Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 0c4288750e9069d98b35782cce1bae1e0b4ed3a4 / . / charts / glance / values.yaml
blob: 2406a35d8855e900cabb593724de6129697b3c1d [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for glance.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18# radosgw, rbd, swift or pvc
19---
20storage: swift
21
22labels:
23 api:
24 node_selector_key: openstack-control-plane
25 node_selector_value: enabled
26 job:
27 node_selector_key: openstack-control-plane
28 node_selector_value: enabled
29 test:
30 node_selector_key: openstack-control-plane
31 node_selector_value: enabled
32
33release_group: null
34
35images:
36 tags:
37 test: docker.io/xrally/xrally-openstack:2.0.0
38 glance_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_xenial
39 glance_metadefs_load: docker.io/openstackhelm/glance:wallaby-ubuntu_focal
40 db_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
41 glance_db_sync: docker.io/openstackhelm/glance:wallaby-ubuntu_focal
42 db_drop: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
43 ks_user: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
44 ks_service: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
45 ks_endpoints: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
46 rabbit_init: docker.io/rabbitmq:3.7-management
47 glance_api: docker.io/openstackhelm/glance:wallaby-ubuntu_focal
48 # Bootstrap image requires curl
49 bootstrap: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
50 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
51 image_repo_sync: docker.io/docker:17.07.0
52 pull_policy: "IfNotPresent"
53 local_registry:
54 active: false
55 exclude:
56 - dep_check
57 - image_repo_sync
58
59bootstrap:
60 enabled: true
61 ks_user: admin
62 script: null
63 structured:
64 images:
65 cirros:
66 id: null
67 name: "Cirros 0.3.5 64-bit"
68 source_url: "http://download.cirros-cloud.net/0.3.5/"
69 image_file: "cirros-0.3.5-x86_64-disk.img"
70 min_disk: 1
71 image_type: qcow2
72 container_format: bare
73 private: true
74 properties:
75 # NOTE: If you want to restrict hypervisor type for this image,
76 # uncomment this and write specific hypervisor type.
77 # hypervisor_type: "qemu"
78 os_distro: "cirros"
79
80ceph_client:
81 configmap: ceph-etc
82 user_secret_name: pvc-ceph-client-key
83
84network_policy:
85 glance:
86 ingress:
87 - {}
88 egress:
89 - {}
90
91conf:
92 software:
93 rbd:
94 rbd_store_pool_app_name: glance-image
95 rally_tests:
96 run_tempest: false
97 tests:
98 GlanceImages.create_and_delete_image:
99 - args:
100 container_format: bare
101 disk_format: qcow2
102 # NOTE(aostapenko) temporary location to work around https://bugs.launchpad.net/rally/+bug/1887705
103 image_location: https://artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/external/images/cirros/0.3.5/cirros-0.3.5-x86_64-disk.img
104 runner:
105 concurrency: 1
106 times: 1
107 type: constant
108 sla:
109 failure_rate:
110 max: 0
111 GlanceImages.create_and_list_image:
112 - args:
113 container_format: bare
114 disk_format: qcow2
115 # NOTE(aostapenko) temporary location to work around https://bugs.launchpad.net/rally/+bug/1887705
116 image_location: https://artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/external/images/cirros/0.3.5/cirros-0.3.5-x86_64-disk.img
117 runner:
118 concurrency: 1
119 times: 1
120 type: constant
121 sla:
122 failure_rate:
123 max: 0
124 ceph:
125 monitors: []
126 admin_keyring: null
127 override:
128 append:
129 ceph_client:
130 override:
131 append:
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]132 paste:
133 pipeline:glance-api:
134 pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
135 pipeline:glance-api-caching:
136 pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp
137 pipeline:glance-api-cachemanagement:
138 pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
139 pipeline:glance-api-keystone:
140 pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context rootapp
141 pipeline:glance-api-keystone+caching:
142 pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context cache rootapp
143 pipeline:glance-api-keystone+cachemanagement:
144 pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context cache cachemanage rootapp
145 pipeline:glance-api-trusted-auth:
146 pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp
147 pipeline:glance-api-trusted-auth+cachemanagement:
148 pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp
149 composite:rootapp:
150 paste.composite_factory: glance.api:root_app_factory
151 /: apiversions
152 /v1: apiv1app
153 /v2: apiv2app
154 app:apiversions:
155 paste.app_factory: glance.api.versions:create_resource
156 app:apiv1app:
157 paste.app_factory: glance.api.v1.router:API.factory
158 app:apiv2app:
159 paste.app_factory: glance.api.v2.router:API.factory
160 filter:healthcheck:
161 paste.filter_factory: oslo_middleware:Healthcheck.factory
162 backends: disable_by_file
163 disable_by_file_path: /etc/glance/healthcheck_disable
164 filter:versionnegotiation:
165 paste.filter_factory: glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
166 filter:cache:
167 paste.filter_factory: glance.api.middleware.cache:CacheFilter.factory
168 filter:cachemanage:
169 paste.filter_factory: glance.api.middleware.cache_manage:CacheManageFilter.factory
170 filter:context:
171 paste.filter_factory: glance.api.middleware.context:ContextMiddleware.factory
172 filter:unauthenticated-context:
173 paste.filter_factory: glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
174 filter:authtoken:
175 paste.filter_factory: keystonemiddleware.auth_token:filter_factory
176 delay_auth_decision: true
177 filter:audit:
178 paste.filter_factory: keystonemiddleware.audit:filter_factory
179 audit_map_file: /etc/glance/api_audit_map.conf
180 filter:gzip:
181 paste.filter_factory: glance.api.middleware.gzip:GzipMiddleware.factory
182 filter:osprofiler:
183 paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
184 hmac_keys: SECRET_KEY # DEPRECATED
185 enabled: yes # DEPRECATED
186 filter:cors:
187 paste.filter_factory: oslo_middleware.cors:filter_factory
188 oslo_config_project: glance
189 oslo_config_program: glance-api
190 filter:http_proxy_to_wsgi:
191 paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]192 policy: {}
193 glance_sudoers: |
194 # This sudoers file supports rootwrap for both Kolla and LOCI Images.
195 Defaults !requiretty
196 Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
197 glance ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/glance-rootwrap /etc/glance/rootwrap.conf *, /var/lib/openstack/bin/glance-rootwrap /etc/glance/rootwrap.conf *
198 rootwrap: |
199 # Configuration for glance-rootwrap
200 # This file should be owned by (and only-writable by) the root user
201
202 [DEFAULT]
203 # List of directories to load filter definitions from (separated by ',').
204 # These directories MUST all be only writeable by root !
205 filters_path=/etc/glance/rootwrap.d,/usr/share/glance/rootwrap
206
207 # List of directories to search executables in, in case filters do not
208 # explicitely specify a full path (separated by ',')
209 # If not specified, defaults to system PATH environment variable.
210 # These directories MUST all be only writeable by root !
211 exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin
212
213 # Enable logging to syslog
214 # Default value is False
215 use_syslog=False
216
217 # Which syslog facility to use.
218 # Valid values include auth, authpriv, syslog, local0, local1...
219 # Default value is 'syslog'
220 syslog_log_facility=syslog
221
222 # Which messages to log.
223 # INFO means log all usage
224 # ERROR means only log unsuccessful attempts
225 syslog_log_level=ERROR
226 rootwrap_filters:
227 glance_cinder_store:
228 pods:
229 - api
230 content: |
231 # glance-rootwrap command filters for glance cinder store
232 # This file should be owned by (and only-writable by) the root user
233
234 [Filters]
235 # cinder store driver
236 disk_chown: RegExpFilter, chown, root, chown, \d+, /dev/(?!.*/\.\.).*
237
238 # os-brick library commands
239 # os_brick.privileged.run_as_root oslo.privsep context
240 # This line ties the superuser privs with the config files, context name,
241 # and (implicitly) the actual python code invoked.
