Initial set of Airship deployment manifests

- global/type manifests
 - airship-seaworthy site manifests

Change-Id: I5951bba063e6447ff0d2e1b40d9711209919f7d1
This commit is contained in:
Kaspars Skels 2018-08-15 09:26:26 -05:00
parent 5cf799e5c7
commit cf1f2af877
250 changed files with 22956 additions and 0 deletions

View File

@ -0,0 +1,10 @@
---
schema: deckhand/LayeringPolicy/v1
metadata:
schema: metadata/Control/v1
name: layering-policy
data:
layerOrder:
- global
- type
- site

View File

@ -0,0 +1,8 @@
---
schema: deckhand/DataSchema/v1
metadata:
schema: metadata/Control/v1
name: pegleg/Script/v1
data:
$schema: http://json-schema.org/schema#
type: string

View File

@ -0,0 +1,19 @@
---
schema: deckhand/DataSchema/v1
metadata:
schema: metadata/Control/v1
name: pegleg/SiteDefinition/v1
data:
$schema: http://json-schema.org/schema#
type: object
properties:
revision:
type: string
pattern: '^v.+$'
site_type:
type: string
required:
- revision
- site_type
additionalProperties: false

View File

@ -0,0 +1,14 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: private_docker_key
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
# sample key for potential private docker registry
# see Docker documentation for info on how to generate the key
# base64 of password123
data: cGFzc3dvcmQxMjM=
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/PublicKey/v1
metadata:
schema: metadata/Document/v1
name: airship_ssh_public_key
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy
...

View File

@ -0,0 +1,26 @@
---
schema: 'drydock/BootAction/v1'
metadata:
schema: 'metadata/Document/v1'
name: airship-target
storagePolicy: 'cleartext'
layeringDefinition:
abstract: false
layer: global
data:
signaling: false
assets:
- path: /etc/systemd/system/airship.target
type: unit
permissions: '444'
data: |
[Unit]
Description=Airshipt bootaction target
After=multi-user.target cloud-init.target
[Install]
WantedBy=graphical.target
data_pipeline:
- utf8_decode
...

View File

@ -0,0 +1,33 @@
---
schema: 'drydock/BootAction/v1'
metadata:
schema: 'metadata/Document/v1'
name: promjoin-systemd-unit
storagePolicy: 'cleartext'
layeringDefinition:
abstract: false
layer: global
labels:
application: 'drydock'
data:
signaling: false
assets:
- path: /etc/systemd/system/promjoin.service
type: unit
permissions: '444'
data: |
[Unit]
Description=Promenade Initialization Service
After=network-online.target local-fs.target cloud-init.target
ConditionPathExists=!/var/lib/prom.done
[Service]
Type=oneshot
ExecStart=/opt/promjoin.sh
[Install]
WantedBy=airship.target
data_pipeline:
- utf8_decode
...

View File

@ -0,0 +1,39 @@
---
# The global deployment strategy assumes nodes are marked with node_tags
# of masters and workers.
schema: shipyard/DeploymentStrategy/v1
metadata:
schema: metadata/Document/v1
name: deployment-strategy
layeringDefinition:
abstract: false
layer: global
labels:
name: deployment-strategy-global
storagePolicy: cleartext
data:
groups:
- name: masters
critical: true
depends_on: []
selectors:
- node_names: []
node_labels: []
node_tags:
- masters
rack_names: []
success_criteria:
percent_successful_nodes: 100
- name: workers
critical: true
depends_on:
- masters
selectors:
- node_names: []
node_labels: []
node_tags:
- workers
rack_names: []
success_criteria:
percent_successful_nodes: 60
...

View File

@ -0,0 +1,114 @@
---
schema: promenade/Genesis/v1
metadata:
schema: metadata/Document/v1
name: genesis-global
layeringDefinition:
abstract: true
layer: global
labels:
name: genesis-global
storagePolicy: cleartext
substitutions:
# Software versions for bootstrapping phase
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.ucp.armada.api
dest:
path: .images.armada
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.ucp.armada.tiller
dest:
path: .images.helm.tiller
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.apiserver.apiserver
dest:
path: .images.kubernetes.apiserver
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.controller-manager.controller_manager
dest:
path: .images.kubernetes.controller-manager
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.etcd.etcd
dest:
path: .images.kubernetes.etcd
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.scheduler.scheduler
dest:
path: .images.kubernetes.scheduler
# Site-specific configuration
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .genesis.hostname
dest:
path: .hostname
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .genesis.ip
dest:
path: .ip
# Command prefix
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.service_cidr
dest:
path: .apiserver.command_prefix[1]
pattern: SERVICE_CIDR
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.service_node_port_range
dest:
path: .apiserver.command_prefix[2]
pattern: SERVICE_NODE_PORT_RANGE
data:
apiserver:
command_prefix:
- /apiserver
- --service-cluster-ip-range=SERVICE_CIDR
- --service-node-port-range=SERVICE_NODE_PORT_RANGE
- --authorization-mode=Node,RBAC
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
- --endpoint-reconciler-type=lease
armada:
target_manifest: cluster-bootstrap
labels:
dynamic:
- beta.kubernetes.io/fluentd-ds-ready=true
- calico-etcd=enabled
- ceph-mds=enabled
- ceph-mon=enabled
- ceph-osd=enabled
- ceph-rgw=enabled
- ceph-mgr=enabled
- kube-dns=enabled
- kube-ingress=enabled
- kubernetes-apiserver=enabled
- kubernetes-controller-manager=enabled
- kubernetes-etcd=enabled
- kubernetes-scheduler=enabled
- promenade-genesis=enabled
- ucp-control-plane=enabled
- maas-control-plane=enabled
- node-exporter=enabled
files:
- path: /var/lib/anchor/calico-etcd-bootstrap
content: "# placeholder for triggering calico etcd bootstrapping\n# this file will be deleted"
mode: 0644

View File

@ -0,0 +1,19 @@
---
schema: 'drydock/HardwareProfile/v1'
metadata:
schema: 'metadata/Document/v1'
name: DELL_HP_Generic
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
vendor: Dell
generation: '8'
hw_version: '3'
bios_version: '2.2.3'
boot_mode: bios
bootstrap_protocol: pxe
pxe_interface: 0
device_aliases: {}
...

View File

@ -0,0 +1,108 @@
---
schema: drydock/HostProfile/v1
metadata:
schema: metadata/Document/v1
name: cp-global
storagePolicy: cleartext
labels:
hosttype: cp-global
layeringDefinition:
abstract: true
layer: global
substitutions:
- dest:
path: .oob.credential
src:
schema: deckhand/Passphrase/v1
name: ipmi_admin_password
path: .
data:
oob:
type: 'ipmi'
network: 'oob'
account: 'root'
storage:
physical_devices:
sda:
labels:
bootdrive: 'true'
partitions:
- name: 'root'
size: '30g'
bootable: true
filesystem:
mountpoint: '/'
fstype: 'ext4'
mount_options: 'defaults'
- name: 'boot'
size: '1g'
filesystem:
mountpoint: '/boot'
fstype: 'ext4'
mount_options: 'defaults'
- name: 'var'
size: '>300g'
filesystem:
mountpoint: '/var'
fstype: 'ext4'
mount_options: 'defaults'
platform:
image: 'xenial'
kernel: 'hwe-16.04'
metadata:
owner_data:
control-plane: enabled
ucp-control-plane: enabled
openstack-control-plane: enabled
openstack-heat: enabled
openstack-keystone: enabled
openstack-rabbitmq: enabled
openstack-dns-helper: enabled
openstack-mariadb: enabled
openstack-nova-control: enabled
openstack-etcd: enabled
openstack-mistral: enabled
openstack-memcached: enabled
openstack-glance: enabled
openstack-horizon: enabled
openstack-cinder-control: enabled
openstack-cinder-volume: control
openstack-neutron: enabled
openvswitch: enabled
ucp-barbican: enabled
ceph-bootstrap: enabled
ceph-mon: enabled
ceph-mgr: enabled
ceph-osd: enabled
ceph-mds: enabled
ceph-rgw: enabled
ucp-maas: enabled
kube-dns: enabled
kubernetes-apiserver: enabled
kubernetes-controller-manager: enabled
kubernetes-etcd: enabled
kubernetes-scheduler: enabled
tiller-helm: enabled
kube-etcd: enabled
calico-policy: enabled
calico-node: enabled
calico-etcd: enabled
ucp-armada: enabled
ucp-drydock: enabled
ucp-deckhand: enabled
ucp-shipyard: enabled
IAM: enabled
ucp-promenade: enabled
prometheus-server: enabled
prometheus-client: enabled
fluentd: enabled
influxdb: enabled
kibana: enabled
elasticsearch-client: enabled
elasticsearch-master: enabled
elasticsearch-data: enabled
postgresql: enabled
kube-ingress: enabled
beta.kubernetes.io/fluentd-ds-ready: 'true'
node-exporter: enabled
...

View File

@ -0,0 +1,60 @@
---
schema: drydock/HostProfile/v1
metadata:
schema: metadata/Document/v1
name: dp-global
labels:
hosttype: dp-global
layeringDefinition:
abstract: true
layer: global
storagePolicy: cleartext
substitutions:
- dest:
path: .oob.credential
src:
schema: deckhand/Passphrase/v1
name: ipmi_admin_password
path: .
data:
oob:
type: 'ipmi'
network: 'oob'
account: 'root'
storage:
physical_devices:
sda:
labels:
bootdrive: 'true'
partitions:
- name: 'root'
size: '30g'
bootable: true
filesystem:
mountpoint: '/'
fstype: 'ext4'
mount_options: 'defaults'
- name: 'boot'
size: '1g'
filesystem:
mountpoint: '/boot'
fstype: 'ext4'
mount_options: 'defaults'
- name: 'var'
size: '>300g'
filesystem:
mountpoint: '/var'
fstype: 'ext4'
mount_options: 'defaults'
platform:
image: 'xenial'
kernel: 'hwe-16.04'
metadata:
owner_data:
openstack-nova-compute: enabled
openvswitch: enabled
contrail-vrouter: kernel
openstack-libvirt: kernel
beta.kubernetes.io/fluentd-ds-ready: 'true'
node-exporter: enabled
...

View File

@ -0,0 +1,144 @@
---
schema: promenade/HostSystem/v1
metadata:
schema: metadata/Document/v1
name: host-system
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .files.kubelet
dest:
path: .files[0].tar_url
# Initial CoreDNS image (used during node Genesis and node join)
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.coredns.coredns
dest:
path: .images.coredns
# Initial CoreDNS image (used during node Genesis and node join)
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.haproxy.haproxy
dest:
path: .images.haproxy
# Operational tools
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.ucp.armada.helm
dest:
path: .images.helm.helm
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.kubectl
dest:
path: .images.kubernetes.kubectl
# System packages
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .packages.named.docker
dest:
path: .packages.required.docker
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .packages.named.socat
dest:
path: .packages.required.socat
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .packages.unnamed
dest:
path: .packages.additional
# Docker authorization
- src:
schema: deckhand/Passphrase/v1
path: .
name: private_docker_key
dest:
path: .files[2].content
pattern: DH_SUB_PRIVATE_DOCKER_KEY
data:
files:
- path: /opt/kubernetes/bin/kubelet
tar_path: kubernetes/node/bin/kubelet
mode: 0555
- path: /etc/logrotate.d/json-logrotate
mode: 0444
content: |-
/var/lib/docker/containers/*/*-json.log
{
compress
copytruncate
create 0644 root root
weekly
dateext
dateformat -%Y%m%d-%s
maxsize 100M
missingok
notifempty
su root root
rotate 1
}
- path: /var/lib/kubelet/.dockercfg
mode: 0400
# NOTE: Sample key, this repo does not exist
content: |-
{
"https://private.registry.com": {
"auth": "DH_SUB_PRIVATE_DOCKER_KEY"
}
}
packages:
repositories:
- deb http://apt.dockerproject.org/repo ubuntu-xenial main
keys:
- |-
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFWln24BEADrBl5p99uKh8+rpvqJ48u4eTtjeXAWbslJotmC/CakbNSqOb9o
ddfzRvGVeJVERt/Q/mlvEqgnyTQy+e6oEYN2Y2kqXceUhXagThnqCoxcEJ3+KM4R
mYdoe/BJ/J/6rHOjq7Omk24z2qB3RU1uAv57iY5VGw5p45uZB4C4pNNsBJXoCvPn
TGAs/7IrekFZDDgVraPx/hdiwopQ8NltSfZCyu/jPpWFK28TR8yfVlzYFwibj5WK
dHM7ZTqlA1tHIG+agyPf3Rae0jPMsHR6q+arXVwMccyOi+ULU0z8mHUJ3iEMIrpT
X+80KaN/ZjibfsBOCjcfiJSB/acn4nxQQgNZigna32velafhQivsNREFeJpzENiG
HOoyC6qVeOgKrRiKxzymj0FIMLru/iFF5pSWcBQB7PYlt8J0G80lAcPr6VCiN+4c
NKv03SdvA69dCOj79PuO9IIvQsJXsSq96HB+TeEmmL+xSdpGtGdCJHHM1fDeCqkZ
hT+RtBGQL2SEdWjxbF43oQopocT8cHvyX6Zaltn0svoGs+wX3Z/H6/8P5anog43U
65c0A+64Jj00rNDr8j31izhtQMRo892kGeQAaaxg4Pz6HnS7hRC+cOMHUU4HA7iM
zHrouAdYeTZeZEQOA7SxtCME9ZnGwe2grxPXh/U/80WJGkzLFNcTKdv+rwARAQAB
tDdEb2NrZXIgUmVsZWFzZSBUb29sIChyZWxlYXNlZG9ja2VyKSA8ZG9ja2VyQGRv
Y2tlci5jb20+iQI4BBMBAgAiBQJVpZ9uAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe
AQIXgAAKCRD3YiFXLFJgnbRfEAC9Uai7Rv20QIDlDogRzd+Vebg4ahyoUdj0CH+n
Ak40RIoq6G26u1e+sdgjpCa8jF6vrx+smpgd1HeJdmpahUX0XN3X9f9qU9oj9A4I
1WDalRWJh+tP5WNv2ySy6AwcP9QnjuBMRTnTK27pk1sEMg9oJHK5p+ts8hlSC4Sl
uyMKH5NMVy9c+A9yqq9NF6M6d6/ehKfBFFLG9BX+XLBATvf1ZemGVHQusCQebTGv
0C0V9yqtdPdRWVIEhHxyNHATaVYOafTj/EF0lDxLl6zDT6trRV5n9F1VCEh4Aal8
L5MxVPcIZVO7NHT2EkQgn8CvWjV3oKl2GopZF8V4XdJRl90U/WDv/6cmfI08GkzD
YBHhS8ULWRFwGKobsSTyIvnbk4NtKdnTGyTJCQ8+6i52s+C54PiNgfj2ieNn6oOR
7d+bNCcG1CdOYY+ZXVOcsjl73UYvtJrO0Rl/NpYERkZ5d/tzw4jZ6FCXgggA/Zxc
jk6Y1ZvIm8Mt8wLRFH9Nww+FVsCtaCXJLP8DlJLASMD9rl5QS9Ku3u7ZNrr5HWXP
HXITX660jglyshch6CWeiUATqjIAzkEQom/kEnOrvJAtkypRJ59vYQOedZ1sFVEL
MXg2UCkD/FwojfnVtjzYaTCeGwFQeqzHmM241iuOmBYPeyTY5veF49aBJA1gEJOQ
TvBR8Q==
=Fm3p
-----END PGP PUBLIC KEY BLOCK-----
...

View File

@ -0,0 +1,12 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: armada/Chart/v1
labels:
application: armada
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
additionalProperties: true
...

View File

@ -0,0 +1,12 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: armada/ChartGroup/v1
labels:
application: armada
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
additionalProperties: true
...

View File

@ -0,0 +1,12 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: armada/Manifest/v1
labels:
application: armada
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
additionalProperties: true
...

