openshift-heat/environment_example.yaml at v3.11 · UKCloud/openshift-heat · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
parameter_defaults:
  key_name: <openstack key name>
  domain_suffix: <domain suffix to be used for the OpenShift deployment>
  openshift_openstack_username: <OpenStack username for the tenancy OpenShift will be deployed to>
  local_domain_suffix: <local internal domain name - default: openstacklocal>
  controlplane_floating_ip: <pre-provisioned floating ip ID>
  dataplane_floating_ip: <pre-provisioned floating ip ID>
  external_network_cp: <external network to attach control plane to>
  external_dns: <[ "external dns server 1", "external dns server 2" ] default: 8.8.8.8>
  # S3 details for object storage account to back the container registry off to.
  s3_region_endpoint: <s3 endpoint>
  s3_access_key: <s3 access key/user id>
  s3_secret_key: <s3 secret>
  s3_bucket_name: <existing s3 bucket to use - note this must exist already!>
  # Process specifics to run in the ansible deployment after heat has finished
  get_certificates: <whether to get certificates from letsencrypt - requires external DNS setup>
  staging_certs: <if certificates should be production LE or staging>
  do_upgrades: <whether to perform node patching prior to deployment>
  openshift_version: <major version number default is 3.9, 3.9 is the minimum now>
  # Aggregated logging options
  install_logging: <deploy EFK stack for aggregated logging>
  logging_cluster_size: <ES scale in agg logging stack>
  # Options to brand OCP portal (eg custom logo)
  ocp_branding: false
  ocp_branding_url: "URL for branding CSS"
  # Route options
  #set_node_routes: <boolean - whether to deploy static routes>
  #node_routes:
  #  - gateway: <value>
  #    route: <value>
  # Cluster scale options
  worker_small_scale: <no of small nodes to deploy, default: 0>
  worker_medium_scale: <no of medium nodes to deploy, default: 0>
  worker_large_scale: <no of large nodes to deploy, default: 0>
  infra_scale: <no of infrastructure nodes to deploy, default: 2>
  # Security group options
  control_plane_allowed_sources: <allowed cidr for inbound traffic to control plane default: 0.0.0.0/0 (any)>
  data_plane_allowed_sources: <allowed cidr for inbound traffic to data plane default : 0.0.0.0/0 (any)>
  bastion_allowed_sources: <list of allowed sources for inbound SSH to bastions. Defaults to 0.0.0.0/0>
  # Extra gateway options
  #deploy_extra_gateway: <whether to deploy an extra gateway e.g. VRF default: false>
  #extra_gateway_external_network: <external network extra gateway connects to>
  #extra_gateway_internal_ip: <EG router IP on internal network>
  # Secondary network options for multi-network deployments
  #multinetwork: <whether to deploy a secondary network and data plane default: false>
  #net2_dns_server: <["external dns server 1", "external dns server 2" ]>
  #net2_ntp_servers: <["server1", "server2"] used by chronyd for NTP on community networks>
  #net2_gateway_internal_ip: <net2 router IP on internal network>
  #net2_worker_small_scale: <no of small net2 nodes to deploy, default: 2>
  #net2_worker_medium_scale: <no of medium net2 nodes to deploy, default: 0>
  #net2_worker_large_scale: <no of large net2 nodes to deploy, default: 0>
  #net2_external_network: <name of external network for net2>
  #net2_node_routes: <routes required by openshift net2 nodes e.g. openstack, red hat registry>
  #  - gateway: <value>
  #    route: <value>
  #net2_routes:
  #  - gateway: <value>
  #    route: <value>
  # Example of overriding default network settings
  #network_config:
  #  allocation_pool: [{"start": "10.3.1.2", "end": "10.3.1.100"}]
  #  cidr: "10.3.1.0/24"
  #  dns: [ "8.8.4.4" ]
  #  gateway: "10.3.1.102"
  #  bastion_ip: "10.3.1.101"
  #  service_subnet: This should be a /29 starting at .240 unless more addresses are required. .249-.254 will be left for routers "10.3.1.240/29"
  #external_services_config:
  #  - service_ip: Neutron network IP for service. Must be within the external_service_subnet.
  #    floating_network: External network to expose the service on e.g. [ "Internet" ], must be a comma delimited list
  #    proto: tcp or udp
  #    port: port to expose e.g. 3306
  #    allowed_sources: sources allowed to hit service e.g. 0.0.0.0/0
  # Example of passing in configuration for SSO
  #sso_config:
  #  client_id: <client ID>
  #  client_secret: <client secret>
  #  urls: '{"authorize": "<authorize_url>","token": "<token_url>","userInfo": "<userinfo_url>","logout": "<logout_url>"}'
  # Example of passing in configuration for authenticated RH registry
  # This is required as of v3.11 of OpenShift
  #registry_details:
  #  registry_url: "<registry_url>"
  #  registry_user: "<registry_user>"
  #  registry_password: "<registry_password>"
  #deploy_portworx_storage: <whether to deploy extra volumes, network and prereqs for portworx>
  ansible_branch: "v3.11"
  neustar_ultradns_username: "<neustar_ultradns_username>"
  neustar_ultradns_password: "<neustar_ultradns_password>"
  slack_webhook_url_acme_sh: "<Slack Webhook URL for acme.sh notifications>"
  ansible_vault_password: '<Ansible Vault password>'
  zabbix_agents: 'automatically sets up zabbix agents if this variable is true, defaults to false'