Environment Configuration¶
CloudBoostr environment configuration is managed through a GIT repository containing JSON configuration files. This approach provides version control, change tracking and auditability for all environment settings.
The configuration repository URL is set in OpsControl configuration. When an environment is configured, OpsControl clones the repository, loads the root config.json file and creates the appropriate Concourse teams, pipelines, Vault variables and user accounts.
Repository Structure¶
A configuration repository follows a two-level structure:
- A root
config.jsonfile defines the list of environments and users. - Each environment has its own subdirectory (named after the environment) containing a
config.jsonfile with pipelines and variables definitions.
config.json # Root: environments and users
env-prod/
config.json # Environment: pipelines and variables for env-prod
env-staging/
config.json # Environment: pipelines and variables for env-staging
env-dev/
config.json # Environment: pipelines and variables for env-dev
A single repository can host the configuration for all environments. Each environment uses its own subdirectory and environment names must be unique within the repository.
Root Configuration¶
The root config.json defines two top-level sections: envs and users.
Environments¶
The envs array lists all environments managed by this configuration repository. Each entry references an environment by name, which must correspond to a subdirectory in the repository.
{
"envs": [
{
"name": "env-prod"
},
{
"name": "env-staging"
}
],
"users": [...]
}
Users¶
The users array defines user accounts that will be provisioned in the jumpboxes. Each user has a name, email address and one or more SSH public keys (base64-encoded).
{
"envs": [...],
"users": [
{
"name": "john.doe",
"email_address": "john.doe@example.com",
"ssh_keys": [
"c3NoLXJzYSBBQUFBQjNOemFDMXljMk..."
]
}
]
}
Environment Configuration¶
Each environment directory contains a config.json file with two main sections: pipelines and vars.
Pipelines¶
The pipelines array defines CI/CD pipelines available for the environment. Each pipeline specifies:
| Field | Description |
|---|---|
name |
Unique identifier for the pipeline |
file |
Relative path to the pipeline definition YAML file (cb-env or cb-k8s-deployment) |
vars |
Array of pipeline-specific variable overrides |
_comment |
Human-readable description (optional) |
{
"pipelines": [
{
"_comment": "Deploy or upgrade Environment infrastructure",
"name": "deploy_infra",
"file": "cb-env/ci/pipelines/deploy-pipeline.yml",
"vars": []
},
{
"_comment": "Run 'security' upgrade K8s VMs without reboot",
"name": "security_upgrade_k8s",
"file": "cb-k8s-deployment/ci/pipelines/upgrade-pipeline.yml",
"vars": [
{
"name": "upgrade_type",
"value": "security"
},
{
"name": "upgrade_serial",
"value": "20%"
},
{
"name": "reboot_policy",
"value": "never"
}
]
}
]
}
Available Pipelines¶
The following pipelines are available out of the box:
Infrastructure¶
| Pipeline | Description | File |
|---|---|---|
deploy_infra |
Deploy or upgrade environment infrastructure | cb-env/ci/pipelines/deploy-pipeline.yml |
destroy_infra |
Destroy environment infrastructure | cb-env/ci/pipelines/destroy-pipeline.yml |
Kubernetes Cluster¶
| Pipeline | Description | File |
|---|---|---|
deploy_k8s |
Deploy or upgrade Kubernetes cluster | cb-k8s-deployment/ci/pipelines/deploy-pipeline.yml |
destroy_k8s |
Destroy Kubernetes cluster | cb-k8s-deployment/ci/pipelines/destroy-pipeline.yml |
backup_k8s |
Run Kubernetes cluster backup | cb-k8s-deployment/ci/pipelines/backup-pipeline.yml |
