├── Containerfile.knictl ├── README.md ├── addons-aws.txt ├── base ├── 00_install-config │ ├── .gitkeep │ ├── install-config.yaml │ └── kustomization.yaml ├── 01_cluster-mods │ ├── kustomization.yaml │ ├── manifests │ │ └── .gitkeep │ └── openshift │ │ └── .gitkeep ├── 02_cluster-addons │ ├── .gitkeep │ ├── 00_acm-registration │ │ ├── 00_klusterlet-crd.yaml │ │ ├── 01_namespace.yaml │ │ ├── 02_service-account.yaml │ │ ├── 03_klusterlet-role.yaml │ │ ├── 04_cluster-role.yaml │ │ ├── 05_role-bindings.yaml │ │ ├── 06_hub-config.yaml │ │ ├── 07-deployment.yaml │ │ └── 08-klusterlet.yaml │ ├── 01_subscriptions_operator │ │ ├── 01_namespace.yaml │ │ └── 04_pull-secret.yaml │ ├── kustomization.yaml │ └── site-config.yaml └── 03_services │ ├── .gitkeep │ └── kustomization.yaml ├── profiles ├── README.md ├── production.aws │ ├── 00_install-config │ │ ├── .gitkeep │ │ ├── install-config.patch.yaml │ │ └── kustomization.yaml │ ├── 01_cluster-mods │ │ ├── kustomization.yaml │ │ ├── manifests │ │ │ └── .gitkeep │ │ └── openshift │ │ │ └── .gitkeep │ ├── 02_cluster-addons │ │ ├── .gitkeep │ │ └── kustomization.yaml │ ├── 03_services │ │ ├── .gitkeep │ │ └── kustomization.yaml │ └── requirements.yaml ├── production.baremetal │ ├── 00_install-config │ │ ├── .gitkeep │ │ ├── install-config.patch.yaml │ │ └── kustomization.yaml │ ├── 01_cluster-mods │ │ ├── kustomization.yaml │ │ ├── manifests │ │ │ └── .gitkeep │ │ └── openshift │ │ │ ├── .gitkeep │ │ │ ├── 10-master-nm-disable-auto-config.yaml │ │ │ ├── 10-worker-nm-disable-auto-config.yaml │ │ │ └── 99_metal3-config.yaml │ ├── 02_cluster-addons │ │ ├── .gitkeep │ │ └── kustomization.yaml │ ├── 03_services │ │ ├── .gitkeep │ │ └── kustomization.yaml │ └── requirements.yaml └── production.gcp │ ├── 00_install-config │ ├── .gitkeep │ ├── install-config.patch.yaml │ └── kustomization.yaml │ ├── 01_cluster-mods │ ├── kustomization.yaml │ ├── manifests │ │ └── .gitkeep │ └── openshift │ │ └── .gitkeep │ ├── 02_cluster-addons │ ├── .gitkeep │ └── kustomization.yaml │ ├── 03_services │ ├── .gitkeep │ └── kustomization.yaml │ └── requirements.yaml └── sites ├── mvp.edge.industrial ├── 00_install-config │ ├── credentials.yaml │ ├── install-config.name.patch.yaml │ ├── install-config.patch.yaml │ ├── kustomization.yaml │ └── site-config.yaml ├── 01_cluster-mods │ ├── .gitkeep │ ├── kustomization.yaml │ ├── manifests │ │ └── .gitkeep │ └── openshift │ │ ├── .gitkeep │ │ ├── 99-ifcfg-eno2-master.yaml │ │ └── 99-ifcfg-ens786f1-master.yaml ├── 02_cluster-addons │ ├── .gitkeep │ ├── 00_acm-registration │ │ └── acm-name-config.patch.yaml │ └── kustomization.yaml ├── 03_services │ ├── .gitkeep │ ├── kustomization.yaml │ └── manuela-edge │ │ ├── channel-sensors.yaml │ │ ├── namespace.yaml │ │ └── subscription-sensors.yaml └── README.md ├── staging-edge.devcluster.openshift.com ├── 00_install-config │ ├── install-config.name.patch.yaml │ ├── install-config.patch.yaml │ ├── kustomization.yaml │ └── site-config.yaml ├── 01_cluster-mods │ ├── .gitkeep │ ├── kustomization.yaml │ ├── manifests │ │ └── .gitkeep │ └── openshift │ │ └── .gitkeep ├── 02_cluster-addons │ ├── .gitkeep │ ├── 00_acm-registration │ │ └── acm-name-config.patch.yaml │ └── kustomization.yaml ├── 03_services │ ├── .gitkeep │ ├── argocd-gitops-factory │ │ ├── argocd-staging-aws-factorydatacenter.yaml │ │ └── argocd-staging-aws-linedataserver.yaml │ └── kustomization.yaml └── README.md └── staging-edge.gcp.devcluster.openshift.com ├── 00_install-config ├── install-config.name.patch.yaml ├── install-config.patch.yaml ├── kustomization.yaml └── site-config.yaml ├── 01_cluster-mods ├── .gitkeep ├── kustomization.yaml ├── manifests │ └── .gitkeep └── openshift │ └── .gitkeep ├── 02_cluster-addons ├── .gitkeep ├── 00_acm-registration │ └── acm-name-config.patch.yaml └── kustomization.yaml ├── 03_services ├── .gitkeep ├── argocd-gitops-factory │ ├── argocd-staging-gcp-factorydatacenter.yaml │ └── argocd-staging-gcp-linedataserver.yaml └── kustomization.yaml └── README.md /Containerfile.knictl: -------------------------------------------------------------------------------- 1 | FROM registry.redhat.io/ubi8/go-toolset:1.13.4 2 | 3 | ENV GOPATH="/opt/app-root" 4 | ENV INSTALLER_FOLDER="$GOPATH/src/gerrit.akraino.org/kni/installer" 5 | RUN mkdir -p "$INSTALLER_FOLDER" 6 | RUN git clone "https://gerrit.akraino.org/r/kni/installer" "$INSTALLER_FOLDER/" 7 | 8 | WORKDIR "$INSTALLER_FOLDER" 9 | RUN make build 10 | 11 | FROM registry.redhat.io/ubi8/ubi-minimal:8.2 12 | RUN microdnf install git 13 | COPY --from=0 /opt/app-root/src/gerrit.akraino.org/kni/installer/knictl /usr/bin/knictl 14 | ENV PLUGIN_FOLDER="/usr/bin/plugins/kustomize/plugin/kni.akraino.org/v1alpha1/siteconfig" 15 | RUN mkdir -p "$PLUGIN_FOLDER" 16 | COPY --from=0 /opt/app-root/src/gerrit.akraino.org/kni/installer/plugins/kustomize/plugin/kni.akraino.org/v1alpha1/siteconfig/SiteConfig "$PLUGIN_FOLDER/" 17 | 18 | ENTRYPOINT ["/usr/bin/knictl"] -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Basic blueprint for Industrial Edge 2 | 3 | This repository contains a set of blueprints that properly fit Edge Computing for Industrial use cases. Blueprints are recipes for declaratively configuring clusters, their infrastructure, and their workloads for the needs of a specific use case. They are also “cookie-cutters” allowing EC operations to scale to thousands of sites. 4 | 5 | It is very important to highlight that this is _just_ one implementation of the *blueprint* concept and it is based on the [Akraino KNI project](https://wiki.akraino.org/display/AK/Kubernetes-Native+Infrastructure+%28KNI%29+Blueprint+Family). This repository describes a blueprint as a set of four different directories: 6 | 7 | - 00_install-config 8 | - 01_cluster-mods 9 | - 02_cluster-addons 10 | - 03_services 11 | 12 | ### 00_install-config 13 | 14 | This folder will contain the basic settings for the site, including the base blueprint/profile, and the site name/domain. The following files are needed: 15 | 16 | + **kustomization.yaml**: key file, where it will contain a link to the used blueprint/profile, and a reference to the used patches to customize the site bases: 17 | 18 | ```yaml 19 | bases: 20 | - git::https://github.com/redhat-edge-computing/blueprint-industrial-edge.git//profiles/production.baremetal/00_install-config 21 | 22 | patches: 23 | - install-config.patch.yaml 24 | 25 | patchesJson6902: 26 | - target: 27 | version: v1 28 | kind: InstallConfig 29 | name: cluster 30 | path: install-config.name.patch.yaml 31 | 32 | transformers: 33 | - site-config.yaml 34 | ``` 35 | 36 | The entry in bases needs to reference the blueprint being used (in this case blueprint-pae), and the profile install-config file (in this case `profiles/production.aws/00_install-config`). The other entries need to be just written literally. 37 | 38 | + **install-config.patch.yaml**: is a patch to modify the domain from the base blueprint. You need to customize with the domain you want to give to your site. 39 | + **install-config.name.patch.yaml**: is a patch to modify the site name from the base blueprint. You need to customize with the name you want to give to your site. 40 | + **site-config.yaml**: site configuration file, you can add entries in config to override behaviour of knictl (currently just releaseImageOverride is supported) 41 | 42 | ### 01_cluster_mods 43 | 44 | This is the directory that will contain all the customizations for the basic cluster deployment. You could create patches for modifying number of masters/workers, network settings... everything that needs to be modified on cluster deployment time. It needs to have a basic kustomization.yaml file, that will reference the same level file for the blueprint. This should reflect in a set of manifests located in the same folders that the `openshift-install` binary defines when creates the final manifests. 45 | 46 | ### 02_cluster_addons and 03_services 47 | 48 | Follow same structure as `01_cluster_mods`, but in this case is for adding additional workloads after cluster deployment. They also need to have a `kustomization.yaml` file that references the file of the same level for the blueprint, and can include additional resources and patches. To give a hint of the difference between these two folders, cluster addons could be operators as part of the infra (SRIOV network operator, etc), while services are more application workloads. 49 | 50 | As a summary, `00_install-config` and `01_cluster-mods` represent features at deployment time (Day 1) while `02_cluster-addons` and `03_services` are features and applications to deploy once the cluster is up and running (Day 2). 51 | 52 | This very same structure will be maintained in all of our blueprint types. There are three types of blueprints: 53 | 54 | + **Base:** the base blueprint contains all the common features your set of OpenShift clusters will require. 55 | + **Profile:** the profile blueprints will specify configuration related to the footprint where the cluster is going to be deployed on. This repo contains profiles for AWS, GCP and bare metal. 56 | + **Site:** a site is the definition of just one OpenShift cluster. A site inherits the characteristics of a profile and the base blueprints. 57 | 58 | This repository contains a base blueprint, various profiles and two sites: one as a core cluster running on GCP and one edge baremetal cluster. 59 | 60 | ## knictl 61 | 62 | As part of the Akraino KNI project, a helper tool was developed in order to be able to render these blueprints into something the `openshift-install` binary can accept as input. It is based in [`kustomize`](https://kustomize.io/), a well adopted tool part of the Kubernetes ecosystem. The user can leverage all the potential of `kustomize` in order to create overlays, generate new objects and make very complex blueprints. `knictl` will use the requirements.yaml file located in the profile blueprint to download required binaries, and then render the manifests. 63 | 64 | `knictl` tool is not available as a binary, so the user will have to compile it following the next easy steps. The user can either compile locally in its laptop, 65 | or build a container image to use with podman or docker. 66 | 67 | ### Compile knictl 68 | 69 | We assume that the Golang runtime is already installed in your own machine (Linux): 70 | 71 | ```bash 72 | cd $GOPATH/src 73 | mkdir -p gerrit.akraino.org/kni/ 74 | cd gerrit.akraino.org/kni/ 75 | git clone "https://gerrit.akraino.org/r/kni/installer" 76 | cd installer 77 | make build 78 | ``` 79 | 80 | You will see the binary `knictl` on that very same folder. It is mandatory to keep `knictl` within that path for the moment since we are using ad-hoc `kustomize` plugins made for this project. As recommendation, yo can create an alias to point to the binary. 