A configuration management service with support for secrets.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

values.yaml 9.4KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393
  1. # Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. # See the License for the specific language governing permissions and
  13. # limitations under the License.
  14. # This file provides defaults for deckhand
  15. labels:
  16. api:
  17. node_selector_key: ucp-control-plane
  18. node_selector_value: enabled
  19. job:
  20. node_selector_key: ucp-control-plane
  21. node_selector_value: enabled
  22. test:
  23. node_selector_key: ucp-control-plane
  24. node_selector_value: enabled
  25. images:
  26. tags:
  27. deckhand: quay.io/attcomdev/deckhand:latest
  28. dep_check: "quay.io/stackanetes/kubernetes-entrypoint:v0.3.1"
  29. db_init: docker.io/postgres:9.5
  30. db_sync: quay.io/attcomdev/deckhand:latest
  31. image_repo_sync: docker.io/docker:17.07.0
  32. ks_endpoints: docker.io/openstackhelm/heat:newton
  33. ks_service: docker.io/openstackhelm/heat:newton
  34. ks_user: docker.io/openstackhelm/heat:newton
  35. pull_policy: "IfNotPresent"
  36. local_registry:
  37. active: false
  38. exclude:
  39. - dep_check
  40. - image_repo_sync
  41. release_group: null
  42. network:
  43. api:
  44. ingress:
  45. public: true
  46. classes:
  47. namespace: "nginx"
  48. cluster: "nginx-cluster"
  49. annotations:
  50. nginx.ingress.kubernetes.io/rewrite-target: /
  51. node_port:
  52. enabled: false
  53. port: 301902
  54. dependencies:
  55. dynamic:
  56. common:
  57. local_image_registry:
  58. jobs:
  59. - glance-image-repo-sync
  60. services:
  61. - endpoint: node
  62. service: local_image_registry
  63. static:
  64. db_init:
  65. services:
  66. - service: postgresql
  67. endpoint: internal
  68. db_sync:
  69. jobs:
  70. - deckhand-db-init
  71. services:
  72. - service: postgresql
  73. endpoint: internal
  74. ks_user:
  75. services:
  76. - service: identity
  77. endpoint: internal
  78. ks_service:
  79. services:
  80. - service: identity
  81. endpoint: internal
  82. ks_endpoints:
  83. jobs:
  84. - deckhand-ks-service
  85. services:
  86. - service: identity
  87. endpoint: internal
  88. deckhand:
  89. jobs:
  90. - deckhand-ks-endpoints
  91. - deckhand-ks-user
  92. - deckhand-ks-endpoints
  93. services:
  94. - service: identity
  95. endpoint: internal
  96. - service: key_manager
  97. endpoint: internal
  98. # typically overridden by environmental
  99. # values, but should include all endpoints
  100. # required by this chart
  101. endpoints:
  102. cluster_domain_suffix: cluster.local
  103. local_image_registry:
  104. name: docker-registry
  105. namespace: docker-registry
  106. hosts:
  107. default: localhost
  108. internal: docker-registry
  109. node: localhost
  110. host_fqdn_override:
  111. default: null
  112. port:
  113. registry:
  114. node: 5000
  115. identity:
  116. name: keystone
  117. auth:
  118. deckhand:
  119. region_name: RegionOne
  120. role: admin
  121. project_name: service
  122. project_domain_name: default
  123. user_domain_name: default
  124. username: deckhand
  125. password: password
  126. admin:
  127. region_name: RegionOne
  128. project_name: admin
  129. password: password
  130. username: admin
  131. user_domain_name: default
  132. project_domain_name: default
  133. hosts:
  134. default: keystone-api
  135. public: keystone
  136. path:
  137. default: /v3
  138. scheme:
  139. default: http
  140. port:
  141. admin:
  142. default: 35357
  143. api:
  144. default: 80
  145. host_fqdn_override:
  146. default: null
  147. deckhand:
  148. name: deckhand
  149. hosts:
  150. default: deckhand-int
  151. public: deckhand-api
  152. port:
  153. api:
  154. default: 9000
  155. public: 80
  156. path:
  157. default: /api/v1.0
  158. scheme:
  159. default: http
  160. host_fqdn_override:
  161. default: null
  162. postgresql:
  163. name: postgresql
  164. auth:
  165. admin:
  166. username: postgres
  167. password: password
  168. user:
  169. username: deckhand
  170. password: password
  171. database: deckhand
  172. hosts:
  173. default: postgresql
  174. path: /deckhand
  175. scheme: postgresql+psycopg2
  176. port:
  177. postgresql:
  178. default: 5432
  179. host_fqdn_override:
  180. default: null
  181. key_manager:
  182. name: barbican
  183. hosts:
  184. default: barbican-api
  185. public: barbican
  186. host_fqdn_override:
  187. default: null
  188. path:
  189. default: /v1
  190. scheme:
  191. default: http
  192. port:
  193. api:
  194. default: 9311
  195. public: 80
  196. oslo_cache:
  197. hosts:
  198. default: memcached
  199. host_fqdn_override:
  200. default: null
  201. port:
  202. memcache:
  203. default: 11211
  204. secrets:
  205. identity:
  206. admin: deckhand-keystone-admin
  207. deckhand: deckhand-keystone-user
