openstack-helm/blazar/values.yaml

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

---
release_group: null

labels:
  api:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled
  manager:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled
  job:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled
  test:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled

images:
  tags:
    test: docker.io/xrally/xrally-openstack:2.0.0
    bootstrap: quay.io/airshipit/openstack-client:2025.1-ubuntu_jammy
    db_init: quay.io/airshipit/openstack-client:2025.1-ubuntu_jammy
    db_drop: quay.io/airshipit/openstack-client:2025.1-ubuntu_jammy
    ks_user: quay.io/airshipit/openstack-client:2025.1-ubuntu_jammy
    ks_service: quay.io/airshipit/openstack-client:2025.1-ubuntu_jammy
    ks_endpoints: quay.io/airshipit/openstack-client:2025.1-ubuntu_jammy
    rabbit_init: docker.io/rabbitmq:3.13-management
    blazar_db_sync: quay.io/airshipit/blazar:2025.1-ubuntu_jammy
    blazar_api: quay.io/airshipit/blazar:2025.1-ubuntu_jammy
    blazar_manager: quay.io/airshipit/blazar:2025.1-ubuntu_jammy
    dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy
    image_repo_sync: docker.io/docker:17.07.0

  pull_policy: "IfNotPresent"
  local_registry:
    active: false
    exclude:
      - dep_check
      - image_repo_sync

network:
  api:
    ingress:
      public: true
      classes:
        namespace: "ingress-openstack"
        cluster: "ingress-cluster"
      annotations:
        nginx.ingress.kubernetes.io/rewrite-target: /
        haproxy.org/path-rewrite: /
    external_policy_local: false
    node_port:
      enabled: false
      port: 30788
  manager:
    ingress:
      public: true
      classes:
        namespace: "ingress-openstack"
        cluster: "ingress-cluster"
      annotations:
        nginx.ingress.kubernetes.io/rewrite-target: /
        haproxy.org/path-rewrite: /
    external_policy_local: false
    node_port:
      enabled: false
      port: 30789

dependencies:
  dynamic:
    common:
      local_image_registry:
        jobs:
          - blazar-image-repo-sync
        services:
          - endpoint: node
            service: local_image_registry
  static:
    api:
      jobs:
        - blazar-db-sync
        - blazar-ks-user
        - blazar-ks-endpoints
        - blazar-rabbit-init
      services:
        - endpoint: internal
          service: oslo_db
        - endpoint: internal
          service: identity
        - endpoint: internal
          service: oslo_messaging
    manager:
      jobs:
        - blazar-db-sync
        - blazar-ks-user
        - blazar-ks-endpoints
        - blazar-rabbit-init
      services:
        - endpoint: internal
          service: oslo_db
        - endpoint: internal
          service: identity
        - endpoint: internal
          service: oslo_messaging
    bootstrap:
      services:
        - endpoint: internal
          service: identity
        - endpoint: internal
          service: reservation
    db_init:
      services:
        - endpoint: internal
          service: oslo_db
    db_drop:
      services:
        - endpoint: internal
          service: oslo_db
    db_sync:
      jobs:
        - blazar-db-init
      services:
        - endpoint: internal
          service: oslo_db
    ks_endpoints:
      jobs:
        - blazar-ks-service
      services:
        - endpoint: internal
          service: identity
    ks_service:
      services:
        - endpoint: internal
          service: identity
    ks_user:
      services:
        - endpoint: internal
          service: identity
    rabbit_init:
      services:
        - endpoint: internal
          service: oslo_messaging
    tests:
      jobs:
        - blazar-db-sync
      services:
        - endpoint: internal
          service: oslo_db
        - endpoint: internal
          service: identity
        - endpoint: internal
          service: reservation
        - endpoint: internal
          service: compute
    image_repo_sync:
      services:
        - endpoint: internal
          service: local_image_registry

secrets:
  identity:
    admin: blazar-keystone-admin
    blazar: blazar-keystone-user
    service: blazar-keystone-service
    test: blazar-keystone-test
  oslo_db:
    admin: blazar-db-admin
    blazar: blazar-db-user
  oslo_messaging:
    admin: blazar-rabbitmq-admin
    blazar: blazar-rabbitmq-user
  tls:
    reservation:
      api:
        public: blazar-tls-public
        internal: blazar-tls-internal
        nginx: blazar-tls-nginx
        nginx_cluster: blazar-tls-nginx-cluster

