Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
332 lines (313 sloc) 9.87 KB
jobs:
- name: deploy-kibosh
plan:
- aggregate:
- get: stemcell-97
- get: labs
- get: silk-cni
- get: scale
- get: kubo-release
trigger: true
- get: docker-release
trigger: true
- get: silk-cfcr-patches-release
trigger: true
- task: pre-merge-template
config:
platform: linux
image_resource:
type: docker-image
source:
repository: starkandwayne/concourse
inputs:
- name: labs
outputs:
- name: merged
run:
path: bash
args:
- -ec
- |
out=$(pwd)/merged/base.yml
pushd labs/basel-2018/kibosh-the-ultimate-service-broker/setup
bosh int kubo-deployment/manifests/cfcr.yml \
-o kibosh/kubo-ops/add-lb-extension-worker.yml \
-o kibosh/kubo-ops/add-addon-spec.yml \
-l <(bosh int kibosh/kibosh-spec.yml -l kibosh/vars.yml) -l kibosh/vars.yml > ${out}
- put: deploy
params:
manifest: merged/base.yml
stemcells: [ stemcell-97/stemcell.tgz ]
ops_files:
- labs/basel-2018/kibosh-the-ultimate-service-broker/setup/kubo-deployment/manifests/ops-files/use-runtime-config-bosh-dns.yml
- labs/basel-2018/kibosh-the-ultimate-service-broker/setup/kubo-deployment/manifests/ops-files/add-hostname-to-master-certificate.yml
- silk-cni/silk-cni.yml
- scale/scale.yml
vars:
api-hostname: 35.234.73.217
worker-hostname: 35.198.102.57
- put: bosh-errand
params:
name: apply-addons
- put: bosh-errand
params:
name: apply-specs
resources:
- name: labs
type: git
source:
uri: https://github.com/cloudfoundry/summit-hands-on-labs
branch: cf-deployment-submodule-fex
submodules:
- basel-2018/kibosh-the-ultimate-service-broker/setup/kubo-deployment
- name: stemcell-97
type: bosh-io-stemcell
source:
name: ((bosh_stemcell))
version_family: 97.19.latest
- name: deploy
type: bosh-deployment
source:
deployment: cfcr
target: ((bosh_environment))
client: ((bosh_client))
client_id: ((bosh_client))
client_secret: ((bosh_client_secret))
ca_cert: ((bosh_ca_cert))
- name: bosh-errand
type: bosh-errand
source:
deployment: cfcr
target: ((bosh_environment))
client: ((bosh_client))
client_id: ((bosh_client))
client_secret: ((bosh_client_secret))
ca_cert: ((bosh_ca_cert))
- name: silk-cni
type: file
source:
filename: silk-cni.yml
content:
- type: replace
path: /addons?/-
value:
name: bosh-dns-aliases
jobs:
- name: bosh-dns-aliases
release: bosh-dns-aliases
properties:
aliases:
- domain: policy-server.service.cf.internal
targets:
- query: '*'
instance_group: api
deployment: cf
network: default
domain: bosh
- domain: silk-controller.service.cf.internal
targets:
- query: '*'
instance_group: diego-api
deployment: cf
network: default
domain: bosh
- type: remove
path: /instance_groups/name=master/jobs/name=flanneld
- type: remove
path: /instance_groups/name=worker/jobs/name=flanneld
#################
- type: replace
path: /instance_groups/name=master/jobs/-
value:
name: silk-daemon
release: silk
consumes:
cf_network: { from: cf_network, deployment: cf }
vpa: { from: master-vpa }
properties:
ca_cert: ((/((bosh_name))/cf/silk_ca.certificate))
client_cert: ((/((bosh_name))/cf/silk_daemon.certificate))
client_key: ((/((bosh_name))/cf/silk_daemon.private_key))
- type: replace
path: /instance_groups/name=master/jobs/-
value:
name: vxlan-policy-agent
release: silk
provides:
vpa: {as: master-vpa} #rename to avoid bosh multiple link provider error
properties:
ca_cert: "((/((bosh_name))/cf/network_policy_ca.certificate))"
client_cert: "((/((bosh_name))/cf/network_policy_client.certificate))"
client_key: "((/((bosh_name))/cf/network_policy_client.private_key))"
################
- type: replace
path: /instance_groups/name=worker/jobs/-
value:
name: bpm
release: bpm
- type: replace
path: /instance_groups/name=worker/jobs/-
value:
name: silk-cni
release: silk
consumes:
cf_network: { from: cf_network, deployment: cf }
vpa: { from: worker-vpa }
properties:
iptables_logging: true
dns_servers:
- 169.254.0.2
- type: replace
path: /instance_groups/name=worker/jobs/-
value:
name: vxlan-policy-agent
release: silk
provides:
vpa: { as: worker-vpa }
properties:
ca_cert: "((/((bosh_name))/cf/network_policy_ca.certificate))"
client_cert: "((/((bosh_name))/cf/network_policy_client.certificate))"
client_key: "((/((bosh_name))/cf/network_policy_client.private_key))"
- type: replace
path: /instance_groups/name=worker/jobs/-
value:
name: silk-daemon
release: silk
consumes:
cf_network: { from: cf_network, deployment: cf }
vpa: { from: worker-vpa }
properties:
ca_cert: ((/((bosh_name))/cf/silk_ca.certificate))
client_cert: ((/((bosh_name))/cf/silk_daemon.certificate))
client_key: ((/((bosh_name))/cf/silk_daemon.private_key))
- type: replace
path: /instance_groups/name=master/jobs/name=kube-apiserver/provides?
