c86684c91a
Aligned with changes in promenade repo: https://review.opendev.org/#/c/657879/ Change-Id: Ia1d5ddabc47390f12557032b1716734cfcbcd540
151 lines
4.5 KiB
YAML
151 lines
4.5 KiB
YAML
---
|
|
schema: promenade/Genesis/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: genesis-global
|
|
layeringDefinition:
|
|
abstract: true
|
|
layer: global
|
|
labels:
|
|
name: genesis-global
|
|
storagePolicy: cleartext
|
|
substitutions:
|
|
# Software versions for bootstrapping phase
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .images.ucp.armada.api
|
|
dest:
|
|
path: .images.armada
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .images.ucp.armada.tiller
|
|
dest:
|
|
path: .images.helm.tiller
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .images.kubernetes.apiserver.apiserver
|
|
dest:
|
|
path: .images.kubernetes.apiserver
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .images.kubernetes.controller-manager.controller_manager
|
|
dest:
|
|
path: .images.kubernetes.controller-manager
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .images.kubernetes.etcd.etcd
|
|
dest:
|
|
path: .images.kubernetes.etcd
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .images.kubernetes.scheduler.scheduler
|
|
dest:
|
|
path: .images.kubernetes.scheduler
|
|
|
|
# Site-specific configuration
|
|
- src:
|
|
schema: pegleg/CommonAddresses/v1
|
|
name: common-addresses
|
|
path: .genesis.hostname
|
|
dest:
|
|
path: .hostname
|
|
- src:
|
|
schema: pegleg/CommonAddresses/v1
|
|
name: common-addresses
|
|
path: .genesis.ip
|
|
dest:
|
|
path: .ip
|
|
|
|
# Command prefix
|
|
- src:
|
|
schema: pegleg/CommonAddresses/v1
|
|
name: common-addresses
|
|
path: .kubernetes.service_cidr
|
|
dest:
|
|
path: .apiserver.arguments[2]
|
|
pattern: SERVICE_CIDR
|
|
- src:
|
|
schema: pegleg/CommonAddresses/v1
|
|
name: common-addresses
|
|
path: .kubernetes.service_node_port_range
|
|
dest:
|
|
path: .apiserver.arguments[3]
|
|
pattern: SERVICE_NODE_PORT_RANGE
|
|
|
|
# Set etcd encryption policy
|
|
- src:
|
|
schema: promenade/EncryptionPolicy/v1
|
|
name: encryption-policy
|
|
path: .etcd
|
|
dest:
|
|
path: .apiserver.encryption
|
|
|
|
data:
|
|
apiserver:
|
|
arguments:
|
|
- --authorization-mode=Node,RBAC
|
|
- --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,NodeRestriction,EventRateLimit
|
|
- --service-cluster-ip-range=SERVICE_CIDR
|
|
- --service-node-port-range=SERVICE_NODE_PORT_RANGE
|
|
- --endpoint-reconciler-type=lease
|
|
- --feature-gates=PodShareProcessNamespace=true
|
|
- --v=3
|
|
- --admission-control-config-file=/etc/kubernetes/apiserver/acconfig.yaml
|
|
- --experimental-encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml
|
|
- --requestheader-allowed-names='aggregator'
|
|
armada:
|
|
target_manifest: cluster-bootstrap
|
|
haproxy:
|
|
run_as_user: 65534
|
|
labels:
|
|
dynamic:
|
|
- beta.kubernetes.io/fluentd-ds-ready=true
|
|
- calico-etcd=enabled
|
|
- ceph-mds=enabled
|
|
- ceph-mon=enabled
|
|
- ceph-osd=enabled
|
|
- ceph-rgw=enabled
|
|
- ceph-mgr=enabled
|
|
- tenant-ceph-control-plane=enabled
|
|
- tenant-ceph-mon=enabled
|
|
- tenant-ceph-rgw=enabled
|
|
- tenant-ceph-mgr=enabled
|
|
- kube-dns=enabled
|
|
- kube-ingress=enabled
|
|
- kubernetes-apiserver=enabled
|
|
- kubernetes-controller-manager=enabled
|
|
- kubernetes-etcd=enabled
|
|
- kubernetes-scheduler=enabled
|
|
- promenade-genesis=enabled
|
|
- ucp-control-plane=enabled
|
|
- maas-rack=enabled
|
|
- maas-region=enabled
|
|
- node-exporter=enabled
|
|
files:
|
|
- path: /var/lib/anchor/calico-etcd-bootstrap
|
|
content: "# placeholder for triggering calico etcd bootstrapping\n# this file will be deleted"
|
|
mode: 0644
|
|
- path: /etc/genesis/apiserver/acconfig.yaml
|
|
mode: 0444
|
|
content: |
|
|
kind: AdmissionConfiguration
|
|
apiVersion: apiserver.k8s.io/v1alpha1
|
|
plugins:
|
|
- name: EventRateLimit
|
|
path: eventconfig.yaml
|
|
- path: /etc/genesis/apiserver/eventconfig.yaml
|
|
mode: 0444
|
|
content: |
|
|
kind: Configuration
|
|
apiVersion: eventratelimit.admission.k8s.io/v1alpha1
|
|
limits:
|
|
- type: Server
|
|
qps: 1000
|
|
burst: 10000
|