# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Default values for openvswitch.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value

---
release_group: null

images:
  tags:
    ovn_ovsdb_nb: docker.io/openstackhelm/ovn:latest-ubuntu_focal
    ovn_ovsdb_sb: docker.io/openstackhelm/ovn:latest-ubuntu_focal
    ovn_northd: docker.io/openstackhelm/ovn:latest-ubuntu_focal
    ovn_controller: docker.io/openstackhelm/ovn:latest-ubuntu_focal
    dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
    image_repo_sync: docker.io/library/docker:17.07.0
  pull_policy: "IfNotPresent"
  local_registry:
    active: false
    exclude:
      - dep_check
      - image_repo_sync

labels:
  ovn:
    node_selector_key: ovn
    node_selector_value: enabled
  ovn_ovsdb_nb:
    node_selector_key: openstack-compute-node
    node_selector_value: enabled
  ovn_ovsdb_sb:
    node_selector_key: openstack-compute-node
    node_selector_value: enabled
  ovn_northd:
    node_selector_key: openstack-compute-node
    node_selector_value: enabled
  ovn_controller:
    node_selector_key: openstack-compute-node
    node_selector_value: enabled
  ovn_controller_gw:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled

volume:
  ovn_ovsdb_nb:
    enabled: true
    class_name: general
    size: 5Gi
  ovn_ovsdb_sb:
    enabled: true
    class_name: general
    size: 5Gi

network:
  interface:
    # Tunnel interface will be used for VXLAN tunneling.
    tunnel: null
    # If tunnel is null there is a fallback mechanism to search
    # for interface with routing using tunnel network cidr.
    tunnel_network_cidr: "0/0"

conf:
  ovn_cms_options: "availability-zones=nova"
  gw_ovn_cms_options: "enable-chassis-as-gw,availability-zones=nova"
  ovn_encap_type: geneve
  ovn_bridge: br-int
  ovn_bridge_mappings: external:br-ex

  # auto_bridge_add:
  #   br-private: eth0
  #   br-public: eth1
  auto_bridge_add: {}

  # NOTE: should be same as nova.conf.use_fqdn.compute
  use_fqdn:
    compute: true

pod:
  security_context:
    ovn_northd:
      container:
        northd:
          capabilities:
            add:
              - SYS_NICE
    ovn_controller:
      container:
        controller_init:
          privileged: true
          runAsUser: 0
        controller:
          capabilities:
            add:
              - SYS_NICE
    ovn_controller_gw:
      container:
        controller_init:
          privileged: true
          runAsUser: 0
        controller:
          capabilities:
            add:
              - SYS_NICE
  tolerations:
    ovn_ovsdb_nb:
      enabled: false
    ovn_ovsdb_sb:
      enabled: false
    ovn_northd:
      enabled: false
    ovn_controller:
      enabled: false
    ovn_controller_gw:
      enabled: false
  affinity:
    anti:
      type:
        default: preferredDuringSchedulingIgnoredDuringExecution
      topologyKey:
        default: kubernetes.io/hostname
      weight:
        default: 10

  probes:
    ovn_northd:
      northd:
        readiness:
          enabled: true
          params:
            initialDelaySeconds: 5
            timeoutSeconds: 10
        liveness:
          enabled: true
          params:
            initialDelaySeconds: 5
            timeoutSeconds: 10
  dns_policy: "ClusterFirstWithHostNet"
  replicas:
    ovn_ovsdb_nb: 1
    ovn_ovsdb_sb: 1
    ovn_northd: 1
  lifecycle:
    upgrades:
      daemonsets:
        pod_replacement_strategy: RollingUpdate
        ovn_ovsdb_nb:
          enabled: true
          min_ready_seconds: 0
          max_unavailable: 1
        ovn_ovsdb_sb:
          enabled: true
          min_ready_seconds: 0
          max_unavailable: 1
        ovn_northd:
          enabled: true
          min_ready_seconds: 0
          max_unavailable: 1
        ovn_controller:
          enabled: true
          min_ready_seconds: 0
          max_unavailable: 1
        ovn_controller_gw:
          enabled: true
          min_ready_seconds: 0
          max_unavailable: 1
  resources:
    enabled: false
    ovs:
      ovn_ovsdb_nb:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      ovn_ovsdb_sb:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      ovn_northd:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      ovn_controller:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      ovn_controller_gw:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
    jobs:
      image_repo_sync:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"

secrets:
  oci_image_registry:
    ovn_ovsdb_nb: ovn-ovsdb-nb-oci-image-registry-key
    ovn_ovsdb_sb: ovn-ovsdb-sb-oci-image-registry-key
    ovn_northd: ovn-northd-oci-image-registry-key
    ovn_controller: ovn-controller-oci-image-registry-key
    ovn_controller_gw: ovn-controller-gw-oci-image-registry-key

# TODO: Check these endpoints?!
endpoints:
  cluster_domain_suffix: cluster.local
  local_image_registry:
    name: docker-registry
    namespace: docker-registry
    hosts:
      default: localhost
      internal: docker-registry
      node: localhost
    host_fqdn_override:
      default: null
    port:
      registry:
        node: 5000
  oci_image_registry:
    name: oci-image-registry
    namespace: oci-image-registry
    auth:
      enabled: false
      openvswitch:
        username: openvswitch
        password: password
    hosts:
      default: localhost
    host_fqdn_override:
      default: null
    port:
      registry:
        default: null
  ovn_ovsdb_nb:
    name: ovn-ovsdb-nb
    namespace: null
    hosts:
      default: ovn-ovsdb-nb
    host_fqdn_override:
      default: null
    port:
      ovsdb:
        default: 6641
      raft:
        default: 6643
  ovn_ovsdb_sb:
    name: ovn-ovsdb-sb
    namespace: null
    hosts:
      default: ovn-ovsdb-sb
    host_fqdn_override:
      default: null
    port:
      ovsdb:
        default: 6642
      raft:
        default: 6644

network_policy:
  ovn_ovsdb_nb:
    ingress:
      - {}
    egress:
      - {}
  ovn_ovsdb_sb:
    ingress:
      - {}
    egress:
      - {}
  ovn_northd:
    ingress:
      - {}
    egress:
      - {}
  ovn_controller:
    ingress:
      - {}
  ovn_controller_gw:
    ingress:
      - {}
    egress:
      - {}

dependencies:
  dynamic:
    common:
      local_image_registry:
        jobs:
          - openvswitch-image-repo-sync
        services:
          - endpoint: node
            service: local_image_registry
  static:
    ovn_ovsdb_nb: null
    ovn_ovsdb_sb: null
    ovn_northd:
      services:
        - endpoint: internal
          service: ovn-ovsdb-nb
        - endpoint: internal
          service: ovn-ovsdb-sb
    ovn_controller:
      services:
        - endpoint: internal
          service: ovn-ovsdb-sb
    ovn_controller_gw:
      services:
        - endpoint: internal
          service: ovn-ovsdb-sb
      pod:
        - requireSameNode: true
          labels:
            application: openvswitch
            component: server
    image_repo_sync:
      services:
        - endpoint: internal
          service: local_image_registry

manifests:
  configmap_bin: true
  configmap_etc: true
  deployment_northd: true
  daemonset_controller: true
  service_ovn_ovsdb_nb: true
  service_ovn_ovsdb_sb: true
  statefulset_ovn_ovsdb_nb: true
  statefulset_ovn_ovsdb_sb: true
  deployment_ovn_northd: true
  daemonset_ovn_controller: true
  daemonset_ovn_controller_gw: true
  job_image_repo_sync: true
...