summaryrefslogtreecommitdiffstats
path: root/site/intel-pod17/software/charts
diff options
context:
space:
mode:
Diffstat (limited to 'site/intel-pod17/software/charts')
-rw-r--r--site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml127
-rw-r--r--site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml131
-rw-r--r--site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml26
-rw-r--r--site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml100
-rw-r--r--site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml30
-rw-r--r--site/intel-pod17/software/charts/ucp/divingbell/divingbell.yaml72
6 files changed, 486 insertions, 0 deletions
diff --git a/site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml b/site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml
new file mode 100644
index 0000000..00053a4
--- /dev/null
+++ b/site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml
@@ -0,0 +1,127 @@
+---
+# The purpose of this file is to build the list of calico etcd nodes and the
+# calico etcd certs for those nodes in the environment.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-calico-etcd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: kubernetes-calico-etcd-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ # Generate a list of control plane nodes (i.e. genesis node + master node
+ # list) on which calico etcd will run and will need certs. It is assumed
+ # that Airship sites will have 4 control plane nodes, so this should not need to
+ # change for a new site.
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .genesis.hostname
+ dest:
+ path: .values.nodes[0].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[0].hostname
+ dest:
+ path: .values.nodes[1].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[1].hostname
+ dest:
+ path: .values.nodes[2].name
+
+ # Certificate substitutions for the node names assembled on the above list.
+ # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
+ # to change with a standard Airship deployment. However, the names of each
+ # deckhand certficiate should be updated with the correct hostnames for your
+ # environment. The ordering is important (Genesis is index 0, then master
+ # nodes in the order they are specified in common-addresses).
+
+ # Genesis hostname - pod17-jump
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod17-jump
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod17-jump
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod17-jump-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod17-jump-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.key
+
+ # master node 1 hostname - pod17-node1
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod17-node1
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod17-node1
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod17-node1-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod17-node1-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.key
+
+ # master node 2 hostname - pod17-node2
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod17-node2
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod17-node2
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod17-node2-peer
+ path: .
+ dest:
+ path: .values.nodes[2].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod17-node2-peer
+ path: .
+ dest:
+ path: .values.nodes[2].tls.peer.key
+
+data: {}
+...
diff --git a/site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml b/site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml
new file mode 100644
index 0000000..365b3d0
--- /dev/null
+++ b/site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml
@@ -0,0 +1,131 @@
+---
+# The purpose of this file is to build the list of k8s etcd nodes and the
+# k8s etcd certs for those nodes in the environment.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-etcd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: kubernetes-etcd-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ # Generate a list of control plane nodes (i.e. genesis node + master node
+ # list) on which k8s etcd will run and will need certs. It is assumed
+ # that Airship sites will have 4 control plane nodes, so this should not need to
+ # change for a new site.
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .genesis.hostname
+ dest:
+ path: .values.nodes[0].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[0].hostname
+ dest:
+ path: .values.nodes[1].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[1].hostname
+ dest:
+ path: .values.nodes[2].name
+
+ # Certificate substitutions for the node names assembled on the above list.
+ # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
+ # to change with a standard Airship deployment. However, the names of each
+ # deckhand certficiate should be updated with the correct hostnames for your
+ # environment. The ordering is important (Genesis is index 0, then master
+ # nodes in the order they are specified in common-addresses).
+
+ # Genesis Exception*
+ # *NOTE: This is an exception in that `genesis` is not the hostname of the
+ # genesis node, but `genesis` is reference here in the certificate names
+ # because of certain Promenade assumptions that may be addressed in the
+ # future. Therefore `genesis` is used instead of `pod17-jump` here.
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-genesis
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-genesis
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-genesis-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-genesis-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.key
+
+ # master node 1 hostname - pod17-node1
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-pod17-node1
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-pod17-node1
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-pod17-node1-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-pod17-node1-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.key
+
+ # master node 2 hostname - pod17-node2
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-pod17-node2
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-pod17-node2
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-pod17-node2-peer
+ path: .
