$schema: config.schema.json defaults: region: '{{ .ctx.region }}' regionRG: hcp-underlay-{{ .ctx.regionShort }} global: rg: global subscription: ARO Hosted Control Planes (EA Subscription 1) region: westus3 globalMSIName: "global-rollout-identity" safeDnsIntAppObjectId: "" # intentionally left empty secretsToSyncDir: "dev/arohcpdev-global" nsp: name: nsp-global accessMode: 'Learning' keyVault: name: arohcpdev-global private: false softDelete: true # ACR Pull acrPull: image: registry: mcr.microsoft.com repository: aks/msi-acrpull digest: sha256:c802a91b3b0fe4a3875a03904140a14eb54c8b94db1d510946c9c438d28689c0 #v0.1.14 # Hypershift hypershift: namespace: hypershift additionalInstallArg: '' # Log settings logs: mdsd: namespace: logs msiName: logs-mdsd serviceAccountName: genevabit-aggregator cert: name: "" type: "" issuer: "" subscriptions: [] loganalytics: enable: false # Geneva Actions genevaActions: serviceTag: GenevaActionsNonProd # SVC cluster specifics svc: subscription: ARO Hosted Control Planes (EA Subscription 1) rg: hcp-underlay-{{ .ctx.regionShort }}-svc nsp: name: nsp-{{ .ctx.regionShort }}-svc accessMode: 'Learning' rhDevFixSVCKVAsignNSP: false istio: istioctlVersion: "1.23.1" tag: "prod-stable" targetVersion: "asm-1-23" versions: "asm-1-23" ingressGatewayIPAddressName: "aro-hcp-istio-ingress" ingressGatewayIPAddressIPTags: "" aks: name: "{{ .ctx.regionShort }}-svc" vnetAddressPrefix: "10.128.0.0/14" subnetPrefix: "10.128.8.0/21" podSubnetPrefix: "10.128.64.0/18" kubernetesVersion: 1.31.6 networkDataplane: "cilium" networkPolicy: "cilium" etcd: kvName: arohcp-etcd-{{ .ctx.regionShort }} kvSoftDelete: true clusterOutboundIPAddressIPTags: "" prometheus: namespace: prometheus namespaceLabel: "" prometheusOperator: image: registry: mcr.microsoft.com/oss/v2 repository: prometheus/prometheus-operator digest: a5bf4407cb83dc93d4e29ef680e0a4d621256e0f004822f53b2ff1c592bf2a82 version: "" prometheusSpec: image: registry: mcr.microsoft.com/oss/v2 repository: prometheus/prometheus digest: 2dcc22f4a8ea5c198e1c9eb6e7f04d127c55924da72e0f4334e659633185283c version: "" replicas: 2 shards: 1 # MGMT cluster specifics mgmt: subscription: ARO Hosted Control Planes (EA Subscription 1) rg: hcp-underlay-{{ .ctx.regionShort }}-mgmt-{{ .ctx.stamp }} applyKubeletFixes: true nsp: name: nsp-{{ .ctx.regionShort }}-mgmt-{{ .ctx.stamp }} accessMode: 'Learning' aks: name: "{{ .ctx.regionShort }}-mgmt-{{ .ctx.stamp }}" vnetAddressPrefix: "10.128.0.0/14" subnetPrefix: "10.128.8.0/21" podSubnetPrefix: "10.128.64.0/18" kubernetesVersion: 1.31.6 networkDataplane: "azure" networkPolicy: "azure" etcd: kvName: arohcp-etcd-{{ .ctx.regionShort }}-{{ .ctx.stamp }} kvSoftDelete: true clusterOutboundIPAddressIPTags: "" enableSwiftV2: false prometheus: namespace: prometheus namespaceLabel: network.openshift.io/policy-group=monitoring prometheusOperator: image: registry: mcr.microsoft.com/oss/v2 repository: prometheus/prometheus-operator digest: a5bf4407cb83dc93d4e29ef680e0a4d621256e0f004822f53b2ff1c592bf2a82 version: "" prometheusSpec: image: registry: mcr.microsoft.com/oss/v2 repository: prometheus/prometheus digest: 2dcc22f4a8ea5c198e1c9eb6e7f04d127c55924da72e0f4334e659633185283c version: "v2.55.1-3" replicas: 2 shards: 1 # Frontend frontend: tracing: address: "" exporter: "" cosmosDB: deploy: true disableLocalAuth: true name: arohcp-rp-{{ .ctx.regionShort }} private: true zoneRedundantMode: 'Auto' cert: name: frontend-cert-{{ .ctx.regionShort }} issuer: Self # Mise mise: deploy: false azureAdInstance: "" firstPartyAppId: "" armInstance: "" armAppId: "" tenantId: "" image: repository: "" digest: "" # Maestro maestro: server: mqttClientName: maestro-server loglevel: 4 managedIdentityName: maestro-server k8s: namespace: maestro serviceAccountName: maestro agent: consumerName: hcp-underlay-{{ .ctx.regionShort }}-mgmt-{{ .ctx.stamp }} loglevel: 4 sidecar: image: registry: mcr.microsoft.com repository: azurelinux/base/nginx digest: sha256:f203d7e49ce778f8464f403d2558c5d7162b1b9189657c6b32d4f70a99e0fe83 eventGrid: name: arohcp-maestro-{{ .ctx.regionShort }} maxClientSessionsPerAuthName: 6 private: false certDomain: selfsigned.maestro.keyvault.azure.com certIssuer: Self postgres: name: arohcp-maestro-{{ .ctx.regionShort }} serverVersion: '15' serverStorageSizeGB: 32 deploy: true private: false minTLSVersion: 'TLSV1.2' databaseName: maestro zoneRedundantMode: 'Auto' restrictIstioIngress: true image: registry: quay.io repository: redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro pko: image: arohcpsvcdev.azurecr.io/package-operator/package-operator-package imageManager: arohcpsvcdev.azurecr.io/package-operator/package-operator-manager imageTag: v1.15.0 # Cluster Service clustersService: image: registry: quay.io repository: app-sre/uhc-clusters-service tracing: # NOTE: Currently only enabled for personal-dev. address: "" exporter: "" environment: arohcpdev postgres: name: arohcp-cs-{{ .ctx.regionShort }} deploy: true private: false minTLSVersion: 'TLSV1.2' zoneRedundantMode: 'Auto' managedIdentityName: clusters-service k8s: namespace: cluster-service serviceAccountName: clusters-service # Image Sync imageSync: environmentName: aro-hcp-image-sync outboundServiceTags: "" componentSync: enabled: true image: registry: arohcpsvcdev.azurecr.io repository: image-sync/component-sync digest: sha256:d838c4910bc53a5583dd501ed7e3ab08aa7c08b45b5997c90764c65ceef01a8f repositories: quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package,quay.io/package-operator/package-operator-manager,quay.io/app-sre/backplane-api secrets: 'quay.io:quay-io-bearer' pullSecretName: component-sync-pull-secret ocMirror: enabled: true image: registry: arohcpsvcdev.azurecr.io repository: image-sync/oc-mirror digest: sha256:92dc2b18de0126caa2212f62c54023f6e8ecf12e2025c37a5f4151d0253ae14e pullSecretName: ocmirror-pull-secret # MCE mce: clcStateMetrics: imageDigest: bf5bb514e4d8af5e38317c3727d4cd9f90c22b293fe3e2367f9f0e179e0ee0c7 serviceKeyVault: name: arohcp-svc-{{ .ctx.regionShort }} rg: hcp-underlay-{{ .ctx.regionShort }} region: '{{ .ctx.region }}' softDelete: true private: true # Management Cluster KV cxKeyVault: name: arohcp-cx-{{ .ctx.regionShort }}-{{ .ctx.stamp }} softDelete: true private: true msiKeyVault: name: arohcp-msi-{{ .ctx.regionShort }}-{{ .ctx.stamp }} softDelete: true private: true mgmtKeyVault: name: arohcp-mgmt-{{ .ctx.regionShort }}-{{ .ctx.stamp }} softDelete: true private: true clouds: public: # this configuration serves as a template for for all RH DEV subscription deployments # the following vars need approprivate overrides: defaults: # DNS dns: baseDnsZoneRG: global cxParentZoneName: hcp.osadev.cloud cxParentZoneDelegation: false svcParentZoneName: hcpsvc.osadev.cloud