apiVersion: v1 data: ceph.client.openstack.keyring: CHANGEME_CEPH_KEYRING ceph.conf: CHANGEME_CEPH_CONF kind: Secret metadata: name: ceph-conf-files namespace: openstack type: Opaque --- apiVersion: v1 data: AdminPassword: MTIzNDU2Nzg= AodhDatabasePassword: MTIzNDU2Nzg= AodhPassword: MTIzNDU2Nzg= BarbicanDatabasePassword: MTIzNDU2Nzg= BarbicanPassword: MTIzNDU2Nzg= BarbicanSimpleCryptoKEK: c0VGbWRGakRVcVJNMlZlbVlzbFY1eUdOV2pva2lvSlhzZzhOcmxjM2RyVT0= CeilometerPassword: MTIzNDU2Nzg= CinderDatabasePassword: MTIzNDU2Nzg= CinderPassword: MTIzNDU2Nzg= CloudKittyPassword: MTIzNDU2Nzg= DatabasePassword: MTIzNDU2Nzg= DbRootPassword: MTIzNDU2Nzg= DesignateDatabasePassword: MTIzNDU2Nzg= DesignatePassword: MTIzNDU2Nzg= GlanceDatabasePassword: MTIzNDU2Nzg= GlancePassword: MTIzNDU2Nzg= HeatAuthEncryptionKey: NzY3YzNlZDA1NmNiYWEzYjlkZmVkYjhjNmY4MjViZjA= HeatDatabasePassword: MTIzNDU2Nzg= HeatPassword: MTIzNDU2Nzg= IronicDatabasePassword: MTIzNDU2Nzg= IronicInspectorDatabasePassword: MTIzNDU2Nzg= IronicInspectorPassword: MTIzNDU2Nzg= IronicPassword: MTIzNDU2Nzg= KeystoneDatabasePassword: MTIzNDU2Nzg= ManilaDatabasePassword: MTIzNDU2Nzg= ManilaPassword: MTIzNDU2Nzg= MetadataSecret: MTIzNDU2Nzg0Mg== NeutronDatabasePassword: MTIzNDU2Nzg= NeutronPassword: MTIzNDU2Nzg= NovaAPIDatabasePassword: MTIzNDU2Nzg= NovaCell0DatabasePassword: MTIzNDU2Nzg= NovaCell1DatabasePassword: MTIzNDU2Nzg= NovaPassword: MTIzNDU2Nzg= OctaviaDatabasePassword: MTIzNDU2Nzg= OctaviaHeartbeatKey: MTIzNDU2Nzg= OctaviaPassword: MTIzNDU2Nzg= PlacementDatabasePassword: MTIzNDU2Nzg= PlacementPassword: MTIzNDU2Nzg= SwiftPassword: MTIzNDU2Nzg= WatcherPassword: MTIzNDU2Nzg= kind: Secret metadata: name: osp-secret namespace: openstack type: Opaque --- apiVersion: core.openstack.org/v1beta1 kind: OpenStackControlPlane metadata: name: controlplane namespace: openstack spec: barbican: apiOverride: route: {} template: barbicanAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: CHANGEME_SNO_INTAPI_LB_IP spec: type: LoadBalancer replicas: 3 barbicanKeystoneListener: replicas: 1 barbicanWorker: replicas: 3 databaseInstance: openstack preserveJobs: true secret: osp-secret cinder: apiOverride: route: {} template: apiTimeout: 600 cinderAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: CHANGEME_SNO_INTAPI_LB_IP spec: type: LoadBalancer replicas: 3 cinderBackup: networkAttachments: - storage replicas: 0 cinderScheduler: replicas: 1 cinderVolumes: {} customServiceConfig: | # Debug logs by default, jobs can override as needed. [DEFAULT] debug = true databaseInstance: openstack preserveJobs: true secret: osp-secret uniquePodNames: true designate: enabled: false template: customServiceConfig: | [DEFAULT] debug = true designateAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: CHANGEME_SNO_INTAPI_LB_IP replicas: 3 designateBackendbind9: networkAttachments: - designate replicas: 3 storageClass: lvms-local-storage storageRequest: 10Gi designateCentral: replicas: 1 designateMdns: networkAttachments: - designate replicas: 3 designateProducer: networkAttachments: - designate replicas: 2 designateUnbound: networkAttachments: - designate replicas: 1 designateWorker: networkAttachments: - designate replicas: 3 nsRecords: - hostname: ns1.example.org. priority: 1 - hostname: ns2.example.org. priority: 2 preserveJobs: true dns: template: options: - key: server values: - CHANGEME_SNO_DNS_SERVER override: service: metadata: annotations: metallb.universe.tf/address-pool: ctlplane metallb.universe.tf/allow-shared-ip: ctlplane metallb.universe.tf/loadBalancerIPs: CHANGEME_SNO_CTLPLANE_LB_IP spec: type: LoadBalancer replicas: 2 extraMounts: - extraVol: - extraVolType: Ceph mounts: - mountPath: /etc/ceph name: ceph readOnly: true propagation: - GlanceAPI volumes: - name: ceph secret: secretName: ceph-conf-files name: v1 region: r1 galera: enabled: true templates: openstack: replicas: 3 secret: osp-secret storageRequest: 5Gi openstack-cell1: replicas: 3 secret: osp-secret storageRequest: 5Gi glance: apiOverrides: default: route: {} template: customServiceConfig: | [DEFAULT] enabled_backends = default_backend:rbd [glance_store] default_backend = default_backend [default_backend] rbd_store_ceph_conf = /etc/ceph/ceph.conf store_description = "Ceph RBD backend" rbd_store_pool = images rbd_store_user = openstack rbd_thin_provisioning = True databaseInstance: openstack glanceAPIs: default: apiTimeout: 600 networkAttachments: - storage override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: CHANGEME_SNO_INTAPI_LB_IP spec: type: LoadBalancer replicas: 1 preserveJobs: true storage: storageClass: lvms-local-storage storageRequest: 10Gi uniquePodNames: true heat: apiOverride: route: {} cnfAPIOverride: route: {} enabled: false template: databaseInstance: openstack heatAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: CHANGEME_SNO_INTAPI_LB_IP spec: type: LoadBalancer replicas: 1 heatEngine: replicas: 1 preserveJobs: true secret: osp-secret horizon: apiOverride: route: {} enabled: true template: preserveJobs: true replicas: 1 secret: osp-secret ironic: enabled: false template: databaseInstance: openstack ironicAPI: replicas: 1 ironicConductors: - replicas: 1 storageRequest: 10Gi ironicInspector: preserveJobs: true replicas: 1 ironicNeutronAgent: replicas: 1 preserveJobs: true secret: osp-secret keystone: apiOverride: route: {} template: databaseInstance: openstack override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: CHANGEME_SNO_INTAPI_LB_IP spec: type: LoadBalancer preserveJobs: true replicas: 3 secret: osp-secret manila: apiOverride: route: haproxy.router.openshift.io/timeout: 60s enabled: false template: databaseInstance: openstack manilaAPI: networkAttachments: - internalapi override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: CHANGEME_SNO_INTAPI_LB_IP spec: type: LoadBalancer replicas: 1 manilaScheduler: replicas: 1 manilaShares: share1: networkAttachments: - storage replicas: 1 preserveJobs: true memcached: templates: memcached: replicas: 3 neutron: apiOverride: route: {} template: customServiceConfig: | [ml2] mechanism_drivers = ovn databaseInstance: openstack networkAttachments: - internalapi override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: CHANGEME_SNO_INTAPI_LB_IP spec: type: LoadBalancer preserveJobs: true replicas: 3 secret: osp-secret notificationsBus: cluster: rabbitmq nova: apiOverride: route: {} template: apiServiceTemplate: customServiceConfig: | [pci] alias = { "vendor_id":"10de", "product_id":"20f1", "device_type":"type-PF", "name":"nvidia_a2" } [filter_scheduler] pci_in_placement = True override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: CHANGEME_SNO_INTAPI_LB_IP spec: type: LoadBalancer replicas: 3 apiTimeout: 600 cellTemplates: cell0: cellDatabaseAccount: nova-cell0 cellDatabaseInstance: openstack conductorServiceTemplate: customServiceConfig: | [filter_scheduler] pci_in_placement = True replicas: 1 hasAPIAccess: true messagingBus: cluster: rabbitmq cell1: cellDatabaseAccount: nova-cell1 cellDatabaseInstance: openstack-cell1 conductorServiceTemplate: customServiceConfig: | [filter_scheduler] pci_in_placement = True replicas: 1 hasAPIAccess: true messagingBus: cluster: rabbitmq-cell1 metadataServiceTemplate: override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: CHANGEME_SNO_INTAPI_LB_IP spec: type: LoadBalancer replicas: 3 preserveJobs: true schedulerServiceTemplate: customServiceConfig: | [filter_scheduler] pci_in_placement = True replicas: 3 secret: osp-secret octavia: enabled: false template: databaseInstance: openstack octaviaAPI: preserveJobs: true replicas: 1 octaviaHealthManager: {} octaviaHousekeeping: {} octaviaWorker: {} preserveJobs: true secret: osp-secret ovn: template: ovnController: networkAttachment: tenant nicMappings: datacentre: ospbr ovnDBCluster: ovndbcluster-nb: dbType: NB networkAttachment: internalapi replicas: 3 storageRequest: 10Gi ovndbcluster-sb: dbType: SB networkAttachment: internalapi replicas: 3 storageRequest: 10Gi ovnNorthd: logLevel: info nThreads: 1 replicas: 1 resources: {} tls: {} placement: apiOverride: route: {} template: databaseInstance: openstack override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: CHANGEME_SNO_INTAPI_LB_IP spec: type: LoadBalancer preserveJobs: true replicas: 3 secret: osp-secret rabbitmq: templates: rabbitmq: override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: CHANGEME_SNO_RABBITMQ_IP spec: type: LoadBalancer replicas: 3 resources: limits: cpu: "2" memory: 4Gi requests: cpu: "1" memory: 4Gi rabbitmq-cell1: override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: CHANGEME_SNO_RABBITMQ_CELL1_IP spec: type: LoadBalancer replicas: 3 resources: limits: cpu: "2" memory: 4Gi requests: cpu: "1" memory: 4Gi secret: osp-secret storageClass: lvms-local-storage swift: enabled: false proxyOverride: route: {} template: swiftProxy: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: CHANGEME_SNO_INTAPI_LB_IP spec: type: LoadBalancer replicas: 1 swiftRing: ringReplicas: 1 swiftStorage: replicas: 1 telemetry: enabled: true template: ceilometer: enabled: true logging: enabled: false metricStorage: dashboardsEnabled: true dataplaneNetwork: ctlplane enabled: true monitoringStack: alertingEnabled: true alertmanagerConfig: replicas: 1 scrapeInterval: 30s storage: persistent: pvcStorageClass: lvms-local-storage pvcStorageRequest: 20G pvcStorageSelector: {} retention: 24h strategy: persistent networkAttachments: - ctlplane tls: caBundleSecretName: custom-ca-certs podLevel: enabled: true