# Copyright 2017 The Openstack-Helm Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Default values for magnum. # This is a YAML-formatted file. # Declare name/value pairs to be passed into your templates. # name: value release_group: null labels: api: node_selector_key: openstack-control-plane node_selector_value: enabled conductor: node_selector_key: openstack-control-plane node_selector_value: enabled job: node_selector_key: openstack-control-plane node_selector_value: enabled images: tags: bootstrap: docker.io/openstackhelm/heat:ocata db_init: docker.io/openstackhelm/heat:ocata magnum_db_sync: docker.io/openstackhelm/magnum:ocata db_drop: docker.io/openstackhelm/heat:ocata rabbit_init: docker.io/rabbitmq:3.7-management ks_user: docker.io/openstackhelm/heat:ocata ks_service: docker.io/openstackhelm/heat:ocata ks_endpoints: docker.io/openstackhelm/heat:ocata magnum_api: docker.io/openstackhelm/magnum:ocata magnum_conductor: docker.io/openstackhelm/magnum:ocata dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 image_repo_sync: docker.io/docker:17.07.0 pull_policy: "IfNotPresent" local_registry: active: false exclude: - dep_check - image_repo_sync conf: paste: pipeline:main: pipeline: cors healthcheck request_id authtoken api_v1 app:api_v1: paste.app_factory: magnum.api.app:app_factory filter:authtoken: acl_public_routes: /, /v1 paste.filter_factory: magnum.api.middleware.auth_token:AuthTokenMiddleware.factory filter:request_id: paste.filter_factory: oslo_middleware:RequestId.factory filter:cors: paste.filter_factory: oslo_middleware.cors:filter_factory oslo_config_project: magnum filter:healthcheck: paste.filter_factory: oslo_middleware:Healthcheck.factory backends: disable_by_file disable_by_file_path: /etc/magnum/healthcheck_disable policy: context_is_admin: role:admin admin_or_owner: is_admin:True or project_id:%(project_id)s default: rule:admin_or_owner admin_api: rule:context_is_admin admin_or_user: is_admin:True or user_id:%(user_id)s cluster_user: user_id:%(trustee_user_id)s deny_cluster_user: not domain_id:%(trustee_domain_id)s bay:create: rule:deny_cluster_user bay:delete: rule:deny_cluster_user bay:detail: rule:deny_cluster_user bay:get: rule:deny_cluster_user bay:get_all: rule:deny_cluster_user bay:update: rule:deny_cluster_user baymodel:create: rule:deny_cluster_user baymodel:delete: rule:deny_cluster_user baymodel:detail: rule:deny_cluster_user baymodel:get: rule:deny_cluster_user baymodel:get_all: rule:deny_cluster_user baymodel:update: rule:deny_cluster_user baymodel:publish: rule:admin_or_owner cluster:create: rule:deny_cluster_user cluster:delete: rule:deny_cluster_user cluster:detail: rule:deny_cluster_user cluster:get: rule:deny_cluster_user cluster:get_all: rule:deny_cluster_user cluster:update: rule:deny_cluster_user clustertemplate:create: rule:deny_cluster_user clustertemplate:delete: rule:deny_cluster_user clustertemplate:detail: rule:deny_cluster_user clustertemplate:get: rule:deny_cluster_user clustertemplate:get_all: rule:deny_cluster_user clustertemplate:update: rule:deny_cluster_user clustertemplate:publish: rule:admin_or_owner rc:create: rule:default rc:delete: rule:default rc:detail: rule:default rc:get: rule:default rc:get_all: rule:default rc:update: rule:default certificate:create: rule:admin_or_user or rule:cluster_user certificate:get: rule:admin_or_user or rule:cluster_user magnum-service:get_all: rule:admin_api magnum: DEFAULT: log_config_append: /etc/magnum/logging.conf transport_url: null oslo_messaging_notifications: driver: messaging oslo_concurrency: lock_path: /var/lib/magnum/tmp certificates: cert_manager_type: barbican database: max_retries: -1 trust: trustee_domain_name: null keystone_authtoken: auth_type: password auth_version: v3 memcache_security_strategy: ENCRYPT api: # NOTE(portdirect): the bind port should not be defined, and is manipulated # via the endpoints section. port: null host: 0.0.0.0 logging: loggers: keys: - root - magnum handlers: keys: - stdout - stderr - "null" formatters: keys: - context - default logger_root: level: WARNING handlers: stdout logger_magnum: level: INFO handlers: - stdout qualname: magnum logger_amqp: level: WARNING handlers: stderr qualname: amqp logger_amqplib: level: WARNING handlers: stderr qualname: amqplib logger_eventletwsgi: level: WARNING handlers: stderr qualname: eventlet.wsgi.server logger_sqlalchemy: level: WARNING handlers: stderr qualname: sqlalchemy logger_boto: level: WARNING handlers: stderr qualname: boto handler_null: class: logging.NullHandler formatter: default args: () handler_stdout: class: StreamHandler args: (sys.stdout,) formatter: context handler_stderr: class: StreamHandler args: (sys.stderr,) formatter: context formatter_context: class: oslo_log.formatters.ContextFormatter datefmt: "%Y-%m-%d %H:%M:%S" formatter_default: format: "%(message)s" datefmt: "%Y-%m-%d %H:%M:%S" network: api: ingress: public: true classes: namespace: "nginx" cluster: "nginx-cluster" annotations: nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false port: 30511 bootstrap: enabled: false ks_user: magnum script: | openstack token issue dependencies: dynamic: common: local_image_registry: jobs: - magnum-image-repo-sync services: - endpoint: node service: local_image_registry static: api: jobs: - magnum-db-sync - magnum-ks-user - magnum-domain-ks-user - magnum-ks-endpoints - magnum-rabbit-init services: - endpoint: internal service: oslo_db - endpoint: internal service: identity - endpoint: internal service: oslo_messaging - endpoint: internal service: key_manager - endpoint: internal service: orchestration conductor: jobs: - magnum-db-sync - magnum-ks-user - magnum-domain-ks-user - magnum-ks-endpoints - magnum-rabbit-init services: - endpoint: internal service: oslo_db - endpoint: internal service: identity - endpoint: internal service: oslo_messaging - endpoint: internal service: key_manager - endpoint: internal service: orchestration db_drop: services: - endpoint: internal service: oslo_db db_init: services: - endpoint: internal service: oslo_db db_sync: jobs: - magnum-db-init services: - endpoint: internal service: oslo_db ks_endpoints: jobs: - magnum-ks-service services: - endpoint: internal service: identity ks_service: services: - endpoint: internal service: identity ks_user: services: - endpoint: internal service: identity rabbit_init: services: - endpoint: internal service: oslo_messaging image_repo_sync: services: - endpoint: internal service: local_image_registry # Names of secrets used by bootstrap and environmental checks secrets: identity: admin: magnum-keystone-admin magnum: magnum-keystone-user magnum_stack_user: magnum-keystone-stack-user oslo_db: admin: magnum-db-admin magnum: magnum-db-user oslo_messaging: admin: magnum-rabbitmq-admin magnum: magnum-rabbitmq-user # typically overridden by environmental # values, but should include all endpoints # required by this chart endpoints: cluster_domain_suffix: cluster.local local_image_registry: name: docker-registry namespace: docker-registry hosts: default: localhost internal: docker-registry node: localhost host_fqdn_override: default: null port: registry: node: 5000 identity: name: keystone auth: admin: region_name: RegionOne username: admin password: password project_name: admin user_domain_name: default project_domain_name: default magnum: role: admin region_name: RegionOne username: magnum password: password project_name: service user_domain_name: service project_domain_name: service magnum_stack_user: role: admin region_name: RegionOne username: magnum-domain password: password domain_name: magnum hosts: default: keystone internal: keystone-api host_fqdn_override: default: null path: default: /v3 scheme: default: http port: api: default: 80 internal: 5000 container_infra: name: magnum hosts: default: magnum-api public: magnum host_fqdn_override: default: null path: default: /v1 scheme: default: http port: api: default: 9511 public: 80 key_manager: name: barbican hosts: default: barbican-api public: barbican host_fqdn_override: default: null path: default: /v1 scheme: default: http port: api: default: 9311 public: 80 orchestration: name: heat hosts: default: heat-api public: heat host_fqdn_override: default: null path: default: '/v1/%(project_id)s' scheme: default: 'http' port: api: default: 8004 public: 80 oslo_db: auth: admin: username: root password: password magnum: username: magnum password: password hosts: default: mariadb host_fqdn_override: default: null path: /magnum scheme: mysql+pymysql port: mysql: default: 3306 oslo_cache: auth: # NOTE(portdirect): this is used to define the value for keystone # authtoken cache encryption key, if not set it will be populated # automatically with a random value, but to take advantage of # this feature all services should be set to use the same key, # and memcache service. memcache_secret_key: null hosts: default: memcached host_fqdn_override: default: null port: memcache: default: 11211 oslo_messaging: auth: admin: username: rabbitmq password: password magnum: username: magnum password: password hosts: default: rabbitmq host_fqdn_override: default: null path: /magnum scheme: rabbit port: amqp: default: 5672 http: default: 15672 fluentd: namespace: null name: fluentd hosts: default: fluentd-logging host_fqdn_override: default: null path: default: null scheme: 'http' port: service: default: 24224 metrics: default: 24220 pod: user: magnum: uid: 42424 affinity: anti: type: default: preferredDuringSchedulingIgnoredDuringExecution topologyKey: default: kubernetes.io/hostname mounts: magnum_api: init_container: null magnum_api: volumeMounts: volumes: magnum_conductor: init_container: null magnum_conductor: volumeMounts: volumes: magnum_bootstrap: init_container: null magnum_bootstrap: volumeMounts: volumes: replicas: api: 1 conductor: 1 lifecycle: upgrades: deployments: revision_history: 3 pod_replacement_strategy: RollingUpdate rolling_update: max_unavailable: 1 max_surge: 3 disruption_budget: api: min_available: 0 termination_grace_period: api: timeout: 30 resources: enabled: false api: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" conductor: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" jobs: bootstrap: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" db_init: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" db_sync: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" db_drop: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_endpoints: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_service: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_user: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" rabbit_init: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" tests: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" image_repo_sync: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" network_policy: magnum: ingress: - from: - podSelector: matchLabels: application: magnum - podSelector: matchLabels: application: horizon - podSelector: matchLabels: application: ingress - podSelector: matchLabels: application: heat ports: - protocol: TCP port: 80 - protocol: TCP port: 9511 manifests: configmap_bin: true configmap_etc: true deployment_api: true ingress_api: true job_bootstrap: true job_db_init: true job_db_sync: true job_db_drop: false job_image_repo_sync: true job_ks_endpoints: true job_ks_service: true job_ks_user_domain: true job_ks_user: true job_rabbit_init: true pdb_api: true network_policy: false secret_db: true secret_keystone: true secret_rabbitmq: true service_api: true service_ingress_api: true statefulset_conductor: true