242 privsep-rootwrap: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, os_brick.privileged.default, --privsep_sock_path, /tmp/.*
243
244 chown: CommandFilter, chown, root
245 mount: CommandFilter, mount, root
246 umount: CommandFilter, umount, root
247 glance:
248 DEFAULT:
249 log_config_append: /etc/glance/logging.conf
250 # NOTE(portdirect): the bind port should not be defined, and is manipulated
251 # via the endpoints section.
252 bind_port: null
253 workers: 1
254 enable_v1_api: False
255 oslo_middleware:
256 enable_proxy_headers_parsing: true
257 keystone_authtoken:
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]258 service_token_roles: service
259 service_token_roles_required: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]260 auth_type: password
261 auth_version: v3
262 memcache_security_strategy: ENCRYPT
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]263 service_type: image
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]264 glance_store:
265 cinder_catalog_info: volumev3::internalURL
266 rbd_store_chunk_size: 8
267 rbd_store_replication: 3
268 rbd_store_crush_rule: replicated_rule
269 rbd_store_pool: glance.images
270 rbd_store_user: glance
271 rbd_store_ceph_conf: /etc/ceph/ceph.conf
272 filesystem_store_datadir: /var/lib/glance/images
273 default_swift_reference: ref1
274 swift_store_container: glance
275 swift_store_create_container_on_put: true
276 swift_store_config_file: /etc/glance/swift-store.conf
277 swift_store_endpoint_type: internalURL
278 paste_deploy:
279 flavor: keystone
280 database:
281 max_retries: -1
282 oslo_concurrency:
283 lock_path: "/var/lib/glance/tmp"
284 oslo_messaging_notifications:
285 driver: messagingv2
286 oslo_messaging_rabbit:
287 rabbit_ha_queues: true
288 oslo_policy:
289 policy_file: /etc/glance/policy.yaml
290 cors: {}
291 logging:
292 loggers:
293 keys:
294 - root
295 - glance
296 handlers:
297 keys:
298 - stdout
299 - stderr
300 - "null"
301 formatters:
302 keys:
303 - context
304 - default
305 logger_root:
306 level: WARNING
307 handlers: 'null'
308 logger_glance:
309 level: INFO
310 handlers:
311 - stdout
312 qualname: glance
313 logger_amqp:
314 level: WARNING
315 handlers: stderr
316 qualname: amqp
317 logger_amqplib:
318 level: WARNING
319 handlers: stderr
320 qualname: amqplib
321 logger_eventletwsgi:
322 level: WARNING
323 handlers: stderr
324 qualname: eventlet.wsgi.server
325 logger_sqlalchemy:
326 level: WARNING
327 handlers: stderr
328 qualname: sqlalchemy
329 logger_boto:
330 level: WARNING
331 handlers: stderr
332 qualname: boto
333 handler_null:
334 class: logging.NullHandler
335 formatter: default
336 args: ()
337 handler_stdout:
338 class: StreamHandler
339 args: (sys.stdout,)
340 formatter: context
341 handler_stderr:
342 class: StreamHandler
343 args: (sys.stderr,)
344 formatter: context
345 formatter_context:
346 class: oslo_log.formatters.ContextFormatter
347 datefmt: "%Y-%m-%d %H:%M:%S"
348 formatter_default:
349 format: "%(message)s"
350 datefmt: "%Y-%m-%d %H:%M:%S"
351 api_audit_map:
352 DEFAULT:
353 target_endpoint_type: None
354 path_keywords:
355 detail: None
356 file: None
357 images: image
358 members: member
359 tags: tag
360 service_endpoints:
361 image: 'service/storage/image'
362 swift_store: |
363 [{{ .Values.conf.glance.glance_store.default_swift_reference }}]
364 {{- if eq .Values.storage "radosgw" }}
365 auth_version = 1
366 auth_address = {{ tuple "ceph_object_store" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
367 user = {{ .Values.endpoints.ceph_object_store.auth.glance.username }}:swift
368 key = {{ .Values.endpoints.ceph_object_store.auth.glance.password }}
369 {{- else }}
370 user = {{ .Values.endpoints.identity.auth.glance.project_name }}:{{ .Values.endpoints.identity.auth.glance.username }}
371 key = {{ .Values.endpoints.identity.auth.glance.password }}
372 auth_address = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
