Container 설치 가이드

1. 문서 개요

2. Container 서비스팩 설치

1. 문서 개요

1.1. 목적

본 문서(Container 서비스팩 설치 가이드)는 개방형 PaaS 플랫폼 고도화 및 개발자 지원 환경 기반의 Open PaaS에서 제공되는 서비스팩인 Container 서비스팩을 Bosh를 이용하여 설치 및 서비스 등록하는 방법을 기술하였다.

PaaS-TA 3.5 버전부터는 Bosh 2.0 기반으로 배포(deploy)를 진행한다. 기존 Bosh 1.0 기반으로 설치를 원할 경우에는 PaaS-TA 3.1 이하 버전의 문서를 참고한다.

1.2. 범위

설치 범위는 Container 서비스팩을 검증하기 위한 기본 설치를 기준으로 작성하였다.

1.3. 시스템 구성도

본 문서의 설치된 시스템 구성도이다. Container 서비스 Server, Container 서비스 브로커, Private Image Registry 로 최소사항을 구성하였다.

VM명

인스턴스수

vCPU 수

메모리(GB)

디스크(GB)

master

1

1

4G

Root 4G + 영구디스크 50G

worker

N

8

16G

Root 4G + 영구디스크 100G

container-service-api

N

1

1G

Root 4G

container-service-common-api

N

1

1G

Root 4G

container-service-broker

N

1

1G

Root 4G

container-service-dashboard

1

1

1G

Root 4G

private-image-repository

1

1

1G

Root 4G + 영구디스크 10G

DBMS (MariaDB)

1

1

2G

Root 4G + 영구디스크 20G

HAProxy

1

1

2G

Root 4G

1.4. 참고 자료

http://bosh.io/docs http://docs.cloudfoundry.org

2. Container 서비스팩 설치

2.1. 설치 전 준비사항

본 설치 가이드는 Linux 환경에서 설치하는 것을 기준으로 하였다. 서비스팩 설치를 위해서는 BOSH 2.0과 PaaS-TA 5.0, PaaS-TA 포털이 설치되어 있어야 한다.

  • Container 서비스팩 설치 전 Bosh 2.0 배포 주의사항

IaaS 환경이 OPENSTACK 인 경우 bosh deploy 시 /home/{user_name}/workspace/paasta-5.0/deployment/bosh-deployment/openstack/disable-readable-vm-names.yml 파일을 옵션으로 추가한 후 배포한다.

2.1.1. Container 서비스 Deployment 및 Release 파일 다운로드

Container 서비스 설치에 필요한 Deployment 및 릴리즈 파일을 다운로드 받아 서비스 설치 작업 경로로 위치시킨다.

  • 설치 파일 다운로드 위치 : https://paas-ta.kr/download/package

  • Release, deployment 파일은 /home/{user_name}/workspace/paasta-5.0 이하에 다운로드 받아야 한다.

  • 설치 작업 경로 생성 및 파일 다운로드

Deployment 파일

paasta-container-service-2.0

Release 파일

bosh-dns-release-1.12.0.tgz bpm-release-1.0.4.tgz cfcr-etcd-release-1.11.1.tgz docker-35.2.1.tgz kubo-release-0.34.1.tgz paasta-container-service-projects-release-2.0.tgz

- Deployment 다운로드 파일 위치 경로 생성
$ mkdir -p ~/workspace/paasta-5.0/deployment/service-deployment/paasta-container-service-2.0
- 릴리즈 다운로드 파일 위치 경로 생성
$ mkdir -p ~/workspace/paasta-5.0/release/service
  • Deployment 파일을 다운로드 받아 ~/workspace/paasta-5.0/deployment/service-deployment/paasta-container-service-2.0 이하 디렉토리에 이동한다.

  • Release 파일을 다운로드 받아 ~/workspace/paasta-5.0/release/service 이하 디렉토리에 이동한다.

2.2. Stemcell 업로드

  • Deploy시 사용할 Stemcell을 확인한다.

Stemcell 목록이 존재 하지 않을 경우, BOSH 설치 가이드 문서를 참고하여 Stemcell을 업로드를 해야 한다. (Stemcell 315.64 버전 사용, PaaSTA-Stemcell.zip)

**사용 예시**
$ bosh -e micro-bosh stemcells
Using environment '10.0.1.6' as client 'admin'
Name Version OS CPI CID
bosh-openstack-kvm-ubuntu-xenial-go_agent 315.64* ubuntu-xenial - a2d704b0-2768-4e55-84a6-4f3b1311e6f9
(*) Currently deployed
1 stemcells

2.3. Container 서비스 릴리즈 Deployment 파일 수정 및 배포

BOSH Deployment manifest는 Components 요소 및 배포의 속성을 정의한 YAML 파일이다.

Deployment 파일에서 사용하는 network, vm_type 등은 Cloud config를 활용하고 해당 가이드는 BOSH 2.0 가이드를 참고한다.

  • Cloud config 내용 조회

Using environment '10.0.1.6' as client 'admin'
azs:
- cloud_properties:
availability_zone: nova
name: z1
- cloud_properties:
availability_zone: nova
name: z2
- cloud_properties:
availability_zone: nova
name: z3
- cloud_properties:
availability_zone: nova
name: z4
- cloud_properties:
availability_zone: nova
name: z5
- cloud_properties:
availability_zone: nova
name: z6
- cloud_properties:
availability_zone: nova
name: z7
compilation:
az: z3
network: default
reuse_compilation_vms: true
vm_type: large
workers: 5
disk_types:
- disk_size: 1024
name: default
- disk_size: 1024
name: 1GB
- disk_size: 2048
name: 2GB
- disk_size: 4096
name: 4GB
- disk_size: 5120
name: 5GB
- disk_size: 8192
name: 8GB
- disk_size: 10240
name: 10GB
- disk_size: 20480
name: 20GB
- disk_size: 30720
name: 30GB
- disk_size: 51200
name: 50GB
- disk_size: 102400
name: 100GB
- disk_size: 1048576
name: 1TBB
- cloud_properties:
type: SSD1
disk_size: 2000
name: 2GB_GP2
- cloud_properties:
type: SSD1
disk_size: 5000
name: 5GB_GP2
- cloud_properties:
type: SSD1
disk_size: 10000
name: 10GB_GP2
- cloud_properties:
type: SSD1
disk_size: 50000
name: 50GB_GP2
networks:
- name: default
subnets:
- az: z1
cloud_properties:
name: random
net_id: 9950af59-daf2-43d6-967c-ad445bfe2cb2
security_groups:
- paasta-v50-security
dns:
- 8.8.8.8
gateway: 10.0.1.1
range: 10.0.1.0/24
reserved:
- 10.0.1.1 - 10.0.1.9
static:
- 10.0.1.10 - 10.0.1.120
- az: z2
cloud_properties:
name: random
net_id: 9950af59-daf2-43d6-967c-ad445bfe2cb2
security_groups:
- paasta-v50-security
dns:
- 8.8.8.8
gateway: 10.0.41.1
range: 10.0.41.0/24
reserved:
- 10.0.41.1 - 10.0.41.9
static:
- 10.0.41.10 - 10.0.41.120
- az: z3
cloud_properties:
name: random
net_id: 9950af59-daf2-43d6-967c-ad445bfe2cb2
security_groups:
- paasta-v50-security
dns:
- 8.8.8.8
gateway: 10.0.81.1
range: 10.0.81.0/24
reserved:
- 10.0.81.1 - 10.0.81.9
static:
- 10.0.81.10 - 10.0.81.120
- az: z4
cloud_properties:
name: random
net_id: 9950af59-daf2-43d6-967c-ad445bfe2cb2
security_groups:
- paasta-v50-security
dns:
- 8.8.8.8
gateway: 10.0.121.1
range: 10.0.121.0/24
reserved:
- 10.0.121.1 - 10.0.121.9
static:
- 10.0.121.10 - 10.0.121.120
- az: z5
cloud_properties:
name: random
net_id: 9950af59-daf2-43d6-967c-ad445bfe2cb2
security_groups:
- paasta-v50-security
dns:
- 8.8.8.8
gateway: 10.0.161.1
range: 10.0.161.0/24
reserved:
- 10.0.161.1 - 10.0.161.9
static:
- 10.0.161.10 - 10.0.161.120
- az: z6
cloud_properties:
name: random
net_id: 9950af59-daf2-43d6-967c-ad445bfe2cb2
security_groups:
- paasta-v50-security
dns:
- 8.8.8.8
gateway: 10.0.201.1
range: 10.0.201.0/24
reserved:
- 10.0.201.1 - 10.0.201.9
static:
- 10.0.201.10 - 10.0.201.120
- az: z7
cloud_properties:
name: random
net_id: 9950af59-daf2-43d6-967c-ad445bfe2cb2
security_groups:
- paasta-v50-security
dns:
- 8.8.8.8
gateway: 10.0.0.1
range: 10.0.0.0/24
reserved:
- 10.0.0.1 - 10.0.0.9
static:
- 10.0.0.10 - 10.0.0.120
- name: vip
type: vip
vm_extensions:
- cloud_properties:
ports:
- host: 3306
name: mysql-proxy-lb
- name: cf-router-network-properties
- name: cf-tcp-router-network-properties
- name: diego-ssh-proxy-network-properties
- name: cf-haproxy-network-properties
- cloud_properties:
ephemeral_disk:
size: 51200
type: gp2
name: small-50GB
- cloud_properties:
ephemeral_disk:
size: 102400
type: gp2
name: small-highmem-100GB
vm_types:
- cloud_properties:
instance_type: m1.tiny
name: minimal
- cloud_properties:
instance_type: m1.medium
name: default
- cloud_properties:
instance_type: m1.small
name: small
- cloud_properties:
instance_type: m1.medium
name: medium
- cloud_properties:
instance_type: m1.medium
name: medium-memory-8GB
- cloud_properties:
instance_type: m1.large
name: large
- cloud_properties:
instance_type: m1.xlarge
name: xlarge
- cloud_properties:
instance_type: m1.medium
name: small-50GB
- cloud_properties:
instance_type: m1.medium
name: small-50GB-ephemeral-disk
- cloud_properties:
instance_type: m1.large
name: small-100GB-ephemeral-disk
- cloud_properties:
instance_type: m1.large
name: small-highmem-100GB-ephemeral-disk
- cloud_properties:
instance_type: m1.large
name: small-highmem-16GB
- cloud_properties:
instance_type: m1.medium
name: service_medium
- cloud_properties:
instance_type: m1.medium
name: service_medium_2G
- cloud_properties:
instance_type: m1.tiny
name: portal_small
- cloud_properties:
instance_type: m1.small
name: portal_medium
- cloud_properties:
instance_type: m1.small
name: portal_large
Succeeded
  • Deployment 를 하기 전에 remove-all-addons.sh 을 환경에 맞게 수정한다.