View File

@ -0,0 +1,163 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: drydock/BaremetalNode/v1
labels:
application: drydock
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
properties:
addressing:
type: 'array'
items:
type: 'object'
properties:
address:
type: 'string'
network:
type: 'string'
oob:
type: 'object'
properties:
type:
type: 'string'
network:
type: 'string'
account:
type: 'string'
credetial:
type: 'string'
additionalProperties: true
storage:
type: 'object'
properties:
physical_devices:
type: 'object'
additionalProperties:
type: 'object'
properties:
labels:
type: 'object'
additionalProperties:
type: 'string'
volume_group:
type: 'string'
partitions:
type: 'array'
items:
type: 'object'
properties:
name:
type: 'string'
size:
type: 'string'
part_uuid:
type: 'string'
volume_group:
type: 'string'
labels:
type: 'object'
additionalProperties:
type: 'string'
bootable:
type: 'boolean'
volume_group:
type: 'string'
filesystem:
type: 'object'
properties:
mountpoint:
type: 'string'
fstype:
type: 'string'
mount_options:
type: 'string'
fs_uuid:
type: 'string'
fs_label:
type: 'string'
additionalProperties: false
additionalProperties: false
volume_groups:
type: 'object'
additionalProperties:
type: 'object'
properties:
vg_uuid:
type: 'string'
logical_volumes:
type: 'array'
items:
type: 'object'
properties:
name:
type: 'string'
lv_uuid:
type: 'string'
size:
type: 'string'
filesystem:
type: 'object'
properties:
mountpoint:
type: 'string'
fstype:
type: 'string'
mount_options:
type: 'string'
fs_uuid:
type: 'string'
fs_label:
type: 'string'
platform:
type: 'object'
properties:
image:
type: 'string'
kernel:
type: 'string'
kernel_params:
type: 'object'
additionalProperties: true
additionalProperties: false
metadata:
type: 'object'
properties:
tags:
type: 'array'
items:
type: 'string'
owner_data:
type: 'object'
additionalProperties:
type: 'string'
rack:
type: 'string'
boot_mac:
type: 'string'
additionalProperties: false
host_profile:
type: 'string'
hardware_profile:
type: 'string'
primary_network:
type: 'string'
interfaces:
type: 'object'
additionalProperties:
type: 'object'
properties:
device_link:
type: 'string'
slaves:
type: 'array'
items:
type: 'string'
networks:
type: 'array'
items:
type: 'string'
additionalProperties: false
...

View File

@ -0,0 +1,93 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: drydock/BootAction/v1
labels:
application: drydock
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
additionalProperties: false
properties:
signaling:
type: 'boolean'
assets:
type: 'array'
items:
type: 'object'
additionalProperties: false
properties:
path:
type: 'string'
pattern: '^/.+'
location:
type: 'string'
type:
type: 'string'
enum:
- 'unit'
- 'file'
- 'pkg_list'
data:
type: 'string'
location_pipeline:
type: 'array'
items:
type: 'string'
enum:
- 'template'
data_pipeline:
type: 'array'
items:
type: 'string'
enum:
- 'base64_encode'
- 'template'
- 'base64_decode'
- 'utf8_encode'
- 'utf8_decode'
permissions:
type: 'string'
pattern: '\d{3}'
required:
- 'type'
node_filter:
type: 'object'
additionalProperties: false
properties:
filter_set_type:
type: 'string'
enum:
- 'intersection'
- 'union'
filter_set:
type: 'array'
items:
type: 'object'
additionalProperties: false
properties:
filter_type:
type: 'string'
enum:
- 'intersection'
- 'union'
node_names:
type: 'array'
items:
type: 'string'
node_tags:
type: 'array'
items:
type: 'string'
node_labels:
type: 'object'
additionalProperties: true
rack_names:
type: 'array'
items:
type: 'string'
rack_labels:
type: 'object'
additionalProperties: true
...

View File

@ -0,0 +1,49 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: drydock/HardwareProfile/v1
labels:
application: drydock
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
properties:
vendor:
type: 'string'
generation:
type: 'string'
hw_version:
type: 'string'
bios_version:
type: 'string'
boot_mode:
type: 'string'
enum:
- 'bios'
- 'uefi'
bootstrap_protocol:
type: 'string'
enum:
- 'pxe'
- 'usb'
- 'hdd'
pxe_interface:
type: 'number'
device_aliases:
type: 'object'
additionalProperties: true
cpu_sets:
type: 'object'
additionalProperties:
type: 'string'
hugepages:
type: 'object'
additionalProperties:
type: 'object'
propertes:
size:
type: 'string'
count:
type: 'number'
additionalProperties: false

View File

@ -0,0 +1,161 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: drydock/HostProfile/v1
labels:
application: drydock
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
properties:
oob:
type: 'object'
properties:
type:
type: 'string'
network:
type: 'string'
account:
type: 'string'
credetial:
type: 'string'
additionalProperties: true
storage:
type: 'object'
properties:
physical_devices:
type: 'object'
additionalProperties:
type: 'object'
properties:
labels:
type: 'object'
additionalProperties:
type: 'string'
volume_group:
type: 'string'
partitions:
type: 'array'
items:
type: 'object'
properties:
name:
type: 'string'
size:
type: 'string'
part_uuid:
type: 'string'
volume_group:
type: 'string'
labels:
type: 'object'
additionalProperties:
type: 'string'
bootable:
type: 'boolean'
volume_group:
type: 'string'
filesystem:
type: 'object'
properties:
mountpoint:
type: 'string'
fstype:
type: 'string'
mount_options:
type: 'string'
fs_uuid:
type: 'string'
fs_label:
type: 'string'
additionalProperties: false
additionalProperties: false
volume_groups:
type: 'object'
additionalProperties:
type: 'object'
properties:
vg_uuid:
type: 'string'
logical_volumes:
type: 'array'
items:
type: 'object'
properties:
name:
type: 'string'
lv_uuid:
type: 'string'
size:
type: 'string'
filesystem:
type: 'object'
properties:
mountpoint:
type: 'string'
fstype:
type: 'string'
mount_options:
type: 'string'
fs_uuid:
type: 'string'
fs_label:
type: 'string'
platform:
type: 'object'
properties:
image:
type: 'string'
kernel:
type: 'string'
kernel_params:
type: 'object'
additionalProperties: true
additionalProperties: false
metadata:
type: 'object'
properties:
tags:
type: 'array'
items:
type: 'string'
owner_data:
type: 'object'
additionalProperties:
type: 'string'
rack:
type: 'string'
boot_mac:
type: 'string'
additionalProperties: false
host_profile:
type: 'string'
hardware_profile:
type: 'string'
primary_network:
type: 'string'
interfaces:
type: 'object'
additionalProperties:
type: 'object'
properties:
device_link:
type: 'string'
slaves:
type: 'array'
items:
type: 'string'
networks:
type: 'array'
items:
type: 'string'
sriov:
type: 'object'
properties:
vf_count:
type: 'number'
trustmode:
type: 'boolean'
additionalProperties: false
...

View File

@ -0,0 +1,70 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: drydock/Network/v1
labels:
application: drydock
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
properties:
cidr:
type: 'string'
ranges:
type: 'array'
items:
type: 'object'
properties:
type:
type: 'string'
start:
type: 'string'
format: 'ipv4'
end:
type: 'string'
format: 'ipv4'
additionalProperties: false
dns:
type: 'object'
properties:
domain:
type: 'string'
servers:
type: 'string'
additionalProperties: false
dhcp_relay:
type: 'object'
properties:
self_ip:
type: 'string'
format: 'ipv4'
upstream_target:
type: 'string'
format: 'ipv4'
additionalProperties: false
mtu:
type: 'number'
vlan:
type: 'string'
routedomain:
type: 'string'
routes:
type: 'array'
items:
type: 'object'
properties:
subnet:
type: 'string'
gateway:
type: 'string'
format: 'ipv4'
metric:
type: 'number'
routedomain:
type: 'string'
additionalProperties: false
labels:
type: 'object'
additionalProperties: true
additionalProperties: false

View File

@ -0,0 +1,47 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: drydock/NetworkLink/v1
labels:
application: drydock
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
properties:
bonding:
type: 'object'
properties:
mode:
type: 'string'
hash:
type: 'string'
peer_rate:
type: 'string'
mon_rate:
type: 'number'
up_delay:
type: 'number'
down_delay:
type: 'number'
additionalProperties: false
mtu:
type: 'number'
linkspeed:
type: 'string'
trunking:
type: 'object'
properties:
mode:
type: 'string'
default_network:
type: 'string'
additionalProperties: false
allowed_networks:
type: 'array'
items:
type: 'string'
labels:
type: 'object'
additionalProperties: true
additionalProperties: false

View File

@ -0,0 +1,35 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: drydock/Rack/v1
labels:
application: drydock
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
properties:
tor_switches:
type: 'object'
properties:
mgmt_ip:
type: 'string'
format: 'ipv4'
sdn_api_uri:
type: 'string'
format: 'uri'
location:
type: 'object'
properties:
clli:
type: 'string'
grid:
type: 'string'
local_networks:
type: 'array'
items:
type: 'string'
labels:
type: 'object'
additionalProperties: true
additionalProperties: false

View File

@ -0,0 +1,71 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: drydock/Region/v1
labels:
application: drydock
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
properties:
tag_definitions:
type: 'array'
items:
type: 'object'
properties:
tag:
type: 'string'
definition_type:
type: 'string'
enum:
- 'lshw_xpath'
definition:
type: 'string'
additionalProperties: false
authorized_keys:
type: 'array'
items:
type: 'string'
repositories:
# top level is class (e.g. apt, rpm)
type: 'object'
properties:
remove_unlisted:
type: 'boolean'
additionalPropties:
type: 'object'
properties:
repo_type:
type: 'string'
pattern: 'apt|rpm'
url:
type: 'string'
distributions:
type: 'array'
items:
type: 'string'
subrepos:
type: 'array'
items:
type: 'string'
components:
type: 'array'
items:
type: 'string'
gpgkey:
type: 'string'
arches:
type: 'array'
items:
type: 'string'
options:
type: 'object'
additionalProperties:
type: 'string'
additionalProperties: false
required:
- 'repo_type'
- 'url'
- 'arches'
additionalProperties: false

View File

@ -0,0 +1,645 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: pegleg/AccountCatalogue/v1
data:
$schema: 'http://json-schema.org/schema#'
type: object
properties:
ucp:
type: object
properties:
postgres:
type: object
properties:
admin:
type: object
properties:
username:
type: string
oslo_db:
type: object
properties:
admin:
type: object
properties:
username:
type: string
oslo_messaging:
type: object
properties:
admin:
type: object
properties:
username:
type: string
keystone:
type: object
properties:
admin:
type: object
properties:
region_name:
type: string
username:
type: string
project_name:
type: string
user_domain_name:
type: string
project_domain_name:
type: string
oslo_messaging:
type: object
properties:
username:
type: string
oslo_db:
type: object
properties:
username:
type: string
database:
type: string
promenade:
type: object
properties:
keystone:
type: object
properties:
region_name:
type: string
role:
type: string
project_name:
type: string
project_domain_name:
type: string
user_domain_name:
type: string
username:
type: string
drydock:
type: object
properties:
keystone:
type: object
properties:
region_name:
type: string
role:
type: string
project_name:
type: string
project_domain_name:
type: string
user_domain_name:
type: string
username:
type: string
postgres:
type: object
properties:
username:
type: string
database:
type: string
shipyard:
type: object
properties:
keystone:
type: object
properties:
region_name:
type: string
role:
type: string
project_name:
type: string
project_domain_name:
type: string
user_domain_name:
type: string
username:
type: string
postgres:
type: object
properties:
username:
type: string
database:
type: string
airflow:
type: object
properties:
postgres:
type: object
properties:
username:
type: string
database:
type: string
oslo_messaging:
type: object
properties:
username:
type: string
maas:
type: object
properties:
admin:
type: object
properties:
username:
type: string
email:
type: string
postgres:
type: object
properties:
username:
type: string
database:
type: string
barbican:
type: object
properties:
keystone:
type: object
properties:
region_name:
type: string
role:
type: string
project_name:
type: string
project_domain_name:
type: string
user_domain_name:
type: string
username:
type: string
oslo_db:
type: object
properties:
username:
type: string
database:
type: string
oslo_messaging:
type: object
properties:
username:
type: string
armada:
type: object
properties:
keystone:
type: object
properties:
project_domain_name:
type: string
project_name:
type: string
region_name:
type: string
role:
type: string
user_domain_name:
type: string
username:
type: string
deckhand:
type: object
properties:
keystone:
type: object
properties:
region_name:
type: string
role:
type: string
project_name:
type: string
project_domain_name:
type: string
user_domain_name:
type: string
username:
type: string
postgres:
type: object
properties:
username:
type: string
database:
type: string
ceph:
type: object
properties:
swift:
type: object
properties:
keystone:
type: object
properties:
role:
type: string
region_name:
type: string
username:
type: string
project_name:
type: string
user_domain_name:
type: string
project_domain_name:
type: string
osh:
type: object
properties:
keystone:
type: object
properties:
admin:
type: object
properties:
region_name:
type: string
username:
type: string
project_name:
type: string
user_domain_name:
type: string
project_domain_name:
type: string
oslo_messaging:
type: object
properties:
admin:
type: object
properties:
username:
type: string
keystone:
type: object
properties:
username:
type: string
oslo_db:
type: object
properties:
username:
type: string
database:
type: string
cinder:
type: object
properties:
cinder:
type: object
properties:
role:
type: string
region_name:
type: string
username:
type: string
project_name:
type: string
user_domain_name:
type: string
project_domain_name:
type: string
oslo_messaging:
type: object
properties:
admin:
type: object
properties:
username:
type: string
cinder:
type: object
properties:
username:
type: string
oslo_db:
type: object
properties:
username:
type: string
database:
type: string
glance:
type: object
properties:
glance:
type: object
properties:
role:
type: string
region_name:
type: string
username:
type: string
project_name:
type: string
user_domain_name:
type: string
project_domain_name:
type: string
oslo_messaging:
type: object
properties:
admin:
type: object
properties:
username:
type: string
glance:
type: object
properties:
username:
type: string
oslo_db:
type: object
properties:
username:
type: string
database:
type: string
ceph_object_store:
type: object
properties:
username:
type: string
heat:
type: object
properties:
heat:
type: object
properties:
role:
type: string
region_name:
type: string
username:
type: string
project_name:
type: string
user_domain_name:
type: string
project_domain_name:
type: string
heat_trustee:
type: object
properties:
role:
type: string
region_name:
type: string
username:
type: string
project_name:
type: string
user_domain_name:
type: string
project_domain_name:
type: string
heat_stack_user:
type: object
properties:
role:
type: string
region_name:
type: string
username:
type: string
project_name:
type: string
user_domain_name:
type: string
project_domain_name:
type: string
oslo_db:
type: object
properties:
username:
type: string
database:
type: string
oslo_messaging:
type: object
properties:
admin:
type: object
properties:
username:
type: string
heat:
type: object
properties:
username:
type: string
swift:
type: object
properties:
swift:
type: object
properties:
role:
type: string
region_name:
type: string
username:
type: string
project_name:
type: string
user_domain_name:
type: string
project_domain_name:
type: string
oslo_db:
type: object
properties:
admin:
type: object
properties:
username:
type: string
neutron:
type: object
properties:
neutron:
type: object
properties:
role:
type: string
region_name:
type: string
username:
type: string
project_name:
type: string
user_domain_name:
type: string
project_domain_name:
type: string
oslo_messaging:
type: object
properties:
admin:
type: object
properties:
username:
type: string
neutron:
type: object
properties:
username:
type: string
oslo_db:
type: object
properties:
username:
type: string
database:
type: string
nova:
type: object
properties:
nova:
type: object
properties:
role:
type: string
region_name:
type: string
username:
type: string
project_name:
type: string
user_domain_name:
type: string
project_domain_name:
type: string
placement:
type: object
properties:
role:
type: string
region_name:
type: string
username:
type: string
project_name:
type: string
user_domain_name:
type: string
project_domain_name:
type: string
oslo_messaging:
type: object
properties:
admin:
type: object
properties:
username:
type: string
nova:
type: object
properties:
username:
type: string
oslo_db:
type: object
properties:
username:
type: string
database:
type: string
oslo_db_api:
type: object
properties:
username:
type: string
database:
type: string
oslo_db_cell0:
type: object
properties:
username:
type: string
database:
type: string
horizon:
type: object
properties:
oslo_db:
type: object
properties:
username:
type: string
database:
type: string
osh_infra:
type: object
properties:
grafana:
type: object
properties:
admin:
type: object
properties:
username:
type: string
oslo_db:
type: object
properties:
username:
type: string
database:
type: string
oslo_db_session:
type: object
properties:
username:
type: string
database:
type: string
elasticsearch:
type: object
properties:
admin:
type: object
properties:
username:
type: string
oslo_db:
type: object
properties:
admin:
type: object
properties:
username:
type: string
prometheus_openstack_exporter:
type: object
properties:
user:
type: object
properties:
username:
type: string
nagios:
type: object
properties:
admin:
type: object
properties:
username:
type: string
...

