hosts[1]
data:
certificate_authorities:
kubernetes:
description: CA for Kubernetes components
certificates:
- document_name: apiserver
description: Service certificate for Kubernetes apiserver
common_name: apiserver
hosts:
- localhost
- 127.0.0.1
- 10.96.0.1
kubernetes_service_names:
- kubernetes.default.svc.cluster.local
- document_name: kubelet-genesis
common_name: system:node:HOSTNAME
hosts:
- REPLACEME_HOST_NAME
- REPLACEME_HOST_IP
groups:
- system:nodes
- document_name: scheduler
description: Service certificate for Kubernetes scheduler
common_name: system:kube-scheduler
- document_name: controller-manager
description: certificate for controller-manager
common_name: system:kube-controller-manager
- document_name: admin
common_name: admin
groups:
- system:masters
- document_name: armada
common_name: armada
groups:
- system:masters
kubernetes-etcd:
description: Certificates for Kubernetes's etcd servers
certificates:
- document_name: apiserver-etcd
description: etcd client certificate for use by Kubernetes apiserver
common_name: apiserver
- document_name: kubernetes-etcd-anchor
description: anchor
common_name: anchor
- document_name: kubernetes-etcd-genesis
common_name: kubernetes-etcd-genesis
hosts:
- REPLACEME_HOST_NAME
- REPLACEME_HOST_IP
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
kubernetes-etcd-peer:
certificates:
- document_name: kubernetes-etcd-genesis-peer
common_name: kubernetes-etcd-genesis-peer
hosts:
- REPLACEME_HOST_NAME
- REPLACEME_HOST_IP
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
calico-etcd:
description: Certificates for Calico etcd client traffic
certificates:
- document_name: calico-etcd-anchor
description: anchor
common_name: anchor
- document_name: calico-etcd-genesis
common_name: calico-etcd-genesis
hosts:
- REPLACEME_HOST_NAME
- REPLACEME_HOST_IP
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-node
common_name: calcico-node
calico-etcd-peer:
description: Certificates for Calico etcd clients
certificates:
- document_name: calico-etcd-genesis-peer
common_name: calico-etcd-genesis-peer
hosts:
- REPLACEME_HOST_NAME
- REPLACEME_HOST_IP
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-node-peer
common_name: calcico-node-peer
keypairs:
- name: service-account
description: Service account signing key for use by Kubernetes controller-manager.
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ceph_swift_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password1
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ipmi_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: calvin
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: maas-region-key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: 3858f62230ac3c915f300c664312c63f
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_airflow_postgres_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password2
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_armada_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password3
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_barbican_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password4
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_barbican_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password5
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_deckhand_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password6
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_deckhand_postgres_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password7
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_drydock_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password8
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_drydock_postgres_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password9
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_keystone_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password10
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_keystone_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password11
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_maas_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password12
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_maas_postgres_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password13
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_oslo_db_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password14
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password15
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_postgres_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password16
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_promenade_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password17
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_rabbitmq_erlang_cookie
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: 111df8c05b0f041d4764
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_shipyard_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password18
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_shipyard_postgres_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password19
...

View File

@ -0,0 +1,11 @@
---
data:
revision: v1.0u
site_type: single-node-proxy
metadata:
layeringDefinition: {abstract: false, layer: site}
name: dev
schema: metadata/Document/v1
storagePolicy: cleartext
schema: pegleg/SiteDefinition/v1
...

