openstack/openstack-helm
Code Issues Proposed changes
cb8efbd954
openstack-helm/magnum/values.yaml
Pete Birley ceb30e8cc7 Jobs: Consoloate on heat-engine for admin jobs where possible. 
This ps moves to use a container sultaible for use as the heat engine
for all possible admin jobs - it is lighter than the kolla-toolbox image
and makes it easy to swap out to other image sets. This is as the heat
engine container should contain the openstack client (with all required
libs for the cloud) and the oslo_db supporting libs required by the db
management jobs, as well as the oslo_messaging libs required for future
rabbitmq management expansion.

Change-Id: I5451c15c8fb49c85b4f254cc60156420bee2efea
2017-08-29 04:34:26 +00:00

372 lines
8.7 KiB
YAML
Raw Blame History

# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for keystone.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
release_group: null
labels:
node_selector_key: openstack-control-plane
node_selector_value: enabled
images:
bootstrap: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
db_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
db_sync: docker.io/kolla/ubuntu-source-magnum-api:3.0.3
ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
api: docker.io/kolla/ubuntu-source-magnum-api:3.0.3
conductor: docker.io/kolla/ubuntu-source-magnum-conductor:3.0.3
dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0
pull_policy: "IfNotPresent"
conf:
paste:
override:
append:
policy:
context_is_admin: role:admin
admin_or_owner: is_admin:True or project_id:%(project_id)s
default: rule:admin_or_owner
admin_api: rule:context_is_admin
admin_or_user: is_admin:True or user_id:%(user_id)s
cluster_user: user_id:%(trustee_user_id)s
deny_cluster_user: not domain_id:%(trustee_domain_id)s
bay:create: rule:deny_cluster_user
bay:delete: rule:deny_cluster_user
bay:detail: rule:deny_cluster_user
bay:get: rule:deny_cluster_user
bay:get_all: rule:deny_cluster_user
bay:update: rule:deny_cluster_user
baymodel:create: rule:deny_cluster_user
baymodel:delete: rule:deny_cluster_user
baymodel:detail: rule:deny_cluster_user
baymodel:get: rule:deny_cluster_user
baymodel:get_all: rule:deny_cluster_user
baymodel:update: rule:deny_cluster_user
baymodel:publish: rule:admin_or_owner
cluster:create: rule:deny_cluster_user
cluster:delete: rule:deny_cluster_user
cluster:detail: rule:deny_cluster_user
cluster:get: rule:deny_cluster_user
cluster:get_all: rule:deny_cluster_user
cluster:update: rule:deny_cluster_user
clustertemplate:create: rule:deny_cluster_user
clustertemplate:delete: rule:deny_cluster_user
clustertemplate:detail: rule:deny_cluster_user
clustertemplate:get: rule:deny_cluster_user
clustertemplate:get_all: rule:deny_cluster_user
clustertemplate:update: rule:deny_cluster_user
clustertemplate:publish: rule:admin_or_owner
rc:create: rule:default
rc:delete: rule:default
rc:detail: rule:default
rc:get: rule:default
rc:get_all: rule:default
rc:update: rule:default
certificate:create: rule:admin_or_user or rule:cluster_user
certificate:get: rule:admin_or_user or rule:cluster_user
magnum-service:get_all: rule:admin_api
magnum:
override:
append:
keystone_authtoken:
keystonemiddleware:
auth_token:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
api:
magnum:
port: 9511
host: 0.0.0.0
network:
api:
ingress:
public: true
node_port:
enabled: false
port: 30511
bootstrap:
enabled: false
script: |
openstack token issue
dependencies:
db_init:
services:
- service: oslo_db
endpoint: internal
db_sync:
jobs:
- magnum-db-init
services:
- service: oslo_db
endpoint: internal
ks_user:
services:
- service: identity
endpoint: internal
ks_service:
services:
- service: identity
endpoint: internal
ks_endpoints:
jobs:
- magnum-ks-service
services:
- service: identity
endpoint: internal
api:
jobs:
- magnum-db-sync
- magnum-ks-user
- magnum-ks-endpoints
services:
- service: oslo_db
endpoint: internal
- service: identity
endpoint: internal
conductor:
jobs:
- magnum-db-sync
- magnum-ks-user
- magnum-ks-endpoints
services:
- service: oslo_db
endpoint: internal
- service: identity
endpoint: internal
# Names of secrets used by bootstrap and environmental checks
secrets:
identity:
admin: magnum-keystone-admin
user: magnum-keystone-user
oslo_db:
admin: magnum-db-admin
user: magnum-db-user
# typically overriden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
identity:
name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
user:
role: admin
region_name: RegionOne
username: magnum
password: password
project_name: service
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone
path:
default: /v3
scheme:
default: http
port:
admin:
default: 35357
api:
default: 80
container-infra:
name: magnum
hosts:
default: magnum-api
public: magnum
path:
default: /v1
scheme:
default: http
port:
api:
default: 9511
public: 80
oslo_db:
auth:
admin:
username: root
password: password
user:
username: magnum
password: password
hosts:
default: mariadb
path: /magnum
scheme: mysql+pymysql
port:
mysql:
default: 3306
oslo_cache:
hosts:
default: memcached
port:
memcache:
default: 11211
oslo_messaging:
auth:
admin:
username: admin
password: password
user:
username: rabbitmq
password: password
hosts:
default: rabbitmq
path: /
scheme: rabbit
port:
amqp:
default: 5672
pod:
user:
magnum:
uid: 1000
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
mounts:
magnum_api:
init_container: null
magnum_api:
magnum_conductor:
init_container: null
magnum_conductor:
magnum_bootstrap:
init_container: null
magnum_bootstrap:
replicas:
api: 1
conductor: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
disruption_budget:
api:
min_available: 0
termination_grace_period:
api:
timeout: 30
resources:
enabled: false
api:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
conductor:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
bootstrap:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_endpoints:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_service:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_user:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
manifests:
configmap_bin: true
configmap_etc: true
deployment_api: true
ingress_api: true
job_bootstrap: true
job_db_init: true
job_db_sync: true
job_ks_endpoints: true
job_ks_service: true
job_ks_user: true
pdb_api: true
secret_db: true
secret_keystone: true
service_api: true
service_ingress_api: true
statefulset_conductor: true
View Git Blame Copy Permalink