restore_latest_k8s |
Restore cluster from the latest backup | cb-k8s-deployment/ci/pipelines/restore-latest-pipeline.yml |
restore_custom_k8s |
Restore cluster from a specific backup version | cb-k8s-deployment/ci/pipelines/restore-custom-pipeline.yml |
Kubernetes Maintenance¶
| Pipeline | Description | File |
|---|---|---|
security_upgrade_k8s |
Apply security updates without reboot (upgrade_type: security, upgrade_serial: 20%, reboot_policy: never) | cb-k8s-deployment/ci/pipelines/upgrade-pipeline.yml |
safe_upgrade_k8s |
Apply safe updates with automatic reboot policy (upgrade_type: security, upgrade_serial: 20%, reboot_policy: auto) | cb-k8s-deployment/ci/pipelines/upgrade-pipeline.yml |
dist_upgrade_k8s |
Apply distribution upgrade with reboot (upgrade_type: dist, upgrade_serial: 20%, reboot_policy: always) | cb-k8s-deployment/ci/pipelines/upgrade-pipeline.yml |
reboot_k8s |
Reboot Kubernetes VMs (reboot_serial: 20%, reboot_policy: always)) | cb-k8s-deployment/ci/pipelines/reboot-pipeline.yml |
Kubernetes Health¶
| Pipeline | Description | File |
|---|---|---|
smoke_tests_k8s |
Periodically run smoke tests (default: 15m interval) | cb-k8s-deployment/ci/pipelines/smoke-tests-pipeline.yml |
pre_upgrade_checks_k8s |
Check for breaking changes before upgrade | cb-k8s-deployment/ci/pipelines/pre-upgrade-check-pipeline.yml |
Variables¶
The vars array defines configuration variables for the environment. Variables are used by pipelines and the platform to configure infrastructure, networking, Kubernetes clusters and deployed components.
Each variable has a name, an optional _comment and either a static value or a vault_var reference pointing to a secret stored in the Vault.
Static value:
{
"_comment": "DNS domain for the Environment",
"name": "env_base_domain",
"value": "env.prod.cloudboostr.example.com"
}
Vault reference (for secrets):
{
"_comment": "vSphere password",
"name": "vsphere_password",
"vault_var": "/opscontrol/vsphere_password"
}
List value:
{
"_comment": "List variable with NTP servers that should be used on VMs",
"name": "ntp_servers",
"value": ["ntp.ubuntu.com", "ntp.ubuntu.local"]
}
Variable Categories¶
Variables are organized into the following categories:
CloudBoostr version¶
Cloudboostr image version:
cloudboostr_image_name
cloudboostr_image_tag
Infrastructure access¶
Variables for connecting to the vSphere API:
{
"_comment": "vSphere host",
"name": "vsphere_host",
"vault_var": "/opscontrol/vsphere_host"
},
{
"_comment": "vSphere username",
"name": "vsphere_username",
"vault_var": "/opscontrol/vsphere_username"
},
{
"_comment": "vSphere password",
"name": "vsphere_password",
"vault_var": "/opscontrol/vsphere_password"
},
{
"_comment": "Allow insecure SSL to vSphere APIs",
"name": "vsphere_allow_unverified_ssl",
"vault_var": "/opscontrol/vsphere_allow_unverified_ssl"
},
{
"_comment": "vSphere datacenter name",
"name": "vsphere_datacenter",
"vault_var": "/opscontrol/vsphere_datacenter"
},
{
"_comment": "vSphere datastore name",
"name": "vsphere_datastore",
"vault_var": "/opscontrol/vsphere_datastore"
},
{
"_comment": "vSphere cluster name",
"name": "vsphere_cluster",
"vault_var": "/opscontrol/vsphere_cluster"
},
{
"_comment": "vSphere resource pool name",
"name": "vsphere_resource_pool",
"vault_var": "/opscontrol/vsphere_resource_pool"
},
Variables for NSX-T:
{
"_comment": "NSX-T host",
"name": "nsxt_host",
"vault_var": "/opscontrol/nsxt_host"
},
{
"_comment": "NSX-T username",
"name": "nsxt_username",
"vault_var": "/opscontrol/nsxt_username"
},
{
"_comment": "NSX-T password",
"name": "nsxt_password",
