docs/config-sample.yml

# Those are the main variables for the deployment
# More variables could be found within the roles
# For all options, refer to documentation section.

# Resources state. Controls if resources are created or deleted.
# The var could be defined within config file, playbook or cli.
# Two possible options: 'present' or 'absent'
state: present

##########################
# Cross roles shared vars
##########################
pull_secret: '<pull_secret>'
ssh_pub_key: '<ssh_pub_key>'
ssh_key: |
    -----BEGIN RSA PRIVATE KEY-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END RSA PRIVATE KEY-----

###########
# OCP role
###########
clusters:
  # AWS cluster
  - name: cluster1
    base_domain: <cluster_base_domain>
    credentials: aws-creds
    network:
      cluster: 10.128.0.0/14
      machine: 10.0.0.0/16
      service: 172.30.0.0/16
      type: OVNKubernetes
    cloud:
      platform: aws
      region: us-east-2
      instance_type: m5.xlarge
    openshift_version: "4.12"  # Optional. If not specified, will deploy the latest stable version
  # GCP cluster
  - name: cluster2
    base_domain: <cluster_base_domain>
    credentials: gcp-creds
    network:
      cluster: 10.128.0.0/14
      machine: 10.0.0.0/16
      service: 172.30.0.0/16
      type: OVNKubernetes
    cloud:
      platform: gcp
      region: us-east1
      instance_type: n1-standard-4
      project_id: gcp_project_name
  # Openstack cluster
  - name: cluster3
    base_domain: example.com
    credentials: openstack-creds
    network:
      cluster: 10.132.0.0/14
      machine: 10.0.0.0/16
      service: 172.31.0.0/16
      type: OpenShiftSDN
    cloud:
      platform: openstack
      instance_type: <install_type>
      external_network: <openstack_external_network>
      api_floating_ip: <apiFloatingIP>
      ingress_floating_ip: <ingressFloatingIP>
    openshift_version: "4.13"

clusters_credentials:
  # AWS credentials
  - name: aws-creds
    platform: aws
    aws_access_key_id: <aws_access_key_id>
    aws_secret_access_key: <aws_secret_access_key>
  # GCP credentials
  # Make sure to align each line
  - name: gcp-creds
    platform: gcp
    project_id: gcp_project_name
    os_service_account_json: |
      { "type": "service_account",
        "project_id": "...",
        "private_key_id": "...",
        "private_key": "...",
        "client_email": "...",
        "client_id": "...",
        "client_x509_cert_url": "...",
        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://oauth2.googleapis.com/token",
        "universe_domain": "googleapis.com" }
  # Openstack credentials
  - name: openstack-creds
    platform: openstack
    auth_url: <openstack_api_url>
    username: <openstack_username>
    password: <openstack_password>
    project_id: <openstack_project_id>
    project_name: <openstack_project_name>
    domain_name: <openstack_domain_name>

###########
# ACM role
###########

acm_version: "2.8"  # When specifying an acm version, the last available will be fetched from "quay.io:443/acm-d"
# snapshot: Optional. In case specific snapshot of acm version should be deployed.

# Optional parameter.
# Define when multiple "ocp" or "managed_openshift" cluster deployed.
# Sets the cluster that should be used for acm hub install.
cluster_login_name:

# If it's "false", ACM will be deployed from official RH registry
# If it's "true", ACM will be deployed from downstream testing registry
deploy_test_env: false

# Define any registry secrets that are required
# For testing deployment only
registry_secrets:
  - name: "quay.io:443"
    user: "<username>"
    pass: "<password>"
  - name: "brew.registry.redhat.io"
    user: "<username>"
    pass: "<password>"

#########################
# ACM HIVE CLUSTERS role
#########################

acm_hive_clusters:
  # AWS cluster
  - name: cluster-aws
    credentials: aws-creds
    platform: aws
    region: us-east-2
    network:
      cluster: 10.128.0.0/14
      machine: 10.0.0.0/16
      service: 172.30.0.0/16
      type: OVNKubernetes
    hive_cluster_version: "4.12"  # Takes the latest available image
  # GCP cluster
  - name: cluster-gcp
    credentials: gcp-creds
    platform: gcp
    region: us-east1
    network:
      cluster: 10.128.0.0/14
      machine: 10.0.0.0/16
      service: 172.30.0.0/16
      type: OpenShiftSDN
    hive_cluster_version: "4.11"
    fips: true  # Optional variable to enable FIPS on cluster
  # Azure cluster
  - name: cluster-azure
    credentials: azure-creds
    platform: azr
    region: centralus
    network:
      cluster: 10.128.0.0/14
      machine: 10.0.0.0/16
      service: 172.30.0.0/16
      type: OVNKubernetes
    # Specific image could be specified instead of "hive_cluster_version"
    hive_cluster_image: quay.io/openshift-release-dev/ocp-release:4.12.7-multi
  # vSphere cluster
  - name: cluster-vsphere
    credentials: vmware-creds
    platform: vmw
    network:
      cluster: 10.128.0.0/14
      machine: <vsphere_vip cidr>
      service: 172.30.0.0/16
      type: OpenShiftSDN
    network_name: "<vsphere_net_name>"
    network_api_vip: "<vsphere_api_vip>"
    network_ingress_vip: "<vsphere_ingress_vip>"
    hive_cluster_version: "4.11"
  # Openstack cluster
  - name: cluster-openstack
    credentials: openstack-creds
    platform: openstack
    network:
      cluster: 10.128.0.0/14
      machine: 10.0.0.0/16
      service: 172.30.0.0/16
      type: OVNKubernetes
    external_network: <openstack_external_network>
    api_floating_ip: <cluster_floating_ip>
    ingress_floating_ip: <cluster_ingress_floating_ip>
    hive_cluster_version: "4.13"
  # AWS ARM cluster
  - name: cluster-aws-arm
    credentials: aws-creds
    platform: aws
    architecture: arm64  # Define the 'architecture' for the cluster - amd64 / arm64
    region: us-east-2
    network:
      cluster: 10.128.0.0/14
      machine: 10.0.0.0/16
      service: 172.30.0.0/16
      type: OVNKubernetes
    hive_cluster_version: "4.12"

