summaryrefslogtreecommitdiffstats
path: root/playbooks/aws/openshift-cluster/vars.yml
blob: 7810157d41ed8a6e7d1222af2762b85e89630db1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
---

clusterid: mycluster
region: us-east-1

provision:
  clusterid: "{{ clusterid }}"
  region: "{{ region }}"

  build:  # build specific variables here
    ami_name: "openshift-gi-"
    base_image: ami-bdd5d6ab  # base image for AMI to build from
    yum_repositories:  # this is an example repository but it requires sslclient info
    - name: openshift-repo
      file: openshift-repo
      description: OpenShift Builds
      baseurl: https://mirror.openshift.com/enterprise/online-int/latest/x86_64/os/
      enabled: yes
      gpgcheck: no
      sslverify: no
      sslclientcert: "/var/lib/yum/client-cert.pem"
      sslclientkey: "/var/lib/yum/client-key.pem"
      gpgkey: "https://mirror.ops.rhcloud.com/libra/keys/RPM-GPG-KEY-redhat-release https://mirror.ops.rhcloud.com/libra/keys/RPM-GPG-KEY-redhat-beta https://mirror.ops.rhcloud.com/libra/keys/RPM-GPG-KEY-redhat-openshifthosted"

    # when creating an encrypted AMI please specify use_encryption
    use_encryption: False

    openshift_ami_tags:
      bootstrap: "true"
      openshift-created: "true"
      clusterid: "{{ clusterid }}"

  # Use s3 backed registry storage
  openshift_registry_s3: True

  # if using custom certificates these are required for the ELB
  iam_cert_ca:
    name: "{{ clusterid }}_openshift"
    cert_path: '/path/to/wildcard.<clusterid>.example.com.crt'
    key_path: '/path/to/wildcard.<clusterid>.example.com.key'
    chain_path: '/path/to/cert.ca.crt'

  instance_users:
  - key_name: myuser_key
    username: myuser
    pub_key: |
           ssh-rsa AAAA== myuser@system

  node_group_config:
    tags:
      clusterid: "{{ clusterid }}"
      environment: stg

    ssh_key_name: myuser_key

    # master specific cluster node settings
    master:
      instance_type: m4.xlarge
      ami: ami-cdeec8b6  # if using an encrypted AMI this will be replaced
      volumes:
      - device_name: /dev/sdb
        volume_size: 100
        device_type: gp2
        delete_on_termination: False
      health_check:
        period: 60
        type: EC2
      min_size: 3
      max_size: 3
      desired_size: 3
      tags:
        host-type: master
        sub-host-type: default
      wait_for_instances: True

    # compute specific cluster node settings
    compute:
      instance_type: m4.xlarge
      ami: ami-cdeec8b6
      volumes:
      - device_name: /dev/sdb
        volume_size: 100
        device_type: gp2
        delete_on_termination: True
      health_check:
        period: 60
        type: EC2
      min_size: 3
      max_size: 100
      desired_size: 3
      tags:
        host-type: node
        sub-host-type: compute

    # infra specific cluster node settings
    infra:
      instance_type: m4.xlarge
      ami: ami-cdeec8b6
      volumes:
      - device_name: /dev/sdb
        volume_size: 100
        device_type: gp2
        delete_on_termination: True
      health_check:
        period: 60
        type: EC2
      min_size: 2
      max_size: 20
      desired_size: 2
      tags:
        host-type: node
        sub-host-type: infra

  # vpc settings
  vpc:
    cidr: 172.31.0.0/16
    subnets:
      us-east-1:  # These are us-east-1 region defaults. Ensure this matches your region
      - cidr: 172.31.48.0/20
        az: "us-east-1c"
      - cidr: 172.31.32.0/20
        az: "us-east-1e"
      - cidr: 172.31.16.0/20
        az: "us-east-1a"