"vault_var": "/opscontrol/nsxt_password"
},
{
"_comment": "Allow insecure SSL to NSX-T APIs",
"name": "nsxt_allow_unverified_ssl",
"vault_var": "/opscontrol/nsxt_allow_unverified_ssl"
},
{
"_comment": "Use remote authorization when connecting to NSX-T APIs",
"name": "nsxt_remote_auth",
"vault_var": "/opscontrol/nsxt_remote_auth"
},
{
"_comment": "The maximum number of retires before failing an API request",
"name": "nsxt_max_retries",
"vault_var": "/opscontrol/nsxt_max_retries"
},
{
"_comment": "The minimum delay, in milliseconds, between API retries",
"name": "nsxt_retry_min_delay",
"vault_var": "/opscontrol/nsxt_retry_min_delay"
},
{
"_comment": "The maximum delay, in milliseconds, between API retries",
"name": "nsxt_retry_max_delay",
"vault_var": "/opscontrol/nsxt_retry_max_delay"
},
{
"_comment": "NSX-T overlay transport zone name",
"name": "overlay_transport_zone_name",
"vault_var": "/opscontrol/overlay_transport_zone_name"
},
{
"_comment": "NSX-T Tier-0 router/gateway name",
"name": "tier0_router_name",
"vault_var": "/opscontrol/tier0_router_name"
},
{
"_comment": "NSX-T edge cluster name",
"name": "edge_cluster_name",
"vault_var": "/opscontrol/edge_cluster_name"
},
DNS and Domain¶
DNS configuration:
{
"_comment": "IP of Opscontrol DNS VM",
"name": "opscontrol_dns_ip",
"vault_var": "/opscontrol/dns_instance_public_ip"
},
{
"_comment": "DNS domain for the Environment",
"name": "env_base_domain",
"value": "env.vs.ci.cloudboostr.int"
},
{
"_comment": "Public DNS server IP address",
"name": "public_dns_ip",
"value": "10.10.1.10"
},
{
"_comment": "Public IP address of the DNS instance",
"name": "dns_instance_public_ip",
"value": "10.62.11.150"
},
{
"_comment": "Private IP address of the DNS instance",
"name": "dns_instance_private_ip",
"value": "10.62.11.150"
},
Jumpbox configuration¶
{
"_comment": "Jumpbox template name",
"name": "jumpbox_template_name",
"value": "Templates/jumpbox-focal-template"
},
{
"_comment": "Jumpbox public IP address",
"name": "jumpbox_public_ip",
"value": "10.62.11.133"
},
{
"_comment": "Jumpbox private IP address",
"name": "jumpbox_private_ip",
"value": "10.62.11.133"
},
Network Configuration¶
{
"_comment": "Whole network CIDR",
"name": "network_cidr",
"value": "10.62.11.0/24"
},
{
"_comment": "CIDR of the opscontrol",
"name": "opscontrol_cidr",
"vault_var": "/opscontrol/opscontrol_cidr"
},
{
"_comment": "MGMT network router/gateway IP address in CIDR format",
"name": "mgmt_router_ip",
"value": "10.62.11.1/26"
},
{
"_comment": "MGMT network DHCP server IP address in CIDR format",
"name": "mgmt_dhcp_server_ip",
"value": "10.62.11.2/26"
},
{
"_comment": "First IP address from MGMT network DHCP server range",
"name": "mgmt_dhcp_server_range_start",
"value": "10.62.11.3"
},
{
"_comment": "Last IP address from MGMT network DHCP server range",
"name": "mgmt_dhcp_server_range_end",
"value": "10.62.11.4"
},
{
"_comment": "Services network router/gateway IP address in CIDR format",
"name": "services_router_ip",
"value": "10.62.11.65/26"
},
{
"_comment": "Services network DHCP server IP address in CIDR format",
"name": "services_dhcp_server_ip",
"value": "10.62.11.66/26"
},
{
"_comment": "First IP address from Services network DHCP server range",
"name": "services_dhcp_server_range_start",
"value": "10.62.11.67"
},
{
"_comment": "Last IP address from Services network DHCP server range",
"name": "services_dhcp_server_range_end",
"value": "10.62.11.68"
},
{
"_comment": "DMZ network router/gateway IP address in CIDR format",
"name": "dmz_router_ip",
"value": "10.62.11.129/26"
},
{
"_comment": "DMZ network DHCP server IP address in CIDR format",