81 | 82 | Create a `$HOME/.kni` folder and copy the following files: 83 | 84 | + **id_rsa.pub** → needs to contain the public key that you want to use to access your nodes 85 | + **pull-secret.json** → needs to contain the pull secret previously copied 86 | 87 | ### Build knictl container 88 | 89 | To build the container image, execute the following command inside this repo. 90 | 91 | ```bash 92 | cd blueprint-industrial-edge/ 93 | podman build -t localhost/knictl:latest -f Containerfile.knictl 94 | ``` 95 | 96 | To easily use knictl container, the user can use this sample alias. 97 | For an easier troubleshooting, create the folder `~/.kni/tmp/`. We will mount it `/tmp/` inside the container as knictl will write the kustomized renedered manifests there. 98 | 99 | ```bash 100 | mkdir ~/.kni/tmp/ 101 | ``` 102 | 103 | Note this is prepared to mount the AWS credentials folder `~/.aws`. In case you are using any other provider, modify this alias accordingly. 104 | 105 | ```bash 106 | alias knictl='podman run -i --rm -v ~/.kni:/root/.kni:Z -v ~/.aws:/root/.aws:ro,z -v ~/.kni/tmp:/tmp:Z localhost/knictl:latest' 107 | ``` 108 | 109 | Finally, create a `$HOME/.kni` folder and copy the following files: 110 | 111 | + **id_rsa.pub** → needs to contain the public key that you want to use to access your nodes 112 | + **pull-secret.json** → needs to contain the pull secret previously copied 113 | 114 | 115 | 116 | You can find the steps to deploy the following defined sites here: 117 | 118 | - [Staging Openshift cluster running on GCP](sites/staging-edge.gcp.devcluster.openshift.com/README.md) 119 | - [Staging Openshift cluster running on AWS](sites/staging-edge.devcluster.openshift.com/README.md) 120 | - [Edge Openshift baremetal cluster](sites/mvp.edge.industrial/README.md) 121 | -------------------------------------------------------------------------------- /addons-aws.txt: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | creationTimestamp: null 5 | name: endpoints.multicloud.ibm.com 6 | spec: 7 | group: multicloud.ibm.com 8 | names: 9 | kind: Endpoint 10 | listKind: EndpointList 11 | plural: endpoints 12 | singular: endpoint 13 | scope: Namespaced 14 | subresources: 15 | status: {} 16 | validation: 17 | openAPIV3Schema: 18 | properties: 19 | apiVersion: 20 | description: 'APIVersion defines the versioned schema of this representation 21 | of an object. Servers should convert recognized schemas to the latest 22 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' 23 | type: string 24 | kind: 25 | description: 'Kind is a string value representing the REST resource this 26 | object represents. Servers may infer this from the endpoint the client 27 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 28 | type: string 29 | metadata: 30 | type: object 31 | spec: 32 | type: object 33 | status: 34 | type: object 35 | version: v1beta1 36 | versions: 37 | - name: v1beta1 38 | served: true 39 | storage: true 40 | --- 41 | apiVersion: v1 42 | kind: Namespace 43 | metadata: 44 | creationTimestamp: null 45 | name: multicluster-endpoint 46 | spec: {} 47 | status: {} 48 | --- 49 | apiVersion: v1 50 | kind: ServiceAccount 51 | metadata: 52 | creationTimestamp: null 53 | name: endpoint-operator 54 | namespace: multicluster-endpoint 55 | --- 56 | apiVersion: rbac.authorization.k8s.io/v1 57 | kind: ClusterRoleBinding 58 | metadata: 59 | creationTimestamp: null 60 | name: endpoint-operator 61 | roleRef: 62 | apiGroup: rbac.authorization.k8s.io 63 | kind: ClusterRole 64 | name: cluster-admin 65 | subjects: 66 | - kind: ServiceAccount 67 | name: endpoint-operator 68 | namespace: multicluster-endpoint 69 | --- 70 | apiVersion: v1 71 | data: 72 | .dockerconfigjson: | 73 | ewogICJhdXRocyI6IHsKICAgICJxdWF5LmlvIjogewogICAgICAiYXV0aCI6ICJiMmRzYjJzNlFUVXJhVFJQVFhoMVlVNXdVbGRLYVRoQ05UUlFRVlV3Y2poc2MwMUlhVVJ4WkRSNmMyOUxZUzl5VVZoVmNUWmxWRTgyWlhSNEswWXJTVkYzWTFOUlRnPT0iLAogICAgICAiZW1haWwiOiAiIgogICAgfQogIH0KfQ== 74 | kind: Secret 75 | metadata: 76 | creationTimestamp: null 77 | name: multiclusterhub-operator-pull-secret 78 | namespace: multicluster-endpoint 79 | type: kubernetes.io/dockerconfigjson 80 | --- 81 | apiVersion: v1 82 | data: 83 | kubeconfig: | 84 | YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIGNlcnRpZmljYXRlLWF1dGhvcml0eS1kYXRhOiBMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VNM1ZFTkRRV1JYWjBGM1NVSkJaMGxDUVZSQlRrSm5hM0ZvYTJsSE9YY3dRa0ZSYzBaQlJFRnRUVk5SZDBsbldVUldVVkZFUkVKMGNHSnRaSGtLV2xoT2VreFhPWGRhV0Vwb1pFYzVlVkZFUlRGUFJHTXdUbXBaZWs1cVVYZElhR05PVFdwQmQwNUVTWGhOVkVFeFRXcFJNVmRvWTA1TmFrbDNUa1JKZUFwTlZFRXhUV3BSTWxkcVFXMU5VMUYzU1dkWlJGWlJVVVJFUW5Sd1ltMWtlVnBZVG5wTVZ6bDNXbGhLYUdSSE9YbFJSRVV4VDBSak1FNXFXWHBPYWxGM0NtZG5SV2xOUVRCSFExTnhSMU5KWWpORVVVVkNRVkZWUVVFMFNVSkVkMEYzWjJkRlMwRnZTVUpCVVVNMk9VTkxNV3BpVVhvdlVGZEhaSFZrV2pGeWQzVUtjRFE1VlhWelVua3dTVW95YkV3M2VtZ3dUSGd2UVcwemJUUXhSVWw2YVdKb01XMW5NVkpGUkhCU2FGSktibFoyWW5CeloxZ3lZaXRJVkU1V2RYQmpVQXB3Y1RaeGRtcEhaVXhaU2tGdFVGVTVNbmRIZFd0bGVYSjJiR0Z5Uml0cWJHZHRRWEIwYXpWMVFqaEdOMnAyV0hkdmVXcEJORlpPWTIwNU0xTlpUMXB4Q2pOR1NWSkNOV0pqZVZCQ09YQnpTek5OU3poNlJWcEZhRVE0ZW1waE9FNDROVEE0Y2pSSFZXcEtUazF1VVZWM2NrSlRabEZWUTNGM1owazRMM0JYVFRZS1VIcHdRemx5UWs5UlZsWnJRelU1Ulc1SGExQmhZamhWWTNGWVQxTkpXWGRyUTNWRU5USlZkQzlYZWpaRlVVeFBOMDVNWWpab01YTlNTRXB2VFhFNVN3cFhXVmQyYUdkWWJVczJaV0kzYUU5elNXcENPWFYzYjB4akwyaFRialJhU0ZCYWFXZE1Sa0ZFY21GTGMyOXFZVEpuTlV0V2NGQmxlVk1yTnpaVVZreEVDa0ZuVFVKQlFVZHFTbXBCYTAxQk5FZEJNVlZrUkhkRlFpOTNVVVZCZDBsRGNFUkJVMEpuVGxaSVVrMUNRV1k0UlVORVFVZEJVVWd2UVdkRlFVMUJNRWNLUTFOeFIxTkpZak5FVVVWQ1EzZFZRVUUwU1VKQlVVRnlTa1ZsVWk5Q2FETlRNV1ZNVlVVcmVFNXNRVnByUjJOUlF5OUVTbmx4UVZKTFdWZFJjbmc1TmdvMlUxRlZNVU5HTlN0VlZ6VXdjV3QwZFdFck5sTkZNWFZqZERsTFZFRmtOME50UlZkaFQzcHhUMnBPVWtkcFIxaFJVaXNyVWpkclUxWTVZbVF6Tm1wRUNucDZZM1ZZY2pSc2IybFNhR0ZZUTFKc1lUQkJZWHBhU1UxSFNtaE1XSE5HTUZSb2FXRlVUU3RHY0VWNGRETlFhR0p6UlZCdWNHcDJXR1JJUVhaaGREa0taWE5YU1VwTVJHc3pla05HYnpJeFFtazNVbGhEYUcxYVpHTTBlbXBqUzA0MldXNTFOM2hQZVZoc09UbDVVazFqTTNOaFpFUndWRGRQVVRKaWFHWmhZd3B6Wm5Rd2VFZFlUVWMxWjFoSlJWSTNZVmRWYlZrMWFEVmpZVVZ5Tm1aT2NERkpVeTk2Um5wdWVsQldUbWRWWjBrclRWQjZNM0ZSYlVsVlNtY3lhbXRIQ2l0eE1tOUhjeTgzTTA1eGNHUnJkR1JsT0VFeGRGTmpPV2R6VGt0dE1YaFhjVlprY2pWMksyRTRWR3A2Q2kwdExTMHRSVTVFSUVORlVsUkpSa2xEUVZSRkxTMHRMUzBLTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVUlJSRU5EUVdscFowRjNTVUpCWjBsSlEySjNTbmR5TjBkM1N6QjNSRkZaU2t0dldrbG9kbU5PUVZGRlRFSlJRWGRRYWtWVFRVSkJSMEV4VlVVS1EzaE5TbUl6UW14aWJrNXZZVmRhTUUxVFozZEtaMWxFVmxGUlJFVjRPWEprVjBwc1RGZEdkMkZZVG14amJscHNZMmt4YzJJeVRtaGlSMmgyWXpOUmRBcGpNbXh1WW0xV2VVMUNORmhFVkVsM1RVUlJlVTFVUlhkTmVsVjRUVVp2V0VSVVRYZE5SRkY0VDFSRmQwMTZWWGhOUm05M1VHcEZVMDFDUVVkQk1WVkZDa040VFVwaU0wSnNZbTVPYjJGWFdqQk5VMmQzU21kWlJGWlJVVVJGZURseVpGZEtiRXhYUm5kaFdFNXNZMjVhYkdOcE1YTmlNazVvWWtkb2RtTXpVWFFLWXpKc2JtSnRWbmxOU1VsQ1NXcEJUa0puYTNGb2EybEhPWGN3UWtGUlJVWkJRVTlEUVZFNFFVMUpTVUpEWjB0RFFWRkZRVzlUVTBGMU5tOXRkM1ZtWkFvdlZISXpjVlJDU21oTE9USXhRVlZvZG1oVmJFTkNTRTEwUnl0aVRHNDFZMmhhWTFwUmJWTjBPSFpYUzAxV2NIUnpWVXRXTXpoRlpteEhhMGt3VjNaMENrdDFPR1V4YlRSUk5tRTVPRFJhY1RFMGQyUnhObHBtZUdkQ01ITkJhMXBPVUdFNGFURnNUVGh0ZG1Sc1lsaGhZa0kwZVRkVlJYbHJXRzh2SzFoSmFtMEtlbUl2YVZKVlpVTm5hR2xCYTNGMVNXd3hSR3hCTDI1aFNUUkpVa3RyYVdKUFJHNDVNUzkyZDNkVldXWlFMMkl2ZWxOTFJHcHJjMjB2U1ZONlpucEdXUXBMZWtwTVEweHhMM2M0YW5kT1ZtODFWa1ZyVFhSRFRUWXlkVVZaVmlzM1dYQnhPWGh6Y3pSc1JEQlRPRkk1T0VseFFVUXllRzEwTDBsMFExQTBaMUpRQ21oMmRHa3ZURlpTUzFaamJIZFdiR1p5ZFRWbFRUZEhVRzluSzFCQlN6UlZVMHBSYVRNMlltbHlNSGRyYzIxV1RVODNPVU50U2tscFVWbE9UMHBOWjBvS1dqWjVObGRtTkZGaGQwbEVRVkZCUW04d1NYZFJSRUZQUW1kT1ZraFJPRUpCWmpoRlFrRk5RMEZ4VVhkRWQxbEVWbEl3VkVGUlNDOUNRVlYzUVhkRlFnb3Zla0ZrUW1kT1ZraFJORVZHWjFGVmNHdFBiRkJ1TDBvdmNTOUxkVUo0VUhGeVVXNDRNblZTWXpSRmQwUlJXVXBMYjFwSmFIWmpUa0ZSUlV4Q1VVRkVDbWRuUlVKQlIxWXpkVUZaYWl0aFoxaEJhbWRtTUdKQmRrODJXV2RQYzJNMVdGZHplbTR6VTBwTlFqTkRkelJpUTBaaFptSTVkR2hzVm14NGRFcHNiWFlLZFRSSWQzSTJVMUJSVWs5R2VIRmhTSEpDUlROa1kyVkxZM040YVdwWFYzZHBPSFJrUVhwdk0ybFdlVzVUTDBKVFRXd3lhM2wwUTI5U2JVRnZXVll4VXdwbmQzVk1OakE1U2pReEwyaEVWalF6U25aYWJGUllPRm8zVEhsb01tZFZkMVU1VmxnNE9YbFBOWGxMSzNneVNUWlhabk0zV2tKRVlsSmpWR3QyTkRCcENscHlUVWhNZVRkWlJtVkJiVWxLT0VkeWNGbGxaV2h2U25sYUszZzFaVXcwTVZVNFQzZFVVMjlJTVVFMlozbFBPVmRHZW1jeVNVVm9lSEJKVTJZNU9Hc0tkbWxDWVVsR2FUbGhXbmw0UlZKMksxWXZRMHBoTWpFMVYweGtjMHN4UnprNVl6TmtjR1ZGVG1WbGJHazNVamxQWnpsV1ZHZEJRV3BWZVdaemJrZDBMd3BsY1VaUlJtZHljRXRZYTBoVlZVUldRalZFZEVnck5UQlRSbGs5Q2kwdExTMHRSVTVFSUVORlVsUkpSa2xEUVZSRkxTMHRMUzBLTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVUlVSRU5EUVdwVFowRjNTVUpCWjBsSlQxaHRPR3RpZEVKVVRtZDNSRkZaU2t0dldrbG9kbU5PUVZGRlRFSlJRWGRTUkVWVFRVSkJSMEV4VlVVS1EzaE5TbUl6UW14aWJrNXZZVmRhTUUxVE5IZE1RVmxFVmxGUlJFVjVWbkprVjBwc1RGZEdkMkZZVG14amJscHNZMmt4ZWxwWVNqSmhWMDVzVEZjMWJBcGtTR1IyWTIxemRHTXliRzVpYlZaNVRVSTBXRVJVU1hkTlJGRjVUVlJGZDAxNlZYaE5SbTlZUkZSTmQwMUVVWGhQVkVWM1RYcFZlRTFHYjNkU1JFVlRDazFDUVVkQk1WVkZRM2hOU21JelFteGliazV2WVZkYU1FMVROSGRNUVZsRVZsRlJSRVY1Vm5Ka1YwcHNURmRHZDJGWVRteGpibHBzWTJreGVscFlTaklLWVZkT2JFeFhOV3hrU0dSMlkyMXpkR015Ykc1aWJWWjVUVWxKUWtscVFVNUNaMnR4YUd0cFJ6bDNNRUpCVVVWR1FVRlBRMEZST0VGTlNVbENRMmRMUXdwQlVVVkJibTVTV1VWSGVXMTFaRFZ0V1V0eWJGSnZXRmxYYzFOWWNVRlZOMVZXZFhNMmVreE5XWEZYYlhaeEwyRXpaalpMVnpnMlVFUnBlVVZyYmxKNENqYzNTR2h6Y214QlptbHJkMFZITWpCYWJIQnlNemhuYzJVd1UwdzBRVEZXU25kTVRGaDJSMFo2UkROcWVsSktTWFZzUm1Jek1WQkxNbE5CZVZWTWJFSUtlVkU1TlVoYVYwTjJTSFJaT0RodFFqTmtWRXN3ZUU5WFVUaEdiWE42UzA1RlQxRk1PRXBIUVRoWlFYTm5NRGhLUldkbVdXdEljVXd4V1dSNVozaGtlQXBQUTFWck5FZEhjWHAwTVVWT1lXZE5PRTlUVUVablluazBiVTVOY1RWamEweE9UMWhZTkd3MFRtbzVlWHByWTBSVFoxZ3JOalUxVlhaYU5XZDJXbGhaQ2tSbFFXbFJUVWx2UVdrelRFRk5UM05qYVd4VGRFb3JkSE0xV1dWRmFGSXZhekJ0TW1KWGMxcHRkRUZHUmtoVVIzVmxTVWg0Um1oU2NUWmhSM0JsUWswS1RsSXlOREp4SzNGeWVuVlBXa3hXUVUxWmVYRnlUWFoxVkhkSlJFRlJRVUp2TUVsM1VVUkJUMEpuVGxaSVVUaENRV1k0UlVKQlRVTkJjVkYzUkhkWlJBcFdVakJVUVZGSUwwSkJWWGRCZDBWQ0wzcEJaRUpuVGxaSVVUUkZSbWRSVldOR0x6ZFBUM1JpZHpFM1YydDNPVTFqUjNnek5UUldhMVk0TUhkRVVWbEtDa3R2V2tsb2RtTk9RVkZGVEVKUlFVUm5aMFZDUVVsYVQxZ3hUMHRDZDJwd1NWVk5OREpwVXk5aWRXYzRkSE5MU0ZkME0wWlRlbUZ4TXpObGRUWmliblVLWlRCd1NXbDVlV0YxUmxSb1dEWXJjak5zVkRSc1RXNTJLME1yUVRSc1VETnJiSFZEZG5RNVFVTjJXWEJDV0N0WFJXVm9RVEpqTmtsdGRUa3hXR1ptWkFwdmMxcE1NRzA0UlRaT1YzWkVNVTlNY1hCVGJGTnVWMHhSYzJWMVRVSnlWbnAxVVRodVJXTk5Va1ZHY0RRMGRFMTNTU3R0WkVoRlRVRkxLMlkwZFdScUNtcHBWekIzYjB0bVZtdHpLMXBZVjBaalNqZHJNV28xTkZwUVdIWk1iRkJzUkdaV1JtVnFOMHR4UTBsYVRVdE9RbTA0VmtOeFlrVm1kbkZNTkRkb01Ib0thMkl2Tm1kc1EwbE9OM1J4Vkd4MWRWWlhSMGxYWmtjcllTOTJVRVphYVV4aE1HZzBTamhUWnk5cVZHcExSVUozVUhvdlltczVZM0ExTWk5alUzcGhRd280YVRoSllUaEVRVXRSV1hvMGVWRXhURGh1WTFWV1ZqSkxOamwzT1ZKYU1qQndVMG93VW1GVFRtazRQUW90TFMwdExVVk9SQ0JEUlZKVVNVWkpRMEZVUlMwdExTMHRDaTB0TFMwdFFrVkhTVTRnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUXBOU1VsRVRXcERRMEZvY1dkQmQwbENRV2RKU1daa1p5dElOM2hJYjJ4bmQwUlJXVXBMYjFwSmFIWmpUa0ZSUlV4Q1VVRjNUbnBGVTAxQ1FVZEJNVlZGQ2tONFRVcGlNMEpzWW01T2IyRlhXakJOVTBWM1NIZFpSRlpSVVVSRmVHaHlaRmRLYkV4WFJuZGhXRTVzWTI1YWJHTnBNWE5aYVRGNllWZGtkVnBZU1hjS1NHaGpUazFxUVhkT1JFbDRUVlJCZWs1VVJYZFhhR05PVFhwQmQwNUVSVFZOVkVGNlRsUkZkMWRxUVROTlVrbDNSVUZaUkZaUlVVeEZkMngyWTBkV2RRcGpNbWh3V201UmVFbFVRV1pDWjA1V1FrRk5WRWRIZERGWmJWVjBXVmhDY0dNeVZubGtiVlo1VEZkNGFVeFlUbkJhTWpWc1kycERRMEZUU1hkRVVWbEtDa3R2V2tsb2RtTk9RVkZGUWtKUlFVUm5aMFZRUVVSRFEwRlJiME5uWjBWQ1FVeGtha3BRYW1kRFRVazBSVFJ3TVhSV1RtWk9WSEpDT0V0bE9HSllaemtLU0RkcGRrMURhalZtVlZaQ05FcHJTRlJpYmtsVGRYTmxkV3A0VEdkUk1XTm9TbW81V25WNWFFODVlVEJ0VlRkb01HWnhNekZhVVN0TlIyaGpUREJGVEFwb1pUSnVWVWxWTkdkamRWSXpjaXRTY2xsMGNEQTFSM0E0VkVkWmJtRnVURFJ6T0ROS1RYcFdNUzh6VW5oM1kzUldjMUJQWWxKdVJUZFdjamhQZFRFNUNqQnhTVzFNTVZWQ1YyUklLMFIwVWtoWmEwRkJWekppUjBvMGFtTklOV2hGVWpVeFNtODFaemx5Vm1acVkzRjRaWGxwVFN0WGNUUXdUbE4yU2xsbVlYZ0taVFEyZWtRMVJqbEZaMWc0T0V4eVFXOXVZMFJMYTFSUmVHeE9jbGR0UkhCMVYyMHlUbXc0VVN0SWVWRndiWGgyZDB4U1lYaFhlSFZrZWxwc2IyUnBSd3AwVGtOc1YxUldVbXB6Vms1aFRFaDNZM1pUWkhrelJtdDVkVmhpYkRFMlUzaFFORmRsWTBJeU1uWm9ZVTF6UzBoWmVDOXBTbUZ6UTBGM1JVRkJZVTVEQ2sxRlFYZEVaMWxFVmxJd1VFRlJTQzlDUVZGRVFXZExhMDFCT0VkQk1WVmtSWGRGUWk5M1VVWk5RVTFDUVdZNGQwaFJXVVJXVWpCUFFrSlpSVVpRTjNBS1FuQnRWbEJIZUc4NFFXVnZWa1ZQVWxBd1pGZEJhWFpGVFVFd1IwTlRjVWRUU1dJelJGRkZRa04zVlVGQk5FbENRVkZDY1ZwaFZITjVabGQxZWpSQ1pBcFJMME5JTVZWTVZFZFRVMnN4TjBSQmIzQk9Ua0YzVHpWdVNucGhUREIwYlc1TFJXcGtjMkZzWm1wV1JFbDNhMVpIU2pCMlVGcHlVRllyTlRNdmRqaGxDa2QyUWtKck1IQnJiamswY205elFrSjJURXRqYm1OWEsxQkVOR1pMVmtGcE9IQkRjV0prWWpSR1ZtWlViR3BZUzFCU2NVbzRNMDkzY0N0M01WQmplRmdLYldNMlFtbzRaSGwyV1dWSlMyNUVSSFJLUWprdlVXUXhRakEzZFRadVJGcExNM0ZvTHpCRVV6UXdZVXRNYUVRNWFucG5RM2d5Y1RkTFpHOWpaRkV4ZHdwRlZHdHpTMVppUlhsWGNYUXlibXBxZEZWV1pURjVNMGxyTjFKcVZYTkJjWEJ5WnpOaVJVbHVLekowUW1reVpGUm5XaXRRVDFkT1pXeFZZalo0VEhGdUNsZzBjV2czYkZZeU4zQmFRemxpUVVSdmEzQTVUV0ZyVGpnM1dUTXlaSGhOZDFWMWJUQmhSbHB2T0RsemRHRlliSHBaZEVOMVoxcFNUVGhFYVU1NmNHRUtObVJpVVUxdmVrWUtMUzB0TFMxRlRrUWdRMFZTVkVsR1NVTkJWRVV0TFMwdExRbz0KICAgIHNlcnZlcjogaHR0cHM6Ly9hcGkuZWRnZS1tZ210LWh1Yi5nY3AuZGV2Y2x1c3Rlci5vcGVuc2hpZnQuY29tOjY0NDMKICBuYW1lOiBlZGdlLW1nbXQtaHViCmNvbnRleHRzOgotIGNvbnRleHQ6CiAgICBjbHVzdGVyOiBlZGdlLW1nbXQtaHViCiAgICB1c2VyOiBhZG1pbgogIG5hbWU6IGFkbWluCmN1cnJlbnQtY29udGV4dDogYWRtaW4Ka2luZDogQ29uZmlnCnByZWZlcmVuY2VzOiB7fQp1c2VyczoKLSBuYW1lOiBhZG1pbgogIHVzZXI6CiAgICBjbGllbnQtY2VydGlmaWNhdGUtZGF0YTogTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVUmFla05EUVdzclowRjNTVUpCWjBsSlRrTlpOblphS3pGS2NVRjNSRkZaU2t0dldrbG9kbU5PUVZGRlRFSlJRWGRPYWtWVFRVSkJSMEV4VlVVS1EzaE5TbUl6UW14aWJrNXZZVmRhTUUxVFFYZElaMWxFVmxGUlJFVjRaR2hhUnpGd1lta3hjbVJYU214Wk1qbDFXbTFzYmt4WVRuQmFNalZzWTJwQlpRcEdkekI1VFVSQk1FMXFSWGhOUkUweFRWUkNZVVozTUhwTlJFRXdUVlJyZUUxRVRURk5WRUpoVFVSQmVFWjZRVlpDWjA1V1FrRnZWRVJ1VGpWak0xSnNDbUpVY0hSWldFNHdXbGhLZWsxU1ZYZEZkMWxFVmxGUlJFVjNlSHBsV0U0d1dsY3dObGxYVW5SaFZ6UjNaMmRGYVUxQk1FZERVM0ZIVTBsaU0wUlJSVUlLUVZGVlFVRTBTVUpFZDBGM1oyZEZTMEZ2U1VKQlVVTjJiV1l3VTB4YVUxSnpNVzltU2tzNGJ6Z3JhalUwVUcwM2NtbEhjRVo0TmxwUmRFSlliRzFvY1FwcllUZElhVU5NZVc5aVpEaERVRVp0Tm5Gd1dsTjJkVkJSZEdoNWFWbEtkMVp1V0hKclZXNTZZbm8zTWpVek15ODJZMmg1V0haSVJFZEJOMWxRYUUxRkNqaEJXRlZSWVVac0x6TmFOa2gwWldsR1UxTnpSMXBGZW1SdlVubGxXa2hzS3pacFkxSkJkbUpvZEhCdVpXUnZTRTVZV0UxaFkzUTVjV3RNV1U0Mk5IWUtaWE5qUjNsS1dGSkhZMXByVFVoNGJXa3ZZMlF2U3pOdE5WQkZUMnB6TUU5S1dVOVVPRU5UVjFkUWJXMTBUbmRaTTB0RFoyVmlNRGxwV2tGVFVYaGliUXBYVjJsVVlVOVhUbGg0UmpjeGREbDFjMHRRYkRsbVYwbDVRVVJNVVdvM1NVWnhNRmxRYWxWNGNESnFMMGRHTjJOa2FFMVBjbEJXV0dodGFFVndaWGhsQ25BeFNFTlJhbVl4Y25oVkswMU9jV3B5TDBWRVdYSTJORXN6V25OcWF6WmxSSFZLVDFaTlVGVTFaVkpHUVdkTlFrRkJSMnBtZWtJNVRVRTBSMEV4VldRS1JIZEZRaTkzVVVWQmQwbEdiMFJCWkVKblRsWklVMVZGUm1wQlZVSm5aM0pDWjBWR1FsRmpSRUZSV1VsTGQxbENRbEZWU0VGM1NYZEVRVmxFVmxJd1ZBcEJVVWd2UWtGSmQwRkVRV1JDWjA1V1NGRTBSVVpuVVZWbVYxRXlhbTVCYVdWeVN6QllNVlZsY1d0MVRXOVFSbGhwVTFsM1NIZFpSRlpTTUdwQ1FtZDNDa1p2UVZWbVYxRXlhbTVCYVdWeVN6QllNVlZsY1d0MVRXOVFSbGhwVTFsM1JGRlpTa3R2V2tsb2RtTk9RVkZGVEVKUlFVUm5aMFZDUVVaQmMzYzRZazBLZERSNGEyNVBTa1J3ZDFaMldGUTVia0Y1UVROclNUUm9hMm96YVVSc1QwVmpaVVYwVVhwV01VUlVURlV6UlhsRE1WQXlVa1JGUlRGMVdIUlJVWE5tWVFwcmEwWkVRVFZUU2pseE4xQnFPR3BTYzNFNU1ITTBSVll4VlhWalYwRjZUVnAyTVRJdlptSkZXamQzU1VaaVVqTkxVVnBNVlhsalpHNUxhMVZpTTIxUUNrWXhZMk5wZG5OMlVEQm1VRWwxYVZSRlUyUkRUamQ1UkhJMlZIaHRiRUZUYkZWRU9TOWxkRkJPWVRsR04wbEllalJWVjBSa2FFSlFWVmR4TTJGMFZFWUtiR2MzZVZwUVdEVkpWaXRDUjNCQlFuQkpUemhYTTB4aWRqRTJWMmw2ZDBnclEwNVBjMkpwY0ZvMVozY3diRGMzUTNKblVFRTJkRFJGVTNSaGVrRlhjUXA1VFVKek9EQkNNMEpOU25veVZWVjBSM2hZZVUxNFp6RkdiRFF3U1hkNk5HeFlSamgzWVRaR1dYUnpXWGRsY1ZWd2VqUXplak42YUdaRFZETlFibXh2Q2pCU09VVlVRelV5VUhadlJHSlFZejBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89CiAgICBjbGllbnQta2V5LWRhdGE6IExTMHRMUzFDUlVkSlRpQlNVMEVnVUZKSlZrRlVSU0JMUlZrdExTMHRMUXBOU1VsRmIyZEpRa0ZCUzBOQlVVVkJjalZ1T1VWcE1sVnJZazVoU0hsVGRrdFFVRzhyWlVRMWRUWTBhSEZTWTJWdFZVeFJWalZhYjJGd1IzVjROR2RwQ2poeFJ6Tm1RV3A0V25WeGNWZFZjamRxTUV4WlkyOXRRMk5HV2pFMk5VWktPREk0S3psMVpEa3ZLMjVKWTJ3M2VIZDRaMDh5UkRSVVFsQkJSakZGUjJnS1dtWTVNbVZvTjFodmFGVnJja0p0VWswellVVmpibTFTTldaMWIyNUZVVXd5TkdKaFdqTnVZVUo2VmpGNlIyNU1abUZ3UXpKRVpYVk1NM0pJUW5OcFZnb3dVbTVIV2tSQ09GcHZkak5JWm5sME5YVlVlRVJ2TjA1RWFWZEVheTlCYTJ4c2FqVndjbFJqUjA1NVoyOUliVGxRV1cxUlJXdE5WelZzYkc5ck1tcHNDbXBXT0ZKbE9XSm1ZbkpEYWpWbVdERnBUV2RCZVRCSkszbENZWFJIUkRReFRXRmtieTk0YUdVelNGbFVSSEY2TVZZMFdtOVNTMWh6V0hGa1VuZHJTVE1LT1dFNFZsQnFSR0Z2Tmk5NFFUSkxLM1ZEZERKaVNUVlBibWMzYVZSc1ZFUXhUMWhyVWxGSlJFRlJRVUpCYjBsQ1FVZHhSbEU1U0dsSGJYbHFNbTVvYmdvelYxVXZVMFZXUlVwMGJXeHJUQ3R6ZVZvdk5IVnlPVmNyZGtscFpURTJTV2MwUzJobVRtUmtObGR2WmpCalVXMTVlVU5zVlZBeGVEQjBSbTlqVmtjM0NuRmFkR3hGVmtobVRGUjVkbE5UZFhZd2IwbG9UblZuVVVJMlQwbEpiRVZYYlhSNGRuTnBVREJVTmxBdmNGZGFUV2RDYzNsMWNtUnBZbHBIVVV4clJGVUtkV3RwY0hKb1ZERkJjMEUyZFhOSFRVdzJaVVZRT1ZrdlQwbGxUblJuYTNsTVlYbFdiU3RDVGs0MUswNW5ZbFZYV2tWVVYzQXllbTFQV2t4UlQyWmthd3BJZFVNMVVsWjZOR3BoYVNzM2VITkpSbXdyYkd4WGVFdFZSVXBZY0dNNGJtVktTMUpoVFhGRE5GaFJPR1p2Tm1Sa09FTkdhVmxZVEV4UlNIWlVaMlpzQ2s0elRYaHBUMnhyWkU5aFFYcElZME13T0d4UE1sUnJlVk5NUkhaWVVFNHdTQzlHVHk5WFRsZG9lREZqUWxSbmF6RXZiVXMwUlZWb01sWlZRV2RqVGpBS2QxWm5RMkU0UlVObldVVkJORFowYUVNeVYwTlNjelZwUmsxSWVWWTVVMEU0TWxsVVVGQkRZMnBLYURreU1XSkdSRUl4Y3pZd0szbDRSbWRKYm5WUWFnb3lNU3RxUlV4NmJVeFdlVVI1TVdrNVlqaHVORkV3TVhCblowaDFlVmhMV1dWMVkwSkNlV3hDUkRkR2VsWXdXbGsyY2xSdWVFRXdORmxOUXpkbmVWTnlDbkJzVkhFNE5YcGlaRzloYmxGa0x6UjBaVEJWWWpSWFRIY3pMM2RPVG0xcFptUllUSGRXYURGc1UySjNWSHBsWkU4NWMxQXplRVZEWjFsRlFYaFlVSFlLT1dkMFVWZHFjMFoyVlRGS1lqaFlhMmg2VTBSS1FWTmtjRUpRV0ZWVFJIVlRkWFZDUzNOMFVsbHJObWxQZUd3d1RVVk5hMUJSU1U1R05FMUdjVWR3ZGdwcVNtcHZXbm95ZGsxb1JUY3lXa1pZVFZKbU1WaFdWV3ByYlZCMGRYWmhRMUJNZVVsRFJtNVpRazFzU2xkaU1rUllSMUF5UTFNdmVrZEJkV2h1ZW1KWENrcHFVbE5hTjNWelFtUk5aMVpHUVhKR1ZVVnlaVzB5VTFwUk1ETnhSamhRYVd4RFp6Sm1WVU5uV1VGT2NXSktTVTlqTlVseE5HZE9WVTV3V0ZaUlVuTUtSblp6Wld4Q05FRXZaMGhJYTFCNVFWUndMMFIxTWs5NVJITndkSEJ4Vmpnck9EbFJZVTVYZW1OVVRHcHRRellyVERkUE4ySnJSR1p6V0dkQlJrOVdOd3B6Y2s1SlJqZDVNREJYVW01dU1uZHJiMkpwY1Rsc1VXc3dhM2QxWjFwMlptWnZZMlpIV2tjclIycFRaR0Z1UTBacmJsaEJaalZaTUhCRkwzQkVRWEZLQ2xoTVVTdHdVekZvVW5oWWVUSjRZVkJwWjFRME1GRkxRbWRCYURCUVJsQXlha0YzZHpseUwzbE1WRVJDT0d4VWRuQkxXRWxLVFNzdmIySndlR2hKU21zS2NuWlZZMGN6U0hkR0wxbGlNSFZQTWtoRWExbGxNazFGVlhoMWR6UjJTRTFKYW1NMVduVlVialF2TkdWM1VFeDZTMkZvUkZkMlEweHZjMUZqYUdSeUx3b3pNM056UkZwdE1qTktUV2hGUW5wSGEzVlJNWG94ZVRaTmMwNVZXRGR5YmtKd1p6SmhkR3RqTDNka1pFZ3hjMkp1VkdKNWRHY3ZjR3AyWVVGcE0xQkxDbTB2YURWQmIwZEJUMGhCZFhGRmFrVjVSVVIyVmt4NWJFdHFLM3B3YUZReFdITlJUSFYzWW1oMVVHUldkWE5HUlhvMGJHdEZabTVFTUdwUGJqWm5URE1LUXpSRk0wUlRRVFZoTnpaV1NITjBUbVJNVTB0c09VOXNUVEJCVWsxVWFsTndNQzl6VDI1bmJ6WlpMekJoZEdjNFdEZFdUamd3TVdwT00zUkJkekZTU0FwVU1FZFNUSFprUlVKdVUxVnhhblJWTTJneGJqTmpiblJsTUZKcWFIZDVTbTFOUWtrNGVVd3hjbTkwWXk5ME0wbEVkbXM5Q2kwdExTMHRSVTVFSUZKVFFTQlFVa2xXUVZSRklFdEZXUzB0TFMwdENnPT0K 85 | kind: Secret 86 | metadata: 87 | creationTimestamp: null 88 | name: klusterlet-bootstrap 89 | namespace: multicluster-endpoint 90 | --- 91 | apiVersion: apps/v1 92 | kind: Deployment 93 | metadata: 94 | creationTimestamp: null 95 | name: endpoint-operator 96 | namespace: multicluster-endpoint 97 | spec: 98 | selector: 99 | matchLabels: 100 | name: endpoint-operator 101 | strategy: {} 102 | template: 103 | metadata: 104 | creationTimestamp: null 105 | labels: 106 | name: endpoint-operator 107 | spec: 108 | containers: 109 | - env: 110 | - name: WATCH_NAMESPACE 111 | - name: OPERATOR_NAME 112 | value: endpoint-operator 113 | - name: POD_NAME 114 | valueFrom: 115 | fieldRef: 116 | fieldPath: metadata.name 117 | - name: IMAGE_TAG_POSTFIX 118 | value: -SNAPSHOT-2020-03-31-02-16-43 119 | image: quay.io/open-cluster-management/endpoint-operator:1.0.0-SNAPSHOT-2020-03-31-02-16-43 120 | imagePullPolicy: Always 121 | name: endpoint-operator 122 | resources: {} 123 | imagePullSecrets: 124 | - name: multiclusterhub-operator-pull-secret 125 | serviceAccountName: endpoint-operator 126 | status: {} 127 | --- 128 | apiVersion: multicloud.ibm.com/v1beta1 129 | kind: Endpoint 130 | metadata: 131 | creationTimestamp: null 132 | name: endpoint 133 | namespace: multicluster-endpoint 134 | spec: 135 | applicationManager: 136 | enabled: true 137 | certPolicyController: 138 | enabled: true 139 | cisController: 140 | enabled: false 141 | clusterLabels: 142 | cloud: auto-detect 143 | vendor: auto-detect 144 | clusterName: staging-aws 145 | clusterNamespace: staging-aws 146 | connectionManager: {} 147 | iamPolicyController: 148 | enabled: true 149 | imagePullSecret: multiclusterhub-operator-pull-secret 150 | imageRegistry: quay.io/open-cluster-management 151 | policyController: 152 | enabled: true 153 | searchCollector: 154 | enabled: true 155 | serviceRegistry: 156 | dnsSuffix: mcm.svc 157 | enabled: true 158 | plugins: kube-service 159 | version: 1.0.0 160 | status: {} 161 | -------------------------------------------------------------------------------- /base/00_install-config/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/base/00_install-config/.gitkeep -------------------------------------------------------------------------------- /base/00_install-config/install-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | baseDomain: edge.industrial 3 | compute: 4 | - hyperthreading: Enabled 5 | name: worker 6 | replicas: 0 7 | controlPlane: 8 | hyperthreading: Enabled 9 | name: master 10 | replicas: 3 11 | kind: InstallConfig 12 | metadata: 13 | name: cluster 14 | networking: 15 | machineCIDR: 10.1.1.0/24 16 | networkType: OpenShiftSDN 17 | pullSecret: PULL_SECRET 18 | sshKey: | 19 | SSH_PUB_KEY 20 | -------------------------------------------------------------------------------- /base/00_install-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - install-config.yaml -------------------------------------------------------------------------------- /base/01_cluster-mods/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../00_cluster 3 | 4 | resources: 5 | -------------------------------------------------------------------------------- /base/01_cluster-mods/manifests/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/base/01_cluster-mods/manifests/.gitkeep -------------------------------------------------------------------------------- /base/01_cluster-mods/openshift/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/base/01_cluster-mods/openshift/.gitkeep -------------------------------------------------------------------------------- /base/02_cluster-addons/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/base/02_cluster-addons/.gitkeep -------------------------------------------------------------------------------- /base/02_cluster-addons/00_acm-registration/00_klusterlet-crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | creationTimestamp: null 5 | name: klusterlets.operator.open-cluster-management.io 6 | spec: 7 | group: operator.open-cluster-management.io 8 | names: 9 | kind: Klusterlet 10 | listKind: KlusterletList 11 | plural: klusterlets 12 | singular: klusterlet 13 | scope: Cluster 14 | subresources: 15 | status: {} 16 | validation: 17 | openAPIV3Schema: 18 | description: Klusterlet represents controllers on the managed cluster. When 19 | configured, the Klusterlet requires a secret named of bootstrap-hub-kubeconfig 20 | in the same namespace to allow API requests to the hub for the registration 21 | protocol. 