View File

@ -0,0 +1,122 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-calico-etcd
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: kubernetes-calico-etcd-global
actions:
- method: merge
path: .
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.calico.etcd
dest:
path: .source
# Image versions
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.calico.etcd
dest:
path: .values.images.tags
# IP addresses
-
src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .calico.etcd.service_ip
dest:
path: .values.service.ip
-
src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .calico.etcd.service_ip
dest:
path: .values.anchor.etcdctl_endpoint
# CAs
-
src:
schema: deckhand/CertificateAuthority/v1
name: calico-etcd
path: .
dest:
path: .values.secrets.tls.client.ca
-
src:
schema: deckhand/CertificateAuthority/v1
name: calico-etcd-peer
path: .
dest:
path: .values.secrets.tls.peer.ca
# Anchor client cert
-
src:
schema: deckhand/Certificate/v1
name: calico-etcd-anchor
path: .
dest:
path: .values.secrets.anchor.tls.cert
-
src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-anchor
path: .
dest:
path: .values.secrets.anchor.tls.key
# Node names
-
src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .genesis.hostname
dest:
path: .values.nodes[0].name
# Server certs
-
src:
schema: deckhand/Certificate/v1
name: calico-etcd-genesis
path: .
dest:
path: .values.nodes[0].tls.client.cert
-
src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-genesis
path: .
dest:
path: .values.nodes[0].tls.client.key
-
src:
schema: deckhand/Certificate/v1
name: calico-etcd-genesis-peer
path: .
dest:
path: .values.nodes[0].tls.peer.cert
-
src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-genesis-peer
path: .
dest:
path: .values.nodes[0].tls.peer.key
data: {}
...

View File

@ -0,0 +1,121 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-etcd
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: kubernetes-etcd-global
actions:
- method: merge
path: .
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.etcd
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.etcd
dest:
path: .values.images.tags
# IP addresses
-
src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.etcd_service_ip
dest:
path: .values.service.ip
-
src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.etcd_service_ip
dest:
path: .values.anchor.etcdctl_endpoint
# CAs
-
src:
schema: deckhand/CertificateAuthority/v1
name: kubernetes-etcd
path: .
dest:
path: .values.secrets.tls.client.ca
-
src:
schema: deckhand/CertificateAuthority/v1
name: kubernetes-etcd-peer
path: .
dest:
path: .values.secrets.tls.peer.ca
-
src:
schema: deckhand/Certificate/v1
name: kubernetes-etcd-anchor
path: .
dest:
path: .values.secrets.anchor.tls.cert
-
src:
schema: deckhand/CertificateKey/v1
name: kubernetes-etcd-anchor
path: .
dest:
path: .values.secrets.anchor.tls.key
# Node names
-
src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostname
dest:
path: .values.nodes[0].name
# Server certs
-
src:
schema: deckhand/Certificate/v1
name: kubernetes-etcd-genesis
path: .
dest:
path: '.values.nodes[0].tls.client.cert'
-
src:
schema: deckhand/CertificateKey/v1
name: kubernetes-etcd-genesis
path: .
dest:
path: '.values.nodes[0].tls.client.key'
-
src:
schema: deckhand/Certificate/v1
name: kubernetes-etcd-genesis-peer
path: .
dest:
path: '.values.nodes[0].tls.peer.cert'
-
src:
schema: deckhand/CertificateKey/v1
name: kubernetes-etcd-genesis-peer
path: .
dest:
path: '.values.nodes[0].tls.peer.key'
data: {}
...