"name": "dmz_dhcp_server_ip",
"value": "10.62.11.130/26"
},
{
"_comment": "First IP address from DMZ network DHCP server range",
"name": "dmz_dhcp_server_range_start",
"value": "10.62.11.131"
},
{
"_comment": "Last IP address from DMZ network DHCP server range",
"name": "dmz_dhcp_server_range_end",
"value": "10.62.11.132"
},
{
"_comment": "K8S network router/gateway IP address in CIDR format",
"name": "k8s_router_ip",
"value": "10.62.11.193/26"
},
{
"_comment": "K8S network DHCP server IP address in CIDR format",
"name": "k8s_dhcp_server_ip",
"value": "10.62.11.194/26"
},
{
"_comment": "First IP address from K8S network DHCP server range",
"name": "k8s_dhcp_server_range_start",
"value": "10.62.11.195"
},
{
"_comment": "Last IP address from K8S network DHCP server range",
"name": "k8s_dhcp_server_range_end",
"value": "10.62.11.196"
},
Kubernetes Load Balancer¶
{
"_comment": "Public IP address of the K8S LB",
"name": "k8s_lb_public_ip",
"value": "10.62.11.134"
},
{
"_comment": "Indicates if K8S load balancer support should be enabled",
"name": "k8s_lb_enabled",
"value": "true"
},
{
"_comment": "Name of the application profile used by the K8S LB (Used only by the Policy API)",
"name": "k8s_lb_app_profile_name",
"value": "default-tcp-lb-app-profile"
},
{
"_comment": "List variable with paths of the active monitor K8S LB Ingress Pool (Used only by the Policy API)",
"name": "k8s_lb_ingress_active_monitor_paths",
"value": ["/infra/lb-monitor-profiles/default-icmp-lb-monitor"]
},
{
"_comment": "List variable with paths of the active monitor K8S LB API Pool (Used only by the Policy API)",
"name": "k8s_lb_api_active_monitor_paths",
"value": ["/infra/lb-monitor-profiles/default-icmp-lb-monitor"]
},
{
"_comment": "K8S load balancer CIDR",
"name": "k8s_lb_cidr",
"value": "10.62.11.128/26"
},
{
"_comment": "K8S load balancer gateway",
"name": "k8s_lb_gateway",
"value": "10.62.11.129"
},
{
"_comment": "K8S load allocation start",
"name": "k8s_lb_allocation_start",
"value": "10.62.11.133"
},
{
"_comment": "K8S load allocation end",
"name": "k8s_lb_allocation_end",
"value": "10.62.11.142"
},
Kubernetes Node Ports¶
{
"_comment": "Indicates if K8S node ports should be enabled",
"name": "k8s_node_ports_enabled",
"value": "true"
},
{
"_comment": "List variable with K8S node ports TCP",
"name": "k8s_node_ports_tcp",
"value": ["30000-32767"]
},
{
"_comment": "List variable with K8S node ports UDP",
"name": "k8s_node_ports_udp",
"value": ["30000-32767"]
},
{
"_comment": "List variable with K8S node ports whitelist",
"name": "k8s_node_ports_whitelist",
"value": ["0.0.0.0/0"]
},
Security and Access Control¶
{
"_comment": "List variable with CIDRs from which SSH to jumpbox is allowed",
"name": "jumpbox_whitelist_ssh_in",
"value": ["0.0.0.0/0"]
},
{
"_comment": "List variable with CIDRs from access to k8s_api is allowed",
"name": "k8s_api_whitelist_in",
"value": ["0.0.0.0/0"]
},
{
"_comment": "List variable with CIDRs to which traffic from environment is allowed",
"name": "env_whitelist_out",
"value": ["0.0.0.0/0"]
},
{
"_comment": "List of hostnames, separated by space, which has StrictHostKeyChecking set to no",
"name": "ssh_allowed_hosts",
"vault_var": "/opscontrol/ssh_allowed_hosts"
},
{
"_comment": "Enable Gateway Firewall",
"name": "enable_gateway_policy",
"vault_var": "/opscontrol/enable_gateway_policy"
},
{
"_comment": "Enable NSX-T policy firewall logging",
"name": "firewall_logging_enabled",
"vault_var": "/opscontrol/firewall_logging_enabled"
},
jumpbox_whitelist_ssh_in, k8s_api_whitelist_in, env_whitelist_out. Firewall settings: enable_gateway_policy, firewall_logging_enabled.