View File

@ -0,0 +1,116 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: pegleg/CommonAddresses/v1
data:
$schema: 'http://json-schema.org/schema#'
type: object
properties:
calico:
type: object
properties:
ip_autodetection_method:
type: string
etcd:
type: object
properties:
service_ip:
type: string
dns:
type: object
properties:
cluster_domain:
type: string
service_ip:
type: string
upstream_servers:
type: array
items:
type: string
upstream_servers_joined:
type: string
genesis:
type: object
properties:
hostname:
type: string
ip:
type: string
bootstrap:
type: object
properties:
ip:
type: string
kubernetes:
type: object
properties:
api_service_ip:
type: string
etcd_service_ip:
type: string
pod_cidr:
type: string
service_cidr:
type: string
apiserver_port:
type: number
haproxy_port:
type: number
service_node_port_range:
type: string
etcd:
type: object
properties:
container_port:
type: number
haproxy_port:
type: number
masters:
type: array
items:
type: object
properties:
hostname:
type: string
node_ports:
type: object
properties:
drydock_api:
type: number
maas_api:
type: number
maas_proxy:
type: number
shipyard_api:
type: number
airflow_web:
type: number
ntp:
type: object
properties:
servers_joined:
type: string
storage:
type: object
properties:
ceph:
type: object
properties:
public_cidr:
type: string
cluster_cidr:
type: string
openvswitch:
type: object
properties:
external_iface:
type: string
neutron:
type: object
properties:
tunnel_device:
type: string
external_iface:
type: string
...

View File

@ -0,0 +1,15 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: pegleg/CommonSoftwareConfig/v1
data:
$schema: 'http://json-schema.org/schema#'
type: object
properties:
osh:
type: object
properties:
region_name:
type: string
...

View File

@ -0,0 +1,143 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: pegleg/EndpointCatalogue/v1
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
# Namespace the list of endpoints
additionalProperties:
type: 'object'
additionalProperties:
type: 'object'
properties:
namespace:
oneOf:
- type: string
- type: "null"
name:
type: string
auth:
type: object
hosts:
type: object
properties:
data:
type: string
default:
type: string
discovery:
type: string
public:
type: string
internal:
type: string
additionalProperties:
type: string
host_fqdn_override:
oneOf:
- type: object
properties:
default:
oneOf:
- type: string
- type: "null"
- type: object
properties:
host:
type: string
tls:
type: object
properties:
crt:
type: string
ca:
type: string
key:
type: string
additionalProperties:
type: string
public:
oneOf:
- type: string
- type: "null"
- type: object
properties:
host:
type: string
tls:
type: object
properties:
crt:
type: string
ca:
type: string
key:
type: string
additionalProperties:
type: string
internal:
oneOf:
- type: string
- type: "null"
- type: object
properties:
host:
type: string
tls:
type: object
properties:
crt:
type: string
ca:
type: string
key:
type: string
additionalProperties:
type: string
additionalProperties:
type: string
- type: "null"
path:
oneOf:
- type: object
properties:
default:
oneOf:
- type: string
- type: "null"
public:
type: string
internal:
type: string
additionalProperties:
type: string
- type: string
scheme:
oneOf:
- type: object
properties:
default:
type: string
public:
type: string
internal:
type: string
additionalProperties:
type: string
- type: string
port:
type: object
additionalProperties:
type: object
properties:
default:
type: number
public:
type: number
internal:
type: number
additionalProperties:
type: number
...

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,16 @@
---
schema: deckhand/DataSchema/v1
metadata:
schema: metadata/Control/v1
name: promenade/Docker/v1
labels:
application: promenade
data:
$schema: http://json-schema.org/schema#
type: object
properties:
config:
type: object
required:
- config
additionalProperties: false

View File

@ -0,0 +1,141 @@
---
schema: deckhand/DataSchema/v1
metadata:
schema: metadata/Control/v1
name: promenade/Genesis/v1
labels:
application: promenade
data:
$schema: http://json-schema.org/schema#
definitions:
abs_path:
type: string
pattern: '^/.+$'
hostname:
type: string
pattern: '^[a-z][a-z0-9-]+$'
file:
properties:
path:
$ref: '#/definitions/abs_path'
content:
type: string
mode:
type: integer
minimum: 0
tar_url:
$ref: '#/definitions/url'
tar_path:
$ref: '#/definitions/rel_path'
requried:
- mode
- path
oneOf:
- type: object
required:
- content
- type: object
allOf:
- type: object
required:
- tar_url
- tar_path
additionalProperties: false
image:
type: string
# XXX add regex
ip_address:
type: string
pattern: '^(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))$'
kubernetes_label:
type: string
# XXX add regex
rel_path:
type: string
# XXX add regex
type: object
properties:
armada:
type: object
properties:
target_manifest:
type: string
additionalProperties: false
apiserver:
type: object
properties:
command_prefix:
type: array
items:
type: string
additionalProperties: false
files:
type: array
items:
$ref: '#/definitions/file'
hostname:
$ref: '#/definitions/hostname'
ip:
$ref: '#/definitions/ip_address'
labels:
properties:
static:
type: array
items:
$ref: '#/definitions/kubernetes_label'
dynamic:
type: array
items:
$ref: '#/definitions/kubernetes_label'
additionalProperties: false
images:
type: object
properties:
armada:
$ref: '#/definitions/image'
helm:
type: object
properties:
tiller:
$ref: '#/definitions/image'
required:
- tiller
additionalProperties: false
kubernetes:
type: object
properties:
apiserver:
$ref: '#/definitions/image'
controller-manager:
$ref: '#/definitions/image'
etcd:
$ref: '#/definitions/image'
scheduler:
$ref: '#/definitions/image'
required:
- apiserver
- controller-manager
- etcd
- scheduler
additionalProperties: false
required:
- armada
- helm
- kubernetes
additionalProperties: false
required:
- hostname
- ip
- images
- labels
additionalProperties: false
...

View File

@ -0,0 +1,137 @@
---
schema: deckhand/DataSchema/v1
metadata:
schema: metadata/Control/v1
name: promenade/HostSystem/v1
labels:
application: promenade
data:
$schema: http://json-schema.org/schema#
definitions:
abs_path:
type: string
pattern: '^/.+$'
apt_source_line:
type: string
# XXX add regex
file:
properties:
path:
$ref: '#/definitions/abs_path'
content:
type: string
mode:
type: integer
minimum: 0
tar_url:
$ref: '#/definitions/url'
tar_path:
$ref: '#/definitions/rel_path'
requried:
- mode
- path
oneOf:
- type: object
required:
- content
- type: object
allOf:
- type: object
required:
- tar_url
- tar_path
additionalProperties: false
image:
type: string
# XXX add regex
package:
type: string
# XXX add regex
public_key:
type: string
# XXX add regex
rel_path:
type: string
# XXX add regex
url:
type: string
# XXX add regex
type: object
properties:
files:
type: array
items:
type: object
items:
$ref: '#/definitions/file'
images:
type: object
properties:
haproxy:
$ref: '#/definitions/image'
coredns:
$ref: '#/definitions/image'
helm:
type: object
properties:
helm:
$ref: '#/definitions/image'
required:
- helm
additionalProperties: false
kubernetes:
type: object
properties:
kubectl:
$ref: '#/definitions/image'
required:
- kubectl
additionalProperties: false
required:
- haproxy
- coredns
- helm
- kubernetes
additionalProperties: false
packages:
type: object
properties:
additional:
type: array
items:
$ref: '#/definitions/package'
keys:
type: array
items:
$ref: '#/definitions/public_key'
required:
type: object
properties:
docker:
$ref: '#/definitions/package'
socat:
$ref: '#/definitions/package'
required:
- docker
- socat
additionalProperties: false
repositories:
type: array
items:
$ref: '#/definitions/apt_source_line'
required:
- required
additionalProperties: false
required:
- images
- packages
additionalProperties: false

View File

@ -0,0 +1,31 @@
---
schema: deckhand/DataSchema/v1
metadata:
schema: metadata/Control/v1
name: promenade/Kubelet/v1
labels:
application: promenade
data:
$schema: http://json-schema.org/schema#
type: object
definitions:
image:
type: string
# XXX add regex
properties:
images:
type: object
properties:
pause:
$ref: '#/definitions/image'
required:
- pause
additionalProperties: false
arguments:
type: array
items:
type: string
required:
- images
additionalProperties: false

View File

@ -0,0 +1,121 @@
---
schema: deckhand/DataSchema/v1
metadata:
schema: metadata/Control/v1
name: promenade/KubernetesNetwork/v1
labels:
application: promenade
data:
$schema: http://json-schema.org/schema#
definitions:
cidr:
type: string
pattern: '^(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\/([0-9]|[1-2][0-9]|3[0-2])$'
domain_name:
type: string
format: hostname
domain_suffix:
type: string
pattern: '^\.[a-z0-9][a-z0-9-\.]*$'
hostname:
type: string
format: hostname
hostname_or_ip_address:
anyOf:
- $ref: '#/definitions/hostname'
- $ref: '#/definitions/ip_address'
- $ref: '#/definitions/domain_suffix'
ip_address:
type: string
format: ipv4
url:
type: string
format: uri
type: object
properties:
dns:
type: object
properties:
bootstrap_validation_checks:
type: array
items:
$ref: '#/definitions/domain_name'
cluster_domain:
$ref: '#/definitions/domain_name'
service_ip:
$ref: '#/definitions/ip_address'
upstream_servers:
type: array
items:
$ref: '#/definitions/ip_address'
required:
- cluster_domain
- service_ip
additionalProperties: false
etcd:
type: object
properties:
container_port:
type: integer
haproxy_port:
type: integer
# NOTE(mark-burnett): No longer used.
service_ip:
$ref: '#/definitions/ip_address'
required:
- container_port
- haproxy_port
additionalProperties: false
kubernetes:
type: object
properties:
pod_cidr:
$ref: '#/definitions/cidr'
service_ip:
$ref: '#/definitions/ip_address'
service_cidr:
$ref: '#/definitions/cidr'
apiserver_port:
type: integer
haproxy_port:
type: integer
required:
- pod_cidr
- service_cidr
- service_ip
- apiserver_port
- haproxy_port
additionalProperties: false
hosts_entries:
type: array
items:
type: object
properties:
ip:
$ref: '#/definitions/ip_address'
names:
type: array
items:
$ref: '#/definitions/hostname'
proxy:
type: object
properties:
additional_no_proxy:
type: array
items:
$ref: '#/definitions/hostname_or_ip_address'
url:
$ref: '#/definitions/url'
required:
- url
additionalFields: false
required:
- dns
- kubernetes
additionalProperties: false
...

View File

@ -0,0 +1,47 @@
---
schema: deckhand/DataSchema/v1
metadata:
schema: metadata/Control/v1
name: promenade/KubernetesNode/v1
labels:
application: promenade
data:
$schema: http://json-schema.org/schema#
definitions:
hostname:
type: string
pattern: '^[a-z][a-z0-9-]+$'
ip_address:
type: string
pattern: '^(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))\.(\d|[1-9]\d|1\d\d|2([0-4]\d|5[0-5]))$'
kubernetes_label:
type: string
# XXX add regex
type: object
properties:
hostname:
$ref: '#/definitions/hostname'
ip:
$ref: '#/definitions/ip_address'
join_ip:
$ref: '#/definitions/ip_address'
labels:
properties:
static:
type: array
items:
$ref: '#/definitions/kubernetes_label'
dynamic:
type: array
items:
$ref: '#/definitions/kubernetes_label'
additionalProperties: false
required:
- ip
- join_ip
additionalProperties: false

View File

@ -0,0 +1,43 @@
---
schema: deckhand/DataSchema/v1
metadata:
schema: metadata/Control/v1
name: promenade/PKICatalog/v1
labels:
application: promenade
data:
$schema: http://json-schema.org/schema#
certificate_authorities:
type: array
items:
type: object
properties:
description:
type: string
certificates:
type: array
items:
type: object
properties:
document_name:
type: string
description:
type: string
common_name:
type: string
hosts:
type: array
items: string
groups:
type: array
items: string
keypairs:
type: array
items:
type: object
properties:
name:
type: string
description:
type: string
...

View File

@ -0,0 +1,80 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: shipyard/DeploymentConfiguration/v1
labels:
application: shipyard
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
properties:
physical_provisioner:
type: 'object'
properties:
deployment_strategy:
type: 'string'
deploy_interval:
type: 'integer'
deploy_timeout:
type: 'integer'
destroy_interval:
type: 'integer'
destroy_timeout:
type: 'integer'
join_wait:
type: 'integer'
prepare_node_interval:
type: 'integer'
prepare_node_timeout:
type: 'integer'
prepare_site_interval:
type: 'integer'
prepare_site_timeout:
type: 'integer'
verify_interval:
type: 'integer'
verify_timeout:
type: 'integer'
additionalProperties: false
kubernetes:
type: 'object'
properties:
node_status_interval:
type: 'integer'
node_status_timeout:
type: 'integer'
additionalProperties: false
kubernetes_provisioner:
type: 'object'
properties:
drain_timeout:
type: 'integer'
drain_grace_period:
type: 'integer'
clear_labels_timeout:
type: 'integer'
remove_etcd_timeout:
type: 'integer'
etcd_ready_timeout:
type: 'integer'
additionalProperties: false
armada:
type: 'object'
properties:
get_releases_timeout:
type: 'integer'
get_status_timeout:
type: 'integer'
manifest:
type: 'string'
post_apply_timeout:
type: 'integer'
validate_design_timeout:
type: 'integer'
additionalProperties: false
required:
- manifest
additionalProperties: false
required:
- armada

View File

@ -0,0 +1,73 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: shipyard/DeploymentStrategy/v1
labels:
application: shipyard
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
required:
- groups
properties:
groups:
type: 'array'
minItems: 0
items:
type: 'object'
required:
- name
- critical
- depends_on
- selectors
properties:
name:
type: 'string'
minLength: 1
critical:
type: 'boolean'
depends_on:
type: 'array'
minItems: 0
items:
type: 'string'
selectors:
type: 'array'
minItems: 0
items:
type: 'object'
minProperties: 1
properties:
node_names:
type: 'array'
items:
type: 'string'
node_labels:
type: 'array'
items:
type: 'string'
node_tags:
type: 'array'
items:
type: 'string'
rack_names:
type: 'array'
items:
type: 'string'
additionalProperties: false
success_criteria:
type: 'object'
minProperties: 1
properties:
percent_successful_nodes:
type: 'integer'
minimum: 0
maximum: 100
minimum_successful_nodes:
type: 'integer'
minimum: 0
maximum_failed_nodes:
type: 'integer'
minimum: 0
additionalProperties: false