22 | type: object 23 | properties: 24 | apiVersion: 25 | description: 'APIVersion defines the versioned schema of this representation 26 | of an object. Servers should convert recognized schemas to the latest 27 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 28 | type: string 29 | kind: 30 | description: 'Kind is a string value representing the REST resource this 31 | object represents. Servers may infer this from the endpoint the client 32 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 33 | type: string 34 | metadata: 35 | type: object 36 | spec: 37 | description: Spec represents the desired deployment configuration of Klusterlet 38 | agent. 39 | type: object 40 | properties: 41 | clusterName: 42 | description: ClusterName is the name of the managed cluster to be created 43 | on hub. The Klusterlet agent generates a random name if it is not 44 | set, or discovers the appropriate cluster name on openshift. 45 | type: string 46 | externalServerURLs: 47 | description: ExternalServerURLs represents the a list of apiserver urls 48 | and ca bundles that is accessible externally If it is set empty, managed 49 | cluster has no externally accessible url that hub cluster can visit. 50 | type: array 51 | items: 52 | description: ServerURL represents the apiserver url and ca bundle 53 | that is accessible externally 54 | type: object 55 | properties: 56 | caBundle: 57 | description: CABundle is the ca bundle to connect to apiserver 58 | of the managed cluster. System certs are used if it is not set. 59 | type: string 60 | format: byte 61 | url: 62 | description: URL is the url of apiserver endpoint of the managed 63 | cluster. 64 | type: string 65 | namespace: 66 | description: Namespace is the namespace to deploy the agent. The namespace 67 | must have a prefix of "open-cluster-management-", and if it is not 68 | set, the namespace of "open-cluster-management-agent" is used to deploy 69 | agent. 70 | type: string 71 | registrationImagePullSpec: 72 | description: RegistrationImagePullSpec represents the desired image 73 | configuration of registration agent. 74 | type: string 75 | workImagePullSpec: 76 | description: WorkImagePullSpec represents the desired image configuration 77 | of work agent. 78 | type: string 79 | status: 80 | description: Status represents the current status of Klusterlet agent. 81 | type: object 82 | properties: 83 | conditions: 84 | description: 'Conditions contain the different condition statuses for 85 | this Klusterlet. Valid condition types are: Applied: components have 86 | been applied in the managed cluster. Available: components in the 87 | managed cluster are available and ready to serve. Progressing: components 88 | in the managed cluster are in a transitioning state. Degraded: components 89 | in the managed cluster do not match the desired configuration and 90 | only provide degraded service.' 91 | type: array 92 | items: 93 | description: StatusCondition contains condition information. 94 | type: object 95 | properties: 96 | lastTransitionTime: 97 | description: LastTransitionTime is the last time the condition 98 | changed from one status to another. 99 | type: string 100 | format: date-time 101 | message: 102 | description: Message is a human-readable message indicating details 103 | about the last status change. 104 | type: string 105 | reason: 106 | description: Reason is a (brief) reason for the condition's last 107 | status change. 108 | type: string 109 | status: 110 | description: Status is the status of the condition. One of True, 111 | False, Unknown. 112 | type: string 113 | type: 114 | description: Type is the type of the cluster condition. 115 | type: string 116 | version: v1 117 | versions: 118 | - name: v1 119 | served: true 120 | storage: true 121 | status: 122 | acceptedNames: 123 | kind: "" 124 | plural: "" 125 | conditions: [] 126 | storedVersions: [] 127 | -------------------------------------------------------------------------------- /base/02_cluster-addons/00_acm-registration/01_namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: open-cluster-management-agent 5 | -------------------------------------------------------------------------------- /base/02_cluster-addons/00_acm-registration/02_service-account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: klusterlet 5 | namespace: open-cluster-management-agent 6 | -------------------------------------------------------------------------------- /base/02_cluster-addons/00_acm-registration/03_klusterlet-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: klusterlet 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - secrets 10 | - configmaps 11 | - serviceaccounts 12 | verbs: 13 | - create 14 | - get 15 | - list 16 | - update 17 | - watch 18 | - patch 19 | - delete 20 | - apiGroups: 21 | - authorization.k8s.io 22 | resources: 23 | - subjectaccessreviews 24 | verbs: 25 | - create 26 | - apiGroups: 27 | - "" 28 | resources: 29 | - namespaces 30 | verbs: 31 | - get 32 | - list 33 | - watch 34 | - create 35 | - apiGroups: 36 | - "" 37 | - events.k8s.io 38 | resources: 39 | - events 40 | verbs: 41 | - create 42 | - patch 43 | - update 44 | - apiGroups: 45 | - apps 46 | resources: 47 | - deployments 48 | verbs: 49 | - create 50 | - get 51 | - list 52 | - update 53 | - watch 54 | - patch 55 | - delete 56 | - apiGroups: 57 | - rbac.authorization.k8s.io 58 | resources: 59 | - clusterrolebindings 60 | - rolebindings 61 | verbs: 62 | - create 63 | - get 64 | - list 65 | - update 66 | - watch 67 | - patch 68 | - delete 69 | - apiGroups: 70 | - rbac.authorization.k8s.io 71 | resources: 72 | - clusterroles 73 | - roles 74 | verbs: 75 | - create 76 | - get 77 | - list 78 | - update 79 | - watch 80 | - patch 81 | - delete 82 | - escalate 83 | - bind 84 | - apiGroups: 85 | - operator.open-cluster-management.io 86 | resources: 87 | - klusterlets 88 | verbs: 89 | - get 90 | - list 91 | - watch 92 | - update 93 | - patch 94 | - delete 95 | - apiGroups: 96 | - operator.open-cluster-management.io 97 | resources: 98 | - klusterlets/status 99 | verbs: 100 | - update 101 | - patch 102 | -------------------------------------------------------------------------------- /base/02_cluster-addons/00_acm-registration/04_cluster-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 6 | name: open-cluster-management:klusterlet-admin-aggregate-clusterrole 7 | rules: 8 | - apiGroups: 9 | - operator.open-cluster-management.io 10 | resources: 11 | - klusterlets 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | - create 17 | - update 18 | - patch 19 | - delete 20 | -------------------------------------------------------------------------------- /base/02_cluster-addons/00_acm-registration/05_role-bindings.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: klusterlet 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: klusterlet 9 | subjects: 10 | - kind: ServiceAccount 11 | name: klusterlet 12 | namespace: open-cluster-management-agent 13 | -------------------------------------------------------------------------------- /base/02_cluster-addons/00_acm-registration/06_hub-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | kubeconfig: | 4 | KUBECONFIGHUB 5 | kind: Secret 6 | metadata: 7 | name: bootstrap-hub-kubeconfig 8 | namespace: open-cluster-management-agent 9 | type: Opaque 10 | 11 | -------------------------------------------------------------------------------- /base/02_cluster-addons/00_acm-registration/07-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | app: klusterlet 6 | name: klusterlet 7 | namespace: open-cluster-management-agent 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: klusterlet 13 | template: 14 | metadata: 15 | labels: 16 | app: klusterlet 17 | spec: 18 | containers: 19 | - args: 20 | - /registration-operator 21 | - klusterlet 22 | image: registry.redhat.io/rhacm2/registration-rhel8-operator@sha256:0630bca8263f93a4a1348e6bd5a8689157739e8ab09d4f3354acb4be1bf66dda 23 | imagePullPolicy: IfNotPresent 24 | livenessProbe: 25 | httpGet: 26 | path: /healthz 27 | port: 8443 28 | scheme: HTTPS 29 | initialDelaySeconds: 2 30 | periodSeconds: 10 31 | name: klusterlet 32 | readinessProbe: 33 | httpGet: 34 | path: /healthz 35 | port: 8443 36 | scheme: HTTPS 37 | initialDelaySeconds: 2 38 | serviceAccountName: klusterlet 39 | -------------------------------------------------------------------------------- /base/02_cluster-addons/00_acm-registration/08-klusterlet.