summaryrefslogtreecommitdiffstats
path: root/site/intel-pod17/networks/common-addresses.yaml
blob: 8eaf8a42ba217420153c39ebfa3adbd886ebed0d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
---
# The purpose of this file is to define network related paramters that are
# referenced (substituted) elsewhere in the manifests for this site.
#
schema: pegleg/CommonAddresses/v1
metadata:
  schema: metadata/Document/v1
  replacement: true
  name: common-addresses
  layeringDefinition:
    abstract: false
    layer: site
    parentSelector:
      name: common-addresses-global
    actions:
      - method: merge
        path: .
  storagePolicy: cleartext
data:
  calico:
    # NEWSITE-CHANGEME: The interface that Calico will use. Update if your
    # logical interface name or Calico VLAN have changed from the reference
    # site design.
    # This should be whichever interface (or bond) and VLAN number specified in
    # networks/physical/networks.yaml for the Calico network.
    # E.g. you would set "interface=ens785f0" as shown here.
    ip_autodetection_method: can-reach=10.10.172.21
    etcd:
      # The etcd service IP address.
      # This address must be within data.kubernetes.service_cidr range
      service_ip: 10.96.232.136
    ip_rule:
      # NEWSITE-CHANGEME: The service gateway/VRR IP for routing pod traffic
      gateway: 10.10.172.1

    bgp:
      # on the genesis node, run /opt/cni/bin/calicoctl get bgppeers
      # asnumber: 64688
      ipv4:
        # NEWSITE-CHANGEME: A routable CIDR to configure for ingress, maas, and
        # outward facing services (i.e. routable ingress CIDR)
        # public_service_cidr: 10.10.170.128/29
        public_service_cidr: 10.10.170.128/29
        # NEWSITE-CHANGEME: Update with the "public" facing VIP to assign to
        # the ingress controller. /32 is redundant; this is an IP not a CIDR.
        ingress_vip: 10.10.170.129/32
        # NEWSITE-CHANGEME(v1.0.1): Update with the "public" facing VIP to assign
        # the MAAS ingress controller. /32 is redundant; this is an IP not a CIDR.
        maas_vip: 10.10.171.129/32
        # NEWSITE-CHANGEME: In Network Cloud, there is a pair of "global" BGP
        # peers that will be used for the whole site (all racks). These BGP peer
        # IPs should be put into this list.
        # NOTE: Any change to the size of this list (2) requires corresponding
        # changes in calico.yaml
        peers:
          - 'Nonsense'
          - 'Nonsense'

  dns:
    # Kubernetes cluster domain. Do not change. This is internal to the cluster.
    cluster_domain: cluster.local
    # DNS service ip
    service_ip: 10.96.0.10
    # List of upstream DNS forwards. Verify you can reach them from your
    # environment. If so, you should not need to change them.
    upstream_servers:
      - 10.10.170.20
      - 10.10.171.20
    # Repeat the same values as above, but formatted as a common separated
    # string
    upstream_servers_joined: 10.10.170.20, 10.10.171.20

    # NEWSITE-CHANGEME: Set the FQDN used by bare metal nodes according to FQDN naming standards at
    node_domain: intel-pod17.opnfv.org

    # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
    # Choose FQDN according to the ingress/public FQDN naming conventions at
    # the top of this document.
    ingress_domain: intel-pod17.opnfv.org

  genesis:
    # NEWSITE-CHANGEME: Update with the hostname for the node which will take on
    # the Genesis role. Refer to the hostname naming stardards in
    # networks/physical/networks.yaml
    # NOTE: Ensure that the genesis node is manually configured with this
    # hostname before running `genesis.sh` on the node, see
    # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#genesis-node
    hostname: pod17-node1
    # NEWSITE-CHANGEME: Address defined for Calico network in
    # networks/physical/networks.yaml
    ip: 10.10.172.21
    # NEWSITE-CHANGEME: OOB IP of the Genesis node. This should be sourced from the
    # engineering package and match the address used to access the iLO/iDRAC/ASMI
    # interface for the Genesis node.
    oob: 10.10.170.11

  bootstrap:
    # NEWSITE-CHANGEME: Address defined for the Admin (PXE) network in
    # networks/physical/networks.yaml
    ip: 10.10.171.21

  kubernetes:
    # K8s API service IP
    api_service_ip: 10.96.0.1
    # etcd service IP
    etcd_service_ip: 10.96.0.2
    # k8s pod CIDR (network which pod traffic will traverse)
    pod_cidr: 10.97.0.0/16
    # k8s service CIDR (network which k8s API traffic will traverse)
    service_cidr: 10.96.0.0/16
    # misc k8s port settings
    apiserver_port: 6443
    haproxy_port: 6553
    service_node_port_range: 30000-32767

  # etcd port settings
  etcd:
    container_port: 2379
    haproxy_port: 2378

  # NEWSITE-CHANGEME: A list of nodes (excluding Genesis) which act as the
  # control plane servers. Ensure that this matches the nodes with the 'masters'
  # tags applied in baremetal/nodes.yaml
  masters:
    - hostname: pod17-node2
    - hostname: pod17-node3

  # NEWSITE-CHANGEME: Environment proxy information.
  # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section
  # should be commented out.
  # However if you are in a lab that requires proxy, ensure that these proxy
  # settings are correct and reachable in your environment; otherwise update
  # them with the correct values for your environment.
  proxy:
    http: ""
    https: ""
    no_proxy: []

  node_ports:
    drydock_api: 30000
    maas_api: 30001

  ntp:
    # comma separated NTP server list. Verify that these upstream NTP servers are
    # reachable in your environment; otherwise update them with the correct
    # values for your environment.
    servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,3.ubuntu.pool.ntp.org'

  # An example for Openstack Helm Infra LDAP
  ldap:
    # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is
    # relevant for your type of deployment (test vs prod values, etc).
    base_url: 'ldap.example.com'
    # NEWSITE-CHANGEME: As above, with the protocol included to create a full URI
    url: 'ldap://ldap.example.com'
    # NEWSITE-CHANGEME: Update to the correct expression relevant for this
    # deployment (test vs prod values, etc)
    auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
    # NEWSITE-CHANGEME: Update to the correct AD group that contains the users
    # relevant for this deployment (test users vs prod users/values, etc)
    common_name: test
    # NEWSITE-CHANGEME: Update to the correct subdomain for your type of
    # deployment (test vs prod values, etc)
    subdomain: test
    # NEWSITE-CHANGEME: Update to the correct domain for your type of
    # deployment (test vs prod values, etc)
    domain: example

  ldap:
    # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
    # authenticate to the active directory backend to validate keystone
    # users.
    # It is NOT used in the example deployment.
    username: "m12345@ldap.test.com"

  storage:
    ceph:
      # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR
      # used for the Storage network in networks/physical/networks.yaml
      public_cidr: '10.10.173.0/24'
      cluster_cidr: '10.10.173.0/24'

  neutron:
    # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the interface name and
    # VLAN number are consistent with what's defined for the Private network in
    # networks/physical/networks.yaml
    tunnel_device: 'ens785f0'
    # Interface for the OpenStack external network. Ensure the interface name is
    # consistent with the interface and VLAN assigned to the Public network in
    # networks/physical/networks.yaml
    external_iface: 'ens785f1.1173'

  openvswitch:
    # Interface for the OpenStack external network. Ensure the interface name is
    # consistent with the interface and VLAN assigned to the Public network in
    # networks/physical/networks.yaml
    external_iface: 'ens785f1.1173'
...