endpoints:
  cluster_domain_suffix: cluster.local
  local_image_registry:
    name: docker-registry
    namespace: docker-registry
    hosts:
      default: localhost
      internal: docker-registry
      node: localhost
    host_fqdn_override:
      default: null
    port:
      registry:
        node: 5000
  identity:
    name: keystone
    auth:
      admin:
        region_name: RegionOne
        username: admin
        password: password
        project_name: admin
        user_domain_name: default
        project_domain_name: default
      blazar:
        role: admin
        region_name: RegionOne
        username: blazar
        password: password
        project_name: service
        user_domain_name: service
        project_domain_name: service
      service:
        role: admin,service
        region_name: RegionOne
        username: blazar_service_user
        password: password
        project_name: service
        user_domain_name: service
        project_domain_name: service
      test:
        role: admin
        region_name: RegionOne
        username: blazar-test
        password: password
        project_name: test
        user_domain_name: service
        project_domain_name: service
    hosts:
      default: keystone
      internal: keystone-api
    host_fqdn_override:
      default: null
    path:
      default: /v3
    scheme:
      default: http
    port:
      api:
        default: 80
        internal: 5000
  reservation:
    name: blazar
    hosts:
      default: blazar-api
      public: blazar
    host_fqdn_override:
      default: null
    path:
      default: /v1
    scheme:
      default: 'http'
      service: 'http'
    port:
      api:
        default: 1234
        public: 80
        service: 1234
  oslo_db:
    auth:
      admin:
        username: root
        password: password
        secret:
          tls:
            internal: mariadb-tls-direct
      blazar:
        username: blazar
        password: password
    hosts:
      default: mariadb
    host_fqdn_override:
      default: null
    path: /blazar
    scheme: mysql+pymysql
    port:
      mysql:
        default: 3306
  oslo_messaging:
    auth:
      admin:
        username: rabbitmq
        password: password
        secret:
          tls:
            internal: rabbitmq-tls-direct
      blazar:
        username: blazar
        password: password
    statefulset:
      replicas: 2
      name: rabbitmq-rabbitmq
    hosts:
      default: rabbitmq
    host_fqdn_override:
      default: null
    path: /blazar
    scheme: rabbit
    port:
      amqp:
        default: 5672
      http:
        default: 15672
  oslo_cache:
    auth:
      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
      default: null
    port:
      memcache:
        default: 11211
  fluentd:
    namespace: null
    name: fluentd
    hosts:
      default: fluentd-logging
    host_fqdn_override:
      default: null
    path:
      default: null
    scheme: 'http'
    port:
      service:
        default: 24224
      metrics:
        default: 24220
  compute:
    name: nova
    hosts:
      default: nova-api
      internal: nova-api
    host_fqdn_override:
      default: null
    path:
      default: "/v2.1"
    scheme:
      default: http
    port:
      api:
        default: 80
        internal: 8774
        public: 80
  # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
  # They are using to enable the Egress K8s network policy.
  kube_dns:
    namespace: kube-system
    name: kubernetes-dns
    hosts:
      default: kube-dns
    host_fqdn_override:
      default: null
    path:
      default: null
    scheme: http
    port:
      dns:
        default: 53
        protocol: UDP
  ingress:
    namespace: null
    name: ingress
    hosts:
      default: ingress
    port:
      ingress:
        default: 80

