airship
/
maas
Code Issues Proposed changes
maas/charts/maas/values.yaml

725 lines
20 KiB
YAML
Raw Permalink Blame History

# Copyright 2017 The Openstack-Helm Authors.
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for maas.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
dependencies:
static:
maas_ingress: {}
maas_syslog: {}
rack_controller:
services:
- service: maas_region
endpoint: internal
- service: maas_ingress
endpoint: monitor
jobs:
- maas-export-api-key
region_controller:
jobs:
- maas-db-sync
services:
- service: maas_db
endpoint: internal
- service: maas_ingress
endpoint: monitor
db_init:
services:
- service: maas_db
endpoint: internal
db_sync:
jobs:
- maas-db-init
bootstrap_admin_user:
jobs:
- maas-db-sync
services:
- service: maas_region
endpoint: internal
- service: maas_db
endpoint: internal
- service: maas_ingress
endpoint: monitor
import_resources:
jobs:
- maas-bootstrap-admin-user
services:
- service: maas_region
endpoint: internal
- service: maas_db
endpoint: internal
- service: maas_ingress
endpoint: monitor
export_api_key:
jobs:
- maas-bootstrap-admin-user
services:
- service: maas_region
endpoint: internal
- service: maas_db
endpoint: internal
- service: maas_ingress
endpoint: monitor
network_policy:
maas:
ingress:
- {}
egress:
- {}
manifests:
region_statefulset: true
rack_statefulset: true
syslog_statefulset: true
syslog_service: true
test_maas_api: true
secret_ssh_key: false
ingress_region: true
configmap_ingress: true
maas_ingress: true
network_policy: false
images:
tags:
db_init: docker.io/postgres:9.5
db_sync: quay.io/airshipit/maas-region-controller:latest
maas_rack: quay.io/airshipit/maas-rack-controller:latest
maas_region: quay.io/airshipit/maas-region-controller:latest
bootstrap: quay.io/airshipit/maas-region-controller:latest
export_api_key: quay.io/airshipit/maas-region-controller:latest
maas_cache: quay.io/airshipit/sstream-cache:latest
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1
ingress_vip: docker.io/busybox:latest
error_pages: gcr.io/google_containers/ingress-gce-404-server-with-metrics-amd64:v1.6.0
maas_syslog: quay.io/airshipit/maas-region-controller:latest
pull_policy: IfNotPresent
local_registry:
# TODO(portdirect): this chart does not yet support local image cacheing
active: false
exclude:
- dep_check
jobs:
import_boot_resources:
try_limit: 1
retry_timer: 10
#default timeout: 15 minutes
timeout: 900
labels:
rack:
node_selector_key: ucp-control-plane
node_selector_value: enabled
region:
node_selector_key: ucp-control-plane
node_selector_value: enabled
ingress:
node_selector_key: ucp-control-plane
node_selector_value: enabled
syslog:
node_selector_key: ucp-control-plane
node_selector_value: enabled
test:
node_selector_key: ucp-control-plane
node_selector_value: enabled
network:
maas_ingress:
mode: routed
interface: maas-vip
addr: 172.18.0.2/32
region_proxy:
node_port:
enabled: false
region_api:
ingress:
public: true
classes:
namespace: "maas-ingress"
cluster: "maas-ingress"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: "/"
node_port:
enabled: false
storage:
syslog:
pvc:
class_name: general
size: 1Gi
rackd:
pvc:
class_name: general
size: 5Gi
conf:
ssh:
# A SSH private key strings to mount
# to allow MaaS access virsh over SSH
# The corresponding public key should be
# added to a authorized_keys file to a user
# in the libvirt group on the hypervisors
private_key: null
bind:
override:
append:
# 'cpus: n' number of CPUs for bind to use
# 'cpus: ""' to revert to the default (all of them)
cpus: 1
nginx:
# 'worker_processes: auto' (the maas default) launches one worker per core
worker_processes: 1
# 'worker_connections: 768' is the MAAS default, 512 is the nginx default
worker_connections: 768
curtin:
override: true
late_commands: {}
# Additional commands to be run during the "late" curtin stage
# https://curtin.readthedocs.io/en/latest/topics/config.html#stages
# When naming the keys, consider that the commands are executed in
# lexicographic order. The existing late_commands are named:
# driver_NN_*, drydock_NN, and maas
# Example:
# late_commands:
# install_modules_extra: ["curtin", "in-target", "--", "apt-get", "-y", "install", "linux-modules-extra-4.15.0-88-generic"]
cloudconfig:
override: false
sections: {}
# Additional user-data sections to add to the default cloud-config.
# These apply to the ephemeral environment, used during enlistment,
# commissioning, and deployment (pre-curtin).
# In particular, bootcmd may be useful:
# https://cloudinit.readthedocs.io/en/latest/topics/modules.html#bootcmd
# Example:
# conf:
# cloudconfig:
# override: true
# sections:
# bootcmd:
# - "rm -fr /var/lib/apt/lists"
drydock:
bootaction_url: null
cache:
enabled: false
syslog:
logpath: /var/log/maas
logfile: nodeboot.log
logrotate:
# How many rotated logs to keep
rotate: '30'
# Size threshold when a log should rotate
size: '100M'
# levels (emerg,alert,crit,error,warning,notice,info,debug)
# use 'info' as default when overwritting the default
log_level: 'info'
maas:
override:
append:
url:
maas_url: null
ingress_disable_gui: false
cgroups:
# When set to true, this won't mount the host path /sys/fs/cgroup. Used
# to enable use of cgroups v2. Also requires running container as privileged
disable_cgroups_region: false
disable_cgroups_rack: false
ntp:
# These options allow you to mock out the ntpd binary within the container
# by overwriting it with a script that simply sleeps - this is useful in
# environments where you do not wish these privileged containers to try and
# run ntpd that may conflict with the baremetal host
disable_ntpd_region: false
disable_ntpd_rack: false
# Use external only points region and rack serves and deployed nodes directly
# at external NTP servers. Otherwise we have nodes -> rack -> region -> external
use_external_only: false
ntp_servers: []
dns:
require_dnssec: no
# These are upstream servers
dns_servers: []
proxy:
# Whether deploying nodes should use MaaS region as an APT proxy
proxy_enabled: false
# Whether MaaS region should utilize an external proxy for accessing repos
peer_proxy_enabled: false
# An external proxy server to use
proxy_server: null
images:
default_os: 'ubuntu'
default_image: 'bionic'
default_kernel: 'ga-18.04'
credentials:
secret:
namespace: maas
name: maas-api-key
syslog:
# Remote syslog destination for machine syslogs (during enlistment,
# commissioning, and deployment)
# Can be specified as 'ip', 'fqdn', 'ip:port', or 'fqdn:port', where
# ':port' defaults to ':514'
# If remote_syslog is null, the destination will be resolved via a
# host_and_port_endpoint_uri_lookup of the public maas_syslog endpoint
# (Note that this differs from the MAAS default, which is to send machine
# syslogs to MAAS on port 5247)
remote_syslog: null
extra_settings:
# Additional settings available via maas $PROFILE maas set-config
# Marks if the initial intro has been completed: true or false
completed_intro: true
# Enable Google Analytics: true or false
enable_analytics: false
# network_discovery: 'enabled' or 'disabled'
network_discovery: disabled
# active_discovery_interval (seconds): one of '0', '604800', '86400', '43200', '21600', '10800', '3600', '1800', '600'
active_discovery_interval: 0
# enlist_commissioning: if true, directly go into commissioning during enlistment
enlist_commissioning: false
# system user for console login/recovery in early phases of deployment
system_user: 'root'
system_passwd: 'password'
drivers: null
#### If you populates drivers, it will replace the 3rd party driver
#### info that comes with MaaS. see structure below if it is needed
#### Additional context about the use of this file can be found here:
#### https://github.com/maas/maas/blob/2.3.5/src/maasserver/third_party_drivers.py
# - blacklist: string # a kernel module to blacklist from loading if needed
# comment: string # free form comment
# key_binary: | # The GPG key for the repo holding the package, base64 encoded, non-ascii armored
# mQENBFRtGAgBCADlSku65P14hVdx9E/W0n6MwuB3WGqmsyKNoa3HezFdMjWERldINNUdi8O28cZ6
