Created by Ondřej Wantula, last modified on Nov 24, 2022

Proposed name Tangled

Jira task: SAF-167 - New Environment( Tangled) Backlog

Subnet:

For tangled(new_stage) environment pod/service range we can use from 10.60.64.0/18 range to till 10.69.192.0/18 range and the 172.22.0.0/16 subnet for everything else

soul:
      gcp_services: "10.60.0.0/18"
      projects:
        tms:
          k8s:
            master: "192.168.6.0/28"
            nodes: "172.22.0.0/20"
            secondary_ranges:
              pods: "10.60.64.0/18"
              svc: "10.60.128.0/18"
            internal_lb: "172.22.15.253"
          private-default:
            master: "192.168.6.16/28"
            nodes: "172.22.16.0/20"
            svc: "10.61.0.0/18"
            pods: "10.60.192.0/18"

        applications:
          k8s:
            master: "192.168.6.32/28"
            nodes: "172.22.32.0/20"
            secondary_ranges:
              pods: "10.61.64.0/18"
              svc: "10.61.128.0/18"
              euronet-pods: "172.22.112.0/24"
            internal_lb: "172.22.47.253"
          private-default:
            master: "192.168.6.48/28"
            nodes: "172.22.48.0/20"
            svc: "10.62.0.0/18"
            pods: "10.61.192.0/18"
          confluent:
            kafka: "10.69.0.0/16"

        hcvault:
          k8s:
            master: "192.168.6.64/28"
            nodes: "172.22.64.0/20"
            secondary_ranges:
              pods: "10.62.64.0/18"
              svc: "10.62.128.0/18"
            internal_lb: "172.22.79.253"

        monitor:
          k8s:
            master: "192.168.6.80/28"
            nodes: "172.22.80.0/20"
            secondary_ranges:
              pods: "10.62.192.0/18"
              svc: "10.63.0.0/18"
            internal_lb: "172.22.95.253"

        tyk-a:
          k8s:
            master: "192.168.6.96/28"
            nodes: "172.22.96.0/20"
            secondary_ranges:
              pods: "10.63.64.0/18"
              svc: "10.63.128.0/18"
            internal_lb: "172.22.111.253"

        vpn:
          k8s:
            master: "192.168.6.112/28"
            nodes: "172.22.128.0/20" # 172.22.112.0/20 used for the safi-soul-overal-ipsec-vpn-subnet
            secondary_ranges:
              pods: "10.63.192.0/18"
              svc: "10.64.0.0/18"
            internal_lb: "172.22.143.253"

        data:
          k8s:
            master: "192.168.6.128/28"
            nodes: "172.22.144.0/20"
            secondary_ranges:
              pods: "10.64.64.0/18"
              svc: "10.64.128.0/18"
            internal_lb: "172.22.159.253"

        cloud-composer:
          k8s:
            master: "192.168.6.144/28"
            nodes: "172.22.160.0/20"
            secondary_ranges:
              pods: "10.64.192.0/18"
              svc: "10.65.0.0/18"
            internal_lb: "172.22.175.253"


Necessary preequsities:

Cloudflare domain was bought sfdvwork.xyz 3rd parties need to be informed, already updated the needed wiki page → Exposed Endpoints & Tyk Mappings

TM is done in sandbox-tm-6.
Kafka is finished, also with Ably.
Firebase should also be ready.