373 user_domain_name = {{ .Values.endpoints.identity.auth.glance.user_domain_name }}
374 project_domain_name = {{ .Values.endpoints.identity.auth.glance.project_domain_name }}
375 auth_version = 3
376 # NOTE(portdirect): https://bugs.launchpad.net/glance-store/+bug/1620999
377 project_domain_id =
378 user_domain_id =
379 {{- end -}}
380 rabbitmq:
381 # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
382 policies:
383 - vhost: "glance"
384 name: "ha_ttl_glance"
385 definition:
386 # mirror messges to other nodes in rmq cluster
387 ha-mode: "all"
388 ha-sync-mode: "automatic"
389 # 70s
390 message-ttl: 70000
391 priority: 0
392 apply-to: all
393 pattern: '^(?!(amq\.|reply_)).*'
394
395network:
396 api:
397 ingress:
398 public: true
399 classes:
400 namespace: "nginx"
401 cluster: "nginx-cluster"
402 annotations:
403 nginx.ingress.kubernetes.io/rewrite-target: /
404 nginx.ingress.kubernetes.io/proxy-body-size: "0"
405 external_policy_local: false
406 node_port:
407 enabled: false
408 port: 30092
409
410volume:
411 class_name: general
412 size: 2Gi
413
414dependencies:
415 dynamic:
416 common:
417 local_image_registry:
418 jobs:
419 - glance-image-repo-sync
420 services:
421 - endpoint: node
422 service: local_image_registry
423 static:
424 api:
425 jobs:
426 - glance-storage-init
427 - glance-db-sync
428 - glance-rabbit-init
429 - glance-ks-user
430 - glance-ks-endpoints
431 services:
432 - endpoint: internal
433 service: oslo_db
434 - endpoint: internal
435 service: identity
436 - endpoint: internal
437 service: oslo_messaging
438 bootstrap:
439 jobs: null
440 services:
441 - endpoint: internal
442 service: identity
443 - endpoint: internal
444 service: image
445 clean:
446 jobs: null
447 db_drop:
448 services:
449 - endpoint: internal
450 service: oslo_db
451 db_init:
452 services:
453 - endpoint: internal
454 service: oslo_db
455 db_sync:
456 jobs:
457 - glance-db-init
458 services:
459 - endpoint: internal
460 service: oslo_db
461 ks_endpoints:
462 jobs:
463 - glance-ks-service
464 services:
465 - endpoint: internal
466 service: identity
467 ks_service:
468 services:
469 - endpoint: internal
470 service: identity
471 ks_user:
472 services:
473 - endpoint: internal
474 service: identity
475 rabbit_init:
476 services:
477 - endpoint: internal
478 service: oslo_messaging
479 storage_init:
480 jobs:
481 - glance-ks-user
482 services: null
483 metadefs_load:
484 jobs:
485 - glance-db-sync
486 services: null
487 tests:
488 services:
489 - endpoint: internal
490 service: oslo_db
491 - endpoint: internal
492 service: identity
493 - endpoint: internal
494 service: image
495 image_repo_sync:
496 services:
497 - endpoint: internal
498 service: local_image_registry
499
500# Names of secrets used by bootstrap and environmental checks
501secrets:
502 identity:
503 admin: glance-keystone-admin
504 glance: glance-keystone-user
505 test: glance-keystone-test
506 oslo_db:
507 admin: glance-db-admin
508 glance: glance-db-user
509 rbd: images-rbd-keyring
510 oslo_messaging:
511 admin: glance-rabbitmq-admin
512 glance: glance-rabbitmq-user
513 tls:
514 image:
515 api:
516 public: glance-tls-public
517 internal: glance-tls-api
518 oci_image_registry:
519 glance: glance-oci-image-registry
520
521# typically overridden by environmental
522# values, but should include all endpoints
523# required by this chart
524endpoints:
525 cluster_domain_suffix: cluster.local
526 local_image_registry:
527 name: docker-registry
528 namespace: docker-registry
529 hosts:
530 default: localhost
531 internal: docker-registry
532 node: localhost
533 host_fqdn_override:
534 default: null
535 port:
536 registry:
537 node: 5000
538 oci_image_registry:
539 name: oci-image-registry
540 namespace: oci-image-registry
541 auth:
542 enabled: false
543 glance:
544 username: glance
545 password: password
546 hosts:
547 default: localhost
548 host_fqdn_override:
549 default: null
550 port:
551 registry:
552 default: null
553 identity:
554 name: keystone
