description: A highly-available, production-grade Kubernetes cluster. series: bionic variables: kubernetes-worker-channel: &kubernetes-worker-channel 1.18/stable nagios-context: &nagios-context customer-ck-bootstack kubeapi-lb-vip: &kubeapi-lb-vip 172.25.94.3 vault-vip: &vault-vip 172.25.94.4 kubeapi-lb-dns: &kubeapi-lb-dns kubernetes.customer.local kubeapi-lb-sans: &kubeapi-lb-sans "kubernetes.customer.local 172.25.94.3" calico-cidr: &calico-cidr 172.29.0.0/17 service-cidr: &service-cidr 172.29.128.0/17 machines: # MANUAL MACHINES # "0": # constraints: "cores=16 mem=32G root-disk=100G" # "1": # constraints: "cores=16 mem=32G root-disk=100G" # "2": # constraints: "cores=16 mem=32G root-disk=100G" # END MANUAL MACHINES "0": constraints: "cores=8 mem=16G root-disk=50G zones=TAM-K8S-CLUSTER/RP-K8S" # root-disk-source=TAM-VXR-K8S-PRD-DS01" "1": constraints: "cores=8 mem=16G root-disk=50G zones=TAM-K8S-CLUSTER/RP-K8S" # root-disk-source=TAM-VXR-K8S-PRD-DS03" # ETCD/vault "2": constraints: "cores=8 mem=16G root-disk=50G zones=TAM-K8S-CLUSTER/RP-K8S" # root-disk-source=TAM-VXR-K8S-PRD-DS03" "3": constraints: "cores=4 mem=16G root-disk=50G zones=TAM-K8S-CLUSTER/RP-K8S" # root-disk-source=TAM-VXR-K8S-PRD-DS03 " "4": constraints: "cores=4 mem=16G root-disk=50G zones=TAM-K8S-CLUSTER/RP-K8S" # root-disk-source=TAM-VXR-K8S-PRD-DS03" # CK Workers "5": constraints: "cores=4 mem=16G root-disk=50G zones=TAM-K8S-CLUSTER/RP-K8S" # root-disk-source=TAM-VXR-K8S-PRD-DS03" "6": constraints: "cores=32 mem=64G root-disk=50G zones=TAM-K8S-CLUSTER/RP-K8S" # root-disk-source=TAM-VXR-K8S-PRD-DS01" "7": constraints: "cores=32 mem=64G root-disk=50G zones=TAM-K8S-CLUSTER/RP-K8S" # root-disk-source=TAM-VXR-K8S-PRD-DS01" "8": constraints: "cores=32 mem=64G root-disk=50G zones=TAM-K8S-CLUSTER/RP-K8S" # root-disk-source=TAM-VXR-K8S-PRD-DS01" "9": constraints: "cores=32 mem=64G root-disk=50G zones=TAM-K8S-CLUSTER/RP-K8S" # root-disk-source=TAM-VXR-K8S-PRD-DS01" applications: nrpe-host-k8s: charm: cs:nrpe options: nagios_hostname_type: "unit" nagios_host_context: *nagios-context xfs_errors: "30" swap: '' easyrsa: charm: cs:~containers/easyrsa num_units: 1 etcd: charm: cs:etcd num_units: 3 options: # XXX: bug 1826009 channel: 3.2/stable to: - 3 - 4 vault: charm: cs:vault num_units: 3 options: auto-generate-root-ca-cert: true vip: *vault-vip to: - 2 - 3 - 4 hacluster-k8s: charm: cs:hacluster options: cluster_count: 2 failed_actions_alert_type: ignore calico: charm: cs:~containers/calico options: cidr: *calico-cidr ipip: 'Always' canonical-livepatch: charm: cs:canonical-livepatch options: livepatch_key: FCE_TEMPLATE kubeapi-load-balancer: charm: cs:~containers/kubeapi-load-balancer expose: true num_units: 2 options: ha-cluster-vip: *kubeapi-lb-vip extra_sans: *kubeapi-lb-sans to: - 0 - 1 kubernetes-master: charm: cs:~containers/kubernetes-master num_units: 2 to: - 0 - 1 options: allow-privileged: "true" # XXX: bug 1841800 authorization-mode: "RBAC,Node" channel: *kubernetes-worker-channel extra_sans: *kubeapi-lb-sans service-cidr: *service-cidr containerd: charm: cs:~containers/containerd options: # XXX: bug 1841438 # http_proxy: FCE_TEMPLATE # https_proxy: FCE_TEMPLATE kubernetes-worker: charm: cs:~containers/kubernetes-worker expose: true num_units: 5 options: channel: *kubernetes-worker-channel allow-privileged: "true" to: - 5 - 6 - 7 - 8 - 9 filebeat: charm: cs:filebeat options: logpath: '/var/log/*.log' kube_logs: True telegraf: charm: cs:telegraf ntp: charm: cs:ntp options: source: "10.4.5.3 10.4.5.4" mysql: charm: cs:percona-cluster num_units: 2 options: max-connections: 1000 innodb-buffer-pool-size: 256M wait-timeout: 3600 to: - 0 - 1 relations: #- - kubernetes-master:juju-info #- landscape-client:container #- - kubernetes-worker:juju-info #- landscape-client:container - - hacluster-k8s:ha - kubeapi-load-balancer:ha - - kubernetes-master:juju-info - ntp:juju-info - - kubernetes-worker:juju-info - ntp:juju-info - - etcd:juju-info - ntp:juju-info - - kubernetes-master:kube-api-endpoint - kubeapi-load-balancer:apiserver - - kubernetes-master:loadbalancer - kubeapi-load-balancer:loadbalancer - - kubernetes-master:kube-control - kubernetes-worker:kube-control - - kubernetes-master:certificates - vault:certificates - - etcd:certificates - easyrsa:client - - kubernetes-master:etcd - etcd:db - - kubernetes-worker:certificates - vault:certificates - - kubernetes-worker:kube-api-endpoint - kubeapi-load-balancer:website - - kubeapi-load-balancer:certificates - vault:certificates - - calico:etcd - etcd:db - - calico:cni - kubernetes-master:cni - - calico:cni - kubernetes-worker:cni - - mysql:juju-info - filebeat:beats-host - - vault:juju-info - filebeat:beats-host - - telegraf:juju-info - vault:juju-info - - filebeat:beats-host - kubernetes-master:juju-info - - filebeat:beats-host - kubernetes-worker:juju-info #- - filebeat:logstash # - graylog:beats - - kubernetes-master:juju-info - telegraf:juju-info - - kubernetes-worker:juju-info - telegraf:juju-info - - vault:shared-db - mysql:shared-db - - canonical-livepatch - etcd - - canonical-livepatch - vault - - canonical-livepatch - kubernetes-master - - canonical-livepatch - kubernetes-worker - - containerd - kubernetes-master - - containerd - kubernetes-worker - - vault:etcd - etcd:db #- - vault:shared-db # - mysql:shared-db