---
# The purpose of this file is to define network related paramters that are
# referenced elsewhere in the manifests for this site.
#
# TODO: Include bare metal host FQDN naming standards
# TODO: Include ingress FQDN naming standards
schema: pegleg/CommonAddresses/v1
metadata:
  schema: metadata/Document/v1
  name: common-addresses
  layeringDefinition:
    abstract: false
    layer: site
  storagePolicy: cleartext
data:
  calico:
    # NEWSITE-CHANGEME: The interface that calico will use. Update if your
    # logical bond interface name or calico VLAN have changed from the reference
    # site design.
    # This should be whichever
    # bond and VLAN number specified in networks/physical/networks.yaml for the Calico
    # network. E.g. VLAN 22 for the calico network as a member of bond0, you
    # would set "interface=bond0.22" as shown here.
    ip_autodetection_method: interface={{yaml.networks.ksn.interface}}
    etcd:
      # etcd service IP address
      service_ip: 10.96.232.136
    ip_rule:
      gateway: {{yaml.networks.ksn.gateway }}
    bgp:
      ipv4:
        public_service_cidr: {{yaml.networks.ksn.additional_cidrs[0]}}
        ingress_vip: {{yaml.networks.ksn.ingress_vip}}
{% if ('peers' in yaml.networks.ksn and yaml.networks.ksn.peers is not none and yaml.networks.ksn.peers is iterable ) %}
        peers:
{% for peer in yaml.networks.ksn.peers %}
          - {{peer.ip}}
{% endfor %}
{% endif %}
  vip:
    ingress_vip: '{{yaml.networks.host.ingress_vip}}/32'
    maas_vip: '{{yaml.networks.host.maas_vip}}/32'

  dns:
    # Kubernetes cluster domain. Do not change. This is internal to the cluster.
    cluster_domain: cluster.local
    # DNS service ip
    service_ip: 10.96.0.10
    # List of upstream DNS forwards. Verify you can reach them from your
    # environment. If so, you should not need to change them.
    upstream_servers:
{% for server in yaml.dns.upstream_servers %}
      - {{server}}
{% endfor %}
    # Repeat the same values as above, but formatted as a common separated
    # string
    upstream_servers_joined: '{{yaml.dns.upstream_servers|batch(2)|first|join(',')}}'
    # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
    # Choose FQDN according to the ingress/public FQDN naming conventions at
    # the top of this document.
    ingress_domain: {{yaml.dns.ingress_domain}}

  genesis:
    # NEWSITE-CHANGEME: Update with the hostname for the node which will take on
    # the Genesis role. Refer to the hostname naming stardards in
    # networks/physical/networks.yaml
    # NOTE: Ensure that the genesis node is manually configured with this
    # hostname before running `genesis.sh` on the node.
    hostname: {{yaml.genesis.name}}
    # NEWSITE-CHANGEME: Calico IP of the Genesis node. Use the "start" value for
    # the calico network defined in networks/physical/networks.yaml for this IP.
    ip: {{yaml.genesis.ksn}}

  bootstrap:
    # NEWSITE-CHANGEME: Update with the "start" value/IP of the static range
    # defined for the pxe network in networks/physical/networks.yaml
    ip: {{yaml.genesis.pxe}}

  kubernetes:
    # K8s API service IP
    api_service_ip: {{yaml.kubernetes.api_service_ip}}
    # etcd service IP
    etcd_service_ip: {{yaml.kubernetes.etcd_service_ip}}
    # k8s pod CIDR (network which pod traffic will traverse)
    pod_cidr: {{yaml.kubernetes.pod_cidr}}
    # k8s service CIDR (network which k8s API traffic will traverse)
    service_cidr: {{yaml.kubernetes.service_cidr}}
    # misc k8s port settings
    apiserver_port: 6443
    haproxy_port: 6553
    service_node_port_range: 30000-32767

  # etcd port settings
  etcd:
    container_port: 2379
    haproxy_port: 2378

  # NEWSITE-CHANGEME: A list of nodes (apart from Genesis) which act as the
  # control plane servers. Ensure that this matches the nodes with the 'masters'
  # tags applied in baremetal/nodes.yaml
  masters:
{% for master in yaml.masters %}
    - hostname: {{master.name}}
{% endfor %}

  # NEWSITE-CHANGEME: Environment proxy information.
  # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section
  # should be commented out.
  # However if you are in a lab that requires proxy, ensure that these proxy
  # settings are correct and reachable in your environment; otherwise update
  # them with the correct values for your environment.
  proxy:
    http: ""
    https: ""
    no_proxy: []

  node_ports:
    drydock_api: 30000
    maas_api: 30001
    maas_proxy: 31800  # hardcoded in MAAS

  ntp:
    # comma separated NTP server list. Verify that these upstream NTP servers are
    # reachable in your environment; otherwise update them with the correct
    # values for your environment.
    servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'

  # NOTE: This will be updated soon
  ldap:
    # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is
    # relevant for your type of deployment (test vs prod values, etc).
    base_url: 'ldap.example.com'
    # NEWSITE-CHANGEME: As above, with the protocol included to create a full URI
    url: 'ldap://ldap.example.com'
    # NEWSITE-CHANGEME: Update to the correct expression relevant for this
    # deployment (test vs prod values, etc)
    auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
    # NEWSITE-CHANGEME: Update to the correct AD group that contains the users
    # relevant for this deployment (test users vs prod users/values, etc)
    common_name: test
    # NEWSITE-CHANGEME: Update to the correct subdomain for your type of
    # deployment (test vs prod values, etc)
    subdomain: test
    # NEWSITE-CHANGEME: Update to the correct domain for your type of
    # deployment (test vs prod values, etc)
    domain: example

  storage:
    ceph:
      # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR
      # used for the `storage` network in networks/physical/networks.yaml
      public_cidr: '{{yaml.networks.storage.cidr}}'
      cluster_cidr: '{{yaml.networks.storage.cidr}}'

  neutron:
    # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the bond name and
    # VLAN number are consistent with what's defined for the bond and the overlay
    # network in networks/physical/networks.yaml
    tunnel_device: '{{yaml.networks.neutron.interface}}'
    # bond which the overlay is a member of. Ensure the bond name is consistent
    # with the bond assigned to the overlay network in
    # networks/physical/networks.yaml
    external_iface: '{{yaml.networks.primary}}'

  openvswitch:
    # bond which the overlay is a member of. Ensure the bond name is consistent
    # with the bond assigned to the overlay network in
    # networks/physical/networks.yaml
    external_iface: '{{yaml.networks.primary}}'
...