View File

@ -0,0 +1,128 @@
---
schema: pegleg/Script/v1
metadata:
schema: metadata/Document/v1
name: configure-ip-rules
storagePolicy: cleartext
layeringDefinition:
abstract: false
layer: global
data: |-
#!/bin/bash
set -ex
function usage() {
cat <<EOU
Options are:
-c POD_CIDR The pod CIDR for the Kubernetes cluster, e.g. 10.97.0.0/16
-i INTERFACE (optional) The interface for internal pod traffic, e.g.
bond0.22. Used to auto-detect the service gateway.
Exclusive with -g.
-g SERVICE_GW (optional) The service gateway/VRR IP for routing pod
traffic. Exclusive with -i.
-o OVERLAP_CIDR (optional) This CIDR will be routed via the VRRP IP on
INTERFACE. It is used to provide a work around when
complete Calico routes cannot be received via BGP.
e.g. 10.96.0.0/15. NOTE: This must include the POD_CIDR.
-s SERVICE_CIDR (optional) A routable CIDR to configure for ingress, maas,
e.g. 10.23.22.192/29
EOU
}
SERVICE_CIDR=
OVERLAP_CIDR=
while getopts ":c:g:hi:o:s:" o; do
case "${o}" in
c)
POD_CIDR=${OPTARG}
;;
g)
SERVICE_GW=${OPTARG}
;;
h)
usage
exit 0
;;
i)
INTERFACE=${OPTARG}
;;
o)
OVERLAP_CIDR=${OPTARG}
;;
s)
SERVICE_CIDR=${OPTARG}
;;
\?)
echo "Unknown option: -${OPTARG}" >&2
exit 1
;;
:)
echo "Missing argument for option: -${OPTARG}" >&2
exit 1
;;
*)
echo "Unimplemented option: -${OPTARG}" >&2
exit 1
;;
esac
done
shift $((OPTIND-1))
if [ "x$POD_CIDR" == "x" ]; then
echo "Missing pod CIDR, e.g -c 10.97.0.0/16" >&2
usage
exit 1
fi
if [ "x$INTERFACE" != "x" ]; then
while ! ip route list dev "${INTERFACE}" > /dev/null; do
echo Waiting for device "${INTERFACE}" to be ready. >&2
sleep 5
done
fi
intra_vrrp_ip=
if [ "x${SERVICE_GW}" == "x" ]; then
intra_vrrp_ip=$(ip route list dev "${INTERFACE}" | awk '($2~/via/){print $3}' | head -n 1)
else
intra_vrrp_ip=${SERVICE_GW}
fi
TABLE="1500"
if [ "x${intra_vrrp_ip}" == "x" ]; then
echo "Either INTERFACE or SERVICE_GW is required: e.g. either -i bond0.22 or -g 10.23.22.1"
usage
exit 1
fi
# Setup a routing table for traffic from service IPs
ip route flush table "${TABLE}"
ip route add default via "${intra_vrrp_ip}" table "${TABLE}"
# Setup arp_announce adjustment on interface facing gateway
arp_intf=$(ip route get ${intra_vrrp_ip} | grep dev | awk '{print $3}')
echo 2 > /proc/sys/net/ipv4/conf/${arp_intf}/arp_announce
if [ "x$OVERLAP_CIDR" != "x" ]; then
# NOTE: This is a work-around for nodes not receiving complete
# routes via BGP.
ip route add "${OVERLAP_CIDR}" via "${intra_vrrp_ip}"
fi
if [ "x$SERVICE_CIDR" != "x" ]; then
# Traffic from the service IPs to pods should use the pod network.
ip rule add \
from "${SERVICE_CIDR}" \
to "${POD_CIDR}" \
lookup main \
pref 10000
# Other traffic from service IPs should only use the VRRP IP
ip rule add \
from "${SERVICE_CIDR}" \
lookup "${TABLE}" \
pref 10100
fi

View File

@ -0,0 +1,168 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-calico
layeringDefinition:
abstract: false
layer: global
labels:
name: kubernetes-calico-global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.calico.calico
dest:
path: .source
# Image versions
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.calico.calico
dest:
path: .values.images.tags
# IP addresses
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .calico.etcd.service_ip
dest:
path: .values.endpoints.etcd.host_fqdn_override.default
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.pod_cidr
dest:
path: .values.networking.podSubnet
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.api_service_ip
dest:
path: .values.conf.policy_controller.K8S_API
pattern: SUB_KUBERNETES_IP
# Other site-specific configuration
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .calico.ip_autodetection_method
dest:
path: .values.conf.node.IP_AUTODETECTION_METHOD
# Certificates
- src:
schema: deckhand/CertificateAuthority/v1
name: calico-etcd
path: .
dest:
path: .values.endpoints.etcd.auth.client.tls.ca
- src:
schema: deckhand/Certificate/v1
name: calico-node
path: .
dest:
path: .values.endpoints.etcd.auth.client.tls.crt
- src:
schema: deckhand/CertificateKey/v1
name: calico-node
path: .
dest:
path: .values.endpoints.etcd.auth.client.tls.key
data:
chart_name: calico
release: kubernetes-calico
namespace: kube-system
protected:
continue_processing: true
wait:
timeout: 600
labels:
release_group: kubernetes-calico
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: kubernetes-calico
values:
conf:
cni_network_config:
name: k8s-pod-network
cniVersion: 0.1.0
type: calico
etcd_endpoints: __ETCD_ENDPOINTS__
etcd_ca_cert_file: /etc/calico/pki/ca
etcd_cert_file: /etc/calico/pki/crt
etcd_key_file: /etc/calico/pki/key
log_level: info
mtu: 1500
ipam:
type: calico-ipam
policy:
type: k8s
k8s_api_root: https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__
k8s_auth_token: __SERVICEACCOUNT_TOKEN__
policy_controller:
K8S_API: "https://SUB_KUBERNETES_IP:443"
node:
CALICO_STARTUP_LOGLEVEL: INFO
CLUSTER_TYPE:
- k8s
- bgp
WAIT_FOR_STORAGE: "true"
endpoints:
etcd:
hosts:
default: calico-etcd
scheme:
default: https
networking:
mtu: 1500
settings:
mesh: "on"
ippool:
ipip:
enabled: "true"
mode: "always"
nat_outgoing: "true"
disabled: "false"
manifests:
daemonset_calico_etcd: false
job_image_repo_sync: false
service_calico_etcd: false
dependencies:
- calico-htk
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: calico-htk
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.calico.calico-htk
dest:
path: .source
data:
chart_name: calico-htk
release: calico-htk
namespace: calico-htk
values: {}
dependencies: []
...

View File

@ -0,0 +1,15 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-container-networking
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: Container networking via Calico
sequenced: true
chart_group:
- kubernetes-calico-etcd
- kubernetes-calico

View File

@ -0,0 +1,136 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-calico-etcd-global
layeringDefinition:
abstract: true
layer: global
labels:
name: kubernetes-calico-etcd-global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.calico.etcd
dest:
path: .source
# Image versions
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.calico.etcd
dest:
path: .values.images.tags
# IP addresses
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .calico.etcd.service_ip
dest:
path: .values.service.ip
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .calico.etcd.service_ip
dest:
path: .values.anchor.etcdctl_endpoint
# CAs
- src:
schema: deckhand/CertificateAuthority/v1
name: calico-etcd
path: .
dest:
path: .values.secrets.tls.client.ca
- src:
schema: deckhand/CertificateAuthority/v1
name: calico-etcd-peer
path: .
dest:
path: .values.secrets.tls.peer.ca
# Anchor client cert
- src:
schema: deckhand/Certificate/v1
name: calico-etcd-anchor
path: .
dest:
path: .values.secrets.anchor.tls.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-anchor
path: .
dest:
path: .values.secrets.anchor.tls.key
data:
chart_name: etcd
release: kubernetes-calico-etcd
namespace: kube-system
protected:
continue_processing: true
wait:
timeout: 600
labels:
release_group: kubernetes-calico-etcd
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: kubernetes-calico-etcd
values:
labels:
anchor:
node_selector_key: calico-etcd
node_selector_value: enabled
etcd:
host_data_path: /var/lib/etcd/calico
host_etc_path: /etc/etcd/calico
bootstrapping:
enabled: true
host_directory: /var/lib/anchor
filename: calico-etcd-bootstrap
service:
name: calico-etcd
network:
service_client:
name: service_client
port: 6666
target_port: 6666
service_peer:
name: service_peer
port: 6667
target_port: 6667
dependencies:
- kubernetes-calico-etcd-htk
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-calico-etcd-htk
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.calico.etcd-htk
dest:
path: .source
data:
chart_name: kubernetes-calico-etcd-htk
release: kubernetes-calico-etcd-htk
namespace: kubernetes-calico-etcd-htk
values: {}
dependencies: []
...

View File

@ -0,0 +1,155 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-apiserver
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.apiserver
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.apiserver
dest:
path: .values.images.tags
# IP addresses
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.api_service_ip
dest:
path: .values.network.kubernetes_service_ip
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.pod_cidr
dest:
path: .values.network.pod_cidr
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.service_cidr
dest:
path: .values.command_prefix[1]
pattern: SERVICE_CIDR
# Kubernetes Port Range
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.service_node_port_range
dest:
path: .values.command_prefix[2]
pattern: SERVICE_NODE_PORT_RANGE
# CA
- src:
schema: deckhand/CertificateAuthority/v1
name: kubernetes
path: .
dest:
path: .values.secrets.tls.ca
# Certificates
- src:
schema: deckhand/Certificate/v1
name: apiserver
path: .
dest:
path: .values.secrets.tls.cert
- src:
schema: deckhand/CertificateKey/v1
name: apiserver
path: .
dest:
path: .values.secrets.tls.key
- src:
schema: deckhand/CertificateAuthority/v1
name: kubernetes-etcd
path: .
dest:
path: .values.secrets.etcd.tls.ca
- src:
schema: deckhand/Certificate/v1
name: apiserver-etcd
path: .
dest:
path: .values.secrets.etcd.tls.cert
- src:
schema: deckhand/CertificateKey/v1
name: apiserver-etcd
path: .
dest:
path: .values.secrets.etcd.tls.key
- src:
schema: deckhand/PublicKey/v1
name: service-account
path: .
dest:
path: .values.secrets.service_account.public_key
data:
chart_name: apiserver
release: kubernetes-apiserver
namespace: kube-system
protected:
continue_processing: true
wait:
timeout: 600
labels:
release_group: kubernetes-apiserver
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: kubernetes-apiserver
values:
apiserver:
etcd:
endpoints: https://127.0.0.1:2378
command_prefix:
- /apiserver
- --service-cluster-ip-range=SERVICE_CIDR
- --service-node-port-range=SERVICE_NODE_PORT_RANGE
- --authorization-mode=Node,RBAC
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
- --endpoint-reconciler-type=lease
dependencies:
- kubernetes-apiserver-htk
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-apiserver-htk
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.apiserver-htk
dest:
path: .source
data:
chart_name: kubernetes-apiserver-htk
release: kubernetes-apiserver-htk
namespace: kubernetes-apiserver-htk
values: {}
dependencies: []
...

View File

@ -0,0 +1,15 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-core
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: Kubernetes components
chart_group:
- kubernetes-apiserver
- kubernetes-controller-manager
- kubernetes-scheduler

View File

@ -0,0 +1,136 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-controller-manager
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.controller-manager
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.controller-manager
dest:
path: .values.images.tags
# IP addresses
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.pod_cidr
dest:
path: .values.network.pod_cidr
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.service_cidr
dest:
path: .values.network.service_cidr
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.pod_cidr
dest:
path: .values.command_prefix[1]
pattern: SUB_POD_CIDR
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.service_cidr
dest:
path: .values.command_prefix[2]
pattern: SUB_SERVICE_CIDR
# CA
- src:
schema: deckhand/CertificateAuthority/v1
name: kubernetes
path: .
dest:
path: .values.secrets.tls.ca
# Certificates
- src:
schema: deckhand/Certificate/v1
name: controller-manager
path: .
dest:
path: .values.secrets.tls.cert
- src:
schema: deckhand/CertificateKey/v1
name: controller-manager
path: .
dest:
path: .values.secrets.tls.key
# Private key for Kubernetes service account token signing
- src:
schema: deckhand/PrivateKey/v1
name: service-account
path: .
dest:
path: .values.secrets.service_account.private_key
data:
chart_name: controller-manager
release: kubernetes-controller-manager
namespace: kube-system
protected:
continue_processing: true
wait:
timeout: 600
labels:
release_group: kubernetes-controller-manager
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: kubernetes-controller-manager
values:
command_prefix:
- /controller-manager
- --cluster-cidr=SUB_POD_CIDR
- --service-cluster-ip-range=SUB_SERVICE_CIDR
- --node-monitor-period=5s
- --node-monitor-grace-period=20s
- --pod-eviction-timeout=60s
network:
kubernetes_netloc: 127.0.0.1:6553
dependencies:
- kubernetes-controller-manager-htk
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-controller-manager-htk
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.controller-manager-htk
dest:
path: .source
data:
chart_name: kubernetes-controller-manager-htk
release: kubernetes-controller-manager-htk
namespace: kubernetes-controller-manager-htk
values: {}
dependencies: []
...

View File

@ -0,0 +1,93 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-scheduler
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.scheduler
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.scheduler
dest:
path: .values.images.tags
# CA
- src:
schema: deckhand/CertificateAuthority/v1
name: kubernetes
path: .
dest:
path: .values.secrets.tls.ca
# Certificates
- src:
schema: deckhand/Certificate/v1
name: scheduler
path: .
dest:
path: .values.secrets.tls.cert
- src:
schema: deckhand/CertificateKey/v1
name: scheduler
path: .
dest:
path: .values.secrets.tls.key
data:
chart_name: scheduler
release: kubernetes-scheduler
namespace: kube-system
protected:
continue_processing: true
wait:
timeout: 600
labels:
release_group: kubernetes-scheduler
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: kubernetes-scheduler
values:
network:
kubernetes_netloc: 127.0.0.1:6553
dependencies:
- kubernetes-scheduler-htk
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-scheduler-htk
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.scheduler-htk
dest:
path: .source
data:
chart_name: kubernetes-scheduler-htk
release: kubernetes-scheduler-htk
namespace: kubernetes-scheduler-htk
values: {}
dependencies: []
...

View File

@ -0,0 +1,13 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-dns
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: Cluster DNS
chart_group:
- coredns

View File

@ -0,0 +1,146 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: coredns
layeringDefinition:
abstract: false
layer: global
labels:
name: coredns-global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.coredns
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.coredns
dest:
path: .values.images.tags
# IP Addresses
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .dns.service_ip
dest:
path: .values.service.ip
# Zones
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .dns.cluster_domain
dest:
path: .values.conf.coredns.corefile
pattern: '(CLUSTER_DOMAIN)'
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.service_cidr
dest:
path: .values.conf.coredns.corefile
pattern: '(SERVICE_CIDR)'
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.pod_cidr
dest:
path: .values.conf.coredns.corefile
pattern: '(POD_CIDR)'
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .dns.upstream_servers[0]
dest:
path: .values.conf.coredns.corefile
pattern: '(UPSTREAM1)'
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .dns.upstream_servers[1]
dest:
path: .values.conf.coredns.corefile
pattern: '(UPSTREAM2)'
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .dns.upstream_servers[2]
dest:
path: .values.conf.coredns.corefile
pattern: '(UPSTREAM3)'
data:
chart_name: coredns
release: coredns
namespace: kube-system
wait:
timeout: 600
labels:
release_group: coredns
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: coredns
values:
conf:
coredns:
corefile: |
.:53 {
errors
health
autopath @kubernetes
kubernetes CLUSTER_DOMAIN SERVICE_CIDR POD_CIDR {
pods insecure
fallthrough in-addr.arpa ip6.arpa
upstream UPSTREAM1
upstream UPSTREAM2
upstream UPSTREAM3
}
prometheus :9153
forward . UPSTREAM1 UPSTREAM2 UPSTREAM3
cache 30
}
labels:
coredns:
node_selector_key: kube-dns
node_selector_value: enabled
dependencies:
- coredns-htk
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: coredns-htk
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.coredns-htk
dest:
path: .source
data:
chart_name: coredns-htk
release: coredns-htk
namespace: coredns-htk
values: {}
dependencies: []
...