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.open-cluster-management.io/v1 2 | kind: Klusterlet 3 | metadata: 4 | name: klusterlet 5 | spec: 6 | clusterName: spoke-cluster 7 | namespace: open-cluster-management-agent 8 | registrationImagePullSpec: registry.redhat.io/rhacm2/registration-rhel8@sha256:31959369a31dc75dc5c7844377f32a510b3dae3f274c0318418ae4cbf7d0568b 9 | workImagePullSpec: registry.redhat.io/rhacm2/work-rhel8@sha256:9edb8e1a4a2b66fa9aef27676ed8e66851f4462287ca3548c58af164e8095897 10 | -------------------------------------------------------------------------------- /base/02_cluster-addons/01_subscriptions_operator/01_namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | creationTimestamp: null 5 | name: multicloud-operators 6 | spec: {} 7 | status: {} 8 | -------------------------------------------------------------------------------- /base/02_cluster-addons/01_subscriptions_operator/04_pull-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | .dockerconfigjson: | 4 | ewogICJhdXRocyI6IHsKICAgICJxdWF5LmlvIjogewogICAgICAiYXV0aCI6ICJiMmRzYjJzNlFUVXJhVFJQVFhoMVlVNXdVbGRLYVRoQ05UUlFRVlV3Y2poc2MwMUlhVVJ4WkRSNmMyOUxZUzl5VVZoVmNUWmxWRTgyWlhSNEswWXJTVkYzWTFOUlRnPT0iLAogICAgICAiZW1haWwiOiAiIgogICAgfQogIH0KfQ== 5 | kind: Secret 6 | metadata: 7 | creationTimestamp: null 8 | name: multicloud-operators 9 | namespace: multicloud-operators 10 | type: kubernetes.io/dockerconfigjson 11 | -------------------------------------------------------------------------------- /base/02_cluster-addons/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - 00_acm-registration/00_klusterlet-crd.yaml 3 | - 00_acm-registration/03_klusterlet-role.yaml 4 | - 00_acm-registration/04_cluster-role.yaml 5 | - 00_acm-registration/05_role-bindings.yaml 6 | - 00_acm-registration/01_namespace.yaml 7 | - 00_acm-registration/06_hub-config.yaml 8 | - 00_acm-registration/02_service-account.yaml 9 | - 00_acm-registration/07-deployment.yaml 10 | - 00_acm-registration/08-klusterlet.yaml 11 | 12 | transformers: 13 | - site-config.yaml 14 | -------------------------------------------------------------------------------- /base/02_cluster-addons/site-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kni.akraino.org/v1alpha1 2 | kind: SiteConfig 3 | metadata: 4 | name: notImportantHere 5 | config: {} 6 | -------------------------------------------------------------------------------- /base/03_services/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/base/03_services/.gitkeep -------------------------------------------------------------------------------- /base/03_services/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | 3 | -------------------------------------------------------------------------------- /profiles/README.md: -------------------------------------------------------------------------------- 1 | This folder contains deployment profiles as overlays on top of the base layer. 2 | 3 | A profile should be used to adapt the base layer to a specific platform (e.g. add AWS-specific attributes), stage (e.g. only use one master in testing stage), or version (e.g. override manifest API version to adapt to different openshift-installer versions). 4 | 5 | By convention, profiles should be named "[-].". Each profile must have an entry in requirements.yaml with a key corresponding to the profile name. -------------------------------------------------------------------------------- /profiles/production.aws/00_install-config/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/profiles/production.aws/00_install-config/.gitkeep -------------------------------------------------------------------------------- /profiles/production.aws/00_install-config/install-config.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: InstallConfig 3 | metadata: 4 | name: cluster 5 | platform: 6 | aws: 7 | region: us-east-2 8 | -------------------------------------------------------------------------------- /profiles/production.aws/00_install-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../base/00_install-config 3 | 4 | patches: 5 | - install-config.patch.yaml 6 | 7 | -------------------------------------------------------------------------------- /profiles/production.aws/01_cluster-mods/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../base/01_cluster-mods 3 | -------------------------------------------------------------------------------- /profiles/production.aws/01_cluster-mods/manifests/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/profiles/production.aws/01_cluster-mods/manifests/.gitkeep -------------------------------------------------------------------------------- /profiles/production.aws/01_cluster-mods/openshift/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/profiles/production.aws/01_cluster-mods/openshift/.gitkeep -------------------------------------------------------------------------------- /profiles/production.aws/02_cluster-addons/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/profiles/production.aws/02_cluster-addons/.gitkeep -------------------------------------------------------------------------------- /profiles/production.aws/02_cluster-addons/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../base/02_cluster-addons 3 | 4 | -------------------------------------------------------------------------------- /profiles/production.aws/03_services/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/profiles/production.aws/03_services/.gitkeep -------------------------------------------------------------------------------- /profiles/production.aws/03_services/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../base/03_services 3 | -------------------------------------------------------------------------------- /profiles/production.aws/requirements.yaml: -------------------------------------------------------------------------------- 1 | kubectl: https://dl.k8s.io/v1.16.0/kubernetes-client-linux-amd64.tar.gz 2 | kustomize: https://github.com/kubernetes-sigs/kustomize/releases/download/v3.2.0/kustomize_3.2.0_linux_amd64 3 | oc: https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest-4.5/openshift-client-linux.tar.gz 4 | openshift-install: https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest-4.5/openshift-install-linux.tar.gz 5 | -------------------------------------------------------------------------------- /profiles/production.baremetal/00_install-config/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/profiles/production.baremetal/00_install-config/.gitkeep -------------------------------------------------------------------------------- /profiles/production.baremetal/00_install-config/install-config.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: InstallConfig 3 | metadata: 4 | name: cluster 5 | compute: 6 | - name: worker 7 | replicas: 0 8 | controlPlane: 9 | name: master 10 | replicas: 3 11 | platform: 12 | baremetal: {} 13 | platform: 14 | baremetal: 15 | -------------------------------------------------------------------------------- /profiles/production.baremetal/00_install-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../base/00_install-config 3 | 4 | patches: 5 | - install-config.patch.yaml 6 | -------------------------------------------------------------------------------- /profiles/production.baremetal/01_cluster-mods/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../base/01_cluster-mods 3 | 4 | resources: 5 | - openshift/99_metal3-config.yaml 6 | - openshift/10-master-nm-disable-auto-config.yaml 7 | -------------------------------------------------------------------------------- /profiles/production.baremetal/01_cluster-mods/manifests/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/profiles/production.baremetal/01_cluster-mods/manifests/.gitkeep -------------------------------------------------------------------------------- /profiles/production.baremetal/01_cluster-mods/openshift/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/profiles/production.baremetal/01_cluster-mods/openshift/.gitkeep -------------------------------------------------------------------------------- /profiles/production.baremetal/01_cluster-mods/openshift/10-master-nm-disable-auto-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: machineconfiguration.openshift.io/v1 2 | kind: MachineConfig 3 | metadata: 4 | labels: 5 | machineconfiguration.openshift.io/role: master 6 | name: 10-master-nm-disable-auto-config 7 | spec: 8 | config: 9 | ignition: 10 | version: 2.2.0 11 | storage: 12 | files: 13 | - contents: 14 | source: data:text/plain;charset=utf-8;base64,W21haW5dCnBsdWdpbnM9aWZjZmctcmgKIyBEbyBub3QgZG8gYXV0b21hdGljIChESENQL1NMQUFDKSBjb25maWd1cmF0aW9uIG9uIGV0aGVybmV0IGRldmljZXMKIyB3aXRoIG5vIG90aGVyIG1hdGNoaW5nIGNvbm5lY3Rpb25zLgpuby1hdXRvLWRlZmF1bHQ9KgojIElnbm9yZSB0aGUgY2FycmllciAoY2FibGUgcGx1Z2dlZCBpbikgc3RhdGUgd2hlbiBhdHRlbXB0aW5nIHRvCiMgYWN0aXZhdGUgc3RhdGljLUlQIGNvbm5lY3Rpb25zLgppZ25vcmUtY2Fycmllcj0qCgo= 15 | filesystem: root 16 | mode: 0644 17 | path: /etc/NetworkManager/conf.d/10-master-nm-disable-auto-config.conf 18 | -------------------------------------------------------------------------------- /profiles/production.baremetal/01_cluster-mods/openshift/10-worker-nm-disable-auto-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: machineconfiguration.openshift.io/v1 2 | kind: MachineConfig 3 | metadata: 4 | labels: 5 | machineconfiguration.openshift.io/role: worker 6 | name: 10-worker-nm-disable-auto-config 7 | spec: 8 | config: 9 | ignition: 10 | version: 2.2.0 11 | storage: 12 | files: 13 | - contents: 14 | source: data:text/plain;charset=utf-8;base64,W21haW5dCnBsdWdpbnM9aWZjZmctcmgKIyBEbyBub3QgZG8gYXV0b21hdGljIChESENQL1NMQUFDKSBjb25maWd1cmF0aW9uIG9uIGV0aGVybmV0IGRldmljZXMKIyB3aXRoIG5vIG90aGVyIG1hdGNoaW5nIGNvbm5lY3Rpb25zLgpuby1hdXRvLWRlZmF1bHQ9KgojIElnbm9yZSB0aGUgY2FycmllciAoY2FibGUgcGx1Z2dlZCBpbikgc3RhdGUgd2hlbiBhdHRlbXB0aW5nIHRvCiMgYWN0aXZhdGUgc3RhdGljLUlQIGNvbm5lY3Rpb25zLgppZ25vcmUtY2Fycmllcj0qCgo= 15 | filesystem: root 16 | mode: 0644 17 | path: /etc/NetworkManager/conf.d/10-worker-nm-disable-auto-config.conf 18 | -------------------------------------------------------------------------------- /profiles/production.baremetal/01_cluster-mods/openshift/99_metal3-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: metal3-config 5 | namespace: openshift-machine-api 6 | data: 7 | cache_url: '' 8 | deploy_kernel_url: http://172.22.0.3:6180/images/ironic-python-agent.kernel 9 | deploy_ramdisk_url: http://172.22.0.3:6180/images/ironic-python-agent.initramfs 10 | dhcp_range: 172.22.0.10,172.22.0.100 11 | http_port: "6180" 12 | ironic_endpoint: http://172.22.0.3:6385/v1/ 13 | ironic_inspector_endpoint: http://172.22.0.3:5050/v1/ 14 | provisioning_interface: eno2 15 | provisioning_ip: 172.22.0.3/24 16 | rhcos_image_url: http://172.22.0.1:8080/rhcos-43.81.202003111353.0-openstack.x86_64.qcow2.gz?sha256=8f17baa5564450eea4d3b6f817df3df58af7c3294583be62de615663c0ec55a5 17 | -------------------------------------------------------------------------------- /profiles/production.baremetal/02_cluster-addons/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/profiles/production.baremetal/02_cluster-addons/.gitkeep -------------------------------------------------------------------------------- /profiles/production.baremetal/02_cluster-addons/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../base/02_cluster-addons 3 | -------------------------------------------------------------------------------- /profiles/production.baremetal/03_services/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/profiles/production.baremetal/03_services/.gitkeep -------------------------------------------------------------------------------- /profiles/production.baremetal/03_services/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../base/03_services 3 | -------------------------------------------------------------------------------- /profiles/production.baremetal/requirements.yaml: -------------------------------------------------------------------------------- 1 | kubectl: https://dl.k8s.io/v1.16.0/kubernetes-client-linux-amd64.tar.gz 2 | kustomize: https://github.com/kubernetes-sigs/kustomize/releases/download/v3.2.0/kustomize_3.2.0_linux_amd64 3 | oc: https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest-4.5/openshift-client-linux.tar.gz 4 | openshift-install: https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest-4.5/openshift-install-linux.tar.gz 5 | -------------------------------------------------------------------------------- /profiles/production.gcp/00_install-config/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/profiles/production.gcp/00_install-config/.gitkeep -------------------------------------------------------------------------------- /profiles/production.gcp/00_install-config/install-config.