Cryptographic Keys and Certificates¶
{
"_comment": "GIT private key",
"name": "git_private_key",
"vault_var": "/opscontrol/git_private_key"
},
{
"_comment": "Jumpbox private key",
"name": "jumpbox_private_key",
"vault_var": "/opscontrol/jumpbox_private_key"
},
{
"_comment": "Jumpbox public key",
"name": "jumpbox_public_key",
"vault_var": "/opscontrol/jumpbox_public_key"
},
{
"_comment": "DNS private key",
"name": "dns_private_key",
"vault_var": "/opscontrol/dns_private_key"
},
{
"_comment": "DNS public key",
"name": "dns_public_key",
"vault_var": "/opscontrol/dns_public_key"
},
{
"_comment": "K8s private key",
"name": "k8s_private_key",
"vault_var": "/opscontrol/k8s_private_key"
},
{
"_comment": "K8s public key",
"name": "k8s_public_key",
"vault_var": "/opscontrol/k8s_public_key"
},
{
"_comment": "Trusted CA certificates",
"name": "trusted_ca_crt",
"vault_var": "/uber_pipeline/trusted_ca_crt"
},
{
"_comment": "K8s ingress certificate key",
"name": "k8s_key",
"vault_var": "/uber_pipeline/env-ci/k8s_key"
},
{
"_comment": "K8s ingress certificate crt",
"name": "k8s_crt",
"vault_var": "/uber_pipeline/env-ci/k8s_crt"
},
{
"_comment": "Thanos mTLS certificate key",
"name": "thanos_key",
"vault_var": "/uber_pipeline/env-ci/thanos_key"
},
{
"_comment": "Thanos mTLS certificate crt",
"name": "thanos_crt",
"vault_var": "/uber_pipeline/env-ci/thanos_crt"
},
{
"_comment": "Thanos mTLS certificate chain",
"name": "thanos_ca_chain",
"vault_var": "/uber_pipeline/env-ci/thanos_ca_chain"
},
Docker Registry¶
{
"_comment": "Docker registry URL",
"name": "docker_registry_url",
"vault_var": "/concourse/harbor_url"
},
{
"_comment": "Docker registry username",
"name": "docker_registry_username",
"vault_var": "/concourse/harbor_username"
},
{
"_comment": "Docker registry password",
"name": "docker_registry_password",
"vault_var": "/concourse/harbor_password"
},
{
"_comment": "Name of the Docker registry proxy cache project",
"name": "docker_registry_proxy_cache_project",
"vault_var": "/concourse/harbor_proxy_cache_project"
},
{
"_comment": "Name of the Docker registry Cloudboostr project",
"name": "docker_registry_cloudboostr_project",
"vault_var": "/concourse/harbor_cloudboostr_project"
},
Git Configuration¶
{
"_comment": "Git URI to the config repository",
"name": "config_repository_url",
"vault_var": "/opscontrol/config_repository_url"
},
{
"_comment": "Git branch name in the config repository",
"name": "config_repository_branch",
"vault_var": "/opscontrol/config_repository_branch"
},
Storage Classes¶
{
"_comment": "Indicates if standard storage class should be created",
"name": "k8s_create_standard_storage_class",
"vault_var": "/opscontrol/k8s_create_standard_storage_class"
},
{
"_comment": "Indicates if standard storage class should be set as a default",
"name": "k8s_set_standard_storage_class_as_default",
"vault_var": "/opscontrol/k8s_set_standard_storage_class_as_default"
},
{
"_comment": "Name of the standard storage class",
"name": "k8s_standard_storage_class_name",
"vault_var": "/opscontrol/k8s_standard_storage_class_name"
},
{
"_comment": "Name of the storage class to use for deployments",
"name": "k8s_storage_class",
"vault_var": "/opscontrol/k8s_storage_class"
},
Kubernetes Master Nodes¶
{
"_comment": "K8S template name",
"name": "k8s_template_name",
"value": "Templates/jumpbox-focal-template"
},
{
"_comment": "String variable with comma separated list of K8s master IP addresses, set to \"null\" if you want no masters",
"name": "k8s_master_ips",
