apiVersion: v1 data: server-ca-passphrase: MTIzNDU2Nzg= kind: Secret metadata: name: octavia-ca-passphrase namespace: openstack type: Opaque --- apiVersion: v1 data: AdminPassword: MTIzNDU2Nzg= AodhDatabasePassword: MTIzNDU2Nzg= AodhPassword: MTIzNDU2Nzg= BarbicanDatabasePassword: MTIzNDU2Nzg= BarbicanPassword: MTIzNDU2Nzg= BarbicanSimpleCryptoKEK: c0VGbWRGakRVcVJNMlZlbVlzbFY1eUdOV2pva2lvSlhzZzhOcmxjM2RyVT0= CeilometerPassword: MTIzNDU2Nzg= CinderDatabasePassword: MTIzNDU2Nzg= CinderPassword: MTIzNDU2Nzg= CloudKittyPassword: MTIzNDU2Nzg= DatabasePassword: MTIzNDU2Nzg= DbRootPassword: MTIzNDU2Nzg= DesignateDatabasePassword: MTIzNDU2Nzg= DesignatePassword: MTIzNDU2Nzg= GlanceDatabasePassword: MTIzNDU2Nzg= GlancePassword: MTIzNDU2Nzg= HeatAuthEncryptionKey: NzY3YzNlZDA1NmNiYWEzYjlkZmVkYjhjNmY4MjViZjA= HeatDatabasePassword: MTIzNDU2Nzg= HeatPassword: MTIzNDU2Nzg= IronicDatabasePassword: MTIzNDU2Nzg= IronicInspectorDatabasePassword: MTIzNDU2Nzg= IronicInspectorPassword: MTIzNDU2Nzg= IronicPassword: MTIzNDU2Nzg= KeystoneDatabasePassword: MTIzNDU2Nzg= ManilaDatabasePassword: MTIzNDU2Nzg= ManilaPassword: MTIzNDU2Nzg= MetadataSecret: MTIzNDU2Nzg0Mg== NeutronDatabasePassword: MTIzNDU2Nzg= NeutronPassword: MTIzNDU2Nzg= NovaAPIDatabasePassword: MTIzNDU2Nzg= NovaCell0DatabasePassword: MTIzNDU2Nzg= NovaCell1DatabasePassword: MTIzNDU2Nzg= NovaPassword: MTIzNDU2Nzg= OctaviaDatabasePassword: MTIzNDU2Nzg= OctaviaHeartbeatKey: MTIzNDU2Nzg= OctaviaPassword: MTIzNDU2Nzg= PlacementDatabasePassword: MTIzNDU2Nzg= PlacementPassword: MTIzNDU2Nzg= SwiftPassword: MTIzNDU2Nzg= WatcherPassword: MTIzNDU2Nzg= kind: Secret metadata: name: osp-secret namespace: openstack type: Opaque --- apiVersion: core.openstack.org/v1beta1 kind: OpenStackControlPlane metadata: name: controlplane namespace: openstack spec: barbican: apiOverride: route: {} template: barbicanAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 barbicanKeystoneListener: replicas: 1 barbicanWorker: replicas: 3 databaseInstance: openstack messagingBus: cluster: rabbitmq user: barbican vhost: barbican preserveJobs: false secret: osp-secret cinder: apiOverride: route: {} template: apiTimeout: 600 cinderAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 cinderBackup: networkAttachments: - storage replicas: 0 cinderScheduler: replicas: 1 cinderVolumes: {} customServiceConfig: | # Debug logs by default, jobs can override as needed. [DEFAULT] debug = true databaseInstance: openstack messagingBus: cluster: rabbitmq user: cinder vhost: cinder preserveJobs: false secret: osp-secret uniquePodNames: true designate: enabled: true template: customServiceConfig: | [DEFAULT] debug = true designateAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 replicas: 3 designateBackendbind9: bind9Services: services: - metadata: annotations: metallb.universe.tf/LoadBalancerIPs: 172.34.0.80 metallb.universe.tf/address-pool: designateext metallb.universe.tf/allow-shared-ip: designateext spec: type: LoadBalancer - metadata: annotations: metallb.universe.tf/LoadBalancerIPs: 172.34.0.81 metallb.universe.tf/address-pool: designateext metallb.universe.tf/allow-shared-ip: designateext spec: type: LoadBalancer - metadata: annotations: metallb.universe.tf/LoadBalancerIPs: 172.34.0.82 metallb.universe.tf/address-pool: designateext metallb.universe.tf/allow-shared-ip: designateext spec: type: LoadBalancer networkAttachments: - designate replicas: 3 storageClass: local-storage storageRequest: 10Gi designateCentral: replicas: 1 designateMdns: networkAttachments: - designate replicas: 3 designateProducer: networkAttachments: - designate replicas: 2 designateUnbound: networkAttachments: - designate replicas: 1 designateWorker: networkAttachments: - designate replicas: 3 messagingBus: cluster: rabbitmq user: designate vhost: designate nsRecords: - hostname: ns1.example.org. priority: 1 - hostname: ns2.example.org. priority: 2 preserveJobs: false dns: template: options: - key: server values: - 192.168.122.1 override: service: metadata: annotations: metallb.universe.tf/address-pool: ctlplane