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: InstallConfig 3 | metadata: 4 | name: cluster 5 | platform: 6 | gcp: 7 | projectID: openshift-gce-devel 8 | region: europe-west4 9 | -------------------------------------------------------------------------------- /profiles/production.gcp/00_install-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../base/00_install-config 3 | 4 | patches: 5 | - install-config.patch.yaml 6 | 7 | -------------------------------------------------------------------------------- /profiles/production.gcp/01_cluster-mods/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../base/01_cluster-mods 3 | -------------------------------------------------------------------------------- /profiles/production.gcp/01_cluster-mods/manifests/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/profiles/production.gcp/01_cluster-mods/manifests/.gitkeep -------------------------------------------------------------------------------- /profiles/production.gcp/01_cluster-mods/openshift/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/profiles/production.gcp/01_cluster-mods/openshift/.gitkeep -------------------------------------------------------------------------------- /profiles/production.gcp/02_cluster-addons/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/profiles/production.gcp/02_cluster-addons/.gitkeep -------------------------------------------------------------------------------- /profiles/production.gcp/02_cluster-addons/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../base/02_cluster-addons 3 | 4 | -------------------------------------------------------------------------------- /profiles/production.gcp/03_services/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/profiles/production.gcp/03_services/.gitkeep -------------------------------------------------------------------------------- /profiles/production.gcp/03_services/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../base/03_services 3 | -------------------------------------------------------------------------------- /profiles/production.gcp/requirements.yaml: -------------------------------------------------------------------------------- 1 | kubectl: https://dl.k8s.io/v1.16.0/kubernetes-client-linux-amd64.tar.gz 2 | kustomize: https://github.com/kubernetes-sigs/kustomize/releases/download/v3.2.0/kustomize_3.2.0_linux_amd64 3 | oc: https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest-4.5/openshift-client-linux.tar.gz 4 | openshift-install: https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest-4.5/openshift-install-linux.tar.gz 5 | -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/00_install-config/credentials.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: ipmi 5 | stringdata: 6 | username: cm9vdA== 7 | password: Y2Fsdmlu 8 | 9 | type: Opaque 10 | -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/00_install-config/install-config.name.patch.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: "/metadata/name" 3 | value: mvp 4 | -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/00_install-config/install-config.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: InstallConfig 3 | metadata: 4 | name: cluster 5 | baseDomain: edge.industrial 6 | platform: 7 | baremetal: 8 | apiVIP: 10.1.1.4 9 | ingressVIP: 10.1.1.5 10 | dnsVIP: 10.1.1.3 11 | provisioningBridge: provisioning 12 | externalBridge: baremetal 13 | hosts: 14 | - name: master-0 15 | role: master 16 | bmc: 17 | address: ipmi://10.19.111.39 18 | credentialsName: ipmi 19 | username: root 20 | password: calvin 21 | bootMACAddress: a4:bf:01:51:44:81 22 | hardwareProfile: default 23 | - name: master-1 24 | role: master 25 | bmc: 26 | address: ipmi://10.19.111.41 27 | credentialsName: ipmi 28 | username: root 29 | password: calvin 30 | bootMACAddress: a4:bf:01:51:0f:ae 31 | hardwareProfile: default 32 | - name: master-2 33 | role: master 34 | bmc: 35 | address: ipmi://10.19.111.43 36 | credentialsName: ipmi 37 | username: root 38 | password: calvin 39 | bootMACAddress: a4:bf:01:51:78:a5 40 | hardwareProfile: default 41 | pullSecret: 'PULL_SECRET' 42 | sshKey: | 43 | SSH_PUB_KEY 44 | -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/00_install-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - git::https://github.com/redhat-edge-computing/blueprint-industrial-edge.git//profiles/production.baremetal/00_install-config 3 | 4 | patches: 5 | - install-config.patch.yaml 6 | 7 | patchesJson6902: 8 | - target: 9 | version: v1 10 | kind: InstallConfig 11 | name: cluster 12 | path: install-config.name.patch.yaml 13 | 14 | transformers: 15 | - site-config.yaml 16 | -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/00_install-config/site-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kni.akraino.org/v1alpha1 2 | kind: SiteConfig 3 | metadata: 4 | name: notImportantHere 5 | config: {} 6 | -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/01_cluster-mods/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/sites/mvp.edge.industrial/01_cluster-mods/.gitkeep -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/01_cluster-mods/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../profiles/production.baremetal/01_cluster-mods 3 | 4 | resources: 5 | - openshift/99-ifcfg-ens786f1-master.yaml 6 | - openshift/99-ifcfg-eno2-master.yaml 7 | -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/01_cluster-mods/manifests/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/sites/mvp.edge.industrial/01_cluster-mods/manifests/.gitkeep -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/01_cluster-mods/openshift/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/sites/mvp.edge.industrial/01_cluster-mods/openshift/.gitkeep -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/01_cluster-mods/openshift/99-ifcfg-eno2-master.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: machineconfiguration.openshift.io/v1 3 | kind: MachineConfig 4 | metadata: 5 | labels: 6 | machineconfiguration.openshift.io/role: master 7 | name: 99-ifcfg-eno2-master 8 | spec: 9 | config: 10 | ignition: 11 | version: 2.2.0 12 | storage: 13 | files: 14 | - contents: 15 | source: data:text/plain;charset=utf-8;base64,REVWSUNFPWVubzIKQk9PVFBST1RPPWRoY3AKT05CT09UPXllcwpUWVBFPUV0aGVybmV0CklQVjZJTklUPW5vCklQVjRfRE5TX1BSSU9SSVRZPTEKREVGUk9VVEU9bm8K 16 | filesystem: root 17 | mode: 0644 18 | path: /etc/sysconfig/network-scripts/ifcfg-eno2 19 | -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/01_cluster-mods/openshift/99-ifcfg-ens786f1-master.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: machineconfiguration.openshift.io/v1 3 | kind: MachineConfig 4 | metadata: 5 | labels: 6 | machineconfiguration.openshift.io/role: master 7 | name: 99-ifcfg-ens786f1-master 8 | spec: 9 | config: 10 | ignition: 11 | version: 2.2.0 12 | storage: 13 | files: 14 | - contents: 15 | source: data:text/plain;charset=utf-8;base64,REVWSUNFPWVuczc4NmYxCkJPT1RQUk9UTz1kaGNwCk9OQk9PVD15ZXMKVFlQRT1FdGhlcm5ldApJUFY2SU5JVD1ubwpJUFY0X0ROU19QUklPUklUWT0xCkRFRlJPVVRFPXllcw== 16 | filesystem: root 17 | mode: 0644 18 | path: /etc/sysconfig/network-scripts/ifcfg-ens786f1 19 | -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/02_cluster-addons/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/sites/mvp.edge.industrial/02_cluster-addons/.gitkeep -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/02_cluster-addons/00_acm-registration/acm-name-config.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.open-cluster-management.io/v1 2 | kind: Klusterlet 3 | metadata: 4 | name: klusterlet 5 | spec: 6 | clusterName: baremetal-edge 7 | -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/02_cluster-addons/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../profiles/production.baremetal/02_cluster-addons 3 | 4 | patches: 5 | - 00_acm-registration/acm-name-config.patch.yaml 6 | -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/03_services/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/sites/mvp.edge.industrial/03_services/.gitkeep -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/03_services/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../profiles/production.baremetal/03_services 3 | 4 | resources: 5 | - manuela-edge/namespace.yaml 6 | - manuela-edge/channel-sensors.yaml 7 | - manuela-edge/subscription-sensors.yaml 8 | -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/03_services/manuela-edge/channel-sensors.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps.open-cluster-management.io/v1 2 | kind: Channel 3 | metadata: 4 | name: manuela-mcs-gitops-channel-sensores 5 | namespace: manuela-sensors-mcs 6 | spec: 7 | type: GitHub 8 | pathname: https://github.com/redhat-edge-computing/manuela-gitops.git 9 | 10 | 11 | -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/03_services/manuela-edge/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: manuela-sensors-mcs 6 | 7 | 8 | -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/03_services/manuela-edge/subscription-sensors.