Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 65893945884e3a345a9db2cd16bc31f6e9b8a26f / . / charts / horizon / values.yaml
blob: 73b0d46501e739140e4ed6f92befe2f8cb093f8b [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for horizon.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19images:
20 tags:
21 db_init: docker.io/openstackhelm/heat:stein-ubuntu_bionic
22 horizon_db_sync: docker.io/openstackhelm/horizon:stein-ubuntu_bionic
23 db_drop: docker.io/openstackhelm/heat:stein-ubuntu_bionic
24 horizon: docker.io/openstackhelm/horizon:stein-ubuntu_bionic
25 test: docker.io/openstackhelm/osh-selenium:latest-ubuntu_bionic
26 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
27 image_repo_sync: docker.io/docker:17.07.0
28 pull_policy: "IfNotPresent"
29 local_registry:
30 active: false
31 exclude:
32 - dep_check
33 - image_repo_sync
34
35release_group: null
36
37labels:
38 dashboard:
39 node_selector_key: openstack-control-plane
40 node_selector_value: enabled
41 job:
42 node_selector_key: openstack-control-plane
43 node_selector_value: enabled
44 test:
45 node_selector_key: openstack-control-plane
46 node_selector_value: enabled
47
48network:
49 dashboard:
50 ingress:
51 public: true
52 classes:
53 namespace: "nginx"
54 cluster: "nginx-cluster"
55 annotations:
56 nginx.ingress.kubernetes.io/rewrite-target: /
57 external_policy_local: false
58 node_port:
59 enabled: false
60 port: 31000
61
62conf:
63 software:
64 apache2:
65 binary: apache2
66 start_parameters: -DFOREGROUND
67 site_dir: /etc/apache2/sites-available
68 conf_dir: /etc/apache2/conf-available
69 mods_dir: /etc/apache2/mods-available
70 a2enmod:
71 - headers
72 - rewrite
73 a2dismod:
74 - status
75 horizon:
76 branding:
77 logo:
78 logo_splash:
79 favicon:
80 apache: |
81 <IfVersion < 2.4>
82 Listen 0.0.0.0:{{ tuple "dashboard" "internal" "web" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
83 </IfVersion>
84 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
85 LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
86
87 SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
88 CustomLog /dev/stdout combined env=!forwarded
89 CustomLog /dev/stdout proxy env=forwarded
90
91 <VirtualHost *:{{ tuple "dashboard" "internal" "web" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
92 WSGIScriptReloading On
93 WSGIDaemonProcess horizon-http processes=5 threads=1 user=horizon group=horizon display-name=%{GROUP} python-path=/var/lib/kolla/venv/lib/python2.7/site-packages
94 WSGIProcessGroup horizon-http
95 WSGIScriptAlias / /var/www/cgi-bin/horizon/django.wsgi
96 WSGIPassAuthorization On
97 RewriteEngine on
98 RewriteCond %{REQUEST_METHOD} !^(POST|PUT|GET|DELETE|PATCH)
99 RewriteRule .* - [F]
100
101 <Location "/">
102 Require all granted
103 </Location>
104
105 Alias /static /var/www/html/horizon
106 <Location "/static">
107 SetHandler static
108 </Location>
109
110 <IfVersion >= 2.4>
111 ErrorLogFormat "%{cu}t %M"
112 </IfVersion>
113 ErrorLog /dev/stdout
114 TransferLog /dev/stdout
115
116 SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
117 CustomLog /dev/stdout combined env=!forwarded
118 CustomLog /dev/stdout proxy env=forwarded
119 </Virtualhost>
120 security: |
121 #
122 # Disable access to the entire file system except for the directories that
123 # are explicitly allowed later.
124 #
125 # This currently breaks the configurations that come with some web application
126 # Debian packages.
127 #
128 #<Directory />
129 # AllowOverride None
130 # Require all denied
131 #</Directory>
132
133 # Changing the following options will not really affect the security of the
134 # server, but might make attacks slightly more difficult in some cases.
135
136 #
137 # ServerTokens
138 # This directive configures what you return as the Server HTTP response
139 # Header. The default is 'Full' which sends information about the OS-Type
140 # and compiled in modules.
141 # Set to one of: Full | OS | Minimal | Minor | Major | Prod
142 # where Full conveys the most information, and Prod the least.
143 ServerTokens Prod
144
145 #
146 # Optionally add a line containing the server version and virtual host
147 # name to server-generated pages (internal error documents, FTP directory
148 # listings, mod_status and mod_info output etc., but not CGI generated
149 # documents or custom error documents).
150 # Set to "EMail" to also include a mailto: link to the ServerAdmin.
151 # Set to one of: On | Off | EMail
152 ServerSignature Off
153
154 #
155 # Allow TRACE method
156 #
157 # Set to "extended" to also reflect the request body (only for testing and
158 # diagnostic purposes).
159 #
160 # Set to one of: On | Off | extended
161 TraceEnable Off
162
163 #
164 # Forbid access to version control directories
165 #
166 # If you use version control systems in your document root, you should
167 # probably deny access to their directories. For example, for subversion:
168 #
169 #<DirectoryMatch "/\.svn">
170 # Require all denied
171 #</DirectoryMatch>
172
173 #Security-Settings
174 # Setting this header will prevent MSIE from interpreting files as something
175 # else than declared by the content type in the HTTP headers.
176 # Requires mod_headers to be enabled.
177 #
178 Header set X-Content-Type-Options: "nosniff"
179 Header set X-Permitted-Cross-Domain-Policies: "none"
180 # Setting this header will prevent other sites from embedding pages from this
181 # site as frames. This defends against clickjacking attacks.
182 # Requires mod_headers to be enabled.
183 #
184 local_settings_d: {}
185 ## For example, _50_monasca_ui_settings.py
186 # _50_monasca_ui_settings: |
187 # from django.conf import settings
188 # # Grafana button titles/file names (global across all projects):
189 # GRAFANA_LINKS = []
190 # DASHBOARDS = getattr(settings, 'GRAFANA_LINKS', GRAFANA_LINKS)
191
192 local_settings:
193 config:
194 # Use "True" and "False" as Titlecase strings with quotes, boolean
195 # values will not work
196 horizon_secret_key: 9aee62c0-5253-4a86-b189-e0fb71fa503c
197 debug: "False"
198 use_ssl: "False"
199 endpoint_type: "internalURL"
200 keystone_multidomain_support: "True"
201 keystone_default_domain: Default
202 disable_password_reveal: "True"
203 show_openrc_file: "True"
204 csrf_cookie_secure: "False"
205 csrf_cookie_httponly: "False"
206 enforce_password_check: "True"
207 # Set enable_pwd_validator to true to enforce password validator settings.
