d41e5a44ca
1) UCP -> Airship 2) readthedocs.org -> readthedocs.io (there is redirect) 3) http -> https 4) attcomdev -> airshipit (repo on quay.io) 5) att-comdev -> openstack/airship-* (repo on github/openstack git) 6) many URLs have been verified and adjusted to be current 7) no need for 'en/latest/' path in URL of the RTD 8) added more info to some setup.cfg and setup.py files 9) ucp-integration docs are now in airship-in-a-bottle 10) various other minor fixes Change-Id: I12b2fa8fbec37a483a0ad50382e08f51ed97533a
406 lines
9.7 KiB
YAML
406 lines
9.7 KiB
YAML
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# This file provides defaults for deckhand
|
|
|
|
labels:
|
|
api:
|
|
node_selector_key: ucp-control-plane
|
|
node_selector_value: enabled
|
|
job:
|
|
node_selector_key: ucp-control-plane
|
|
node_selector_value: enabled
|
|
test:
|
|
node_selector_key: ucp-control-plane
|
|
node_selector_value: enabled
|
|
|
|
images:
|
|
tags:
|
|
deckhand: quay.io/airshipit/deckhand:latest
|
|
dep_check: "quay.io/stackanetes/kubernetes-entrypoint:v0.3.1"
|
|
db_init: docker.io/postgres:9.5
|
|
db_sync: quay.io/airshipit/deckhand:latest
|
|
image_repo_sync: docker.io/docker:17.07.0
|
|
ks_endpoints: docker.io/openstackhelm/heat:newton
|
|
ks_service: docker.io/openstackhelm/heat:newton
|
|
ks_user: docker.io/openstackhelm/heat:newton
|
|
pull_policy: "IfNotPresent"
|
|
local_registry:
|
|
active: false
|
|
exclude:
|
|
- dep_check
|
|
- image_repo_sync
|
|
|
|
release_group: null
|
|
|
|
network:
|
|
api:
|
|
ingress:
|
|
public: true
|
|
classes:
|
|
namespace: "nginx"
|
|
cluster: "nginx-cluster"
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
|
node_port:
|
|
enabled: false
|
|
port: 301902
|
|
|
|
dependencies:
|
|
dynamic:
|
|
common:
|
|
local_image_registry:
|
|
jobs:
|
|
- glance-image-repo-sync
|
|
services:
|
|
- endpoint: node
|
|
service: local_image_registry
|
|
static:
|
|
db_init:
|
|
services:
|
|
- service: postgresql
|
|
endpoint: internal
|
|
db_sync:
|
|
jobs:
|
|
- deckhand-db-init
|
|
services:
|
|
- service: postgresql
|
|
endpoint: internal
|
|
ks_user:
|
|
services:
|
|
- service: identity
|
|
endpoint: internal
|
|
ks_service:
|
|
services:
|
|
- service: identity
|
|
endpoint: internal
|
|
ks_endpoints:
|
|
jobs:
|
|
- deckhand-ks-service
|
|
services:
|
|
- service: identity
|
|
endpoint: internal
|
|
deckhand:
|
|
jobs:
|
|
- deckhand-ks-endpoints
|
|
- deckhand-ks-user
|
|
- deckhand-ks-endpoints
|
|
services:
|
|
- service: identity
|
|
endpoint: internal
|
|
- service: key_manager
|
|
endpoint: internal
|
|
|
|
# typically overridden by environmental
|
|
# values, but should include all endpoints
|
|
# required by this chart
|
|
endpoints:
|
|
cluster_domain_suffix: cluster.local
|
|
local_image_registry:
|
|
name: docker-registry
|
|
namespace: docker-registry
|
|
hosts:
|
|
default: localhost
|
|
internal: docker-registry
|
|
node: localhost
|
|
host_fqdn_override:
|
|
default: null
|
|
port:
|
|
registry:
|
|
node: 5000
|
|
identity:
|
|
name: keystone
|
|
auth:
|
|
deckhand:
|
|