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps.open-cluster-management.io/v1 2 | kind: Subscription 3 | metadata: 4 | name: manuela-machine-sensor-subscription 5 | namespace: manuela-sensors-mcs 6 | labels: 7 | app: manuela-machine-sensors 8 | annotations: 9 | apps.open-cluster-management.io/github-path: config/instances/manuela-mcs-quickstart/machine-sensor 10 | apps.open-cluster-management.io/github-branch: master 11 | spec: 12 | name: manuela-machine-sensor-subscription 13 | channel: manuela-sensors-mcs/manuela-mcs-gitops-channel-sensores 14 | placement: 15 | local: true 16 | 17 | -------------------------------------------------------------------------------- /sites/mvp.edge.industrial/README.md: -------------------------------------------------------------------------------- 1 | # How to deploy the site mvp.edge.industrial 2 | -------------------------------------------------------------------------------- /sites/staging-edge.devcluster.openshift.com/00_install-config/install-config.name.patch.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: "/metadata/name" 3 | value: staging-edge 4 | -------------------------------------------------------------------------------- /sites/staging-edge.devcluster.openshift.com/00_install-config/install-config.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: InstallConfig 3 | metadata: 4 | name: cluster 5 | baseDomain: devcluster.openshift.com 6 | -------------------------------------------------------------------------------- /sites/staging-edge.devcluster.openshift.com/00_install-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - git::https://github.com/redhat-edge-computing/blueprint-industrial-edge.git//profiles/production.aws/00_install-config 3 | 4 | patches: 5 | - install-config.patch.yaml 6 | 7 | patchesJson6902: 8 | - target: 9 | version: v1 10 | kind: InstallConfig 11 | name: cluster 12 | path: install-config.name.patch.yaml 13 | 14 | transformers: 15 | - site-config.yaml 16 | -------------------------------------------------------------------------------- /sites/staging-edge.devcluster.openshift.com/00_install-config/site-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kni.akraino.org/v1alpha1 2 | kind: SiteConfig 3 | metadata: 4 | name: notImportantHere 5 | config: {} 6 | -------------------------------------------------------------------------------- /sites/staging-edge.devcluster.openshift.com/01_cluster-mods/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/sites/staging-edge.devcluster.openshift.com/01_cluster-mods/.gitkeep -------------------------------------------------------------------------------- /sites/staging-edge.devcluster.openshift.com/01_cluster-mods/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../profiles/production.aws/01_cluster-mods 3 | -------------------------------------------------------------------------------- /sites/staging-edge.devcluster.openshift.com/01_cluster-mods/manifests/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/sites/staging-edge.devcluster.openshift.com/01_cluster-mods/manifests/.gitkeep -------------------------------------------------------------------------------- /sites/staging-edge.devcluster.openshift.com/01_cluster-mods/openshift/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/sites/staging-edge.devcluster.openshift.com/01_cluster-mods/openshift/.gitkeep -------------------------------------------------------------------------------- /sites/staging-edge.devcluster.openshift.com/02_cluster-addons/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/sites/staging-edge.devcluster.openshift.com/02_cluster-addons/.gitkeep -------------------------------------------------------------------------------- /sites/staging-edge.devcluster.openshift.com/02_cluster-addons/00_acm-registration/acm-name-config.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.open-cluster-management.io/v1 2 | kind: Klusterlet 3 | metadata: 4 | name: klusterlet 5 | spec: 6 | clusterName: staging-aws 7 | -------------------------------------------------------------------------------- /sites/staging-edge.devcluster.openshift.com/02_cluster-addons/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../profiles/production.aws/02_cluster-addons 3 | 4 | patches: 5 | - 00_acm-registration/acm-name-config.patch.yaml 6 | -------------------------------------------------------------------------------- /sites/staging-edge.devcluster.openshift.com/03_services/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/sites/staging-edge.devcluster.openshift.com/03_services/.gitkeep -------------------------------------------------------------------------------- /sites/staging-edge.devcluster.openshift.com/03_services/argocd-gitops-factory/argocd-staging-aws-factorydatacenter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: factorydatacenter 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/redhat-edge-computing/manuela-gitops.git 12 | targetRevision: HEAD 13 | path: deployment/staging-aws-factorydatacenter 14 | destination: 15 | server: https://kubernetes.default.svc 16 | namespace: argocd 17 | syncPolicy: 18 | automated: 19 | prune: true 20 | selfHeal: true 21 | ignoreDifferences: 22 | - group: apps 23 | kind: Deployment 24 | jsonPointers: 25 | - /spec/replicas 26 | - group: route.openshift.io 27 | kind: Route 28 | jsonPointers: 29 | - /status 30 | -------------------------------------------------------------------------------- /sites/staging-edge.devcluster.openshift.com/03_services/argocd-gitops-factory/argocd-staging-aws-linedataserver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: linedataserver 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/redhat-edge-computing/manuela-gitops.git 12 | targetRevision: HEAD 13 | path: deployment/staging-aws-linedataserver 14 | destination: 15 | server: https://kubernetes.default.svc 16 | namespace: argocd 17 | syncPolicy: 18 | automated: 19 | prune: true 20 | selfHeal: true 21 | ignoreDifferences: 22 | - group: apps 23 | kind: Deployment 24 | jsonPointers: 25 | - /spec/replicas 26 | - group: route.openshift.io 27 | kind: Route 28 | jsonPointers: 29 | - /status 30 | -------------------------------------------------------------------------------- /sites/staging-edge.devcluster.openshift.com/03_services/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../profiles/production.aws/03_services 3 | 4 | resources: 5 | - argocd-gitops-factory/argocd-staging-aws-factorydatacenter.yaml 6 | - argocd-gitops-factory/argocd-staging-aws-linedataserver.yaml 7 | 8 | -------------------------------------------------------------------------------- /sites/staging-edge.devcluster.openshift.com/README.md: -------------------------------------------------------------------------------- 1 | # How to deploy a site cluster on AWS 2 | 3 | This is a two step process: 4 | 5 | 1. First the user has to define its site cluster and push it to its git reporistory. 6 | 2. Then, the user shoud use `knictl` to render all the manifests, and run the OCP instaler. 7 | 8 | ## Define your site cluster 9 | 10 | ### Create site folder 11 | 12 | First of all, you have to clone this repo, and use one of the site clusters as a baseline: 13 | 14 | For example, if you want to deploy a new cluster (site) on AWS, you can copy the site `staging-edge.devcluster.openshift.com`. 15 | 16 | For the purpose of this example, we are assuming the new site is called: `staging-edge.devcluster.openshift.com` and the profile `production.aws`. 17 | 18 | ```bash 19 | export SITE_NAME='staging-edge.devcluster.openshift.com' 20 | export PROFILE_NAME='production.aws' 21 | 22 | cd blueprint-industrial-edge/sites 23 | cp -a staging-edge.devcluster.openshift.com/ "$SITE_NAME/" 24 | ``` 25 | 26 | ### Edit profile requirements 27 | 28 | The user should know which exact version of OCP wants to deploy, and should edit the `requirements.yaml` file 29 | accordingly, to download the right client tools versions. 30 | 31 | Also, the user should know which version of kubernetes is using the exact version of OCP. 32 | 33 | For example, for OCP 4.4, k8s 1.17 is used. The user should always check [OCP release notes](https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-release-notes.html#ocp-4-4-about-this-release) before. 34 | 35 | ```bash 36 | cd blueprint-industrial-edge/profiles/ 37 | vi "$PROFILE_NAME/requirements.yaml" 38 | ``` 39 | 40 | #### Edit 00_install 41 | 42 | ```bash 43 | cd blueprint-industrial-edge/sites/$SITE_NAME/00_install-config 44 | ``` 45 | 46 | + **kustomization.yaml** -> Change git url. 47 | + **install-config.patch.yaml** -> Change baseDomain, and alterantively other fields, such as the aws zone for example. 48 | + **install-config.name.patch.yaml** -> Change the cluster-name. 49 | 50 | #### Edit 02_cluster_addons 51 | 52 | If registering the site againts a RHACM hub, then: 53 | 54 | ```bash 55 | cd blueprint-industrial-edge/sites/$SITE_NAME/02_cluster_addons/00_acm_registration 56 | ``` 57 | 58 | + **acm-name-config.patch.yaml** -> Change clusterName and clusterNamespace, use the same value. 59 | 60 | ##### Git push 61 | 62 | Push the changes to your repo, the url go the git repo should match the git url you have specified in previous steps: 63 | 64 | ```bash 65 | cd blueprint-industrial-edge 66 | git add . 67 | git commit -m "Adds my new blueprint site" 68 | git push master 69 | ``` 70 | 71 | ## Deploy your site cluster 72 | 73 | ### AWS credentials 74 | 75 | First of all you need to have your Amazon Web Service credentials file located in the following path: 76 | 77 | `$HOME/.aws/credentials` 78 | 79 | This file looks like this: 80 | 81 | ``` 82 | [default] 83 | aws_access_key_id = xxxx 84 | aws_secret_access_key = xxxx 85 | ``` 86 | 87 | The OpenShift installer binary will read that file if aws is set as a platform. 88 | 89 | ### Prepare .kni folder 90 | 91 | Your `.kni/` folder should contain the following files, otherwise either your deployment or Day 2 workloads will fail to be deployed. 92 | 93 | ```bash 94 | tree .kni/ 95 | . 96 | ├── dockerconfig.json 97 | ├── id_rsa 98 | ├── id_rsa.pub 99 | ├── kubeconfighub.json 100 | ├── pull-secret.json 101 | ``` 102 | 103 | + **dockerconfig.json:** It is a valid pull secret to pull RHACM images on the registered cluster. Only needed if you want your OCP cluster to be autoregisters against a RHACM Hub cluster. 104 | 105 | It is basically a base64 encoded pull secret. To generate it, just execute: 106 | 107 | ```bash 108 | cd ~/.kni/ 109 | cat pull-secret.json | base64 -w0 > ~/.kni/dockerconfig.json 110 | ``` 111 | 112 | + **kubeconfighub.json:** It is the the kubeconfig of the RHACM hub cluster, base64 encoded. It is used by the RHACM Endpoint pod to register itself against the RHACM. 113 | 114 | To generate it, just execute: 115 | 116 | ```bash 117 | cat rhacm-hub-kubeconfig | base64 -w0 > ~/.kni/kubeconfighub.json 118 | ``` 119 | 120 | ### Environment vars & aliases 121 | 122 | Define the following var and aliases, according to your needs. 