apiVersion: v1 kind: Secret metadata: labels: component: cinder-volume service: cinder name: cinder-volume-secrets-az0 namespace: openstack stringData: cinder-volume-secrets-az0: | [ontap-az0] netapp_login = _replaced_ netapp_password = _replaced_ netapp_vserver = _replaced_ netapp_pool_name_search_pattern = _replaced_ type: Opaque --- apiVersion: v1 kind: Secret metadata: labels: component: cinder-volume service: cinder name: cinder-volume-secrets-az1 namespace: openstack stringData: cinder-volume-secrets-az1: | [ontap-az1] netapp_login = _replaced_ netapp_password = _replaced_ netapp_vserver = _replaced_ netapp_pool_name_search_pattern = _replaced_ type: Opaque --- apiVersion: v1 kind: Secret metadata: labels: component: cinder-volume service: cinder name: cinder-volume-secrets-az2 namespace: openstack stringData: cinder-volume-secrets-az2: | [ontap-az2] netapp_login = _replaced_ netapp_password = _replaced_ netapp_vserver = _replaced_ netapp_pool_name_search_pattern = _replaced_ type: Opaque --- apiVersion: v1 data: server-ca-passphrase: MTIzNDU2Nzg= kind: Secret metadata: name: octavia-ca-passphrase namespace: openstack type: Opaque --- apiVersion: v1 data: AdminPassword: MTIzNDU2Nzg= AodhDatabasePassword: MTIzNDU2Nzg= AodhPassword: MTIzNDU2Nzg= BarbicanDatabasePassword: MTIzNDU2Nzg= BarbicanPassword: MTIzNDU2Nzg= BarbicanSimpleCryptoKEK: c0VGbWRGakRVcVJNMlZlbVlzbFY1eUdOV2pva2lvSlhzZzhOcmxjM2RyVT0= CeilometerPassword: MTIzNDU2Nzg= CinderDatabasePassword: MTIzNDU2Nzg= CinderPassword: MTIzNDU2Nzg= CloudKittyPassword: MTIzNDU2Nzg= DatabasePassword: MTIzNDU2Nzg= DbRootPassword: MTIzNDU2Nzg= DesignateDatabasePassword: MTIzNDU2Nzg= DesignatePassword: MTIzNDU2Nzg= GlanceDatabasePassword: MTIzNDU2Nzg= GlancePassword: MTIzNDU2Nzg= HeatAuthEncryptionKey: NzY3YzNlZDA1NmNiYWEzYjlkZmVkYjhjNmY4MjViZjA= HeatDatabasePassword: MTIzNDU2Nzg= HeatPassword: MTIzNDU2Nzg= IronicDatabasePassword: MTIzNDU2Nzg= IronicInspectorDatabasePassword: MTIzNDU2Nzg= IronicInspectorPassword: MTIzNDU2Nzg= IronicPassword: MTIzNDU2Nzg= KeystoneDatabasePassword: MTIzNDU2Nzg= ManilaDatabasePassword: MTIzNDU2Nzg= ManilaPassword: MTIzNDU2Nzg= MetadataSecret: MTIzNDU2Nzg0Mg== NeutronDatabasePassword: MTIzNDU2Nzg= NeutronPassword: MTIzNDU2Nzg= NovaAPIDatabasePassword: MTIzNDU2Nzg= NovaCell0DatabasePassword: MTIzNDU2Nzg= NovaCell1DatabasePassword: MTIzNDU2Nzg= NovaPassword: MTIzNDU2Nzg= OctaviaDatabasePassword: MTIzNDU2Nzg= OctaviaHeartbeatKey: MTIzNDU2Nzg= OctaviaPassword: MTIzNDU2Nzg= PlacementDatabasePassword: MTIzNDU2Nzg= PlacementPassword: MTIzNDU2Nzg= SwiftPassword: MTIzNDU2Nzg= WatcherPassword: MTIzNDU2Nzg= kind: Secret metadata: name: osp-secret namespace: openstack type: Opaque --- apiVersion: v1 kind: Secret metadata: labels: component: manila-share service: manila name: osp-secret-manila-az0 namespace: openstack stringData: netapp-secrets.conf: | [nfs_az0] netapp_server_hostname = _replaced_ netapp_login = _replaced_ netapp_password = _replaced_ netapp_vserver = _replaced_ type: Opaque --- apiVersion: v1 kind: Secret metadata: labels: component: manila-share service: manila name: osp-secret-manila-az1 namespace: openstack stringData: netapp-secrets.conf: | [nfs_az1] netapp_server_hostname = _replaced_ netapp_login = _replaced_ netapp_password = _replaced_ netapp_vserver = _replaced_ type: Opaque --- apiVersion: v1 kind: Secret metadata: labels: component: manila-share service: manila name: osp-secret-manila-az2 namespace: openstack stringData: netapp-secrets.conf: | [nfs_az2] netapp_server_hostname = _replaced_ netapp_login = _replaced_ netapp_password = _replaced_ netapp_vserver = _replaced_ type: Opaque --- apiVersion: core.openstack.org/v1beta1 