parentZoneName: osadev.cloud # 1P app firstPartyAppClientId: b3cb2fab-15cb-4583-ad06-f91da9bfe2d1 firstPartyAppCertificate: name: firstPartyCert2 issuer: Self manage: false # Mock Managed Identities Service Princiapl miMockClientId: e8723db7-9b9e-46a4-9f7d-64d75c3534f0 miMockPrincipalId: d6b62dfa-87f5-49b3-bbcb-4a687c4faa96 miMockCertName: msiMockCert2 # ARM Helper armHelperClientId: 3331e670-0804-48e8-a086-6241671ddc93 armHelperFPAPrincipalId: 47f69502-0065-4d9a-b19b-d403e183d2f4 armHelperCertName: armHelperCert2 # Maestro maestro: image: digest: sha256:f64ad21dcbe40ed7d29aff7d2d7320c0a5ee18c6bfabfef9486550a96ff27141 # Cluster Service clustersService: image: digest: sha256:777e6f7be92f113b9c188de36b6925dff2537c23fd2efca115b21d42fa9d29e5 azureOperatorsManagedIdentities: clusterApiAzure: roleName: Azure Red Hat OpenShift Control Plane Operator Role - Dev controlPlane: roleName: Azure Red Hat OpenShift Cluster API Role - Dev cloudControllerManager: roleName: Azure Red Hat OpenShift Cloud Controller Manager - Dev ingress: roleName: Azure Red Hat OpenShift Cluster Ingress Operator - Dev diskCsiDriver: roleName: Azure Red Hat OpenShift Disk Storage Operator - Dev fileCsiDriver: roleName: Azure Red Hat OpenShift File Storage Operator - Dev imageRegistry: roleName: Azure Red Hat OpenShift Image Registry Operator - Dev cloudNetworkConfig: roleName: Azure Red Hat OpenShift Network Operator - Dev kms: roleName: Azure Red Hat OpenShift KMS Plugin - Dev # Hypershift Operator hypershift: image: registry: quay.io repository: acm-d/rhtap-hypershift-operator digest: sha256:0e6706e3bbc058a65f34dad7ccf048e56b1f32ca610c6f39f085ddb8bb1169ef # Backplane API backplaneAPI: image: registry: arohcpsvcdev.azurecr.io repository: app-sre/backplane-api digest: sha256:822477832a73c7eab7fe27200994f10030f708f4a752f33ded3f8f8eaa0470f6 # Frontend frontend: image: registry: arohcpsvcdev.azurecr.io repository: arohcpfrontend digest: '' # if empty uses commit sha of repo # Backend backend: image: registry: arohcpsvcdev.azurecr.io repository: arohcpbackend digest: '' # if empty uses commit sha of repo # Shared SVC KV serviceKeyVault: name: 'aro-hcp-dev-svc-kv' rg: 'global' region: 'westus3' private: false # Management Cluster KVs cxKeyVault: softDelete: false private: false msiKeyVault: softDelete: false private: false mgmtKeyVault: softDelete: false private: false # disable soft delete on etcd KVs in DEV svc: subscription: ARO Hosted Control Planes (EA Subscription 1) aks: etcd: kvSoftDelete: false systemAgentPool: minCount: 1 maxCount: 3 vmSize: 'Standard_D2s_v3' osDiskSizeGB: 32 userAgentPool: minCount: 1 maxCount: 3 vmSize: 'Standard_D2s_v3' osDiskSizeGB: 32 azCount: 3 infraAgentPool: minCount: 1 maxCount: 3 vmSize: 'Standard_D2s_v3' osDiskSizeGB: 32 azCount: 1 mgmt: aks: # MGMTM AKS nodepools - big enough for 2 HCPs systemAgentPool: minCount: 1 maxCount: 4 vmSize: 'Standard_D2s_v3' osDiskSizeGB: 32 userAgentPool: minCount: 1 maxCount: 6 vmSize: 'Standard_D4s_v3' osDiskSizeGB: 100 azCount: 3 infraAgentPool: minCount: 1 maxCount: 3 vmSize: 'Standard_D2s_v3' osDiskSizeGB: 32 azCount: 1 etcd: kvSoftDelete: false subscription: ARO Hosted Control Planes (EA Subscription 1) # Shared ACRs acr: svc: name: arohcpsvcdev zoneRedundantMode: Disabled ocp: name: arohcpocpdev zoneRedundantMode: Disabled # OIDC oidcStorageAccountName: arohcpoidc{{ .ctx.regionShort }} oidcZoneRedundantMode: Auto # Metrics monitoring: workspaceName: 'arohcp-{{ .ctx.regionShort }}' grafanaName: 'arohcp-dev' grafanaMajorVersion: '11' grafanaZoneRedundantMode: Disabled grafanaAdminGroupPrincipalId: 6b6d3adf-8476-4727-9812-20ffdef2b85c # DEVOPS MSI aroDevopsMsiId: '/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourceGroups/global/providers/Microsoft.ManagedIdentity/userAssignedIdentities/global-rollout-identity' kvCertOfficerPrincipalId: 'c9b1819d-bb29-4ac2-9abe-39e4fe9b59eb' environments: dev: # this is the integrated DEV environment defaults: logs: loganalytics: enable: true svc: nsp: rhDevFixSVCKVAsignNSP: true mgmt: aks: systemAgentPool: minCount: 1 maxCount: 4 vmSize: 'Standard_E8s_v3' osDiskSizeGB: 128 # MC AKS nodepools # big enough for multiple HCPs userAgentPool: minCount: 1 maxCount: 3 vmSize: 'Standard_D16s_v3' osDiskSizeGB: 128 # CNI networkDataplane: "cilium" # should be switch to azure during next rebuild networkPolicy: "cilium" # should be switch to azure during next rebuild # DNS dns: regionalSubdomain: '{{ .ctx.region }}' # Maestro maestro: server: mqttClientName: 'maestro-server-{{ .ctx.regionShort }}-dev' # Frontend frontend: cosmosDB: private: false zoneRedundantMode: 'Disabled' cs-pr: # this is the cluster service PR check and full cycle test environment defaults: logs: loganalytics: enable: true svc: aks: # MC AKS nodepools # big enough for multiple CS instances during PR checks userAgentPool: minCount: 2 maxCount: 12 mgmt: aks: systemAgentPool: minCount: 1 maxCount: 4 vmSize: 'Standard_E8s_v3' osDiskSizeGB: 128 # MC AKS nodepools # big enough for multiple HCPs userAgentPool: minCount: 1 maxCount: 3 vmSize: 'Standard_D16s_v3' osDiskSizeGB: 128 # CNI networkDataplane: "cilium" # should be switch to azure during next rebuild networkPolicy: "cilium" # should be switch to azure during next rebuild # DNS dns: regionalSubdomain: '{{ .ctx.region }}-cs' # Maestro maestro: restrictIstioIngress: false server: mqttClientName: 'maestro-server-{{ .ctx.regionShort }}-cs' # Frontend frontend: cosmosDB: private: false zoneRedundantMode: 'Disabled' nightly: # this is an environment to test the deployability of infra nightly defaults: # Cluster Service clustersService: postgres: deploy: false # DNS dns: regionalSubdomain: '{{ .ctx.regionShort }}' # Maestro maestro: postgres: deploy: false server: mqttClientName: 'maestro-server-{{ .ctx.regionShort }}' # Frontend frontend: cosmosDB: private: false zoneRedundantMode: 'Disabled' # MC mgmt: applyKubeletFixes: false personal-dev: # this is the personal DEV environment defaults: # Cluster Service clustersService: postgres: deploy: false tracing: address: "http://ingest.observability:4318" exporter: "otlp" # DNS dns: regionalSubdomain: '{{ .ctx.regionShort }}' # Maestro maestro: postgres: deploy: false server: mqttClientName: 'maestro-server-{{ .ctx.regionShort }}' # Frontend frontend: cosmosDB: private: false zoneRedundantMode: 'Disabled' tracing: address: "http://ingest.observability:4318" exporter: "otlp" # MC mgmt: jaeger: deploy: false applyKubeletFixes: false # SVC svc: jaeger: deploy: true personal-perfscale: defaults: dns: regionalSubdomain: '{{ .ctx.regionShort }}' mgmt: aks: systemAgentPool: minCount: 1 maxCount: 4 vmSize: 'Standard_E8s_v3' osDiskSizeGB: 128 userAgentPool: minCount: 1 maxCount: 3 vmSize: 'Standard_D16s_v3' osDiskSizeGB: 128