123 | 124 | ```bash 125 | export SITE_NAME='staging-edge.devcluster.openshift.com' 126 | export GIT_REPO='github.com/redhat-edge-computing/blueprint-industrial-edge' 127 | alias openshift-install="$HOME/.kni/$SITE_NAME/requirements/openshift-install" 128 | ``` 129 | 130 | ### kncitl: Preparation steps 131 | 132 | From the path where the `knictl` binary is located, and in order to pull our site and its requirements, please execute: 133 | 134 | ```bash 135 | knictl fetch_requirements "$GIT_REPO/sites/$SITE_NAME/" 136 | ``` 137 | 138 | This command will download the site blueprint definition, and all its requirements (oc, openshift-install, kustomize, etc) to the `$HOME/.kni/`. Every site will have a separate directory within that location. 139 | 140 | The next step involves the actual rendering of the manifests (site + profile + base) into one set of manifests via kustomize that we can pass to the openshift-install binary. 141 | 142 | ```bash 143 | knictl prepare_manifests "$SITE_NAME" 144 | ``` 145 | 146 | If everything goes well, the command will get out some instructions to deploy the cluster. It's basically asking you to run `openshift-install` binary pointing to where the final manifests created by `knictl` are. 147 | 148 | ### Deploy OpenShift 149 | 150 | Just execute the following command: 151 | 152 | ```bash 153 | openshift-install create cluster --dir="$HOME/.kni/$SITE_NAME/final_manifests" --log-level debug 154 | ``` 155 | 156 | Wait until the deployment is completed, and you will information about console endpoint, kubeadmin password and kubeconfig path. 157 | 158 | ### knictl: deploy Day 2 workloads 159 | 160 | If you have manifests that you want to deploy as Day 2 operations located in any of the `02_cluster-addons` or `03_services directories`, you can deploy them running the following command: 161 | 162 | ```bash 163 | knictl apply_workloads "$SITE_NAME" 164 | ``` 165 | 166 | This is basically running kustomize to build and render all the manifests enabling alpha plugins, and apply them via oc/kubectl. 167 | 168 | **NOTE:**: If for some reasons the previous command fails, you can check the kustomize rendered manifests under `/tmp`, 169 | or under `~/.kni/tmp` if using a containerized version of knictl. 170 | 171 | ### Destroy OpenShift cluster 172 | 173 | To destroy your site cluster: 174 | 175 | ```bash 176 | openshift-install destroy cluster --dir="$HOME/.kni/$SITE_NAME/final_manifests" --log-level debug 177 | ``` -------------------------------------------------------------------------------- /sites/staging-edge.gcp.devcluster.openshift.com/00_install-config/install-config.name.patch.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: "/metadata/name" 3 | value: staging-edge 4 | -------------------------------------------------------------------------------- /sites/staging-edge.gcp.devcluster.openshift.com/00_install-config/install-config.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: InstallConfig 3 | metadata: 4 | name: cluster 5 | baseDomain: gcp.devcluster.openshift.com 6 | -------------------------------------------------------------------------------- /sites/staging-edge.gcp.devcluster.openshift.com/00_install-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - git::https://github.com/redhat-edge-computing/blueprint-industrial-edge.git//profiles/production.gcp/00_install-config 3 | 4 | patches: 5 | - install-config.patch.yaml 6 | 7 | patchesJson6902: 8 | - target: 9 | version: v1 10 | kind: InstallConfig 11 | name: cluster 12 | path: install-config.name.patch.yaml 13 | 14 | transformers: 15 | - site-config.yaml 16 | -------------------------------------------------------------------------------- /sites/staging-edge.gcp.devcluster.openshift.com/00_install-config/site-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kni.akraino.org/v1alpha1 2 | kind: SiteConfig 3 | metadata: 4 | name: notImportantHere 5 | config: {} 6 | -------------------------------------------------------------------------------- /sites/staging-edge.gcp.devcluster.openshift.com/01_cluster-mods/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/sites/staging-edge.gcp.devcluster.openshift.com/01_cluster-mods/.gitkeep -------------------------------------------------------------------------------- /sites/staging-edge.gcp.devcluster.openshift.com/01_cluster-mods/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../profiles/production.gcp/01_cluster-mods 3 | -------------------------------------------------------------------------------- /sites/staging-edge.gcp.devcluster.openshift.com/01_cluster-mods/manifests/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/sites/staging-edge.gcp.devcluster.openshift.com/01_cluster-mods/manifests/.gitkeep -------------------------------------------------------------------------------- /sites/staging-edge.gcp.devcluster.openshift.com/01_cluster-mods/openshift/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/sites/staging-edge.gcp.devcluster.openshift.com/01_cluster-mods/openshift/.gitkeep -------------------------------------------------------------------------------- /sites/staging-edge.gcp.devcluster.openshift.com/02_cluster-addons/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/sites/staging-edge.gcp.devcluster.openshift.com/02_cluster-addons/.gitkeep -------------------------------------------------------------------------------- /sites/staging-edge.gcp.devcluster.openshift.com/02_cluster-addons/00_acm-registration/acm-name-config.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.open-cluster-management.io/v1 2 | kind: Klusterlet 3 | metadata: 4 | name: klusterlet 5 | spec: 6 | clusterName: staging-gcp 7 | -------------------------------------------------------------------------------- /sites/staging-edge.gcp.devcluster.openshift.com/02_cluster-addons/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../profiles/production.gcp/02_cluster-addons 3 | 4 | patches: 5 | - 00_acm-registration/acm-name-config.patch.yaml 6 | -------------------------------------------------------------------------------- /sites/staging-edge.gcp.devcluster.openshift.com/03_services/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-edge-computing/blueprint-industrial-edge/965e27716cfb135cff58c580aa8a39aba76915b1/sites/staging-edge.gcp.devcluster.openshift.com/03_services/.gitkeep -------------------------------------------------------------------------------- /sites/staging-edge.gcp.devcluster.openshift.com/03_services/argocd-gitops-factory/argocd-staging-gcp-factorydatacenter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: factorydatacenter 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/redhat-edge-computing/manuela-gitops.git 12 | targetRevision: HEAD 13 | path: deployment/staging-gcp-factorydatacenter 14 | destination: 15 | server: https://kubernetes.default.svc 16 | namespace: argocd 17 | syncPolicy: 18 | automated: 19 | prune: true 20 | selfHeal: true 21 | ignoreDifferences: 22 | - group: apps 23 | kind: Deployment 24 | jsonPointers: 25 | - /spec/replicas 26 | - group: route.openshift.io 27 | kind: Route 28 | jsonPointers: 29 | - /status 30 | -------------------------------------------------------------------------------- /sites/staging-edge.gcp.devcluster.openshift.com/03_services/argocd-gitops-factory/argocd-staging-gcp-linedataserver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: linedataserver 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/redhat-edge-computing/manuela-gitops.git 12 | targetRevision: HEAD 13 | path: deployment/staging-gcp-linedataserver 14 | destination: 15 | server: https://kubernetes.default.svc 16 | namespace: argocd 17 | syncPolicy: 18 | automated: 19 | prune: true 20 | selfHeal: true 21 | ignoreDifferences: 22 | - group: apps 23 | kind: Deployment 24 | jsonPointers: 25 | - /spec/replicas 26 | - group: route.openshift.io 27 | kind: Route 28 | jsonPointers: 29 | - /status 30 | -------------------------------------------------------------------------------- /sites/staging-edge.gcp.devcluster.openshift.com/03_services/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../../profiles/production.gcp/03_services 3 | 4 | resources: 5 | - argocd-gitops-factory/argocd-staging-gcp-factorydatacenter.yaml 6 | - argocd-gitops-factory/argocd-staging-gcp-linedataserver.yaml 7 | -------------------------------------------------------------------------------- /sites/staging-edge.gcp.devcluster.openshift.com/README.md: -------------------------------------------------------------------------------- 1 | ## How to deploy staging-edge cluster on GCP 2 | 3 | First of all you need to have your Google Cloud Platform service account file located in the following path: 4 | 5 | `$HOME/.gcp/osServiceAccount.json` 6 | 7 | The OpenShift installer binary will read that file if gcp is set as a platform. From the path where the `knictl` binary is located, and in order to pull our staging-edge site and its requirements, please execute: 8 | 9 | `knictl fetch_requirements github.com/redhat-edge-computing/blueprint-industrial-edge/sites/staging-edge.gcp.devcluster.openshift.com/` 10 | 11 | This command will download the site blueprint definition, and all its requirements (oc, openshift-install, kustomize, etc) to the `$HOME/.kni/`. Every site will have a separate directory within that location. The next step involves the actual rendering of the manifests (site + profile + base) into one set of manifests via kustomize that we can pass to the openshift-install binary. 12 | 13 | `knictl prepare_manifests staging-edge.gcp.devcluster.openshift.com` 14 | 15 | If everything goes well, the command will get out some instructions to deploy the cluster. It's basically asking you to run `openshift-install` binary pointing to where the final manifests created by `knictl` are: 16 | 17 | `$HOME/.kni/staging-edge.gcp.devcluster.openshift.com/requirements/openshift-install create cluster --dir=$HOME/.kni/staging-edge.gcp.devcluster.openshift.com/final_manifests --log-level debug` 18 | 19 | Wait until the deployment is completed, and you will information about console endpoint, kubeadmin password and kubeconfig path. 20 | 21 | If you have manifests that you want to deploy as Day 2 operations located in any of the 02_cluster-addons or 03_services directories, you can deploy them running the following command: 22 | 23 | `knictl apply_workloads staging-edge.gcp.devcluster.openshift.com` 24 | 25 | This is basically running kustomize to build and render all the manifests enabling alpha plugins, and apply them via oc/kubectl. 26 | --------------------------------------------------------------------------------