555 auth:
556 admin:
557 region_name: RegionOne
558 username: admin
559 password: password
560 project_name: admin
561 user_domain_name: default
562 project_domain_name: default
563 glance:
564 role: admin
565 region_name: RegionOne
566 username: glance
567 password: password
568 project_name: service
569 user_domain_name: service
570 project_domain_name: service
571 test:
572 role: admin
573 region_name: RegionOne
574 username: glance-test
575 password: password
576 project_name: test
577 user_domain_name: service
578 project_domain_name: service
579 hosts:
580 default: keystone
581 internal: keystone-api
582 host_fqdn_override:
583 default: null
584 path:
585 default: /v3
586 scheme:
587 default: http
588 port:
589 api:
590 default: 80
591 internal: 5000
592 image:
593 name: glance
594 hosts:
595 default: glance-api
596 public: glance
597 host_fqdn_override:
598 default: null
599 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
600 # endpoints using the following format:
601 # public:
602 # host: null
603 # tls:
604 # crt: null
605 # key: null
606 path:
607 default: null
608 scheme:
609 default: http
610 service: http
611 port:
612 api:
613 default: 9292
614 public: 80
615 oslo_db:
616 auth:
617 admin:
618 username: root
619 password: password
620 secret:
621 tls:
622 internal: mariadb-tls-direct
623 glance:
624 username: glance
625 password: password
626 hosts:
627 default: mariadb
628 host_fqdn_override:
629 default: null
630 path: /glance
631 scheme: mysql+pymysql
632 port:
633 mysql:
634 default: 3306
635 oslo_cache:
636 auth:
637 # NOTE(portdirect): this is used to define the value for keystone
638 # authtoken cache encryption key, if not set it will be populated
639 # automatically with a random value, but to take advantage of
640 # this feature all services should be set to use the same key,
641 # and memcache service.
642 memcache_secret_key: null
643 hosts:
644 default: memcached
645 host_fqdn_override:
646 default: null
647 port:
648 memcache:
649 default: 11211
650 oslo_messaging:
651 auth:
652 admin:
653 username: rabbitmq
654 password: password
655 secret:
656 tls:
657 internal: rabbitmq-tls-direct
658 glance:
659 username: glance
660 password: password
661 statefulset:
662 replicas: 2
663 name: rabbitmq-rabbitmq
664 hosts:
665 default: rabbitmq
666 host_fqdn_override:
667 default: null
668 path: /glance
669 scheme: rabbit
670 port:
671 amqp:
672 default: 5672
673 http:
674 default: 15672
675 object_store:
676 name: swift
677 namespace: ceph
678 auth:
679 glance:
680 tmpurlkey: supersecret
681 hosts:
682 default: ceph-rgw
683 public: radosgw
684 host_fqdn_override:
685 default: null
686 path:
687 default: /swift/v1/KEY_$(tenant_id)s
688 scheme:
689 default: http
690 port:
691 api:
692 default: 8088
693 public: 80
694 ceph_object_store:
695 name: radosgw
696 namespace: ceph
697 auth:
698 glance:
699 username: glance
700 password: password
701 tmpurlkey: supersecret
702 hosts:
703 default: ceph-rgw
704 public: radosgw
705 host_fqdn_override:
706 default: null
707 path:
708 default: /auth/v1.0
709 scheme:
710 default: http
711 port:
712 api:
713 default: 8088
714 public: 80
715 fluentd:
716 namespace: null
717 name: fluentd
718 hosts:
719 default: fluentd-logging
720 host_fqdn_override:
721 default: null
722 path:
723 default: null
724 scheme: 'http'
725 port:
726 service:
727 default: 24224
728 metrics:
729 default: 24220
730 dashboard:
731 name: horizon
732 hosts:
733 default: horizon-int
734 public: horizon
735 host_fqdn_override:
736 default: null
737 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
738 # endpoints using the following format:
739 # public:
740 # host: null
741 # tls:
742 # crt: null
743 # key: null
744 path:
745 default: null
746 scheme:
747 default: http
748 public: https
749 port:
750 web:
751 default: 80
752 public: 443
753 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
754 # They are using to enable the Egress K8s network policy.