value:
kube-apiserver: {as: kube-apiserver}
- type: replace
path: /instance_groups/name=worker/jobs/name=kubelet/provides?
value:
kubernetes-workers: {as: kubernetes-workers}
- type: replace
path: /instance_groups/name=worker/jobs/-
value:
name: silk-cni-wrapper
release: silk-cfcr-patches-release
consumes:
kube-apiserver: {from: kube-apiserver}
kubernetes-workers: {from: kubernetes-workers}
- type: replace
path: /instance_groups/name=worker/jobs/-
value:
name: silk-nsenter-wrapper
release: silk-cfcr-patches-release
- type: replace
path: /instance_groups/name=worker/jobs/name=kubelet/properties/cni-bin-dir?
value: /var/vcap/packages/cni/bin,/var/vcap/jobs/silk-cni-wrapper/bin
- type: replace
path: /instance_groups/name=worker/jobs/name=kubelet/properties/cni-conf-dir?
value: /var/vcap/jobs/silk-cni/config/cni
- type: replace
path: /instance_groups/name=worker/jobs/name=kubelet/properties/hairpin-mode?
value: "hairpin-veth"
- type: replace
path: /instance_groups/name=worker/jobs/name=kube-proxy/properties/proxy-mode?
value: iptables
- type: replace
path: /instance_groups/name=worker/jobs/name=kube-proxy/properties/silk-dynamic-cidr?
value: true
- type: replace
path: /instance_groups/name=worker/jobs/name=kubelet/properties/silk-dynamic-cidr?
value: true
# - type: replace
# path: /instance_groups/name=worker/jobs/name=docker/properties/bridge?
# value: silk-vtep
- type: replace
path: /instance_groups/name=worker/jobs/name=docker/properties/iptables?
value: false
- type: replace
path: /instance_groups/name=worker/jobs/name=docker/properties/ip_masq?
value: false
- type: replace
path: /instance_groups/name=worker/jobs/name=docker/properties/flannel?
value: false
- type: replace
path: /instance_groups/name=worker/jobs/name=docker/properties/silk?
value: false
- type: replace
path: /releases/-
value:
name: silk
sha1: 09997e05467b96bb44cd7363bc77fa224e89075e
stemcell:
os: ubuntu-xenial
version: "97.19"
url: https://storage.googleapis.com/cf-deployment-compiled-releases/silk-2.16.0-ubuntu-xenial-97.19-20181002-231717-792781445.tgz
version: 2.16.0
- type: replace
path: /releases/-
value:
name: bosh-dns-aliases
sha1: f2f4963ff44a8034c051f1fc5b8060d0e971b258
stemcell:
os: ubuntu-xenial
version: "97.19"
url: https://storage.googleapis.com/cf-deployment-compiled-releases/bosh-dns-aliases-0.0.3-ubuntu-xenial-97.19-20181002-230802-865325675.tgz
version: 0.0.3
- type: replace
path: /releases/name=kubo
value:
name: kubo
version: create
url: file:///tmp/build/put/kubo-release
- type: replace
path: /releases/name=docker
value:
name: docker
version: create
url: file:///tmp/build/put/docker-release
- type: replace
path: /releases/-
value:
name: silk-cfcr-patches-release
version: create
url: file:///tmp/build/put/silk-cfcr-patches-release
- name: scale
type: file
source:
filename: scale.yml
content:
- type: replace
path: /instance_groups/name=master/instances
value: 1
- type: replace
path: /instance_groups/name=worker/instances
value: 1
- name: kubo-release
type: git
source:
uri: https://github.com/rkoster/kubo-release
- name: docker-release
type: git
source:
uri: https://github.com/rkoster/docker-boshrelease
branch: silk
- name: silk-cfcr-patches-release
type: git
source:
uri: https://github.com/rkoster/silk-cfcr-patches-release
resource_types:
- name: bosh-deployment
type: docker-image
source:
repository: cloudfoundry/bosh-deployment-resource
tag: latest
- name: bosh-errand
type: docker-image
source:
repository: cfcommunity/bosh2-errand-resource
- name: file
type: docker-image
source:
repository: aequitas/concourse-file-resource
tag: latest