acm_hive_clusters_credentials:
  # AWS credentials
  - name: aws-creds
    platform: aws
    namespace: <namespace_to_keep_the_credentials>
    base_domain: <cluster_base_domain>
    aws_access_key_id: <aws_access_key_id>
    aws_secret_access_key: <aws_secret_access_key>
  # GCP credentials
  # Make sure to align each line of credentials
  - name: gcp-creds
    platform: gcp
    namespace: <namespace_to_keep_the_credentials>
    base_domain: <cluster_base_domain>
    project_id: <project_id>
    os_service_account_json: |
      { "type": "service_account",
        "project_id": "...",
        "private_key_id": "...",
        "private_key": "...",
        "client_email": "...",
        "client_id": "...",
        "client_x509_cert_url": "...",
        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://oauth2.googleapis.com/token",
        "universe_domain": "googleapis.com" }
  # Azure credentials
  # Make sure to align each line of credentials
  - name: azure-creds
    platform: azr
    namespace: <namespace_to_keep_the_credentials>
    base_domain: <cluster_base_domain>
    base_domain_resource_group_name: <base_domain_resource_group_name>
    cloud_name: <azure_cloud_name>
    os_service_principal_json: |
      { "clientId": "...",
        "clientSecret": "...",
        "tenantId": "...",
        "subscriptionId": "..." }
  # vSphere credentials
  - name: vmware-creds
    platform: vmw
    namespace: <namespace_to_keep_the_credentials>
    base_domain: <cluster_base_domain>
    vcenter: <vcenter_url>
    username: <vcenter_username>
    password: <vcenter_password>
    cluster: "vcenter_cluster_name>"
    datacenter: "<vcenter_datacenter_name>"
    default_datastore: <vcenter_datastore_name>
    cacertificate: |
        -----BEGIN CERTIFICATE-----
        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        -----END CERTIFICATE-----
  # Openstack credentials
  - name: openstack-creds
    platform: openstack
    namespace: <namespace_to_keep_the_credentials>
    base_domain: <cluster_base_domain>
    auth_url: <openstack_api_url>
    username: "<username>"
    password: "<password>"
    project_id: "<openstack_project_id>"
    project_name: "<openstack_porject_name>"
    domain_name: <openstack_domain_name>

#########################
# MANAGED OPENSHIFT role
#########################

managed_openshift_clusters:
  # ARO cluster
  - name: cluster-aro
    platform: aro
    base_domain: example.com
    credentials: aro-creds
    region: centralus
    network:
      cluster: 10.128.0.0/14
      service: 172.30.0.0/16
    resource_group_name: <resource_group_name>
    machines:
      master:
        type: Standard_D8s_v3
      worker:
        type: Standard_D4s_v3
        disk_size: 128
        count: 3
    openshift_version: "4.14"

  # ROSA cluster
  - name: cluster-rosa
    platform: rosa
    credentials: rosa-creds
    region: us-east-2
    network:
      cluster: 10.128.0.0/14
      machine: 10.0.0.0/16
      service: 172.30.0.0/16
    machines:
      worker:
        type: m5.xlarge
        count: 3
    openshift_version: "4.15"
    skip_tls_verify: true  # Optional. Set the flag in the kubeconfig file.

  # ROKS cluster
  - name: cluster-roks
    platform: roks
    credentials: roks-creds
    region: us-east
    machines:
      worker:
        type: bx2.4x16
        count: 3
    openshift_version: "4.14"

managed_openshift_clusters_credentials:
  # ARO credentials
  - name: aro-creds
    platform: aro
    client_id: <client_id>
    client_secret: <client_secret>
    tenant_id: <tenant_id>
    subscription_id: <subscription_id>

  # ROSA credentials
  - name: rosa-creds
    aws_access_key_id: <your_key>
    aws_secret_access_key: <your_secret_key>
    rosa_token: <your_rosa_token>

  # ROKS credentials
  - name: roks-creds
    roks_token: <your_roks_api_token>

##########################
# ACM IMPORT CLUSTER role
##########################

acm_import_clusters:
    # Specifying the name of the cluster will set the automation to
    # look for the cluster under "ocp" or "managed_openshift" deployments.
  - name: cluster4

  - name: cluster5
    # Optional. Apply cloud credentials.
    # Taken from "clusters_credentials" var of "OCP" role.
    cloud_creds: aws-creds

  - name: cluster6
    # Optional. Define addon flags per each cluster.
    application_manager: false
    argocd: false
    policy_controller: true
    search_collector: true
    cert_policy_controller: false
    iam_policy_controller: true

  - name: cluster7
    # Optional. Specify kubeconfig if cluster was not deployed by `ocp` or `managed_openshift` roles
    kubeconfig: /path/to/kubeconfig