Configuration Samples

1
version: "1"
2
cluster:
3
  hostname: config-manager.example.com
4
  environment: test
5
  namespace: nv-config-manager
6
  airgapped: false
7
  size: small
8
secrets:
9
  method: kubernetes
10
  config_manager_service_username: nv-config-manager
11
network_secrets:
12
  - name: Hash Salt
13
    secret_key: hash_salt
14
  - name: BGP Password
15
    secret_key: bgp_password
16
    rotation: r1
17
sites:
18
  - name: dc01
19
services:
20
  nautobot: true

1
version: "1"
2
cluster:
3
  hostname: nv-config-manager.local
4
  environment: local
5
  namespace: nv-config-manager
6
  size: small
7
infrastructure:
8
  ztp_storage:
9
    type: file
10
    pvc_name: ztp-os-images
11
    pvc_size: 20Gi
12
    os_images:
13
      - platform: cumulus-linux
14
        version: "5.14.0"
15
        path: /images/cumulus-linux-5.14.0-mlx-amd64.bin
16
      - platform: mlnx-os
17
        version: "3.10.4000"
18
        path: /images/mlnx-os-3.10.4000.bin
19
secrets:
20
  method: kubernetes
21
sites:
22
  - name: dc01
23
services:
24
  nautobot: true

1
version: "1"
2
cluster:
3
  hostname: platform.nv-config-manager.example.com
4
  environment: production
5
  namespace: nv-config-manager-prod
6
  release_name: nv-config-manager-platform
7
  size: large
8
secrets:
9
  method: eso
10
  config_manager_service_username: nv-config-manager
11
  vault:
12
    server: https://vault.example.com
13
    namespace: engineering
14
    secrets_path: nv-config-manager/secrets
15
    mount_path: auth/kubernetes/prod
16
    role: nv-config-manager-vault-agent
17
    auth:
18
      method: jwt
19
sso:
20
  enabled: true
21
  provider: keycloak
22
  issuer_url: https://keycloak.example.com/realms/nv-config-manager
23
  client_id: nv-config-manager
24
  client_secret: your-keycloak-client-secret
25
spiffe:
26
  enabled: true
27
  provider: spire
28
  auth_mode: jwt
29
  trust_domain: example.com
30
  group_prefixes:
31
    - spiffe://example.com/ns/nv-config-manager-prod=nv-config-manager-admin
32
infrastructure:
33
  load_balancer:
34
    provider: nlb
35
    nlb_gateway:
36
      type: external
37
      target_type: ip
38
      subnets: "subnet-abc123, subnet-def456"
39
      dns_name: "platform.nv-config-manager.example.com,*.platform.nv-config-manager.example.com"
40
    nlb_ztp:
41
      type: external
42
      target_type: ip
43
      name: nv-config-manager-prod-ztp-lb
44
      sg: "sg-111222, sg-333444"
45
      subnets: "subnet-abc123, subnet-def456"
46
      ips: "10.0.1.10, 10.0.1.20"
47
      dns_name: ztp-ext.platform.nv-config-manager.example.com
48
    nlb_dhcp:
49
      type: external
50
      target_type: ip
51
      name: nv-config-manager-prod-dhcp-lb
52
      sg: "sg-111222, sg-555666"
53
      subnets: "subnet-abc123, subnet-def456"
54
      ips: "10.0.1.30, 10.0.1.40"
55
      dns_name: dhcp-ext.platform.nv-config-manager.example.com
56
  cnpg_s3_backup:
57
    enabled: true
58
    bucket: nv-config-manager-postgres-backups
59
    path: production
60
    endpoint: https://s3.us-west-2.amazonaws.com
61
images:
62
  source: registry
63
  registry: nvcr.io/nvidian/cfa
64
  tag: v1.2.1
65
network_secrets:
66
  - name: Hash Salt
67
    secret_key: hash_salt
68
    source: vault
69
  - name: BGP Password
70
    secret_key: bgp_password
71
    source: vault
72
    rotation: r1
73
sites:
74
  - name: dc01
75
    vault_path: secrets/nv-config-manager/site/dc01/config_secrets
76
  - name: dc02
77
    vault_path: secrets/nv-config-manager/site/dc02/config_secrets