a6322a5521
This ps provides several basic enhancements to the magnum chart. Change-Id: I50bbb5f1db1490be6844970b2715fa05abb56ea2
514 lines
13 KiB
YAML
514 lines
13 KiB
YAML
# Copyright 2017 The Openstack-Helm Authors.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Default values for keystone.
|
|
# This is a YAML-formatted file.
|
|
# Declare name/value pairs to be passed into your templates.
|
|
# name: value
|
|
|
|
release_group: null
|
|
|
|
labels:
|
|
api:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
conductor:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
job:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
|
|
images:
|
|
tags:
|
|
bootstrap: docker.io/openstackhelm/heat:newton
|
|
db_init: docker.io/openstackhelm/heat:newton
|
|
magnum_db_sync: docker.io/openstackhelm/magnum:newton
|
|
db_drop: docker.io/openstackhelm/heat:newton
|
|
rabbit_init: docker.io/rabbitmq:3.7-management
|
|
ks_user: docker.io/openstackhelm/heat:newton
|
|
ks_service: docker.io/openstackhelm/heat:newton
|
|
ks_endpoints: docker.io/openstackhelm/heat:newton
|
|
magnum_api: docker.io/openstackhelm/magnum:newton
|
|
magnum_conductor: docker.io/openstackhelm/magnum:newton
|
|
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
|
|
pull_policy: "IfNotPresent"
|
|
|
|
conf:
|
|
paste:
|
|
pipeline:main:
|
|
pipeline: cors healthcheck request_id authtoken api_v1
|
|
app:api_v1:
|
|
paste.app_factory: magnum.api.app:app_factory
|
|
filter:authtoken:
|
|
acl_public_routes: /, /v1
|
|
paste.filter_factory: magnum.api.middleware.auth_token:AuthTokenMiddleware.factory
|
|
filter:request_id:
|
|
paste.filter_factory: oslo_middleware:RequestId.factory
|
|
filter:cors:
|
|
paste.filter_factory: oslo_middleware.cors:filter_factory
|
|
oslo_config_project: magnum
|
|
filter:healthcheck:
|
|
paste.filter_factory: oslo_middleware:Healthcheck.factory
|
|
backends: disable_by_file
|
|
disable_by_file_path: /etc/magnum/healthcheck_disable
|
|
policy:
|
|
context_is_admin: role:admin
|
|
admin_or_owner: is_admin:True or project_id:%(project_id)s
|
|
default: rule:admin_or_owner
|
|
admin_api: rule:context_is_admin
|
|
admin_or_user: is_admin:True or user_id:%(user_id)s
|
|
cluster_user: user_id:%(trustee_user_id)s
|
|
deny_cluster_user: not domain_id:%(trustee_domain_id)s
|
|
bay:create: rule:deny_cluster_user
|
|
bay:delete: rule:deny_cluster_user
|
|
bay:detail: rule:deny_cluster_user
|
|
bay:get: rule:deny_cluster_user
|
|
bay:get_all: rule:deny_cluster_user
|
|
bay:update: rule:deny_cluster_user
|
|
baymodel:create: rule:deny_cluster_user
|
|
baymodel:delete: rule:deny_cluster_user
|
|
baymodel:detail: rule:deny_cluster_user
|
|
baymodel:get: rule:deny_cluster_user
|
|
baymodel:get_all: rule:deny_cluster_user
|
|
baymodel:update: rule:deny_cluster_user
|
|
baymodel:publish: rule:admin_or_owner
|
|
cluster:create: rule:deny_cluster_user
|
|
cluster:delete: rule:deny_cluster_user
|
|
cluster:detail: rule:deny_cluster_user
|
|
cluster:get: rule:deny_cluster_user
|
|
cluster:get_all: rule:deny_cluster_user
|
|
cluster:update: rule:deny_cluster_user
|
|
clustertemplate:create: rule:deny_cluster_user
|
|
clustertemplate:delete: rule:deny_cluster_user
|
|
clustertemplate:detail: rule:deny_cluster_user
|
|
clustertemplate:get: rule:deny_cluster_user
|
|
clustertemplate:get_all: rule:deny_cluster_user
|
|
clustertemplate:update: rule:deny_cluster_user
|
|
clustertemplate:publish: rule:admin_or_owner
|
|
rc:create: rule:default
|
|
rc:delete: rule:default
|
|
rc:detail: rule:default
|
|
rc:get: rule:default
|
|
rc:get_all: rule:default
|
|
rc:update: rule:default
|
|
certificate:create: rule:admin_or_user or rule:cluster_user
|
|
certificate:get: rule:admin_or_user or rule:cluster_user
|
|
magnum-service:get_all: rule:admin_api
|
|
magnum:
|
|
DEFAULT:
|
|
transport_url: null
|
|
oslo_messaging_notifications:
|
|
driver: messaging
|
|
oslo_concurrency:
|
|
lock_path: /var/lib/magnum/tmp
|
|
certificates:
|
|
cert_manager_type: barbican
|
|
database:
|
|
max_retries: -1
|
|
trust:
|
|
trustee_domain_name: null
|
|
keystone_authtoken:
|
|
auth_type: password
|
|
auth_version: v3
|
|
memcache_security_strategy: ENCRYPT
|
|
api:
|
|
# NOTE(portdirect): the bind port should not be defined, and is manipulated
|
|
# via the endpoints section.
|
|
port: null
|
|
host: 0.0.0.0
|
|
|
|
network:
|
|
api:
|
|
ingress:
|
|
public: true
|
|
classes:
|
|
namespace: "nginx"
|
|
cluster: "nginx-cluster"
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
|
external_policy_local: false
|
|
node_port:
|
|
enabled: false
|
|
port: 30511
|
|
|
|
bootstrap:
|
|
enabled: false
|
|
ks_user: magnum
|
|
script: |
|
|
openstack token issue
|
|
|
|
dependencies:
|
|
static:
|
|
api:
|
|
jobs:
|
|
- magnum-db-sync
|
|
- magnum-ks-user
|
|
- magnum-domain-ks-user
|
|
- magnum-ks-endpoints
|
|
- magnum-rabbit-init
|
|
services:
|
|
- endpoint: internal
|
|
service: oslo_db
|
|
- endpoint: internal
|
|
service: identity
|
|
- endpoint: internal
|
|
service: oslo_messaging
|
|
- endpoint: internal
|
|
service: key_manager
|
|
- endpoint: internal
|
|
service: orchestration
|
|
conductor:
|
|
jobs:
|
|
- magnum-db-sync
|
|
- magnum-ks-user
|
|
- magnum-domain-ks-user
|
|
- magnum-ks-endpoints
|
|
- magnum-rabbit-init
|
|
services:
|
|
- endpoint: internal
|
|
service: oslo_db
|
|
- endpoint: internal
|
|
service: identity
|
|
- endpoint: internal
|
|
service: oslo_messaging
|
|
- endpoint: internal
|
|
service: key_manager
|
|
- endpoint: internal
|
|
service: orchestration
|
|
db_drop:
|
|
services:
|
|
- endpoint: internal
|
|
service: oslo_db
|
|
db_init:
|
|
services:
|
|
- endpoint: internal
|
|
service: oslo_db
|
|
db_sync:
|
|
jobs:
|
|
- magnum-db-init
|
|
services:
|
|
- endpoint: internal
|
|
service: oslo_db
|
|
ks_endpoints:
|
|
jobs:
|
|
- magnum-ks-service
|
|
services:
|
|
- endpoint: internal
|
|
service: identity
|
|
ks_service:
|
|
services:
|
|
- endpoint: internal
|
|
service: identity
|
|
ks_user:
|
|
services:
|
|
- endpoint: internal
|
|
service: identity
|
|
rabbit_init:
|
|
services:
|
|
- endpoint: internal
|
|
service: oslo_messaging
|
|
# Names of secrets used by bootstrap and environmental checks
|
|
secrets:
|
|
identity:
|
|
admin: magnum-keystone-admin
|
|
magnum: magnum-keystone-user
|
|
magnum_stack_user: magnum-keystone-stack-user
|
|
oslo_db:
|
|
admin: magnum-db-admin
|
|
magnum: magnum-db-user
|
|
oslo_messaging:
|
|
admin: magnum-rabbitmq-admin
|
|
magnum: magnum-rabbitmq-user
|
|
|
|
# typically overridden by environmental
|
|
# values, but should include all endpoints
|
|
# required by this chart
|
|
endpoints:
|
|
cluster_domain_suffix: cluster.local
|
|
identity:
|
|
name: keystone
|
|
auth:
|
|
admin:
|
|
region_name: RegionOne
|
|
username: admin
|
|
password: password
|
|
project_name: admin
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
magnum:
|
|
role: admin
|
|
region_name: RegionOne
|
|
username: magnum
|
|
password: password
|
|
project_name: service
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
magnum_stack_user:
|
|
role: admin
|
|
region_name: RegionOne
|
|
username: magnum-domain
|
|
password: password
|
|
domain_name: magnum
|
|
hosts:
|
|
default: keystone-api
|
|
public: keystone
|
|
host_fqdn_override:
|
|
default: null
|
|
path:
|
|
default: /v3
|
|
scheme:
|
|
default: http
|
|
port:
|
|
admin:
|
|
default: 35357
|
|
api:
|
|
default: 80
|
|
container_infra:
|
|
name: magnum
|
|
hosts:
|
|
default: magnum-api
|
|
public: magnum
|
|
host_fqdn_override:
|
|
default: null
|
|
path:
|
|
default: /v1
|
|
scheme:
|
|
default: http
|
|
port:
|
|
api:
|
|
default: 9511
|
|
public: 80
|
|
key_manager:
|
|
name: barbican
|
|
hosts:
|
