# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Default values for ldap.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

pod:
  affinity:
    anti:
      type:
        default: preferredDuringSchedulingIgnoredDuringExecution
      topologyKey:
        default: kubernetes.io/hostname
  replicas:
    server: 1
  lifecycle:
    upgrades:
      deployments:
        revision_history: 3
        pod_replacement_strategy: RollingUpdate
        rolling_update:
          max_unavailable: 1
          max_surge: 3
  resources:
    enabled: false
    server:
      requests:
        memory: "128Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    jobs:
      bootstrap:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      image_repo_sync:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
  mounts:
    ldap_data_load:
      init_container: null
      ldap_data_load:

images:
  tags:
    bootstrap: "docker.io/osixia/openldap:1.2.0"
    ldap: "docker.io/osixia/openldap:1.2.0"
    dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
    image_repo_sync: docker.io/docker:17.07.0
  pull_policy: IfNotPresent
  local_registry:
    active: false
    exclude:
      - dep_check
      - image_repo_sync

dependencies:
  dynamic:
    common:
      local_image_registry:
        jobs:
          - ldap-image-repo-sync
        services:
          - endpoint: node
            service: local_image_registry
  static:
    ldap:
      jobs: null
    bootstrap:
      services:
        - endpoint: internal
          service: ldap
    server:
      jobs:
        - ldap-load-data
      services:
        - endpoint: internal
          service: ldap
    image_repo_sync:
      services:
        - endpoint: internal
          service: local_image_registry

storage:
  pvc:
    enabled: true
    size: 2Gi
    class_name: general
  host:
    data_path: /data/openstack-helm/ldap
    config_path: /data/openstack-helm/config

labels:
  server:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled
  job:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled

bootstrap:
  enabled: false

endpoints:
  cluster_domain_suffix: cluster.local
  local_image_registry:
    name: docker-registry
    namespace: docker-registry
    hosts:
      default: localhost
      internal: docker-registry
      node: localhost
    host_fqdn_override:
      default: null
    port:
      registry:
        node: 5000
  ldap:
    hosts:
      default: ldap
    host_fqdn_override:
      default: null
    path: null
    scheme: 'ldap'
    port:
      ldap:
        default: 389

network_policy:
  ldap:
    ingress:
      - {}

data:
  sample: |
    dn: ou=People,dc=cluster,dc=local
    objectclass: organizationalunit
    ou: People
    description: We the People

    # NOTE: Password is "password" without quotes
    dn: uid=alice,ou=People,dc=cluster,dc=local
    objectClass: inetOrgPerson
    objectClass: top
    objectClass: posixAccount
    objectClass: shadowAccount
    objectClass: person
    sn: Alice
    cn: alice
    uid: alice
    userPassword: {SSHA}+i3t/DLCgLDGaIOAmfeFJ2kDeJWmPUDH
    description: SHA
    gidNumber: 1000
    uidNumber: 1493
    homeDirectory: /home/alice
    mail: alice@example.com

    # NOTE: Password is "password" without quotes
    dn: uid=bob,ou=People,dc=cluster,dc=local
    objectClass: inetOrgPerson
    objectClass: top
    objectClass: posixAccount
    objectClass: shadowAccount
    objectClass: person
    sn: Bob
    cn: bob
    uid: bob
    userPassword: {SSHA}fCJ5vuW1BQ4/OfOVkkx1qjwi7yHFuGNB
    description: MD5
    gidNumber: 1000
    uidNumber: 5689
    homeDirectory: /home/bob
    mail: bob@example.com

    dn: ou=Groups,dc=cluster,dc=local
    objectclass: organizationalunit
    ou: Groups
    description: We the People

    dn: cn=cryptography,ou=Groups,dc=cluster,dc=local
    objectclass: top
    objectclass: posixGroup
    gidNumber: 418
    cn: overwatch
    description: Cryptography Team
    memberUID: uid=alice,ou=People,dc=cluster,dc=local
    memberUID: uid=bob,ou=People,dc=cluster,dc=local

    dn: cn=blue,ou=Groups,dc=cluster,dc=local
    objectclass: top
    objectclass: posixGroup
    gidNumber: 419
    cn: blue
    description: Blue Team
    memberUID: uid=bob,ou=People,dc=cluster,dc=local

    dn: cn=red,ou=Groups,dc=cluster,dc=local
    objectclass: top
    objectclass: posixGroup
    gidNumber: 420
    cn: red
    description: Red Team
    memberUID: uid=alice,ou=People,dc=cluster,dc=local

secrets:
  identity:
    admin: admin
    ldap: ldap

openldap:
  domain: cluster.local
  password: password

manifests:
  configmap_bin: true
  configmap_etc: true
  job_bootstrap: true
  network_policy: false
  job_image_repo_sync: true
  network_policy: false
  statefulset: true
  service: true