  208. postgresql:
  209. admin: deckhand-db-admin
  210. user: deckhand-db-user
  211. conf:
  212. uwsgi:
  213. # NOTE(fmontei): Deckhand's database is not configured to work with
  214. # multiprocessing. Currently there is a data race on acquiring shared
  215. # SQLAlchemy engine pooled connection strings when workers > 1. As a
  216. # workaround, we use multiple threads but only 1 worker. For more
  217. # information, see: https://github.com/att-comdev/deckhand/issues/20
  218. threads: 4
  219. workers: 1
  220. policy:
  221. admin_api: role:admin
  222. deckhand:create_cleartext_documents: rule:admin_api
  223. deckhand:create_encrypted_documents: rule:admin_api
  224. deckhand:list_cleartext_documents: rule:admin_api
  225. deckhand:list_encrypted_documents: rule:admin_api
  226. deckhand:show_revision: rule:admin_api
  227. deckhand:list_revisions: rule:admin_api
  228. deckhand:delete_revisions: rule:admin_api
  229. deckhand:show_revision_diff: rule:admin_api
  230. deckhand:create_tag: rule:admin_api
  231. deckhand:show_tag: rule:admin_api
  232. deckhand:list_tags: rule:admin_api
  233. deckhand:delete_tag: rule:admin_api
  234. deckhand:delete_tags: rule:admin_api
  235. paste:
  236. filter:authtoken:
  237. paste.filter_factory: keystonemiddleware.auth_token:filter_factory
  238. filter:debug:
  239. use: egg:oslo.middleware#debug
  240. filter:cors:
  241. paste.filter_factory: oslo_middleware.cors:filter_factory
  242. oslo_config_project: deckhand
  243. filter:request_id:
  244. paste.filter_factory: oslo_middleware:RequestId.factory
  245. app:api:
  246. paste.app_factory: deckhand.service:deckhand_app_factory
  247. pipeline:deckhand_api:
  248. pipeline: authtoken api
  249. deckhand:
  250. DEFAULT:
  251. debug: true
  252. use_stderr: true
  253. use_syslog: true
  254. profiler: false
  255. database:
  256. connection:
  257. keystone_authtoken:
  258. delay_auth_decision: true
  259. auth_type: password
  260. auth_version: v3
  261. memcache_security_strategy: ENCRYPT
  262. oslo_policy:
  263. policy_file: policy.yaml
  264. policy_default_rule: default
  265. policy_dirs: policy.d
  266. barbican:
  267. api_endpoint:
  268. logging:
  269. loggers:
  270. keys: 'root, deckhand, error'
  271. handlers:
  272. keys: 'null, stderr, stdout, syslog'
  273. formatters:
  274. keys: 'simple, context'
  275. logger_deckhand:
  276. level: DEBUG
  277. handlers: stdout
  278. qualname: deckhand
  279. logger_error:
  280. level: ERROR
  281. handlers: stderr
  282. qualname: deckhand
  283. logger_root:
  284. level: WARNING
  285. handlers: null
  286. handler_null:
  287. class: 'logging.NullHandler'
  288. formatter: context
  289. args: '()'
  290. handler_stderr:
  291. class: StreamHandler
  292. args: '(sys.stderr,)'
  293. formatter: context
  294. handler_stdout:
  295. class: StreamHandler
  296. args: '(sys.stdout,)'
  297. formatter: context
  298. handler_syslog:
  299. class: 'handlers.SysLogHandler'
  300. level: ERROR
  301. args: "('/dev/log', handlers.SysLogHandler.LOG_USER)"
  302. formatter_context:
  303. class: 'oslo_log.formatters.ContextFormatter'
  304. formatter_simple:
  305. format: "%(asctime)s.%(msecs)03d %(process)d %(levelname)s: %(message)s"
  306. pod:
  307. mounts:
  308. deckhand_db_init:
  309. init_container: null
  310. deckhand_db_init:
  311. deckhand_db_sync:
  312. init_container: null
  313. deckhand_db_sync:
  314. deckhand:
  315. init_container: null
  316. deckhand:
  317. lifecycle:
  318. upgrades:
  319. deployments:
  320. revision_history: 3
  321. pod_replacement_strategy: RollingUpdate
  322. rolling_update:
  323. max_unavailable: 1
  324. max_surge: 3
  325. termination_grace_period:
  326. deckhand:
  327. timeout: 30
  328. replicas:
  329. deckhand: 1
  330. resources:
  331. enabled: false
  332. api:
  333. limits:
  334. memory: "128Mi"
  335. cpu: "100m"
  336. requests:
  337. memory: "128Mi"
  338. cpu: "100m"
  339. jobs:
  340. ks_user:
  341. limits:
  342. memory: "128Mi"
  343. cpu: "100m"
  344. requests:
  345. memory: "128Mi"
  346. cpu: "100m"
  347. ks_service:
  348. limits:
  349. memory: "128Mi"
  350. cpu: "100m"
  351. requests:
  352. memory: "128Mi"
  353. cpu: "100m"
  354. ks_endpoints:
  355. limits:
  356. memory: "128Mi"
  357. cpu: "100m"
  358. requests:
  359. memory: "128Mi"
  360. cpu: "100m"
  361. test:
  362. deckhand:
  363. limits:
  364. memory: "128Mi"
  365. cpu: "100m"
  366. requests:
  367. memory: "128Mi"
  368. cpu: "100m"
  369. manifests:
  370. configmap_bin: true
  371. configmap_etc: true
  372. deployment: true
  373. ingress_api: true
  374. job_db_init: true
  375. job_db_sync: true
  376. job_image_repo_sync: true
  377. job_ks_endpoints: true
  378. job_ks_service: true
  379. job_ks_user: true
  380. secret_db: true
  381. secret_keystone: true
  382. service_api: true
  383. service_ingress_api: true
  384. test_deckhand_api: true