208 enable_pwd_validator: false
209 pwd_validator_regex: '(?=.*[a-zA-Z])(?=.*\d).{8,}|(?=.*\d)(?=.*\W).{8,}|(?=.*\W)(?=.*[a-zA-Z]).{8,}'
210 pwd_validator_help_text: '_("Your password must be at least eight (8) characters in length and must include characters from at least two (2) of these groupings: alpha, numeric, and special characters.")'
211 session_cookie_secure: "False"
212 session_cookie_httponly: "False"
213 secure_proxy_ssl_header: false
214 password_autocomplete: "False"
215 disallow_iframe_embed: "False"
216 allowed_hosts:
217 - '*'
218 horizon_images_upload_mode: 'legacy'
219 openstack_cinder_features:
220 enable_backup: "True"
221 openstack_neutron_network:
222 enable_router: "True"
223 enable_quotas: "True"
224 enable_ipv6: "True"
225 enable_distributed_router: "False"
226 enable_ha_router: "False"
227 enable_lb: "True"
228 enable_firewall: "True"
229 enable_vpn: "True"
230 enable_fip_topology_check: "True"
231 openstack_enable_password_retrieve: "False"
232 auth:
233 sso:
234 enabled: False
235 initial_choice: "credentials"
236 idp_mapping:
237 - name: "acme_oidc"
238 label: "Acme Corporation - OpenID Connect"
239 idp: "myidp1"
240 protocol: "oidc"
241 - name: "acme_saml2"
242 label: "Acme Corporation - SAML2"
243 idp: "myidp2"
244 protocol: "saml2"
245 log_level: "DEBUG"
246 # Pass any settings to the end of local_settings.py
247 raw: {}
248 openstack_api_versions:
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]249 container_infra: "1.10"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]250 template: |
251 import os
252
253 from django.utils.translation import ugettext_lazy as _
254
255 from openstack_dashboard import exceptions
256
257 DEBUG = {{ .Values.conf.horizon.local_settings.config.debug }}
258 TEMPLATE_DEBUG = DEBUG
259
260 COMPRESS_OFFLINE = True
261 COMPRESS_CSS_HASHING_METHOD = "hash"
262
263 # WEBROOT is the location relative to Webserver root
264 # should end with a slash.
265 WEBROOT = '/'
266 # LOGIN_URL = WEBROOT + 'auth/login/'
267 # LOGOUT_URL = WEBROOT + 'auth/logout/'
268 #
269 # LOGIN_REDIRECT_URL can be used as an alternative for
270 # HORIZON_CONFIG.user_home, if user_home is not set.
271 # Do not set it to '/home/', as this will cause circular redirect loop
272 # LOGIN_REDIRECT_URL = WEBROOT
273
274 # Required for Django 1.5.
275 # If horizon is running in production (DEBUG is False), set this
276 # with the list of host/domain names that the application can serve.
277 # For more information see:
278 # https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
279 ALLOWED_HOSTS = [{{ include "helm-toolkit.utils.joinListWithCommaAndSingleQuotes" .Values.conf.horizon.local_settings.config.allowed_hosts }},'%s' % (os.environ.get("MY_POD_IP"))]
280
281 # Set SSL proxy settings:
282 # For Django 1.4+ pass this header from the proxy after terminating the SSL,
283 # and don't forget to strip it from the client's request.
284 # For more information see:
285 # https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
286 #SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
287 # https://docs.djangoproject.com/en/1.5/ref/settings/#secure-proxy-ssl-header
288 {{- if .Values.conf.horizon.local_settings.config.secure_proxy_ssl_header }}
289 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
290 {{- end }}
291
292 # If Horizon is being served through SSL, then uncomment the following two
293 # settings to better secure the cookies from security exploits
294 USE_SSL = {{ .Values.conf.horizon.local_settings.config.use_ssl }}
295 CSRF_COOKIE_SECURE = {{ .Values.conf.horizon.local_settings.config.csrf_cookie_secure }}
296 CSRF_COOKIE_HTTPONLY = {{ .Values.conf.horizon.local_settings.config.csrf_cookie_httponly }}
297 SESSION_COOKIE_SECURE = {{ .Values.conf.horizon.local_settings.config.session_cookie_secure }}
298
299 SESSION_COOKIE_HTTPONLY = {{ .Values.conf.horizon.local_settings.config.session_cookie_httponly }}
300
301 # Overrides for OpenStack API versions. Use this setting to force the
302 # OpenStack dashboard to use a specific API version for a given service API.
303 # Versions specified here should be integers or floats, not strings.
304 # NOTE: The version should be formatted as it appears in the URL for the
305 # service API. For example, The identity service APIs have inconsistent
306 # use of the decimal point, so valid options would be 2.0 or 3.
307 #OPENSTACK_API_VERSIONS = {
308 # "data-processing": 1.1,
309 # "identity": 3,
310 # "volume": 2,
311 #}
312
313 OPENSTACK_API_VERSIONS = {
314 "identity": 3,
Mohammed Naser1402ed02023-02-19 22:48:59 +0000[diff] [blame]315 "container-infra": "{{ .Values.conf.horizon.local_settings.config.openstack_api_versions.container_infra }}"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]316 }
317
318 # Set this to True if running on multi-domain model. When this is enabled, it
319 # will require user to enter the Domain name in addition to username for login.
320 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = {{ .Values.conf.horizon.local_settings.config.keystone_multidomain_support }}
321
322 # Overrides the default domain used when running on single-domain model
323 # with Keystone V3. All entities will be created in the default domain.
324 OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = '{{ .Values.conf.horizon.local_settings.config.keystone_default_domain }}'
325
326 # Set Console type:
327 # valid options are "AUTO"(default), "VNC", "SPICE", "RDP", "SERIAL" or None
328 # Set to None explicitly if you want to deactivate the console.
329 #CONSOLE_TYPE = "AUTO"
330
331 # Default OpenStack Dashboard configuration.
332 HORIZON_CONFIG = {
333 'user_home': 'openstack_dashboard.views.get_user_home',
334 'ajax_queue_limit': 10,
335 'auto_fade_alerts': {
336 'delay': 3000,
337 'fade_duration': 1500,
338 'types': ['alert-success', 'alert-info']
339 },
340 'help_url': "http://docs.openstack.org",
341 'exceptions': {'recoverable': exceptions.RECOVERABLE,
342 'not_found': exceptions.NOT_FOUND,
343 'unauthorized': exceptions.UNAUTHORIZED},
344 'modal_backdrop': 'static',
345 'angular_modules': [],
346 'js_files': [],
347 'js_spec_files': [],
348 }
349
350 {{- if .Values.conf.horizon.local_settings.config.enable_pwd_validator }}
351 # Specify a regular expression to validate user passwords.
