--- /dev/null
+---
+# The purpose of this file is to define network related paramters that are
+# referenced elsewhere in the manifests for this site.
+#
+# TODO: Include bare metal host FQDN naming standards
+# TODO: Include ingress FQDN naming standards
+schema: pegleg/CommonAddresses/v1
+metadata:
+ schema: metadata/Document/v1
+ name: common-addresses
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ calico:
+ # NEWSITE-CHANGEME: The interface that calico will use. Update if your
+ # logical bond interface name or calico VLAN have changed from the reference
+ # site design.
+ # This should be whichever
+ # bond and VLAN number specified in networks/physical/networks.yaml for the Calico
+ # network. E.g. VLAN 22 for the calico network as a member of bond0, you
+ # would set "interface=bond0.22" as shown here.
+ ip_autodetection_method: interface={{yaml.networks.ksn.interface}}
+ etcd:
+ # etcd service IP address
+ service_ip: 10.96.232.136
+ ip_rule:
+ gateway: {{yaml.networks.ksn.gateway }}
+ bgp:
+ ipv4:
+ public_service_cidr: {{yaml.networks.ksn.additional_cidrs[0]}}
+ ingress_vip: {{yaml.networks.ksn.ingress_vip}}
+{% if ('peers' in yaml.networks.ksn and yaml.networks.ksn.peers is not none and yaml.networks.ksn.peers is iterable ) %}
+ peers:
+{% for peer in yaml.networks.ksn.peers %}
+ - {{peer.ip}}
+{% endfor %}
+{% endif %}
+ vip:
+ ingress_vip: '{{yaml.networks.host.ingress_vip}}/32'
+ maas_vip: '{{yaml.networks.host.maas_vip}}/32'
+
+ dns:
+ # Kubernetes cluster domain. Do not change. This is internal to the cluster.
+ cluster_domain: cluster.local
+ # DNS service ip
+ service_ip: 10.96.0.10
+ # List of upstream DNS forwards. Verify you can reach them from your
+ # environment. If so, you should not need to change them.
+ upstream_servers:
+{% for server in yaml.dns.upstream_servers %}
+ - {{server}}
+{% endfor %}
+ # Repeat the same values as above, but formatted as a common separated
+ # string
+ upstream_servers_joined: '{{yaml.dns.upstream_servers|batch(2)|first|join(',')}}'
+ # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
+ # Choose FQDN according to the ingress/public FQDN naming conventions at
+ # the top of this document.
+ ingress_domain: {{yaml.dns.ingress_domain}}
+
+ genesis:
+ # NEWSITE-CHANGEME: Update with the hostname for the node which will take on
+ # the Genesis role. Refer to the hostname naming stardards in
+ # networks/physical/networks.yaml
+ # NOTE: Ensure that the genesis node is manually configured with this
+ # hostname before running `genesis.sh` on the node.
+ hostname: {{yaml.genesis.name}}
+ # NEWSITE-CHANGEME: Calico IP of the Genesis node. Use the "start" value for
+ # the calico network defined in networks/physical/networks.yaml for this IP.
+ ip: {{yaml.genesis.ksn}}
+
+ bootstrap:
+ # NEWSITE-CHANGEME: Update with the "start" value/IP of the static range
+ # defined for the pxe network in networks/physical/networks.yaml
+ ip: {{yaml.genesis.pxe}}
+
+ kubernetes:
+ # K8s API service IP
+ api_service_ip: {{yaml.kubernetes.api_service_ip}}
+ # etcd service IP
+ etcd_service_ip: {{yaml.kubernetes.etcd_service_ip}}
+ # k8s pod CIDR (network which pod traffic will traverse)
+ pod_cidr: {{yaml.kubernetes.pod_cidr}}
+ # k8s service CIDR (network which k8s API traffic will traverse)
+ service_cidr: {{yaml.kubernetes.service_cidr}}
+ # misc k8s port settings
+ apiserver_port: 6443
+ haproxy_port: 6553
+ service_node_port_range: 30000-32767
+
+ # etcd port settings
+ etcd:
+ container_port: 2379
+ haproxy_port: 2378
+
+ # NEWSITE-CHANGEME: A list of nodes (apart from Genesis) which act as the
+ # control plane servers. Ensure that this matches the nodes with the 'masters'
+ # tags applied in baremetal/nodes.yaml
+ masters:
+{% for master in yaml.masters %}
+ - hostname: {{master.name}}
+{% endfor %}
+
+ # NEWSITE-CHANGEME: Environment proxy information.
+ # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section
+ # should be commented out.
+ # However if you are in a lab that requires proxy, ensure that these proxy
+ # settings are correct and reachable in your environment; otherwise update
+ # them with the correct values for your environment.
+ proxy:
+ http: ""
+ https: ""
+ no_proxy: []
+
+ node_ports:
+ drydock_api: 30000
+ maas_api: 30001
+ maas_proxy: 31800 # hardcoded in MAAS
+
+ ntp:
+ # comma separated NTP server list. Verify that these upstream NTP servers are
+ # reachable in your environment; otherwise update them with the correct
+ # values for your environment.
+ servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
+
+ # NOTE: This will be updated soon
+ ldap:
+ # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is
+ # relevant for your type of deployment (test vs prod values, etc).
+ base_url: 'ldap.example.com'
+ # NEWSITE-CHANGEME: As above, with the protocol included to create a full URI
+ url: 'ldap://ldap.example.com'
+ # NEWSITE-CHANGEME: Update to the correct expression relevant for this
+ # deployment (test vs prod values, etc)
+ auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
+ # NEWSITE-CHANGEME: Update to the correct AD group that contains the users
+ # relevant for this deployment (test users vs prod users/values, etc)
+ common_name: test
+ # NEWSITE-CHANGEME: Update to the correct subdomain for your type of
+ # deployment (test vs prod values, etc)
+ subdomain: test
+ # NEWSITE-CHANGEME: Update to the correct domain for your type of
+ # deployment (test vs prod values, etc)
+ domain: example
+
+ storage:
+ ceph:
+ # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR
+ # used for the `storage` network in networks/physical/networks.yaml
+ public_cidr: '{{yaml.networks.storage.cidr}}'
+ cluster_cidr: '{{yaml.networks.storage.cidr}}'
+
+ neutron:
+ # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the bond name and
+ # VLAN number are consistent with what's defined for the bond and the overlay
+ # network in networks/physical/networks.yaml
+ tunnel_device: '{{yaml.networks.neutron.interface}}'
+ # bond which the overlay is a member of. Ensure the bond name is consistent
+ # with the bond assigned to the overlay network in
+ # networks/physical/networks.yaml
+ external_iface: '{{yaml.networks.primary}}'
+
+ openvswitch:
+ # bond which the overlay is a member of. Ensure the bond name is consistent
+ # with the bond assigned to the overlay network in
+ # networks/physical/networks.yaml
+ external_iface: '{{yaml.networks.primary}}'
+...
Code Review / yaml_builds.git / blobdiff