drydock/charts/drydock/values.yaml

423 lines
9.9 KiB
YAML

# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This file provides defaults for drydock
replicas:
drydock: 2
labels:
api:
node_selector_key: ucp-control-plane
node_selector_value: enabled
job:
node_selector_key: ucp-control-plane
node_selector_value: enabled
test:
node_selector_key: ucp-control-plane
node_selector_value: enabled
images:
tags:
drydock: quay.io/airshipit/drydock:master
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton
drydock_db_init: docker.io/postgres:9.5
drydock_db_sync: quay.io/airshipit/drydock:master
pull_policy: "IfNotPresent"
#TODO(mattmceuen): This chart does not yet support local image caching
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
network:
api:
nodeport:
enabled: false
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
pod:
mandatory_access_control:
type: apparmor
drydock-api:
init: runtime/default
drydock-api: runtime/default
drydock-db-init:
init: runtime/default
drydock-db-init: runtime/default
drydock-db-sync:
init: runtime/default
drydock-db-sync: runtime/default
drydock-api-test:
drydock-api-test: runtime/default
drydock-auth-test:
drydock-auth-test: runtime/default
security_context:
drydock:
pod:
runAsUser: 65534
container:
drydock_api:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
db_init:
pod:
runAsUser: 65534
container:
drydock_db_init:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
db_sync:
pod:
runAsUser: 65534
container:
drydock_db_sync:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
api_test:
pod:
runAsUser: 65534
container:
drydock_api_test:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
auth_test:
pod:
runAsUser: 65534
container:
drydock_auth_test:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
resources:
enabled: false
test:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
api:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
jobs:
ks_user:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
ks_service:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
ks_endpoints:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
drydock_db_sync:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
drydock_db_init:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
network_policy:
drydock:
ingress:
- {}
egress:
- {}
manifests:
job_ks_service: true
job_ks_user: true
job_ks_endpoints: true
job_drydock_db_init: true
job_drydock_db_sync: true
secret_keystone: true
secret_database: true
secret_ssh_key: true
secret_tls: true
configmap_etc: true
configmap_bin: true
service_drydock: true
ingress_drydock: true
deployment_drydock: true
test_drydock_api: true
test_drydock_auth: true
network_policy: false
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- drydock-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
db_init:
services:
- service: postgresql
endpoint: internal
db_sync:
services:
- service: postgresql
endpoint: internal
jobs:
- drydock-db-init
ks_user:
services:
- service: identity
endpoint: internal
ks_service:
services:
- service: identity
endpoint: internal
ks_endpoints:
jobs:
- drydock-ks-service
services:
- service: identity
endpoint: internal
api:
jobs:
- drydock-ks-endpoints
- drydock-ks-user
- drydock-ks-service
- drydock-db-init
- drydock-db-sync
services:
- service: identity
endpoint: internal
- service: postgresql
endpoint: internal
endpoints:
cluster_domain_suffix: cluster.local
identity:
name: keystone
auth:
admin:
region_name: RegionOne
project_name: admin
password: password
username: admin
user_domain_name: default
project_domain_name: default
drydock:
region_name: RegionOne
role: admin
project_name: service
project_domain_name: default
user_domain_name: default
username: drydock
password: password
hosts:
default: keystone
internal: keystone-api
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
api:
default: 80
internal: 5000
physicalprovisioner:
name: drydock
hosts:
default: drydock-api
public: drydock
port:
api:
default: 9000
nodeport: 31900
path:
default: /api/v1.0
scheme:
default: http
host_fqdn_override:
default: null
public:
host: drydock.test.local
# tls:
# crt: replace
# ca: replace
# key: replace
postgresql:
name: postgresql
auth:
admin:
username: postgres
password: password
user:
username: drydock
password: password
database: drydock
hosts:
default: postgresql
path: /drydock
scheme: postgresql+psycopg2
port:
postgresql:
default: 5432
host_fqdn_override:
default: null
maas_region:
name: maas-region
auth:
admin:
username: admin
password: admin
email: none@none
hosts:
default: maas-region
public: maas
path:
default: /MAAS
scheme:
default: http
port:
region_api:
default: 80
public: 80
nodeport: 31900
region_proxy:
default: 8000
host_fqdn_override:
default: null
secrets:
identity:
admin: drydock-keystone-admin
drydock: drydock-keystone-user
postgresql:
admin: drydock-postgresql-admin
user: drydock-postgresql-user
ssh_key: ssh-private-key
tls:
physicalprovisioner:
api:
public: drydock-tls-public
# Settings for drydock.conf
conf:
ssh:
# A SSH private key strings to mount
# to allow Drydock access virsh over SSH
# The corresponding public key should be
# added to a authorized_keys file to a user
# in the libvirt group on the hypervisors
private_key: null
config:
UserKnownHostsFile: '/dev/null'
StrictHostKeyChecking: 'no'
uwsgi:
threads: 1
workers: 1
drydock:
logging:
log_level: 'DEBUG'
global_logger_name: 'drydock'
oobdriver_logger_name: '${global_logger_name}.oobdriver'
nodedriver_logger_name: '${global_logger_name}.nodedriver'
control_logger_name: '${global_logger_name}.control'
maasdriver:
maas_api_key: 'override_this'
maas_api_url: null
plugins:
ingester:
- 'drydock_provisioner.ingester.plugins.yaml.YamlIngester'
oob_driver:
- 'drydock_provisioner.drivers.oob.redfish_driver.driver.RedfishDriver'
- 'drydock_provisioner.drivers.oob.pyghmi_driver.driver.PyghmiDriver'
- 'drydock_provisioner.drivers.oob.manual_driver.driver.ManualDriver'
- 'drydock_provisioner.drivers.oob.libvirt_driver.driver.LibvirtDriver'
node_driver: 'drydock_provisioner.drivers.node.maasdriver.driver.MaasNodeDriver'
timeouts:
drydock_timeout: 5
create_network_template: 2
identify_node: 10
configure_hardware: 30
apply_node_networking: 5
apply_node_platform: 5
deploy_node: 45
bootdata:
prom_init: '/etc/drydock/bootdata/join.sh'
keystone_authtoken:
delay_auth_decision: true
auth_type: password
auth_section: keystone_authtoken
database:
database_connect_string: null
# end drydock.conf
# configs for api-paste.ini
paste:
override:
append:
# end api-paste.ini
# configs for policy.yaml
policy:
override:
append:
# end policy.yaml