    ```

    $ cd ~/workspace/paasta-5.0/deployment/service-deployment/paasta-container-service-2.0

    $ vi remove-all-addons.sh

!/bin/bash

director_name='micro-bosh'

bosh -e ${director_name} update-runtime-config manifests/ops-files/paasta-container-service/remove-all-addons.yml

- Deployment YAML에서 사용하는 변수들을 서버 환경에 맞게 수정한다.
>*<CREDHUB_ADMIN_CLIENT_SECRET> 에는 /home/{user_name}/workspace/paasta-5.0/deployment/bosh-deployment/{각 iaas}/creds.yml 의 'credhub_admin_client_secret' key 값의 value 를 입력한다.*
<br>
> vSphere용

$ cd ~/workspace/paasta-5.0/deployment/service-deployment/paasta-container-service-2.0 $ vi ./manifests/paasta-container-service-vars-vsphere.yml

INCEPTION OS USER NAME

inception_os_user_name: "inception"

REQUIRED FILE PATH VARIABLE

paasta_version: "5.0"

RELEASE

caas_projects_release_name: "paasta-container-service-projects-release" caas_projects_release_version: "2.0" cfcr_release_name: "kubo-release" cfcr_release_version: "0.34.1"

IAAS

vcenter_master_user: "" vcenter_master_password: "" vcenter_ip: "" vcenter_dc: "" vcenter_ds: "" vcenter_vms: ""

STEMCELL

stemcell_os: "ubuntu-xenial" stemcell_version: "315.64" stemcell_alias: "xenial"

VM_TYPE

vm_type_small: "small" vm_type_small_highmem_16GB: "small-highmem-16GB" vm_type_small_highmem_16GB_100GB: "small-highmem-16GB" vm_type_caas_small: "small" vm_type_caas_small_api: "small"

NETWORK

service_private_networks_name: "service_private" service_public_networks_name: "service_public"

IPS

caas_master_public_url: "" haproxy_public_url: ""

CREDHUB

credhub_server_url: "10.30.50.1:8844" credhub_admin_client_secret: ""

CF

cf_uaa_oauth_uri: "https://uaa..xip.io" cf_api_url: "https://api..xip.io" cf_uaa_oauth_client_id: "" # caasclient (2.5. Container 서비스 UAA Client Id 등록 부분의 client 계정 id 와 같아야 한다.) cf_uaa_oauth_client_secret: "" # clientsecret (2.5. Container 서비스 UAA Client Id 등록 부분의 client 계정 password 와 같아야 한다.)

HAPROXY

haproxy_http_port: 8080 haproxy_azs: [z1]

MARIADB

mariadb_port: "3306" mariadb_azs: [z2] mariadb_persistent_disk_type: "10GB" mariadb_admin_user_id: "" mariadb_admin_user_password: "" mariadb_role_set_administrator_code_name: "Administrator" mariadb_role_set_administrator_code: "RS0001" mariadb_role_set_regular_user_code_name: "Regular User" mariadb_role_set_regular_user_code: "RS0002" mariadb_role_set_init_user_code_name: "Init User" mariadb_role_set_init_user_code: "RS0003"

DASHBOARD

caas_dashboard_instances: 1 caas_dashboard_port: 8091 caas_dashboard_azs: [z3] caas_dashboard_management_security_enabled: false caas_dashboard_logging_level: "INFO"

API

caas_api_instances: 1 caas_api_port: 3333 caas_api_azs: [z1] caas_api_management_security_enabled: false caas_api_logging_level: "INFO"

COMMON API

caas_common_api_instances: 1 caas_common_api_port: 3334 caas_common_api_azs: [z2] caas_common_api_logging_level: "INFO"

SERVICE BROKER

caas_service_broker_instances: 1 caas_service_broker_port: 8888 caas_service_broker_azs: [z3]

PRIVATE IMAGE REPOSITORY

private_image_repository_azs: [z1] private_image_repository_port: 5000 private_image_repository_root_directory: "/var/vcap/data/private-image-repository" private_image_repository_public_url: "" private_image_repository_persistent_disk_type: "10GB"

ADDON

caas_apply_addons_azs: [z2]

MASTER

caas_master_backend_port: 8443 caas_master_port: 8443 caas_master_azs: [z3] caas_master_persistent_disk_type: 51200

WORKER

caas_worker_instances: 3 caas_worker_azs: [z1,z2,z3]

JENKINS

jenkins_broker_instances: 1 jenkins_broker_port: 8787 jenkins_broker_azs: [z3] jenkins_namespace: "paasta-jenkins" jenkins_secret_file: "/var/vcap/jobs/container-jenkins-broker/data/docker-secret.yml" jenkins_namespace_file: "/var/vcap/jobs/container-jenkins-broker/data/create-namespace.yml"

> AWS용

$ cd ~/workspace/paasta-5.0/deployment/service-deployment/paasta-container-service-2.0 $ vi ./manifests/paasta-container-service-vars-aws.yml

INCEPTION OS USER NAME

inception_os_user_name: "ubuntu"

REQUIRED FILE PATH VARIABLE

paasta_version: "5.0"

RELEASE

caas_projects_release_name: "paasta-container-service-projects-release" caas_projects_release_version: "2.0" cfcr_release_name: "kubo-release" cfcr_release_version: "0.34.1"

IAAS

aws_access_key_id_master: '' aws_secret_access_key_master: '' aws_access_key_id_worker: '' aws_secret_access_key_worker: '' kubernetes_cluster_tag: 'kubernetes' # Do not update!

STEMCELL

stemcell_os: "ubuntu-xenial" stemcell_version: "315.64" stemcell_alias: "xenial"

VM_TYPE

vm_type_small: "small" vm_type_small_highmem_16GB: "small-highmem-16GB" vm_type_small_highmem_16GB_100GB: "small-highmem-16GB" vm_type_caas_small: "small" vm_type_caas_small_api: "small"

NETWORK

service_private_nat_networks_name: "default" service_private_networks_name: "default" service_public_networks_name: "vip"

IPS

caas_master_public_url: "" haproxy_public_url: ""

CREDHUB

credhub_server_url: "10.0.1.6:8844" credhub_admin_client_secret: ""

CF

cf_uaa_oauth_uri: "https://uaa..xip.io" cf_api_url: "https://api..xip.io" cf_uaa_oauth_client_id: "" # caasclient (2.5. Container 서비스 UAA Client Id 등록 부분의 client 계정 id 와 같아야 한다.) cf_uaa_oauth_client_secret: "" # clientsecret (2.5. Container 서비스 UAA Client Id 등록 부분의 client 계정 password 와 같아야 한다.)

HAPROXY

haproxy_http_port: 8080 haproxy_azs: [z7]

MARIADB

mariadb_port: "3306" mariadb_azs: [z5] mariadb_persistent_disk_type: "10GB" mariadb_admin_user_id: "" mariadb_admin_user_password: "" mariadb_role_set_administrator_code_name: "Administrator" mariadb_role_set_administrator_code: "RS0001" mariadb_role_set_regular_user_code_name: "Regular User" mariadb_role_set_regular_user_code: "RS0002" mariadb_role_set_init_user_code_name: "Init User" mariadb_role_set_init_user_code: "RS0003"

DASHBOARD

caas_dashboard_instances: 1 caas_dashboard_port: 8091 caas_dashboard_azs: [z6] caas_dashboard_management_security_enabled: false caas_dashboard_logging_level: "INFO"

API

caas_api_instances: 1 caas_api_port: 3333 caas_api_azs: [z6] caas_api_management_security_enabled: false caas_api_logging_level: "INFO"

COMMON API

caas_common_api_instances: 1 caas_common_api_port: 3334 caas_common_api_azs: [z6] caas_common_api_logging_level: "INFO"

SERVICE BROKER

caas_service_broker_instances: 1 caas_service_broker_port: 8888 caas_service_broker_azs: [z6]

PRIVATE IMAGE REPOSITORY

private_image_repository_azs: [z7] private_image_repository_port: 5000 private_image_repository_root_directory: "/var/vcap/data/private-image-repository" private_image_repository_public_url: "" private_image_repository_persistent_disk_type: "10GB"

ADDON

caas_apply_addons_azs: [z5]

MASTER

caas_master_backend_port: "8443" caas_master_port: "8443" caas_master_azs: [z7] caas_master_persistent_disk_type: 51200

WORKER

caas_worker_instances: 3 caas_worker_azs: [z4,z5,z6]

JENKINS

jenkins_broker_instances: 1 jenkins_broker_port: 8787 jenkins_broker_azs: [z6] jenkins_namespace: "paasta-jenkins" jenkins_secret_file: "/var/vcap/jobs/container-jenkins-broker/data/docker-secret.yml" jenkins_namespace_file: "/var/vcap/jobs/container-jenkins-broker/data/create-namespace.yml"

> OpenStack용

$ cd ~/workspace/paasta-5.0/deployment/service-deployment/paasta-container-service-2.0 $ vi ./manifests/paasta-container-service-vars-openstack.yml

INCEPTION OS USER NAME

inception_os_user_name: "ubuntu"

REQUIRED FILE PATH VARIABLE

paasta_version: "5.0"

RELEASE

caas_projects_release_name: "paasta-container-service-projects-release" caas_projects_release_version: "2.0" cfcr_release_name: "kubo-release" cfcr_release_version: "0.34.1"

IAAS

auth_url: 'http://:5000/v3' openstack_domain: '' openstack_username: '' openstack_password: '' openstack_project_id: '' region: '' ignore-volume-az: true

STEMCELL

stemcell_os: "ubuntu-xenial" stemcell_version: "315.64" stemcell_alias: "xenial"

VM_TYPE

vm_type_small: "small" vm_type_small_highmem_16GB: "small-highmem-16GB" vm_type_small_highmem_16GB_100GB: "small-highmem-16GB" vm_type_caas_small: "small" vm_type_caas_small_api: "small"

NETWORK

service_private_networks_name: "default" service_public_networks_name: "vip"

IPS

caas_master_public_url: "" haproxy_public_url: ""

CREDHUB

credhub_server_url: "10.0.1.6:8844" credhub_admin_client_secret: ""

CF

cf_uaa_oauth_uri: "https://uaa..xip.io" cf_api_url: "https://api..xip.io" cf_uaa_oauth_client_id: "" # caasclient (2.5. Container 서비스 UAA Client Id 등록 부분의 client 계정 id 와 같아야 한다.) cf_uaa_oauth_client_secret: "" # clientsecret (2.5. Container 서비스 UAA Client Id 등록 부분의 client 계정 password 와 같아야 한다.)

