Merge "Add apt_mirantis key's to reclass"
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index 1b9948d..b959d32 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -16,6 +16,7 @@
         host: ${_param:openstack_database_address}
       glance:
         host: ${_param:openstack_control_address}
+        protocol: ${_param:cluster_internal_protocol}
       message_queue:
         members:
           - host: ${_param:openstack_message_queue_node01_address}
diff --git a/docker/swarm/stack/monitoring/gainsight.yml b/docker/swarm/stack/monitoring/gainsight.yml
new file mode 100644
index 0000000..5a975a1
--- /dev/null
+++ b/docker/swarm/stack/monitoring/gainsight.yml
@@ -0,0 +1,49 @@
+classes:
+- system.prometheus.gainsight.container
+parameters:
+  _param:
+    gainsight_csv_upload_url: 'http://localhost:9999'
+    gainsight_account_id: 'default'
+    gainsight_environment_id: 'default'
+    gainsight_app_org_id: 'default'
+    gainsight_access_key: 'default'
+    gainsight_job_id: 'default'
+    gainsight_login: 'default'
+    gainsight_prometheus_url: "http://${_param:stacklight_monitor_address}:${prometheus:server:bind:port}"
+    gainsight_config_directory: '/srv/gainsight'
+    gainsight_config_path: "${_param:gainsight_config_directory}/config.ini"
+    docker_image_prometheus_gainsight: 'docker-prod-local.artifactory.mirantis.com/openstack-docker/gainsight:nightly'
+  docker:
+    client:
+      stack:
+        monitoring:
+          network:
+            monitoring:
+              driver: overlay
+              driver_opts:
+                encrypted: 1
+          service:
+            gainsight:
+              networks:
+                - monitoring
+              deploy:
+                replicas: 1
+                labels:
+                  com.mirantis.monitoring: "gainsight"
+                restart_policy:
+                  condition: any
+              labels:
+                com.mirantis.monitoring: "gainsight"
+              image: ${_param:docker_image_prometheus_gainsight}
+              volumes:
+                - ${prometheus:gainsight:dir:config}:${_param:gainsight_config_directory}
+              environment:
+                CSV_UPLOAD_URL: "${_param:gainsight_csv_upload_url}"
+                ACCOUNT_ID: "${_param:gainsight_account_id}"
+                ENVIRONMENT_ID: "${_param:gainsight_environment_id}"
+                APP_ORG_ID: "${_param:gainsight_app_org_id}"
+                ACCESS_KEY: "${_param:gainsight_access_key}"
+                JOB_ID: "${_param:gainsight_job_id}"
+                LOGIN: "${_param:gainsight_login}"
+                PROMETHEUS_URL: "${_param:gainsight_prometheus_url}"
+                CONFIG_PATH: "${_param:gainsight_config_path}"
diff --git a/jenkins/client/job/debian/packages/salt.yml b/jenkins/client/job/debian/packages/salt.yml
index 3f6b0f0..7a9dd04 100644
--- a/jenkins/client/job/debian/packages/salt.yml
+++ b/jenkins/client/job/debian/packages/salt.yml
@@ -753,6 +753,10 @@
               upload_source_package: true
               upload_to_aptly: true
               dist: xenial
+            - name: openscap
+              upload_source_package: true
+              upload_to_aptly: true
+              dist: xenial
             - name: openssh
               upload_source_package: true
               upload_to_aptly: true
diff --git a/jenkins/client/job/oscore/cookiecutter.yml b/jenkins/client/job/oscore/cookiecutter.yml
index f38609a..bc180b4 100644
--- a/jenkins/client/job/oscore/cookiecutter.yml
+++ b/jenkins/client/job/oscore/cookiecutter.yml
@@ -66,7 +66,6 @@
                   cookiecutter_template_branch: 'master'
                   shared_reclass_url: https://gerrit.mcp.mirantis.net/salt-models/reclass-system.git
                   shared_reclass_branch: 'master'
-                  openstack_version: pike
             STACK_INSTALL:
               type: string
               default: 'core,openstack,ovs'
