Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 5ccb7df5b4d50e9d5babc547b7fef0bbec51fd28 / . / charts / libvirt / values.yaml
blob: 66aa7bb2dee969d40bb1c55fb9312b1fb2ba510c [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for libvirt.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21labels:
22 agent:
23 libvirt:
24 node_selector_key: openstack-compute-node
25 node_selector_value: enabled
26
27images:
28 tags:
okozachenko1203d2cd6872023-08-31 19:53:51 +1000[diff] [blame]29 libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal
30 libvirt_exporter: vexxhost/libvirtd-exporter:latest
31 ceph_config_helper: 'docker.io/openstackhelm/ceph-config-helper:ubuntu_focal_17.2.6-1-20230508'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]32 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
33 image_repo_sync: docker.io/library/docker:17.07.0
okozachenko1203d2cd6872023-08-31 19:53:51 +1000[diff] [blame]34 kubectl: docker.io/bitnami/kubectl:latest
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]35 pull_policy: "IfNotPresent"
36 local_registry:
37 active: false
38 exclude:
39 - dep_check
40 - image_repo_sync
41
42network:
43 # provide what type of network wiring will be used
44 # possible options: openvswitch, linuxbridge, sriov
45 backend:
46 - openvswitch
47
48endpoints:
49 cluster_domain_suffix: cluster.local
50 local_image_registry:
51 name: docker-registry
52 namespace: docker-registry
53 hosts:
54 default: localhost
55 internal: docker-registry
56 node: localhost
57 host_fqdn_override:
58 default: null
59 port:
60 registry:
61 node: 5000
okozachenko1203d2cd6872023-08-31 19:53:51 +1000[diff] [blame]62 oci_image_registry:
63 name: oci-image-registry
64 namespace: oci-image-registry
65 auth:
66 enabled: false
67 libvirt:
68 username: libvirt
69 password: password
70 hosts:
71 default: localhost
72 host_fqdn_override:
73 default: null
74 port:
75 registry:
76 default: null
77 libvirt_exporter:
78 port:
79 metrics:
80 default: 9474
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]81
82network_policy:
83 libvirt:
84 ingress:
85 - {}
86 egress:
87 - {}
88
89ceph_client:
90 configmap: ceph-etc
91 user_secret_name: pvc-ceph-client-key
92
93conf:
94 ceph:
95 enabled: true
96 admin_keyring: null
97 cinder:
98 user: "cinder"
99 keyring: null
100 secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
101 # Cinder Ceph backend that is not configured by the k8s cluter
102 external_ceph:
103 enabled: false
104 user: null
105 secret_uuid: null
106 user_secret_name: null
107 libvirt:
108 listen_tcp: "1"
109 listen_tls: "0"
110 auth_tcp: "none"
111 ca_file: "/etc/pki/CA/cacert.pem"
112 cert_file: "/etc/pki/libvirt/servercert.pem"
113 key_file: "/etc/pki/libvirt/private/serverkey.pem"
114 auth_unix_rw: "none"
115 listen_addr: 127.0.0.1
116 log_level: "3"
117 log_outputs: "1:file:/var/log/libvirt/libvirtd.log"
118 qemu:
okozachenko1203d2cd6872023-08-31 19:53:51 +1000[diff] [blame]119 vnc_tls: "0"
120 vnc_tls_x509_verify: "0"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]121 stdio_handler: "file"
122 user: "nova"
123 group: "kvm"
124 kubernetes:
okozachenko1203d2cd6872023-08-31 19:53:51 +1000[diff] [blame]125 cgroup: "kubepods.slice"
126 vencrypt:
127 # Issuer to use for the vencrypt certs.
128 issuer:
129 kind: ClusterIssuer
130 name: ca-clusterissuer
131 # Script is included here (vs in bin/) to allow overriding, in the case that
132 # communication happens over an IP other than the pod IP for some reason.
133 cert_init_sh: |
134 #!/bin/bash
135 set -x
136
137 # Script to create certs for each libvirt pod based on pod IP (by default).
138
139 cat <<EOF | kubectl apply -f -
140 apiVersion: cert-manager.io/v1
141 kind: Certificate
142 metadata:
143 name: ${POD_NAME}-${TYPE}
144 namespace: ${POD_NAMESPACE}
145 ownerReferences:
146 - apiVersion: v1
147 kind: Pod
148 name: ${POD_NAME}
149 uid: ${POD_UID}
150 spec:
151 secretName: ${POD_NAME}-${TYPE}
152 commonName: ${POD_IP}
153 usages:
154 - client auth
155 - server auth
156 dnsNames:
157 - ${HOSTNAME}
158 ipAddresses:
159 - ${POD_IP}
160 issuerRef:
161 kind: ${ISSUER_KIND}
162 name: ${ISSUER_NAME}
163 EOF
164
165 kubectl -n ${POD_NAMESPACE} wait --for=condition=Ready --timeout=300s \
166 certificate/${POD_NAME}-${TYPE}
167
168 # NOTE(mnaser): cert-manager does not clean-up the secrets when the certificate
169 # is deleted, so we should add an owner reference to the secret
170 # to ensure that it is cleaned up when the pod is deleted.
171 kubectl -n ${POD_NAMESPACE} patch secret ${POD_NAME}-${TYPE} \
172 --type=json -p='[{"op": "add", "path": "/metadata/ownerReferences", "value": [{"apiVersion": "v1", "kind": "Pod", "name": "'${POD_NAME}'", "uid": "'${POD_UID}'"}]}]'
173
174 kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.crt}' | base64 -d > /tmp/${TYPE}.crt
175 kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.key}' | base64 -d > /tmp/${TYPE}.key
176 kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.ca\.crt}' | base64 -d > /tmp/${TYPE}-ca.crt
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]177
178pod:
179 probes:
180 libvirt:
181 libvirt:
182 liveness:
183 enabled: true
184 params:
185 initialDelaySeconds: 30
186 periodSeconds: 60
187 timeoutSeconds: 5
188 readiness:
189 enabled: true
190 params:
191 initialDelaySeconds: 15
192 periodSeconds: 60
193 timeoutSeconds: 5
194 security_context:
195 libvirt:
196 pod:
197 runAsUser: 0
198 container:
199 ceph_admin_keyring_placement:
200 readOnlyRootFilesystem: false
201 ceph_keyring_placement:
202 readOnlyRootFilesystem: false
203 libvirt:
204 privileged: true
205 readOnlyRootFilesystem: false
okozachenko1203d2cd6872023-08-31 19:53:51 +1000[diff] [blame]206 libvirt_exporter:
207 privileged: true
208 sidecars:
209 libvirt_exporter: false
210
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]211 affinity:
212 anti:
213 type:
214 default: preferredDuringSchedulingIgnoredDuringExecution
215 topologyKey:
216 default: kubernetes.io/hostname
217 weight:
218 default: 10
okozachenko1203d2cd6872023-08-31 19:53:51 +1000[diff] [blame]219 tolerations:
220 libvirt:
221 enabled: false
222 tolerations:
223 - key: node-role.kubernetes.io/master
224 operator: Exists
225 effect: NoSchedule
226 - key: node-role.kubernetes.io/control-plane
227 operator: Exists
228 effect: NoSchedule
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]229 dns_policy: "ClusterFirstWithHostNet"
230 mounts:
231 libvirt:
232 init_container: null
233 libvirt:
234 lifecycle:
235 upgrades:
236 daemonsets:
237 pod_replacement_strategy: RollingUpdate
238 libvirt:
239 enabled: true
240 min_ready_seconds: 0
241 max_unavailable: 1
242 resources:
243 enabled: false
244 libvirt:
245 requests:
246 memory: "128Mi"
247 cpu: "100m"
248 limits:
249 memory: "1024Mi"
250 cpu: "2000m"
251 jobs:
252 image_repo_sync:
253 requests:
254 memory: "128Mi"
255 cpu: "100m"
256 limits:
257 memory: "1024Mi"
258 cpu: "2000m"
okozachenko1203d2cd6872023-08-31 19:53:51 +1000[diff] [blame]259 libvirt_exporter:
260 requests:
261 memory: "128Mi"
262 cpu: "100m"
263 limits:
264 memory: "256Mi"
265 cpu: "500m"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]266
267dependencies:
268 dynamic:
269 common:
270 local_image_registry:
271 jobs:
272 - libvirt-image-repo-sync
273 services:
274 - endpoint: node
275 service: local_image_registry
276 targeted:
Mohammed Naserd6db2452023-07-23 14:34:59 +0000[diff] [blame]277 ovn:
278 libvirt:
279 pod:
280 - requireSameNode: true
281 labels:
282 application: ovn
283 component: ovn-controller
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]284 openvswitch:
285 libvirt:
286 pod:
287 - requireSameNode: true
288 labels:
289 application: neutron
290 component: neutron-ovs-agent
291 linuxbridge:
292 libvirt:
293 pod:
294 - requireSameNode: true
295 labels:
296 application: neutron
297 component: neutron-lb-agent
298 sriov:
299 libvirt:
300 pod:
301 - requireSameNode: true
302 labels:
303 application: neutron
304 component: neutron-sriov-agent
305 static:
306 libvirt:
307 services: null
308 image_repo_sync:
309 services:
310 - endpoint: internal
311 service: local_image_registry
312
313manifests:
314 configmap_bin: true
315 configmap_etc: true
316 daemonset_libvirt: true
317 job_image_repo_sync: true
318 network_policy: false
okozachenko1203d2cd6872023-08-31 19:53:51 +1000[diff] [blame]319 role_cert_manager: false
320 secret_registry: true
321
322secrets:
323 oci_image_registry:
324 libvirt: libvirt-oci-image-registry-key
325 tls:
326 server: libvirt-tls-server
327 client: libvirt-tls-client
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]328...