HAPROXY

haproxy_http_port: 8080 haproxy_azs: [z7]

MARIADB

mariadb_port: "3306" #"" mariadb_azs: [z5] mariadb_persistent_disk_type: "10GB" mariadb_admin_user_id: "root" #"" mariadb_admin_user_password: "Paasta@2019" #"" mariadb_role_set_administrator_code_name: "Administrator" mariadb_role_set_administrator_code: "RS0001" mariadb_role_set_regular_user_code_name: "Regular User" mariadb_role_set_regular_user_code: "RS0002" mariadb_role_set_init_user_code_name: "Init User" mariadb_role_set_init_user_code: "RS0003"

DASHBOARD

caas_dashboard_instances: 1 caas_dashboard_port: 8091 caas_dashboard_azs: [z6] caas_dashboard_management_security_enabled: false caas_dashboard_logging_level: "INFO"

API

caas_api_instances: 1 caas_api_port: 3333 caas_api_azs: [z5] caas_api_management_security_enabled: false caas_api_logging_level: "INFO"

COMMON API

caas_common_api_instances: 1 caas_common_api_port: 3334 caas_common_api_azs: [z5] caas_common_api_logging_level: "INFO"

SERVICE BROKER

caas_service_broker_instances: 1 caas_service_broker_port: "8888" caas_service_broker_azs: [z6]

PRIVATE IMAGE REPOSITORY

private_image_repository_azs: [z7] private_image_repository_port: 5000 private_image_repository_root_directory: "/var/vcap/data/private-image-repository" private_image_repository_public_url: "" private_image_repository_persistent_disk_type: "10GB"

ADDON

caas_apply_addons_azs: [z5]

MASTER

caas_master_backend_port: 8443 caas_master_port: 8443 caas_master_azs: [z7] caas_master_persistent_disk_type: 51200

WORKER

caas_worker_instances: 3 caas_worker_azs: [z4,z5,z6]

JENKINS

jenkins_broker_instances: 1 jenkins_broker_port: 8787 jenkins_broker_azs: [z2] jenkins_namespace: "paasta-jenkins" jenkins_secret_file: "/var/vcap/jobs/container-jenkins-broker/data/docker-secret.yml" jenkins_namespace_file: "/var/vcap/jobs/container-jenkins-broker/data/create-namespace.yml"

> GCP용

$ cd ~/workspace/paasta-5.0/deployment/service-deployment/paasta-container-service-2.0 $ vi ./manifests/paasta-container-service-vars-gcp.yml

INCEPTION OS USER NAME

inception_os_user_name: "inception"

REQUIRED FILE PATH VARIABLE

paasta_version: "5.0"

RELEASE

caas_projects_release_name: "paasta-container-service-projects-release" caas_projects_release_version: "2.0" cfcr_release_name: "kubo-release" cfcr_release_version: "0.34.1"

IAAS

project_id: "" network: "" director_name: "" deployment_name: ""

STEMCELL

stemcell_os: "ubuntu-xenial" stemcell_version: "315.64" stemcell_alias: "xenial"

VM_TYPE

vm_type_small: "small" vm_type_small_highmem_16GB: "small-highmem-16GB" vm_type_small_highmem_16GB_100GB: "small-highmem-16GB" vm_type_caas_small: "small" vm_type_caas_small_api: "small"

NETWORK

service_private_nat_networks_name: "default" service_private_networks_name: "default" service_public_networks_name: "vip"

IPS

caas_master_public_url: "" haproxy_public_url: ""

CREDHUB

credhub_server_url: "10.174.0.3:8844" credhub_admin_client_secret: ""

CF

cf_uaa_oauth_uri: "https://uaa..xip.io" cf_api_url: "https://api..xip.io" cf_uaa_oauth_client_id: "" # caasclient (2.5. Container 서비스 UAA Client Id 등록 부분의 client 계정 id 와 같아야 한다.) cf_uaa_oauth_client_secret: "" # clientsecret (2.5. Container 서비스 UAA Client Id 등록 부분의 client 계정 password 와 같아야 한다.)

HAPROXY

haproxy_http_port: 8080 haproxy_azs: [z7]

MARIADB

mariadb_port: "3306" mariadb_azs: [z5] mariadb_persistent_disk_type: "10GB" mariadb_admin_user_id: "" mariadb_admin_user_password: "" mariadb_role_set_administrator_code_name: "Administrator" mariadb_role_set_administrator_code: "RS0001" mariadb_role_set_regular_user_code_name: "Regular User" mariadb_role_set_regular_user_code: "RS0002" mariadb_role_set_init_user_code_name: "Init User" mariadb_role_set_init_user_code: "RS0003"

DASHBOARD

caas_dashboard_instances: 1 caas_dashboard_port: 8091 caas_dashboard_azs: [z5] caas_dashboard_management_security_enabled: false caas_dashboard_logging_level: "INFO"

API

caas_api_instances: 1 caas_api_port: 3333 caas_api_azs: [z5] caas_api_management_security_enabled: false caas_api_logging_level: "INFO"

COMMON API

caas_common_api_instances: 1 caas_common_api_port: 3334 caas_common_api_azs: [z5] caas_common_api_logging_level: "INFO"

SERVICE BROKER

caas_service_broker_instances: 1 caas_service_broker_port: 8888 caas_service_broker_azs: [z5]

PRIVATE IMAGE REPOSITORY

private_image_repository_azs: [z7] private_image_repository_port: 5000 private_image_repository_root_directory: "/var/vcap/data/private-image-repository" private_image_repository_public_url: "" private_image_repository_persistent_disk_type: "10GB"

ADDON

caas_apply_addons_azs: [z6]

MASTER

caas_master_backend_port: 8443 caas_master_port: 8443 caas_master_azs: [z7] caas_master_persistent_disk_type: 51200

WORKER

caas_worker_instances: 3 caas_worker_azs: [z4,z5,z6]

JENKINS

jenkins_broker_instances: 1 jenkins_broker_port: 8787 jenkins_broker_azs: [z5] jenkins_namespace: "paasta-jenkins" jenkins_secret_file: "/var/vcap/jobs/container-jenkins-broker/data/docker-secret.yml" jenkins_namespace_file: "/var/vcap/jobs/container-jenkins-broker/data/create-namespace.yml"

> Azure용

$ cd ~/workspace/paasta-5.0/deployment/service-deployment/paasta-container-service-2.0 $ vi ./manifests/paasta-container-service-vars-azure.yml

INCEPTION OS USER NAME

inception_os_user_name: "ubuntu"

REQUIRED FILE PATH VARIABLE

paasta_version: "5.0"

RELEASE

caas_projects_release_name: "paasta-container-service-projects-release" caas_projects_release_version: "2.0" cfcr_release_name: "kubo-release" cfcr_release_version: "0.34.1"

IAAS

azure_cloud_name: "" location: "" primary_availability_set: "" resource_group_name: "" default_security_group: "" subnet_name: "" subscription_id: "" tenant_id: "" vnet_name: "" vnet_resource_group_name: ""

STEMCELL

stemcell_os: "ubuntu-xenial" stemcell_version: "315.64" stemcell_alias: "xenial"

VM_TYPE

vm_type_small: "small" vm_type_small_highmem_16GB: "small-highmem-16GB" vm_type_small_highmem_16GB_100GB: "small-highmem-16GB" vm_type_caas_small: "small" vm_type_caas_small_api: "small"

NETWORK

service_private_nat_networks_name: "default" service_private_networks_name: "default" service_public_networks_name: "vip"

IPS

caas_master_public_url: "" haproxy_public_url: ""

CREDHUB

credhub_server_url: "10.0.1.6:8844" credhub_admin_client_secret: ""

CF

cf_uaa_oauth_uri: "https://uaa..xip.io" cf_api_url: "https://api..xip.io" cf_uaa_oauth_client_id: "" # caasclient (2.5. Container 서비스 UAA Client Id 등록 부분의 client 계정 id 와 같아야 한다.) cf_uaa_oauth_client_secret: "" # clientsecret (2.5. Container 서비스 UAA Client Id 등록 부분의 client 계정 password 와 같아야 한다.)