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index 37f0543..1c9f4fb 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -92,6 +92,7 @@
             - name: octavia
             - name: opencontrail
             - name: openldap
+            - name: openscap
             - name: openssh
             - name: openvpn
             - name: openvstorage
diff --git a/keepalived/cluster/instance/kube_api_server_vip.yml b/keepalived/cluster/instance/kube_api_server_vip.yml
index 7e03d25..f7fbce8 100644
--- a/keepalived/cluster/instance/kube_api_server_vip.yml
+++ b/keepalived/cluster/instance/kube_api_server_vip.yml
@@ -6,6 +6,9 @@
   _param:
     keepalived_vip_priority: 101
     keepalived_kube_apiserver_vrrp_script_content: "pidof haproxy && systemctl status kube-apiserver.service --quiet --no-pager"
+    keepalived_k8s_apiserver_vip_interface: ens3
+    keepalived_k8s_apiserver_vip_address: ${_param:kubernetes_control_address}
+    keepalived_k8s_apiserver_vip_password: password
   keepalived:
     cluster:
       vrrp_scripts:
diff --git a/keystone/client/v3/init.yml b/keystone/client/v3/init.yml
new file mode 100644
index 0000000..148da41
--- /dev/null
+++ b/keystone/client/v3/init.yml
@@ -0,0 +1,15 @@
+parameters:
+  keystone:
+    client:
+      resources:
+        v3:
+          enabled: true
+      server:
+        identity:
+          admin:
+            api_version: 3
+        admin_identity:
+          admin:
+            api_version: ''
+            user_domain_name: 'Default'
+            project_domain_name: 'Default'
diff --git a/kubernetes/master/auth/rbac.yml b/kubernetes/master/auth/rbac.yml
new file mode 100644
index 0000000..be0577b
--- /dev/null
+++ b/kubernetes/master/auth/rbac.yml
@@ -0,0 +1,5 @@
+parameters:
+  kubernetes:
+    master:
+      auth:
+        mode: Node,RBAC
diff --git a/kubernetes/master/cluster.yml b/kubernetes/master/cluster.yml
index 1295f3a..6d6b404 100644
--- a/kubernetes/master/cluster.yml
+++ b/kubernetes/master/cluster.yml
@@ -1,16 +1,21 @@
 classes:
 - service.kubernetes.master.cluster
-- service.keepalived.cluster.single
 - service.haproxy.proxy.single
 - system.haproxy.proxy.listen.kubernetes.apiserver
+- system.keepalived.cluster.instance.kube_api_server_vip
 parameters:
   _param:
     kubernetes_netchecker_agent_repo: mirantis
     kubernetes_netchecker_server_repo: mirantis
     kubernetes_netchecker_agent_image: ${_param:kubernetes_netchecker_agent_repo}/k8s-netchecker-agent:v1.2.2
     kubernetes_netchecker_server_image: ${_param:kubernetes_netchecker_server_repo}/k8s-netchecker-server:v1.2.2
+
+    kubelet_fail_on_swap: true
+
   kubernetes:
     master:
+      kubelet:
+        fail_on_swap: ${_param:kubelet_fail_on_swap}
       container: false
       network:
         calico:
diff --git a/kubernetes/master/single.yml b/kubernetes/master/single.yml
index 7fada57..b4f20b0 100644
--- a/kubernetes/master/single.yml
+++ b/kubernetes/master/single.yml
@@ -6,6 +6,11 @@
     kubernetes_netchecker_server_repo: mirantis
     kubernetes_netchecker_agent_image: ${_param:kubernetes_netchecker_agent_repo}/k8s-netchecker-agent:v1.2.2
     kubernetes_netchecker_server_image: ${_param:kubernetes_netchecker_server_repo}/k8s-netchecker-server:v1.2.2
+
+    kubelet_fail_on_swap: true
+
   kubernetes:
     master:
+      kubelet:
+        fail_on_swap: ${_param:kubelet_fail_on_swap}
       container: false
diff --git a/kubernetes/pool/cluster.yml b/kubernetes/pool/cluster.yml
index 40cc135..335078f 100644
--- a/kubernetes/pool/cluster.yml
+++ b/kubernetes/pool/cluster.yml
@@ -18,9 +18,20 @@
     kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.8.13-11
     kubernetes_contrail_cni_image: ${_param:kubernetes_contrail_cni_repo}/contrail-cni:v1.2.0
     kubernetes_contrail_network_controller_image: ${_param:kubernetes_contrail_network_controller_repo}/contrail-network-controller:v1.2.0
+    kubernetes_virtlet_image: mirantis/virtlet:v1.0.3
+    kubernetes_criproxy_version: v0.11.0
+    kubernetes_criproxy_checksum: md5=115bbb0c27518db6b0b3bc8cdc5fc897
+
+    kubelet_fail_on_swap: true
 
