treasuremap/manifests/type/multi-tenant/shared/catalogues/subcluster-networking.yaml

# This catalogue gathers in one place networking configuration which must
# be coordinated among the target (undercloud) cluster and different subclusters.
# In particular, it contains `kubernetes` stanzas which are intended to be
# substituted into subclusters' networking catalogues (to be consumed by
# e.g. the k8scontrol function), and subcluster ports which must be known by
# SIP loadbalancers in the target cluster and NodePorts in the subclusters.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
  labels:
    airshipit.org/deploy-k8s: "false"
  name: subcluster-networking

spec:
  lma:
    # This stanza is replaced directly into the LMA sub-cluster's networking
    # catalogue at the site level.
    kubernetes:
      serviceCidr: "10.0.80.0/20"
      podCidr: "192.168.0.0/18"
      controlPlaneEndpoint:
        host: "10.23.25.102" # ephemeral will be different
        port: 6443
    # NOTE: This stringing is required to do substring replacement.
    # Ideally, improve this in the future.
      apiserverCertSANs: "[10.23.25.201, 10.23.24.201]"

    exposed_services:
      - name: auth
        nodePort: 30556
      - name: jumpHost
        nodePort: 30001
      - name: loadBalancerControlPlane
        nodePort: 30002
      - name: elasticsearch-ingest
        nodePort: 30003
      - name: kibana
        nodePort: 30004
      - name: grafana
        nodePort: 30005
      - name: prometheus
        nodePort: 30006
      - name: alertmanager
        nodePort: 30007
      - name: thanos-query
        nodePort: 30008
      # Potential ports that can be used by sub-cluster services.
      - name: loadBalancerWorker
        nodePortRange:
          start: 30003
          end: 30020

  wordpress:
    # This stanza is replaced directly into the Wordpress sub-cluster's
    # networking catalogue at the site level.
    kubernetes:
      serviceCidr: "10.0.80.0/20"
      podCidr: "192.168.0.0/18"
      controlPlaneEndpoint:
        host: "10.23.25.102"
        port: 6443
      apiserverCertSANs: [10.23.25.201, 10.23.24.201]

    exposed_services:
      - name: auth
        nodePort: 30556
      - name: jumpHost
        nodePort: 30001
      - name: loadBalancerControlPlane
        nodePort: 30002
      # Potential ports that can be used by sub-cluster services.
      - name: loadBalancerWorker
        nodePortRange:
          start: 30003
          end: 30020