Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 103c85edc6f8e40a2d44476ed879193f82336a6f / . / charts / heat / values.yaml
blob: b8cab0dff0f28ca5107c6a7f31ec11652ad97151 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for heat.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21labels:
22 api:
23 node_selector_key: openstack-control-plane
24 node_selector_value: enabled
25 cfn:
26 node_selector_key: openstack-control-plane
27 node_selector_value: enabled
28 cloudwatch:
29 node_selector_key: openstack-control-plane
30 node_selector_value: enabled
31 engine:
32 node_selector_key: openstack-control-plane
33 node_selector_value: enabled
34 job:
35 node_selector_key: openstack-control-plane
36 node_selector_value: enabled
37 test:
38 node_selector_key: openstack-control-plane
39 node_selector_value: enabled
40
41images:
42 tags:
43 test: docker.io/xrally/xrally-openstack:2.0.0
44 bootstrap: docker.io/openstackhelm/heat:stein-ubuntu_bionic
45 db_init: docker.io/openstackhelm/heat:stein-ubuntu_bionic
46 heat_db_sync: docker.io/openstackhelm/heat:stein-ubuntu_bionic
47 db_drop: docker.io/openstackhelm/heat:stein-ubuntu_bionic
48 rabbit_init: docker.io/rabbitmq:3.7-management
49 ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
50 ks_service: docker.io/openstackhelm/heat:stein-ubuntu_bionic
51 ks_endpoints: docker.io/openstackhelm/heat:stein-ubuntu_bionic
52 heat_api: docker.io/openstackhelm/heat:stein-ubuntu_bionic
53 heat_cfn: docker.io/openstackhelm/heat:stein-ubuntu_bionic
54 heat_cloudwatch: docker.io/openstackhelm/heat:stein-ubuntu_bionic
55 heat_engine: docker.io/openstackhelm/heat:stein-ubuntu_bionic
56 heat_engine_cleaner: docker.io/openstackhelm/heat:stein-ubuntu_bionic
57 heat_purge_deleted: docker.io/openstackhelm/heat:stein-ubuntu_bionic
58 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
59 image_repo_sync: docker.io/docker:17.07.0
60 pull_policy: "IfNotPresent"
61 local_registry:
62 active: false
63 exclude:
64 - dep_check
65 - image_repo_sync
66
67jobs:
68 engine_cleaner:
69 cron: "*/5 * * * *"
70 starting_deadline: 600
71 history:
72 success: 3
73 failed: 1
74
75 purge_deleted:
76 cron: "20 */24 * * *"
77 purge_age: 60
78 history:
79 success: 3
80 failed: 1
81
82conf:
83 rally_tests:
84 run_tempest: false
85 tests:
86 HeatStacks.create_update_delete_stack:
87 - args:
88 template_path: /tmp/rally-jobs/random_strings.yaml
89 updated_template_path: /tmp/rally-jobs/updated_random_strings_replace.yaml
90 runner:
91 concurrency: 1
92 times: 1
93 type: constant
94 sla:
95 failure_rate:
96 max: 0
97 HeatStacks.create_check_delete_stack:
98 - args:
99 template_path: /tmp/rally-jobs/random_strings.yaml
100 runner:
101 concurrency: 1
102 times: 1
103 type: constant
104 sla:
105 failure_rate:
106 max: 0
107 HeatStacks.create_and_delete_stack:
108 - args:
109 template_path: /tmp/rally-jobs/resource_group_with_constraint.yaml
110 runner:
111 concurrency: 1
112 times: 1
113 type: constant
114 sla:
115 failure_rate:
116 max: 0
117 HeatStacks.create_and_list_stack:
118 - args:
119 template_path: /tmp/rally-jobs/default.yaml
120 runner:
121 concurrency: 1
122 times: 1
123 type: constant
124 sla:
125 failure_rate:
126 max: 0
127 HeatStacks.create_snapshot_restore_delete_stack:
128 - args:
129 template_path: /tmp/rally-jobs/random_strings.yaml
130 runner:
131 concurrency: 1
132 times: 1
133 type: constant
134 sla:
135 failure_rate:
136 max: 0
137 HeatStacks.create_stack_and_list_output:
138 - args:
139 template_path: /tmp/rally-jobs/resource_group_with_outputs.yaml
140 runner:
141 concurrency: 1
142 times: 1
143 type: constant
144 sla:
145 failure_rate:
146 max: 0
147 HeatStacks.create_stack_and_list_output_via_API:
148 - args:
149 template_path: /tmp/rally-jobs/resource_group_with_outputs.yaml
150 runner:
151 concurrency: 1
152 times: 1
153 type: constant
154 sla:
155 failure_rate:
156 max: 0
157 templates:
158 - name: /tmp/rally-jobs/default.yaml
159 template: |
160 heat_template_version: 2014-10-16
161 - name: /tmp/rally-jobs/random_strings.yaml
162 template: |
163 heat_template_version: 2014-10-16
164 description: Test template for rally create-update-delete scenario
165 resources:
166 test_string_one:
167 type: OS::Heat::RandomString
168 properties:
169 length: 20
170 test_string_two:
171 type: OS::Heat::RandomString
172 properties:
173 length: 20
174 - name: /tmp/rally-jobs/resource_group_with_constraint.yaml
175 template: |
176 heat_template_version: 2013-05-23
177 description: Template for testing caching.
