openstack-helm/magnum/values.yaml
Sean Eagan 97ac197a6e Move to v0.3.1 of kubernetes-entrypoint
Move to v0.3.1 of kubernetes-entrypoint which has 2
breaking changes to pod dependencies, and also adds support for
depending on jobs via labels.

Change-Id: I49d2cea11fbe5c5919ae22a020b877ebbb285992
2018-04-25 12:45:50 -05:00

452 lines
11 KiB
YAML

# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for keystone.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
release_group: null
labels:
api:
node_selector_key: openstack-control-plane
node_selector_value: enabled
conductor:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
images:
tags:
bootstrap: docker.io/openstackhelm/heat:newton
db_init: docker.io/openstackhelm/heat:newton
magnum_db_sync: docker.io/openstackhelm/magnum:newton
db_drop: docker.io/openstackhelm/heat:newton
rabbit_init: docker.io/rabbitmq:3.7-management
ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton
magnum_api: docker.io/openstackhelm/magnum:newton
magnum_conductor: docker.io/openstackhelm/magnum:newton
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
pull_policy: "IfNotPresent"
conf:
paste:
pipeline:main:
pipeline: cors healthcheck request_id authtoken api_v1
app:api_v1:
paste.app_factory: magnum.api.app:app_factory
filter:authtoken:
acl_public_routes: /, /v1
paste.filter_factory: magnum.api.middleware.auth_token:AuthTokenMiddleware.factory
filter:request_id:
paste.filter_factory: oslo_middleware:RequestId.factory
filter:cors:
paste.filter_factory: oslo_middleware.cors:filter_factory
oslo_config_project: magnum
filter:healthcheck:
paste.filter_factory: oslo_middleware:Healthcheck.factory
backends: disable_by_file
disable_by_file_path: /etc/magnum/healthcheck_disable
policy:
context_is_admin: role:admin
admin_or_owner: is_admin:True or project_id:%(project_id)s
default: rule:admin_or_owner
admin_api: rule:context_is_admin
admin_or_user: is_admin:True or user_id:%(user_id)s
cluster_user: user_id:%(trustee_user_id)s
deny_cluster_user: not domain_id:%(trustee_domain_id)s
bay:create: rule:deny_cluster_user
bay:delete: rule:deny_cluster_user
bay:detail: rule:deny_cluster_user
bay:get: rule:deny_cluster_user
bay:get_all: rule:deny_cluster_user
bay:update: rule:deny_cluster_user
baymodel:create: rule:deny_cluster_user
baymodel:delete: rule:deny_cluster_user
baymodel:detail: rule:deny_cluster_user
baymodel:get: rule:deny_cluster_user
baymodel:get_all: rule:deny_cluster_user
baymodel:update: rule:deny_cluster_user
baymodel:publish: rule:admin_or_owner
cluster:create: rule:deny_cluster_user
cluster:delete: rule:deny_cluster_user
cluster:detail: rule:deny_cluster_user
cluster:get: rule:deny_cluster_user
cluster:get_all: rule:deny_cluster_user
cluster:update: rule:deny_cluster_user
clustertemplate:create: rule:deny_cluster_user
clustertemplate:delete: rule:deny_cluster_user
clustertemplate:detail: rule:deny_cluster_user
clustertemplate:get: rule:deny_cluster_user
clustertemplate:get_all: rule:deny_cluster_user
clustertemplate:update: rule:deny_cluster_user
clustertemplate:publish: rule:admin_or_owner
rc:create: rule:default
rc:delete: rule:default
rc:detail: rule:default
rc:get: rule:default
rc:get_all: rule:default
rc:update: rule:default
certificate:create: rule:admin_or_user or rule:cluster_user
certificate:get: rule:admin_or_user or rule:cluster_user
magnum-service:get_all: rule:admin_api
magnum:
DEFAULT:
transport_url: null
database:
max_retries: -1
keystone_authtoken:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
api:
# NOTE(portdirect): the bind port should not be defined, and is manipulated
# via the endpoints section.
port: null
host: 0.0.0.0
network:
api:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 30511
bootstrap:
enabled: false
ks_user: magnum
script: |
openstack token issue
dependencies:
static:
api:
jobs:
- magnum-db-sync
- magnum-ks-user
- magnum-ks-endpoints
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: identity
conductor:
jobs:
- magnum-db-sync
- magnum-ks-user
- magnum-ks-endpoints
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: identity
db_drop:
services:
- endpoint: internal
service: oslo_db
db_init:
services:
- endpoint: internal
service: oslo_db
db_sync:
jobs:
- magnum-db-init
services:
- endpoint: internal
service: oslo_db
ks_endpoints:
jobs:
- magnum-ks-service
services:
- endpoint: internal
service: identity
ks_service:
services:
- endpoint: internal
service: identity
ks_user:
services:
- endpoint: internal
service: identity
rabbit_init:
services:
- service: oslo_messaging
endpoint: internal
# Names of secrets used by bootstrap and environmental checks
secrets:
identity:
admin: magnum-keystone-admin
magnum: magnum-keystone-user
oslo_db:
admin: magnum-db-admin
magnum: magnum-db-user
oslo_messaging:
admin: magnum-rabbitmq-admin
magnum: magnum-rabbitmq-user
# typically overridden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
cluster_domain_suffix: cluster.local
identity:
name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
magnum:
role: admin
region_name: RegionOne
username: magnum
password: password
project_name: service
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
admin:
default: 35357
api:
default: 80
container_infra:
name: magnum
hosts:
default: magnum-api
public: magnum
host_fqdn_override:
default: null
path:
default: /v1
scheme:
default: http
port:
api:
default: 9511
public: 80
oslo_db:
auth:
admin:
username: root
password: password
magnum:
username: magnum
password: password
hosts:
default: mariadb
host_fqdn_override:
default: null
path: /magnum
scheme: mysql+pymysql
port:
mysql:
default: 3306
oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts:
default: memcached
host_fqdn_override:
default: null
port:
memcache:
default: 11211
oslo_messaging:
auth:
admin:
username: rabbitmq
password: password
magnum:
username: magnum
password: password
hosts:
default: rabbitmq
host_fqdn_override:
default: null
path: /magnum
scheme: rabbit
port:
amqp:
default: 5672
http:
default: 15672
pod:
user:
magnum:
uid: 42424
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
mounts:
magnum_api:
init_container: null
magnum_api:
magnum_conductor:
init_container: null
magnum_conductor:
magnum_bootstrap:
init_container: null
magnum_bootstrap:
replicas:
api: 1
conductor: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
disruption_budget:
api:
min_available: 0
termination_grace_period:
api:
timeout: 30
resources:
enabled: false
api:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
conductor:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
bootstrap:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_drop:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_endpoints:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_service:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_user:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
manifests:
configmap_bin: true
configmap_etc: true
deployment_api: true
ingress_api: true
job_bootstrap: true
job_db_init: true
job_db_sync: true
job_db_drop: false
job_ks_endpoints: true
job_ks_service: true
job_ks_user: true
job_rabbit_init: true
pdb_api: true
secret_db: true
secret_keystone: true
secret_rabbitmq: true
service_api: true
service_ingress_api: true
statefulset_conductor: true