openstack/openstack-helm-addons
Code Issues Proposed changes
54c8764732
openstack-helm-addons/sonobuoy/values.yaml
Dustin Specker b60acc3307 sonobuoy: update to v0.16.4 
v0.16.* supports Kubernetes 1.16.* [1]

v0.16.4 [2] prevents Sonobuoy considering a Node in "error" immediately
when an `ErrImagePull` or `ImagePullBackOff`. Instead, Sonobuoy gives
the pod 5 minutes to recover from this.

There are times when a Kubernetes cluster receives a timeout from the
Docker daemon when pulling images. This update will prevent a temporary
network issue from failing the Node immediately.

Also, new Sonobuoy images are published to docker.io instead of gcr.io.

[1] - https://github.com/vmware-tanzu/sonobuoy/releases/tag/v0.16.0
[2] - https://github.com/vmware-tanzu/sonobuoy/releases/tag/v0.16.4

Change-Id: I0c30ade1824cab297fe5b27944747a8607bef25c
2019-11-25 15:23:45 -06:00

206 lines
5.7 KiB
YAML
Raw Blame History

# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
images:
tags:
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
ks_user: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
results_publisher: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
sonobuoy_api: sonobuoy/sonobuoy:v0.16.4
systemd_logs: gcr.io/heptio-images/sonobuoy-plugin-systemd-logs:v0.1
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude: []
labels:
api:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
dependencies:
dynamic: {}
static:
sonobuoy:
jobs:
- sonobuoy-ks-user
pod:
mandatory_access_control:
type: apparmor
sonobuoy:
kube-sonobuoy: localhost/docker-default
results-publisher: localhost/docker-default
resources:
enabled: false
jobs:
ks_user:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "128Mi"
cpu: "2000m"
secrets:
identity:
admin: sonobuoy-keystone-admin
sonobuoy: sonobuoy-keystone-user
endpoints:
cluster_domain_suffix: cluster.local
identity:
name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
sonobuoy:
role: admin
region_name: RegionOne
username: sonobuoy
password: password
project_name: sonobuoy
user_domain_name: sonobuoy
project_domain_name: sonobuoy
hosts:
default: keystone
internal: keystone-api
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
api:
default: 80
internal: 5000
manifests:
configmap_bin: true
configmap_plugins: true
job_ks_user: true
pod_api: true
secret_etc: true
secret_keystone: true
secret_plugin_values: true
serviceaccount_readonly: false
conf:
publish_results: true
# NOTE: use to store results on host; disabled by default.
host_results_path: null
# Injected values root used by (some of) the plugins. This `plugin_values`
# root is the parent for a mapping of named sections, each of which will be
# added as a file in the plugin-values secret.
#
# Plugins will be responsible for mounting the appropriate information,
# e.g. as /etc/test/<filename> to the plugin container(s) as appropriate.
#
# A default entry/file will be supplied, but is expected to be overridden by
# deployment.
#
# In the case of supplying this info to the plugin(s), each plugin will need
# to do the mounting of the secret into the correct place, similar to what is
# shown in this values file at conf.plugins[0].data.spec.volumeMounts, and
# conf.plugins[0].data.extra-volumes
#
# Each entry under plugin-values needs to be keyed by the filename for that
# set of values. The yaml mapped by each filename will be the contents of
# the file.
plugin_values:
demo:
placeholder: value
swift:
container_name: sonobuoy
# delete objects after 1 month (60 * 60 * 24 * 30 seconds)
delete_objects_after_seconds: "2592000"
object_name_prefix: ""
sonobuoy:
Description: "sonobuoy run for scanner.heptio.com"
Version: v0.11.4
ResultsDir: /tmp/resultshost
Resources:
- Nodes
- ServerVersion
Filters:
Namespaces: ""
LabelSelector: ""
Server:
bindaddress: 0.0.0.0
bindport: 8080
advertiseaddress: ""
timeoutseconds: 8000
Plugins:
- name: systemd-logs
PluginSearchPath:
- /plugins.d
Limits:
PodLogs:
SizeLimitBytes: 10000
# NOTE: the Namespace should not be defined and is set in sonobuoy-etc
Namespace: null
# NOTE: the WorkerImage should not be defined and is set in sonobuoy-etc
WorkerImage: null
ImagePullPolicy: IfNotPresent
plugins:
- name: systemd_logs.yaml
data: |
sonobuoy-config:
driver: DaemonSet
plugin-name: systemd-logs
result-type: systemd_logs
spec:
name: sonobuoy-systemd-logs-config
env:
- name: CHROOT_DIR
value: /node
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: RESULTS_DIR
value: /tmp/results
image: {{ .Values.images.tags.systemd_logs }}
imagePullPolicy: Always
command:
- sh
- -c
- /get_systemd_logs.sh && sleep 3600
securityContext:
privileged: true
volumeMounts:
- mountPath: /tmp/results
name: results
readOnly: false
- mountPath: /node
name: root
readOnly: false
- mountPath: /etc/test
name: configured-values
readOnly: true
extra-volumes:
- name: configured-values
secret:
secretName: plugin-values
defaultMode: 444
View Git Blame Copy Permalink