352 HORIZON_CONFIG["password_validator"] = {
353 "regex": '{{ .Values.conf.horizon.local_settings.config.pwd_validator_regex }}',
354 "help_text": {{ .Values.conf.horizon.local_settings.config.pwd_validator_help_text }},
355 }
356 {{- end }}
357
358 # Disable simplified floating IP address management for deployments with
359 # multiple floating IP pools or complex network requirements.
360 #HORIZON_CONFIG["simple_ip_management"] = False
361
362 # Turn off browser autocompletion for forms including the login form and
363 # the database creation workflow if so desired.
364 HORIZON_CONFIG["password_autocomplete"] = '{{ .Values.conf.horizon.local_settings.config.password_autocomplete }}'
365
366 # Setting this to True will disable the reveal button for password fields,
367 # including on the login form.
368 HORIZON_CONFIG["disable_password_reveal"] = {{ .Values.conf.horizon.local_settings.config.disable_password_reveal }}
369
370 LOCAL_PATH = '/tmp'
371
372 # Set custom secret key:
373 # You can either set it to a specific value or you can let horizon generate a
374 # default secret key that is unique on this machine, e.i. regardless of the
375 # amount of Python WSGI workers (if used behind Apache+mod_wsgi): However,
376 # there may be situations where you would want to set this explicitly, e.g.
377 # when multiple dashboard instances are distributed on different machines
378 # (usually behind a load-balancer). Either you have to make sure that a session
379 # gets all requests routed to the same dashboard instance or you set the same
380 # SECRET_KEY for all of them.
381 SECRET_KEY='{{ .Values.conf.horizon.local_settings.config.horizon_secret_key }}'
382
383 CACHES = {
384 'default': {
385 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
386 'LOCATION': '{{ tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}',
387 }
388 }
389 DATABASES = {
390 'default': {
391 # Database configuration here
392 'ENGINE': 'django.db.backends.mysql',
393 'NAME': '{{ .Values.endpoints.oslo_db.path | base }}',
394 'USER': '{{ .Values.endpoints.oslo_db.auth.horizon.username }}',
395 'PASSWORD': '{{ .Values.endpoints.oslo_db.auth.horizon.password }}',
396 'HOST': '{{ tuple "oslo_db" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}',
397 'default-character-set': 'utf8',
398 {{- if .Values.manifests.certificates }}
399 'OPTIONS':{
400 'ssl': {
401 'ca': '/etc/mysql/certs/ca.crt',
402 'cert': '/etc/mysql/certs/tls.crt',
403 'key': '/etc/mysql/certs/tls.key'
404 }
405 },
406 {{- end }}
407 'PORT': '{{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}'
408 }
409 }
410 SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
411
412 # Send email to the console by default
413 EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
414 # Or send them to /dev/null
415 #EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
416
417 # Configure these for your outgoing email host
418 #EMAIL_HOST = 'smtp.my-company.com'
419 #EMAIL_PORT = 25\\
420 #EMAIL_HOST_USER = 'djangomail'
421 #EMAIL_HOST_PASSWORD = 'top-secret!'
422
423 # For multiple regions uncomment this configuration, and add (endpoint, title).
424 #AVAILABLE_REGIONS = [
425 # ('http://cluster1.example.com:5000/v2.0', 'cluster1'),
426 # ('http://cluster2.example.com:5000/v2.0', 'cluster2'),
427 #]
428
429 OPENSTACK_KEYSTONE_URL = "{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}"
430 OPENSTACK_KEYSTONE_DEFAULT_ROLE = "member"
431
432 # This setting specifies the name of the header with remote IP address. If not present,
433 # then REMOTE_ADDR header is used. The commom value for this setting is HTTP_X_REAL_IP
434 # or HTTP_X_FORWARDED_FORx
435 SECURE_PROXY_ADDR_HEADER = 'HTTP_X_FORWARDED_FOR'
436
437 {{- if .Values.conf.horizon.local_settings.config.auth.sso.enabled }}
438 # Enables keystone web single-sign-on if set to True.
439 WEBSSO_ENABLED = True
440
441 # Determines which authentication choice to show as default.
442 WEBSSO_INITIAL_CHOICE = "{{ .Values.conf.horizon.local_settings.config.auth.sso.initial_choice }}"
443
444 # The list of authentication mechanisms
445 # which include keystone federation protocols.
446 # Current supported protocol IDs are 'saml2' and 'oidc'
447 # which represent SAML 2.0, OpenID Connect respectively.
448 # Do not remove the mandatory credentials mechanism.
449 WEBSSO_CHOICES = (
450 ("credentials", _("Keystone Credentials")),
451 {{- range $i, $sso := .Values.conf.horizon.local_settings.config.auth.idp_mapping }}
452 ({{ $sso.name | quote }}, {{ $sso.label | quote }}),
453 {{- end }}
454 )
455
456 WEBSSO_IDP_MAPPING = {
457 {{- range $i, $sso := .Values.conf.horizon.local_settings.config.auth.idp_mapping }}
458 {{ $sso.name | quote}}: ({{ $sso.idp | quote }}, {{ $sso.protocol | quote }}),
459 {{- end }}
460 }
461
462 {{- end }}
463
464 # Disable SSL certificate checks (useful for self-signed certificates):
465 #OPENSTACK_SSL_NO_VERIFY = True
466
467 {{- if .Values.manifests.certificates }}
468 # The CA certificate to use to verify SSL connections
469 OPENSTACK_SSL_CACERT = '/etc/openstack-dashboard/certs/ca.crt'
470 {{- end }}
471
472 # The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
473 # capabilities of the auth backend for Keystone.
474 # If Keystone has been configured to use LDAP as the auth backend then set
475 # can_edit_user to False and name to 'ldap'.
476 #
477 # TODO(tres): Remove these once Keystone has an API to identify auth backend.
478 OPENSTACK_KEYSTONE_BACKEND = {
479 'name': 'native',
480 'can_edit_user': True,
481 'can_edit_group': True,
482 'can_edit_project': True,
483 'can_edit_domain': True,
484 'can_edit_role': True,
485 }
486
487 # Setting this to True, will add a new "Retrieve Password" action on instance,
488 # allowing Admin session password retrieval/decryption.
489 OPENSTACK_ENABLE_PASSWORD_RETRIEVE = {{ .Values.conf.horizon.local_settings.config.openstack_enable_password_retrieve }}
490 # Controls whether the keystone openrc file is accessible from the user menu and the api access panel.
491 SHOW_OPENRC_FILE = {{ .Values.conf.horizon.local_settings.config.show_openrc_file }}
492 # The Launch Instance user experience has been significantly enhanced.