178 parameters:
179 count:
180 type: number
181 default: 40
182 delay:
183 type: number
184 default: 0.1
185 resources:
186 rg:
187 type: OS::Heat::ResourceGroup
188 properties:
189 count:
190 get_param: count
191 resource_def:
192 type: OS::Heat::TestResource
193 properties:
194 constraint_prop_secs:
195 get_param: delay
196 - name: /tmp/rally-jobs/resource_group_with_outputs.yaml
197 template: |
198 heat_template_version: 2013-05-23
199 parameters:
200 attr_wait_secs:
201 type: number
202 default: 0.5
203 resources:
204 rg:
205 type: OS::Heat::ResourceGroup
206 properties:
207 count: 10
208 resource_def:
209 type: OS::Heat::TestResource
210 properties:
211 attr_wait_secs:
212 get_param: attr_wait_secs
213 outputs:
214 val1:
215 value:
216 get_attr:
217 - rg
218 - resource.0.output
219 val2:
220 value:
221 get_attr:
222 - rg
223 - resource.1.output
224 val3:
225 value:
226 get_attr:
227 - rg
228 - resource.2.output
229 val4:
230 value:
231 get_attr:
232 - rg
233 - resource.3.output
234 val5:
235 value:
236 get_attr:
237 - rg
238 - resource.4.output
239 val6:
240 value:
241 get_attr:
242 - rg
243 - resource.5.output
244 val7:
245 value:
246 get_attr:
247 - rg
248 - resource.6.output
249 val8:
250 value:
251 get_attr:
252 - rg
253 - resource.7.output
254 val9:
255 value:
256 get_attr:
257 - rg
258 - resource.8.output
259 val10:
260 value:
261 get_attr:
262 - rg
263 - resource.9.output
264 - name: /tmp/rally-jobs/updated_random_strings_replace.yaml
265 template: |
266 heat_template_version: 2014-10-16
267 description: |
268 Test template for create-update-delete-stack scenario in rally.
269 The template deletes one resource from the stack defined by
270 random-strings.yaml.template and re-creates it with the updated parameters
271 (so-called update-replace). That happens because some parameters cannot be
272 changed without resource re-creation. The template allows to measure performance
273 of update-replace operation.
274 resources:
275 test_string_one:
276 type: OS::Heat::RandomString
277 properties:
278 length: 20
279 test_string_two:
280 type: OS::Heat::RandomString
281 properties:
282 length: 40
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]283 paste:
284 pipeline:heat-api:
285 pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken audit context apiv1app
286 pipeline:heat-api-standalone:
287 pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app
288 pipeline:heat-api-custombackend:
289 pipeline: cors request_id faultwrap versionnegotiation context custombackendauth apiv1app
290 pipeline:heat-api-cfn:
291 pipeline: cors http_proxy_to_wsgi cfnversionnegotiation osprofiler ec2authtoken authtoken audit context apicfnv1app
292 pipeline:heat-api-cfn-standalone:
293 pipeline: cors http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app
294 pipeline:heat-api-cloudwatch:
295 pipeline: cors versionnegotiation osprofiler ec2authtoken authtoken audit context apicwapp
296 pipeline:heat-api-cloudwatch-standalone:
297 pipeline: cors versionnegotiation ec2authtoken context apicwapp
298 app:apiv1app:
299 paste.app_factory: heat.common.wsgi:app_factory
300 heat.app_factory: heat.api.openstack.v1:API
301 app:apicfnv1app:
302 paste.app_factory: heat.common.wsgi:app_factory
303 heat.app_factory: heat.api.cfn.v1:API
304 app:apicwapp:
305 paste.app_factory: heat.common.wsgi:app_factory
306 heat.app_factory: heat.api.cloudwatch:API
307 filter:versionnegotiation:
308 paste.filter_factory: heat.common.wsgi:filter_factory
309 heat.filter_factory: heat.api.openstack:version_negotiation_filter
310 filter:cors:
311 paste.filter_factory: oslo_middleware.cors:filter_factory
312 oslo_config_project: heat