View File

@ -0,0 +1,235 @@
---
schema: pegleg/EndpointCatalogue/v1
metadata:
schema: metadata/Document/v1
name: ucp_endpoints
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
ucp:
identity:
namespace: ucp
name: keystone
hosts:
default: keystone-api
public: keystone
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
admin:
default: 35357
api:
default: 80
armada:
name: armada
hosts:
default: armada-api
public: armada
port:
api:
default: 8000
path:
default: /api/v1.0
scheme:
default: http
host_fqdn_override:
default: null
deckhand:
name: deckhand
hosts:
default: deckhand-int
public: deckhand-api
port:
api:
default: 9000
path:
default: /api/v1.0
scheme:
default: http
host_fqdn_override:
default: null
postgresql:
name: postgresql
hosts:
default: postgresql
path: /DB_NAME
scheme: postgresql+psycopg2
port:
postgresql:
default: 5432
host_fqdn_override:
default: null
oslo_db:
hosts:
default: mariadb
discovery: mariadb-discovery
host_fqdn_override:
default: null
path: /DB_NAME
scheme: mysql+pymysql
port:
mysql:
default: 3306
wsrep:
default: 4567
key_manager:
name: barbican
hosts:
default: barbican-api
public: barbican
host_fqdn_override:
default: null
path:
default: /v1
scheme:
default: http
port:
api:
default: 9311
public: 80
oslo_messaging:
namespace: null
hosts:
default: rabbitmq
host_fqdn_override:
default: null
path: /openstack
scheme: rabbit
port:
amqp:
default: 5672
oslo_cache:
hosts:
default: memcached
host_fqdn_override:
default: null
port:
memcache:
default: 11211
physicalprovisioner:
name: drydock
hosts:
default: drydock-api
port:
api:
default: 9000
nodeport: 31900
path:
default: /api/v1.0
scheme:
default: http
host_fqdn_override:
default: null
maas_region_ui:
name: maas-region-ui
hosts:
default: maas-region-ui
public: maas
path:
default: /MAAS
scheme:
default: "http"
port:
region_ui:
default: 80
public: 80
host_fqdn_override:
default: null
kubernetesprovisioner:
name: promenade
hosts:
default: promenade-api
port:
api:
default: 80
path:
default: /api/v1.0
scheme:
default: http
host_fqdn_override:
default: null
shipyard:
name: shipyard
hosts:
default: shipyard-int
public: shipyard-api
port:
api:
default: 9000
public: 80
path:
default: /api/v1.0
scheme:
default: http
host_fqdn_override:
default: null
airflow_web:
name: airflow-web
hosts:
default: airflow-web-int
public: airflow-web
port:
airflow_web:
default: 8080
path:
default: /
scheme:
default: http
host_fqdn_override:
default: null
airflow_flower:
name: airflow-flower
hosts:
default: airflow-flower
port:
airflow_flower:
default: 5555
path:
default: /
scheme:
default: http
host_fqdn_override:
default: null
ceph:
object_store:
name: swift
namespace: ceph
hosts:
default: ceph-rgw
host_fqdn_override:
default: null
path:
default: /swift/v1
scheme:
default: http
port:
api:
default: 8088
ceph_mon:
namespace: ceph
hosts:
default: ceph-mon
discovery: ceph-mon-discovery
host_fqdn_override:
default: null
port:
mon:
default: 6789
ceph_mgr:
namespace: ceph
hosts:
default: ceph-mgr
host_fqdn_override:
default: null
port:
mgr:
default: 7000
scheme:
default: http
...

View File

@ -0,0 +1,124 @@
---
schema: pegleg/AccountCatalogue/v1
metadata:
schema: metadata/Document/v1
name: ucp_service_accounts
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
ucp:
postgres:
admin:
username: postgres
oslo_db:
admin:
username: root
oslo_messaging:
admin:
username: rabbitmq
keystone:
admin:
region_name: RegionOne
username: admin
project_name: admin
user_domain_name: default
project_domain_name: default
oslo_messaging:
admin:
username: rabbitmq
keystone:
username: keystone
oslo_db:
username: keystone
database: keystone
promenade:
keystone:
region_name: RegionOne
role: admin
project_name: service
project_domain_name: default
user_domain_name: default
username: promenade
drydock:
keystone:
region_name: RegionOne
role: admin
project_name: service
project_domain_name: default
user_domain_name: default
username: drydock
postgres:
username: drydock
database: drydock
shipyard:
keystone:
region_name: RegionOne
role: admin
project_name: service
project_domain_name: default
user_domain_name: default
username: shipyard
postgres:
username: shipyard
database: shipyard
airflow:
postgres:
username: airflow
database: airflow
oslo_messaging:
username: rabbitmq
maas:
admin:
username: admin
email: none@none
postgres:
username: maas
database: maasdb
barbican:
keystone:
region_name: RegionOne
role: admin
project_name: service
project_domain_name: default
user_domain_name: default
username: barbican
oslo_db:
username: barbican
database: barbican
oslo_messaging:
admin:
username: rabbitmq
keystone:
username: keystone
armada:
keystone:
project_domain_name: default
user_domain_name: default
project_name: service
region_name: RegionOne
role: admin
user_domain_name: default
username: armada
deckhand:
keystone:
region_name: RegionOne
role: admin
project_name: service
project_domain_name: default
user_domain_name: default
username: deckhand
postgres:
username: deckhand
database: deckhand
ceph:
swift:
keystone:
role: admin
region_name: RegionOne
username: swift
project_name: service
user_domain_name: default
project_domain_name: default
...