493 # You can choose whether to enable the new launch instance experience,
494 # the legacy experience, or both. The legacy experience will be removed
495 # in a future release, but is available as a temporary backup setting to ensure
496 # compatibility with existing deployments. Further development will not be
497 # done on the legacy experience. Please report any problems with the new
498 # experience via the StoryBoard tracking system.
499 #
500 # Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to
501 # determine the experience to enable. Set them both to true to enable
502 # both.
503 #LAUNCH_INSTANCE_LEGACY_ENABLED = True
504 #LAUNCH_INSTANCE_NG_ENABLED = False
505
506 # The Xen Hypervisor has the ability to set the mount point for volumes
507 # attached to instances (other Hypervisors currently do not). Setting
508 # can_set_mount_point to True will add the option to set the mount point
509 # from the UI.
510 OPENSTACK_HYPERVISOR_FEATURES = {
511 'can_set_mount_point': False,
512 'can_set_password': False,
513 }
514
515 # The OPENSTACK_CINDER_FEATURES settings can be used to enable optional
516 # services provided by cinder that is not exposed by its extension API.
517 OPENSTACK_CINDER_FEATURES = {
518 'enable_backup': {{ .Values.conf.horizon.local_settings.config.openstack_cinder_features.enable_backup }},
519 }
520
521 # The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
522 # services provided by neutron. Options currently available are load
523 # balancer service, security groups, quotas, VPN service.
524 OPENSTACK_NEUTRON_NETWORK = {
525 'enable_router': {{ .Values.conf.horizon.local_settings.config.openstack_neutron_network.enable_router }},
526 'enable_quotas': {{ .Values.conf.horizon.local_settings.config.openstack_neutron_network.enable_quotas }},
527 'enable_ipv6': {{ .Values.conf.horizon.local_settings.config.openstack_neutron_network.enable_ipv6 }},
528 'enable_distributed_router': {{ .Values.conf.horizon.local_settings.config.openstack_neutron_network.enable_distributed_router }},
529 'enable_ha_router': {{ .Values.conf.horizon.local_settings.config.openstack_neutron_network.enable_ha_router }},
530 'enable_lb': {{ .Values.conf.horizon.local_settings.config.openstack_neutron_network.enable_lb }},
531 'enable_firewall': {{ .Values.conf.horizon.local_settings.config.openstack_neutron_network.enable_firewall }},
532 'enable_vpn': {{ .Values.conf.horizon.local_settings.config.openstack_neutron_network.enable_vpn }},
533 'enable_fip_topology_check': {{ .Values.conf.horizon.local_settings.config.openstack_neutron_network.enable_fip_topology_check }},
534
535 # The profile_support option is used to detect if an external router can be
536 # configured via the dashboard. When using specific plugins the
537 # profile_support can be turned on if needed.
538 'profile_support': None,
539 #'profile_support': 'cisco',
540
541 # Set which provider network types are supported. Only the network types
542 # in this list will be available to choose from when creating a network.
543 # Network types include local, flat, vlan, gre, and vxlan.
544 'supported_provider_types': ['*'],
545
546 # Set which VNIC types are supported for port binding. Only the VNIC
547 # types in this list will be available to choose from when creating a
548 # port.
549 # VNIC types include 'normal', 'macvtap' and 'direct'.
550 'supported_vnic_types': ['*']
551 }
552
553 # The OPENSTACK_IMAGE_BACKEND settings can be used to customize features
554 # in the OpenStack Dashboard related to the Image service, such as the list
555 # of supported image formats.
556 #OPENSTACK_IMAGE_BACKEND = {
557 # 'image_formats': [
558 # ('', _('Select format')),
559 # ('aki', _('AKI - Amazon Kernel Image')),
560 # ('ami', _('AMI - Amazon Machine Image')),
561 # ('ari', _('ARI - Amazon Ramdisk Image')),
562 # ('docker', _('Docker')),
563 # ('iso', _('ISO - Optical Disk Image')),
564 # ('ova', _('OVA - Open Virtual Appliance')),
565 # ('qcow2', _('QCOW2 - QEMU Emulator')),
566 # ('raw', _('Raw')),
567 # ('vdi', _('VDI - Virtual Disk Image')),
568 # ('vhd', ('VHD - Virtual Hard Disk')),
569 # ('vmdk', _('VMDK - Virtual Machine Disk')),
570 # ]
571 #}
572
573 # The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
574 # image custom property attributes that appear on image detail pages.
575 IMAGE_CUSTOM_PROPERTY_TITLES = {
576 "architecture": _("Architecture"),
577 "kernel_id": _("Kernel ID"),
578 "ramdisk_id": _("Ramdisk ID"),
579 "image_state": _("Euca2ools state"),
580 "project_id": _("Project ID"),
581 "image_type": _("Image Type"),
582 }
583
584 # The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image
585 # custom properties should not be displayed in the Image Custom Properties
586 # table.
587 IMAGE_RESERVED_CUSTOM_PROPERTIES = []
588
589 # Set to 'legacy' or 'direct' to allow users to upload images to glance via
590 # Horizon server. When enabled, a file form field will appear on the create
591 # image form. If set to 'off', there will be no file form field on the create
592 # image form. See documentation for deployment considerations.
593 HORIZON_IMAGES_UPLOAD_MODE = '{{ .Values.conf.horizon.local_settings.config.horizon_images_upload_mode }}'
594
595 # OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
596 # in the Keystone service catalog. Use this setting when Horizon is running
597 # external to the OpenStack environment. The default is 'publicURL'.
598 OPENSTACK_ENDPOINT_TYPE = "{{ .Values.conf.horizon.local_settings.config.endpoint_type }}"
599
600 # SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
601 # case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
602 # in the Keystone service catalog. Use this setting when Horizon is running
603 # external to the OpenStack environment. The default is None. This
604 # value should differ from OPENSTACK_ENDPOINT_TYPE if used.
605 SECONDARY_ENDPOINT_TYPE = "publicURL"
606
607 # The number of objects (Swift containers/objects or images) to display
608 # on a single page before providing a paging element (a "more" link)
609 # to paginate results.
610 API_RESULT_LIMIT = 1000
611 API_RESULT_PAGE_SIZE = 20
612
613 # The size of chunk in bytes for downloading objects from Swift
614 SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
615
616 # Specify a maximum number of items to display in a dropdown.
617 DROPDOWN_MAX_ITEMS = 30
618
619 # The timezone of the server. This should correspond with the timezone
620 # of your entire OpenStack installation, and hopefully be in UTC.