755 kube_dns:
756 namespace: kube-system
757 name: kubernetes-dns
758 hosts:
759 default: kube-dns
760 host_fqdn_override:
761 default: null
762 path:
763 default: null
764 scheme: http
765 port:
766 dns:
767 default: 53
768 protocol: UDP
769 ingress:
770 namespace: null
771 name: ingress
772 hosts:
773 default: ingress
774 port:
775 ingress:
776 default: 80
777
778pod:
779 security_context:
780 glance:
781 pod:
782 runAsUser: 42424
783 container:
784 glance_perms:
785 readOnlyRootFilesystem: true
786 runAsUser: 0
787 ceph_keyring_placement:
788 readOnlyRootFilesystem: true
789 runAsUser: 0
790 glance_api:
791 readOnlyRootFilesystem: true
792 allowPrivilegeEscalation: false
793 nginx:
794 readOnlyRootFilesystem: false
795 runAsUser: 0
796 clean:
797 pod:
798 runAsUser: 42424
799 container:
800 glance_secret_clean:
801 readOnlyRootFilesystem: true
802 allowPrivilegeEscalation: false
803 metadefs_load:
804 pod:
805 runAsUser: 42424
806 container:
807 glance_metadefs_load:
808 readOnlyRootFilesystem: true
809 allowPrivilegeEscalation: false
810 storage_init:
811 pod:
812 runAsUser: 42424
813 container:
814 ceph_keyring_placement:
815 readOnlyRootFilesystem: true
816 allowPrivilegeEscalation: false
817 glance_storage_init:
818 readOnlyRootFilesystem: true
819 allowPrivilegeEscalation: false
820 test:
821 pod:
822 runAsUser: 42424
823 container:
824 glance_test_ks_user:
825 readOnlyRootFilesystem: true
826 allowPrivilegeEscalation: false
827 glance_test:
828 runAsUser: 65500
829 readOnlyRootFilesystem: true
830 allowPrivilegeEscalation: false
831 affinity:
832 anti:
833 type:
834 default: preferredDuringSchedulingIgnoredDuringExecution
835 topologyKey:
836 default: kubernetes.io/hostname
837 weight:
838 default: 10
839 tolerations:
840 glance:
841 enabled: false
842 tolerations:
843 - key: node-role.kubernetes.io/master
844 operator: Exists
845 effect: NoSchedule
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]846 - key: node-role.kubernetes.io/control-plane
847 operator: Exists
848 effect: NoSchedule
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]849 useHostNetwork:
850 api: false
851 mounts:
852 glance_api:
853 init_container: null
854 glance_api:
855 volumeMounts:
856 volumes:
857 glance_tests:
858 init_container: null
859 glance_tests:
860 volumeMounts:
861 volumes:
862 glance_db_sync:
863 glance_db_sync:
864 volumeMounts:
865 volumes:
866 replicas:
867 api: 1
868 lifecycle:
869 upgrades:
870 deployments:
871 revision_history: 3
872 pod_replacement_strategy: RollingUpdate
873 rolling_update:
874 max_unavailable: 1
875 max_surge: 3
876 disruption_budget:
877 api:
878 min_available: 0
879 termination_grace_period:
880 api:
881 timeout: 30
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]882 probes:
883 api:
884 glance-api:
885 readiness:
886 enabled: true
887 params:
888 periodSeconds: 15
889 timeoutSeconds: 10
890 liveness:
891 enabled: true
892 params:
893 initialDelaySeconds: 30
894 periodSeconds: 15
895 timeoutSeconds: 10
