# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Default values for ceph-client.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value

deployment:
  ceph: true

release_group: null

images:
  pull_policy: IfNotPresent
  tags:
    ceph_utility: 'docker.io/sreejithpunnapuzha/ceph-utility:v0.0.3'
    image_repo_sync: docker.io/docker:17.07.0
  local_registry:
    active: false
    exclude:
      - dep_check
      - image_repo_sync

labels:
  utility:
    node_selector_key: openstack-helm-node-class
    node_selector_value: primary

pod:
  dns_policy: "ClusterFirstWithHostNet"
  replicas:
    utility: 1
  affinity:
    anti:
      type:
        default: preferredDuringSchedulingIgnoredDuringExecution
      topologyKey:
        default: kubernetes.io/hostname
  resources:
    enabled: false
    utility:
      requests:
        memory: "100Mi"
        cpu: "250m"
      limits:
        memory: "250Mi"
        cpu: "500m"
    jobs:
      bootstrap:
        limits:
          memory: "1024Mi"
          cpu: "2000m"
        requests:
          memory: "128Mi"
          cpu: "500m"
      image_repo_sync:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"

secrets:
  keyrings:
    admin: pvc-ceph-client-key

conf:
  features:
    utility: true
  cephconf:
    etc: ceph-etc
  cephfilter:
    Filters:
      # ceph-rootwrap command filters for ceph utility container
      # This file should be owned by (and only-writeable by) the root user
      # Below are example command filters. access to ceph cluster can be restricted by creating a user with less privilages
      ceph: CommandFilter, ceph, root
      rados: CommandFilter, rados, root
      radosgw-admin: CommandFilter, radosgw-admin, root
      rbd: CommandFilter, rbd, root
      osd-maintenance: CommandFilter, osd-maintenance, root
      rbd_pv: CommandFilter, rbd_pv, root
      kubectl: CommandFilter, kubectl, root
      # Below are examples of RegExpFilter. This will restict access to ceph cluster even with admin user
      #rbd00: RegExpFilter, rbd, root, rbd, (^((?!clone|copy|cp|create|export|export-diff|flatten|import|import-diff|map|merge-diff|pool|remove|rm|rename|mv|resize|unmap).)*$)
      #rbd01: RegExpFilter, rbd, root, rbd, image-meta, (^((?!get|remove|set).)*$)
      #rbd02: RegExpFilter, rbd, root, rbd, journal, (^((?!client|export|import|reset).)*$)
      #rbd03: RegExpFilter, rbd, root, rbd, lock, (^((?!add|remove).)*$)
      #rbd04: RegExpFilter, rbd, root, rbd, mirror, image, (^((?!demote|disable|enable|promote).)*$)
      #rbd05: RegExpFilter, rbd, root, rbd, mirror, pool, (^((?!demote|disable|enable|peer|promote).)*$)
      #rbd06: RegExpFilter, rbd, root, rbd, nbd, (^((?!map|unmap).)*$)
      #rbd07: RegExpFilter, rbd, root, rbd, object-map, (^((?!rm|del).)*$)
      #rbd08: RegExpFilter, rbd, root, rbd, snap, (^((?!create|limit|protect|purge|remove|rm|rename|mv|rollback|revert|unprotect).)*$)
      #rbd09: RegExpFilter, rbd, root, rbd, trash, (^((?!move|mv|remove|rm|restore).)*$)
  cephrootwrap:
    DEFAULT:
      # Configuration for ceph-rootwrap
      # This file should be owned by (and only-writeable by) the root user
      # List of directories to load filter definitions from (separated by ',').
      # These directories MUST all be only writeable by root !
      filters_path: /etc/ceph/rootwrap.d
      # List of directories to search executables in, in case filters do not
      # explicitely specify a full path (separated by ',')
      # If not specified, defaults to system PATH environment variable.
      # These directories MUST all be only writeable by root !
      exec_dirs: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/tmp
      # Enable logging to syslog
      # Default value is False
      use_syslog: True
      # Which syslog facility to use.
      # Valid values include auth, authpriv, syslog, local0, local1...
      # Default value is 'syslog'
      syslog_log_facility: syslog
      # Which messages to log.
      # INFO means log all usage
      # ERROR means only log unsuccessful attempts
      syslog_log_level: INFO
  storage:
    utility:
      backup_target: /var/lib/openstack-helm/ceph/backup

dependencies:
  dynamic:
    common:
      local_image_registry:
        jobs:
          - ceph-utility-image-repo-sync
        services:
          - endpoint: node
            service: local_image_registry
  static:
    bootstrap:
      jobs: null
    cephfs_client_key_generator:
      jobs: null
    namespace_client_key_cleaner:
      jobs: null
    namespace_client_key_generator:
      jobs: null
    image_repo_sync:
      services:
        - endpoint: internal
          service: local_image_registry

bootstrap:
  enabled: true

endpoints:
  cluster_domain_suffix: cluster.local
  local_image_registry:
    name: docker-registry
    namespace: docker-registry
    hosts:
      default: localhost
      internal: docker-registry
      node: localhost
    host_fqdn_override:
      default: null
    port:
      registry:
        node: 5000

monitoring:
  prometheus:
    enabled: true

manifests:
  configmap_bin: true
  configmap_etc_client: true
  configmap_etc_sudoers: true
  deployment_utility: true