# j2+Hi9L1HeQIQ9+7FHpR3JyQePBJtRX8WSEusfRtML98opDhJxKm8Jyxb7aTvCwdNHz3yxADINkM
# tOj5oRm7VCr8XHkG7YU27ELs8B+BXWvjO21oSosiFurnhT+H3hQsYXfYA55aa21q0qX+L5dFJSNd
# zZVo7m9ybioVv2R5+PfBvdaSxCnmOpcGXFaKAsqVHeTW0pd3sdkin1rkbhOBaU5lFBt2ZiMtKpKH
# pT8TZnqHpFHFbgi8j2ARJj4IDct2OGILddUIZSFyue6WE2hpV5c/ABEBAAG0OEhld2xldHQtUGFj
# a2FyZCBDb21wYW55IFJTQSAoSFAgQ29kZXNpZ25pbmcgU2VydmljZSkgLSAxiQE+BBMBAgAoBQJU
# bRgIAhsDBQkSzAMABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRD63Y1ksSdeo6BJCADOfIPP
# LPpIOnFK9jH4t8lLUd+RyMc+alA3uTDPUJa/ZHa6DHfh42iaPYVEV8OG0tnbMlHmwvsZ5c1/MRMw
# 1UbxCvD88P2qM4SUrUjQUlSCms2GLGvFftFXBiOJQ7/yBc9o+yoSvwPrrTxSCk4+Sqm0IfVXVzCh
# DM9dM9YPY2Vzjd+LUaYC3X+eSuggUDO0TmJLJd7tZdF9fVXq3lr63BZ5PY98MTCuOoeSMDa9FIUQ
# f6vn6UUJMDSRZ9OzhpNJOKR+ShVRwDK6My8gtVIW1EAW2w3VQWI2UNF07aLeO8UG6nTNWA23+OuZ
# kUdgQovjcq01caSefgOkmiQOx6d74CAkuQENBFRtGAgBCAC35eBfUIpnTdF5lpIBWOsWGKwNZEg1
# f5GRCc3qv2Cd0dpcDPFDiE6Oa0OjtnyzhBXWEQXfckWh53tIl5Sjhoy4Gh7z7vZEgmuw1L+ILy0Q
# 00SqMpZFZaXNn4cnkc4wy5XG1bs81ij4Xp8Gkk9oRDJfCxv6ztW7++uhmU/2w4iqJghJRZwjMKl7
# hGis8cx6vP5UCr7K7nnJqHVeO/z82ooE6XgxHHeGrLNPrzebO74PQ5iV/F5Dq9DFwYk61JaoJ9mA
# R9CKn+CDtTTCkbdv7yQKFxXQSludHInRBfuBeM28djOddZF9XCBL3n+KYWC9Mjf0SCyqiUKA/f3P
# c6KaTqCZABEBAAGJASUEGAECAA8FAlRtGAgCGwwFCRLMAwAACgkQ+t2NZLEnXqM0/gf/VwQY9rVG
# X0ZEoEAto+naRi2wLxae8AJ+JTwChaybyOFtIblM4PnG3rUmQCqFM18PNcfeSiX+dd8CuXOI/voI
# hwcfM7HP4hPTykmquHgEHp5t+/gA4+iRYDZvHthURmBzFUl4NS9AhOT7V1udUkn1lAORFc8/bcu1
# yiFIhaQRT3MtOzp+qvThPrspXAgpfOwqjSkPR2YdvvZeqWAs77k2RZQc2aknaMgjWaPLb+V8mBmg
# zRO1RDvShu8hsREaKYVMHyAeKhEYC+lX2bNCImQIs/TqhYo5sn0I5+sbpmFNwtF1gP7AF9DjcFfJ
# ruvNnfrWpNvn7vuBH6g//Qk5ZnBpwg==
# modaliases: # list of strings with modalias patterns that denote a need for this driver
# - string
# module: string # the name of the kernel module to load
# package: string # the name of the debian package containing the kernel module
# repository: string # URL to the debian repo containing the package
####
secrets:
maas_db:
admin: maas-db-admin
user: maas-db-user
maas_users:
admin: maas-admin
maas_region:
name: maas-region-secret
value: 3858f62230ac3c915f300c664312c63f
ssh_key: ssh-private-key
pod:
mandatory_access_control:
type: apparmor
maas-rack:
maas-rack: runtime/default
init: runtime/default
maas-region:
maas-region: runtime/default
maas-cache: runtime/default
init: runtime/default
maas-syslog:
syslog: runtime/default
logrotate: runtime/default
init: runtime/default
maas-ingress:
maas-ingress-vip: runtime/default
maas-ingress: runtime/default
init: runtime/default
maas-ingress-vip-init: runtime/default
maas-ingress-errors:
maas-ingress-errors: runtime/default
maas-bootstrap-admin-user:
maas-bootstrap-admin-user: runtime/default
init: runtime/default
maas-db-init:
maas-db-init: runtime/default
init: runtime/default
maas-db-sync:
maas-db-sync: runtime/default
init: runtime/default
maas-export-api-key:
exporter: runtime/default
init: runtime/default
maas-import-resources:
region-import-resources: runtime/default
init: runtime/default
maas-api-test:
maas-api-test: runtime/default
security_context:
ingress:
pod:
runAsUser: 0
container:
maas_ingress_vip_init:
readOnlyRootFilesystem: false
capabilities:
add:
- 'NET_ADMIN'
- 'SYS_MODULE'
runAsUser: 0
maas_ingress_vip:
readOnlyRootFilesystem: false
capabilities:
add:
- 'NET_ADMIN'
maas_ingress:
readOnlyRootFilesystem: false
capabilities:
add:
- 'NET_BIND_SERVICE'
ingress_errors:
pod:
runAsUser: 65534
container:
maas_ingress_errors:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
bootstrap_admin_user:
pod:
runAsUser: 0
container:
maas_bootstrap_admin_user:
readOnlyRootFilesystem: false
db_init:
pod:
runAsUser: 0
container:
maas_db_init:
readOnlyRootFilesystem: true
db_sync:
pod:
runAsUser: 0
container:
maas_db_sync:
readOnlyRootFilesystem: false
export_api_key:
pod:
runAsUser: 0
container:
exporter:
readOnlyRootFilesystem: false
import_resources:
pod:
runAsUser: 0
container:
region_import_resources:
readOnlyRootFilesystem: false
syslog:
pod:
runAsUser: 0
container:
syslog:
readOnlyRootFilesystem: false
logrotate:
readOnlyRootFilesystem: false
rack:
pod:
runAsUser: 0
container:
maas_rack:
readOnlyRootFilesystem: false
capabilities:
add:
- 'DAC_READ_SEARCH'
- 'NET_ADMIN'
- 'SYS_ADMIN'
- 'SYS_PTRACE'
- 'SYS_RESOURCE'
- 'SYS_TIME'
region:
pod:
runAsUser: 0
container:
maas_cache:
readOnlyRootFilesystem: false
maas_region:
readOnlyRootFilesystem: false
capabilities:
add:
- 'SYS_ADMIN'
- 'NET_ADMIN'
- 'SYS_PTRACE'
- 'SYS_TIME'
- 'SYS_RESOURCE'
- 'DAC_READ_SEARCH'
api_test:
pod:
runAsUser: 0
container:
maas_api_test:
readOnlyRootFilesystem: false
affinity:
anti:
type:
rack: requiredDuringSchedulingIgnoredDuringExecution
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
mounts:
maas_rack:
init_container: []
maas_rack:
maas_region:
init_container: []
maas_region:
export_api_key:
init_container: []
export_api_key:
maas_ingress:
init_container: []
maas_region:
maas_syslog:
init_container: []
syslog: []
replicas:
rack: 2
region: 2
syslog: 1
resources:
enabled: false
test:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
maas_rack:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
maas_region:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
maas_syslog:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
maas_ingress_vip:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
maas_ingress:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
maas_ingress_errors:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
jobs:
db_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
bootstrap_admin_user:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
import_resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
export_api_key:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
probes:
rack:
maas-rack:
readiness:
enabled: true
params:
initialDelaySeconds: 60
periodSeconds: 60
timeoutSeconds: 60
export-api-key:
exporter:
readiness:
enabled: true
params:
initialDelaySeconds: 60
periodSeconds: 60
timeoutSeconds: 60
import-resources:
region-import-resources:
readiness:
enabled: true
params:
initialDelaySeconds: 60
periodSeconds: 60
timeoutSeconds: 60
endpoints:
cluster_domain_suffix: cluster.local
maas_ingress:
hosts:
default: maas-ingress
error_pages: maas-ingress-error
monitor: maas-ingress-monitor
host_fqdn_override:
default: null
port:
http:
default: 80
https:
default: 443
error_pages:
default: 8080
podport: 10080
ingress_default_server:
default: 8181
healthz:
podport: 10254
status:
podport: 10246
stream:
podport: 10247
profiler:
podport: 10245
maas_syslog:
hosts:
default: maas-syslog
host_fqdn_override:
default: null
port:
syslog:
public: 514
podport: 514
maas_db:
auth:
admin:
username: postgres
password: password
user:
username: maas
password: password
database: maasdb
path: maasdb
hosts:
default: postgresql
port:
postgresql:
default: 5432
host_fqdn_override:
default: null
maas_region:
name: maas-region
auth:
admin:
username: admin
password: admin
email: none@none
hosts:
default: maas-region
public: maas
path:
default: /MAAS
scheme:
default: 'http'
port:
region_api:
default: 80
nodeport: 31900
podport: 5240
public: 80
region_proxy:
default: 8000
# podport and public need to be the same as of MAAS 2.3.4, so
# comment them out and let the default rule
# podport: 8000
# public: 8000
region_syslog:
default: 514
podport: 514
host_fqdn_override:
default: null
physicalprovisioner:
name: drydock
hosts:
default: drydock-api
port:
api:
default: 9000
nodeport: 31900
path:
default: /api/v1.0
scheme:
default: http
host_fqdn_override:
default: null
View Git Blame Copy Permalink