"value": "10.62.11.197,10.62.11.198,10.62.11.199"
},
{
"_comment": "Number of K8s masters CPUs",
"name": "k8s_master_cpu",
"value": "4"
},
{
"_comment": "Number of K8s masters cores per socket",
"name": "k8s_master_num_cores_per_socket",
"value": "1"
},
{
"_comment": "Size of K8s masters RAM",
"name": "k8s_master_ram",
"value": "8192"
},
{
"_comment": "K8s masters networ name",
"name": "k8s_master_network",
"value": "env-ci-k8s"
},
{
"_comment": "K8s masters network CIDR",
"name": "k8s_master_network_cidr",
"value": "10.62.11.192/26"
},
{
"_comment": "K8s masters gateway IP address",
"name": "k8s_master_gateway",
"value": "10.62.11.193"
},
Kubernetes Worker Nodes¶
{
"_comment": "String variable with comma separated list of K8s workers IP addresses, set to \"null\" if you want no workers",
"name": "k8s_worker_ips",
"value": "10.62.11.200,10.62.11.201,10.62.11.202"
},
{
"_comment": "Number of K8s workers CPUs",
"name": "k8s_worker_cpu",
"value": "4"
},
{
"_comment": "Number of K8s workers cores per socket",
"name": "k8s_worker_num_cores_per_socket",
"value": "1"
},
{
"_comment": "Size of K8s workers RAM",
"name": "k8s_worker_ram",
"value": "16384"
},
{
"_comment": "Size of K8s workers disk",
"name": "k8s_worker_disk",
"value": "200"
},
{
"_comment": "K8s workers network name",
"name": "k8s_worker_network",
"value": "env-ci-k8s"
},
{
"_comment": "K8s workers network CIDR",
"name": "k8s_worker_network_cidr",
"value": "10.62.11.192/26"
},
{
"_comment": "K8s workers gateway IP address",
"name": "k8s_worker_gateway",
"value": "10.62.11.193"
},
Elasticsearch / Logging¶
{
"_comment": "Enables or disables Filebeat deploymen",
"name": "elasticsearch_deployment_enabled",
"vault_var": "/opscontrol/elasticsearch_deployment_enabled"
},
{
"_comment": "Elasticsearch host",
"name": "elasticsearch_host",
"vault_var": "/opscontrol/elasticsearch_host"
},
{
"_comment": "Elasticsearch port",
"name": "elasticsearch_port",
"vault_var": "/opscontrol/elasticsearch_port"
},
{
"_comment": "Elasticsearch CA chaing",
"name": "elasticsearch_ca_chain",
"vault_var": "/uber_pipeline/elk_root_crt"
},
{
"_comment": "Elasticsearch username",
"name": "elasticsearch_username",
"vault_var": "/uber_pipeline/env-ci/elasticsearch_username"
},
{
"_comment": "Elasticsearch password",
"name": "elasticsearch_password",
"vault_var": "/uber_pipeline/env-ci/elasticsearch_password"
},
S3 / Bucket Configuration¶
{
"_comment": "Bucket name for infrastructure state",
"name": "infrastructure_state_bucket_name",
"value": "infrastructure-state.env.vs.ci.cloudboostr.int"
},
{
"_comment": "Bucket name for extension files",
"name": "extensions_bucket_name",
"value": "extensions.env.vs.ci.cloudboostr.int"
},
{
"_comment": "Bucket name for backups",
"name": "backups_bucket_name",
"value": "backups.env.vs.ci.cloudboostr.int"
},
{
"_comment": "Directory path within extensions bucket for terraform extensions",
"name": "extensions_terraform_directory",
"value": "env/terraform"
},
{
"_comment": "Filename for terraform extensions tfvars file",
"name": "extensions_terraform_properties",
"value": "terraform.tfvars"
},
{
"_comment": "Directory path within extensions bucket for DNS deployment extensions",
"name": "extensions_dns_directory",
"value": "env/dns"
},
{
"_comment": "Filename for DNS extensions vars.yml file",
"name": "extensions_dns_properties",
"value": "dns-properties.yml"
},
{
"_comment": "Directory path within extensions bucket for K8s deployment extensions",
"name": "extensions_k8s_directory",
"value": "env/k8s"
},
{