313 filter:faultwrap:
314 paste.filter_factory: heat.common.wsgi:filter_factory
315 heat.filter_factory: heat.api.openstack:faultwrap_filter
316 filter:cfnversionnegotiation:
317 paste.filter_factory: heat.common.wsgi:filter_factory
318 heat.filter_factory: heat.api.cfn:version_negotiation_filter
319 filter:cwversionnegotiation:
320 paste.filter_factory: heat.common.wsgi:filter_factory
321 heat.filter_factory: heat.api.cloudwatch:version_negotiation_filter
322 filter:context:
323 paste.filter_factory: heat.common.context:ContextMiddleware_filter_factory
324 filter:ec2authtoken:
325 paste.filter_factory: heat.api.aws.ec2token:EC2Token_filter_factory
326 filter:http_proxy_to_wsgi:
327 paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
328 filter:authurl:
329 paste.filter_factory: heat.common.auth_url:filter_factory
330 filter:authtoken:
331 paste.filter_factory: keystonemiddleware.auth_token:filter_factory
332 filter:authpassword:
333 paste.filter_factory: heat.common.auth_password:filter_factory
334 filter:custombackendauth:
335 paste.filter_factory: heat.common.custom_backend_auth:filter_factory
336 filter:audit:
337 paste.filter_factory: keystonemiddleware.audit:filter_factory
338 audit_map_file: /etc/heat/api_audit_map.conf
339 filter:request_id:
340 paste.filter_factory: oslo_middleware.request_id:RequestId.factory
341 filter:osprofiler:
342 paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]343 policy: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]344 heat:
345 DEFAULT:
346 log_config_append: /etc/heat/logging.conf
347 num_engine_workers: 1
348 trusts_delegated_roles: ""
349 host: heat-engine
350 keystone_authtoken:
351 auth_type: password
352 auth_version: v3
353 memcache_security_strategy: ENCRYPT
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]354 service_type: orchestration
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]355 database:
356 max_retries: -1
357 trustee:
358 auth_type: password
359 auth_version: v3
360 heat_api:
361 # NOTE(portdirect): the bind port should not be defined, and is manipulated
362 # via the endpoints section.
363 bind_port: null
364 workers: 1
365 heat_api_cloudwatch:
366 # NOTE(portdirect): the bind port should not be defined, and is manipulated
367 # via the endpoints section.
368 bind_port: null
369 workers: 1
370 heat_api_cfn:
371 # NOTE(portdirect): the bind port should not be defined, and is manipulated
372 # via the endpoints section.
373 bind_port: null
374 workers: 1
375 paste_deploy:
376 api_paste_config: /etc/heat/api-paste.ini
377 clients:
378 endpoint_type: internalURL
379 clients_heat:
380 endpoint_type: publicURL
381 clients_keystone:
382 endpoint_type: internalURL
383 oslo_messaging_notifications:
384 driver: messagingv2
385 oslo_middleware:
386 enable_proxy_headers_parsing: true
387 oslo_messaging_rabbit:
388 rabbit_ha_queues: True
389 oslo_policy:
390 policy_file: /etc/heat/policy.yaml
391 api_audit_map:
392 DEFAULT:
393 target_endpoint_type: None
394 path_keywords:
395 stacks: stack
396 resources: resource
397 preview: None
398 detail: None
399 abandon: None
400 snapshots: snapshot
401 restore: None
402 outputs: output
403 metadata: server
404 signal: None
405 events: event
406 template: None
407 template_versions: template_version
408 functions: None
409 validate: None
410 resource_types: resource_type
411 build_info: None
412 actions: None
413 software_configs: software_config
414 software_deployments: software_deployment
415 services: None
416 service_endpoints:
417 orchestration:service/orchestration
418 logging:
419 loggers:
420 keys:
421 - root
422 - heat
423 handlers:
424 keys:
425 - stdout
