CalvinHartwell · October 22, 2018 11:57
diff --git a/cdk-openstack.yaml b/cdk-openstack.yaml
 ---
 series: xenial
 description: A highly-available, production-grade Kubernetes cluster.
 services:
  easyrsa:
    annotations:
      gui-x: '450'
      gui-y: '550'
    charm: cs:~containers/easyrsa-114
    num_units: 1
    to:
    - lxd:kubernetes-worker/0
  etcd:
    annotations:
      gui-x: '800'
      gui-y: '550'
    charm: cs:~containers/etcd-201
    constraints: root-disk=30G cores=4 mem=16G
    num_units: 3
    options:
      channel: 3.2/stable
  flannel:
    annotations:
      gui-x: '450'
      gui-y: '750'
    charm: cs:~containers/flannel-141
  kubeapi-load-balancer:
    annotations:
      gui-x: '450'
      gui-y: '250'
    charm: cs:~containers/kubeapi-load-balancer-154
    constraints: root-disk=20G cores=4 mem=8G
    expose: true
    num_units: 2
  kubernetes-master:
    annotations:
      gui-x: '800'
      gui-y: '850'
    charm: cs:~containers/kubernetes-master-210
    constraints: root-disk=30G cores=4 mem=16G
    num_units: 2
    options:
      channel: 1.10/stable
      # Do not enable RBAC before setting up the monitoring tools
      authorization-mode: "RBAC,Node"
      allow-privileged: "true"
  kubernetes-worker:
    annotations:
      gui-x: '100'
      gui-y: '850'
    charm: cs:~containers/kubernetes-worker-231
    constraints: root-disk=30G cores=4 mem=16G
    expose: true
    num_units: 3
    options:
      # Do not enable RBAC before setting up the monitoring tools 
      allow-privileged: "true" 
      channel: 1.10/stable
      http_proxy: squid.internal:3128
      https_proxy: squid.internal:3128
  openstack-integrator:
    charm: cs:~containers/openstack-integrator
    num_units: 1
    options:
      #endpoint-tls-ca: include-base64:///home/ubuntu/openstack-ca.crt
      password: openstack
      project-domain-name: admin_domain
      user-domain-name: admin_domain
      username: admin
      project-name: admin
      region: RegionOne
      auth-url: http://172.16.7.18:5000/v3
      subnet-id: 21ab2f91-9453-4047-a27d-b364a1d0593d
      floating-network-id: 06adf264-0048-4ef5-b2f2-1bbeaf48868d
      manage-security-groups: true
  apache2:
    charm: cs:bionic/apache2-26
    num_units: 1
    expose: true
    options:
      enable_modules: "headers proxy_html proxy_http"
  elasticsearch:
    charm: /home/ubuntu/charms/elastic/elasticsearch-charm
    num_units: 1
    constraints: root-disk=30G cores=4 mem=8G
    series: bionic
    options:
      firewall_enabled: False
      gpg-key: include-file:////home/ubuntu/elasticgpg
      apt-key-url: ""
  filebeat:
    charm: cs:xenial/filebeat-19
    options:
      logpath: '/var/log/*.log'
      kube_logs: True
  graylog:
    charm: cs:xenial/graylog-19
    constraints: root-disk=20G cores=4 mem=8G
    num_units: 1
  mongodb:
    charm: cs:bionic/mongodb-49
    num_units: 1
    options:
      extra_daemon_options: "--bind_ip_all"
  grafana:
    charm: cs:bionic/grafana-17
    constraints: root-disk=20G cores=4 mem=8G
    num_units: 1
    expose: true
  prometheus:
    charm: cs:xenial/prometheus-7
    constraints: root-disk=30G cores=4 mem=16G
    num_units: 1
  telegraf:
    charm: cs:xenial/telegraf-16
    options: 
     install_keys: |
        - |