+ dest:
+ path: .values.nodes[2].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-pod17-node2-peer
+ path: $
+ dest:
+ path: .values.nodes[2].tls.peer.key
+
+data: {}
+...
diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml
new file mode 100644
index 0000000..eb921b8
--- /dev/null
+++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml
@@ -0,0 +1,26 @@
+---
+# The purpose of this file is to define environment-specific parameters for ceph
+# client update
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-client-update
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-client-update-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ pool:
+ target:
+ # NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if
+ # your HW matches this site's HW. Verify for your environment.
+ # 8 OSDs per node x 3 nodes = 24
+ osd: 3
+...
diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml
new file mode 100644
index 0000000..e1e8ecf
--- /dev/null
+++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml
@@ -0,0 +1,100 @@
+---
+# The purpose of this file is to define envrionment-specific parameters for the
+# ceph client
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-client
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-client-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ pool:
+ target:
+ # NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to
+ # change if your deployment HW matches this site's HW.
+ osd: 1
+ spec:
+ # RBD pool
+ - name: rbd
+ application: rbd
+ replication: 1
+ percent_total_data: 40
+ - name: cephfs_metadata
+ application: cephfs
+ replication: 1
+ percent_total_data: 5
+ - name: cephfs_data
+ application: cephfs
+ replication: 1
+ percent_total_data: 10
+ # RadosGW pools
+ - name: .rgw.root
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.control
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.data.root
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.gc
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.log
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.intent-log
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.meta
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.usage
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.keys
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.email
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.swift
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.uid
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.buckets.extra
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.buckets.index
+ application: rgw
+ replication: 1
+ percent_total_data: 3
+ - name: default.rgw.buckets.data
+ application: rgw
+ replication: 1
+ percent_total_data: 34.8
+...
diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml
new file mode 100644
index 0000000..8cf291a
--- /dev/null
+++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml
@@ -0,0 +1,30 @@
+---
+# The purpose of this file is to define environment-specific parameters for
+# ceph-osd
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-osd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-osd-global
+ actions:
+ - method: replace
+ path: .values.conf.storage.osd
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ storage:
+ osd:
+ - data:
+ type: block-logical
+ location: /dev/sdb
+ journal:
+ type: directory
+ location: /var/lib/openstack-helm/ceph/osd/osd-sdb
+...
diff --git a/site/intel-pod17/software/charts/ucp/divingbell/divingbell.yaml b/site/intel-pod17/software/charts/ucp/divingbell/divingbell.yaml
new file mode 100644
index 0000000..db6ef66
--- /dev/null
+++ b/site/intel-pod17/software/charts/ucp/divingbell/divingbell.yaml
@@ -0,0 +1,72 @@
+---
+# The purpose of this file is to define site-specific parameters to the
+# UAM-lite portion of the divingbell chart:
+# 1. User accounts to create on bare metal
+# 2. SSH public key for operationg system access to the bare metal
+# 3. Passwords for operating system access via iDrac/iLo console. SSH password-
+# based auth is disabled.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-divingbell
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-divingbell-global
+ actions:
+ - method: merge
+ path: .
+ labels:
+ name: ucp-divingbell-site
+ storagePolicy: cleartext
+ substitutions:
+ - dest:
+ path: .values.conf.uamlite.users[0].user_sshkeys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ name: airship_ssh_public_key
+ path: .
+ - dest:
+ path: .values.conf.uamlite.users[0].user_crypt_passwd
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ubuntu_crypt_password
+ path: .
+ - dest:
+ path: .values.conf.uamlite.users[1].user_sshkeys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ name: airship_ssh_public_key
+ path: .
+ - dest:
+ path: .values.conf.uamlite.users[2].user_sshkeys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ name: grego_ssh_public_key
+ path: .
+ - dest:
+ path: .values.conf.uamlite.users[3].user_sshkeys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ name: kasparss_ssh_public_key
+ path: .
+
+data:
+ values:
+ conf:
+ uamlite:
+ users:
+ - user_name: ubuntu
+ user_sudo: true
+ user_sshkeys: []
+ - user_name: airship
+ user_sudo: true
+ user_sshkeys: []
+ - user_name: grego
+ user_sudo: true
+ user_sshkeys: []
+ - user_name: kasparss
+ user_sudo: true
+ user_sshkeys: []
+...