HAPROXY

haproxy_http_port: 8080 haproxy_azs: [z7]

MARIADB

mariadb_port: "3306" mariadb_azs: [z5] mariadb_persistent_disk_type: "10GB" mariadb_admin_user_id: "" mariadb_admin_user_password: "" mariadb_role_set_administrator_code_name: "Administrator" mariadb_role_set_administrator_code: "RS0001" mariadb_role_set_regular_user_code_name: "Regular User" mariadb_role_set_regular_user_code: "RS0002" mariadb_role_set_init_user_code_name: "Init User" mariadb_role_set_init_user_code: "RS0003"

DASHBOARD

caas_dashboard_instances: 1 caas_dashboard_port: 8091 caas_dashboard_azs: [z6] caas_dashboard_management_security_enabled: false caas_dashboard_logging_level: "INFO"

API

caas_api_instances: 1 caas_api_port: 3333 caas_api_azs: [z6] caas_api_management_security_enabled: false caas_api_logging_level: "INFO"

COMMON API

caas_common_api_instances: 1 caas_common_api_port: 3334 caas_common_api_azs: [z6] caas_common_api_logging_level: "INFO"

SERVICE BROKER

caas_service_broker_instances: 1 caas_service_broker_port: 8888 caas_service_broker_azs: [z6]

PRIVATE IMAGE REPOSITORY

private_image_repository_azs: [z7] private_image_repository_port: 5000 private_image_repository_root_directory: "/var/vcap/data/private-image-repository" private_image_repository_public_url: "" private_image_repository_persistent_disk_type: "10GB"

ADDON

caas_apply_addons_azs: [z5]

MASTER

caas_master_backend_port: "8443" caas_master_port: "8443" caas_master_azs: [z7] caas_master_persistent_disk_type: 51200

WORKER

caas_worker_instances: 3 caas_worker_azs: [z4,z5,z6]

JENKINS

jenkins_broker_instances: 1 jenkins_broker_port: 8787 jenkins_broker_azs: [z6] jenkins_namespace: "paasta-jenkins" jenkins_secret_file: "/var/vcap/jobs/container-jenkins-broker/data/docker-secret.yml" jenkins_namespace_file: "/var/vcap/jobs/container-jenkins-broker/data/create-namespace.yml"

- Deploy 스크립트 파일을 서버 환경에 맞게 수정한다.
- vSphere : **deploy-vsphere.sh**
- AWS : **deploy-aws.sh**
- OpenStack : **deploy-openstack.sh**
- GCP : **deploy-gcp.sh**
- Azure : **deploy-azure.sh**

$ cd ~/workspace/paasta-5.0/deployment/service-deployment/paasta-container-service-2.0 $ vi deploy-vsphere.sh

!/bin/bash

SET VARIABLES

export CAAS_DEPLOYMENT_NAME='paasta-container-service' export CAAS_BOSH2_NAME='micro-bosh' export CAAS_BOSH2_UUID=bosh int <(bosh -e ${CAAS_BOSH2_NAME} environment --json) --path=/Tables/0/Rows/0/uuid

DEPLOY

bosh -e ${CAAS_BOSH2_NAME} -n -d ${CAAS_DEPLOYMENT_NAME} deploy --no-redact manifests/paasta-container-service-deployment-vsphere.yml -l manifests/paasta-container-service-vars-vsphere.yml -o manifests/ops-files/paasta-container-service/network-vsphere.yml -o manifests/ops-files/iaas/vsphere/cloud-provider.yml -o manifests/ops-files/iaas/vsphere/set-working-dir-no-rp.yml -o manifests/ops-files/rename.yml -o manifests/ops-files/misc/single-master.yml -o manifests/ops-files/misc/first-time-deploy.yml -v director_uuid=${CAAS_BOSH2_UUID} -v director_name=${CAAS_BOSH2_NAME} -v deployment_name=${CAAS_DEPLOYMENT_NAME}

- Container 서비스팩을 배포한다.

$ ./remove-all-addons.sh $ ./deploy-openstack.sh

Using environment '10.0.1.6' as client 'admin'

Using deployment 'paasta-container-service'

################################################## 100.00% 177.74 KiB/s 0s

#################################################### 100.00% 5.57 KiB/s 0s

################################################### 100.00% 30.84 KiB/s 0s

################################################## 100.00% 770.66 KiB/s 0s

Task 611 Task 613 Task 612 Task 611 | 08:11:56 | Extracting release: Extracting release (00:00:00) Task 611 | 08:11:56 | Verifying manifest: Verifying manifest Task 610 | 08:11:56 | Extracting release: Extracting release (00:00:00) Task 610 | 08:11:56 | Verifying manifest: Verifying manifest (00:00:00) Task 611 | 08:11:56 | Verifying manifest: Verifying manifest (00:00:00) Task 611 | 08:11:57 | Resolving package dependencies: Resolving package dependencies Task 613 | 08:11:57 | Extracting release: Extracting release (00:00:00) Task 613 | 08:11:57 | Verifying manifest: Verifying manifest Task 610 | 08:11:57 | Resolving package dependencies: Resolving package dependencies Task 611 | 08:11:57 | Resolving package dependencies: Resolving package dependencies (00:00:00) Task 611 | 08:11:57 | Processing 3 existing jobs: Processing 3 existing jobs (00:00:00) Task 611 | 08:11:57 | Compiled Release has been created: bpm/1.0.4 (00:00:00)

Task 611 Started Fri Nov 22 08:11:56 UTC 2019 Task 611 Finished Fri Nov 22 08:11:57 UTC 2019 Task 611 Duration 00:00:01 Task 611 done

Task 613 | 08:11:57 | Verifying manifest: Verifying manifest (00:00:00) Task 613 | 08:11:57 | Resolving package dependencies: Resolving package dependencies (00:00:00) Task 613 | 08:11:58 | Processing 6 existing jobs: Processing 6 existing jobs (00:00:00) Task 613 | 08:11:58 | Compiled Release has been created: docker/35.2.1 (00:00:00)

Task 613 Started Fri Nov 22 08:11:57 UTC 2019 Task 613 Finished Fri Nov 22 08:11:58 UTC 2019 Task 613 Duration 00:00:01 Task 613 done

Task 610 | 08:11:57 | Resolving package dependencies: Resolving package dependencies (00:00:00) Task 610 | 08:11:57 | Processing 4 existing jobs: Processing 4 existing jobs (00:00:00) Task 610 | 08:11:57 | Compiled Release has been created: cfcr-etcd/1.11.1 (00:00:00)

Task 610 Started Fri Nov 22 08:11:56 UTC 2019 Task 610 Finished Fri Nov 22 08:11:57 UTC 2019 Task 610 Duration 00:00:01 Task 610 done

Task 612 | 08:11:58 | Extracting release: Extracting release (00:00:00) Task 612 | 08:11:58 | Verifying manifest: Verifying manifest (00:00:00) Task 612 | 08:11:58 | Resolving package dependencies: Resolving package dependencies (00:00:00) Task 612 | 08:11:58 | Processing 6 existing packages: Processing 6 existing packages (00:00:02) Task 612 | 08:12:00 | Processing 4 existing jobs: Processing 4 existing jobs (00:00:00) Task 612 | 08:12:00 | Release has been created: bosh-dns/1.12.0 (00:00:00)

Task 612 Started Fri Nov 22 08:11:58 UTC 2019 Task 612 Finished Fri Nov 22 08:12:00 UTC 2019 Task 612 Duration 00:00:02 Task 612 done

################################################### 100.00% 96.30 MiB/s 4s

Task 614

Task 614 | 08:12:26 | Extracting release: Extracting release (00:00:02) Task 614 | 08:12:29 | Verifying manifest: Verifying manifest (00:00:00) Task 614 | 08:12:29 | Resolving package dependencies: Resolving package dependencies (00:00:00) Task 614 | 08:12:29 | Creating new packages: cifs-utils/5cdcfa2be82cf12c60e1d18cac67b2edd460e3dce1c309496e9aafb5e969cb31 (00:00:00) Task 614 | 08:12:29 | Creating new packages: cni/733d130f18b3988a8a2dac37e66e886cbd368116b4fbf56438946795b59b8409 (00:00:01) Task 614 | 08:12:30 | Creating new packages: conntrack/a4fcc71e14eba1dd1f27115fb3647bc9d913a13ef3842d312c8ab288954d6899 (00:00:00) Task 614 | 08:12:30 | Creating new packages: etcdctl/fb69bb4734751c6ad5e4d1e019c4c7edc1727994dcdc24404f116d3e1064ceaf (00:00:00) Task 614 | 08:12:30 | Creating new packages: flanneld/5b571d993714ca9563d1f2fdeeae1c2db71835ce548a9b75cdc4e8bd8bb20621 (00:00:01) Task 614 | 08:12:31 | Creating new packages: golang-1.12-linux/2566cc8c8b3c0f3ccf6c832a6a4657a14f938197a70c2d2b6243be051439a395 (00:00:01) Task 614 | 08:12:32 | Creating new packages: ipset/238365bbfb0001eb0ea16431c05f6b76845c101c78a905c31299f32cc820dc5a (00:00:01) Task 614 | 08:12:33 | Creating new packages: jq/5ac19aae3c9b3648140589b03b673db4ce896733505562b4c0d9e64b9a880b38 (00:00:00) Task 614 | 08:12:33 | Creating new packages: kubernetes/208b979e87b52a5cc64bcc4bc82e54532edab3f13377b24f5baa83d73a51957d (00:00:08) Task 614 | 08:12:41 | Creating new packages: nfs/9e30f53d1743d5ae1898520bc1c501b28647cd2f7e5bd5eddd2c34c560763771 (00:00:00) Task 614 | 08:12:41 | Creating new packages: pid_utils/a2a905d267548c461ccf91937963ff7d26356f8f2edd928490ba529d0cc94aa4 (00:00:00) Task 614 | 08:12:41 | Creating new packages: prometheus/641a811c8b53b4572daff1c857b052cfa41e44f8700f31503623f99c1e78a6a9 (00:00:00) Task 614 | 08:12:41 | Creating new packages: smoke-tests/0f3e7c3d8594c6f5bff2e0e54b0390fa57c95d99aba0f3fef54a85f9242b985b (00:00:00) Task 614 | 08:12:41 | Creating new packages: socat/5737907822eb2c5ab7aa509d699acc566f349b7e86d8a8d176037b90d3427dbe (00:00:00) Task 614 | 08:12:41 | Creating new jobs: apply-specs/16f5acd86b9cf75db5326a8d61739ac6296b728341e681f3dc2eca47f99cb512 (00:00:00) Task 614 | 08:12:41 | Creating new jobs: bbr-kube-apiserver/56cbb995f6cdac6d27577f4ffd166b148aad57ff44ecf9b2c687bdbdf403e9a1 (00:00:00) Task 614 | 08:12:41 | Creating new jobs: cifs-utils/41efca0df09260293d95b618d4858e6f18aab226d64a7e6f80951134ea82bcdd (00:00:01) Task 614 | 08:12:42 | Creating new jobs: cloud-provider/ce4e4103d4560fa3ddbd267e7456f4883ebe3340cd97cc1fe0c827d01d4b095d (00:00:00) Task 614 | 08:12:42 | Creating new jobs: flanneld/c9fa0facf6840eb82562c5d1714963ca24a8d430d2681db861cc93085070ab0a (00:00:01) Task 614 | 08:12:43 | Creating new jobs: kube-apiserver/b6cb4e9cc04f9ee4221def47265ce0074bec1412941e79de659ca670d83b105d (00:00:00) Task 614 | 08:12:43 | Creating new jobs: kube-controller-manager/2cc0863c2fc4f218d90eff06882872015341aa8eaa8bdbaee4e5a7a70c8e2bb7 (00:00:00) Task 614 | 08:12:43 | Creating new jobs: kube-proxy/65e036f59b63b3a160ccf456f3819b220e101e230206ad27a96dbaa4bb4b0975 (00:00:00) Task 614 | 08:12:43 | Creating new jobs: kube-scheduler/575969aff53426e9fa25041f0e599ec9b1e9758c28d94ab8795e2b6af6226b38 (00:00:00) Task 614 | 08:12:44 | Creating new jobs: kubelet/691a8fe39a9943cfe8887d818e222d5e58a2385abcf62bf7cb128a257efe427b (00:00:00) Task 614 | 08:12:44 | Creating new jobs: kubernetes-dependencies/40fdea1f8d3818418c9bd3216cc633a583f0537b30ec2b9957f24ab5a32b2971 (00:00:05) Task 614 | 08:12:51 | Creating new jobs: kubernetes-roles/1a2882b6abb4abfa60a118cf8268e8518312a5b3f367787e6aab72286e2c4ea7 (00:00:01) Task 614 | 08:12:52 | Creating new jobs: kubo-dns-aliases/0b18a6e6006651877e1df15d8c8f3b2e1e5a8ebf33f24622d5bad47bf2d91979 (00:00:00) Task 614 | 08:12:52 | Creating new jobs: prometheus/a71ed7b138391f2a69e4f64126bef2a04e918567126720bb24c9da014a41d106 (00:00:00) Task 614 | 08:12:52 | Creating new jobs: smoke-tests/9b7bcb34e0a2c16d40a61af1f76d68ced53b9abd9db4e50d2310d5419389679d (00:00:00) Task 614 | 08:12:52 | Release has been created: kubo/0.34.1 (00:00:00)