621 TIME_ZONE = "UTC"
622
623 # When launching an instance, the menu of available flavors is
624 # sorted by RAM usage, ascending. If you would like a different sort order,
625 # you can provide another flavor attribute as sorting key. Alternatively, you
626 # can provide a custom callback method to use for sorting. You can also provide
627 # a flag for reverse sort. For more info, see
628 # http://docs.python.org/2/library/functions.html#sorted
629 #CREATE_INSTANCE_FLAVOR_SORT = {
630 # 'key': 'name',
631 # # or
632 # 'key': my_awesome_callback_method,
633 # 'reverse': False,
634 #}
635
636 # Set this to True to display an 'Admin Password' field on the Change Password
637 # form to verify that it is indeed the admin logged-in who wants to change
638 # the password.
639 ENFORCE_PASSWORD_CHECK = {{ .Values.conf.horizon.local_settings.config.enforce_password_check }}
640
641 # Modules that provide /auth routes that can be used to handle different types
642 # of user authentication. Add auth plugins that require extra route handling to
643 # this list.
644 #AUTHENTICATION_URLS = [
645 # 'openstack_auth.urls',
646 #]
647
648 # The Horizon Policy Enforcement engine uses these values to load per service
649 # policy rule files. The content of these files should match the files the
650 # OpenStack services are using to determine role based access control in the
651 # target installation.
652
653 # Path to directory containing policy.yaml files
654 POLICY_FILES_PATH = '/etc/openstack-dashboard'
655 # Map of local copy of service policy files
656 #POLICY_FILES = {
657 # 'identity': 'keystone_policy.yaml',
658 # 'compute': 'nova_policy.yaml',
659 # 'volume': 'cinder_policy.yaml',
660 # 'image': 'glance_policy.yaml',
661 # 'orchestration': 'heat_policy.yaml',
662 # 'network': 'neutron_policy.yaml',
663 # 'telemetry': 'ceilometer_policy.yaml',
664 #}
665
666 # Trove user and database extension support. By default support for
667 # creating users and databases on database instances is turned on.
668 # To disable these extensions set the permission here to something
669 # unusable such as ["!"].
670 # TROVE_ADD_USER_PERMS = []
671 # TROVE_ADD_DATABASE_PERMS = []
672
673 # Change this patch to the appropriate static directory containing
674 # two files: _variables.scss and _styles.scss
675 #CUSTOM_THEME_PATH = 'static/themes/default'
676
677 LOGGING = {
678 'version': 1,
679 # When set to True this will disable all logging except
680 # for loggers specified in this configuration dictionary. Note that
681 # if nothing is specified here and disable_existing_loggers is True,
682 # django.db.backends will still log unless it is disabled explicitly.
683 'disable_existing_loggers': False,
684 'handlers': {
685 'null': {
686 'level': 'DEBUG',
687 'class': 'logging.NullHandler',
688 },
689 'console': {
690 # Set the level to "DEBUG" for verbose output logging.
691 'level': 'INFO',
692 'class': 'logging.StreamHandler',
693 },
694 },
695 'loggers': {
696 # Logging from django.db.backends is VERY verbose, send to null
697 # by default.
698 'django.db.backends': {
699 'handlers': ['null'],
700 'propagate': False,
701 },
702 'requests': {
703 'handlers': ['null'],
704 'propagate': False,
705 },
706 'horizon': {
707 'handlers': ['console'],
708 'level': '{{ .Values.conf.horizon.local_settings.config.log_level }}',
709 'propagate': False,
710 },
711 'openstack_dashboard': {
712 'handlers': ['console'],
713 'level': '{{ .Values.conf.horizon.local_settings.config.log_level }}',
714 'propagate': False,
715 },
716 'novaclient': {
717 'handlers': ['console'],
718 'level': '{{ .Values.conf.horizon.local_settings.config.log_level }}',
719 'propagate': False,
720 },
721 'cinderclient': {
722 'handlers': ['console'],
723 'level': '{{ .Values.conf.horizon.local_settings.config.log_level }}',
724 'propagate': False,
725 },
726 'glanceclient': {
727 'handlers': ['console'],
728 'level': '{{ .Values.conf.horizon.local_settings.config.log_level }}',
729 'propagate': False,
730 },
731 'glanceclient': {
732 'handlers': ['console'],
733 'level': '{{ .Values.conf.horizon.local_settings.config.log_level }}',
734 'propagate': False,
735 },
736 'neutronclient': {
737 'handlers': ['console'],
738 'level': '{{ .Values.conf.horizon.local_settings.config.log_level }}',
739 'propagate': False,
740 },
741 'heatclient': {
742 'handlers': ['console'],
743 'level': '{{ .Values.conf.horizon.local_settings.config.log_level }}',
744 'propagate': False,
745 },
746 'ceilometerclient': {
747 'handlers': ['console'],
748 'level': '{{ .Values.conf.horizon.local_settings.config.log_level }}',
749 'propagate': False,
750 },
751 'troveclient': {
752 'handlers': ['console'],
753 'level': '{{ .Values.conf.horizon.local_settings.config.log_level }}',
754 'propagate': False,
755 },
756 'swiftclient': {
757 'handlers': ['console'],
758 'level': '{{ .Values.conf.horizon.local_settings.config.log_level }}',
759 'propagate': False,
760 },
761 'openstack_auth': {
762 'handlers': ['console'],
763 'level': '{{ .Values.conf.horizon.local_settings.config.log_level }}',
764 'propagate': False,
765 },
766 'nose.plugins.manager': {
767 'handlers': ['console'],
768 'level': '{{ .Values.conf.horizon.local_settings.config.log_level }}',
769 'propagate': False,
770 },
771 'django': {
772 'handlers': ['console'],
773 'level': '{{ .Values.conf.horizon.local_settings.config.log_level }}',
774 'propagate': False,
775 },
776 'iso8601': {
777 'handlers': ['null'],
778 'propagate': False,
779 },
780 'scss': {
781 'handlers': ['null'],
782 'propagate': False,
783 },
784 }
785 }
786
787 # 'direction' should not be specified for all_tcp/udp/icmp.
788 # It is specified in the form.