region_name: RegionOne
|
|
role: admin
|
|
project_name: service
|
|
project_domain_name: default
|
|
user_domain_name: default
|
|
username: deckhand
|
|
password: password
|
|
admin:
|
|
region_name: RegionOne
|
|
project_name: admin
|
|
password: password
|
|
username: admin
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
hosts:
|
|
default: keystone
|
|
internal: keystone-api
|
|
path:
|
|
default: /v3
|
|
scheme:
|
|
default: http
|
|
port:
|
|
api:
|
|
default: 80
|
|
internal: 5000
|
|
host_fqdn_override:
|
|
default: null
|
|
deckhand:
|
|
name: deckhand
|
|
hosts:
|
|
default: deckhand-int
|
|
public: deckhand-api
|
|
port:
|
|
api:
|
|
default: 9000
|
|
public: 80
|
|
path:
|
|
default: /api/v1.0
|
|
scheme:
|
|
default: http
|
|
host_fqdn_override:
|
|
default: null
|
|
# NOTE(lamt): This chart supports TLS for fqdn overriden public
|
|
# endpoints using the following format:
|
|
# public:
|
|
# host: null
|
|
# tls:
|
|
# crt: null
|
|
# key: null
|
|
postgresql:
|
|
name: postgresql
|
|
auth:
|
|
admin:
|
|
username: postgres
|
|
password: password
|
|
user:
|
|
username: deckhand
|
|
password: password
|
|
database: deckhand
|
|
hosts:
|
|
default: postgresql
|
|
path: /deckhand
|
|
scheme: postgresql+psycopg2
|
|
port:
|
|
postgresql:
|
|
default: 5432
|
|
host_fqdn_override:
|
|
default: null
|
|
key_manager:
|
|
name: barbican
|
|
hosts:
|
|
default: barbican-api
|
|
public: barbican
|
|
host_fqdn_override:
|
|
default: null
|
|
path:
|
|
default: /v1
|
|
scheme:
|
|
default: http
|
|
port:
|
|
api:
|
|
default: 9311
|
|
public: 80
|
|
oslo_cache:
|
|
hosts:
|
|
default: memcached
|
|
host_fqdn_override:
|
|
default: null
|
|
port:
|
|
memcache:
|
|
default: 11211
|
|
|
|
secrets:
|
|
identity:
|
|
admin: deckhand-keystone-admin
|
|
deckhand: deckhand-keystone-user
|
|
postgresql:
|
|
admin: deckhand-db-admin
|
|
user: deckhand-db-user
|
|
tls:
|
|
deckhand:
|
|
api:
|
|
public: deckhand-tls-public
|
|
|
|
conf:
|
|
uwsgi:
|
|
# NOTE(fmontei): Deckhand's database is not configured to work with
|
|
# multiprocessing. Currently there is a data race on acquiring shared
|
|
# SQLAlchemy engine pooled connection strings when workers > 1. As a
|
|
# workaround, we use multiple threads but only 1 worker. For more
|
|
# information, see: https://github.com/att-comdev/deckhand/issues/20
|
|
threads: 4
|
|
workers: 1
|
|
policy:
|
|
admin_api: role:admin
|
|
deckhand:create_cleartext_documents: rule:admin_api
|
|
deckhand:create_encrypted_documents: rule:admin_api
|
|
deckhand:list_cleartext_documents: rule:admin_api
|
|
deckhand:list_encrypted_documents: rule:admin_api
|
|
deckhand:show_revision: rule:admin_api
|
|
deckhand:list_revisions: rule:admin_api
|
|
deckhand:delete_revisions: rule:admin_api
|
|
deckhand:show_revision_deepdiff: rule:admin_api
|
|
deckhand:show_revision_diff: rule:admin_api
|
|
deckhand:create_tag: rule:admin_api
|
|
deckhand:show_tag: rule:admin_api
|
|
deckhand:list_tags: rule:admin_api
|
|
deckhand:delete_tag: rule:admin_api
|
|
deckhand:delete_tags: rule:admin_api
|
|
paste:
|
|