Task 614 Started Fri Nov 22 08:12:26 UTC 2019 Task 614 Finished Fri Nov 22 08:12:52 UTC 2019 Task 614 Duration 00:00:26 Task 614 done

################################################# 100.00% 104.13 MiB/s 10s

Task 615

Task 615 | 08:13:18 | Extracting release: Extracting release (00:00:08) Task 615 | 08:13:26 | Verifying manifest: Verifying manifest (00:00:00) Task 615 | 08:13:26 | Resolving package dependencies: Resolving package dependencies (00:00:00) Task 615 | 08:13:26 | Creating new packages: container-jenkins-broker/61402977c04a852d4fc225647de0552311ca93d5af34623b5dbb11f270f6955c (00:00:03) Task 615 | 08:13:29 | Creating new packages: container-service-api/799d2307a495ac31a2814a117caf6654f8a3c97b9a737fe0f28b82b1cf9424d1 (00:00:01) Task 615 | 08:13:30 | Creating new packages: container-service-broker/dec15d1e9a681abd3028dbc6178e03502318945bdf2569677dec9f903ef4fac4 (00:00:04) Task 615 | 08:13:34 | Creating new packages: container-service-common-api/d4bed1a591fdc156ed6b382ae29bd4c78e4aa7dc611d250e8d118ad8b6f98462 (00:00:00) Task 615 | 08:13:34 | Creating new packages: container-service-dashboard/fddb96e48b6ccd9e31fbcaa2bf9f1c3c3d1183e9c10f1c3bb1bcb27119fe32c7 (00:00:01) Task 615 | 08:13:35 | Creating new packages: docker-images/6569c8e4d1dcbfa24ebdeefdca566812ed973836f38b4caa5adeced5a3ccf259 (00:00:17) Task 615 | 08:13:52 | Creating new packages: docker-repository-setting/a12df48ea6f42617b66ff0f009ac777ad624b072187e53015ee09ef1b75c3fbd (00:00:00) Task 615 | 08:13:52 | Creating new packages: private-image-repository/afe545b792d56af9fb744a7b123b8cd53d394567ea73d58b6a590a9626dc9e17 (00:00:00) Task 615 | 08:13:52 | Processing 3 existing packages: Processing 3 existing packages (00:00:00) Task 615 | 08:13:52 | Creating new jobs: container-jenkins-broker/7836667a306cf2ae27d8d815db4ede086b5006339d785bbf90bf546d56336e2a (00:00:00) Task 615 | 08:13:52 | Creating new jobs: container-service-api/1ecc773f9a717baefb637a2339a6ae5612908e388788fb3bf2025c94e5e1284c (00:00:01) Task 615 | 08:13:53 | Creating new jobs: container-service-broker/b3e5bc10e34861f964e9bcedc7d4bc0e67906c4bf0d05f8b564e58589c623624 (00:00:00) Task 615 | 08:13:53 | Creating new jobs: container-service-common-api/393810cc14247d14f2b1094306189c95a6bbb9b2ddbd4d222ee0e2fe05fa348b (00:00:00) Task 615 | 08:13:53 | Creating new jobs: container-service-dashboard/cbe4393d6939f633f7664932a2bbf0aab213b9fad43d0f09cb64267d03178674 (00:00:00) Task 615 | 08:13:53 | Creating new jobs: docker-images/5da3804d51358c1d2b5a57c4b85f678424c2585f493cabe7c9fd5b657f02b13b (00:00:00) Task 615 | 08:13:53 | Creating new jobs: docker-repository-setting/24a4331a89f7443f22f7de69f3ccce6c58d10913fd53d3f727a6049d53620934 (00:00:01) Task 615 | 08:13:55 | Creating new jobs: haproxy/5ca9c27b4c0732f6d9aac1312f5e978d265e3cc0b3a6f6d2d193e769f5bffe1f (00:00:00) Task 615 | 08:13:55 | Creating new jobs: mariadb/c10857a8792cf9eb095a3548ba63f1905f2e5537351213e6b3858d8a5b878be2 (00:00:00) Task 615 | 08:13:55 | Creating new jobs: private-image-repository/85821934521b807641d6ce64b357ad4b381c324b7b066035dd300f137c1b922e (00:00:00) Task 615 | 08:13:55 | Release has been created: paasta-container-service-projects-release/2.0 (00:00:01)

Task 615 Started Fri Nov 22 08:13:18 UTC 2019 Task 615 Finished Fri Nov 22 08:13:56 UTC 2019 Task 615 Duration 00:00:38 Task 615 done

  • azs:

    • cloud_properties:

  • availability_zone: nova

  • name: z1

    • cloud_properties:

  • availability_zone: nova

  • name: z2

    • cloud_properties:

  • availability_zone: nova

  • name: z3

    • cloud_properties:

  • availability_zone: nova

  • name: z4

    • cloud_properties:

  • availability_zone: nova

  • name: z5

    • cloud_properties:

  • availability_zone: nova

  • name: z6

    • cloud_properties:

  • availability_zone: nova

  • name: z7

  • vm_types:

    • cloud_properties:

  • instance_type: m1.tiny

  • name: minimal

    • cloud_properties:

  • instance_type: m1.medium

  • name: default

    • cloud_properties:

  • instance_type: m1.small

  • name: small

    • cloud_properties:

  • instance_type: m1.medium

  • name: medium

    • cloud_properties:

  • instance_type: m1.medium

  • name: medium-memory-8GB

    • cloud_properties:

  • instance_type: m1.large

  • name: large

    • cloud_properties:

  • instance_type: m1.xlarge

  • name: xlarge

    • cloud_properties:

  • instance_type: m1.medium

  • name: small-50GB

    • cloud_properties:

  • instance_type: m1.medium

  • name: small-50GB-ephemeral-disk

    • cloud_properties:

  • instance_type: m1.large

  • name: small-100GB-ephemeral-disk

    • cloud_properties:

  • instance_type: m1.large

  • name: small-highmem-100GB-ephemeral-disk

    • cloud_properties:

  • instance_type: m1.large

  • name: small-highmem-16GB

    • cloud_properties:

  • instance_type: m1.medium

  • name: service_medium

    • cloud_properties:

  • instance_type: m1.medium

  • name: service_medium_2G

    • cloud_properties:

  • instance_type: m1.tiny

  • name: portal_small

    • cloud_properties:

  • instance_type: m1.small

  • name: portal_medium

    • cloud_properties:

  • instance_type: m1.small

  • name: portal_large

  • vm_extensions:

    • cloud_properties:

  • ports:

    • host: 3306

  • name: mysql-proxy-lb

    • name: cf-router-network-properties

    • name: cf-tcp-router-network-properties

    • name: diego-ssh-proxy-network-properties

    • name: cf-haproxy-network-properties

    • cloud_properties:

  • ephemeral_disk:

  • size: 51200

  • type: gp2

  • name: small-50GB

    • cloud_properties:

  • ephemeral_disk:

  • size: 102400

  • type: gp2

  • name: small-highmem-100GB

  • compilation:

  • az: z3

  • network: default

  • reuse_compilation_vms: true

  • vm_type: large

  • workers: 5

  • networks:

    • name: default

  • subnets:

    • az: z1

  • cloud_properties:

  • name: random

  • net_id: 9950af59-daf2-43d6-967c-ad445bfe2cb2

  • security_groups:

    • paasta-v50-security

  • dns:

    • 8.8.8.8

  • gateway: 10.0.1.1

  • range: 10.0.1.0/24

  • reserved:

    • 10.0.1.1 - 10.0.1.9

  • static:

    • 10.0.1.10 - 10.0.1.120

    • az: z2

  • cloud_properties:

  • name: random

  • net_id: 9950af59-daf2-43d6-967c-ad445bfe2cb2

  • security_groups:

    • paasta-v50-security

  • dns:

    • 8.8.8.8

  • gateway: 10.0.41.1

  • range: 10.0.41.0/24

  • reserved:

    • 10.0.41.1 - 10.0.41.9

  • static:

    • 10.0.41.10 - 10.0.41.120

    • az: z3

  • cloud_properties:

  • name: random

  • net_id: 9950af59-daf2-43d6-967c-ad445bfe2cb2

  • security_groups:

    • paasta-v50-security

  • dns:

    • 8.8.8.8

  • gateway: 10.0.81.1

  • range: 10.0.81.0/24

  • reserved:

    • 10.0.81.1 - 10.0.81.9

  • static:

    • 10.0.81.10 - 10.0.81.120

    • az: z4

  • cloud_properties:

  • name: random

  • net_id: 9950af59-daf2-43d6-967c-ad445bfe2cb2

  • security_groups:

    • paasta-v50-security

  • dns:

    • 8.8.8.8

  • gateway: 10.0.121.1

  • range: 10.0.121.0/24

  • reserved:

    • 10.0.121.1 - 10.0.121.9

  • static:

    • 10.0.121.10 - 10.0.121.120

    • az: z5

  • cloud_properties:

  • name: random

  • net_id: 9950af59-daf2-43d6-967c-ad445bfe2cb2

  • security_groups:

    • paasta-v50-security

  • dns:

    • 8.8.8.8

  • gateway: 10.0.161.1

  • range: 10.0.161.0/24

  • reserved:

    • 10.0.161.1 - 10.0.161.9

  • static:

    • 10.0.161.10 - 10.0.161.120

    • az: z6

  • cloud_properties:

  • name: random

  • net_id: 9950af59-daf2-43d6-967c-ad445bfe2cb2

  • security_groups:

    • paasta-v50-security

  • dns:

    • 8.8.8.8

  • gateway: 10.0.201.1

  • range: 10.0.201.0/24

  • reserved:

    • 10.0.201.1 - 10.0.201.9

  • static:

    • 10.0.201.10 - 10.0.201.120

    • az: z7

  • cloud_properties:

  • name: random

  • net_id: 9950af59-daf2-43d6-967c-ad445bfe2cb2

  • security_groups:

    • paasta-v50-security

  • dns:

    • 8.8.8.8

  • gateway: 10.0.0.1

  • range: 10.0.0.0/24

  • reserved:

    • 10.0.0.1 - 10.0.0.9

  • static:

    • 10.0.0.10 - 10.0.0.120

    • name: vip

  • type: vip

  • disk_types:

    • disk_size: 1024

  • name: default

    • disk_size: 1024

  • name: 1GB

    • disk_size: 2048

  • name: 2GB

    • disk_size: 4096

  • name: 4GB

    • disk_size: 5120

  • name: 5GB

    • disk_size: 8192

  • name: 8GB

    • disk_size: 10240

  • name: 10GB

    • disk_size: 20480

  • name: 20GB

    • disk_size: 30720

  • name: 30GB

    • disk_size: 51200

  • name: 50GB

    • disk_size: 102400

  • name: 100GB

    • disk_size: 1048576

  • name: 1TBB

    • cloud_properties:

  • type: SSD1

  • disk_size: 2000

  • name: 2GB_GP2

    • cloud_properties:

  • type: SSD1

  • disk_size: 5000

  • name: 5GB_GP2

    • cloud_properties:

  • type: SSD1

  • disk_size: 10000

  • name: 10GB_GP2

    • cloud_properties:

  • type: SSD1

  • disk_size: 50000

  • name: 50GB_GP2

  • stemcells:

    • alias: xenial

  • os: ubuntu-xenial

  • version: '315.64'

  • releases:

    • name: kubo

  • url: file:///home/ubuntu/workspace/paasta-5.0/release/service/kubo-release-0.34.1.tgz

  • version: 0.34.1

    • name: cfcr-etcd

  • url: file:///home/ubuntu/workspace/paasta-5.0/release/service/cfcr-etcd-1.11.1.tgz

  • version: 1.11.1

    • name: docker

  • url: file:///home/ubuntu/workspace/paasta-5.0/release/service/docker-35.2.1.tgz

  • version: 35.2.1

    • name: bpm

  • url: file:///home/ubuntu/workspace/paasta-5.0/release/service/bpm-1.0.4.tgz

  • version: 1.0.4

    • name: bosh-dns

  • url: file:///home/ubuntu/workspace/paasta-5.0/release/service/bosh-dns-release-1.12.0.tgz

  • version: 1.12.0

    • name: paasta-container-service-projects-release

  • url: file:///home/ubuntu/workspace/paasta-5.0/release/service/paasta-container-service-projects-release-2.0.tgz

  • version: '2.0'

  • update:

  • canaries: 1

  • canary_watch_time: 10000-300000

  • max_in_flight: 100%

  • update_watch_time: 10000-300000

  • addons:

    • include:

  • stemcells:

    • os: ubuntu-xenial

  • jobs:

    • name: bosh-dns

  • properties:

  • api:

  • client:

  • tls: "((/dns_api_client_tls))"

  • server:

  • tls: "((/dns_api_server_tls))"

  • cache:

  • enabled: true

  • health:

  • client:

  • tls: "((/dns_healthcheck_client_tls))"

  • enabled: true

  • server:

  • tls: "((/dns_healthcheck_server_tls))"

  • release: bosh-dns

  • name: bosh-dns

    • jobs:

    • name: kubo-dns-aliases

  • release: kubo

  • name: bosh-dns-aliases

  • variables:

    • name: kubo-admin-password

  • type: password

    • name: kubelet-password

  • type: password

    • name: kubelet-drain-password

  • type: password

    • name: kube-proxy-password

  • type: password

    • name: kube-controller-manager-password

  • type: password

    • name: kube-scheduler-password

  • type: password

    • name: etcd_user_root_password

  • type: password

    • name: etcd_user_flanneld_password

  • type: password

    • name: kubo_ca

  • options:

  • common_name: ca

  • is_ca: true

  • type: certificate

    • name: tls-kubelet

  • options:

  • alternative_names: []

  • ca: kubo_ca

  • common_name: kubelet.cfcr.internal

  • organization: system:nodes

  • type: certificate

    • name: tls-kubelet-client

  • options:

  • ca: kubo_ca

  • common_name: kube-apiserver.cfcr.internal

  • extended_key_usage:

    • client_auth

  • organization: system:masters

  • type: certificate

    • name: tls-kubernetes

  • options:

  • alternative_names:

    • xxx.xxx.xxx.xxx

    • 10.100.200.1

    • localhost

    • kubernetes

    • kubernetes.default

    • kubernetes.default.svc

    • kubernetes.default.svc.cluster.local

    • master.cfcr.internal

  • ca: kubo_ca

  • common_name: master.cfcr.internal

  • organization: system:masters

  • type: certificate

    • name: service-account-key

  • type: rsa

    • name: tls-kube-controller-manager

  • options:

  • alternative_names:

    • localhost

    • 127.0.0.1

  • ca: kubo_ca

  • common_name: kube-controller-manager

  • extended_key_usage:

    • server_auth

  • key_usage:

    • digital_signature

    • key_encipherment

  • type: certificate

    • name: etcd_ca

  • options:

  • common_name: etcd.ca

  • is_ca: true

  • type: certificate

    • name: tls-etcd-v0-29-0

  • options:

  • ca: etcd_ca

  • common_name: "*.etcd.cfcr.internal"

  • extended_key_usage:

    • client_auth

    • server_auth

  • type: certificate

    • name: tls-etcdctl-v0-29-0

  • options:

  • ca: etcd_ca

  • common_name: etcdClient

  • extended_key_usage:

    • client_auth

  • type: certificate

    • name: tls-etcdctl-root

  • options:

  • ca: etcd_ca

  • common_name: root

  • extended_key_usage:

    • client_auth

  • type: certificate

    • name: tls-etcdctl-flanneld

  • options:

  • ca: etcd_ca

  • common_name: flanneld

  • extended_key_usage:

    • client_auth

  • type: certificate

    • name: tls-metrics-server

  • options:

  • alternative_names:

    • metrics-server.kube-system.svc

  • ca: kubo_ca

  • common_name: metrics-server

  • type: certificate

    • name: kubernetes-dashboard-ca

  • options:

  • common_name: ca

  • is_ca: true

  • type: certificate

    • name: tls-kubernetes-dashboard

  • options:

  • alternative_names: []

  • ca: kubernetes-dashboard-ca

  • common_name: kubernetesdashboard.n

  • type: certificate

  • features:

  • use_dns_addresses: true

  • instance_groups:

    • azs:

    • z7

  • instances: 1

  • jobs:

    • consumes:

  • cloud-provider:

  • from: master-cloud-provider

  • name: apply-specs

  • properties:

  • addons:

    • coredns

    • metrics-server

    • kubernetes-dashboard

  • admin-password: "((kubo-admin-password))"

  • admin-username: admin

  • api-token: "((kubelet-password))"

  • tls:

  • kubernetes: "((tls-kubernetes))"

  • kubernetes-dashboard: "((tls-kubernetes-dashboard))"

  • metrics-server: "((tls-metrics-server))"

  • release: kubo

  • lifecycle: errand

  • name: apply-addons

  • networks:

    • name: default

  • stemcell: xenial

  • vm_type: small

    • azs:

    • z7

  • instances: 1

  • jobs:

    • name: docker

  • properties:

  • bridge: cni0

  • default_ulimits:

    • nofile=1048576

  • env: {}

  • flannel: true

  • ip_masq: false

  • iptables: false

  • live_restore: true

  • log_level: error

  • log_options:

    • max-size=128m

    • max-file=2

  • storage_driver: overlay2

  • store_dir: "/var/vcap/data"