426 - stderr
427 - "null"
428 formatters:
429 keys:
430 - context
431 - default
432 logger_root:
433 level: WARNING
434 handlers: 'null'
435 logger_heat:
436 level: INFO
437 handlers:
438 - stdout
439 qualname: heat
440 logger_amqp:
441 level: WARNING
442 handlers: stderr
443 qualname: amqp
444 logger_amqplib:
445 level: WARNING
446 handlers: stderr
447 qualname: amqplib
448 logger_eventletwsgi:
449 level: WARNING
450 handlers: stderr
451 qualname: eventlet.wsgi.server
452 logger_sqlalchemy:
453 level: WARNING
454 handlers: stderr
455 qualname: sqlalchemy
456 logger_boto:
457 level: WARNING
458 handlers: stderr
459 qualname: boto
460 handler_null:
461 class: logging.NullHandler
462 formatter: default
463 args: ()
464 handler_stdout:
465 class: StreamHandler
466 args: (sys.stdout,)
467 formatter: context
468 handler_stderr:
469 class: StreamHandler
470 args: (sys.stderr,)
471 formatter: context
472 formatter_context:
473 class: oslo_log.formatters.ContextFormatter
474 datefmt: "%Y-%m-%d %H:%M:%S"
475 formatter_default:
476 format: "%(message)s"
477 datefmt: "%Y-%m-%d %H:%M:%S"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]478 rabbitmq:
479 # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
480 policies:
481 - vhost: "heat"
482 name: "ha_ttl_heat"
483 definition:
484 # mirror messges to other nodes in rmq cluster
485 ha-mode: "all"
486 ha-sync-mode: "automatic"
487 # 70s
488 message-ttl: 70000
489 priority: 0
490 apply-to: all
491 pattern: '^(?!(amq\.|reply_)).*'
Oleksandr Kozachenko92a39f12023-10-03 15:25:15 +0200[diff] [blame]492 heat_api_uwsgi:
493 uwsgi:
494 add-header: "Connection: close"
495 buffer-size: 65535
496 die-on-term: true
497 enable-threads: true
498 exit-on-reload: false
499 hook-master-start: unix_signal:15 gracefully_kill_them_all
500 lazy-apps: true
501 log-x-forwarded-for: true
502 master: true
503 procname-prefix-spaced: "heat-api:"
504 route-user-agent: '^kube-probe.* donotlog:'
505 thunder-lock: true
506 worker-reload-mercy: 80
507 wsgi-file: /var/lib/openstack/bin/heat-wsgi-api
508 heat_api_cfn_uwsgi:
509 uwsgi:
510 add-header: "Connection: close"
511 buffer-size: 65535
512 die-on-term: true
513 enable-threads: true
514 exit-on-reload: false
515 hook-master-start: unix_signal:15 gracefully_kill_them_all
516 lazy-apps: true
517 log-x-forwarded-for: true
518 master: true
519 procname-prefix-spaced: "heat-api-cfn:"
520 route-user-agent: '^kube-probe.* donotlog:'
521 thunder-lock: true
522 worker-reload-mercy: 80
523 wsgi-file: /var/lib/openstack/bin/heat-wsgi-api-cfn
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]524
525network:
526 api:
527 ingress:
528 public: true
529 classes:
530 namespace: "nginx"
531 cluster: "nginx-cluster"
532 annotations:
533 nginx.ingress.kubernetes.io/rewrite-target: /
534 external_policy_local: false
535 node_port:
536 enabled: false
537 port: 30004
538 cfn:
539 ingress:
540 public: true
541 classes:
542 namespace: "nginx"
543 cluster: "nginx-cluster"
544 annotations:
545 nginx.ingress.kubernetes.io/rewrite-target: /
546 node_port:
547 enabled: false
548 port: 30800
549 cloudwatch:
550 ingress:
551 public: true
552 classes:
553 namespace: "nginx"
554 cluster: "nginx-cluster"
555 annotations:
556 nginx.ingress.kubernetes.io/rewrite-target: /
557 node_port:
558 enabled: false
559 port: 30003
560
561bootstrap:
562 enabled: true
563 ks_user: admin
564 script: |
565 #NOTE(portdirect): The Orchestration service automatically assigns the
566 # 'heat_stack_user' role to users that it creates during stack deployment.
567 # By default, this role restricts API operations. To avoid conflicts, do
568 # not add this role to actual users.
