openstack-helm/skyline/values.yaml

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

---
release_group: null

labels:
  skyline:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled
  job:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled

images:
  pull_policy: IfNotPresent
  tags:
    skyline_db_sync: quay.io/airshipit/skyline:2025.2-ubuntu_noble
    skyline: quay.io/airshipit/skyline:2025.2-ubuntu_noble
    skyline_nginx: quay.io/airshipit/skyline:2025.2-ubuntu_noble
    db_init: quay.io/airshipit/openstack-client:2025.2-ubuntu_noble
    dep_check: 'quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy'
    ks_user: quay.io/airshipit/openstack-client:2025.2-ubuntu_noble
  local_registry:
    active: false
    exclude:
      - dep_check
      - image_repo_sync

secrets:
  identity:
    admin: skyline-keystone-admin
    skyline: skyline-keystone-user
  oslo_db:
    admin: skyline-db-admin
    skyline: skyline-db-user
  tls:
    skyline:
      skyline:
        public: skyline-tls-public
        internal: skyline-tls-internal
  oci_image_registry:
    skyline: skyline-oci-image-registry

tls:
  identity: false
  oslo_db: false

network:
  skyline:
    ingress:
      public: true
      classes:
        namespace: "ingress-openstack"
        cluster: "ingress-cluster"
      annotations:
        nginx.ingress.kubernetes.io/rewrite-target: /
        haproxy.org/path-rewrite: /
    external_policy_local: false
    node_port:
      enabled: false
      port: 30779

endpoints:
  cluster_domain_suffix: cluster.local
  oslo_db:
    auth:
      admin:
        username: root
        password: password
        secret:
          tls:
            internal: mariadb-tls-direct
      skyline:
        username: skyline
        password: password
    hosts:
      default: mariadb
    host_fqdn_override:
      default: null
    path: /skyline
    scheme:
      default: mysql+pymysql
      skyline: mysql+pymysql
    port:
      mysql:
        default: 3306
  oci_image_registry:
    name: oci-image-registry
    namespace: oci-image-registry
    auth:
      enabled: false
      skyline:
        username: skyline
        password: password
    hosts:
      default: localhost
    host_fqdn_override:
      default: null
    port:
      registry:
        default: null
  identity:
    name: keystone
    auth:
      admin:
        region_name: RegionOne
        username: admin
        password: password
        project_name: admin
        user_domain_name: default
        project_domain_name: default
      skyline:
        role: admin
        region_name: RegionOne
        username: skyline
        password: password
        project_name: admin
        user_domain_name: default
        project_domain_name: default
    hosts:
      default: keystone
      internal: keystone-api
    host_fqdn_override:
      default: null
    path:
      default: /v3
    scheme:
      default: http
    port:
      api:
        default: 80
        internal: 5000
  skyline:
    name: skyline
    hosts:
      default: skyline-api
      public: skyline
    host_fqdn_override:
      default: null
    scheme:
      default: 'http'
      service: 'http'
    port:
      api:
        default: 9999
        public: 80

pod:
  replicas:
    skyline: 1
  lifecycle:
    upgrades:
      deployments:
        revision_history: 3
        pod_replacement_strategy: RollingUpdate
        rolling_update:
          max_unavailable: 1
          max_surge: 1
  security_context:
    skyline:
      pod:
        runAsUser: 0
      container:
        skyline:
          readOnlyRootFilesystem: false
  mounts:
    skyline:
      init_container: null
      skyline:
        volumes:
        volumeMounts:
  tolerations:
    skyline:
      enabled: false
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      - key: node-role.kubernetes.io/control-plane
        operator: Exists
        effect: NoSchedule
  resources:
    enabled: false
    skyline:
      requests:
        memory: "128Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    jobs:
      db_init:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      db_sync:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"

dependencies:
  dynamic:
    common:
      local_image_registry:
        jobs:
          - skyline-image-repo-sync
        services:
          - endpoint: node
            service: local_image_registry
  static:
    skyline:
      jobs:
        - skyline-db-sync
        - skyline-ks-user
      services:
        - endpoint: internal
          service: oslo_db
        - endpoint: internal
          service: identity
    db_init:
      services:
        - endpoint: internal
          service: oslo_db
    db_sync:
      jobs:
        - skyline-db-init
      services:
        - endpoint: internal
          service: oslo_db
    ks_user:
      services:
        - endpoint: internal
          service: identity

conf:
  skyline:
    default:
      debug: true
      log_dir: /var/log
      log_file: /dev/stdout
      # These two params are only available in the custom skyline image
      access_log_file: /dev/stdout
      error_log_file: /dev/stdout
    openstack:
      interface_type: internal
      default_region: RegionOne
  gunicorn: |
    import multiprocessing
    bind = "unix:/var/lib/skyline/skyline.sock"
    workers = (1 + multiprocessing.cpu_count()) // 2
    worker_class = "uvicorn.workers.UvicornWorker"
    timeout = 300
    keepalive = 5
    reuse_port = False
    proc_name = "skyline"
    log_level = "info"
    disable_redirect_access_to_syslog = True
    access_logfile = "-"
    error_logfile = "-"

manifests:
  certificates: false
  configmap_etc: true
  configmap_bin: true
  deployment: true
  job_db_init: true
  job_db_sync: true
  job_db_drop: false
  secret_db: true
  secret_keystone: true
  job_ks_user: true
  service: true
  ingress: true
  service_ingress: true
  secret_registry: true

# -- Array of extra K8s manifests to deploy
## Note: Supports use of custom Helm templates
extraObjects: []
  # - apiVersion: secrets-store.csi.x-k8s.io/v1
  #   kind: SecretProviderClass
  #   metadata:
  #     name: osh-secrets-store
  #   spec:
  #     provider: aws
  #     parameters:
  #       objects: |
  #         - objectName: "osh"
  #           objectType: "secretsmanager"
  #           jmesPath:
  #               - path: "client_id"
  #                 objectAlias: "client_id"
  #               - path: "client_secret"
  #                 objectAlias: "client_secret"
  #     secretObjects:
  #     - data:
  #       - key: client_id
  #         objectName: client_id
  #       - key: client_secret
  #         objectName: client_secret
  #       secretName: osh-secrets-store
  #       type: Opaque
  #       labels:
  #         app.kubernetes.io/part-of: osh
...