789 SECURITY_GROUP_RULES = {
790 'all_tcp': {
791 'name': _('All TCP'),
792 'ip_protocol': 'tcp',
793 'from_port': '1',
794 'to_port': '65535',
795 },
796 'all_udp': {
797 'name': _('All UDP'),
798 'ip_protocol': 'udp',
799 'from_port': '1',
800 'to_port': '65535',
801 },
802 'all_icmp': {
803 'name': _('All ICMP'),
804 'ip_protocol': 'icmp',
805 'from_port': '-1',
806 'to_port': '-1',
807 },
808 'ssh': {
809 'name': 'SSH',
810 'ip_protocol': 'tcp',
811 'from_port': '22',
812 'to_port': '22',
813 },
814 'smtp': {
815 'name': 'SMTP',
816 'ip_protocol': 'tcp',
817 'from_port': '25',
818 'to_port': '25',
819 },
820 'dns': {
821 'name': 'DNS',
822 'ip_protocol': 'tcp',
823 'from_port': '53',
824 'to_port': '53',
825 },
826 'http': {
827 'name': 'HTTP',
828 'ip_protocol': 'tcp',
829 'from_port': '80',
830 'to_port': '80',
831 },
832 'pop3': {
833 'name': 'POP3',
834 'ip_protocol': 'tcp',
835 'from_port': '110',
836 'to_port': '110',
837 },
838 'imap': {
839 'name': 'IMAP',
840 'ip_protocol': 'tcp',
841 'from_port': '143',
842 'to_port': '143',
843 },
844 'ldap': {
845 'name': 'LDAP',
846 'ip_protocol': 'tcp',
847 'from_port': '389',
848 'to_port': '389',
849 },
850 'https': {
851 'name': 'HTTPS',
852 'ip_protocol': 'tcp',
853 'from_port': '443',
854 'to_port': '443',
855 },
856 'smtps': {
857 'name': 'SMTPS',
858 'ip_protocol': 'tcp',
859 'from_port': '465',
860 'to_port': '465',
861 },
862 'imaps': {
863 'name': 'IMAPS',
864 'ip_protocol': 'tcp',
865 'from_port': '993',
866 'to_port': '993',
867 },
868 'pop3s': {
869 'name': 'POP3S',
870 'ip_protocol': 'tcp',
871 'from_port': '995',
872 'to_port': '995',
873 },
874 'ms_sql': {
875 'name': 'MS SQL',
876 'ip_protocol': 'tcp',
877 'from_port': '1433',
878 'to_port': '1433',
879 },
880 'mysql': {
881 'name': 'MYSQL',
882 'ip_protocol': 'tcp',
883 'from_port': '3306',
884 'to_port': '3306',
885 },
886 'rdp': {
887 'name': 'RDP',
888 'ip_protocol': 'tcp',
889 'from_port': '3389',
890 'to_port': '3389',
891 },
892 }
893
894 # Deprecation Notice:
895 #
896 # The setting FLAVOR_EXTRA_KEYS has been deprecated.
897 # Please load extra spec metadata into the Glance Metadata Definition Catalog.
898 #
899 # The sample quota definitions can be found in:
900 # <glance_source>/etc/metadefs/compute-quota.json
901 #
902 # The metadata definition catalog supports CLI and API:
903 # $glance --os-image-api-version 2 help md-namespace-import
904 # $glance-manage db_load_metadefs <directory_with_definition_files>
905 #
906 # See Metadata Definitions on: https://docs.openstack.org/glance/latest/
907
908 # Indicate to the Sahara data processing service whether or not
909 # automatic floating IP allocation is in effect. If it is not
910 # in effect, the user will be prompted to choose a floating IP
911 # pool for use in their cluster. False by default. You would want
912 # to set this to True if you were running Nova Networking with
913 # auto_assign_floating_ip = True.
914 #SAHARA_AUTO_IP_ALLOCATION_ENABLED = False
915
916 # The hash algorithm to use for authentication tokens. This must
917 # match the hash algorithm that the identity server and the
918 # auth_token middleware are using. Allowed values are the
919 # algorithms supported by Python's hashlib library.
920 #OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5'
921
922 # AngularJS requires some settings to be made available to
923 # the client side. Some settings are required by in-tree / built-in horizon
924 # features. These settings must be added to REST_API_REQUIRED_SETTINGS in the
925 # form of ['SETTING_1','SETTING_2'], etc.
926 #
927 # You may remove settings from this list for security purposes, but do so at
928 # the risk of breaking a built-in horizon feature. These settings are required
929 # for horizon to function properly. Only remove them if you know what you
930 # are doing. These settings may in the future be moved to be defined within
931 # the enabled panel configuration.
932 # You should not add settings to this list for out of tree extensions.
933 # See: https://wiki.openstack.org/wiki/Horizon/RESTAPI
934 REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
935 'LAUNCH_INSTANCE_DEFAULTS',
936 'OPENSTACK_IMAGE_FORMATS']
937
938 # Additional settings can be made available to the client side for
939 # extensibility by specifying them in REST_API_ADDITIONAL_SETTINGS
940 # !! Please use extreme caution as the settings are transferred via HTTP/S
941 # and are not encrypted on the browser. This is an experimental API and
942 # may be deprecated in the future without notice.
943 #REST_API_ADDITIONAL_SETTINGS = []
944
945 # DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
946 # within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
947 # Scripting (XFS) vulnerability, so this option allows extra security hardening
948 # where iframes are not used in deployment. Default setting is True.
949 # For more information see:
950 # http://tinyurl.com/anticlickjack
951 DISALLOW_IFRAME_EMBED = {{ .Values.conf.horizon.local_settings.config.disallow_iframe_embed }}
952
953 STATIC_ROOT = '/var/www/html/horizon'
954
955 {{- range $option, $value := .Values.conf.horizon.local_settings.config.raw }}
956 {{ $option }} = {{ toJson $value }}
957 {{- end }}
958 policy:
959 ceilometer:
960 context_is_admin: 'role:admin'
961 context_is_owner: 'user_id:%(target.user_id)s'
962 context_is_project: 'project_id:%(target.project_id)s'
963 segregation: 'rule:context_is_admin'
964 heat:
965 'actions:action': 'rule:deny_stack_user'
966 'build_info:build_info': 'rule:deny_stack_user'
967 'cloudformation:CancelUpdateStack': 'rule:deny_stack_user'
968 'cloudformation:CreateStack': 'rule:deny_stack_user'
969 'cloudformation:DeleteStack': 'rule:deny_stack_user'
970 'cloudformation:DescribeStackEvents': 'rule:deny_stack_user'
971 'cloudformation:DescribeStackResource': ''
972 'cloudformation:DescribeStackResources': 'rule:deny_stack_user'
973 'cloudformation:DescribeStacks': 'rule:deny_stack_user'
974 'cloudformation:EstimateTemplateCost': 'rule:deny_stack_user'
975 'cloudformation:GetTemplate': 'rule:deny_stack_user'
976 'cloudformation:ListStackResources': 'rule:deny_stack_user'
977 'cloudformation:ListStacks': 'rule:deny_stack_user'
978 'cloudformation:UpdateStack': 'rule:deny_stack_user'
979 'cloudformation:ValidateTemplate': 'rule:deny_stack_user'
980 'cloudwatch:DeleteAlarms': 'rule:deny_stack_user'
981 'cloudwatch:DescribeAlarmHistory': 'rule:deny_stack_user'
982 'cloudwatch:DescribeAlarms': 'rule:deny_stack_user'
983 'cloudwatch:DescribeAlarmsForMetric': 'rule:deny_stack_user'
984 'cloudwatch:DisableAlarmActions': 'rule:deny_stack_user'
985 'cloudwatch:EnableAlarmActions': 'rule:deny_stack_user'
986 'cloudwatch:GetMetricStatistics': 'rule:deny_stack_user'
987 'cloudwatch:ListMetrics': 'rule:deny_stack_user'
988 'cloudwatch:PutMetricAlarm': 'rule:deny_stack_user'
989 'cloudwatch:PutMetricData': ''
990 'cloudwatch:SetAlarmState': 'rule:deny_stack_user'
991 context_is_admin: 'role:admin'
992 deny_everybody: '!'