569 openstack role create --or-show heat_stack_user
570
571dependencies:
572 dynamic:
573 common:
574 local_image_registry:
575 jobs:
576 - heat-image-repo-sync
577 services:
578 - endpoint: node
579 service: local_image_registry
580 static:
581 api:
582 jobs:
583 - heat-db-sync
584 - heat-rabbit-init
585 - heat-ks-user
586 - heat-trustee-ks-user
587 - heat-domain-ks-user
588 - heat-ks-endpoints
589 - heat-bootstrap
590 services:
591 - endpoint: internal
592 service: oslo_db
593 - endpoint: internal
594 service: oslo_messaging
595 - endpoint: internal
596 service: identity
597 cfn:
598 jobs:
599 - heat-db-sync
600 - heat-rabbit-init
601 - heat-ks-user
602 - heat-trustee-ks-user
603 - heat-domain-ks-user
604 - heat-ks-endpoints
605 - heat-bootstrap
606 services:
607 - endpoint: internal
608 service: oslo_db
609 - endpoint: internal
610 service: oslo_messaging
611 - endpoint: internal
612 service: identity
613 cloudwatch:
614 jobs:
615 - heat-db-sync
616 - heat-rabbit-init
617 - heat-ks-user
618 - heat-trustee-ks-user
619 - heat-domain-ks-user
620 - heat-ks-endpoints
621 - heat-bootstrap
622 services:
623 - endpoint: internal
624 service: oslo_db
625 - endpoint: internal
626 service: oslo_messaging
627 - endpoint: internal
628 service: identity
629 db_drop:
630 services:
631 - endpoint: internal
632 service: oslo_db
633 db_init:
634 services:
635 - endpoint: internal
636 service: oslo_db
637 db_sync:
638 jobs:
639 - heat-db-init
640 services:
641 - endpoint: internal
642 service: oslo_db
643 bootstrap:
644 services:
645 - endpoint: internal
646 service: identity
647 engine:
648 jobs:
649 - heat-db-sync
650 - heat-rabbit-init
651 - heat-ks-user
652 - heat-trustee-ks-user
653 - heat-domain-ks-user
654 - heat-ks-endpoints
655 - heat-bootstrap
656 services:
657 - endpoint: internal
658 service: oslo_db
659 - endpoint: internal
660 service: oslo_messaging
661 - endpoint: internal
662 service: identity
663 engine_cleaner:
664 jobs:
665 - heat-db-sync
666 - heat-ks-user
667 - heat-trustee-ks-user
668 - heat-domain-ks-user
669 - heat-ks-endpoints
670 services:
671 - endpoint: internal
672 service: oslo_db
673 - endpoint: internal
674 service: oslo_messaging
675 - endpoint: internal
676 service: identity
677 purge_deleted:
678 jobs:
679 - heat-db-sync
680 - heat-ks-user
681 - heat-trustee-ks-user
682 - heat-domain-ks-user
683 - heat-ks-endpoints
684 services:
685 - endpoint: internal
686 service: oslo_db
687 - endpoint: internal
688 service: oslo_messaging
689 - endpoint: internal
690 service: identity
691 ks_endpoints:
692 jobs:
693 - heat-ks-service
694 services:
695 - endpoint: internal
696 service: identity
697 ks_service:
698 services:
699 - endpoint: internal
700 service: identity
701 ks_user:
702 services:
703 - endpoint: internal
704 service: identity
705 rabbit_init:
706 services:
707 - endpoint: internal
708 service: oslo_messaging
709 trusts:
710 jobs:
711 - heat-ks-user
712 - heat-trustee-ks-user
713 - heat-domain-ks-user
714 services:
715 - endpoint: internal
716 service: identity
717 image_repo_sync:
718 services:
719 - endpoint: internal
720 service: local_image_registry
721 tests:
722 services:
723 - endpoint: internal
724 service: identity
725 - endpoint: internal
726 service: orchestration
727
728# Names of secrets used by bootstrap and environmental checks
729secrets:
730 identity:
731 admin: heat-keystone-admin
732 heat: heat-keystone-user
733 heat_trustee: heat-keystone-trustee
734 heat_stack_user: heat-keystone-stack-user
735 test: heat-keystone-test
736 oslo_db:
737 admin: heat-db-admin
738 heat: heat-db-user
739 oslo_messaging:
740 admin: heat-rabbitmq-admin
741 heat: heat-rabbitmq-user
742 tls:
743 orchestration:
744 api:
745 public: heat-tls-public
746 internal: heat-tls-api
747 cloudformation:
748 cfn:
749 public: cloudformation-tls-public
750 internal: heat-tls-cfn
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]751 oci_image_registry:
752 heat: heat-oci-image-registry
753
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]754# typically overridden by environmental
755# values, but should include all endpoints
756# required by this chart
757endpoints:
758 cluster_domain_suffix: cluster.local
759 local_image_registry:
760 name: docker-registry
761 namespace: docker-registry
762 hosts:
763 default: localhost
764 internal: docker-registry
765 node: localhost
766 host_fqdn_override:
767 default: null
768 port:
769 registry:
770 node: 5000
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]771 oci_image_registry:
772 name: oci-image-registry
773 namespace: oci-image-registry
774 auth:
775 enabled: false
776 heat:
777 username: heat
778 password: password
779 hosts:
780 default: localhost
781 host_fqdn_override:
782 default: null
783 port:
784 registry:
785 default: null
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]786 identity:
787 name: keystone
788 auth:
789 admin:
790 region_name: RegionOne
791 username: admin
792 password: password
793 project_name: admin
794 user_domain_name: default
795 project_domain_name: default
796 heat:
797 role: admin
798 region_name: RegionOne
799 username: heat
800 password: password
801 project_name: service
802 user_domain_name: service
803 project_domain_name: service
804 heat_trustee:
805 role: admin
806 region_name: RegionOne
807 username: heat-trust
808 password: password
809 project_name: service
810 user_domain_name: service
811 project_domain_name: service
812 heat_stack_user:
813 role: admin
814 region_name: RegionOne
815 username: heat-domain
816 password: password
817 domain_name: heat
818 test:
819 role: admin
820 region_name: RegionOne
821 username: heat-test
822 password: password
823 project_name: test
824 user_domain_name: service
825 project_domain_name: service
826 hosts:
827 default: keystone
828 internal: keystone-api
829 host_fqdn_override:
830 default: null
831 path:
832 default: /v3
833 scheme:
834 default: 'http'
835 port:
836 api:
837 default: 80
838 internal: 5000
839 orchestration:
840 name: heat
841 hosts:
842 default: heat-api
843 public: heat
844 host_fqdn_override:
845 default: null
846 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
847 # endpoints using the following format:
848 # public:
849 # host: null
850 # tls:
851 # crt: null
852 # key: null
853 path:
854 default: '/v1/%(project_id)s'
855 scheme:
856 default: 'http'
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]857 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]858 port:
859 api:
860 default: 8004
861 public: 80
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]862 service: 8004
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]863 cloudformation:
864 name: heat-cfn
865 hosts:
866 default: heat-cfn
867 public: cloudformation
868 host_fqdn_override:
869 default: null
870 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
871 # endpoints using the following format:
872 # public:
873 # host: null
874 # tls:
875 # crt: null
876 # key: null
877 path:
878 default: /v1
879 scheme:
880 default: 'http'
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]881 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]882 port:
883 api:
884 default: 8000
885 public: 80
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]886 service: 8000
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]887 # Cloudwatch does not get an entry in the keystone service catalog
888 cloudwatch:
889 name: heat-cloudwatch
890 hosts:
891 default: heat-cloudwatch
892 public: cloudwatch
893 host_fqdn_override:
894 default: null
895 path:
896 default: null
897 type: null
898 scheme:
899 default: 'http'
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]900 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]901 port:
902 api:
903 default: 8003
904 public: 80
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]905 service: 8003
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]906 oslo_db:
907 auth:
908 admin:
909 username: root
910 password: password
911 secret:
912 tls:
913 internal: mariadb-tls-direct
914 heat:
915 username: heat
916 password: password
917 hosts:
918 default: mariadb
919 host_fqdn_override:
920 default: null
921 path: /heat
922 scheme: mysql+pymysql
923 port:
924 mysql:
925 default: 3306
926 oslo_cache:
927 auth:
928 # NOTE(portdirect): this is used to define the value for keystone
929 # authtoken cache encryption key, if not set it will be populated
930 # automatically with a random value, but to take advantage of
931 # this feature all services should be set to use the same key,
932 # and memcache service.
933 memcache_secret_key: null
934 hosts:
935 default: memcached
936 host_fqdn_override:
937 default: null
938 port:
939 memcache:
940 default: 11211
941 oslo_messaging:
942 auth:
943 admin:
944 username: rabbitmq
945 password: password
946 secret:
947 tls:
948 internal: rabbitmq-tls-direct
949 heat:
950 username: heat
951 password: password
952 statefulset:
953 replicas: 2
954 name: rabbitmq-rabbitmq
955 hosts:
956 default: rabbitmq
957 host_fqdn_override:
958 default: null
959 path: /heat
960 scheme: rabbit
961 port:
962 amqp:
963 default: 5672
964 http:
965 default: 15672
966 fluentd:
967 namespace: null
968 name: fluentd
969 hosts:
970 default: fluentd-logging
971 host_fqdn_override:
972 default: null
973 path:
974 default: null
975 scheme: 'http'
976 port:
977 service:
978 default: 24224
979 metrics:
980 default: 24220
981 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
982 # They are using to enable the Egress K8s network policy.