  • release: docker

    • name: docker-images

  • release: paasta-container-service-projects-release

    • name: bpm

  • release: bpm

    • name: flanneld

  • properties:

  • tls:

  • etcdctl:

  • ca: "((tls-etcdctl-flanneld.ca))"

  • certificate: "((tls-etcdctl-flanneld.certificate))"

  • private_key: "((tls-etcdctl-flanneld.private_key))"

  • release: kubo

    • name: kube-proxy

  • properties:

  • api-token: "((kube-proxy-password))"

  • kube-proxy-configuration:

  • apiVersion: kubeproxy.config.k8s.io/v1alpha1

  • clientConnection:

  • kubeconfig: "/var/vcap/jobs/kube-proxy/config/kubeconfig"

  • clusterCIDR: 10.200.0.0/16

  • iptables:

  • masqueradeAll: false

  • masqueradeBit: 14

  • minSyncPeriod: 0s

  • syncPeriod: 30s

  • kind: KubeProxyConfiguration

  • mode: iptables

  • portRange: ''

  • tls:

  • kubernetes: "((tls-kubernetes))"

  • release: kubo

    • consumes:

  • cloud-provider:

  • from: master-cloud-provider

  • name: kube-apiserver

  • properties:

  • admin-password: "((kubo-admin-password))"

  • admin-username: admin

  • audit-policy:

  • apiVersion: audit.k8s.io/v1beta1

  • kind: Policy

  • rules:

    • level: None

  • resources:

    • group: ''

  • resources:

    • endpoints

    • services

    • services/status

  • users:

    • system:kube-proxy

  • verbs:

    • watch

    • level: None

  • resources:

    • group: ''

  • resources:

    • nodes

    • nodes/status

  • users:

    • kubelet

  • verbs:

    • get

    • level: None

  • resources:

    • group: ''

  • resources:

    • nodes

    • nodes/status

  • userGroups:

    • system:nodes

  • verbs:

    • get

    • level: None

  • namespaces:

    • kube-system

  • resources:

    • group: ''

  • resources:

    • endpoints

  • users:

    • system:kube-controller-manager

    • system:kube-scheduler

    • system:serviceaccount:kube-system:endpoint-controller

  • verbs:

    • get

    • update

    • level: None

  • resources:

    • group: ''

  • resources:

    • namespaces

    • namespaces/status

    • namespaces/finalize

  • users:

    • system:apiserver

  • verbs:

    • get

    • level: None

  • resources:

    • group: metrics.k8s.io

  • users:

    • system:kube-controller-manager

  • verbs:

    • get

    • list

    • level: None

  • nonResourceURLs:

    • "/healthz*"

    • "/version"

    • "/swagger*"

    • level: None

  • resources:

    • group: ''

  • resources:

    • events

    • level: Request

  • omitStages:

    • RequestReceived

  • resources:

    • group: ''

  • resources:

    • nodes/status

    • pods/status

  • userGroups:

    • system:nodes

  • verbs:

    • update

    • patch

    • level: Request

  • omitStages:

    • RequestReceived

  • users:

    • system:serviceaccount:kube-system:namespace-controller

  • verbs:

    • deletecollection

    • level: Metadata

  • omitStages:

    • RequestReceived

  • resources:

    • group: ''

  • resources:

    • secrets

    • configmaps

    • group: authentication.k8s.io

  • resources:

    • tokenreviews

    • level: Request

  • omitStages:

    • RequestReceived

  • resources:

    • group: ''

    • group: admissionregistration.k8s.io

    • group: apiextensions.k8s.io

    • group: apiregistration.k8s.io

    • group: apps

    • group: authentication.k8s.io

    • group: authorization.k8s.io

    • group: autoscaling

    • group: batch

    • group: certificates.k8s.io

    • group: extensions

    • group: metrics.k8s.io

    • group: networking.k8s.io

    • group: policy

    • group: rbac.authorization.k8s.io

    • group: settings.k8s.io

    • group: storage.k8s.io

  • verbs:

    • get

    • list

    • watch

    • level: RequestResponse

  • omitStages:

    • RequestReceived

  • resources:

    • group: ''

    • group: admissionregistration.k8s.io

    • group: apiextensions.k8s.io

    • group: apiregistration.k8s.io

    • group: apps

    • group: authentication.k8s.io

    • group: authorization.k8s.io

    • group: autoscaling

    • group: batch

    • group: certificates.k8s.io

    • group: extensions

    • group: metrics.k8s.io

    • group: networking.k8s.io

    • group: policy

    • group: rbac.authorization.k8s.io

    • group: settings.k8s.io

    • group: storage.k8s.io

    • level: Metadata

  • omitStages:

    • RequestReceived

  • k8s-args:

  • audit-log-maxage: 0

  • audit-log-maxbackup: 7

  • audit-log-maxsize: 49

  • audit-log-path: "/var/vcap/sys/log/kube-apiserver/audit.log"

  • audit-policy-file: "/var/vcap/jobs/kube-apiserver/config/audit_policy.yml"

  • authorization-mode: RBAC

  • client-ca-file: "/var/vcap/jobs/kube-apiserver/config/kubernetes-ca.pem"

  • disable-admission-plugins: []

  • enable-admission-plugins: []

  • enable-aggregator-routing: true

  • enable-bootstrap-token-auth: true

  • enable-swagger-ui: true

  • etcd-cafile: "/var/vcap/jobs/kube-apiserver/config/etcd-ca.crt"

  • etcd-certfile: "/var/vcap/jobs/kube-apiserver/config/etcd-client.crt"

  • etcd-keyfile: "/var/vcap/jobs/kube-apiserver/config/etcd-client.key"

  • kubelet-client-certificate: "/var/vcap/jobs/kube-apiserver/config/kubelet-client-cert.pem"

  • kubelet-client-key: "/var/vcap/jobs/kube-apiserver/config/kubelet-client-key.pem"

  • proxy-client-cert-file: "/var/vcap/jobs/kube-apiserver/config/kubernetes.pem"

  • proxy-client-key-file: "/var/vcap/jobs/kube-apiserver/config/kubernetes-key.pem"

  • requestheader-allowed-names: aggregator

  • requestheader-client-ca-file: "/var/vcap/jobs/kube-apiserver/config/kubernetes-ca.pem"

  • requestheader-extra-headers-prefix: X-Remote-Extra-

  • requestheader-group-headers: X-Remote-Group

  • requestheader-username-headers: X-Remote-User

  • runtime-config: api/v1

  • secure-port: 8443

  • service-account-key-file: "/var/vcap/jobs/kube-apiserver/config/service-account-public-key.pem"

  • service-cluster-ip-range: 10.100.200.0/24

  • storage-media-type: application/json

  • tls-cert-file: "/var/vcap/jobs/kube-apiserver/config/kubernetes.pem"

  • tls-private-key-file: "/var/vcap/jobs/kube-apiserver/config/kubernetes-key.pem"

  • token-auth-file: "/var/vcap/jobs/kube-apiserver/config/tokens.csv"

  • v: 2

  • kube-controller-manager-password: "((kube-controller-manager-password))"

  • kube-proxy-password: "((kube-proxy-password))"

  • kube-scheduler-password: "((kube-scheduler-password))"

  • kubelet-drain-password: "((kubelet-drain-password))"

  • kubelet-password: "((kubelet-password))"

  • service-account-public-key: "((service-account-key.public_key))"

  • tls:

  • kubelet-client: "((tls-kubelet-client))"

  • kubernetes:

  • ca: "((tls-kubernetes.ca))"

  • certificate: "((tls-kubernetes.certificate))((tls-kubernetes.ca))"

  • private_key: "((tls-kubernetes.private_key))"

  • release: kubo

    • consumes:

  • cloud-provider:

  • from: master-cloud-provider

  • name: kube-controller-manager

  • properties:

  • api-token: "((kube-controller-manager-password))"

  • cluster-signing: "((kubo_ca))"

  • k8s-args:

  • cluster-signing-cert-file: "/var/vcap/jobs/kube-controller-manager/config/cluster-signing-ca.pem"

  • cluster-signing-key-file: "/var/vcap/jobs/kube-controller-manager/config/cluster-signing-key.pem"

  • kubeconfig: "/var/vcap/jobs/kube-controller-manager/config/kubeconfig"

  • root-ca-file: "/var/vcap/jobs/kube-controller-manager/config/ca.pem"

  • service-account-private-key-file: "/var/vcap/jobs/kube-controller-manager/config/service-account-private-key.pem"

  • terminated-pod-gc-threshold: 100

  • tls-cert-file: "/var/vcap/jobs/kube-controller-manager/config/kube-controller-manager-cert.pem"

  • tls-private-key-file: "/var/vcap/jobs/kube-controller-manager/config/kube-controller-manager-private-key.pem"

  • use-service-account-credentials: true

  • v: 2

  • service-account-private-key: "((service-account-key.private_key))"

  • tls:

  • kube-controller-manager: "((tls-kube-controller-manager))"

  • kubernetes: "((tls-kubernetes))"

  • release: kubo

    • name: kube-scheduler

  • properties:

  • api-token: "((kube-scheduler-password))"

  • kube-scheduler-configuration:

  • apiVersion: kubescheduler.config.k8s.io/v1alpha1

  • clientConnection:

  • kubeconfig: "/var/vcap/jobs/kube-scheduler/config/kubeconfig"

  • disablePreemption: false

  • kind: KubeSchedulerConfiguration

  • tls:

  • kubernetes: "((tls-kubernetes))"

  • release: kubo

    • consumes:

  • cloud-provider:

  • from: master-cloud-provider

  • name: kubernetes-roles

  • properties:

  • admin-password: "((kubo-admin-password))"

  • admin-username: admin

  • tls:

  • kubernetes: "((tls-kubernetes))"

  • release: kubo

    • name: etcd

  • properties:

  • etcd:

  • dns_suffix: etcd.cfcr.internal

  • tls:

  • etcd:

  • ca: "((etcd_ca.certificate))"

  • certificate: "((tls-etcd-v0-29-0.certificate))"