"_comment": "Filename for K8s extensions vars.yml file",
"name": "extensions_k8s_properties",
"value": "k8s-properties.yml"
},
{
"_comment": "Directory path within extensions bucket for K8s terraform extensions",
"name": "extensions_k8s_terraform_directory",
"value": "env/k8s-terarform"
},
{
"_comment": "Filename for K8s terraform extensions tfvars file",
"name": "extensions_k8s_terraform_properties",
"value": "terarform.tfvars"
},
Kubernetes Component Deployment¶
{
"_comment": "Flag that indicates whether K8s resources should be deleted on cluster destroy",
"name": "delete_k8s_resources_on_destroy",
"value": "true"
},
{
"_comment": "Flag that indicates whether filebeat should be deployed (present|absent)",
"name": "filebeat_release_state",
"value": "present"
},
{
"_comment": "Flag that indicates whether nginx ingress should be deployed (present|absent)",
"name": "nginx_ingress_release_state",
"value": "absent"
},
{
"_comment": "Flag that indicates whether traefik ingress should be deployed (present|absent)",
"name": "traefik_ingress_release_state",
"value": "present"
},
{
"_comment": "Flag that indicates whether by default traefik should redirect web to websecure",
"name": "traefik_ingress_redirect_web_to_websecure",
"value": "false"
},
{
"_comment": "Flag that indicates whether prometheus should be deployed (present|absent)",
"name": "prometheus_release_state",
"value": "present"
},
{
"_comment": "Flag that indicates whether thanos should be deployed (present|absent)",
"name": "thanos_release_state",
"value": "present"
},
{
"_comment": "Flag that indicates whether velero should be deployed (present|absent)",
"name": "velero_release_state",
"value": "present"
},
{
"_comment": "Flag that indicates whether automatic TLS secrets creation for ingress should be disabled or not",
"name": "ingress_disable_create_tls_secret",
"value": "false"
},
{
"_comment": "Flag that indicates whether automatic thanos ingress creation should be disabled or not",
"name": "thanos_ingress_disable",
"value": "false"
},
Backup Configuration¶
{
"_comment": "Cron expression defining when to run the velero backup",
"name": "velero_backup_schedule",
"value": "0 0 * * *"
},
{
"_comment": "The amount of time before backups created on this schedule are eligible for garbage collection",
"name": "velero_backup_ttl",
"value": "72h"
},
{
"_comment": "Flag that indicates whether or not to snapshot volumes",
"name": "velero_snapshot_volumes",
"value": "false"
},
Component Annotations¶
{
"_comment": "Annotation added to velero deployed by Cloudboostr",
"name": "velero_cb_annotation",
"value": "cloudboostr-velero"
},
{
"_comment": "Annotation added to traefik deployed by Cloudboostr",
"name": "traefik_ingress_cb_annotation",
"value": "cloudboostr-traefik"
},
{
"_comment": "Annotation added to nginx deployed by Cloudboostr",
"name": "nginx_ingress_cb_annotation",
"value": "cloudboostr-nginx"
},
{
"_comment": "Annotation added to prometheus deployed by Cloudboostr",
"name": "prometheus_cb_annotation",
"value": "cloudboostr-prometheus"
},
{
"_comment": "Annotation added to filebeat deployed by Cloudboostr",
"name": "filebeat_cb_annotations",
"value": "cloudboostr-filebeat"
},
Playbook Execution Control¶
{
"_comment": "Optional: Terraform parallelism setting for K8s terraform updates (default 20)",
"name": "terraform_parallelism_percentage",
"value": "50"
},
{
"_comment": "Optional: Skip phase to run common playbooks before kubespray (default false)",
"name": "skip_pre_common_playbooks",
"value": "false"
},
{
