diff --git a/templates/2.29.0 b/templates/2.29.0 deleted file mode 120000 index 67d9e1b..0000000 --- a/templates/2.29.0 +++ /dev/null @@ -1 +0,0 @@ -2.28.0 \ No newline at end of file diff --git a/templates/2.29.0/managed/baremetalhostprofiles.yaml.template b/templates/2.29.0/managed/baremetalhostprofiles.yaml.template new file mode 100644 index 0000000..e4e0552 --- /dev/null +++ b/templates/2.29.0/managed/baremetalhostprofiles.yaml.template @@ -0,0 +1,89 @@ +apiVersion: metal3.io/v1alpha1 +metadata: + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + name: default-2disks + labels: + kaas.mirantis.com/defaultBMHProfile: 'true' +kind: BareMetalHostProfile +spec: + devices: + - device: + minSize: 70Gi + wipeDevice: + eraseMetadata: + enabled: true + partitions: + - name: bios_grub + size: 4Mi + partflags: ['bios_grub'] + - name: uefi + partflags: ['esp'] + size: 200Mi + - name: config-2 + # Size of this partition is limited to 64Mb. + size: 64Mi + - name: lvm_root_part + size: 50Gi + - name: lvm_lvp_part + size: 0 + - device: + minSize: 30Gi + wipeDevice: + eraseMetadata: + enabled: true + volumeGroups: + - name: lvm_root + devices: + - partition: lvm_root_part + - name: lvm_lvp + devices: + - partition: lvm_lvp_part + logicalVolumes: + - name: root + vg: lvm_root + size: 0 + - name: lvp + vg: lvm_lvp + size: 0 + fileSystems: + - fileSystem: vfat + partition: config-2 + - fileSystem: vfat + partition: uefi + mountPoint: /boot/efi + - fileSystem: ext4 + logicalVolume: root + mountPoint: / + mountOpts: 'rw,noatime,nodiratime,lazytime,nobarrier,commit=240,data=ordered' + - fileSystem: ext4 + logicalVolume: lvp + mountPoint: /mnt/local-volumes/ + mountOpts: 'rw,noatime,nodiratime,lazytime,nobarrier,commit=240,data=ordered' + preDeployScript: | + #!/bin/bash -ex + echo $(date) 'pre_deploy_script done' >> /root/pre_deploy_done + postDeployScript: | + #!/bin/bash -ex + echo "root:r00tme" | sudo chpasswd + echo "blacklist acpi_power_meter" > /etc/modprobe.d/hwmon.conf + ln -sf /dev/null /etc/systemd/system/ondemand.service + echo $(date) 'post_deploy_script done' >> /root/post_deploy_done + grubConfig: + defaultGrubOptions: + - 'GRUB_DISABLE_RECOVERY="true"' + - 'GRUB_PRELOAD_MODULES=lvm' + - 'GRUB_TIMEOUT=20' + - 'GRUB_TERMINAL_INPUT="console serial"' + - 'GRUB_TERMINAL_OUTPUT="gfxterm serial"' + - 'GRUB_SERIAL_COMMAND="serial --unit=0 --speed=9600"' + - 'GRUB_CMDLINE_LINUX="noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off systemd.journald.forward_to_console=yes console=ttyS0,9600 console=tty0"' + kernelParameters: + sysctl: + kernel.dmesg_restrict: "1" + kernel.core_uses_pid: "1" + fs.file-max: "9223372036854775807" + fs.aio-max-nr: "1048576" + fs.inotify.max_user_instances: "4096" + vm.max_map_count: "262144" + net.ipv4.conf.all.rp_filter: "0" + net.ipv4.conf.default.rp_filter: "0" diff --git a/templates/2.29.0/managed/baremetalhosts.yaml.template b/templates/2.29.0/managed/baremetalhosts.yaml.template new file mode 100644 index 0000000..8780a0b --- /dev/null +++ b/templates/2.29.0/managed/baremetalhosts.yaml.template @@ -0,0 +1,168 @@ +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostCredential +metadata: + name: managed-control-0-bmc-credentials + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + kaas.mirantis.com/provider: baremetal +spec: + username: "admin" + password: + value: "password" +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostCredential +metadata: + name: managed-control-1-bmc-credentials + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + kaas.mirantis.com/provider: baremetal +spec: + username: "admin" + password: + value: "password" +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostCredential +metadata: + name: managed-control-2-bmc-credentials + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + kaas.mirantis.com/provider: baremetal +spec: + username: "admin" + password: + value: "password" +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostCredential +metadata: + name: managed-worker-0-bmc-credentials + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + kaas.mirantis.com/provider: baremetal +spec: + username: "admin" + password: + value: "password" +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostCredential +metadata: + name: managed-worker-1-bmc-credentials + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + kaas.mirantis.com/provider: baremetal +spec: + username: "admin" + password: + value: "password" +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostCredential +metadata: + name: managed-worker-2-bmc-credentials + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + kaas.mirantis.com/provider: baremetal +spec: + username: "admin" + password: + value: "password" +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostInventory +metadata: + name: managed-control-0 + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + kaas.mirantis.com/provider: baremetal + baremetal: hw-managed-control-0 +spec: + bootMode: legacy + online: true + bootMACAddress: "{{ managed_control_mac_address_0 }}" + bmc: + address: 127.0.0.1:6240 + credentialsName: "managed-control-0-bmc-credentials" +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostInventory +metadata: + name: managed-control-1 + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + kaas.mirantis.com/provider: baremetal + baremetal: hw-managed-control-1 +spec: + bootMode: legacy + online: true + bootMACAddress: "{{ managed_control_mac_address_1 }}" + bmc: + address: 127.0.0.1:6241 + credentialsName: "managed-control-1-bmc-credentials" +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostInventory +metadata: + name: managed-control-2 + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + kaas.mirantis.com/provider: baremetal + baremetal: hw-managed-control-2 +spec: + bootMode: legacy + online: true + bootMACAddress: "{{ managed_control_mac_address_2 }}" + bmc: + address: 127.0.0.1:6242 + credentialsName: "managed-control-2-bmc-credentials" +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostInventory +metadata: + name: managed-worker-0 + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + kaas.mirantis.com/provider: baremetal + baremetal: hw-managed-worker-0 +spec: + bootMode: legacy + online: true + bootMACAddress: "{{ managed_worker_mac_address_0 }}" + bmc: + address: 127.0.0.1:6250 + credentialsName: "managed-worker-0-bmc-credentials" +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostInventory +metadata: + name: managed-worker-1 + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + kaas.mirantis.com/provider: baremetal + baremetal: hw-managed-worker-1 +spec: + bootMode: legacy + online: true + bootMACAddress: "{{ managed_worker_mac_address_1 }}" + bmc: + address: 127.0.0.1:6251 + credentialsName: "managed-worker-1-bmc-credentials" +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostInventory +metadata: + name: managed-worker-2 + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + kaas.mirantis.com/provider: baremetal + baremetal: hw-managed-worker-2 +spec: + bootMode: legacy + online: true + bootMACAddress: "{{ managed_worker_mac_address_2 }}" + bmc: + address: 127.0.0.1:6252 + credentialsName: managed-worker-2-bmc-credentials diff --git a/templates/2.29.0/managed/cluster.yaml.template b/templates/2.29.0/managed/cluster.yaml.template new file mode 100644 index 0000000..4aa44b3 --- /dev/null +++ b/templates/2.29.0/managed/cluster.yaml.template @@ -0,0 +1,40 @@ +apiVersion: cluster.k8s.io/v1alpha1 +kind: Cluster +metadata: + labels: + kaas.mirantis.com/provider: baremetal + name: {{ MCC_MANAGED_CLUSTER_NAME }} + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + services: + cidrBlocks: + - 10.232.0.0/18 + providerSpec: + value: + apiVersion: baremetal.k8s.io/v1alpha1 + kind: BaremetalClusterProviderSpec + dedicatedControlPlane: false + dedicatedMetallbPools: false + helmReleases: + - name: ceph-controller + values: {} + - name: stacklight + values: + highAvailabilityEnabled: false + logging: + enabled: false + prometheusServer: + customAlerts: [] + persistentVolumeClaimSize: 16Gi + retentionSize: 15GB + retentionTime: 15d + watchDogAlertEnabled: false + - name: metallb + values: {} + publicKeys: + - name: user-key + release: {{ MCC_MANAGED_CLUSTER_RELEASE }} diff --git a/templates/2.29.0/managed/ipam-objects.yaml.template b/templates/2.29.0/managed/ipam-objects.yaml.template new file mode 100644 index 0000000..fba064e --- /dev/null +++ b/templates/2.29.0/managed/ipam-objects.yaml.template @@ -0,0 +1,82 @@ + +--- +apiVersion: "ipam.mirantis.com/v1alpha1" +kind: Subnet +metadata: + name: managed-k8s-api-lb + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + kaas.mirantis.com/provider: baremetal + cluster.sigs.k8s.io/cluster-name: {{ MCC_MANAGED_CLUSTER_NAME }} + ipam/SVC-LBhost: "presents" +spec: + cidr: {{ NETWORK_LCM_MANAGED_LB_HOST }}/32 + useWholeCidr: true + +--- +apiVersion: "ipam.mirantis.com/v1alpha1" +kind: Subnet +metadata: + name: managed-lcm + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + kaas.mirantis.com/provider: baremetal + cluster.sigs.k8s.io/cluster-name: {{ MCC_MANAGED_CLUSTER_NAME }} + ipam/SVC-k8s-lcm: "presents" +spec: + cidr: {{ NETWORK_LCM_SUBNET }} + gateway: {{ NETWORK_LCM_GATEWAY }} + nameservers: + {%- for server in NAMESERVERS.split(',') %} + - {{ server -}} + {% endfor %} + includeRanges: + - {{ NETWORK_LCM_STATIC_RANGE_MANAGED }} + +--- +apiVersion: ipam.mirantis.com/v1alpha1 +kind: L2Template +metadata: + name: default-managed + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + kaas.mirantis.com/provider: baremetal + cluster.sigs.k8s.io/cluster-name: {{ MCC_MANAGED_CLUSTER_NAME }} + ipam/DefaultForCluster: "1" +spec: + autoIfMappingPrio: + - eth + - eno + - ens + - enp + l3Layout: + - scope: namespace + subnetName: managed-lcm + labelSelector: + kaas.mirantis.com/provider: baremetal + ipam/SVC-k8s-lcm: "presents" +{#- protect go-template below from Jinja #} +{%- raw %} + npTemplate: | + version: 2 + renderer: networkd + ethernets: + {{ nic 0 }}: + addresses: + - {{ ip "0:managed-lcm" }} + dhcp4: false + dhcp6: false + gateway4: {{ gateway_from_subnet "managed-lcm" }} + match: + macaddress: {{ mac 0 }} + nameservers: + addresses: {{ nameservers_from_subnet "managed-lcm" }} + set-name: mcc-lcm + {{ nic 1 }}: + dhcp4: false + dhcp6: false + match: + macaddress: {{ mac 1 }} + set-name: mcc-openstack +{%- endraw %} +{#- end protect go-template below from Jinja #} diff --git a/templates/2.29.0/managed/kaascephcluster.yaml.template b/templates/2.29.0/managed/kaascephcluster.yaml.template new file mode 100644 index 0000000..b007d4d --- /dev/null +++ b/templates/2.29.0/managed/kaascephcluster.yaml.template @@ -0,0 +1,99 @@ +apiVersion: kaas.mirantis.com/v1alpha1 +kind: KaaSCephCluster +metadata: + name: ceph-{{ MCC_MANAGED_CLUSTER_NAME }} + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} +spec: + cephClusterSpec: + network: + clusterNet: "{{ NETWORK_LCM_SUBNET }}" + publicNet: "{{ NETWORK_LCM_SUBNET }}" + nodes: + managed-control-0: + roles: + - mgr + - mon + - osd + storageDevices: + - config: + deviceClass: ssd + name: sdb + managed-control-1: + roles: + - mon + - mgr + - osd + storageDevices: + - config: + deviceClass: ssd + name: sdb + managed-control-2: + roles: + - mgr + - mon + - osd + storageDevices: + - config: + deviceClass: ssd + name: sdb + objectStorage: + rgw: + dataPool: + deviceClass: ssd + replicated: + size: 2 + failureDomain: host + gateway: + allNodes: false + instances: 2 + port: 80 + securePort: 8443 + metadataPool: + deviceClass: ssd + failureDomain: host + replicated: + size: 2 + name: openstack-store + preservePoolsOnDelete: false + pools: + - default: true + deviceClass: ssd + name: kubernetes + replicated: + size: 2 + role: kubernetes + - default: false + deviceClass: ssd + name: volumes + replicated: + size: 2 + role: volumes + - default: false + deviceClass: ssd + name: vms + replicated: + size: 2 + role: vms + - default: false + deviceClass: ssd + name: backup + replicated: + size: 2 + role: backup + - default: false + deviceClass: ssd + name: images + replicated: + size: 2 + role: images + - default: false + deviceClass: ssd + name: other + replicated: + size: 2 + role: other + rookConfig: + osd_pool_default_size: "2" + k8sCluster: + name: {{ MCC_MANAGED_CLUSTER_NAME }} + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} diff --git a/templates/2.29.0/managed/machines.yaml.template b/templates/2.29.0/managed/machines.yaml.template new file mode 100644 index 0000000..c692370 --- /dev/null +++ b/templates/2.29.0/managed/machines.yaml.template @@ -0,0 +1,111 @@ +apiVersion: "cluster.k8s.io/v1alpha1" +kind: MachineList +items: +- apiVersion: "cluster.k8s.io/v1alpha1" + kind: Machine + metadata: + name: managed-control-0 + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: &cp_control_labels + kaas.mirantis.com/provider: baremetal + cluster.sigs.k8s.io/cluster-name: {{ MCC_MANAGED_CLUSTER_NAME }} + cluster.sigs.k8s.io/control-plane: "true" + spec: + providerSpec: + value: &cp_control_values + apiVersion: "baremetal.k8s.io/v1alpha1" + kind: "BareMetalMachineProviderSpec" + hostSelector: + matchLabels: + baremetal: hw-managed-control-0 + nodeLabels: + - key: openstack-control-plane + value: enabled + - key: openvswitch + value: enabled + - key: openstack-gateway + value: enabled + +- apiVersion: "cluster.k8s.io/v1alpha1" + kind: Machine + metadata: + name: managed-control-1 + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + <<: *cp_control_labels + spec: + providerSpec: + value: + <<: *cp_control_values + hostSelector: + matchLabels: + baremetal: hw-managed-control-1 + +- apiVersion: "cluster.k8s.io/v1alpha1" + kind: Machine + metadata: + name: managed-control-2 + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + <<: *cp_control_labels + spec: + providerSpec: + value: + <<: *cp_control_values + hostSelector: + matchLabels: + baremetal: hw-managed-control-2 + +- apiVersion: "cluster.k8s.io/v1alpha1" + kind: Machine + metadata: + name: managed-worker-0 + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: &cp_worker_labels + kaas.mirantis.com/provider: baremetal + cluster.sigs.k8s.io/cluster-name: {{ MCC_MANAGED_CLUSTER_NAME }} + spec: + providerSpec: + value: &cp_worker_values + apiVersion: "baremetal.k8s.io/v1alpha1" + kind: "BareMetalMachineProviderSpec" + hostSelector: + matchLabels: + baremetal: hw-managed-worker-0 + nodeLabels: + - key: stacklight + value: enabled + - key: openstack-compute-node + value: enabled + - key: openvswitch + value: enabled + +- apiVersion: "cluster.k8s.io/v1alpha1" + kind: Machine + metadata: + name: managed-worker-1 + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + <<: *cp_worker_labels + spec: + providerSpec: + value: + <<: *cp_worker_values + hostSelector: + matchLabels: + baremetal: hw-managed-worker-1 + +- apiVersion: "cluster.k8s.io/v1alpha1" + kind: Machine + metadata: + name: managed-worker-2 + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} + labels: + <<: *cp_worker_labels + spec: + providerSpec: + value: + <<: *cp_worker_values + hostSelector: + matchLabels: + baremetal: hw-managed-worker-2 diff --git a/templates/2.29.0/managed/metallbconfig.yaml.template b/templates/2.29.0/managed/metallbconfig.yaml.template new file mode 100644 index 0000000..8814460 --- /dev/null +++ b/templates/2.29.0/managed/metallbconfig.yaml.template @@ -0,0 +1,44 @@ +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: MetalLBConfig +metadata: + labels: + kaas.mirantis.com/provider: baremetal + cluster.sigs.k8s.io/cluster-name: {{ MCC_MANAGED_CLUSTER_NAME }} + name: {{ MCC_MANAGED_CLUSTER_NAME }}-metallb + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} +spec: + ipAddressPools: + - name: default + spec: + addresses: + - {{ NETWORK_LCM_METALLB_RANGE_MANAGED }} + autoAssign: true + avoidBuggyIPs: false + - name: openstack-lb + spec: + addresses: + - {{ NETWORK_LCM_METALLB_OPENSTACK_ADDRESS }}/32 + autoAssign: true + serviceAllocation: + namespaces: + - openstack + priority: 42 + serviceSelectors: + - matchExpressions: + - key: application + operator: In + values: + - ingress + - key: component + operator: In + values: + - server + l2Advertisements: + - name: default + spec: + interfaces: + - mcc-lcm + ipAddressPools: + - default + - openstack-lb diff --git a/templates/2.29.0/managed/osdpl.yaml.template b/templates/2.29.0/managed/osdpl.yaml.template new file mode 100644 index 0000000..cefdbc3 --- /dev/null +++ b/templates/2.29.0/managed/osdpl.yaml.template @@ -0,0 +1,59 @@ +apiVersion: lcm.mirantis.com/v1alpha1 +kind: OpenStackDeployment +metadata: + name: osh-dev + namespace: openstack +spec: + internal_domain_name: cluster.local + public_domain_name: {{ MCC_OPENSTACK_PUBLIC_DOMAIN }} + openstack_version: {{ MCC_MANAGED_OPENSTACK_RELEASE }} + local_volume_storage_class: openstack-operator-bind-mounts + persistent_volume_storage_class: kubernetes-ssd + preset: compute + size: tiny + features: + ssl: + public_endpoints: + api_cert: + value_from: + secret_key_ref: + key: api_cert + name: osh-dev-hidden + api_key: + value_from: + secret_key_ref: + key: api_key + name: osh-dev-hidden + ca_cert: + value_from: + secret_key_ref: + key: ca_cert + name: osh-dev-hidden + nova: + live_migration_interface: mcc-lcm + images: + backend: ceph + encryption: + enabled: false + neutron: + dns_servers: + {%- for server in NAMESERVERS.split(',') %} + - {{ server -}} + {% endfor %} + external_networks: + - physnet: physnet1 + interface: mcc-openstack + bridge: br-ex + network_types: + - flat + vlan_ranges: null + mtu: null + floating_network: + physnet: physnet1 + enabled: True + subnet: + gateway: "{{ NETWORK_OPENSTACK_GATEWAY }}" + pool_start: "{{ network_openstack_range_start }}" + pool_end: "{{ network_openstack_range_end }}" + range: "{{ NETWORK_OPENSTACK_SUBNET }}" + tunnel_interface: mcc-lcm diff --git a/templates/2.29.0/managed/sshkey.yaml.template b/templates/2.29.0/managed/sshkey.yaml.template new file mode 100644 index 0000000..61ba34c --- /dev/null +++ b/templates/2.29.0/managed/sshkey.yaml.template @@ -0,0 +1,8 @@ +apiVersion: kaas.mirantis.com/v1alpha1 +kind: PublicKey +metadata: + name: user-key + namespace: {{ MCC_MANAGED_CLUSTER_NAMESPACE }} +spec: + publicKey: | + {{ MCC_SSH_PUBLIC_KEY }} diff --git a/templates/2.29.0/management/baremetalhostprofiles.yaml.template b/templates/2.29.0/management/baremetalhostprofiles.yaml.template new file mode 100644 index 0000000..9b828b6 --- /dev/null +++ b/templates/2.29.0/management/baremetalhostprofiles.yaml.template @@ -0,0 +1,84 @@ +apiVersion: metal3.io/v1alpha1 +metadata: + namespace: default + name: default-simple + labels: + kaas.mirantis.com/defaultBMHProfile: 'true' +kind: BareMetalHostProfile +spec: + devices: + - device: + minSize: 120Gi + wipeDevice: + eraseMetadata: + enabled: true + partitions: + - name: bios_grub + size: 4Mi + partflags: ['bios_grub'] + - name: uefi + partflags: ['esp'] + size: 200Mi + - name: config-2 + # Size of this partition is limited to 64Mb. + size: 64Mi + - name: lvm_root_part + size: 80Gi + - name: lvm_lvp_part + size: 0 + volumeGroups: + - name: lvm_root + devices: + - partition: lvm_root_part + - name: lvm_lvp + devices: + - partition: lvm_lvp_part + logicalVolumes: + - name: root + vg: lvm_root + size: 0 + - name: lvp + vg: lvm_lvp + size: 0 + fileSystems: + - fileSystem: vfat + partition: config-2 + - fileSystem: vfat + partition: uefi + mountPoint: /boot/efi + - fileSystem: ext4 + logicalVolume: root + mountPoint: / + mountOpts: 'rw,noatime,nodiratime,lazytime,nobarrier,commit=240,data=ordered' + - fileSystem: ext4 + logicalVolume: lvp + mountPoint: /mnt/local-volumes/ + mountOpts: 'rw,noatime,nodiratime,lazytime,nobarrier,commit=240,data=ordered' + preDeployScript: | + #!/bin/bash -ex + echo $(date) 'pre_deploy_script done' >> /root/pre_deploy_done + postDeployScript: | + #!/bin/bash -ex + echo "root:r00tme" | sudo chpasswd + echo "blacklist acpi_power_meter" > /etc/modprobe.d/hwmon.conf + ln -sf /dev/null /etc/systemd/system/ondemand.service + echo $(date) 'post_deploy_script done' >> /root/post_deploy_done + grubConfig: + defaultGrubOptions: + - 'GRUB_DISABLE_RECOVERY="true"' + - 'GRUB_PRELOAD_MODULES=lvm' + - 'GRUB_TIMEOUT=20' + - 'GRUB_TERMINAL_INPUT="console serial"' + - 'GRUB_TERMINAL_OUTPUT="gfxterm serial"' + - 'GRUB_SERIAL_COMMAND="serial --unit=0 --speed=9600"' + - 'GRUB_CMDLINE_LINUX="noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off systemd.journald.forward_to_console=yes console=ttyS0,9600 console=tty0"' + kernelParameters: + sysctl: + kernel.dmesg_restrict: "1" + kernel.core_uses_pid: "1" + fs.file-max: "9223372036854775807" + fs.aio-max-nr: "1048576" + fs.inotify.max_user_instances: "4096" + vm.max_map_count: "262144" + net.ipv4.conf.all.rp_filter: "0" + net.ipv4.conf.default.rp_filter: "0" diff --git a/templates/2.29.0/management/baremetalhosts.yaml.template b/templates/2.29.0/management/baremetalhosts.yaml.template new file mode 100644 index 0000000..c2379ee --- /dev/null +++ b/templates/2.29.0/management/baremetalhosts.yaml.template @@ -0,0 +1,81 @@ +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostCredential +metadata: + name: master-0-bmc-credentials + namespace: default + labels: + kaas.mirantis.com/provider: baremetal +spec: + username: "admin" + password: + value: "password" +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostCredential +metadata: + name: master-1-bmc-credentials + namespace: default + labels: + kaas.mirantis.com/provider: baremetal +spec: + username: "admin" + password: + value: "password" +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostCredential +metadata: + name: master-2-bmc-credentials + namespace: default + labels: + kaas.mirantis.com/provider: baremetal +spec: + username: "admin" + password: + value: "password" +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostInventory +metadata: + name: master-0 + labels: + kaas.mirantis.com/provider: baremetal + baremetal: hw-master-0 +spec: + bootMode: legacy + online: true + bootMACAddress: "{{ mgmt_node_mac_address_0 }}" + bmc: + address: 127.0.0.1:6230 + credentialsName: "master-0-bmc-credentials" +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostInventory +metadata: + name: master-1 + labels: + kaas.mirantis.com/provider: baremetal + baremetal: hw-master-1 +spec: + bootMode: legacy + online: true + bootMACAddress: "{{ mgmt_node_mac_address_1 }}" + bmc: + address: 127.0.0.1:6231 + credentialsName: "master-1-bmc-credentials" +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BareMetalHostInventory +metadata: + name: master-2 + labels: + kaas.mirantis.com/provider: baremetal + baremetal: hw-master-2 +spec: + bootMode: legacy + online: true + bootMACAddress: "{{ mgmt_node_mac_address_2 }}" + bmc: + address: 127.0.0.1:6232 + credentialsName: "master-2-bmc-credentials" diff --git a/templates/2.29.0/management/bootstrapregion.yaml.template b/templates/2.29.0/management/bootstrapregion.yaml.template new file mode 100644 index 0000000..687e29b --- /dev/null +++ b/templates/2.29.0/management/bootstrapregion.yaml.template @@ -0,0 +1,7 @@ +apiVersion: kaas.mirantis.com/v1alpha1 +kind: BootstrapRegion +metadata: + name: region-one + namespace: default +spec: + provider: baremetal diff --git a/templates/2.29.0/management/cluster.yaml.template b/templates/2.29.0/management/cluster.yaml.template new file mode 100644 index 0000000..b25d547 --- /dev/null +++ b/templates/2.29.0/management/cluster.yaml.template @@ -0,0 +1,74 @@ +--- +apiVersion: cluster.k8s.io/v1alpha1 +kind: Cluster +metadata: + name: {{ MCC_MGMT_CLUSTER_NAME }} + labels: + kaas.mirantis.com/provider: baremetal +spec: + clusterNetwork: + services: + cidrBlocks: + - 10.233.0.0/18 + pods: + cidrBlocks: + - 10.233.64.0/18 + providerSpec: + value: + apiVersion: baremetal.k8s.io/v1alpha1 + kind: BaremetalClusterProviderSpec + nodeCidr: 10.10.10.0/24 + dedicatedControlPlane: false + dedicatedMetallbPools: true + helmReleases: + - name: metallb + values: {} + - name: stacklight + values: + elasticsearch: + persistentVolumeClaimSize: 30Gi + highAvailabilityEnabled: true + logging: + enabled: false + prometheusServer: + persistentVolumeClaimSize: 16Gi + publicKeys: + - name: user-key + - name: bootstrap-key + kaas: + regional: + - provider: baremetal + helmReleases: + - name: baremetal-provider + values: + config: + customHostnamesEnabled: true + {%- if NTP_SERVERS is defined and NTP_SERVERS != '' %} + lcm: + ntp: + servers: + {%- for server in NTP_SERVERS.split(',') %} + - {{ server -}} + {% endfor %} + {%- endif %} + - name: baremetal-operator + values: + dhcp_relay: + enable: true + virtualbmc_vsphere: + enabled: true + dnsmasq: + dynamic_bootp: true + - name: kaas-ipam + values: {} + management: + enabled: true + {%- if MCC_RELEASES_URL is defined and MCC_RELEASES_URL != '' %} + helmReleases: + - name: release-controller + values: + releasesBaseUrl: {{ MCC_RELEASES_URL }}/releases + - name: diagnostic-controller + values: + releasesBaseUrl: {{ MCC_RELEASES_URL }}/releases + {%- endif %} diff --git a/templates/2.29.0/management/ipam-objects.yaml.template b/templates/2.29.0/management/ipam-objects.yaml.template new file mode 100644 index 0000000..e0b49a6 --- /dev/null +++ b/templates/2.29.0/management/ipam-objects.yaml.template @@ -0,0 +1,110 @@ +--- +apiVersion: "ipam.mirantis.com/v1alpha1" +kind: Subnet +metadata: + name: mgmt-pxe + namespace: default + labels: + kaas.mirantis.com/provider: baremetal + ipam/SVC-dhcp-range: "presents" +spec: + cidr: {{ NETWORK_PXE_SUBNET }} + includeRanges: + - {{ NETWORK_PXE_DHCP_RANGE }} + +--- +apiVersion: "ipam.mirantis.com/v1alpha1" +kind: Subnet +metadata: + name: mgmt-pxe-nics + namespace: default + labels: + kaas.mirantis.com/provider: baremetal + cluster.sigs.k8s.io/cluster-name: {{ MCC_MGMT_CLUSTER_NAME }} + ipam/SVC-pxe-nics: "presents" +spec: + cidr: {{ NETWORK_PXE_SUBNET }} + includeRanges: + - {{ NETWORK_PXE_STATIC_RANGE_MGMT }} + +--- +apiVersion: "ipam.mirantis.com/v1alpha1" +kind: Subnet +metadata: + name: mgmt-k8s-api-lb + namespace: default + labels: + kaas.mirantis.com/provider: baremetal + cluster.sigs.k8s.io/cluster-name: {{ MCC_MGMT_CLUSTER_NAME }} + ipam/SVC-LBhost: "presents" +spec: + cidr: {{ NETWORK_LCM_MGMT_LB_HOST }}/32 + useWholeCidr: true + +--- +apiVersion: "ipam.mirantis.com/v1alpha1" +kind: Subnet +metadata: + name: mgmt-lcm + namespace: default + labels: + kaas.mirantis.com/provider: baremetal + cluster.sigs.k8s.io/cluster-name: {{ MCC_MGMT_CLUSTER_NAME }} + ipam/SVC-k8s-lcm: "presents" +spec: + cidr: {{ NETWORK_LCM_SUBNET }} + gateway: {{ NETWORK_LCM_GATEWAY }} + nameservers: + {%- for server in NAMESERVERS.split(',') %} + - {{ server -}} + {% endfor %} + includeRanges: + - {{ NETWORK_LCM_STATIC_RANGE_MGMT }} + +--- +apiVersion: ipam.mirantis.com/v1alpha1 +kind: L2Template +metadata: + name: default + namespace: default + labels: + kaas.mirantis.com/provider: baremetal + cluster.sigs.k8s.io/cluster-name: {{ MCC_MGMT_CLUSTER_NAME }} + ipam/DefaultForCluster: "1" +spec: + autoIfMappingPrio: + - eth + - eno + - ens + - enp + l3Layout: + - scope: namespace + subnetName: mgmt-pxe-nics + labelSelector: + kaas.mirantis.com/provider: baremetal + ipam/SVC-pxe-nics: "presents" + - scope: namespace + subnetName: mgmt-lcm + labelSelector: + kaas.mirantis.com/provider: baremetal + ipam/SVC-k8s-lcm: "presents" +{#- protect go-template below from Jinja #} +{%- raw %} + npTemplate: | + version: 2 + renderer: networkd + ethernets: + {{ nic 0 }}: + addresses: + - {{ ip "0:mgmt-lcm" }} + - {{ ip "pxe:mgmt-pxe-nics" }} + dhcp4: false + dhcp6: false + gateway4: {{ gateway_from_subnet "mgmt-lcm" }} + match: + macaddress: {{ mac 0 }} + nameservers: + addresses: {{ nameservers_from_subnet "mgmt-lcm" }} + set-name: mcc-lcm +{%- endraw %} +{#- end protect go-template below from Jinja #} diff --git a/templates/2.29.0/management/machines.yaml.template b/templates/2.29.0/management/machines.yaml.template new file mode 100644 index 0000000..9b7c8cc --- /dev/null +++ b/templates/2.29.0/management/machines.yaml.template @@ -0,0 +1,47 @@ +apiVersion: "cluster.k8s.io/v1alpha1" +kind: MachineList +items: +- apiVersion: "cluster.k8s.io/v1alpha1" + kind: Machine + metadata: + name: master-0 + labels: &cp_labels + kaas.mirantis.com/provider: baremetal + cluster.sigs.k8s.io/cluster-name: {{ MCC_MGMT_CLUSTER_NAME }} + cluster.sigs.k8s.io/control-plane: "true" + spec: + providerSpec: + value: &cp_value + apiVersion: "baremetal.k8s.io/v1alpha1" + kind: "BareMetalMachineProviderSpec" + hostSelector: + matchLabels: + baremetal: hw-master-0 + +- apiVersion: "cluster.k8s.io/v1alpha1" + kind: Machine + metadata: + name: master-1 + labels: + <<: *cp_labels + spec: + providerSpec: + value: + <<: *cp_value + hostSelector: + matchLabels: + baremetal: hw-master-1 + +- apiVersion: "cluster.k8s.io/v1alpha1" + kind: Machine + metadata: + name: master-2 + labels: + <<: *cp_labels + spec: + providerSpec: + value: + <<: *cp_value + hostSelector: + matchLabels: + baremetal: hw-master-2 diff --git a/templates/2.29.0/management/metallbconfig.yaml.template b/templates/2.29.0/management/metallbconfig.yaml.template new file mode 100644 index 0000000..4166808 --- /dev/null +++ b/templates/2.29.0/management/metallbconfig.yaml.template @@ -0,0 +1,36 @@ +--- +apiVersion: kaas.mirantis.com/v1alpha1 +kind: MetalLBConfig +metadata: + labels: + kaas.mirantis.com/provider: baremetal + cluster.sigs.k8s.io/cluster-name: {{ MCC_MGMT_CLUSTER_NAME }} + name: {{ MCC_MGMT_CLUSTER_NAME }}-metallb + namespace: default +spec: + ipAddressPools: + - name: default + spec: + addresses: + - {{ NETWORK_LCM_METALLB_RANGE_MGMT }} + autoAssign: true + avoidBuggyIPs: false + - name: services-pxe + spec: + addresses: + - {{ NETWORK_PXE_METALLB_RANGE }} + autoAssign: false + avoidBuggyIPs: false + l2Advertisements: + - name: default + spec: + interfaces: + - mcc-lcm + ipAddressPools: + - default + - name: pxe + spec: + interfaces: + - mcc-lcm + ipAddressPools: + - services-pxe \ No newline at end of file diff --git a/templates/2.29.0/management/serviceusers.yaml.template b/templates/2.29.0/management/serviceusers.yaml.template new file mode 100644 index 0000000..3d492fb --- /dev/null +++ b/templates/2.29.0/management/serviceusers.yaml.template @@ -0,0 +1,10 @@ +apiVersion: kaas.mirantis.com/v1alpha1 +kind: ServiceUserList +items: +- apiVersion: kaas.mirantis.com/v1alpha1 + kind: ServiceUser + metadata: + name: serviceuser + spec: + password: + value: {{ MCC_SERVICEUSER_PASSWORD }} diff --git a/templates/2.29.0/management/sshkey.yaml.template b/templates/2.29.0/management/sshkey.yaml.template new file mode 100644 index 0000000..6dee3e4 --- /dev/null +++ b/templates/2.29.0/management/sshkey.yaml.template @@ -0,0 +1,8 @@ +apiVersion: kaas.mirantis.com/v1alpha1 +kind: PublicKey +metadata: + name: user-key + namespace: default +spec: + publicKey: | + {{ MCC_SSH_PUBLIC_KEY }} diff --git a/templates/2.29.0/management/vbmc.yaml.template b/templates/2.29.0/management/vbmc.yaml.template new file mode 100644 index 0000000..3161a64 --- /dev/null +++ b/templates/2.29.0/management/vbmc.yaml.template @@ -0,0 +1,108 @@ +--- +apiVersion: metal3.io/v1alpha1 +kind: VBMC +metadata: + labels: + vbmc.metal3.io/active: "1" + name: vbmc-vsphere-config + namespace: kaas +spec: + default: + configDir: /vbmc + ipmi: + sessionTimeout: 20 + log: + debug: true + domains: + - username: admin + password: password + address: 127.0.0.1 + port: 6230 + domainName: {{ vm_name_prefix_tmpl }}mgmt-master-0 + vsphereAddress: {{ VSPHERE_SERVER }} + vsphereUsername: {{ VSPHERE_USERNAME }} + vspherePassword: {{ VSPHERE_PASSWORD }} + active: True + - username: admin + password: password + address: 127.0.0.1 + port: 6231 + domainName: {{ vm_name_prefix_tmpl }}mgmt-master-1 + vsphereAddress: {{ VSPHERE_SERVER }} + vsphereUsername: {{ VSPHERE_USERNAME }} + vspherePassword: {{ VSPHERE_PASSWORD }} + active: True + - username: admin + password: password + address: 127.0.0.1 + port: 6232 + domainName: {{ vm_name_prefix_tmpl }}mgmt-master-2 + vsphereAddress: {{ VSPHERE_SERVER }} + vsphereUsername: {{ VSPHERE_USERNAME }} + vspherePassword: {{ VSPHERE_PASSWORD }} + active: True + - username: admin + password: password + address: 127.0.0.1 + port: 6240 + domainName: {{ vm_name_prefix_tmpl }}managed-control-0 + vsphereAddress: {{ VSPHERE_SERVER }} + vsphereUsername: {{ VSPHERE_USERNAME }} + vspherePassword: {{ VSPHERE_PASSWORD }} + active: True + - username: admin + password: password + address: 127.0.0.1 + port: 6241 + domainName: {{ vm_name_prefix_tmpl }}managed-control-1 + vsphereAddress: {{ VSPHERE_SERVER }} + vsphereUsername: {{ VSPHERE_USERNAME }} + vspherePassword: {{ VSPHERE_PASSWORD }} + active: True + - username: admin + password: password + address: 127.0.0.1 + port: 6242 + domainName: {{ vm_name_prefix_tmpl }}managed-control-2 + vsphereAddress: {{ VSPHERE_SERVER }} + vsphereUsername: {{ VSPHERE_USERNAME }} + vspherePassword: {{ VSPHERE_PASSWORD }} + active: True + - username: admin + password: password + address: 127.0.0.1 + port: 6250 + domainName: {{ vm_name_prefix_tmpl }}managed-worker-0 + vsphereAddress: {{ VSPHERE_SERVER }} + vsphereUsername: {{ VSPHERE_USERNAME }} + vspherePassword: {{ VSPHERE_PASSWORD }} + active: True + - username: admin + password: password + address: 127.0.0.1 + port: 6251 + domainName: {{ vm_name_prefix_tmpl }}managed-worker-1 + vsphereAddress: {{ VSPHERE_SERVER }} + vsphereUsername: {{ VSPHERE_USERNAME }} + vspherePassword: {{ VSPHERE_PASSWORD }} + active: True + - username: admin + password: password + address: 127.0.0.1 + port: 6252 + domainName: {{ vm_name_prefix_tmpl }}managed-worker-2 + vsphereAddress: {{ VSPHERE_SERVER }} + vsphereUsername: {{ VSPHERE_USERNAME }} + vspherePassword: {{ VSPHERE_PASSWORD }} + active: True +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: config + app.kubernetes.io/name: vbmc + app.kubernetes.io/part-of: kaas-bm + name: vbmc-vsphere-config + namespace: kaas +data: {} diff --git a/templates/2.29.1 b/templates/2.29.1 new file mode 120000 index 0000000..67b680c --- /dev/null +++ b/templates/2.29.1 @@ -0,0 +1 @@ +2.29.0 \ No newline at end of file diff --git a/templates/2.29.2 b/templates/2.29.2 new file mode 120000 index 0000000..67b680c --- /dev/null +++ b/templates/2.29.2 @@ -0,0 +1 @@ +2.29.0 \ No newline at end of file diff --git a/templates/2.29.3 b/templates/2.29.3 new file mode 120000 index 0000000..67b680c --- /dev/null +++ b/templates/2.29.3 @@ -0,0 +1 @@ +2.29.0 \ No newline at end of file diff --git a/templates/2.29.4 b/templates/2.29.4 new file mode 120000 index 0000000..67b680c --- /dev/null +++ b/templates/2.29.4 @@ -0,0 +1 @@ +2.29.0 \ No newline at end of file