View File

@ -0,0 +1,13 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-etcd
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: Kubernetes etcd
chart_group:
- kubernetes-etcd

View File

@ -0,0 +1,137 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-etcd-global
layeringDefinition:
abstract: true
layer: global
labels:
name: kubernetes-etcd-global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.etcd
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.etcd
dest:
path: .values.images.tags
# IP addresses
-
src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.etcd_service_ip
dest:
path: .values.service.ip
-
src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.etcd_service_ip
dest:
path: .values.anchor.etcdctl_endpoint
# CAs
-
src:
schema: deckhand/CertificateAuthority/v1
name: kubernetes-etcd
path: .
dest:
path: .values.secrets.tls.client.ca
-
src:
schema: deckhand/CertificateAuthority/v1
name: kubernetes-etcd-peer
path: .
dest:
path: .values.secrets.tls.peer.ca
-
src:
schema: deckhand/Certificate/v1
name: kubernetes-etcd-anchor
path: .
dest:
path: .values.secrets.anchor.tls.cert
-
src:
schema: deckhand/CertificateKey/v1
name: kubernetes-etcd-anchor
path: .
dest:
path: .values.secrets.anchor.tls.key
data:
chart_name: etcd
release: kubernetes-etcd
namespace: kube-system
protected:
continue_processing: true
wait:
timeout: 600
labels:
release_group: kubernetes-etcd
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: kubernetes-etcd
values:
labels:
anchor:
node_selector_key: kubernetes-etcd
node_selector_value: enabled
etcd:
host_data_path: /var/lib/etcd/kubernetes
host_etc_path: /etc/etcd/kubernetes
service:
name: kubernetes-etcd
network:
service_client:
name: service_client
port: 2379
target_port: 2379
service_peer:
name: service_peer
port: 2380
target_port: 2380
dependencies:
- kubernetes-etcd-htk
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-etcd-htk
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.etcd-htk
dest:
path: .source
data:
chart_name: kubernetes-etcd-htk
release: kubernetes-etcd-htk
namespace: kubernetes-etcd-htk
values: {}
dependencies: []
...

View File

@ -0,0 +1,13 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-haproxy
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: HAProxy for Kubernetes
chart_group:
- haproxy

View File

@ -0,0 +1,109 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: haproxy
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.haproxy
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.haproxy
dest:
path: .values.images.tags
# Kubernetes configuration
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.api_service_ip
dest:
path: .values.conf.anchor.kubernetes_url
pattern: KUBERNETES_IP
data:
chart_name: haproxy
release: haproxy
namespace: kube-system
protected:
continue_processing: true
wait:
timeout: 600
labels:
release_group: haproxy
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: haproxy
values:
conf:
anchor:
kubernetes_url: https://KUBERNETES_IP:443
services:
default:
kubernetes:
server_opts: "check port 6443"
conf_parts:
frontend:
- mode tcp
- option tcpka
- bind *:6553
backend:
- mode tcp
- option tcpka
- option tcp-check
- option redispatch
kube-system:
kubernetes-etcd:
server_opts: "check port 2379"
conf_parts:
frontend:
- mode tcp
- option tcpka
- bind *:2378
backend:
- mode tcp
- option tcpka
- option tcp-check
- option redispatch
dependencies:
- haproxy-htk
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: haproxy-htk
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.haproxy-htk
dest:
path: .source
data:
chart_name: haproxy-htk
release: haproxy-htk
namespace: haproxy-htk
values: {}
dependencies: []
...

View File

@ -0,0 +1,13 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: ingress-kube-system
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: Ingress for the site
chart_group:
- ingress-kube-system

View File

@ -0,0 +1,86 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: global-ingress-kube-system
labels:
ingress: kube-system
layeringDefinition:
abstract: true
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.ingress
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.ingress
dest:
path: .values.images.tags
data:
chart_name: ingress-kube-system
release: ingress-kube-system
namespace: kube-system
wait:
timeout: 300
labels:
release_group: ingress-kube-system
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: ingress-kube-system
values:
labels:
server:
node_selector_key: kube-ingress
node_selector_value: enabled
error_server:
node_selector_key: kube-ingress
node_selector_value: enabled
deployment:
mode: cluster
type: DaemonSet
network:
host_namespace: true
ingress:
annotations:
nginx.ingress.kubernetes.io/proxy-read-timeout: "603"
pod:
replicas:
error_page: 2
dependencies:
- ingress-kube-system-htk
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: ingress-kube-system-htk
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.ingress-htk
dest:
path: .source
data:
chart_name: ingress-kube-system-htk
release: ingress-kube-system-htk
namespace: ingress-kube-system-htk
values: {}
dependencies: []

View File

@ -0,0 +1,14 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-proxy
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: Kubernetes proxy
sequenced: true
chart_group:
- kubernetes-proxy

View File

@ -0,0 +1,90 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-proxy
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.proxy
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.proxy
dest:
path: .values.images.tags
# IP Addresses
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.pod_cidr
dest:
path: .values.command_prefix[1]
pattern: POD_CIDR
# Secrets
- src:
schema: deckhand/CertificateAuthority/v1
name: kubernetes
path: .
dest:
path: .values.secrets.tls.ca
data:
chart_name: proxy
release: kubernetes-proxy
namespace: kube-system
wait:
timeout: 600
labels:
release_group: kubernetes-proxy
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: kubernetes-proxy
values:
command_prefix:
- /proxy
- --cluster-cidr=POD_CIDR
- --proxy-mode=iptables
kube_service:
host: 127.0.0.1
port: 6553
dependencies:
- kubernetes-proxy-htk
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-proxy-htk
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.kubernetes.proxy-htk
dest:
path: .source
data:
chart_name: kubernetes-proxy-htk
release: kubernetes-proxy-htk
namespace: kubernetes-proxy-htk
values: {}
dependencies: []
...

View File

@ -0,0 +1,28 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: osh-infra-helm-toolkit
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh_infra.helm_toolkit
dest:
path: .source
data:
chart_name: helm-toolkit
release: osh-infra-helm-toolkit
namespace: osh-infra-helm-toolkit
wait:
timeout: 600
labels:
release_group: osh-infra-helm-toolkit
upgrade:
no_hooks: true
values: {}
dependencies: []

View File

@ -0,0 +1,142 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: osh-infra-ceph-config
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.ucp.ceph-client
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.ceph.ceph-client
dest:
path: .values.images.tags
# IP addresses
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .storage.ceph.public_cidr
dest:
path: .values.network.public
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .storage.ceph.cluster_cidr
dest:
path: .values.network.cluster
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.identity
dest:
path: .values.endpoints.identity
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.object_store
dest:
path: .values.endpoints.object_store
- src:
schema: pegleg/EndpointCatalogue/v1
name: ucp_endpoints
path: .ceph.ceph_mon
dest:
path: .values.endpoints.ceph_mon
- src:
schema: pegleg/EndpointCatalogue/v1
name: ucp_endpoints
path: .ceph.ceph_mgr
dest:
path: .values.endpoints.ceph_mgr
# Credentials
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.keystone.admin
dest:
path: .values.endpoints.identity.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.swift.keystone
dest:
path: .values.endpoints.identity.auth.swift
# Secrets
- dest:
path: .values.endpoints.identity.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_admin_password
path: .
- dest:
path: .values.endpoints.identity.auth.swift.password
src:
schema: deckhand/Passphrase/v1
name: ceph_swift_keystone_password
path: .
data:
chart_name: osh-infra-ceph-config
release: osh-infra-ceph-config
namespace: osh-infra
wait:
timeout: 900
labels:
release_group: osh-infra-ceph-config
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: osh-infra-ceph-config
values:
labels:
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
provisioner:
node_selector_key: openstack-control-plane
node_selector_value: enabled
mds:
node_selector_key: ceph-mds
node_selector_value: enabled
rgw:
node_selector_key: ceph-rgw
node_selector_value: enabled
mgr:
node_selector_key: ceph-mgr
node_selector_value: enabled
deployment:
ceph: false
client_secrets: true
rbd_provisioner: false
cephfs_provisioner: false
rgw_keystone_user_and_endpoints: false
bootstrap:
enabled: false
conf:
rgw_ks:
enabled: true
dependencies:
- ceph-htk
...

View File

@ -0,0 +1,13 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: osh-infra-ceph-config
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: Ceph config for OpenStack-Infra namespace(s)
chart_group:
- osh-infra-ceph-config

View File

@ -0,0 +1,14 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: osh-infra-dashboards
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: OSH Infra Dashboards
chart_group:
- kibana
- grafana

View File

@ -0,0 +1,251 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: grafana
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh_infra.grafana
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh_infra.grafana
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.oslo_db
dest:
path: .values.endpoints.oslo_db
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.oslo_db
dest:
path: .values.endpoints.oslo_db_session
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.grafana
dest:
path: .values.endpoints.grafana
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.monitoring
dest:
path: .values.endpoints.monitoring
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.ldap
dest:
path: .values.endpoints.ldap
# Accounts
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_infra_service_accounts
path: .osh_infra.grafana.admin
dest:
path: .values.endpoints.grafana.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_infra_service_accounts
path: .osh_infra.grafana.oslo_db
dest:
path: .values.endpoints.oslo_db.auth.user
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_infra_service_accounts
path: .osh_infra.grafana.oslo_db.database
dest:
path: .values.endpoints.oslo_db.path
pattern: DB_NAME
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_infra_service_accounts
path: .osh_infra.grafana.oslo_db_session
dest:
path: .values.endpoints.oslo_db_session.auth.user
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_infra_service_accounts
path: .osh_infra.grafana.oslo_db_session.database
dest:
path: .values.endpoints.oslo_db_session.path
pattern: DB_NAME
# Secrets
- dest:
path: .values.endpoints.grafana.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_infra_grafana_admin_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.user.password
src:
schema: deckhand/Passphrase/v1
name: osh_infra_grafana_oslo_db_password
path: .
- dest:
path: .values.endpoints.oslo_db_session.auth.user.password
src:
schema: deckhand/Passphrase/v1
name: osh_infra_grafana_oslo_db_session_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_infra_oslo_db_admin_password
path: .
- dest:
path: .values.endpoints.oslo_db_session.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_infra_oslo_db_admin_password
path: .
# LDAP Configuration Details
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_infra_service_accounts
path: .osh_infra.ldap.admin.bind
dest:
path: .values.endpoints.ldap.auth.admin.bind_dn
- dest:
path: .values.endpoints.ldap.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_ldap_password
path: .
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .ldap.subdomain
dest:
path: .values.conf.ldap.config.base_dns.search
pattern: SUBDOMAIN
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .ldap.domain
dest:
path: .values.conf.ldap.config.base_dns.search
pattern: DOMAIN
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .ldap.subdomain
dest:
path: .values.conf.ldap.config.base_dns.group_search
pattern: SUBDOMAIN
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .ldap.domain
dest:
path: .values.conf.ldap.config.base_dns.group_search
pattern: DOMAIN
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .ldap.common_name
dest:
path: .values.conf.ldap.config.filters.group_search
pattern: COMMON_NAME
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .ldap.subdomain
dest:
path: .values.conf.ldap.config.filters.group_search
pattern: SUBDOMAIN
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .ldap.domain
dest:
path: .values.conf.ldap.config.filters.group_search
pattern: DOMAIN
data:
chart_name: grafana
release: grafana
namespace: osh-infra
wait:
timeout: 900
labels:
release_group: grafana
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: grafana
post:
create: []
values:
labels:
grafana:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
conf:
ldap:
config:
base_dns:
search: "DC=SUBDOMAIN,DC=DOMAIN,DC=com"
group_search: "OU=Groups,DC=SUBDOMAIN,DC=DOMAIN,DC=com"
filters:
search: "(sAMAccountName=%s)"
group_search: "(memberof=CN=COMMON_NAME,OU=Application,OU=Groups,DC=SUBDOMAIN,DC=DOMAIN,DC=com)"
template: |
verbose_logging = true
[[servers]]
host = "{{ tuple "ldap" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}"
port = {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
use_ssl = false
start_tls = false
ssl_skip_verify = false
bind_dn = "{{ .Values.endpoints.ldap.auth.admin.bind_dn }}"
bind_password = '{{ .Values.endpoints.ldap.auth.admin.password }}'
search_filter = "{{ .Values.conf.ldap.config.filters.search }}"
search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.search }}"]
group_search_base_dns = ["{{ .Values.conf.ldap.config.base_dns.group_search }}"]
[servers.attributes]
username = "sAMAccountName"
surname = "sn"
member_of = "memberof"
email = "mail"
[[servers.group_mappings]]
group_dn = "{{.Values.endpoints.ldap.auth.admin.bind_dn }}"
org_role = "Admin"
[[servers.group_mappings]]
group_dn = "*"
org_role = "Viewer"
pod:
replicas:
grafana: 2
dependencies:
- osh-infra-helm-toolkit
...

View File

@ -0,0 +1,126 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kibana
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh_infra.kibana
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh_infra.kibana
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.elasticsearch
dest:
path: .values.endpoints.elasticsearch
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.kibana
dest:
path: .values.endpoints.kibana
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.ldap
dest:
path: .values.endpoints.ldap
# Accounts
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_infra_service_accounts
path: .osh_infra.elasticsearch.admin
dest:
path: .values.endpoints.elasticsearch.auth.admin
# Secrets
- dest:
path: .values.endpoints.elasticsearch.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_infra_elasticsearch_admin_password
path: .
# LDAP Details
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_infra_service_accounts
path: .osh_infra.ldap.admin
dest:
path: .values.endpoints.ldap.auth.admin
- dest:
path: .values.endpoints.ldap.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_ldap_password
path: .
data:
chart_name: kibana
release: kibana
namespace: osh-infra
wait:
timeout: 900
labels:
release_group: kibana
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: kibana
create: []
post:
create: []
values:
conf:
apache:
host: |
<VirtualHost *:80>
ProxyRequests off
ProxyPreserveHost On
<Location />
ProxyPass http://localhost:{{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
ProxyPassReverse http://localhost:{{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
</Location>
<Proxy *>
AuthName "Kibana"
AuthType Basic
AuthBasicProvider file ldap
AuthUserFile /usr/local/apache2/conf/.htpasswd
AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
AuthLDAPURL {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
Require valid-user
</Proxy>
</VirtualHost>
labels:
kibana:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
dependencies:
- osh-infra-helm-toolkit
...