            -----BEGIN PGP PUBLIC KEY BLOCK-----
            Version: GnuPG v1

            mQINBFcVSuIBEAC80aj0tAQ6+NhGV/bkSwu6Oj+BpDR50Be3uBv7ttdtvChL5zHTnaxjdK3h
            LKSyrDLlmSOkffQ2uO7CxvqeF09MsHhyvrDDx0EY54//xxoAB++PoB2OQqmqldg3Al5Hp4Dz
            rllV5CIX5PD8NGX8UpO3HXk5wEwn9G81l8cia3vPveU82EIkHMiJGpk6+L86OMlwXzxkSI3M
            xXgNFKQc+ELDYLvGSseYC9vPN3kdmFoo/UjznPPE4fxr4bXit3N8Abl1jYjBa0x6SWkK1BAb
            s8w3BXtvyk90z9Oyme69wPD4zAYfFp+kN2nDmTDBMtNCyMu9oatdI5SukMNK4Lcm8eAE6VNs
            04j7BKvGk9+17M8WP9Pw8nIisOwScS9gUlJlLUpnBaJ+sxoOvGQ4mzZxYMKzJh0E58aEX3bS
            AyzQfsae8bZLNOTcgotyzzIDJFF9npzu3wmKjeOt/706p4LiDqKUbQK6cI+QcJ/y80ZUK8pB
            M043ttSHWLmTBFX2drp6zQGae9+02fX89ZD+5c+MPlubJMYCCKkvQT4OssHfC+dVDQ66rwUy
            OObrzsVgikdpIxQVitL3J+Dms56xAkdFfoo+qdxxdv9S/eakc5mfavc/4WVvmFDaJiqJnJRR
            Ryw1zApRtuweEEdVn8niy1mahoKpWaw1pTI4AazjWI6xJH1JyQARAQABtB9MYXVuY2hwYWQg
            UFBBIGZvciBUZWxlZ3JhZiBEZXZziQI4BBMBAgAiBQJXFUriAhsDBgsJCAcDAgYVCAIJCgsE
            FgIDAQIeAQIXgAAKCRDxDL4ByUQG9UgbEACa4IzdeYxH/S5I6MrZfvWNo/JTZ/MZWDD+QlMW
            60ThAemCUSE+NJvZZ1q7ovGFpYnHJT9GQXOwJAX1quDUqyM1uXNmLlOyIVNnmjUTINoLhw2V
            iC8E7dMWC9w4Na2fKezmNHH00kNl43ncstIjjZ3pLnDGYm1y0ItiCUcTRgHhx2cUZ/vStz1S
            Pdqj4P3i8vuspoYJ2T3VPlM/0G+u9Yjuy3Uzu9RugOyO3UJPoi3+4O2VTNosSBy5MILVCp49
            eigyFVGpq5sT/c86qd1zqmsNWEubrlzDfETS4LMj9epr46ZKPXGQkeryt1m2Oe0HkIdNZ+IQ
            5p+i9fnEy7/1uKTXWQYsg2UWsLA2PvTvwY8JxxMhUFgv12q2w7STntqJyi9PLItYNtbtKoS3
            XZCCMqQLCWMXHY+2ol6rRSfs06H/wzlR8LjDaEXkDVuDmqMtcbgTboZYblsGxst7I/Y4Wgfi
            J52uiIyobQ69uJbG0XeRTLZ3WyrBkopEsTX/+sQjVqbADXYU4hBVDgnCf2uN/5dcwSEvDj8/
            +WsToAfEJkscRBsQjTLVzf+eFqHLrbqz/yoYIqBc//IJMBSbxIf5mrOHHLdbOuMCB6PVwpTI
            vLFOSDNPuVDX+S1goA8KJTnXpm8jWDynn3XaXx3AlYw4iZ0ETSgQLQLRd6JuPOEGXsGdBA==
            =ufaX
            -----END PGP PUBLIC KEY BLOCK-----
 relations:
 - - kubernetes-master:kube-api-endpoint
  - kubeapi-load-balancer:apiserver
 - - kubernetes-master:loadbalancer
  - kubeapi-load-balancer:loadbalancer
 - - kubernetes-master:kube-control
  - kubernetes-worker:kube-control
 - - kubernetes-master:certificates
  - easyrsa:client
 - - etcd:certificates
  - easyrsa:client
 - - kubernetes-master:etcd
  - etcd:db
 - - kubernetes-worker:certificates
  - easyrsa:client
 - - kubernetes-worker:kube-api-endpoint
  - kubeapi-load-balancer:website
 - - kubeapi-load-balancer:certificates
  - easyrsa:client
 - - flannel:etcd
  - etcd:db
 - - flannel:cni
  - kubernetes-master:cni
 - - flannel:cni
  - kubernetes-worker:cni
 - [ "openstack-integrator", "kubernetes-master" ]
 - [ "openstack-integrator", "kubernetes-worker" ]
 - ["apache2:reverseproxy", "graylog:website"]
 - ["graylog:elasticsearch", "elasticsearch:client"]
 - ["graylog:mongodb", "mongodb:database"]
 - ["filebeat:beats-host", "kubernetes-master:juju-info"]
 - ["filebeat:beats-host", "kubernetes-worker:juju-info"]
 - ["filebeat:logstash", "graylog:beats"]
 - ["prometheus:grafana-source", "grafana:grafana-source"]
 - ["telegraf:prometheus-client", "prometheus:target"]
 - ["kubernetes-master:juju-info", "telegraf:juju-info"]
 - ["kubernetes-worker:juju-info", "telegraf:juju-info"]
	---
	series: xenial
	description: A highly-available, production-grade Kubernetes cluster.