|
default: barbican-api
|
|
public: barbican
|
|
host_fqdn_override:
|
|
default: null
|
|
path:
|
|
default: /v1
|
|
scheme:
|
|
default: http
|
|
port:
|
|
api:
|
|
default: 9311
|
|
public: 80
|
|
orchestration:
|
|
name: heat
|
|
hosts:
|
|
default: heat-api
|
|
public: heat
|
|
host_fqdn_override:
|
|
default: null
|
|
path:
|
|
default: '/v1/%(project_id)s'
|
|
scheme:
|
|
default: 'http'
|
|
port:
|
|
api:
|
|
default: 8004
|
|
public: 80
|
|
oslo_db:
|
|
auth:
|
|
admin:
|
|
username: root
|
|
password: password
|
|
magnum:
|
|
username: magnum
|
|
password: password
|
|
hosts:
|
|
default: mariadb
|
|
host_fqdn_override:
|
|
default: null
|
|
path: /magnum
|
|
scheme: mysql+pymysql
|
|
port:
|
|
mysql:
|
|
default: 3306
|
|
oslo_cache:
|
|
auth:
|
|
# NOTE(portdirect): this is used to define the value for keystone
|
|
# authtoken cache encryption key, if not set it will be populated
|
|
# automatically with a random value, but to take advantage of
|
|
# this feature all services should be set to use the same key,
|
|
# and memcache service.
|
|
memcache_secret_key: null
|
|
hosts:
|
|
default: memcached
|
|
host_fqdn_override:
|
|
default: null
|
|
port:
|
|
memcache:
|
|
default: 11211
|
|
oslo_messaging:
|
|
auth:
|
|
admin:
|
|
username: rabbitmq
|
|
password: password
|
|
magnum:
|
|
username: magnum
|
|
password: password
|
|
hosts:
|
|
default: rabbitmq
|
|
host_fqdn_override:
|
|
default: null
|
|
path: /magnum
|
|
scheme: rabbit
|
|
port:
|
|
amqp:
|
|
default: 5672
|
|
http:
|
|
default: 15672
|
|
|
|
pod:
|
|
user:
|
|
magnum:
|
|
uid: 42424
|
|
affinity:
|
|
anti:
|
|
type:
|
|
default: preferredDuringSchedulingIgnoredDuringExecution
|
|
topologyKey:
|
|
default: kubernetes.io/hostname
|
|
mounts:
|
|
magnum_api:
|
|
init_container: null
|
|
magnum_api:
|
|
magnum_conductor:
|
|
init_container: null
|
|
magnum_conductor:
|
|
magnum_bootstrap:
|
|
init_container: null
|
|
magnum_bootstrap:
|
|
replicas:
|
|
api: 1
|
|
conductor: 1
|
|
lifecycle:
|
|
upgrades:
|
|
deployments:
|
|
revision_history: 3
|
|
pod_replacement_strategy: RollingUpdate
|
|
rolling_update:
|
|
max_unavailable: 1
|
|
max_surge: 3
|
|
disruption_budget:
|
|
api:
|
|
min_available: 0
|
|
termination_grace_period:
|
|
api:
|
|
timeout: 30
|
|
resources:
|
|
enabled: false
|
|
api:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
conductor:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
jobs:
|
|
bootstrap:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
db_init:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
db_sync:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
db_drop:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
ks_endpoints:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
ks_service:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
ks_user:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
rabbit_init:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
tests:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
|
|
manifests:
|
|
configmap_bin: true
|
|
configmap_etc: true
|
|
deployment_api: true
|
|
ingress_api: true
|
|
job_bootstrap: true
|
|
job_db_init: true
|
|
job_db_sync: true
|
|
job_db_drop: false
|
|
job_ks_endpoints: true
|
|
job_ks_service: true
|
|
job_ks_user_domain: true
|
|
job_ks_user: true
|
|
job_rabbit_init: true
|
|
pdb_api: true
|
|
secret_db: true
|
|
secret_keystone: true
|
|
secret_rabbitmq: true
|
|
service_api: true
|
|
service_ingress_api: true
|
|
statefulset_conductor: true
|