View File

@ -0,0 +1,13 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: osh-infra-ingress-controller
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: OpenStack Namespace Ingress
chart_group:
- osh-infra-ingress-controller

View File

@ -0,0 +1,55 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: osh-infra-ingress-controller
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.ingress
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.ingress
dest:
path: .values.images.tags
data:
chart_name: osh-infra-ingress-controller
release: osh-infra-ingress-controller
namespace: osh-infra
wait:
timeout: 900
labels:
release_group: osh-infra-ingress-controller
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: osh-infra-ingress-controller
values:
labels:
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
error_server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
pod:
replicas:
ingress: 2
error_page: 2
dependencies:
- osh-helm-toolkit

View File

@ -0,0 +1,14 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: osh-infra-logging
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: OSH Infra Logging
chart_group:
- elasticsearch
- fluent-logging

View File

@ -0,0 +1,186 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: elasticsearch-global
labels:
hosttype: elasticsearch-global
layeringDefinition:
abstract: true
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh_infra.elasticsearch
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh_infra.elasticsearch
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.elasticsearch
dest:
path: .values.endpoints.elasticsearch
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.prometheus_elasticsearch_exporter
dest:
path: .values.endpoints.prometheus_elasticsearch_exporter
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.ldap
dest:
path: .values.endpoints.ldap
# Accounts
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_infra_service_accounts
path: .osh_infra.elasticsearch.admin
dest:
path: .values.endpoints.elasticsearch.auth.admin
# Secrets
- dest:
path: .values.endpoints.elasticsearch.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_infra_elasticsearch_admin_password
path: .
# LDAP Details
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_infra_service_accounts
path: .osh_infra.ldap.admin
dest:
path: .values.endpoints.ldap.auth.admin
- dest:
path: .values.endpoints.ldap.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_ldap_password
path: .
data:
chart_name: elasticsearch
release: elasticsearch
namespace: osh-infra
wait:
timeout: 900
labels:
release_group: elasticsearch
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: elasticsearch
create: []
post:
create: []
values:
labels:
elasticsearch:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
monitoring:
prometheus:
enabled: true
conf:
apache:
host: |
<VirtualHost *:80>
<Location />
ProxyPass http://localhost:{{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
ProxyPassReverse http://localhost:{{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
</Location>
<Proxy *>
AuthName "Elasticsearch"
AuthType Basic
AuthBasicProvider file ldap
AuthUserFile /usr/local/apache2/conf/.htpasswd
AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
AuthLDAPURL {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
Require valid-user
</Proxy>
</VirtualHost>
elasticsearch:
env:
java_opts: "-Xms5g -Xmx5g"
curator:
#run every 6th hour
schedule: "0 */6 * * *"
action_file:
# Remember, leave a key empty if there is no value. None will be a string,
# not a Python "NoneType"
#
# Also remember that all examples have 'disable_action' set to True. If you
# want to use this action as a template, be sure to set this to False after
# copying it.
actions:
1:
action: delete_indices
description: >-
"Delete indices older than 7 days"
options:
timeout_override:
continue_if_exception: False
ignore_empty_list: True
disable_action: False
filters:
- filtertype: pattern
kind: prefix
value: logstash-
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 7
2:
action: delete_indices
description: >-
"Delete indices by age if available disk space is
less than 80% total disk"
options:
timeout_override: 600
continue_if_exception: False
ignore_empty_list: True
disable_action: False
filters:
- filtertype: pattern
kind: prefix
value: logstash-
- filtertype: space
source: creation_date
use_age: True
disk_space: 1200
storage:
elasticsearch:
requests:
storage: 500Gi
dependencies:
- osh-infra-helm-toolkit
...

View File

@ -0,0 +1,171 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: fluent-logging-global
layeringDefinition:
abstract: true
layer: global
labels:
hosttype: fluent-logging-global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh_infra.fluent_logging
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh_infra.fluent_logging
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.elasticsearch
dest:
path: .values.endpoints.elasticsearch
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.fluentd
dest:
path: .values.endpoints.fluentd
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.prometheus_fluentd_exporter
dest:
path: .values.endpoints.prometheus_fluentd_exporter
# Accounts
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_infra_service_accounts
path: .osh_infra.elasticsearch.admin
dest:
path: .values.endpoints.elasticsearch.auth.admin
# Secrets
- dest:
path: .values.endpoints.elasticsearch.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_infra_elasticsearch_admin_password
path: .
data:
chart_name: fluent-logging
release: fluent-logging
namespace: osh-infra
wait:
timeout: 900
labels:
release_group: fluent-logging
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: fluent-logging
create: []
post:
create: []
values:
labels:
fluentd:
node_selector_key: openstack-control-plane
node_selector_value: enabled
fluentbit:
node_selector_key: openstack-control-plane
node_selector_value: enabled
prometheus_fluentd_exporter:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
dependencies:
static:
fluentbit:
jobs: ""
services:
- endpoint: internal
service: fluentd
fluentd:
jobs: ""
services:
- endpoint: internal
service: elasticsearch
manifests:
job_elasticsearch_template: false
conf:
fluentbit:
- service:
header: service
Flush: 5
Daemon: Off
Log_Level: info
Parsers_File: parsers.conf
- containers_tail:
header: input
Name: tail
Tag: kube.*
Path: /var/log/containers/*.log
Parser: docker
DB: /var/log/flb_kube.db
DB.Sync: Normal
Buffer_Chunk_Size: 1M
Buffer_Max_Size: 1M
Mem_Buf_Limit: 5MB
- kube_filter:
header: filter
Name: kubernetes
Match: kube.*
Merge_JSON_Log: On
- fluentd_output:
header: output
Name: forward
Match: "*"
Host: ${FLUENTD_HOST}
Port: ${FLUENTD_PORT}
td_agent:
- metrics_agent:
header: source
type: monitor_agent
bind: 0.0.0.0
port: 24220
- fluentbit_forward:
header: source
type: forward
port: "#{ENV['FLUENTD_PORT']}"
bind: 0.0.0.0
- elasticsearch:
header: match
type: elasticsearch
user: "#{ENV['ELASTICSEARCH_USERNAME']}"
password: "#{ENV['ELASTICSEARCH_PASSWORD']}"
expression: "**"
include_tag_key: true
host: "#{ENV['ELASTICSEARCH_HOST']}"
port: "#{ENV['ELASTICSEARCH_PORT']}"
logstash_format: true
buffer_chunk_limit: 10M
buffer_queue_limit: 32
flush_interval: 20s
max_retry_wait: 300
disable_retry_limit: ""
num_threads: 8
dependencies:
- osh-infra-helm-toolkit
...

View File

@ -0,0 +1,13 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: osh-infra-mariadb
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: OpenStack-Infra MariaDB
chart_group:
- osh-infra-mariadb

View File

@ -0,0 +1,77 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: osh-infra-mariadb
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.mariadb
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.mariadb
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.oslo_db
dest:
path: .values.endpoints.olso_db
# Accounts
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_infra_service_accounts
path: .osh_infra.oslo_db.admin
dest:
path: .values.endpoints.oslo_db.auth.admin
# Secrets
- dest:
path: .values.endpoints.oslo_db.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_infra_oslo_db_admin_password
path: .
data:
chart_name: osh-infra-mariadb
release: osh-infra-mariadb
namespace: osh-infra
wait:
timeout: 900
labels:
release_group: osh-infra-mariadb
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: osh-infra-mariadb
values:
labels:
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
prometheus_mysql_exporter:
node_selector_key: openstack-control-plane
node_selector_value: enabled
dependencies:
- osh-helm-toolkit
...

View File

@ -0,0 +1,17 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: osh-infra-monitoring
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: OSH Infra Monitoring
chart_group:
- prometheus
- prometheus-alertmanager
- prometheus-node-exporter
- prometheus-kube-state-metrics
- nagios

View File

@ -0,0 +1,129 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: nagios
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh_infra.nagios
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh_infra.nagios
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.nagios
dest:
path: .values.endpoints.nagios
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.monitoring
dest:
path: .values.endpoints.monitoring
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.ldap
dest:
path: .values.endpoints.ldap
# Accounts
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_infra_service_accounts
path: .osh_infra.nagios.admin
dest:
path: .values.endpoints.nagios.auth.admin
# Secrets
- dest:
path: .values.endpoints.nagios.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_infra_nagios_admin_password
path: .
# LDAP Details
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_infra_service_accounts
path: .osh_infra.ldap.admin
dest:
path: .values.endpoints.ldap.auth.admin
- dest:
path: .values.endpoints.ldap.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_ldap_password
path: .
data:
chart_name: nagios
release: nagios
namespace: osh-infra
wait:
timeout: 900
labels:
release_group: nagios
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: nagios
create: []
post:
create: []
values:
conf:
apache:
host: |
<VirtualHost *:80>
<Location />
ProxyPass http://localhost:{{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
ProxyPassReverse http://localhost:{{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
</Location>
<Proxy *>
AuthName "Nagios"
AuthType Basic
AuthBasicProvider file ldap
AuthUserFile /usr/local/apache2/conf/.htpasswd
AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
AuthLDAPURL {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
Require valid-user
</Proxy>
</VirtualHost>
labels:
nagios:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
pod:
replicas:
nagios: 3
dependencies:
- osh-infra-helm-toolkit
...

View File

@ -0,0 +1,68 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: prometheus-alertmanager
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh_infra.prometheus_alertmanager
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh_infra.prometheus_alertmanager
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.alerts
dest:
path: .values.endpoints.alerts
data:
chart_name: prometheus-alertmanager
release: prometheus-alertmanager
namespace: osh-infra
wait:
timeout: 900
labels:
release_group: prometheus-alertmanager
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: prometheus-alertmanager
create: []
post:
create: []
values:
manifests:
ingress: false
service_ingress: false
labels:
alertmanager:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
dependencies:
- osh-infra-helm-toolkit
...

View File

@ -0,0 +1,77 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: prometheus-kube-state-metrics
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh_infra.prometheus_kube_state_metrics
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh_infra.prometheus_kube_state_metrics
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.kube_state_metrics
dest:
path: .values.endpoints.kube_state_metrics
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.kube_scheduler
dest:
path: .values.endpoints.kube_scheduler
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.kube_controller_manager
dest:
path: .values.endpoints.kube_controller_manager
data:
chart_name: prometheus-kube-state-metrics
release: prometheus-kube-state-metrics
namespace: kube-system
wait:
timeout: 900
labels:
release_group: prometheus-kube-state-metrics
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: prometheus-kube-state-metrics
create: []
post:
create: []
values:
labels:
kube_state_metrics:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
dependencies:
- osh-infra-helm-toolkit
...

View File

@ -0,0 +1,65 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: prometheus-node-exporter
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh_infra.prometheus_node_exporter
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh_infra.prometheus_node_exporter
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.node_metrics
dest:
path: .values.endpoints.node_metrics
data:
chart_name: prometheus-node-exporter
release: prometheus-node-exporter
namespace: kube-system
wait:
timeout: 900
labels:
release_group: prometheus-node-exporter
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: prometheus-node-exporter
create: []
post:
create: []
values:
labels:
node_exporter:
node_selector_key: node-exporter
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
dependencies:
- osh-infra-helm-toolkit
...

View File

@ -0,0 +1,80 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: prometheus
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh_infra.prometheus
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh_infra.prometheus
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.monitoring
dest:
path: .values.endpoints.monitoring
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.alerts
dest:
path: .values.endpoints.alerts
data:
chart_name: prometheus
release: prometheus
namespace: osh-infra
wait:
timeout: 900
labels:
release_group: prometheus
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: prometheus
create: []
post:
create: []
values:
manifests:
ingress: false
service_ingress: false
labels:
prometheus:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
pod:
replicas:
prometheus: 3
storage:
requests:
storage: 500Gi
dependencies:
- osh-infra-helm-toolkit
...

View File

@ -0,0 +1,13 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: osh-infra-prometheus-openstack-exporter
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: Prometheus OpenStack Exporter
chart_group:
- prometheus-openstack-exporter

View File

@ -0,0 +1,95 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: prometheus-openstack-exporter
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh_infra.prometheus_openstack_exporter
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh_infra.prometheus_openstack_exporter
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.prometheus_openstack_exporter
dest:
path: .values.endpoints.prometheus_openstack_exporter
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.identity
dest:
path: .values.endpoints.identity
# Accounts
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.keystone.admin
dest:
path: .values.endpoints.identity.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_infra_service_accounts
path: .osh_infra.prometheus_openstack_exporter.user
dest:
path: .values.endpoints.identity.auth.user
# Secrets
- dest:
path: .values.endpoints.identity.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_admin_password
path: .
- dest:
path: .values.endpoints.identity.auth.user.password
src:
schema: deckhand/Passphrase/v1
name: osh_infra_openstack_exporter_password
path: .
data:
chart_name: prometheus-openstack-exporter
release: prometheus-openstack-exporter
namespace: openstack
wait:
timeout: 900
labels:
release_group: prometheus-openstack-exporter
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: prometheus-openstack-exporter
values:
labels:
openstack_exporter:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
dependencies:
- osh-infra-helm-toolkit
...

View File

@ -0,0 +1,28 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: osh-helm-toolkit
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.helm_toolkit
dest:
path: .source
data:
chart_name: helm-toolkit
release: osh-helm-toolkit
namespace: osh-helm-toolkit
wait:
timeout: 600
labels:
release_group: osh-helm-toolkit
upgrade:
no_hooks: true
values: {}
dependencies: []

View File

@ -0,0 +1,142 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: openstack-ceph-config
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.ucp.ceph-client
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.ceph.ceph-client
dest:
path: .values.images.tags
# IP addresses
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .storage.ceph.public_cidr
dest:
path: .values.network.public
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .storage.ceph.cluster_cidr
dest:
path: .values.network.cluster
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.identity
dest:
path: .values.endpoints.identity
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.object_store
dest:
path: .values.endpoints.object_store
- src:
schema: pegleg/EndpointCatalogue/v1
name: ucp_endpoints
path: .ceph.ceph_mon
dest:
path: .values.endpoints.ceph_mon
- src:
schema: pegleg/EndpointCatalogue/v1
name: ucp_endpoints
path: .ceph.ceph_mgr
dest:
path: .values.endpoints.ceph_mgr
# Credentials
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.keystone.admin
dest:
path: .values.endpoints.identity.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.swift.keystone
dest:
path: .values.endpoints.identity.auth.swift
# Secrets
- dest:
path: .values.endpoints.identity.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_admin_password
path: .
- dest:
path: .values.endpoints.identity.auth.swift.password
src:
schema: deckhand/Passphrase/v1
name: ceph_swift_keystone_password
path: .
data:
chart_name: openstack-ceph-config
release: openstack-ceph-config
namespace: openstack
wait:
timeout: 900
labels:
release_group: openstack-ceph-config
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: openstack-ceph-config
values:
labels:
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
provisioner:
node_selector_key: openstack-control-plane
node_selector_value: enabled
mds:
node_selector_key: ceph-mds
node_selector_value: enabled
rgw:
node_selector_key: ceph-rgw
node_selector_value: enabled
mgr:
node_selector_key: ceph-mgr
node_selector_value: enabled
deployment:
ceph: false
client_secrets: true
rbd_provisioner: false
cephfs_provisioner: false
rgw_keystone_user_and_endpoints: false
bootstrap:
enabled: false
conf:
rgw_ks:
enabled: true
dependencies:
- ceph-htk
...

View File

@ -0,0 +1,13 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: openstack-ceph-config
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: Ceph config for OpenStack namespace(s)
chart_group:
- openstack-ceph-config

View File

@ -0,0 +1,14 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: openstack-cinder
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: Deploy Cinder
chart_group:
- cinder-rabbitmq
- cinder

View File

@ -0,0 +1,287 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: cinder
labels:
component: cinder
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.cinder
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.cinder
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.identity
dest:
path: .values.endpoints.identity
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.image
dest:
path: .values.endpoints.image
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.image_registry
dest:
path: .values.endpoints.image_registry
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.volume
dest:
path: .values.endpoints.volume
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.volumev2
dest:
path: .values.endpoints.volumev2
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.volumev3
dest:
path: .values.endpoints.volumev3
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_db
dest:
path: .values.endpoints.oslo_db
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.cinder_oslo_messaging
dest:
path: .values.endpoints.oslo_messaging
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_cache
dest:
path: .values.endpoints.oslo_cache
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.fluentd
dest:
path: .values.endpoints.fluentd
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.keystone.admin
dest:
path: .values.endpoints.identity.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.cinder.cinder
dest:
path: .values.endpoints.identity.auth.cinder
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.cinder.oslo_messaging.admin
dest:
path: .values.endpoints.oslo_messaging.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.cinder.oslo_messaging.cinder
dest:
path: .values.endpoints.oslo_messaging.auth.cinder
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.cinder.oslo_db
dest:
path: .values.endpoints.oslo_db.auth.cinder
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.cinder.oslo_db.database
dest:
path: .values.endpoints.oslo_db.path
pattern: DB_NAME
# Secrets
- dest:
path: .values.endpoints.identity.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_admin_password
path: .
- dest:
path: .values.endpoints.identity.auth.cinder.password
src:
schema: deckhand/Passphrase/v1
name: osh_cinder_password
path: .
- dest:
path: .values.endpoints.oslo_messaging.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_cinder_oslo_messaging_admin_password
path: .
- dest:
path: .values.endpoints.oslo_messaging.auth.cinder.password
src:
schema: deckhand/Passphrase/v1
name: osh_cinder_oslo_messaging_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.cinder.password
src:
schema: deckhand/Passphrase/v1
name: osh_cinder_oslo_db_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_db_admin_password
path: .
- dest:
path: .values.endpoints.oslo_cache.auth.memcache_secret_key
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_cache_secret_key
path: .
data:
chart_name: cinder
release: cinder
namespace: openstack
wait:
timeout: 900
labels:
release_group: cinder
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: cinder
post:
create: []
values:
pod:
replicas:
api: 2
volume: 2
scheduler: 2
backup: 2
labels:
api:
node_selector_key: openstack-control-plane
node_selector_value: enabled
backup:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
scheduler:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
volume:
node_selector_key: openstack-control-plane
node_selector_value: enabled
conf:
logging:
loggers:
keys:
- root
- cinder
handlers:
keys:
- stdout
- stderr
- "null"
- fluent
formatters:
keys:
- context
- default
- fluent
logger_root:
level: WARNING
handlers: null
logger_cinder:
level: INFO
handlers:
- stdout
- stderr
- fluent
qualname: cinder
logger_amqp:
level: WARNING
handlers: stderr
qualname: amqp
logger_amqplib:
level: WARNING
handlers: stderr
qualname: amqplib
logger_eventletwsgi:
level: WARNING
handlers: stderr
qualname: eventlet.wsgi.server
logger_sqlalchemy:
level: WARNING
handlers: stderr
qualname: sqlalchemy
logger_boto:
level: WARNING
handlers: stderr
qualname: boto
handler_null:
class: logging.NullHandler
formatter: default
args: ()
handler_stdout:
class: StreamHandler
args: (sys.stdout,)
formatter: context
handler_stderr:
class: StreamHandler
args: (sys.stderr,)
formatter: context
handler_fluent:
class: fluent.handler.FluentHandler
args: ('openstack.cinder', 'fluentd-logging.osh-infra', 24224)
formatter: fluent
formatter_fluent:
class: oslo_log.formatters.FluentFormatter
formatter_context:
class: oslo_log.formatters.ContextFormatter
formatter_default:
format: "%(message)s"
dependencies:
- osh-helm-toolkit
...

