# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # This file provides defaults for drydock replicas: drydock: 2 labels: api: node_selector_key: ucp-control-plane node_selector_value: enabled job: node_selector_key: ucp-control-plane node_selector_value: enabled test: node_selector_key: ucp-control-plane node_selector_value: enabled images: tags: drydock: quay.io/airshipit/drydock:master dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 ks_user: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton drydock_db_init: docker.io/postgres:14.8 drydock_db_cleanup: quay.io/airshipit/drydock:master drydock_db_sync: quay.io/airshipit/drydock:master pull_policy: "IfNotPresent" #TODO(mattmceuen): This chart does not yet support local image caching local_registry: active: false exclude: - dep_check - image_repo_sync network: api: nodeport: enabled: false ingress: public: true classes: namespace: "nginx" cluster: "nginx-cluster" annotations: nginx.ingress.kubernetes.io/rewrite-target: / pod: mandatory_access_control: type: apparmor drydock-api: init: runtime/default drydock-api: runtime/default drydock-db-init: init: runtime/default drydock-db-init: runtime/default drydock-db-cleanup: init: runtime/default drydock-db-cleanup: runtime/default drydock-db-sync: init: runtime/default drydock-db-sync: runtime/default drydock-api-test: drydock-api-test: runtime/default drydock-auth-test: drydock-auth-test: runtime/default security_context: drydock: pod: runAsUser: 65534 container: drydock_api: readOnlyRootFilesystem: true allowPrivilegeEscalation: false db_init: pod: runAsUser: 65534 container: drydock_db_init: readOnlyRootFilesystem: true allowPrivilegeEscalation: false db_cleanup: pod: runAsUser: 65534 container: drydock_db_cleanup: readOnlyRootFilesystem: true allowPrivilegeEscalation: false db_sync: pod: runAsUser: 65534 container: drydock_db_sync: readOnlyRootFilesystem: true allowPrivilegeEscalation: false api_test: pod: runAsUser: 65534 container: drydock_api_test: readOnlyRootFilesystem: true allowPrivilegeEscalation: false auth_test: pod: runAsUser: 65534 container: drydock_auth_test: readOnlyRootFilesystem: true allowPrivilegeEscalation: false lifecycle: upgrades: deployments: revision_history: 3 pod_replacement_strategy: RollingUpdate rolling_update: max_unavailable: 1 max_surge: 3 affinity: anti: type: default: preferredDuringSchedulingIgnoredDuringExecution topologyKey: default: kubernetes.io/hostname resources: enabled: false test: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" api: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" jobs: ks_user: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" ks_service: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" ks_endpoints: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" drydock_db_sync: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" drydock_db_init: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" cronjobs: drydock_db_cleanup: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" network_policy: drydock: ingress: - {} egress: - {} manifests: cronjob_drydock_db_cleanup: false job_ks_service: true job_ks_user: true job_ks_endpoints: true job_drydock_db_init: true job_drydock_db_sync: true secret_keystone: true secret_database: true secret_ssh_key: true secret_tls: true configmap_etc: true configmap_bin: true service_drydock: true ingress_drydock: true deployment_drydock: true test_drydock_api: true test_drydock_auth: true network_policy: false dependencies: dynamic: common: local_image_registry: jobs: - drydock-image-repo-sync services: - endpoint: node service: local_image_registry static: db_init: services: - service: postgresql endpoint: internal db_sync: services: - service: postgresql endpoint: internal jobs: - drydock-db-init ks_user: services: - service: identity endpoint: internal ks_service: services: - service: identity endpoint: internal ks_endpoints: jobs: - drydock-ks-service services: - service: identity endpoint: internal api: jobs: - drydock-ks-endpoints - drydock-ks-user - drydock-ks-service - drydock-db-init - drydock-db-sync services: - service: identity endpoint: internal - service: postgresql endpoint: internal endpoints: cluster_domain_suffix: cluster.local identity: name: keystone auth: admin: region_name: RegionOne project_name: admin password: password username: admin user_domain_name: default project_domain_name: default drydock: region_name: RegionOne role: admin project_name: service project_domain_name: default user_domain_name: default username: drydock password: password hosts: default: keystone internal: keystone-api host_fqdn_override: default: null path: default: /v3 scheme: default: http port: api: default: 80 internal: 5000 physicalprovisioner: name: drydock hosts: default: drydock-api public: drydock port: api: default: 9000 nodeport: 31900 path: default: /api/v1.0 scheme: default: http host_fqdn_override: default: null public: host: drydock.test.local # tls: # crt: replace # ca: replace # key: replace postgresql: # frequency to run table purges cleanup_schedule: "0 1 * * *" ttl_finished: 86400 # number of days to retain for the tasks table days_to_retain: "90" history: success: 3 failed: 1 name: postgresql auth: admin: username: postgres password: password user: username: drydock password: password database: drydock hosts: default: postgresql path: /drydock scheme: postgresql+psycopg2 port: postgresql: default: 5432 host_fqdn_override: default: null maas_region: name: maas-region auth: admin: username: admin password: admin email: none@none hosts: default: maas-region public: maas path: default: /MAAS scheme: default: http port: region_api: default: 80 public: 80 nodeport: 31900 region_proxy: default: 8000 host_fqdn_override: default: null secrets: identity: admin: drydock-keystone-admin drydock: drydock-keystone-user postgresql: admin: drydock-postgresql-admin user: drydock-postgresql-user ssh_key: ssh-private-key tls: physicalprovisioner: api: public: drydock-tls-public # Settings for drydock.conf conf: ssh: # A SSH private key strings to mount # to allow Drydock access virsh over SSH # The corresponding public key should be # added to a authorized_keys file to a user # in the libvirt group on the hypervisors private_key: null config: UserKnownHostsFile: '/dev/null' StrictHostKeyChecking: 'no' uwsgi: threads: 1 workers: 1 drydock: logging: log_level: 'DEBUG' global_logger_name: 'drydock' oobdriver_logger_name: '${global_logger_name}.oobdriver' nodedriver_logger_name: '${global_logger_name}.nodedriver' control_logger_name: '${global_logger_name}.control' maasdriver: maas_api_key: 'override_this' maas_api_url: null plugins: ingester: - 'drydock_provisioner.ingester.plugins.yaml.YamlIngester' oob_driver: - 'drydock_provisioner.drivers.oob.redfish_driver.driver.RedfishDriver' - 'drydock_provisioner.drivers.oob.pyghmi_driver.driver.PyghmiDriver' - 'drydock_provisioner.drivers.oob.manual_driver.driver.ManualDriver' - 'drydock_provisioner.drivers.oob.libvirt_driver.driver.LibvirtDriver' node_driver: 'drydock_provisioner.drivers.node.maasdriver.driver.MaasNodeDriver' timeouts: drydock_timeout: 5 create_network_template: 2 identify_node: 10 configure_hardware: 30 apply_node_networking: 5 apply_node_platform: 5 deploy_node: 45 bootdata: prom_init: '/etc/drydock/bootdata/join.sh' keystone_authtoken: delay_auth_decision: true auth_type: password auth_section: keystone_authtoken database: database_connect_string: null # end drydock.conf # configs for api-paste.ini paste: override: append: # end api-paste.ini # configs for policy.yaml policy: override: append: # end policy.yaml