pod:
  probes:
    rpc_timeout: 60
    rpc_retries: 2
    api:
      default:
        liveness:
          enabled: True
          params:
            initialDelaySeconds: 60
            periodSeconds: 10
            timeoutSeconds: 5
        readiness:
          enabled: True
          params:
            initialDelaySeconds: 60
            periodSeconds: 10
            timeoutSeconds: 5
  security_context:
    blazar:
      pod:
        runAsUser: 42424
      container:
        blazar_api:
          runAsUser: 0
        blazar_manager:
          readOnlyRootFilesystem: true
          allowPrivilegeEscalation: false
    test:
      pod:
        runAsUser: 42424
      container:
        blazar_test_ks_user:
          readOnlyRootFilesystem: true
          allowPrivilegeEscalation: false
        blazar_test:
          runAsUser: 65500
          readOnlyRootFilesystem: true
          allowPrivilegeEscalation: false
  affinity:
    anti:
      type:
        default: preferredDuringSchedulingIgnoredDuringExecution
      topologyKey:
        default: kubernetes.io/hostname
      weight:
        default: 10
  tolerations:
    blazar:
      enabled: false
      tolerations:
        - key: node-role.kubernetes.io/master
          operator: Exists
          effect: NoSchedule
        - key: node-role.kubernetes.io/control-plane
          operator: Exists
          effect: NoSchedule
  mounts:
    blazar_api:
      init_container: null
      blazar_api:
        volumeMounts:
        volumes:
    blazar_manager:
      init_container: null
      blazar_manager:
        volumeMounts:
        volumes:
    blazar_bootstrap:
      init_container: null
      blazar_bootstrap:
        volumeMounts:
        volumes:
    blazar_db_sync:
      blazar_db_sync:
        volumeMounts:
        volumes:
    blazar_tests:
      init_container: null
      blazar_tests:
        volumeMounts:
        volumes:
  replicas:
    api: 1
    manager: 1
  lifecycle:
    upgrades:
      deployments:
        revision_history: 3
        pod_replacement_strategy: RollingUpdate
        rolling_update:
          max_unavailable: 1
          max_surge: 3
    disruption_budget:
      api:
        min_available: 0
      manager:
        min_available: 0
    termination_grace_period:
      api:
        timeout: 30
      manager:
        timeout: 30
  resources:
    enabled: false
    api:
      requests:
        memory: "128Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    manager:
      requests:
        memory: "128Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    jobs:
      bootstrap:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      db_init:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      db_sync:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      db_drop:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      ks_endpoints:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      ks_service:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      ks_user:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      rabbit_init:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      tests:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      image_repo_sync:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"

jobs:
  bootstrap:
    backoffLimit: 5
    activeDeadlineSeconds: 600
  db_init:
    backoffLimit: 5
    activeDeadlineSeconds: 600
  db_drop:
    backoffLimit: 5
    activeDeadlineSeconds: 600
  db_sync:
    backoffLimit: 5
    activeDeadlineSeconds: 600
  ks_endpoints:
    backoffLimit: 5
    activeDeadlineSeconds: 600
  ks_service:
    backoffLimit: 5
    activeDeadlineSeconds: 600
  ks_user:
    backoffLimit: 5
    activeDeadlineSeconds: 600
  rabbit_init:
    backoffLimit: 5
    activeDeadlineSeconds: 600

conf:
  blazar:
    DEFAULT:
      debug: false
      log_config_append: /etc/blazar/logging.conf
      api_paste_config: /etc/blazar/api-paste.ini
      os_auth_protocol:
      os_auth_host:
      os_auth_port:
      os_region_name:
      os_admin_username:
      os_admin_password:
      os_admin_project_name:
      os_admin_user_domain_name:
      os_admin_project_domain_name:
    database:
      max_retries: -1
    keystone_authtoken:
      service_token_roles: service
      service_token_roles_required: true
      auth_type: password
      auth_version: v3
      memcache_security_strategy: ENCRYPT
      service_type: reservation
    oslo_messaging_notifications:
      driver: messagingv2
    oslo_messaging_rabbit:
      rabbit_ha_queues: true
    oslo_concurrency:
      lock_path: /var/lock
    manager:
      plugins: physical.host.plugin,virtual.instance.plugin,flavor.instance.plugin,virtual.floatingip.plugin
    enforcement:
      enabled_filters:
        - MaxLeaseDurationFilter
      max_lease_duration: 86400
    physical_host_plugin:
      aggregate_freepool_name: freepool
      blazar_username: blazar
      blazar_password: password
      blazar_project_name: service
      blazar_user_domain_name: service
      blazar_project_domain_name: service
      nova_client_timeout: 30
      enable_host_reservation: true