View File

@ -0,0 +1,95 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: cinder-rabbitmq
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.rabbitmq
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.rabbitmq
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.cinder_oslo_messaging
dest:
path: .values.endpoints.oslo_messaging
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.cinder_rabbitmq_exporter
dest:
path: .values.endpoints.prometheus_rabbitmq_exporter
# Credentials
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.cinder.oslo_messaging.admin
dest:
path: .values.endpoints.oslo_messaging.auth.user
# Secrets
- src:
schema: deckhand/Passphrase/v1
name: osh_cinder_rabbitmq_erlang_cookie
path: .
dest:
path: .values.endpoints.oslo_messaging.auth.erlang_cookie
- src:
schema: deckhand/Passphrase/v1
name: osh_cinder_oslo_messaging_admin_password
path: .
dest:
path: .values.endpoints.oslo_messaging.auth.user.password
data:
chart_name: cinder-rabbitmq
release: cinder-rabbitmq
namespace: openstack
wait:
timeout: 900
labels:
release_group: cinder-rabbitmq
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: cinder-rabbitmq
values:
pod:
replicas:
server: 1
labels:
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
prometheus_rabbitmq_exporter:
node_selector_key: openstack-control-plane
node_selector_value: enabled
monitoring:
prometheus:
enabled: true
dependencies:
- osh-helm-toolkit
...

View File

@ -0,0 +1,18 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: openstack-compute-kit
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: Deploy Nova, Neutron, Openvswitch, and Libvirt
chart_group:
- libvirt
- openvswitch
- neutron-rabbitmq
- nova-rabbitmq
- neutron
- nova

View File

@ -0,0 +1,48 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: libvirt
labels:
name: libvirt-global
component: libvirt
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.libvirt
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.libvirt
dest:
path: .values.images.tags
data:
chart_name: libvirt
release: libvirt
namespace: openstack
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: libvirt
values:
labels:
agent:
libvirt:
node_selector_key: openstack-libvirt
node_selector_value: kernel
dependencies:
- osh-helm-toolkit

View File

@ -0,0 +1,95 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: neutron-rabbitmq
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.rabbitmq
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.rabbitmq
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.neutron_oslo_messaging
dest:
path: .values.endpoints.oslo_messaging
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.neutron_rabbitmq_exporter
dest:
path: .values.endpoints.prometheus_rabbitmq_exporter
# Credentials
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.neutron.oslo_messaging.admin
dest:
path: .values.endpoints.oslo_messaging.auth.user
# Secrets
- src:
schema: deckhand/Passphrase/v1
name: osh_neutron_rabbitmq_erlang_cookie
path: .
dest:
path: .values.endpoints.oslo_messaging.auth.erlang_cookie
- src:
schema: deckhand/Passphrase/v1
name: osh_neutron_oslo_messaging_admin_password
path: .
dest:
path: .values.endpoints.oslo_messaging.auth.user.password
data:
chart_name: neutron-rabbitmq
release: neutron-rabbitmq
namespace: openstack
wait:
timeout: 900
labels:
release_group: neutron-rabbitmq
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: neutron-rabbitmq
values:
pod:
replicas:
server: 1
labels:
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
prometheus_rabbitmq_exporter:
node_selector_key: openstack-control-plane
node_selector_value: enabled
monitoring:
prometheus:
enabled: true
dependencies:
- osh-helm-toolkit
...

View File

@ -0,0 +1,334 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: neutron
labels:
name: neutron-global
component: neutron
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.neutron
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.neutron
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.identity
dest:
path: .values.endpoints.identity
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.compute
dest:
path: .values.endpoints.compute
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.compute_metadata
dest:
path: .values.endpoints.image_registry
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_db
dest:
path: .values.endpoints.oslo_db
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.neutron_oslo_messaging
dest:
path: .values.endpoints.oslo_messaging
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_cache
dest:
path: .values.endpoints.oslo_cache
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.network
dest:
path: .values.endpoints.network
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.fluentd
dest:
path: .values.endpoints.fluentd
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.keystone.admin
dest:
path: .values.endpoints.identity.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.neutron.neutron
dest:
path: .values.endpoints.identity.auth.neutron
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.nova.nova
dest:
path: .values.endpoints.identity.auth.nova
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.neutron.oslo_messaging.admin
dest:
path: .values.endpoints.oslo_messaging.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.neutron.oslo_messaging.neutron
dest:
path: .values.endpoints.oslo_messaging.auth.neutron
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.neutron.oslo_db
dest:
path: .values.endpoints.oslo_db.auth.neutron
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.neutron.oslo_db.database
dest:
path: .values.endpoints.oslo_db.path
pattern: DB_NAME
# Secrets
- dest:
path: .values.endpoints.identity.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_admin_password
path: .
- dest:
path: .values.endpoints.identity.auth.neutron.password
src:
schema: deckhand/Passphrase/v1
name: osh_neutron_password
path: .
- dest:
path: .values.endpoints.identity.auth.nova.password
src:
schema: deckhand/Passphrase/v1
name: osh_nova_password
path: .
- dest:
path: .values.endpoints.oslo_messaging.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_neutron_oslo_messaging_admin_password
path: .
- dest:
path: .values.endpoints.oslo_messaging.auth.neutron.password
src:
schema: deckhand/Passphrase/v1
name: osh_neutron_oslo_messaging_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.neutron.password
src:
schema: deckhand/Passphrase/v1
name: osh_neutron_oslo_db_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_db_admin_password
path: .
- dest:
path: .values.endpoints.oslo_cache.auth.memcache_secret_key
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_cache_secret_key
path: .
# Interfaces for neutron configuration
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .neutron.tunnel_device
dest:
path: .values.network.interface.tunnel
pattern: 'TUNNEL_DEVICE'
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .neutron.external_iface
dest:
path: .values.network.interface.external
pattern: 'EXTERNAL_INTERFACE'
data:
chart_name: neutron
release: neutron
namespace: openstack
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: neutron
post:
create: []
values:
pod:
replicas:
server: 2
labels:
agent:
dhcp:
node_selector_key: openstack-control-plane
node_selector_value: enabled
l3:
# To enable the forcing of routers onto controllers that have
# a public cidr so that tenant floating IPs can route properly
node_selector_key: openstack-l3-agent
node_selector_value: enabled
metadata:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
lb:
node_selector_key: linuxbridge
node_selector_value: enabled
ovs:
node_selector_key: openvswitch
node_selector_value: enabled
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
network:
interface:
tunnel: 'TUNNEL_DEVICE'
external: 'EXTERNAL_INTERFACE'
conf:
logging:
loggers:
keys:
- root
- neutron
handlers:
keys:
- stdout
- stderr
- "null"
- fluent
formatters:
keys:
- context
- default
- fluent
logger_root:
level: WARNING
handlers: null
logger_neutron:
level: INFO
handlers:
- stdout
- stderr
- fluent
qualname: neutron
logger_amqp:
level: WARNING
handlers: stderr
qualname: amqp
logger_amqplib:
level: WARNING
handlers: stderr
qualname: amqplib
logger_eventletwsgi:
level: WARNING
handlers: stderr
qualname: eventlet.wsgi.server
logger_sqlalchemy:
level: WARNING
handlers: stderr
qualname: sqlalchemy
logger_boto:
level: WARNING
handlers: stderr
qualname: boto
handler_null:
class: logging.NullHandler
formatter: default
args: ()
handler_stdout:
class: StreamHandler
args: (sys.stdout,)
formatter: context
handler_stderr:
class: StreamHandler
args: (sys.stderr,)
formatter: context
handler_fluent:
class: fluent.handler.FluentHandler
args: ('openstack.neutron', 'fluentd-logging.osh-infra', 24224)
formatter: fluent
formatter_fluent:
class: oslo_log.formatters.FluentFormatter
formatter_context:
class: oslo_log.formatters.ContextFormatter
formatter_default:
format: "%(message)s"
neutron:
DEFAULT:
l3_ha: True
min_l3_agents_per_router: 2
max_l3_agents_per_router: 5
l3_ha_network_type: vxlan
dhcp_agents_per_network: 2
oslo_messaging_rabbit:
heartbeat_timeout_threshold: 0
plugins:
ml2_conf:
ml2:
extension_drivers: port_security
mechanism_drivers: l2population,openvswitch
type_drivers: vlan,flat,vxlan
tenant_network_types: vxlan
ml2_type_vlan:
network_vlan_ranges: bond1
openvswitch_agent:
agent:
tunnel_types: vxlan
ovs:
bridge_mappings: bond1:br-bond1
dependencies:
- osh-helm-toolkit
...

View File

@ -0,0 +1,95 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: nova-rabbitmq
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.rabbitmq
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.rabbitmq
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.nova_oslo_messaging
dest:
path: .values.endpoints.oslo_messaging
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.nova_rabbitmq_exporter
dest:
path: .values.endpoints.prometheus_rabbitmq_exporter
# Credentials
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.nova.oslo_messaging.admin
dest:
path: .values.endpoints.oslo_messaging.auth.user
# Secrets
- src:
schema: deckhand/Passphrase/v1
name: osh_nova_rabbitmq_erlang_cookie
path: .
dest:
path: .values.endpoints.oslo_messaging.auth.erlang_cookie
- src:
schema: deckhand/Passphrase/v1
name: osh_nova_oslo_messaging_admin_password
path: .
dest:
path: .values.endpoints.oslo_messaging.auth.user.password
data:
chart_name: nova-rabbitmq
release: nova-rabbitmq
namespace: openstack
wait:
timeout: 900
labels:
release_group: nova-rabbitmq
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: nova-rabbitmq
values:
pod:
replicas:
server: 1
labels:
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
prometheus_rabbitmq_exporter:
node_selector_key: openstack-control-plane
node_selector_value: enabled
monitoring:
prometheus:
enabled: true
dependencies:
- osh-helm-toolkit
...

View File

@ -0,0 +1,403 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: nova-global
labels:
name: nova-global
component: nova
layeringDefinition:
abstract: true
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.nova
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.nova
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.identity
dest:
path: .values.endpoints.identity
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_db
dest:
path: .values.endpoints.oslo_db
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_db
dest:
path: .values.endpoints.oslo_db_api
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_db
dest:
path: .values.endpoints.oslo_db_cell0
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.nova_oslo_messaging
dest:
path: .values.endpoints.oslo_messaging
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_cache
dest:
path: .values.endpoints.oslo_cache
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.image
dest:
path: .values.endpoints.image
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.compute
dest:
path: .values.endpoints.compute
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.compute_metadata
dest:
path: .values.endpoints.compute_metadata
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.compute_novnc_proxy
dest:
path: .values.endpoints.compute_novnc_proxy
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.compute_spice_proxy
dest:
path: .values.endpoints.compute_spice_proxy
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.placement
dest:
path: .values.endpoints.placement
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.network
dest:
path: .values.endpoints.network
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.fluentd
dest:
path: .values.endpoints.fluentd
# Service Accounts
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.keystone.admin
dest:
path: .values.endpoints.identity.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.nova.nova
dest:
path: .values.endpoints.identity.auth.nova
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.neutron.neutron
dest:
path: .values.endpoints.identity.auth.neutron
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.nova.placement
dest:
path: .values.endpoints.identity.auth.placement
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.nova.oslo_messaging.admin
dest:
path: .values.endpoints.oslo_messaging.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.nova.oslo_messaging.nova
dest:
path: .values.endpoints.oslo_messaging.auth.nova
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.nova.oslo_db.username
dest:
path: .values.endpoints.oslo_db.auth.nova.username
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.nova.oslo_db.database
dest:
path: .values.endpoints.oslo_db.path
pattern: DB_NAME
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.nova.oslo_db_api
dest:
path: .values.endpoints.oslo_db_api.auth.nova
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.nova.oslo_db_api.database
dest:
path: .values.endpoints.oslo_db_api.path
pattern: DB_NAME
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.nova.oslo_db_cell0
dest:
path: .values.endpoints.oslo_db_cell0.auth.nova
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.nova.oslo_db_cell0.database
dest:
path: .values.endpoints.oslo_db_cell0.path
pattern: DB_NAME
# Secrets
- dest:
path: .values.endpoints.identity.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_admin_password
path: .
- dest:
path: .values.endpoints.identity.auth.nova.password
src:
schema: deckhand/Passphrase/v1
name: osh_nova_password
path: .
- dest:
path: .values.endpoints.identity.auth.neutron.password
src:
schema: deckhand/Passphrase/v1
name: osh_neutron_password
path: .
- dest:
path: .values.endpoints.identity.auth.placement.password
src:
schema: deckhand/Passphrase/v1
name: osh_placement_password
path: .
- dest:
path: .values.endpoints.oslo_messaging.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_nova_oslo_messaging_admin_password
path: .
- dest:
path: .values.endpoints.oslo_messaging.auth.nova.password
src:
schema: deckhand/Passphrase/v1
name: osh_nova_oslo_messaging_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.nova.password
src:
schema: deckhand/Passphrase/v1
name: osh_nova_oslo_db_password
path: .
- dest:
path: .values.endpoints.oslo_db_api.auth.nova.password
src:
schema: deckhand/Passphrase/v1
name: osh_nova_oslo_db_password
path: .
- dest:
path: .values.endpoints.oslo_db_cell0.auth.nova.password
src:
schema: deckhand/Passphrase/v1
name: osh_nova_oslo_db_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_db_admin_password
path: .
- dest:
path: .values.endpoints.oslo_db_api.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_db_admin_password
path: .
- dest:
path: .values.endpoints.oslo_db_cell0.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_db_admin_password
path: .
- dest:
path: .values.endpoints.oslo_cache.auth.memcache_secret_key
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_cache_secret_key
path: .
data:
chart_name: nova
release: nova
namespace: openstack
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: nova
post:
create: []
values:
labels:
agent:
compute:
node_selector_key: openstack-nova-compute
node_selector_value: enabled
api_metadata:
node_selector_key: openstack-control-plane
node_selector_value: enabled
conductor:
node_selector_key: openstack-control-plane
node_selector_value: enabled
consoleauth:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
novncproxy:
node_selector_key: openstack-control-plane
node_selector_value: enabled
osapi:
node_selector_key: openstack-control-plane
node_selector_value: enabled
placement:
node_selector_key: openstack-control-plane
node_selector_value: enabled
scheduler:
node_selector_key: openstack-control-plane
node_selector_value: enabled
spiceproxy:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
pod:
replicas:
api_metadata: 2
placement: 1
osapi: 2
conductor: 2
consoleauth: 1
scheduler: 1
novncproxy: 1
conf:
logging:
loggers:
keys:
- root
- nova
handlers:
keys:
- stdout
- stderr
- "null"
- fluent
formatters:
keys:
- context
- default
- fluent
logger_root:
level: WARNING
handlers: null
logger_nova:
level: INFO
handlers:
- stdout
- stderr
- fluent
qualname: nova
logger_amqp:
level: WARNING
handlers: stderr
qualname: amqp
logger_amqplib:
level: WARNING
handlers: stderr
qualname: amqplib
logger_eventletwsgi:
level: WARNING
handlers: stderr
qualname: eventlet.wsgi.server
logger_sqlalchemy:
level: WARNING
handlers: stderr
qualname: sqlalchemy
logger_boto:
level: WARNING
handlers: stderr
qualname: boto
handler_null:
class: logging.NullHandler
formatter: default
args: ()
handler_stdout:
class: StreamHandler
args: (sys.stdout,)
formatter: context
handler_stderr:
class: StreamHandler
args: (sys.stderr,)
formatter: context
handler_fluent:
class: fluent.handler.FluentHandler
args: ('openstack.nova', 'fluentd-logging.osh-infra', 24224)
formatter: fluent
formatter_fluent:
class: oslo_log.formatters.FluentFormatter
formatter_context:
class: oslo_log.formatters.ContextFormatter
formatter_default:
format: "%(message)s"
dependencies:
- osh-helm-toolkit
...