metallb.universe.tf/allow-shared-ip: ctlplane metallb.universe.tf/loadBalancerIPs: 192.168.122.80 spec: type: LoadBalancer replicas: 2 galera: enabled: true templates: openstack: replicas: 3 secret: osp-secret storageRequest: 5Gi openstack-cell1: replicas: 3 secret: osp-secret storageRequest: 5Gi glance: apiOverrides: default: route: {} template: customServiceConfig: | [DEFAULT] enabled_backends = default_backend:swift [glance_store] default_backend = default_backend [default_backend] swift_store_create_container_on_put = True swift_store_auth_version = 3 swift_store_auth_address = {{ .KeystoneInternalURL }} swift_store_endpoint_type = internalURL swift_store_user = service:glance swift_store_key = {{ .ServicePassword }} databaseInstance: openstack glanceAPIs: default: apiTimeout: 600 networkAttachments: - storage override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 preserveJobs: false storage: storageClass: local-storage storageRequest: 10Gi uniquePodNames: true heat: apiOverride: route: {} cnfAPIOverride: route: {} enabled: true template: databaseInstance: openstack heatAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 1 heatEngine: replicas: 1 messagingBus: cluster: rabbitmq user: heat vhost: heat preserveJobs: false secret: osp-secret horizon: apiOverride: route: {} enabled: true template: preserveJobs: false replicas: 1 secret: osp-secret ironic: enabled: true template: databaseInstance: openstack ironicAPI: replicas: 1 ironicConductors: - replicas: 1 storageRequest: 10Gi ironicInspector: preserveJobs: false replicas: 1 ironicNeutronAgent: replicas: 1 messagingBus: cluster: rabbitmq user: ironic vhost: ironic preserveJobs: false secret: osp-secret keystone: apiOverride: route: {} template: databaseInstance: openstack override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer preserveJobs: false replicas: 3 secret: osp-secret manila: apiOverride: route: haproxy.router.openshift.io/timeout: 60s enabled: true template: databaseInstance: openstack manilaAPI: networkAttachments: - internalapi override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 1 manilaScheduler: replicas: 1 manilaShares: share1: networkAttachments: - storage replicas: 0 messagingBus: cluster: rabbitmq user: manila vhost: manila preserveJobs: false memcached: templates: memcached: replicas: 3 messagingBus: cluster: rabbitmq neutron: apiOverride: route: {} template: databaseInstance: openstack messagingBus: cluster: rabbitmq user: neutron vhost: neutron networkAttachments: - internalapi override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer preserveJobs: false replicas: 3 secret: osp-secret notificationsBus: cluster: rabbitmq-notifications nova: apiOverride: route: {} template: apiServiceTemplate: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 apiTimeout: 600 cellTemplates: cell0: cellDatabaseAccount: nova-cell0 cellDatabaseInstance: openstack conductorServiceTemplate: replicas: 1 hasAPIAccess: true messagingBus: cluster: rabbitmq user: nova-cell0 vhost: nova-cell0 cell1: cellDatabaseAccount: nova-cell1 cellDatabaseInstance: openstack-cell1 conductorServiceTemplate: replicas: 1 hasAPIAccess: true messagingBus: cluster: rabbitmq user: nova-cell1 vhost: nova-cell1 noVNCProxyServiceTemplate: enabled: true networkAttachments: - ctlplane messagingBus: cluster: rabbitmq user: nova vhost: nova metadataServiceTemplate: override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 preserveJobs: false schedulerServiceTemplate: replicas: 3 secret: osp-secret octavia: enabled: true template: amphoraImageContainerImage: quay.io/gthiemonge/octavia-amphora-image apacheContainerImage: registry.redhat.io/ubi9/httpd-24:latest databaseInstance: openstack messagingBus: cluster: rabbitmq user: octavia vhost: octavia octaviaAPI: networkAttachments: - internalapi preserveJobs: false replicas: 1 octaviaHealthManager: networkAttachments: - octavia octaviaHousekeeping: networkAttachments: - octavia octaviaWorker: networkAttachments: - octavia preserveJobs: false secret: osp-secret ovn: template: ovnController: networkAttachment: tenant nicMappings: datacentre: ospbr octavia: octbr ovnDBCluster: ovndbcluster-nb: dbType: NB networkAttachment: internalapi replicas: 3 storageRequest: 10Gi ovndbcluster-sb: dbType: SB networkAttachment: internalapi replicas: 3 storageRequest: 10Gi ovnNorthd: logLevel: info nThreads: 1 replicas: 1 resources: {} tls: {} placement: apiOverride: route: {} template: databaseInstance: openstack override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer preserveJobs: false replicas: 3 secret: osp-secret rabbitmq: templates: rabbitmq: override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.85 spec: type: LoadBalancer replicas: 3 resources: limits: cpu: "2" memory: 4Gi requests: cpu: "1" memory: 4Gi rabbitmq-notifications: override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.88 spec: type: LoadBalancer replicas: 3 resources: limits: cpu: "2" memory: 4Gi requests: cpu: "1" memory: 4Gi redis: enabled: true templates: designate-redis: replicas: 1 secret: osp-secret storageClass: local-storage swift: enabled: true proxyOverride: route: {} template: swiftProxy: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 1 swiftRing: ringReplicas: 1 swiftStorage: replicas: 1 telemetry: enabled: true template: autoscaling: aodh: databaseInstance: openstack memcachedInstance: memcached passwordSelectors: null preserveJobs: false secret: osp-secret enabled: false heatInstance: heat ceilometer: enabled: true secret: osp-secret cloudkitty: messagingBus: cluster: rabbitmq user: telemetry vhost: telemetry logging: enabled: false port: 10514 metricStorage: enabled: true monitoringStack: alertingEnabled: true scrapeInterval: 30s storage: persistent: pvcStorageClass: local-storage pvcStorageRequest: 10Gi retention: 24h strategy: persistent tls: caBundleSecretName: "" watcher: enabled: true template: messagingBus: cluster: rabbitmq user: watcher vhost: watcher --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: ctlplane osp/net-attach-def-type: standard name: ctlplane namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "ctlplane", "type": "macvlan", "master": "ospbr", "ipam": { "type": "whereabouts", "range": "192.168.122.0/24", "range_start": "192.168.122.30", "range_end": "192.168.122.70" } } --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: datacentre osp/net-attach-def-type: standard name: datacentre namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "datacentre", "type": "bridge", "bridge": "ospbr", "ipam": {} } --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: designate osp/net-attach-def-type: standard name: designate namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "designate", "type": "macvlan", "master": "designate", "ipam": { "type": "whereabouts", "range": "172.26.0.0/24", "range_start": "172.26.0.30", "range_end": "172.26.0.70" } } --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: designateext osp/net-attach-def-type: standard name: designateext namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "designateext", "type": "macvlan", "master": "designateext", "ipam": { "type": "whereabouts", "range": "172.34.0.0/24", "range_start": "172.34.0.30", "range_end": "172.34.0.70" } } --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: internalapi osp/net-attach-def-type: standard name: internalapi namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "internalapi", "type": "macvlan", "master": "internalapi", "ipam": { "type": "whereabouts", "range": "172.17.0.0/24", "range_start": "172.17.0.30", "range_end": "172.17.0.70" } } --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: octavia osp/net-attach-def-type: standard name: octavia namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "octavia", "type": "macvlan", "master": "octavia", "ipam": { "type": "whereabouts", "range": "172.23.0.0/24", "range_start": "172.23.0.30", "range_end": "172.23.0.70" } } --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: storage osp/net-attach-def-type: standard name: storage namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "storage", "type": "macvlan", "master": "storage", "ipam": { "type": "whereabouts", "range": "172.18.0.0/24", "range_start": "172.18.0.30", "range_end": "172.18.0.70" } } --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: tenant osp/net-attach-def-type: standard name: tenant namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "tenant", "type": "macvlan", "master": "tenant", "ipam": { "type": "whereabouts", "range": "172.19.0.0/24", "range_start": "172.19.0.30", "range_end": "172.19.0.70" } } --- apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: labels: osp/lb-addresses-type: standard name: ctlplane namespace: metallb-system spec: addresses: - 192.168.122.80-192.168.122.90 --- apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: labels: osp/lb-addresses-type: standard name: designate namespace: metallb-system spec: addresses: - 172.26.0.80-172.26.0.90 --- apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: labels: osp/lb-addresses-type: standard name: designateext namespace: metallb-system spec: addresses: - 172.34.0.80-172.34.0.90 --- apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: labels: osp/lb-addresses-type: standard name: internalapi namespace: metallb-system spec: addresses: - 172.17.0.80-172.17.0.90 --- apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: labels: osp/lb-addresses-type: standard name: storage namespace: metallb-system spec: addresses: - 172.18.0.80-172.18.0.90 --- apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: labels: osp/lb-addresses-type: standard name: tenant namespace: metallb-system spec: addresses: - 172.19.0.80-172.19.0.90 --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: ctlplane namespace: metallb-system spec: interfaces: - ospbr ipAddressPools: - ctlplane --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: designate namespace: metallb-system spec: interfaces: - designate ipAddressPools: - designate --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: designateext namespace: metallb-system spec: interfaces: - designateext ipAddressPools: - designateext --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: internalapi namespace: metallb-system spec: interfaces: - internalapi ipAddressPools: - internalapi --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: storage namespace: metallb-system spec: interfaces: - storage ipAddressPools: - storage --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: tenant namespace: metallb-system spec: interfaces: - tenant ipAddressPools: - tenant --- apiVersion: network.openstack.org/v1beta1 kind: NetConfig metadata: name: netconfig namespace: openstack spec: networks: - dnsDomain: ctlplane.example.com mtu: 1500 name: ctlplane subnets: - allocationRanges: - end: 192.168.122.120 start: 192.168.122.100 cidr: 192.168.122.0/24 gateway: 192.168.122.1 name: subnet1 - dnsDomain: internalapi.example.com mtu: 1500 name: internalapi subnets: - allocationRanges: - end: 172.17.0.250 start: 172.17.0.100 cidr: 172.17.0.0/24 name: subnet1 vlan: 20 - dnsDomain: external.example.com mtu: 1500 name: external subnets: - allocationRanges: - end: 10.46.22.143 start: 10.46.22.131 cidr: 10.46.22.128/26 gateway: 10.46.22.189 name: subnet1 - dnsDomain: storage.example.com mtu: 1500 name: storage subnets: - allocationRanges: - end: 172.18.0.250 start: 172.18.0.100 cidr: 172.18.0.0/24 name: subnet1 vlan: 21 - dnsDomain: tenant.example.com mtu: 1500 name: tenant subnets: - allocationRanges: - end: 172.19.0.250 start: 172.19.0.100 cidr: 172.19.0.0/24 name: subnet1 vlan: 22 - dnsDomain: storagemgmt.example.com mtu: 1500 name: storagemgmt subnets: - allocationRanges: - end: 172.20.0.250 start: 172.20.0.100 cidr: 172.20.0.0/24 name: subnet1 vlan: 123 - dnsDomain: designate.example.com mtu: 1500 name: designate subnets: - allocationRanges: - end: 172.26.0.200 start: 172.26.0.100 cidr: 172.26.0.0/24 name: subnet1 vlan: 24 - dnsDomain: designateext.example.com mtu: 1500 name: designateext subnets: - allocationRanges: - end: 172.34.0.200 start: 172.34.0.100 cidr: 172.34.0.0/24 name: subnet1 vlan: 34