kind: OpenStackControlPlane metadata: name: controlplane namespace: openstack spec: barbican: apiOverride: route: {} template: barbicanAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 barbicanKeystoneListener: replicas: 1 barbicanWorker: replicas: 3 databaseInstance: openstack preserveJobs: false secret: osp-secret cinder: apiOverride: route: {} template: apiTimeout: 600 cinderAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 cinderBackup: networkAttachments: - storage replicas: 0 cinderBackups: cinder-backup-az0: customServiceConfig: | [DEFAULT] backup_share = _replaced_ backup_driver = cinder.backup.drivers.nfs.NFSBackupDriver backup_mount_point_base = /var/lib/cinder/backup storage_availability_zone = az0 networkAttachments: - storage replicas: 2 topologyRef: name: azone-node-affinity cinder-backup-az1: customServiceConfig: | [DEFAULT] backup_share = _replaced_ backup_driver = cinder.backup.drivers.nfs.NFSBackupDriver backup_mount_point_base = /var/lib/cinder/backup storage_availability_zone = az1 networkAttachments: - storage replicas: 2 topologyRef: name: bzone-node-affinity cinder-backup-az2: customServiceConfig: | [DEFAULT] backup_share = _replaced_ backup_driver = cinder.backup.drivers.nfs.NFSBackupDriver backup_mount_point_base = /var/lib/cinder/backup storage_availability_zone = az2 networkAttachments: - storage replicas: 2 topologyRef: name: czone-node-affinity cinderScheduler: replicas: 1 cinderVolumes: ontap-iscsi-az0: customServiceConfig: | [DEFAULT] glance_api_servers = https://glance-az0-internal.openstack.svc:9292 [ontap-az0] backend_availability_zone = az0 volume_backend_name=ontap-az0 volume_driver=cinder.volume.drivers.netapp.common.NetAppDriver netapp_server_hostname=_replaced_ netapp_server_port=80 netapp_storage_protocol=iscsi netapp_storage_family=ontap_cluster consistencygroup_support=True customServiceConfigSecrets: - cinder-volume-secrets-az0 topologyRef: name: azone-node-affinity ontap-iscsi-az1: customServiceConfig: | [DEFAULT] glance_api_servers = https://glance-az1-internal.openstack.svc:9292 [ontap-az1] backend_availability_zone = az1 volume_backend_name=ontap-az1 volume_driver=cinder.volume.drivers.netapp.common.NetAppDriver netapp_server_hostname=_replaced_ netapp_server_port=80 netapp_storage_protocol=iscsi netapp_storage_family=ontap_cluster consistencygroup_support=True customServiceConfigSecrets: - cinder-volume-secrets-az1 topologyRef: name: bzone-node-affinity ontap-iscsi-az2: customServiceConfig: | [DEFAULT] glance_api_servers = https://glance-az2-internal.openstack.svc:9292 [ontap-az2] backend_availability_zone = az2 volume_backend_name=ontap-az2 volume_driver=cinder.volume.drivers.netapp.common.NetAppDriver netapp_server_hostname=_replaced_ netapp_server_port=80 netapp_storage_protocol=iscsi netapp_storage_family=ontap_cluster consistencygroup_support=True customServiceConfigSecrets: - cinder-volume-secrets-az2 topologyRef: name: czone-node-affinity customServiceConfig: | [DEFAULT] storage_availability_zone = az0 databaseInstance: openstack preserveJobs: false secret: osp-secret uniquePodNames: true designate: enabled: false template: customServiceConfig: | [DEFAULT] debug = true designateAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 replicas: 3 designateBackendbind9: networkAttachments: - designate replicas: 3 storageClass: lvms-local-storage storageRequest: 10Gi designateCentral: replicas: 1 designateMdns: networkAttachments: - designate replicas: 3 designateProducer: networkAttachments: - designate replicas: 2 designateUnbound: networkAttachments: - designate replicas: 1 designateWorker: networkAttachments: - designate replicas: 3 nsRecords: - hostname: ns1.example.org. priority: 1 - hostname: ns2.example.org. priority: 2 preserveJobs: false dns: template: options: - key: server values: - 192.168.125.1 override: service: metadata: annotations: metallb.universe.tf/address-pool: ctlplane metallb.universe.tf/allow-shared-ip: ctlplane metallb.universe.tf/loadBalancerIPs: 192.168.126.80 spec: type: LoadBalancer replicas: 2 galera: enabled: true templates: openstack: replicas: 3 secret: osp-secret storageRequest: 5Gi openstack-cell1: replicas: 3 secret: osp-secret storageRequest: 5Gi glance: apiOverrides: {} template: apiTimeout: 600 customServiceConfig: null databaseInstance: openstack glanceAPIs: az0: customServiceConfig: | [DEFAULT] enabled_backends = az0:cinder enabled_import_methods = [web-download,copy-image,glance-direct] debug = true [glance_store] default_backend = az0 [az0] store_description = AZ0 iscsi cinder backend cinder_store_auth_address = {{ .KeystoneInternalURL }} cinder_store_user_name = {{ .ServiceUser }} cinder_store_password = {{ .ServicePassword }} cinder_store_project_name = service cinder_catalog_info = volumev3::internalURL cinder_use_multipath = true cinder_do_extend_attached = true cinder_volume_type = glance-iscsi-az0 networkAttachments: - storage override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.81 spec: type: LoadBalancer replicas: 1 topologyRef: name: azone-node-affinity type: edge az1: customServiceConfig: | [DEFAULT] enabled_backends = az0:cinder,az1:cinder enabled_import_methods = [web-download,copy-image,glance-direct] [glance_store] default_backend = az1 [az1] store_description = AZ1 iscsi cinder backend cinder_store_auth_address = {{ .KeystoneInternalURL }} cinder_store_user_name = {{ .ServiceUser }} cinder_store_password = {{ .ServicePassword }} cinder_store_project_name = service cinder_catalog_info = volumev3::internalURL cinder_use_multipath = true cinder_do_extend_attached = true cinder_volume_type = glance-iscsi-az1 [az0] store_description = AZ0 iscsi cinder backend cinder_store_auth_address = {{ .KeystoneInternalURL }} cinder_store_user_name = {{ .ServiceUser }} cinder_store_password = {{ .ServicePassword }} cinder_store_project_name = service cinder_catalog_info = volumev3::internalURL cinder_use_multipath = true cinder_do_extend_attached = true cinder_volume_type = glance-iscsi-az0 networkAttachments: - storage override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.82 spec: type: LoadBalancer replicas: 1 topologyRef: name: bzone-node-affinity type: edge az2: customServiceConfig: | [DEFAULT] enabled_backends = az0:cinder,az2:cinder enabled_import_methods = [web-download,copy-image,glance-direct] [glance_store] default_backend = az2 [az2] store_description = AZ2 iscsi cinder backend cinder_store_auth_address = {{ .KeystoneInternalURL }} cinder_store_user_name = {{ .ServiceUser }} cinder_store_password = {{ .ServicePassword }} cinder_store_project_name = service cinder_catalog_info = volumev3::internalURL cinder_use_multipath = true cinder_do_extend_attached = true cinder_volume_type = glance-iscsi-az2 [az0] store_description = AZ0 iscsi cinder backend cinder_store_auth_address = {{ .KeystoneInternalURL }} cinder_store_user_name = {{ .ServiceUser }} cinder_store_password = {{ .ServicePassword }} cinder_store_project_name = service cinder_catalog_info = volumev3::internalURL cinder_use_multipath = true cinder_do_extend_attached = true cinder_volume_type = glance-iscsi-az0 networkAttachments: - storage override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.83 spec: type: LoadBalancer replicas: 1 topologyRef: name: czone-node-affinity type: edge default: customServiceConfig: | [DEFAULT] enabled_backends = az0:cinder,az1:cinder,az2:cinder enabled_import_methods = [web-download,copy-image,glance-direct] [glance_store] default_backend = az0 [az0] store_description = AZ0 iscsi cinder backend cinder_store_auth_address = {{ .KeystoneInternalURL }} cinder_store_user_name = {{ .ServiceUser }} cinder_store_password = {{ .ServicePassword }} cinder_store_project_name = service cinder_catalog_info = volumev3::internalURL cinder_use_multipath = true cinder_do_extend_attached = true cinder_volume_type = glance-iscsi-az0 [az1] store_description = AZ1 iscsi cinder backend cinder_store_auth_address = {{ .KeystoneInternalURL }} cinder_store_user_name = {{ .ServiceUser }} cinder_store_password = {{ .ServicePassword }} cinder_store_project_name = service cinder_catalog_info = volumev3::internalURL cinder_use_multipath = true cinder_do_extend_attached = true cinder_volume_type = glance-iscsi-az1 [az2] store_description = AZ2 iscsi cinder backend cinder_store_auth_address = {{ .KeystoneInternalURL }} cinder_store_user_name = {{ .ServiceUser }} cinder_store_password = {{ .ServicePassword }} cinder_store_project_name = service cinder_catalog_info = volumev3::internalURL cinder_use_multipath = true cinder_do_extend_attached = true cinder_volume_type = glance-iscsi-az2 keystoneEndpoint: default preserveJobs: false storage: storageClass: lvms-local-storage storageRequest: 10Gi uniquePodNames: true heat: apiOverride: route: {} cnfAPIOverride: route: {} enabled: true template: databaseInstance: openstack heatAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 1 heatEngine: replicas: 1 preserveJobs: false secret: osp-secret horizon: apiOverride: route: {} enabled: true template: preserveJobs: false replicas: 1 secret: osp-secret ironic: enabled: false template: databaseInstance: openstack ironicAPI: replicas: 1 ironicConductors: - replicas: 1 storageRequest: 10Gi ironicInspector: preserveJobs: false replicas: 1 ironicNeutronAgent: replicas: 1 preserveJobs: false secret: osp-secret keystone: apiOverride: route: {} template: databaseInstance: openstack override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer preserveJobs: false replicas: 3 secret: osp-secret manila: apiOverride: route: haproxy.router.openshift.io/timeout: 60s enabled: true template: databaseInstance: openstack manilaAPI: customServiceConfig: | [DEFAULT] storage_availability_zone = az0,az1,az2 default_share_type = nfs-multiaz enabled_share_protocols=nfs debug = true networkAttachments: - internalapi override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 manilaScheduler: replicas: 1 manilaShares: az0: customServiceConfig: | [DEFAULT] enabled_share_backends = nfs_az0 enabled_share_protocols = nfs [nfs_az0] driver_handles_share_servers = True share_backend_name = nfs_az backend_availability_zone = az0 share_driver=manila.share.drivers.netapp.common.NetAppDriver netapp_storage_family=ontap_cluster netapp_transport_type=http customServiceConfigSecrets: - osp-secret-manila-az0 networkAttachments: - storage replicas: 1 topologyRef: name: azone-node-affinity az1: customServiceConfig: | [DEFAULT] enabled_share_backends = nfs_az1 enabled_share_protocols = nfs [nfs_az1] driver_handles_share_servers = True share_backend_name = nfs_az backend_availability_zone = az1 share_driver=manila.share.drivers.netapp.common.NetAppDriver netapp_storage_family=ontap_cluster netapp_transport_type=http customServiceConfigSecrets: - osp-secret-manila-az1 networkAttachments: - storage replicas: 1 topologyRef: name: bzone-node-affinity az2: customServiceConfig: | [DEFAULT] enabled_share_backends = nfs_az2 enabled_share_protocols = nfs [nfs_az2] driver_handles_share_servers = True share_backend_name = nfs_az backend_availability_zone = az2 share_driver=manila.share.drivers.netapp.common.NetAppDriver netapp_storage_family=ontap_cluster netapp_transport_type=http customServiceConfigSecrets: - osp-secret-manila-az2 networkAttachments: - storage replicas: 1 topologyRef: name: czone-node-affinity preserveJobs: false memcached: templates: memcached: replicas: 1 memcached-azone: replicas: 1 topologyRef: name: azone-node-affinity memcached-bzone: replicas: 1 topologyRef: name: bzone-node-affinity memcached-czone: replicas: 1 topologyRef: name: czone-node-affinity neutron: apiOverride: route: {} template: customServiceConfig: | [DEFAULT] vlan_transparent = true debug = true [ovs] igmp_snooping_enable = true databaseInstance: openstack networkAttachments: - internalapi override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer preserveJobs: false replicas: 3 secret: osp-secret notificationsBus: cluster: rabbitmq nova: apiOverride: route: {} template: apiServiceTemplate: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 apiTimeout: 600 cellTemplates: cell0: cellDatabaseAccount: nova-cell0 hasAPIAccess: true cell1: cellDatabaseAccount: nova-cell1 cellDatabaseInstance: openstack-cell1 conductorServiceTemplate: replicas: 1 hasAPIAccess: true messagingBus: cluster: rabbitmq-cell1 metadataServiceTemplate: enabled: true preserveJobs: false schedulerServiceTemplate: replicas: 3 secret: osp-secret octavia: enabled: false template: amphoraImageContainerImage: quay.io/gthiemonge/octavia-amphora-image apacheContainerImage: registry.redhat.io/ubi9/httpd-24:latest databaseInstance: openstack octaviaAPI: customServiceConfig: | [controller_worker] loadbalancer_topology=ACTIVE_STANDBY networkAttachments: - internalapi preserveJobs: false replicas: 1 octaviaHealthManager: customServiceConfig: | [controller_worker] loadbalancer_topology=ACTIVE_STANDBY networkAttachments: - octavia octaviaHousekeeping: customServiceConfig: | [controller_worker] loadbalancer_topology=ACTIVE_STANDBY networkAttachments: - octavia octaviaWorker: customServiceConfig: | [controller_worker] loadbalancer_topology=ACTIVE_STANDBY networkAttachments: - octavia preserveJobs: false secret: osp-secret ovn: template: ovnDBCluster: ovndbcluster-nb: dbType: NB networkAttachment: internalapi replicas: 3 storageRequest: 10Gi ovndbcluster-sb: dbType: SB networkAttachment: internalapi replicas: 3 storageRequest: 10Gi ovnNorthd: networkAttachment: internalapi placement: apiOverride: route: {} template: databaseInstance: openstack override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer preserveJobs: false replicas: 3 secret: osp-secret rabbitmq: templates: rabbitmq: override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.85 spec: type: LoadBalancer replicas: 3 rabbitmq-cell1: override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.86 spec: type: LoadBalancer replicas: 3 secret: osp-secret storageClass: lvms-local-storage swift: enabled: false proxyOverride: route: {} template: swiftProxy: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 1 swiftRing: ringReplicas: 1 swiftStorage: replicas: 1 telemetry: enabled: false template: autoscaling: aodh: databaseInstance: openstack memcachedInstance: memcached passwordSelectors: null preserveJobs: false secret: osp-secret enabled: false heatInstance: heat ceilometer: enabled: false secret: osp-secret logging: enabled: false port: 10514 metricStorage: enabled: false monitoringStack: alertingEnabled: true scrapeInterval: 30s storage: persistent: pvcStorageClass: lvms-local-storage pvcStorageRequest: 10Gi retention: 24h strategy: persistent tls: caBundleSecretName: "" topologyRef: name: default-spread-pods