openstack-helm/keystone/values.yaml

# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Default values for keystone.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value

labels:
  node_selector_key: openstack-control-plane
  node_selector_value: enabled

images:
  bootstrap: docker.io/kolla/ubuntu-source-keystone:3.0.3
  test: docker.io/kolla/ubuntu-binary-rally:4.0.0
  db_init: docker.io/kolla/ubuntu-source-keystone:3.0.3
  db_sync: docker.io/kolla/ubuntu-source-keystone:3.0.3
  fernet_setup: docker.io/kolla/ubuntu-source-keystone:3.0.3
  fernet_rotate: docker.io/kolla/ubuntu-source-keystone:3.0.3
  api: docker.io/kolla/ubuntu-source-keystone:3.0.3
  dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0
  pull_policy: "IfNotPresent"

bootstrap:
  enabled: true
  script: |
    openstack role add \
          --user="${OS_USERNAME}" \
          --user-domain="${OS_USER_DOMAIN_NAME}" \
          --project-domain="${OS_PROJECT_DOMAIN_NAME}" \
          --project="${OS_PROJECT_NAME}" \
          "_member_"

network:
  api:
    port: 80
    ingress:
      public: true
    node_port:
      enabled: false
      port: 30500
  admin:
    port: 35357
    node_port:
      enabled: false
      port: 30357

dependencies:
  api:
    jobs:
    - keystone-db-sync
    # Comment line below when not running fernet tokens.
    - keystone-fernet-setup
    services:
    - service: oslo_cache
      endpoint: internal
    - service: oslo_db
      endpoint: internal
  db_init:
    services:
    - service: oslo_db
      endpoint: internal
  db_sync:
    jobs:
    - keystone-db-init
    # Comment line below when not running fernet tokens.
    - keystone-fernet-setup
    services:
    - service: oslo_db
      endpoint: internal
  fernet_setup:
  fernet_rotate:
    jobs:
    - keystone-fernet-setup
  tests:
    services:
    - service: identity
      endpoint: internal
  bootstrap:
    services:
    - service: identity
      endpoint: internal

pod:
  affinity:
      anti:
        type:
          default: preferredDuringSchedulingIgnoredDuringExecution
        topologyKey:
          default: kubernetes.io/hostname
  mounts:
    keystone_db_init:
      init_container: null
      keystone_db_init:
    keystone_db_sync:
      init_container: null
      keystone_db_sync:
    keystone_api:
      init_container: null
      keystone_api:
    keystone_tests:
      init_container: null
      keystone_tests:
    keystone_bootstrap:
      init_container: null
      keystone_bootstrap:
    keystone_fernet_setup:
      init_container: null
      keystone_fernet_setup:
    keystone_fernet_rotate:
      init_container: null
      keystone_fernet_rotate:
  replicas:
    api: 1
  lifecycle:
    upgrades:
      deployments:
        revision_history: 3
        pod_replacement_strategy: RollingUpdate
        rolling_update:
          max_unavailable: 1
          max_surge: 3
    disruption_budget:
      api:
        min_available: 0
    termination_grace_period:
      api:
        timeout: 30
  resources:
    enabled: false
    api:
      requests:
        memory: "128Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    jobs:
      bootstrap:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      db_init:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      db_sync:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      tests:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      fernet_setup:
        limits:
          memory: "128Mi"
          cpu: "100m"
        requests:
          memory: "10024Mi"
          cpu: "2000m"
      fernet_rotate:
        limits:
          memory: "128Mi"
          cpu: "100m"
        requests:
          memory: "1024Mi"
          cpu: "2000m"

jobs:
  fernet_setup:
    user: keystone
    group: keystone
  fernet_rotate:
    # weekly
    cron: "0 0 * * 0"
    user: keystone
    group: keystone

conf:
  rally_tests:
    override:
    append:
  paste:
    override:
    append:
  policy:
    override:
    append:
  keystone:
    override:
    append:
    default:
      keystone:
        max_token_size: 255
    token:
      keystone:
        provider: fernet
    fernet_tokens:
      keystone:
        key_repository: /etc/keystone/fernet-keys/
    database:
      oslo:
        db:
          max_retries: -1
    cache:
      oslo:
        cache:
          enabled: true
          backend: dogpile.cache.memcached

# Names of secrets used by bootstrap and environmental checks
secrets:
  identity:
    admin: keystone-keystone-admin
  oslo_db:
    admin: keystone-db-admin
    user: keystone-db-user

# typically overriden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
  identity:
    name: keystone
    auth:
      admin:
        region_name: RegionOne
        username: admin
        password: password
        project_name: admin
        user_domain_name: default
        project_domain_name: default
    hosts:
      default: keystone-api
      public: keystone
    path:
      default: /v3
    scheme:
      default: http
    port:
      admin:
        default: 35357
      api:
        default: 80
  oslo_db:
    auth:
      admin:
        username: root
        password: password
      user:
        username: keystone
        password: password
    hosts:
      default: mariadb
    path: /keystone
    scheme: mysql+pymysql
    port:
      mysql:
        default: 3306
  oslo_messaging:
    auth:
      admin:
        username: admin
        password: password
      user:
        username: keystone
        password: password
    hosts:
      default: rabbitmq
    path: /openstack
    scheme: rabbit
    port:
      amqp:
        default: 5672
  oslo_cache:
    hosts:
      default: memcached
    port:
      memcache:
        default: 11211