	services:
	easyrsa:
	annotations:
	gui-x: '450'
	gui-y: '550'
	charm: cs:~containers/easyrsa-114
	num_units: 1
	to:
	- lxd:kubernetes-worker/0
	etcd:
	annotations:
	gui-x: '800'
	gui-y: '550'
	charm: cs:~containers/etcd-201
	constraints: root-disk=30G cores=4 mem=16G
	num_units: 3
	options:
	channel: 3.2/stable
	flannel:
	annotations:
	gui-x: '450'
	gui-y: '750'
	charm: cs:~containers/flannel-141
	kubeapi-load-balancer:
	annotations:
	gui-x: '450'
	gui-y: '250'
	charm: cs:~containers/kubeapi-load-balancer-154
	constraints: root-disk=20G cores=4 mem=8G
	expose: true
	num_units: 2
	kubernetes-master:
	annotations:
	gui-x: '800'
	gui-y: '850'
	charm: cs:~containers/kubernetes-master-210
	constraints: root-disk=30G cores=4 mem=16G
	num_units: 2
	options:
	channel: 1.10/stable
	# Do not enable RBAC before setting up the monitoring tools
	authorization-mode: "RBAC,Node"
	allow-privileged: "true"
	kubernetes-worker:
	annotations:
	gui-x: '100'
	gui-y: '850'
	charm: cs:~containers/kubernetes-worker-231
	constraints: root-disk=30G cores=4 mem=16G
	expose: true
	num_units: 3
	options:
	# Do not enable RBAC before setting up the monitoring tools
	allow-privileged: "true"
	channel: 1.10/stable
	http_proxy: squid.internal:3128
	https_proxy: squid.internal:3128
	openstack-integrator:
	charm: cs:~containers/openstack-integrator
	num_units: 1
	options:
	#endpoint-tls-ca: include-base64:///home/ubuntu/openstack-ca.crt
	password: openstack
	project-domain-name: admin_domain
	user-domain-name: admin_domain
	username: admin
	project-name: admin
	region: RegionOne
	auth-url: http://172.16.7.18:5000/v3
	subnet-id: 21ab2f91-9453-4047-a27d-b364a1d0593d
	floating-network-id: 06adf264-0048-4ef5-b2f2-1bbeaf48868d
	manage-security-groups: true
	apache2:
	charm: cs:bionic/apache2-26
	num_units: 1
	expose: true
	options:
	enable_modules: "headers proxy_html proxy_http"
	elasticsearch:
	charm: /home/ubuntu/charms/elastic/elasticsearch-charm
	num_units: 1
	constraints: root-disk=30G cores=4 mem=8G
	series: bionic
	options:
	firewall_enabled: False
	gpg-key: include-file:////home/ubuntu/elasticgpg
	apt-key-url: ""
	filebeat:
	charm: cs:xenial/filebeat-19
	options:
	logpath: '/var/log/*.log'
	kube_logs: True
	graylog:
	charm: cs:xenial/graylog-19
	constraints: root-disk=20G cores=4 mem=8G
	num_units: 1
	mongodb:
	charm: cs:bionic/mongodb-49
	num_units: 1
	options:
	extra_daemon_options: "--bind_ip_all"
	grafana:
	charm: cs:bionic/grafana-17
	constraints: root-disk=20G cores=4 mem=8G
	num_units: 1
	expose: true
	prometheus:
	charm: cs:xenial/prometheus-7
	constraints: root-disk=30G cores=4 mem=16G
	num_units: 1
	telegraf:
	charm: cs:xenial/telegraf-16
	options:
	install_keys: \|
	- \|
	-----BEGIN PGP PUBLIC KEY BLOCK-----
	Version: GnuPG v1

	mQINBFcVSuIBEAC80aj0tAQ6+NhGV/bkSwu6Oj+BpDR50Be3uBv7ttdtvChL5zHTnaxjdK3h