  • private_key: "((tls-etcd-v0-29-0.private_key))"

  • etcdctl:

  • ca: "((tls-etcdctl-v0-29-0.ca))"

  • certificate: "((tls-etcdctl-v0-29-0.certificate))"

  • private_key: "((tls-etcdctl-v0-29-0.private_key))"

  • etcdctl-root:

  • ca: "((tls-etcdctl-v0-29-0.ca))"

  • certificate: "((tls-etcdctl-root.certificate))"

  • private_key: "((tls-etcdctl-root.private_key))"

  • peer:

  • ca: "((tls-etcd-v0-29-0.ca))"

  • certificate: "((tls-etcd-v0-29-0.certificate))"

  • private_key: "((tls-etcd-v0-29-0.private_key))"

  • users:

    • name: root

  • password: "((etcd_user_root_password))"

  • versions:

    • v2

    • name: flanneld

  • password: "((etcd_user_flanneld_password))"

  • permissions:

  • read:

    • "/coreos.com/network/*"

  • write:

    • "/coreos.com/network/*"

  • versions:

    • v2

  • release: cfcr-etcd

    • name: prometheus

  • release: kubo

    • name: smoke-tests

  • release: kubo

    • name: cloud-provider

  • properties:

  • cloud-config:

  • Global:

  • domain-name: default

  • password: crossent1234

  • region: RegionOne

  • tenant-id: d6afa09b629d484db8520d2a33d7a432

  • username: paasta

  • cloud-provider:

  • type: openstack

  • provides:

  • cloud-provider:

  • as: master-cloud-provider

  • release: kubo

  • name: master

  • networks:

    • default:

    • dns

    • gateway

  • name: default

    • name: vip

  • static_ips: xxx.xxx.xxx.xxx

  • persistent_disk: 51200

  • stemcell: xenial

  • vm_type: small

    • azs:

    • z5

    • z6

    • z7

  • instances: 3

  • jobs:

    • name: flanneld

  • properties:

  • tls:

  • etcdctl:

  • ca: "((tls-etcdctl-flanneld.ca))"

  • certificate: "((tls-etcdctl-flanneld.certificate))"

  • private_key: "((tls-etcdctl-flanneld.private_key))"

  • release: kubo

    • name: docker

  • properties:

  • bridge: cni0

  • default_ulimits:

    • nofile=1048576

  • env: {}

  • flannel: true

  • ip_masq: false

  • iptables: false

  • live_restore: true

  • log_level: error

  • log_options:

    • max-size=128m

    • max-file=2

  • storage_driver: overlay2

  • release: docker

    • name: docker-repository-setting

  • properties:

  • caas_master_public_url: xxx.xxx.xxx.xxx

  • release: paasta-container-service-projects-release

    • name: kubernetes-dependencies

  • release: kubo

    • consumes:

  • cloud-provider:

  • from: worker-cloud-provider

  • name: kubelet

  • properties:

  • api-token: "((kubelet-password))"

  • cloud-provider: openstack

  • drain-api-token: "((kubelet-drain-password))"

  • k8s-args:

  • cni-bin-dir: "/var/vcap/jobs/kubelet/packages/cni/bin"

  • container-runtime: docker

  • docker: unix:///var/vcap/sys/run/docker/docker.sock

  • docker-endpoint: unix:///var/vcap/sys/run/docker/docker.sock

  • kubeconfig: "/var/vcap/jobs/kubelet/config/kubeconfig"

  • network-plugin: cni

  • root-dir: "/var/vcap/data/kubelet"

  • kubelet-configuration:

  • apiVersion: kubelet.config.k8s.io/v1beta1

  • authentication:

  • anonymous:

  • enabled: true

  • x509:

  • clientCAFile: "/var/vcap/jobs/kubelet/config/kubelet-client-ca.pem"

  • authorization:

  • mode: Webhook

  • clusterDNS:

    • 169.254.0.2

  • clusterDomain: cluster.local

  • failSwapOn: false

  • kind: KubeletConfiguration

  • serializeImagePulls: false

  • tlsCertFile: "/var/vcap/jobs/kubelet/config/kubelet.pem"

  • tlsPrivateKeyFile: "/var/vcap/jobs/kubelet/config/kubelet-key.pem"

  • tls:

  • kubelet:

  • ca: "((tls-kubelet.ca))"

  • certificate: "((tls-kubelet.certificate))((tls-kubelet.ca))"

  • private_key: "((tls-kubelet.private_key))"

  • kubelet-client-ca:

  • certificate: "((tls-kubelet-client.ca))"

  • kubernetes: "((tls-kubernetes))"

  • release: kubo

    • name: kube-proxy

  • properties:

  • api-token: "((kube-proxy-password))"

  • cloud-provider: openstack

  • kube-proxy-configuration:

  • apiVersion: kubeproxy.config.k8s.io/v1alpha1

  • clientConnection:

  • kubeconfig: "/var/vcap/jobs/kube-proxy/config/kubeconfig"

  • clusterCIDR: 10.200.0.0/16

  • iptables:

  • masqueradeAll: false

  • masqueradeBit: 14

  • minSyncPeriod: 0s

  • syncPeriod: 30s

  • kind: KubeProxyConfiguration

  • mode: iptables

  • portRange: ''

  • tls:

  • kubernetes: "((tls-kubernetes))"

  • release: kubo

    • name: cloud-provider

  • properties:

  • cloud-config:

  • Global:

  • domain-name: default

  • password: crossent1234

  • region: RegionOne

  • tenant-id: d6afa09b629d484db8520d2a33d7a432

  • username: paasta

  • cloud-provider:

  • type: openstack

  • provides:

  • cloud-provider:

  • as: worker-cloud-provider

  • release: kubo

  • name: worker

  • networks:

    • name: default

  • persistent_disk_type: 100GB

  • stemcell: xenial

  • vm_type: small-highmem-16GB

    • azs:

    • z7

  • instances: 1

  • jobs:

    • name: haproxy

  • properties:

  • http_port: 8080

  • public_ip: xxx.xxx.xxx.xxx

  • release: paasta-container-service-projects-release

  • name: haproxy

  • networks:

    • name: vip

  • static_ips: xxx.xxx.xxx.xxx

    • default:

    • dns

    • gateway

  • name: default

  • stemcell: xenial

  • update:

  • max_in_flight: 1

  • serial: true

  • vm_type: small

    • azs:

    • z5

  • instances: 1

  • jobs:

    • name: mariadb

  • properties:

  • admin_user:

  • id: root

  • password: Paasta@2019

  • port: '3306'

  • role_set:

  • administrator_code: RS0001

  • administrator_code_name: Administrator

  • init_user_code: RS0003

  • init_user_code_name: Init User

  • regular_user_code: RS0002

  • regular_user_code_name: Regular User

  • release: paasta-container-service-projects-release

  • name: mariadb

  • networks:

    • name: default

  • persistent_disk_type: 10GB

  • stemcell: xenial

  • update:

  • max_in_flight: 1

  • serial: true

  • vm_type: small

    • azs:

    • z6

  • instances: 1

  • jobs:

    • name: container-service-dashboard

  • properties:

  • cf:

  • api:

  • uaa:

  • oauth:

  • authorization:

  • client:

  • id: caasclient

  • secret: clientsecret

  • info:

  • logout:

  • token:

  • access:

  • check:

  • java_opts: "-XX:MaxMetaspaceSize=104857K -Xss349K -Xms681574K -XX:MetaspaceSize=104857K

  • -Xmx681574K"

  • logging:

  • file: logs/application.log

  • level:

  • ROOT: INFO

  • path: classpath:logback-spring.xml

  • management:

  • security:

  • enabled: false

  • private:

  • registry:

  • url: xxx.xxx.xxx.xxx

  • server:

  • port: 8091

  • spring:

  • freemarker:

  • template-loader-path: classpath:/templates/

  • release: paasta-container-service-projects-release

  • name: container-service-dashboard

  • networks:

    • name: default

  • stemcell: xenial

  • update:

  • max_in_flight: 1

  • serial: true

  • vm_type: small

    • azs:

    • z7

  • instances: 1

  • jobs:

    • name: container-service-api

  • properties:

  • authorization:

  • id: admin

  • password: PaaS-TA

  • java_opts: "-XX:MaxMetaspaceSize=104857K -Xss349K -Xms681574K -XX:MetaspaceSize=104857K

  • -Xmx681574K"

  • logging:

  • file: logs/application.log

  • level:

  • ROOT: INFO

  • path: classpath:logback-spring.xml

  • management:

  • security:

  • enabled: false

  • server:

  • port: 3333

  • release: paasta-container-service-projects-release

  • name: container-service-api

  • networks:

    • name: default

  • stemcell: xenial

  • update:

  • max_in_flight: 1

  • serial: true

  • vm_type: small

    • azs:

    • z5

  • instances: 1

  • jobs:

    • name: container-service-common-api

  • properties:

  • authorization:

  • id: admin

  • password: PaaS-TA

  • java_opts: "-XX:MaxMetaspaceSize=104857K -Xss349K -Xms681574K -XX:MetaspaceSize=104857K

  • -Xmx681574K"

  • logging:

  • file: logs/application.log

  • level:

  • ROOT: INFO

  • path: classpath:logback-spring.xml

  • server:

  • port: 3334

  • spring:

  • datasource:

  • driver_class_name: com.mysql.cj.jdbc.Driver

  • password: Paasta@2019

  • username: root

  • validationQuery: SELECT 1

  • jpa:

  • database: mysql

  • generate-ddl: false

  • hibernate:

  • ddl-auto: none

  • naming:

  • strategy: org.hibernate.cfg.EJB3NamingStrategy

  • properties:

  • hibernate:

  • dialect: org.hibernate.dialect.MySQLInnoDBDialect

  • format_sql: true

  • show_sql: true

  • use_sql_comments: true

  • release: paasta-container-service-projects-release

  • name: container-service-common-api

  • networks:

    • name: default

  • stemcell: xenial

  • update:

  • max_in_flight: 1

  • serial: true

  • vm_type: small

    • azs:

    • z6

  • instances: 1

  • jobs: