-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathkas-installer-defaults.env
226 lines (183 loc) · 8.72 KB
/
kas-installer-defaults.env
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
trap 'echo "** Unbound variable must be configured in kas-installer.env or user environment"' EXIT
# [required]
# Principal name to be used for Keycloak client and user representing the owner of a Kafka cluster. See `ocm whoami | jq -r .username`
#
RH_USERNAME="${RH_USERNAME}"
# [required]
# Owning users RH account_id. See `ocm token --payload | jq -r .account_id`
#
RH_USER_ID="${RH_USER_ID}"
# [required]
# Owning users RH org_id. See `ocm token --payload | jq -r .org_id`
#
RH_ORG_ID="${RH_ORG_ID}"
# [required]
# Login credentials for the container repository containing the KAS components container images
#
IMAGE_REPOSITORY_USERNAME="${IMAGE_REPOSITORY_USERNAME}"
IMAGE_REPOSITORY_PASSWORD="${IMAGE_REPOSITORY_PASSWORD}"
# [required]
# DNS domain of the K8s cluster where KAS components will be deployed
#
K8S_CLUSTER_DOMAIN="${K8S_CLUSTER_DOMAIN}"
# [optional]
# RH SSO host name when using 'SSO_PROVIDER_TYPE' of 'redhat_sso'. Defaults to stage environment
#
REDHAT_SSO_HOSTNAME="${REDHAT_SSO_HOSTNAME:-"sso.stage.redhat.com"}"
# [optional]
# Type of SSO provider, see 'SSO_PROVIDER_TYPE' in
# https://github.com/bf2fc6cc711aee1a0c2a/kas-fleet-manager/blob/main/templates/service-template.yml
SSO_PROVIDER_TYPE="${SSO_PROVIDER_TYPE:-"mas_sso"}"
if [ "${SSO_PROVIDER_TYPE}" = 'redhat_sso' ] ; then
# [optional]
# RH SSO realm when using 'SSO_PROVIDER_TYPE' of 'redhat_sso'.
#
REDHAT_SSO_REALM="${REDHAT_SSO_REALM:-"redhat-external"}"
# [required for RH SSO]
# SSO client ID when using 'SSO_PROVIDER_TYPE' of 'redhat_sso'. This client will be used by kas-fleet-manager to
# provision service accounts. The client will also be used by default to provision Kafka clusters with the
# managed_kafka.sh script.
#
REDHAT_SSO_CLIENT_ID="${REDHAT_SSO_CLIENT_ID}"
# [required for RH SSO]
# SSO client secret when using 'SSO_PROVIDER_TYPE' of 'redhat_sso'.
#
REDHAT_SSO_CLIENT_SECRET="${REDHAT_SSO_CLIENT_SECRET}"
# [optional]
# RH client scope to be requested for tokens retrieved from RH SSO
#
REDHAT_SSO_SCOPE="${REDHAT_SSO_SCOPE:-"api.iam.service_accounts"}"
fi
# [optional]
# Base URL (protocol and domain) for the SSO service used by the kas-fleet-manager admin endpoint authZ/authN. If no
# value is provided, the default will be the MAS-SSO protocol and domain.
#
ADMIN_API_SSO_BASE_URL="${ADMIN_API_SSO_BASE_URL:-}"
# [optional]
# SSO realm for the kas-fleet-manager admin endpoint authZ/authN
#
ADMIN_API_SSO_REALM="${ADMIN_API_SSO_REALM:-"rhoas-kafka-sre"}"
# [optional]
# SSO endpoint path for the kas-fleet-manager admin endpoint authZ/authN
#
ADMIN_API_SSO_ENDPOINT_URI="${ADMIN_API_SSO_ENDPOINT_URI:-"/auth/realms/${ADMIN_API_SSO_REALM}"}"
# [optional]
# Client ID used to retrieve an access token for the kas-fleet-manager admin endpoints. The default
# assumes the use of the locally-installed MAS-SSO instances for admin functions.
#
ADMIN_API_CLIENT_ID="${ADMIN_API_CLIENT_ID:-"kafka-admin"}"
# [optional]
# Client secret used to retrieve an access token for the kas-fleet-manager admin endpoints. The default
# assumes the use of the locally-installed MAS-SSO instances for admin functions.
#
ADMIN_API_CLIENT_SECRET="${ADMIN_API_CLIENT_SECRET:-"kafka-admin"}"
# [optional]
# OLM bundle index image and tag to deploy MAS-SSO instance
#
MAS_SSO_OLM_INDEX_IMAGE="${MAS_SSO_OLM_INDEX_IMAGE:-"quay.io/rhoas/mas-sso-operator-catalog"}"
MAS_SSO_OLM_INDEX_IMAGE_TAG="${MAS_SSO_OLM_INDEX_IMAGE_TAG:-"f08a770"}"
# [optional]
# KAS Fleet Manager container image registry (quay.io, docker.io, ...)
#
KAS_FLEET_MANAGER_IMAGE_REGISTRY="${KAS_FLEET_MANAGER_IMAGE_REGISTRY:-"quay.io"}"
# [optional]
# KAS Fleet Manager container image repository credentials' username
#
KAS_FLEET_MANAGER_IMAGE_REPOSITORY_USERNAME="${KAS_FLEET_MANAGER_IMAGE_REPOSITORY_USERNAME:-${IMAGE_REPOSITORY_USERNAME}}"
# [optional]
# KAS Fleet Manager container image repository credentials' password
#
KAS_FLEET_MANAGER_IMAGE_REPOSITORY_PASSWORD="${KAS_FLEET_MANAGER_IMAGE_REPOSITORY_PASSWORD:-${IMAGE_REPOSITORY_PASSWORD}}"
# [optional]
# KAS Fleet Manager container image repository
#
KAS_FLEET_MANAGER_IMAGE_REPOSITORY="${KAS_FLEET_MANAGER_IMAGE_REPOSITORY:-"bf2fc6cc711aee1a0c2a82e312df7f2e6b37baa12bd9b1f2fd752e260d93a6f8144ac730947f25caa2bfe6ad0f410da360940ee6d28d6c1688d3822c4055650e/kas-fleet-manager"}"
# [optional]
# Build the KAS Fleet Manager image from source (determined by KAS_FLEET_MANAGER_GIT_URL and KAS_FLEET_MANAGER_GIT_REF)
# and push to the internal OpenShift registry. The KAS Fleet Manager will still be configured with a pull secret for pulling
# images from KAS_FLEET_MANAGER_IMAGE_REGISTRY.
#
KAS_FLEET_MANAGER_IMAGE_BUILD="${KAS_FLEET_MANAGER_IMAGE_BUILD:-"false"}"
# [optional]
# KAS Fleet Manager's git repository. Source repository reference for KAS fleet manager. Must be a public repository URL
#
KAS_FLEET_MANAGER_GIT_URL="${KAS_FLEET_MANAGER_GIT_URL:-"https://github.com/bf2fc6cc711aee1a0c2a/kas-fleet-manager"}"
# [optional]
# KAS Fleet Manager's git reference. A commit ID, branch name or tag can be used. The commit ID should be compatible with
# the container image contents used
#
KAS_FLEET_MANAGER_GIT_REF="${KAS_FLEET_MANAGER_GIT_REF:-"ac2d958bd8b993a67590adf17934e5c4585cd205"}"
# [optional]
# KAS Fleet Manager container image tag. Defaults to first seven characters of the KAS_FLEET_MANAGER_GIT_REF
#
KAS_FLEET_MANAGER_IMAGE_TAG="${KAS_FLEET_MANAGER_IMAGE_TAG:-${KAS_FLEET_MANAGER_GIT_REF:0:7}}"
# [optional]
# Enable enterprise cluster registration. Set this value to true in kas-installer.env or the environment when the
# installation is intended for use with dynamically registered enterprise data plane clusters.
#
ENTERPRISE_ENABLED="${ENTERPRISE_ENABLED:-"false"}"
# [optional]
# OCM offline token for use with kas-fleet-manager's "ocm" cluster provider
OCM_SERVICE_TOKEN="${OCM_SERVICE_TOKEN:-}"
# [optional]
# OCM cluster ID for use with kas-fleet-manager's "ocm" cluster provider. Also used as the cluster ID in standalone mode.
OCM_CLUSTER_ID="${OCM_CLUSTER_ID:-"dev-dataplane-cluster"}"
# [optional]
# Repository address and ref to use for the Observability repository. Set these to test with custom Observability resources.
#
OBSERVABILITY_CONFIG_REPO="${OBSERVABILITY_CONFIG_REPO:-"quay.io/rhoas/observability-resources-mk"}"
OBSERVABILITY_CONFIG_TAG="${OBSERVABILITY_CONFIG_TAG:-"v1.50.3"}"
# [optional]
# Default cloud provider
# Do not use when specifying `CLUSTER_LIST` or `SUPPORTED_CLOUD_PROVIDERS` using kas-fleet-manager parameter
# customization (see README)
#
CLOUD_PROVIDER="${CLOUD_PROVIDER:-"aws"}"
# [optional]
# Default cloud provider region for the cluster. Must be valid for the configured `CLOUD_PROVIDER`
# Do not use when specifying `CLUSTER_LIST` or `SUPPORTED_CLOUD_PROVIDERS` using kas-fleet-manager parameter
# customization (see README)
#
REGION="${REGION:-"us-east-1"}"
# [optional]
# Namespace to deploy KAS Fleetshard operator
KAS_FLEETSHARD_OPERATOR_NAMESPACE="${KAS_FLEETSHARD_OPERATOR_NAMESPACE:-}"
# [optional]
# KAS Fleetshard operator OLM bundle index image reference
KAS_FLEETSHARD_OLM_INDEX_IMAGE="${KAS_FLEETSHARD_OLM_INDEX_IMAGE:-"quay.io/osd-addons/rhosak-fleetshard-operator-bundle-index:v4.10-v1.0.19-1"}"
# [optional]
# Namespace to deploy Strimzi cluster operator
STRIMZI_OPERATOR_NAMESPACE="${STRIMZI_OPERATOR_NAMESPACE:-}"
# [optional]
# Strimzi cluster operator OLM bundle index image reference
STRIMZI_OLM_INDEX_IMAGE="${STRIMZI_OLM_INDEX_IMAGE:-"quay.io/osd-addons/rhosak-strimzi-operator-bundle-index:v4.10-v0.1.12-1"}"
# [optional]
# TLS certificate to be used with the Kafka instance listeners and the admin API server. Must also configure the value
# of ENABLE_KAFKA_EXTERNAL_CERTIFICATE to 'true' using kas-fleet-manager parameter customization (see README)
#
KAFKA_TLS_CERT="${KAFKA_TLS_CERT:-}"
# [optional]
# TLS key to be used with the Kafka instance listeners and the admin API server. Must also configure the value
# of ENABLE_KAFKA_EXTERNAL_CERTIFICATE to 'true' using kas-fleet-manager parameter customization (see README)
#
KAFKA_TLS_KEY="${KAFKA_TLS_KEY:-}"
# [optional]
# JSON content used to patch the Observability resource. May be used to customize the resyncPeriod, for example.
#
OBSERVABILITY_CR_MERGE_PATCH_CONTENT="${OBSERVABILITY_CR_MERGE_PATCH_CONTENT:-}"
##########
if [ -z "${KAS_FLEETSHARD_OPERATOR_NAMESPACE:-}" ] ; then
if [ -n "${OCM_SERVICE_TOKEN}" ] ; then
KAS_FLEETSHARD_OPERATOR_NAMESPACE='redhat-kas-fleetshard-operator-qe'
else
KAS_FLEETSHARD_OPERATOR_NAMESPACE='redhat-kas-fleetshard-operator'
fi
fi
if [ -z "${STRIMZI_OPERATOR_NAMESPACE:-}" ] ; then
if [ -n "${OCM_SERVICE_TOKEN}" ] ; then
STRIMZI_OPERATOR_NAMESPACE='redhat-managed-kafka-operator-qe'
else
STRIMZI_OPERATOR_NAMESPACE='redhat-managed-kafka-operator'
fi
fi
trap - EXIT