983 kube_dns:
984 namespace: kube-system
985 name: kubernetes-dns
986 hosts:
987 default: kube-dns
988 host_fqdn_override:
989 default: null
990 path:
991 default: null
992 scheme: http
993 port:
994 dns:
995 default: 53
996 protocol: UDP
997 ingress:
998 namespace: null
999 name: ingress
1000 hosts:
1001 default: ingress
1002 port:
1003 ingress:
1004 default: 80
1005
1006pod:
1007 security_context:
1008 heat:
1009 pod:
1010 runAsUser: 42424
1011 container:
1012 heat_api:
1013 readOnlyRootFilesystem: true
1014 allowPrivilegeEscalation: false
1015 heat_cfn:
1016 readOnlyRootFilesystem: true
1017 allowPrivilegeEscalation: false
1018 heat_cloudwatch:
1019 readOnlyRootFilesystem: true
1020 allowPrivilegeEscalation: false
1021 heat_engine:
1022 readOnlyRootFilesystem: true
1023 allowPrivilegeEscalation: false
1024 trusts:
1025 pod:
1026 runAsUser: 42424
1027 container:
1028 heat_trusts:
1029 readOnlyRootFilesystem: true
1030 allowPrivilegeEscalation: false
1031 ks_user:
1032 pod:
1033 runAsUser: 42424
1034 container:
1035 heat_ks_domain_user:
1036 readOnlyRootFilesystem: true
1037 allowPrivilegeEscalation: false
1038 engine_cleaner:
1039 pod:
1040 runAsUser: 42424
1041 container:
1042 heat_engine_cleaner:
1043 readOnlyRootFilesystem: true
1044 allowPrivilegeEscalation: false
1045 affinity:
1046 anti:
1047 type:
1048 default: preferredDuringSchedulingIgnoredDuringExecution
1049 topologyKey:
1050 default: kubernetes.io/hostname
1051 weight:
1052 default: 10
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1053 tolerations:
1054 heat:
1055 enabled: false
1056 tolerations:
1057 - key: node-role.kubernetes.io/master
1058 operator: Exists
1059 effect: NoSchedule
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1060 - key: node-role.kubernetes.io/control-plane
1061 operator: Exists
1062 effect: NoSchedule
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1063 mounts:
1064 heat_api:
1065 init_container: null
1066 heat_api:
1067 volumeMounts:
1068 volumes:
1069 heat_cfn:
1070 init_container: null
1071 heat_cfn:
1072 volumeMounts:
1073 volumes:
1074 heat_cloudwatch:
1075 init_container: null
1076 heat_cloudwatch:
1077 volumeMounts:
1078 volumes:
1079 heat_engine:
1080 init_container: null
1081 heat_engine:
1082 volumeMounts:
1083 volumes:
1084 heat_bootstrap:
1085 init_container: null
1086 heat_bootstrap:
1087 volumeMounts:
1088 volumes:
1089 heat_trusts:
1090 init_container: null
1091 heat_trusts:
1092 volumeMounts:
1093 volumes:
1094 heat_engine_cleaner:
1095 init_container: null
1096 heat_engine_cleaner:
1097 volumeMounts:
1098 volumes:
1099 heat_purge_deleted:
1100 init_container: null
1101 heat_purge_deleted:
1102 volumeMounts:
1103 volumes:
1104 heat_tests:
1105 init_container: null
1106 heat_tests:
1107 volumeMounts:
1108 volumes:
1109 heat_db_sync:
1110 heat_db_sync:
1111 volumeMounts:
1112 volumes:
1113 replicas:
1114 api: 1
1115 cfn: 1
1116 cloudwatch: 1
1117 engine: 1
1118 lifecycle:
1119 upgrades:
1120 deployments:
1121 revision_history: 3
1122 pod_replacement_strategy: RollingUpdate
1123 rolling_update:
1124 max_unavailable: 1
1125 max_surge: 3
1126 disruption_budget:
1127 api:
1128 min_available: 0
1129 cfn:
1130 min_available: 0
1131 cloudwatch:
1132 min_available: 0
1133 termination_grace_period:
1134 api:
1135 timeout: 30
1136 cfn:
1137 timeout: 30
1138 cloudwatch:
1139 timeout: 30
1140 engine:
1141 timeout: 30
1142 resources:
1143 enabled: false
1144 api:
1145 requests:
1146 memory: "128Mi"
1147 cpu: "100m"
1148 limits:
1149 memory: "1024Mi"
1150 cpu: "2000m"
1151 cfn:
1152 requests:
1153 memory: "128Mi"
1154 cpu: "100m"
1155 limits:
1156 memory: "1024Mi"
1157 cpu: "2000m"
1158 cloudwatch:
1159 requests:
1160 memory: "128Mi"
1161 cpu: "100m"
1162 limits:
1163 memory: "1024Mi"
1164 cpu: "2000m"
1165 engine:
1166 requests:
1167 memory: "128Mi"
1168 cpu: "100m"
1169 limits:
1170 memory: "1024Mi"
1171 cpu: "2000m"
1172 jobs:
1173 bootstrap:
1174 requests:
1175 memory: "128Mi"
1176 cpu: "100m"
1177 limits:
1178 memory: "1024Mi"
1179 cpu: "2000m"
1180 db_init:
1181 requests:
1182 memory: "128Mi"
1183 cpu: "100m"
1184 limits:
1185 memory: "1024Mi"
1186 cpu: "2000m"
1187 db_sync:
1188 requests:
1189 memory: "128Mi"
1190 cpu: "100m"
1191 limits:
1192 memory: "1024Mi"
1193 cpu: "2000m"
1194 db_drop:
1195 requests:
1196 memory: "128Mi"
1197 cpu: "100m"
1198 limits:
1199 memory: "1024Mi"
1200 cpu: "2000m"
1201 ks_endpoints:
1202 requests:
1203 memory: "128Mi"
1204 cpu: "100m"
1205 limits:
1206 memory: "1024Mi"
1207 cpu: "2000m"
1208 ks_service:
1209 requests:
1210 memory: "128Mi"
1211 cpu: "100m"
1212 limits:
1213 memory: "1024Mi"
1214 cpu: "2000m"
1215 ks_user:
1216 requests:
1217 memory: "128Mi"
1218 cpu: "100m"
1219 limits:
1220 memory: "1024Mi"
1221 cpu: "2000m"
1222 rabbit_init:
1223 requests:
1224 memory: "128Mi"
1225 cpu: "100m"
1226 limits:
1227 memory: "1024Mi"
1228 cpu: "2000m"
1229 tests:
1230 requests:
1231 memory: "128Mi"
1232 cpu: "100m"
1233 limits:
1234 memory: "1024Mi"
1235 cpu: "2000m"
1236 trusts:
1237 requests:
1238 memory: "128Mi"
1239 cpu: "100m"
1240 limits:
1241 memory: "1024Mi"
1242 cpu: "2000m"
1243 engine_cleaner:
1244 requests:
1245 memory: "128Mi"
1246 cpu: "100m"
1247 limits:
1248 memory: "1024Mi"
1249 cpu: "2000m"
1250 purge_deleted:
1251 requests:
1252 memory: "124Mi"
1253 cpu: "100m"
1254 limits:
1255 memory: "1024Mi"
1256 cpu: "2000m"
1257 image_repo_sync:
1258 requests:
1259 memory: "128Mi"
1260 cpu: "100m"
1261 limits:
1262 memory: "1024Mi"
1263 cpu: "2000m"
1264
1265network_policy:
1266 heat:
1267 ingress:
1268 - {}
1269 egress:
1270 - {}
1271
1272# NOTE(helm_hook): helm_hook might break for helm2 binary.
1273# set helm3_hook: false when using the helm2 binary.
1274helm3_hook: true
1275
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1276tls:
1277 identity: false
1278 oslo_messaging: false
1279 oslo_db: false
1280
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1281manifests:
1282 certificates: false
1283 configmap_bin: true
1284 configmap_etc: true
1285 cron_job_engine_cleaner: true
1286 cron_job_purge_deleted: true
1287 deployment_api: true
1288 deployment_cfn: true
1289 deployment_cloudwatch: false
1290 deployment_engine: true
1291 ingress_api: true
1292 ingress_cfn: true
1293 ingress_cloudwatch: false
1294 job_bootstrap: true
1295 job_db_init: true
1296 job_db_sync: true
1297 job_db_drop: false
1298 job_image_repo_sync: true
1299 job_ks_endpoints: true
1300 job_ks_service: true
1301 job_ks_user_domain: true
1302 job_ks_user_trustee: true
1303 job_ks_user: true
1304 job_rabbit_init: true
1305 pdb_api: true
1306 pdb_cfn: true
1307 pdb_cloudwatch: false
1308 pod_rally_test: true
1309 network_policy: false
1310 secret_db: true
1311 secret_ingress_tls: true
1312 secret_keystone: true
1313 secret_rabbitmq: true
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1314 secret_registry: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1315 service_api: true
1316 service_cfn: true
1317 service_cloudwatch: false
1318 service_ingress_api: true
1319 service_ingress_cfn: true
1320 service_ingress_cloudwatch: false
1321 statefulset_engine: false
1322...