251 lines
6.4 KiB
YAML
251 lines
6.4 KiB
YAML
---
|
|
schema: armada/Chart/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: ucp-maas-global
|
|
layeringDefinition:
|
|
abstract: true
|
|
layer: global
|
|
labels:
|
|
name: ucp-maas-global
|
|
storagePolicy: cleartext
|
|
substitutions:
|
|
# Chart source
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .charts.ucp.maas
|
|
dest:
|
|
path: .source
|
|
|
|
# Images
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .images.ucp.maas
|
|
dest:
|
|
path: .values.images.tags
|
|
|
|
# MaaS Config
|
|
- src:
|
|
schema: pegleg/CommonAddresses/v1
|
|
name: common-addresses
|
|
path: .dns.upstream_servers
|
|
dest:
|
|
path: .values.conf.maas.dns.dns_servers
|
|
- src:
|
|
schema: pegleg/CommonAddresses/v1
|
|
name: common-addresses
|
|
path: .ntp.servers
|
|
dest:
|
|
path: .values.conf.maas.ntp.ntp_servers
|
|
- src:
|
|
schema: nc/CorridorConfig/v1
|
|
name: corridor-config
|
|
path: .airship.maas.ingress_disable_gui
|
|
dest:
|
|
path: .values.conf.maas.ingress_disable_gui
|
|
- src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: maas-region-key
|
|
path: .
|
|
dest:
|
|
path: .values.secrets.maas_region.value
|
|
- src:
|
|
schema: nc/CorridorConfig/v1
|
|
name: corridor-config
|
|
path: .airship.log_level
|
|
dest:
|
|
path: .values.conf.syslog.log_level
|
|
|
|
# Endpoint substitutions
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: ucp_endpoints
|
|
path: .ucp.postgresql
|
|
dest:
|
|
path: .values.endpoints.maas_db
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: ucp_endpoints
|
|
path: .ucp.maas_region
|
|
dest:
|
|
path: .values.endpoints.maas_region
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: ucp_endpoints
|
|
path: .ucp.maas_ingress
|
|
dest:
|
|
path: .values.endpoints.maas_ingress
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: ucp_endpoints
|
|
path: .ucp.physicalprovisioner
|
|
dest:
|
|
path: .values.endpoints.physicalprovisioner
|
|
|
|
# Account and credential substitutions
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: ucp_service_accounts
|
|
path: .ucp.postgres.admin
|
|
dest:
|
|
path: .values.endpoints.maas_db.auth.admin
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: ucp_service_accounts
|
|
path: .ucp.maas.postgres
|
|
dest:
|
|
path: .values.endpoints.maas_db.auth.user
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: ucp_service_accounts
|
|
path: .ucp.maas.postgres.database
|
|
dest:
|
|
path: .values.endpoints.maas_db.path
|
|
pattern: DB_NAME
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: ucp_service_accounts
|
|
path: .ucp.maas.admin
|
|
dest:
|
|
path: .values.endpoints.maas_region.auth.admin
|
|
|
|
# Secrets
|
|
- dest:
|
|
path: .values.endpoints.maas_region.auth.admin.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: ucp_maas_admin_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.maas_db.auth.admin.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: ucp_postgres_admin_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.maas_db.auth.user.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: ucp_maas_postgres_password
|
|
path: .
|
|
data:
|
|
chart_name: maas
|
|
release: maas
|
|
namespace: ucp
|
|
wait:
|
|
timeout: 1800
|
|
labels:
|
|
release_group: clcp-maas
|
|
test:
|
|
enabled: true
|
|
install:
|
|
no_hooks: false
|
|
upgrade:
|
|
no_hooks: false
|
|
options:
|
|
force: true
|
|
pre:
|
|
delete:
|
|
- type: job
|
|
labels:
|
|
release_group: clcp-maas
|
|
values:
|
|
pod:
|
|
mandatory_access_control:
|
|
type: apparmor
|
|
maas-rack:
|
|
maas-rack: runtime/default
|
|
init: runtime/default
|
|
maas-region:
|
|
maas-region: runtime/default
|
|
maas-cache: runtime/default
|
|
init: runtime/default
|
|
maas-syslog:
|
|
syslog: runtime/default
|
|
logrotate: runtime/default
|
|
init: runtime/default
|
|
maas-ingress:
|
|
maas-ingress-vip: runtime/default
|
|
maas-ingress: runtime/default
|
|
init: runtime/default
|
|
maas-ingress-vip-init: runtime/default
|
|
maas-ingress-errors:
|
|
maas-ingress-errors: runtime/default
|
|
maas-bootstrap-admin-user:
|
|
maas-bootstrap-admin-user: runtime/default
|
|
init: runtime/default
|
|
maas-db-init:
|
|
maas-db-init: runtime/default
|
|
init: runtime/default
|
|
maas-db-sync:
|
|
maas-db-sync: runtime/default
|
|
init: runtime/default
|
|
maas-export-api-key:
|
|
exporter: runtime/default
|
|
init: runtime/default
|
|
maas-import-resources:
|
|
region-import-resources: runtime/default
|
|
init: runtime/default
|
|
maas-api-test:
|
|
maas-api-test: runtime/default
|
|
affinity:
|
|
anti:
|
|
type:
|
|
default: requiredDuringSchedulingIgnoredDuringExecution
|
|
replicas:
|
|
region: 1
|
|
rack: 1
|
|
security_context:
|
|
ingress_errors:
|
|
pod:
|
|
runAsUser: 33
|
|
labels:
|
|
rack:
|
|
node_selector_key: maas-rack
|
|
node_selector_value: enabled
|
|
region:
|
|
node_selector_key: maas-region
|
|
node_selector_value: enabled
|
|
network:
|
|
proxy:
|
|
node_port:
|
|
enabled: false
|
|
conf:
|
|
cache:
|
|
enabled: true
|
|
cloudconfig:
|
|
override: true
|
|
sections:
|
|
bootcmd:
|
|
- "rm -fr /var/lib/apt/lists"
|
|
maas:
|
|
credentials:
|
|
secret:
|
|
namespace: ucp
|
|
proxy:
|
|
proxy_enabled: true
|
|
peer_proxy_enabled: false
|
|
ntp:
|
|
use_external_only: 'true'
|
|
disable_ntpd_region: true
|
|
disable_ntpd_rack: true
|
|
dns:
|
|
require_dnssec: 'no'
|
|
images:
|
|
default_os: 'ubuntu'
|
|
default_image: 'bionic'
|
|
default_kernel: 'ga-18.04'
|
|
force_gpt: true
|
|
extra_settings:
|
|
# disable network discovery completely
|
|
network_discovery: disabled
|
|
active_discovery_interval: 0
|
|
# disable creation of root account with default password
|
|
system_user: null
|
|
system_passwd: null
|
|
dependencies:
|
|
- maas-htk
|
|
...
|