View File

@ -0,0 +1,62 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: openvswitch
layeringDefinition:
abstract: false
layer: global
labels:
name: openvswitch-global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.openvswitch
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.openvswitch
dest:
path: .values.images.tags
# External Interface
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .openvswitch.external_iface
dest:
path: .values.network.interface.external
pattern: 'EXTERNAL_INTERFACE'
data:
chart_name: openvswitch
release: openvswitch
namespace: openstack
wait:
timeout: 900
labels:
release_group: openvswitch
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: openvswitch
values:
labels:
ovs:
node_selector_key: openvswitch
node_selector_value: enabled
network:
external_bridge: br-bond1
interface:
external: 'EXTERNAL_INTERFACE'
dependencies:
- osh-helm-toolkit

View File

@ -0,0 +1,14 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: openstack-glance
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: Deploy Glance
chart_group:
- glance-rabbitmq
- glance

View File

@ -0,0 +1,296 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: glance
labels:
component: glance
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.glance
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.glance
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.identity
dest:
path: .values.endpoints.identity
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.image
dest:
path: .values.endpoints.image
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.image_registry
dest:
path: .values.endpoints.image_registry
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_db
dest:
path: .values.endpoints.oslo_db
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.glance_oslo_messaging
dest:
path: .values.endpoints.oslo_messaging
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_cache
dest:
path: .values.endpoints.oslo_cache
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.ceph_object_store
dest:
path: .values.endpoints.ceph_object_store
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.object_store
dest:
path: .values.endpoints.object_store
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.fluentd
dest:
path: .values.endpoints.fluentd
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.keystone.admin
dest:
path: .values.endpoints.identity.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.glance.glance
dest:
path: .values.endpoints.identity.auth.glance
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.glance.oslo_messaging.admin
dest:
path: .values.endpoints.oslo_messaging.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.glance.oslo_messaging.glance
dest:
path: .values.endpoints.oslo_messaging.auth.glance
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.glance.oslo_db
dest:
path: .values.endpoints.oslo_db.auth.glance
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.glance.oslo_db.database
dest:
path: .values.endpoints.oslo_db.path
pattern: DB_NAME
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.glance.ceph_object_store
dest:
path: .values.endpoints.ceph_object_store.auth.glance
# Secrets
- dest:
path: .values.endpoints.identity.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_admin_password
path: .
- dest:
path: .values.endpoints.identity.auth.glance.password
src:
schema: deckhand/Passphrase/v1
name: osh_glance_password
path: .
- dest:
path: .values.endpoints.oslo_messaging.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_glance_oslo_messaging_admin_password
path: .
- dest:
path: .values.endpoints.oslo_messaging.auth.glance.password
src:
schema: deckhand/Passphrase/v1
name: osh_glance_oslo_messaging_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.glance.password
src:
schema: deckhand/Passphrase/v1
name: osh_glance_oslo_db_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_db_admin_password
path: .
- dest:
path: .values.endpoints.oslo_cache.auth.memcache_secret_key
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_cache_secret_key
path: .
- dest:
path: .values.endpoints.object_store.auth.glance.tmpurlkey
src:
schema: deckhand/Passphrase/v1
name: ceph_swift_keystone_password
path: .
- dest:
path: .values.endpoints.ceph_object_store.auth.glance.tmpurlkey
src:
schema: deckhand/Passphrase/v1
name: ceph_swift_keystone_password
path: .
- dest:
path: .values.endpoints.ceph_object_store.auth.glance.password
src:
schema: deckhand/Passphrase/v1
name: osh_glance_password
path: .
data:
chart_name: glance
release: glance
namespace: openstack
wait:
timeout: 900
labels:
release_group: glance
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: glance
post:
create: []
values:
pod:
replicas:
api: 2
registry: 2
labels:
api:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
registry:
node_selector_key: openstack-control-plane
node_selector_value: enabled
manifests:
job_bootstrap: false
conf:
logging:
loggers:
keys:
- root
- glance
handlers:
keys:
- stdout
- stderr
- "null"
- fluent
formatters:
keys:
- context
- default
- fluent
logger_root:
level: WARNING
handlers: null
logger_glance:
level: INFO
handlers:
- stdout
- stderr
- fluent
qualname: glance
logger_amqp:
level: WARNING
handlers: stderr
qualname: amqp
logger_amqplib:
level: WARNING
handlers: stderr
qualname: amqplib
logger_eventletwsgi:
level: WARNING
handlers: stderr
qualname: eventlet.wsgi.server
logger_sqlalchemy:
level: WARNING
handlers: stderr
qualname: sqlalchemy
logger_boto:
level: WARNING
handlers: stderr
qualname: boto
handler_null:
class: logging.NullHandler
formatter: default
args: ()
handler_stdout:
class: StreamHandler
args: (sys.stdout,)
formatter: context
handler_stderr:
class: StreamHandler
args: (sys.stderr,)
formatter: context
handler_fluent:
class: fluent.handler.FluentHandler
args: ('openstack.glance', 'fluentd-logging.osh-infra', 24224)
formatter: fluent
formatter_fluent:
class: oslo_log.formatters.FluentFormatter
formatter_context:
class: oslo_log.formatters.ContextFormatter
formatter_default:
format: "%(message)s"
dependencies:
- osh-helm-toolkit
...

View File

@ -0,0 +1,95 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: glance-rabbitmq
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.rabbitmq
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.rabbitmq
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.glance_oslo_messaging
dest:
path: .values.endpoints.oslo_messaging
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.glance_rabbitmq_exporter
dest:
path: .values.endpoints.prometheus_rabbitmq_exporter
# Credentials
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.glance.oslo_messaging.admin
dest:
path: .values.endpoints.oslo_messaging.auth.user
# Secrets
- src:
schema: deckhand/Passphrase/v1
name: osh_glance_rabbitmq_erlang_cookie
path: .
dest:
path: .values.endpoints.oslo_messaging.auth.erlang_cookie
- src:
schema: deckhand/Passphrase/v1
name: osh_glance_oslo_messaging_admin_password
path: .
dest:
path: .values.endpoints.oslo_messaging.auth.user.password
data:
chart_name: glance-rabbitmq
release: glance-rabbitmq
namespace: openstack
wait:
timeout: 900
labels:
release_group: glance-rabbitmq
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: glance-rabbitmq
values:
pod:
replicas:
server: 1
labels:
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
prometheus_rabbitmq_exporter:
node_selector_key: openstack-control-plane
node_selector_value: enabled
monitoring:
prometheus:
enabled: true
dependencies:
- osh-helm-toolkit
...

View File

@ -0,0 +1,14 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: openstack-heat
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: Deploy Heat
chart_group:
- heat-rabbitmq
- heat

View File

@ -0,0 +1,297 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: heat
labels:
name: heat-global
component: heat
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.heat
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.heat
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.identity
dest:
path: .values.endpoints.identity
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.orchestration
dest:
path: .values.endpoints.orchestration
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.cloudformation
dest:
path: .values.endpoints.cloudformation
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.cloudwatch
dest:
path: .values.endpoints.cloudwatch
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_db
dest:
path: .values.endpoints.oslo_db
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.heat_oslo_messaging
dest:
path: .values.endpoints.oslo_messaging
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_cache
dest:
path: .values.endpoints.oslo_cache
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_infra_endpoints
path: .osh_infra.fluentd
dest:
path: .values.endpoints.fluentd
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.keystone.admin
dest:
path: .values.endpoints.identity.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.heat.heat
dest:
path: .values.endpoints.identity.auth.heat
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.heat.heat_trustee
dest:
path: .values.endpoints.identity.auth.heat_trustee
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.heat.heat_stack_user
dest:
path: .values.endpoints.identity.auth.heat_stack_user
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.heat.oslo_messaging.admin
dest:
path: .values.endpoints.oslo_messaging.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.heat.oslo_messaging.heat
dest:
path: .values.endpoints.oslo_messaging.auth.heat
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.heat.oslo_db
dest:
path: .values.endpoints.oslo_db.auth.heat
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.heat.oslo_db.database
dest:
path: .values.endpoints.oslo_db.path
pattern: DB_NAME
# Secrets
- dest:
path: .values.endpoints.identity.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_admin_password
path: .
- dest:
path: .values.endpoints.identity.auth.heat.password
src:
schema: deckhand/Passphrase/v1
name: osh_heat_password
path: .
- dest:
path: .values.endpoints.identity.auth.heat_trustee.password
src:
schema: deckhand/Passphrase/v1
name: osh_heat_trustee_password
path: .
- dest:
path: .values.endpoints.identity.auth.heat_stack_user.password
src:
schema: deckhand/Passphrase/v1
name: osh_heat_stack_user_password
path: .
- dest:
path: .values.endpoints.oslo_messaging.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_heat_oslo_messaging_admin_password
path: .
- dest:
path: .values.endpoints.oslo_messaging.auth.heat.password
src:
schema: deckhand/Passphrase/v1
name: osh_heat_oslo_messaging_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.heat.password
src:
schema: deckhand/Passphrase/v1
name: osh_heat_oslo_db_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_db_admin_password
path: .
- dest:
path: .values.endpoints.oslo_cache.auth.memcache_secret_key
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_cache_secret_key
path: .
data:
chart_name: heat
release: heat
namespace: openstack
wait:
timeout: 900
labels:
release_group: heat
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: heat
post:
create: []
values:
pod:
replicas:
api: 1
cfn: 1
cloudwatch: 1
engine: 2
labels:
api:
node_selector_key: openstack-control-plane
node_selector_value: enabled
cfn:
node_selector_key: openstack-control-plane
node_selector_value: enabled
cloudwatch:
node_selector_key: openstack-control-plane
node_selector_value: enabled
engine:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
conf:
logging:
loggers:
keys:
- root
- heat
handlers:
keys:
- stdout
- stderr
- "null"
- fluent
formatters:
keys:
- context
- default
- fluent
logger_root:
level: WARNING
handlers: null
logger_heat:
level: INFO
handlers:
- stdout
- stderr
- fluent
qualname: heat
logger_amqp:
level: WARNING
handlers: stderr
qualname: amqp
logger_amqplib:
level: WARNING
handlers: stderr
qualname: amqplib
logger_eventletwsgi:
level: WARNING
handlers: stderr
qualname: eventlet.wsgi.server
logger_sqlalchemy:
level: WARNING
handlers: stderr
qualname: sqlalchemy
logger_boto:
level: WARNING
handlers: stderr
qualname: boto
handler_null:
class: logging.NullHandler
formatter: default
args: ()
handler_stdout:
class: StreamHandler
args: (sys.stdout,)
formatter: context
handler_stderr:
class: StreamHandler
args: (sys.stderr,)
formatter: context
handler_fluent:
class: fluent.handler.FluentHandler
args: ('openstack.heat', 'fluentd-logging.osh-infra', 24224)
formatter: fluent
formatter_fluent:
class: oslo_log.formatters.FluentFormatter
formatter_context:
class: oslo_log.formatters.ContextFormatter
formatter_default:
format: "%(message)s"
dependencies:
- osh-helm-toolkit
...

View File

@ -0,0 +1,95 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: heat-rabbitmq
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.rabbitmq
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.rabbitmq
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.heat_oslo_messaging
dest:
path: .values.endpoints.oslo_messaging
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.heat_rabbitmq_exporter
dest:
path: .values.endpoints.prometheus_rabbitmq_exporter
# Credentials
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.heat.oslo_messaging.admin
dest:
path: .values.endpoints.oslo_messaging.auth.user
# Secrets
- src:
schema: deckhand/Passphrase/v1
name: osh_heat_rabbitmq_erlang_cookie
path: .
dest:
path: .values.endpoints.oslo_messaging.auth.erlang_cookie
- src:
schema: deckhand/Passphrase/v1
name: osh_heat_oslo_messaging_admin_password
path: .
dest:
path: .values.endpoints.oslo_messaging.auth.user.password
data:
chart_name: heat-rabbitmq
release: heat-rabbitmq
namespace: openstack
wait:
timeout: 900
labels:
release_group: heat-rabbitmq
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: heat-rabbitmq
values:
pod:
replicas:
server: 1
labels:
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
prometheus_rabbitmq_exporter:
node_selector_key: openstack-control-plane
node_selector_value: enabled
monitoring:
prometheus:
enabled: true
dependencies:
- osh-helm-toolkit
...

View File

@ -0,0 +1,13 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: openstack-horizon
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: Deploy Horizon
chart_group:
- horizon

View File

@ -0,0 +1,114 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: horizon
labels:
component: horizon
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.horizon
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.horizon
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.identity
dest:
path: .values.endpoints.identity
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.dashboard
dest:
path: .values.endpoints.dashboard
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_db
dest:
path: .values.endpoints.oslo_db
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_cache
dest:
path: .values.endpoints.oslo_cache
# Service Accounts
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.horizon.oslo_db
dest:
path: .values.endpoints.oslo_db.auth.horizon
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.horizon.oslo_db.database
dest:
path: .values.endpoints.oslo_db.path
pattern: DB_NAME
# Secrets
- dest:
path: .values.endpoints.oslo_db.auth.keystone.password
src:
schema: deckhand/Passphrase/v1
name: osh_horizon_oslo_db_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_db_admin_password
path: .
- dest:
path: .values.endpoints.oslo_cache.auth.memcache_secret_key
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_cache_secret_key
path: .
data:
chart_name: horizon
release: horizon
namespace: openstack
install:
no_hooks: false
wait:
timeout: 900
labels:
release_group: horizon
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: horizon
post:
create: []
values:
labels:
node_selector_key: openstack-control-plane
node_selector_value: enabled
dependencies:
- osh-helm-toolkit
...

View File

@ -0,0 +1,13 @@
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: openstack-ingress-controller
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
data:
description: OpenStack Namespace Ingress
chart_group:
- openstack-ingress-controller

View File

@ -0,0 +1,55 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: openstack-ingress-controller
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.ingress
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.ingress
dest:
path: .values.images.tags
data:
chart_name: openstack-ingress-controller
release: openstack-ingress-controller
namespace: openstack
wait:
timeout: 900
labels:
release_group: openstack-ingress-controller
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: openstack-ingress-controller
values:
labels:
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
error_server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
pod:
replicas:
ingress: 2
error_page: 2
dependencies:
- osh-helm-toolkit

Some files were not shown because too many files have changed in this diff Show More