  logging:
    loggers:
      keys:
        - root
        - blazar
    handlers:
      keys:
        - stdout
        - stderr
        - "null"
    formatters:
      keys:
        - context
        - default
    logger_root:
      level: WARNING
      handlers: "null"
    logger_blazar:
      level: INFO
      handlers:
        - stdout
      qualname: blazar
    logger_amqp:
      level: WARNING
      handlers: stderr
      qualname: amqp
    logger_amqplib:
      level: WARNING
      handlers: stderr
      qualname: amqplib
    logger_eventletwsgi:
      level: WARNING
      handlers: stderr
      qualname: eventlet.wsgi.server
    logger_sqlalchemy:
      level: WARNING
      handlers: stderr
      qualname: sqlalchemy
    logger_boto:
      level: WARNING
      handlers: stderr
      qualname: boto
    handler_null:
      class: logging.NullHandler
      formatter: default
      args: ()
    handler_stdout:
      class: StreamHandler
      args: (sys.stdout,)
      formatter: context
    handler_stderr:
      class: StreamHandler
      args: (sys.stderr,)
      formatter: context
    formatter_context:
      class: oslo_log.formatters.ContextFormatter
      datefmt: "%Y-%m-%d %H:%M:%S"
    formatter_default:
      format: "%(message)s"
      datefmt: "%Y-%m-%d %H:%M:%S"
  api_paste:
    composite:reservation:
      use: "egg:Paste#urlmap"
      "/": blazarversions
      "/v1": blazarapi_v1
      "/v2": blazarapi_v2
    composite:blazarapi_v1:
      use: "call:blazar.api.middleware:pipeline_factory"
      noauth: "request_id faultwrap sizelimit noauth blazarapi_v1"
      keystone: "request_id faultwrap sizelimit authtoken keystonecontext blazarapi_v1"
    composite:blazarapi_v2:
      use: "call:blazar.api.middleware:pipeline_factory"
      noauth: "request_id faultwrap sizelimit noauth blazarapi_v2"
      keystone: "request_id faultwrap sizelimit authtoken keystonecontext blazarapi_v2"
    app:blazarversions:
      paste.app_factory: "blazar.api.versions:Versions.factory"
    app:blazarapi_v1:
      paste.app_factory: "blazar.api.v1.app:make_app"
    app:blazarapi_v2:
      paste.app_factory: "blazar.api.v2.app:make_app"
    filter:request_id:
      paste.filter_factory: "oslo_middleware:RequestId.factory"
    filter:faultwrap:
      paste.filter_factory: "blazar.api.middleware:FaultWrapper.factory"
    filter:noauth:
      paste.filter_factory: "blazar.api.middleware:NoAuthMiddleware.factory"
    filter:sizelimit:
      paste.filter_factory: "oslo_middleware:RequestBodySizeLimiter.factory"
    filter:authtoken:
      paste.filter_factory: "keystonemiddleware.auth_token:filter_factory"
    filter:keystonecontext:
      paste.filter_factory: "blazar.api.middleware:KeystoneContextMiddleware.factory"
  policy: {}
  rabbitmq:
    policies:
      - vhost: "blazar"
        name: "ha_ttl_blazar"
        pattern: '^(?!(amq\.|reply_)).*'
        definition:
          ha-mode: "all"
          ha-sync-mode: "automatic"
          message-ttl: 70000
        priority: 0
        apply-to: all

  rally_tests:
    run_tempest: false
    tests:
      # NOTE:This is a dummy test added as a placeholder and currently, Rally does not support Blazar scenarios.
      Dummy.dummy:
        -
          args:
            sleep: 5
          runner:
            type: "constant"
            times: 20
            concurrency: 5
          sla:
            failure_rate:
              max: 0
    templates: []

bootstrap:
  enabled: false
  ks_user: blazar
  script: |
    openstack token issue

manifests:
  certificates: false
  configmap_bin: true
  configmap_etc: true
  deployment_api: true
  deployment_manager: true
  ingress_api: true
  job_bootstrap: true
  job_db_init: true
  job_db_drop: false
  job_db_sync: true
  job_image_repo_sync: true
  job_ks_endpoints: true
  job_ks_service: true
  job_ks_user: true
  job_rabbit_init: true
  pdb_api: true
  pdb_manager: true
  pod_rally_test: true
  secret_db: true
  secret_keystone: true
  secret_ks_etc: true
  secret_rabbitmq: true
  service_api: true
  service_ingress_api: true

network_policy:
  blazar:
    ingress:
      - {}
    egress:
      - {}

tls:
  identity: false
  oslo_messaging: false
  oslo_db: false
  reservation:
    api:
      public: false
# -- Array of extra K8s manifests to deploy
## Note: Supports use of custom Helm templates
extraObjects: []
  # - apiVersion: secrets-store.csi.x-k8s.io/v1
  #   kind: SecretProviderClass
  #   metadata:
  #     name: osh-secrets-store
  #   spec:
  #     provider: aws
  #     parameters:
  #       objects: |
  #         - objectName: "osh"
  #           objectType: "secretsmanager"
  #           jmesPath:
  #               - path: "client_id"
  #                 objectAlias: "client_id"
  #               - path: "client_secret"
  #                 objectAlias: "client_secret"
  #     secretObjects:
  #     - data:
  #       - key: client_id
  #         objectName: client_id
  #       - key: client_secret
  #         objectName: client_secret
  #       secretName: osh-secrets-store
  #       type: Opaque
  #       labels:
  #         app.kubernetes.io/part-of: osh
...