View File

@ -0,0 +1,101 @@
---
schema: promenade/KubernetesNetwork/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-network
layeringDefinition:
abstract: false
layer: type
storagePolicy: cleartext
substitutions:
# DNS
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .dns.cluster_domain
dest:
path: .dns.cluster_domain
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .dns.service_ip
dest:
path: .dns.service_ip
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .dns.upstream_servers
dest:
path: .dns.upstream_servers
# HTTP Proxy config
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .proxy.https
dest:
path: .proxy.url
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .proxy.no_proxy
dest:
path: .proxy.additional_no_proxy[0]
# Kubernetes IPs
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.api_service_ip
dest:
path: .kubernetes.service_ip
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.pod_cidr
dest:
path: .kubernetes.pod_cidr
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.service_cidr
dest:
path: .kubernetes.service_cidr
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.etcd_service_ip
dest:
path: .etcd.service_ip
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .etcd.container_port
dest:
path: .etcd.container_port
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .etcd.haproxy_port
dest:
path: .etcd.haproxy_port
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.apiserver_port
dest:
path: .kubernetes.apiserver_port
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.haproxy_port
dest:
path: .kubernetes.haproxy_port
data:
dns:
bootstrap_validation_checks:
- calico-etcd.kube-system.svc.cluster.local
- kubernetes-etcd.kube-system.svc.cluster.local
- kubernetes.default.svc.cluster.local
...

View File

@ -0,0 +1,29 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: ucp-maas
replacement: true
layeringDefinition:
abstract: false
layer: type
parentSelector:
name: ucp-maas
actions:
- method: merge
path: .
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .proxy.https
- dest:
path: .values.conf.maas.proxy.proxy_server
data:
values:
conf:
maas:
proxy:
proxy_enabled: 'true'
...

View File

@ -0,0 +1,37 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: ucp-promenade
replacement: true
layeringDefinition:
abstract: false
layer: type
parentSelector:
name: ucp-promenade
actions:
- method: merge
path: .
storagePolicy: cleartext
substitutions:
# HTTP Proxy env
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .proxy.http
dest:
path: .values.pod.env.promenade_api.http_proxy
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .proxy.https
dest:
path: .values.pod.env.promenade_api.https_proxy
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .proxy.no_proxy
dest:
path: .values.pod.env.promenade_api.no_proxy
data: {}
...

View File

@ -50,6 +50,12 @@ export UCP_INTEGRATION_REFSPEC="refs/changes/03/404203/32"
export PEGLEG_IMAGE="artifacts-aic.atlantafoundry.com/att-comdev/pegleg:f019b4ff594db7d13a2ac444c001f867b3a67c50"
9) source set-env.sh
NOTE: If running this behind a corporate proxy, you will need to update the
file deployment_files/site/dev-proxy/networks/common-addresses.yaml to
specify your proxy server and appropriate no_proxy list. Also change set-env.sh
to use TARGET_SITE of 'dev-proxy'.
10) ./deploy-ucp.sh
If you want to stop the deployment before it starts running genesis and inspect
@ -59,7 +65,7 @@ trigger the genesis steps.
Next Steps
----------
All of the documents used for a subsequent deploy_site action are now placed
into the /root/deploy/site direectory for ease of use - instructions are
into the /root/deploy/site directory for ease of use - instructions are
provided by the script at the end of a successful genesis process.
In the same directory as the deploy-ucp.sh script, there is a file creds.sh

View File

@ -48,4 +48,6 @@ export NODE_NET_IFACE=ens3
# export WORKSPACE="/root/deploy"
# The site to deploy
#export TARGET_SITE="dev"
export TARGET_SITE="dev"
# If running behind a proxy
# export TARGET_SITE="dev-proxy"