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]896 resources:
897 enabled: false
898 api:
899 requests:
900 memory: "128Mi"
901 cpu: "100m"
902 limits:
903 memory: "1024Mi"
904 cpu: "2000m"
905 jobs:
906 storage_init:
907 requests:
908 memory: "128Mi"
909 cpu: "100m"
910 limits:
911 memory: "1024Mi"
912 cpu: "2000m"
913 metadefs_load:
914 requests:
915 memory: "128Mi"
916 cpu: "100m"
917 limits:
918 memory: "1024Mi"
919 cpu: "2000m"
920 db_sync:
921 requests:
922 memory: "128Mi"
923 cpu: "100m"
924 limits:
925 memory: "1024Mi"
926 cpu: "2000m"
927 db_init:
928 requests:
929 memory: "128Mi"
930 cpu: "100m"
931 limits:
932 memory: "1024Mi"
933 cpu: "2000m"
934 db_drop:
935 requests:
936 memory: "128Mi"
937 cpu: "100m"
938 limits:
939 memory: "1024Mi"
940 cpu: "2000m"
941 ks_user:
942 requests:
943 memory: "128Mi"
944 cpu: "100m"
945 limits:
946 memory: "1024Mi"
947 cpu: "2000m"
948 ks_service:
949 requests:
950 memory: "128Mi"
951 cpu: "100m"
952 limits:
953 memory: "1024Mi"
954 cpu: "2000m"
955 ks_endpoints:
956 requests:
957 memory: "128Mi"
958 cpu: "100m"
959 limits:
960 memory: "1024Mi"
961 cpu: "2000m"
962 rabbit_init:
963 requests:
964 memory: "128Mi"
965 cpu: "100m"
966 limits:
967 memory: "1024Mi"
968 cpu: "2000m"
969 bootstrap:
970 requests:
971 memory: "128Mi"
972 cpu: "100m"
973 limits:
974 memory: "1024Mi"
975 cpu: "2000m"
976 tests:
977 requests:
978 memory: "128Mi"
979 cpu: "100m"
980 limits:
981 memory: "1024Mi"
982 cpu: "2000m"
983 image_repo_sync:
984 requests:
985 memory: "128Mi"
986 cpu: "100m"
987 limits:
988 memory: "1024Mi"
989 cpu: "2000m"
990
991# NOTE(helm_hook): helm_hook might break for helm2 binary.
992# set helm3_hook: false when using the helm2 binary.
993helm3_hook: true
994
995tls:
996 identity: false
997 oslo_messaging: false
998 oslo_db: false
999
1000manifests:
1001 certificates: false
1002 configmap_bin: true
1003 configmap_etc: true
1004 deployment_api: true
1005 ingress_api: true
1006 job_bootstrap: true
1007 job_clean: true
1008 job_db_init: true
1009 job_db_sync: true
1010 job_db_drop: false
1011 job_image_repo_sync: true
1012 job_ks_endpoints: true
1013 job_ks_service: true
1014 job_ks_user: true
1015 job_storage_init: true
1016 job_metadefs_load: true
1017 job_rabbit_init: true
1018 pdb_api: true
1019 pod_rally_test: true
1020 pvc_images: true
1021 network_policy: false
1022 secret_db: true
1023 secret_ingress_tls: true
1024 secret_keystone: true
1025 secret_rabbitmq: true
1026 secret_registry: true
1027 service_ingress_api: true
1028 service_api: true
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]1029
1030# NOTE: This is for enable helm resource-policy to keep glance-images PVC.
1031# set keep_pvc: true when allow helm resource-policy to keep for PVC.
1032# This will requires mannual delete for PVC.
1033# set keep_pvc: false when disallow helm resource-policy to keep for PVC.
1034# This will allow helm to delete the PVC.
1035keep_pvc: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1036...