   kubernetes:
+    common:
+      hyperkube:
+        image: ${_param:kubernetes_hyperkube_image}
+        pause_image: ${_param:kubernetes_pause_image}
     pool:
+      kubelet:
+        fail_on_swap: ${_param:kubelet_fail_on_swap}
       container: false
       network:
         calico:
diff --git a/kubernetes/pool/single.yml b/kubernetes/pool/single.yml
index cf334df..3f4af34 100644
--- a/kubernetes/pool/single.yml
+++ b/kubernetes/pool/single.yml
@@ -18,9 +18,20 @@
     kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.8.13-11
     kubernetes_contrail_cni_image: ${_param:kubernetes_contrail_cni_repo}/contrail-cni:v1.2.0
     kubernetes_contrail_network_controller_image: ${_param:kubernetes_contrail_network_controller_repo}/contrail-network-controller:v1.2.0
+    kubernetes_virtlet_image: mirantis/virtlet:v1.0.3
+    kubernetes_criproxy_version: v0.11.0
+    kubernetes_criproxy_checksum: md5=115bbb0c27518db6b0b3bc8cdc5fc897
+
+    kubelet_fail_on_swap: true
 
   kubernetes:
+    common:
+      hyperkube:
+        image: ${_param:kubernetes_hyperkube_image}
+        pause_image: ${_param:kubernetes_pause_image}
     pool:
+      kubelet:
+        fail_on_swap: ${_param:kubelet_fail_on_swap}
       container: false
   docker:
     host:
diff --git a/prometheus/gainsight/container.yml b/prometheus/gainsight/container.yml
new file mode 100644
index 0000000..f98e052
--- /dev/null
+++ b/prometheus/gainsight/container.yml
@@ -0,0 +1,3 @@
+classes:
+- service.prometheus.gainsight.container
+
diff --git a/reclass/storage/system/kubernetes_proxy_cluster.yml b/reclass/storage/system/kubernetes_proxy_cluster.yml
new file mode 100644
index 0000000..b00c254
--- /dev/null
+++ b/reclass/storage/system/kubernetes_proxy_cluster.yml
@@ -0,0 +1,28 @@
+parameters:
+  _param:
+    kubernetes_proxy_node01_hostname: prx01
+    kubernetes_proxy_node02_hostname: prx02
+    kubernetes_proxy_system_codename: xenial
+  reclass:
+    storage:
+      node:
+        kubernetes_proxy_node01:
+          name: ${_param:kubernetes_proxy_node01_hostname}
+          domain: ${_param:cluster_domain}
+          classes:
+          - cluster.${_param:cluster_name}.kubernetes.proxy
+          params:
+            salt_master_host: ${_param:reclass_config_master}
+            linux_system_codename: ${_param:kubernetes_proxy_system_codename}
+            single_address: ${_param:kubernetes_proxy_node01_address}
+            keepalived_vip_priority: 102
+        kubernetes_proxy_node02:
+          name: ${_param:kubernetes_proxy_node02_hostname}
+          domain: ${_param:cluster_domain}
+          classes:
+          - cluster.${_param:cluster_name}.kubernetes.proxy
+          params:
+            salt_master_host: ${_param:reclass_config_master}
+            linux_system_codename: ${_param:kubernetes_proxy_system_codename}
+            single_address: ${_param:kubernetes_proxy_node02_address}
+            keepalived_vip_priority: 101
diff --git a/salt/control/cluster/kubernetes_proxy_cluster.yml b/salt/control/cluster/kubernetes_proxy_cluster.yml
new file mode 100644
index 0000000..d4251a2
--- /dev/null
+++ b/salt/control/cluster/kubernetes_proxy_cluster.yml
@@ -0,0 +1,25 @@
+parameters:
+  salt:
+    control:
+      size:
+        kubernetes.proxy:
+          cpu: 32
+          ram: 65536
+          disk_profile: small
+          net_profile: default
+      cluster:
+        internal:
+          domain: ${_param:cluster_domain}
+          engine: virt
+          node:
+            prx01:
+              name: ${_param:kubernetes_proxy_node01_hostname}
+              provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+              image: ${_param:salt_control_trusty_image}
+              size: kubernetes.proxy
+            prx02:
+              name: ${_param:kubernetes_proxy_node02_hostname}
+              provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+              image: ${_param:salt_control_trusty_image}
+              size: kubernetes.proxy
+