airship
/
treasuremap
Code Issues Proposed changes
treasuremap/global/software/charts/ucp/divingbell/divingbell.yaml

135 lines
4.1 KiB
YAML
Raw Blame History

---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: ucp-divingbell-global
labels:
name: ucp-divingbell-global
layeringDefinition:
abstract: true
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.ucp.divingbell
dest:
path: .source
# Image Source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.ucp.divingbell
dest:
path: .values.images
data:
chart_name: ucp-divingbell
release: ucp-divingbell
namespace: ucp
wait:
timeout: 300
labels:
release_group: airship-ucp-divingbell
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: airship-ucp-divingbell
values:
conf:
sysctl:
# Larger connection tracking table
net.nf_conntrack_max: '1048576'
# Reboot the node 60 seconds after a kernel panic, instead of default
# value of 0 (i.e. never reboot)
kernel.panic: '60'
# Randomize stack space to prevent buffer overflow exploits
kernel.randomize_va_space: '2'
# Accept gratuitous ARP to support failover scenarios
# https://bugs.launchpad.net/fuel/+bug/1456272
net.ipv4.conf.default.arp_accept: '1'
net.ipv4.conf.all.arp_accept: '1'
# Increased network backlog to optimize performance on fast networks
net.core.netdev_max_backlog: '261144'
# Optimizations for RabbitMQ failover
# https://bugs.launchpad.net/oslo.messaging/+bug/856764/comments/19
net.ipv4.tcp_keepalive_intvl: '3'
net.ipv4.tcp_keepalive_time: '30'
net.ipv4.tcp_keepalive_probes: '8'
net.ipv4.tcp_retries2: '5'
# Larger thresholds
# "Neighbour table overflow" errors that filled kernel logs
net.ipv4.neigh.default.gc_thresh1: '4096'
net.ipv4.neigh.default.gc_thresh2: '8192'
net.ipv4.neigh.default.gc_thresh3: '16384'
# It was necessary to set rp_filter to zero to support certain
# multi-homed storage backends
net.ipv4.conf.default.rp_filter: '0'
# Enable byte/packet count for new connections to enable creation of
# rules for the connbytes netfilter module
net.netfilter.nf_conntrack_acct: '1'
# Added in response to error messages seen on genesis host when services
# were restarted. "Failed to add /run/systemd/ask-password to directory
# watch: No space left on device". https://bit.ly/2Mj5qn2 TDP bug 427616
fs.inotify.max_user_watches: '1048576'
overrides:
divingbell_perm:
labels:
- label:
key: kubernetes-etcd
values:
- enabled
conf:
perm:
rerun_policy: always
rerun_interval: 120
paths:
- path: '/var/lib/etcd/*'
owner: 'root'
group: 'root'
permissions: '0700'
- label:
key: calico-etcd
values:
- enabled
conf:
perm:
rerun_policy: always
rerun_interval: 120
paths:
- path: '/var/lib/etcd/*'
owner: 'root'
group: 'root'
permissions: '0700'
dependencies:
- ucp-divingbell-htk
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: ucp-divingbell-htk
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.ucp.divingbell-htk
dest:
path: .source
data:
chart_name: ucp-divingbell-htk
release: ucp-divingbell-htk
namespace: ucp-divingbell-htk
values: {}
dependencies: []
...
View Git Blame Copy Permalink