	LKSyrDLlmSOkffQ2uO7CxvqeF09MsHhyvrDDx0EY54//xxoAB++PoB2OQqmqldg3Al5Hp4Dz
	rllV5CIX5PD8NGX8UpO3HXk5wEwn9G81l8cia3vPveU82EIkHMiJGpk6+L86OMlwXzxkSI3M
	xXgNFKQc+ELDYLvGSseYC9vPN3kdmFoo/UjznPPE4fxr4bXit3N8Abl1jYjBa0x6SWkK1BAb
	s8w3BXtvyk90z9Oyme69wPD4zAYfFp+kN2nDmTDBMtNCyMu9oatdI5SukMNK4Lcm8eAE6VNs
	04j7BKvGk9+17M8WP9Pw8nIisOwScS9gUlJlLUpnBaJ+sxoOvGQ4mzZxYMKzJh0E58aEX3bS
	AyzQfsae8bZLNOTcgotyzzIDJFF9npzu3wmKjeOt/706p4LiDqKUbQK6cI+QcJ/y80ZUK8pB
	M043ttSHWLmTBFX2drp6zQGae9+02fX89ZD+5c+MPlubJMYCCKkvQT4OssHfC+dVDQ66rwUy
	OObrzsVgikdpIxQVitL3J+Dms56xAkdFfoo+qdxxdv9S/eakc5mfavc/4WVvmFDaJiqJnJRR
	Ryw1zApRtuweEEdVn8niy1mahoKpWaw1pTI4AazjWI6xJH1JyQARAQABtB9MYXVuY2hwYWQg
	UFBBIGZvciBUZWxlZ3JhZiBEZXZziQI4BBMBAgAiBQJXFUriAhsDBgsJCAcDAgYVCAIJCgsE
	FgIDAQIeAQIXgAAKCRDxDL4ByUQG9UgbEACa4IzdeYxH/S5I6MrZfvWNo/JTZ/MZWDD+QlMW
	60ThAemCUSE+NJvZZ1q7ovGFpYnHJT9GQXOwJAX1quDUqyM1uXNmLlOyIVNnmjUTINoLhw2V
	iC8E7dMWC9w4Na2fKezmNHH00kNl43ncstIjjZ3pLnDGYm1y0ItiCUcTRgHhx2cUZ/vStz1S
	Pdqj4P3i8vuspoYJ2T3VPlM/0G+u9Yjuy3Uzu9RugOyO3UJPoi3+4O2VTNosSBy5MILVCp49
	eigyFVGpq5sT/c86qd1zqmsNWEubrlzDfETS4LMj9epr46ZKPXGQkeryt1m2Oe0HkIdNZ+IQ
	5p+i9fnEy7/1uKTXWQYsg2UWsLA2PvTvwY8JxxMhUFgv12q2w7STntqJyi9PLItYNtbtKoS3
	XZCCMqQLCWMXHY+2ol6rRSfs06H/wzlR8LjDaEXkDVuDmqMtcbgTboZYblsGxst7I/Y4Wgfi
	J52uiIyobQ69uJbG0XeRTLZ3WyrBkopEsTX/+sQjVqbADXYU4hBVDgnCf2uN/5dcwSEvDj8/
	+WsToAfEJkscRBsQjTLVzf+eFqHLrbqz/yoYIqBc//IJMBSbxIf5mrOHHLdbOuMCB6PVwpTI
	vLFOSDNPuVDX+S1goA8KJTnXpm8jWDynn3XaXx3AlYw4iZ0ETSgQLQLRd6JuPOEGXsGdBA==
	=ufaX
	-----END PGP PUBLIC KEY BLOCK-----
	relations:
	- - kubernetes-master:kube-api-endpoint
	- kubeapi-load-balancer:apiserver
	- - kubernetes-master:loadbalancer
	- kubeapi-load-balancer:loadbalancer
	- - kubernetes-master:kube-control
	- kubernetes-worker:kube-control
	- - kubernetes-master:certificates
	- easyrsa:client
	- - etcd:certificates
	- easyrsa:client
	- - kubernetes-master:etcd
	- etcd:db
	- - kubernetes-worker:certificates
	- easyrsa:client
	- - kubernetes-worker:kube-api-endpoint
	- kubeapi-load-balancer:website
	- - kubeapi-load-balancer:certificates
	- easyrsa:client
	- - flannel:etcd
	- etcd:db
	- - flannel:cni
	- kubernetes-master:cni
	- - flannel:cni
	- kubernetes-worker:cni
	- [ "openstack-integrator", "kubernetes-master" ]
	- [ "openstack-integrator", "kubernetes-worker" ]
	- ["apache2:reverseproxy", "graylog:website"]
	- ["graylog:elasticsearch", "elasticsearch:client"]
	- ["graylog:mongodb", "mongodb:database"]
	- ["filebeat:beats-host", "kubernetes-master:juju-info"]
	- ["filebeat:beats-host", "kubernetes-worker:juju-info"]
	- ["filebeat:logstash", "graylog:beats"]
	- ["prometheus:grafana-source", "grafana:grafana-source"]
	- ["telegraf:prometheus-client", "prometheus:target"]
	- ["kubernetes-master:juju-info", "telegraf:juju-info"]
	- ["kubernetes-worker:juju-info", "telegraf:juju-info"]