filter:authtoken:
|
|
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
|
|
filter:debug:
|
|
use: egg:oslo.middleware#debug
|
|
filter:cors:
|
|
paste.filter_factory: oslo_middleware.cors:filter_factory
|
|
oslo_config_project: deckhand
|
|
filter:request_id:
|
|
paste.filter_factory: oslo_middleware:RequestId.factory
|
|
app:api:
|
|
paste.app_factory: deckhand.service:deckhand_app_factory
|
|
pipeline:deckhand_api:
|
|
pipeline: authtoken api
|
|
deckhand:
|
|
DEFAULT:
|
|
debug: true
|
|
use_stderr: true
|
|
use_syslog: true
|
|
profiler: false
|
|
database:
|
|
connection:
|
|
keystone_authtoken:
|
|
delay_auth_decision: true
|
|
auth_type: password
|
|
auth_version: v3
|
|
memcache_security_strategy: ENCRYPT
|
|
oslo_policy:
|
|
policy_file: policy.yaml
|
|
policy_default_rule: default
|
|
policy_dirs: policy.d
|
|
barbican:
|
|
api_endpoint:
|
|
logging:
|
|
loggers:
|
|
keys: 'root, deckhand, error'
|
|
handlers:
|
|
keys: 'null, stderr, stdout, syslog'
|
|
formatters:
|
|
keys: 'simple, context'
|
|
logger_deckhand:
|
|
level: DEBUG
|
|
handlers: stdout
|
|
qualname: deckhand
|
|
logger_error:
|
|
level: ERROR
|
|
handlers: stderr
|
|
qualname: deckhand
|
|
logger_root:
|
|
level: WARNING
|
|
handlers: null
|
|
handler_null:
|
|
class: 'logging.NullHandler'
|
|
formatter: context
|
|
args: '()'
|
|
handler_stderr:
|
|
class: StreamHandler
|
|
args: '(sys.stderr,)'
|
|
formatter: context
|
|
handler_stdout:
|
|
class: StreamHandler
|
|
args: '(sys.stdout,)'
|
|
formatter: context
|
|
handler_syslog:
|
|
class: 'handlers.SysLogHandler'
|
|
level: ERROR
|
|
args: "('/dev/log', handlers.SysLogHandler.LOG_USER)"
|
|
formatter_context:
|
|
class: 'oslo_log.formatters.ContextFormatter'
|
|
formatter_simple:
|
|
format: "%(asctime)s.%(msecs)03d %(process)d %(levelname)s: %(message)s"
|
|
pod:
|
|
mounts:
|
|
deckhand_db_init:
|
|
init_container: null
|
|
deckhand_db_init:
|
|
deckhand_db_sync:
|
|
init_container: null
|
|
deckhand_db_sync:
|
|
deckhand:
|
|
init_container: null
|
|
deckhand:
|
|
lifecycle:
|
|
upgrades:
|
|
deployments:
|
|
revision_history: 3
|
|
pod_replacement_strategy: RollingUpdate
|
|
rolling_update:
|
|
max_unavailable: 1
|
|
max_surge: 3
|
|
termination_grace_period:
|
|
deckhand:
|
|
timeout: 30
|
|
replicas:
|
|
deckhand: 1
|
|
resources:
|
|
enabled: false
|
|
api:
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
jobs:
|
|
ks_user:
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
ks_service:
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
ks_endpoints:
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
test:
|
|
deckhand:
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
manifests:
|
|
configmap_bin: true
|
|
configmap_etc: true
|
|
deployment: true
|
|
ingress_api: true
|
|
job_db_init: true
|
|
job_db_sync: true
|
|
job_image_repo_sync: true
|
|
job_ks_endpoints: true
|
|
job_ks_service: true
|
|
job_ks_user: true
|
|
secret_db: true
|
|
secret_ingress_tls: true
|
|
secret_keystone: true
|
|
service_api: true
|
|
service_ingress_api: true
|
|
test_deckhand_api: true
|