"_comment": "Optional: Skip phase to run backend playbooks before kubespray (default false)",
"name": "skip_pre_backend_playbooks",
"value": "false"
},
{
"_comment": "Optional: Skip phase to run extensions playbooks before kubespray (default false)",
"name": "skip_pre_extensions_playbooks",
"value": "false"
},
{
"_comment": "Optional: Skip phase to run kubespray playbooks (default false)",
"name": "skip_kubespray_playbooks",
"value": "false"
},
{
"_comment": "Optional: Skip phase to run common playbooks after kubespray (default false)",
"name": "skip_post_common_playbooks",
"value": "false"
},
{
"_comment": "Optional: Skip phase to run backend playbooks after kubespray (default false)",
"name": "skip_post_backend_playbooks",
"value": "false"
},
{
"_comment": "Optional: Skip phase to run extensions playbooks after kubespray (default false)",
"name": "skip_post_extensions_playbooks",
"value": "false"
},
{
"_comment": "Optional: Additional arguments passed to common playbooks before kubespray (default '')",
"name": "pre_common_playbooks_additional_arguments",
"value": ""
},
{
"_comment": "Optional: Additional arguments passed to backend playbooks before kubespray (default '')",
"name": "pre_backend_playbooks_additional_arguments",
"value": ""
},
{
"_comment": "Optional: Additional arguments passed to extensions playbooks before kubespray (default '')",
"name": "pre_extensions_playbooks_additional_arguments",
"value": ""
},
{
"_comment": "Optional: Additional arguments passed to kubespray (default '')",
"name": "kubespray_playbooks_additional_arguments",
"value": ""
},
{
"_comment": "Optional: Additional arguments passed to common playbooks after kubespray (default '')",
"name": "post_common_playbooks_additional_arguments",
"value": ""
},
{
"_comment": "Optional: Additional arguments passed to backend playbooks before kubespray (default '')",
"name": "post_backend_playbooks_additional_arguments",
"value": ""
},
{
"_comment": "Optional: Additional arguments passed to extensions playbooks before kubespray (default '')",
"name": "post_extensions_playbooks_additional_arguments",
"value": ""
},
{
"_comment": "Optional: Additional arguments passed to k8s packages (default '')",
"name": "k8s_packages_ansible_playbook_additional_arguments",
"value": ""
}
VM Configuration¶
{
"_comment": "vSphere VM hardware version",
"name": "vm_hardware_version",
"vault_var": "/opscontrol/vm_hardware_version"
},
{
"_comment": "VMware tools upgrade policy. Possible values: manual, upgradeAtPowerCycle.",
"name": "vmware_tools_upgrade_policy",
"vault_var": "/opscontrol/vmware_tools_upgrade_policy"
},
{
"_comment": "Indicates if CPU hot add feature should be enabled",
"name": "cpu_hot_add_enabled",
"vault_var": "/opscontrol/cpu_hot_add_enabled"
},
{
"_comment": "Indicates if RAM hot add feature should be enabled",
"name": "memory_hot_add_enabled",
"vault_var": "/opscontrol/memory_hot_add_enabled"
},
{
"_comment": "List variable with NTP servers that should be used on VMs",
"name": "ntp_servers",
"value": ["ntp.ubuntu.com", "ntp.ubuntu.local"]
},
Getting Started¶
- Create a new GIT repository for your configuration.
- Define the root
config.jsonwith your environments and users. - For each environment, create a subdirectory and populate its
config.jsonwith the pipeline definitions and variable values specific to that environment. - Store sensitive values in the vault and reference them using
vault_varinstead ofvalue. - Commit and push the configuration repository.
- Configure the repository URL in OpsControl.