993 deny_stack_user: 'not role:heat_stack_user'
994 'events:index': 'rule:deny_stack_user'
995 'events:show': 'rule:deny_stack_user'
996 'resource:index': 'rule:deny_stack_user'
997 'resource:mark_unhealthy': 'rule:deny_stack_user'
998 'resource:metadata': ''
999 'resource:show': 'rule:deny_stack_user'
1000 'resource:signal': ''
1001 'resource_types:OS::Cinder::EncryptedVolumeType': 'rule:context_is_admin'
1002 'resource_types:OS::Cinder::VolumeType': 'rule:context_is_admin'
1003 'resource_types:OS::Manila::ShareType': 'rule:context_is_admin'
1004 'resource_types:OS::Neutron::QoSBandwidthLimitRule': 'rule:context_is_admin'
1005 'resource_types:OS::Neutron::QoSPolicy': 'rule:context_is_admin'
1006 'resource_types:OS::Nova::Flavor': 'rule:context_is_admin'
1007 'resource_types:OS::Nova::HostAggregate': 'rule:context_is_admin'
1008 'service:index': 'rule:context_is_admin'
1009 'software_configs:create': 'rule:deny_stack_user'
1010 'software_configs:delete': 'rule:deny_stack_user'
1011 'software_configs:global_index': 'rule:deny_everybody'
1012 'software_configs:index': 'rule:deny_stack_user'
1013 'software_configs:show': 'rule:deny_stack_user'
1014 'software_deployments:create': 'rule:deny_stack_user'
1015 'software_deployments:delete': 'rule:deny_stack_user'
1016 'software_deployments:index': 'rule:deny_stack_user'
1017 'software_deployments:metadata': ''
1018 'software_deployments:show': 'rule:deny_stack_user'
1019 'software_deployments:update': 'rule:deny_stack_user'
1020 'stacks:abandon': 'rule:deny_stack_user'
1021 'stacks:create': 'rule:deny_stack_user'
1022 'stacks:delete': 'rule:deny_stack_user'
1023 'stacks:delete_snapshot': 'rule:deny_stack_user'
1024 'stacks:detail': 'rule:deny_stack_user'
1025 'stacks:environment': 'rule:deny_stack_user'
1026 'stacks:export': 'rule:deny_stack_user'
1027 'stacks:generate_template': 'rule:deny_stack_user'
1028 'stacks:global_index': 'rule:deny_everybody'
1029 'stacks:index': 'rule:deny_stack_user'
1030 'stacks:list_outputs': 'rule:deny_stack_user'
1031 'stacks:list_resource_types': 'rule:deny_stack_user'
1032 'stacks:list_snapshots': 'rule:deny_stack_user'
1033 'stacks:list_template_functions': 'rule:deny_stack_user'
1034 'stacks:list_template_versions': 'rule:deny_stack_user'
1035 'stacks:lookup': ''
1036 'stacks:preview': 'rule:deny_stack_user'
1037 'stacks:preview_update': 'rule:deny_stack_user'
1038 'stacks:preview_update_patch': 'rule:deny_stack_user'
1039 'stacks:resource_schema': 'rule:deny_stack_user'
1040 'stacks:restore_snapshot': 'rule:deny_stack_user'
1041 'stacks:show': 'rule:deny_stack_user'
1042 'stacks:show_output': 'rule:deny_stack_user'
1043 'stacks:show_snapshot': 'rule:deny_stack_user'
1044 'stacks:snapshot': 'rule:deny_stack_user'
1045 'stacks:template': 'rule:deny_stack_user'
1046 'stacks:update': 'rule:deny_stack_user'
1047 'stacks:update_patch': 'rule:deny_stack_user'
1048 'stacks:validate_template': 'rule:deny_stack_user'
1049 # list of panels to enable for horizon
1050 # this requires that the panels are already installed in the horizon image, if they are not
1051 # nothing will be added
1052 # the name of the panel should be the name of the dir where the panel is installed
1053 # for example heat_dashboard, cloudkittydashboard or neutron_taas_dashboard
1054 extra_panels:
1055 - heat_dashboard
1056 - neutron_taas_dashboard
1057
1058dependencies:
1059 dynamic:
1060 common:
1061 local_image_registry:
1062 jobs:
1063 - horizon-image-repo-sync
1064 services:
1065 - endpoint: node
1066 service: local_image_registry
1067 static:
1068 dashboard:
1069 jobs:
1070 - horizon-db-sync
1071 services:
1072 - endpoint: internal
1073 service: oslo_cache
1074 - endpoint: internal
1075 service: oslo_db
1076 - endpoint: internal
1077 service: identity
1078 db_drop:
1079 services:
1080 - endpoint: internal
1081 service: oslo_db
1082 db_init:
1083 services:
1084 - endpoint: internal
1085 service: oslo_db
1086 db_sync:
1087 jobs:
1088 - horizon-db-init
1089 services:
1090 - endpoint: internal
1091 service: oslo_db
1092 image_repo_sync:
1093 services:
1094 - endpoint: internal
1095 service: local_image_registry
1096 tests:
1097 services:
1098 - endpoint: internal
1099 service: dashboard
1100
1101pod:
1102 security_context:
1103 horizon:
1104 pod:
1105 runAsUser: 42424
1106 container:
1107 horizon:
1108 readOnlyRootFilesystem: false
1109 allowPrivilegeEscalation: false
1110 runAsUser: 0
1111 db_sync:
1112 pod:
1113 runAsUser: 42424
1114 container:
1115 horizon_db_sync:
1116 readOnlyRootFilesystem: false
1117 allowPrivilegeEscalation: false
1118 runAsUser: 0
1119 test:
1120 pod:
1121 runAsUser: 42424
1122 container:
1123 horizon_test:
1124 readOnlyRootFilesystem: true
1125 allowPrivilegeEscalation: false
1126 affinity:
1127 anti:
1128 type:
1129 default: preferredDuringSchedulingIgnoredDuringExecution
1130 topologyKey:
1131 default: kubernetes.io/hostname
1132 weight:
1133 default: 10
1134 tolerations:
1135 horizon:
1136 enabled: false
1137 tolerations:
1138 - key: node-role.kubernetes.io/master
1139 operator: Exists
1140 effect: NoSchedule
okozachenko120377c6d672023-03-25 00:17:28 +1100[diff] [blame]1141 - key: node-role.kubernetes.io/control-plane
1142 operator: Exists
1143 effect: NoSchedule
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1144 mounts:
1145 horizon_db_init:
1146 init_container: null
1147 horizon_db_init:
1148 volumeMounts:
1149 volumes:
1150 horizon_db_sync:
1151 init_container: null
1152 horizon_db_sync:
1153 volumeMounts:
1154 volumes:
1155 horizon:
1156 init_container: null
1157 horizon:
1158 volumeMounts:
1159 volumes:
1160 horizon_tests:
1161 init_container: null
1162 horizon_tests:
1163 volumeMounts:
1164 volumes:
1165 replicas:
1166 server: 1
1167 lifecycle:
1168 upgrades:
1169 deployments:
1170 revision_history: 3
1171 pod_replacement_strategy: RollingUpdate
1172 rolling_update:
1173 max_unavailable: 1
1174 max_surge: 3
1175 disruption_budget:
1176 horizon:
1177 min_available: 0
1178 termination_grace_period:
1179 horizon:
1180 timeout: 30
1181 resources:
1182 enabled: false
1183 server:
1184 requests:
1185 memory: "128Mi"
1186 cpu: "100m"
1187 limits:
1188 memory: "1024Mi"
1189 cpu: "2000m"
1190 jobs:
1191 db_init:
1192 requests:
1193 memory: "128Mi"
1194 cpu: "100m"
1195 limits:
1196 memory: "1024Mi"
1197 cpu: "2000m"
1198 db_sync:
1199 requests:
1200 memory: "128Mi"
1201 cpu: "100m"
1202 limits:
1203 memory: "1024Mi"
1204 cpu: "2000m"
1205 db_drop:
1206 requests:
1207 memory: "128Mi"
1208 cpu: "100m"
1209 limits:
1210 memory: "1024Mi"
1211 cpu: "2000m"
1212 image_repo_sync:
1213 requests:
1214 memory: "128Mi"
1215 cpu: "100m"
1216 limits:
1217 memory: "1024Mi"
1218 cpu: "2000m"
1219 tests:
1220 requests:
1221 memory: "128Mi"
1222 cpu: "100m"
1223 limits:
1224 memory: "1024Mi"
1225 cpu: "2000m"
1226
1227# Names of secrets used by bootstrap and environmental checks
1228secrets:
1229 identity:
1230 admin: horizon-keystone-admin
1231 oslo_db:
1232 admin: horizon-db-admin
1233 horizon: horizon-db-user
1234 tls:
1235 dashboard:
1236 dashboard:
1237 public: horizon-tls-public
1238 internal: horizon-tls-web
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1239 oci_image_registry:
1240 horizon: horizon-oci-image-registry
1241
1242tls:
1243 identity: false
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1244
1245# typically overridden by environmental
1246# values, but should include all endpoints
1247# required by this chart
1248endpoints:
1249 cluster_domain_suffix: cluster.local
1250 local_image_registry:
1251 name: docker-registry
1252 namespace: docker-registry
1253 hosts:
1254 default: localhost
1255 internal: docker-registry
1256 node: localhost
1257 host_fqdn_override:
1258 default: null
1259 port:
1260 registry:
1261 node: 5000
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1262 oci_image_registry:
1263 name: oci-image-registry
1264 namespace: oci-image-registry
1265 auth:
1266 enabled: false
1267 horizon:
1268 username: horizon
1269 password: password
1270 hosts:
1271 default: localhost
1272 host_fqdn_override:
1273 default: null
1274 port:
1275 registry:
1276 default: null
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1277 identity:
1278 name: keystone
1279 auth:
1280 admin:
1281 region_name: RegionOne
1282 username: admin
1283 password: password
1284 project_name: admin
1285 user_domain_name: default
1286 project_domain_name: default
1287 hosts:
1288 default: keystone
1289 internal: keystone-api
1290 host_fqdn_override:
1291 default: null
1292 path:
1293 default: /v3
1294 scheme:
1295 default: http
1296 port:
1297 api:
1298 default: 80
1299 internal: 5000
1300 oslo_cache:
1301 hosts:
1302 default: memcached
1303 host_fqdn_override:
1304 default: null
1305 port:
1306 memcache:
1307 default: 11211
1308 dashboard:
1309 name: horizon
1310 hosts:
1311 default: horizon-int
1312 public: horizon
1313 host_fqdn_override:
1314 default: null
1315 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
1316 # endpoints using the following format:
1317 # public:
1318 # host: null
1319 # tls:
1320 # crt: null
1321 # key: null
1322 path:
1323 default: null
1324 scheme:
1325 default: http
1326 port:
1327 web:
1328 default: 80
1329 oslo_db:
1330 auth:
1331 admin:
1332 username: root
1333 password: password
1334 secret:
1335 tls:
1336 internal: mariadb-tls-direct
1337 horizon:
1338 username: horizon
1339 password: password
1340 hosts:
1341 default: mariadb
1342 host_fqdn_override:
1343 default: null
1344 path: /horizon
1345 scheme: mysql+pymysql
1346 port:
1347 mysql:
1348 default: 3306
1349 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
1350 # They are using to enable the Egress K8s network policy.
1351 kube_dns:
1352 namespace: kube-system
1353 name: kubernetes-dns
1354 hosts:
1355 default: kube-dns
1356 host_fqdn_override:
1357 default: null
1358 path:
1359 default: null
1360 scheme: http
1361 port:
1362 dns:
1363 default: 53
1364 protocol: UDP
1365 ingress:
1366 namespace: null
1367 name: ingress
1368 hosts:
1369 default: ingress
1370 port:
1371 ingress:
1372 default: 80
1373
1374network_policy:
1375 horizon:
1376 ingress:
1377 - {}
1378 egress:
1379 - {}
1380
1381# NOTE(helm_hook): helm_hook might break for helm2 binary.
1382# set helm3_hook: false when using the helm2 binary.
1383helm3_hook: true
1384
1385manifests:
1386 certificates: false
1387 configmap_bin: true
1388 configmap_etc: true
1389 configmap_logo: false
1390 deployment: true
1391 ingress_api: true
1392 job_db_init: true
1393 job_db_sync: true
1394 job_db_drop: false
1395 job_image_repo_sync: true
1396 pdb: true
1397 pod_helm_test: true
1398 network_policy: false
1399 secret_db: true
1400 secret_ingress_tls: true
1401 secret_keystone: true
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1402 secret_registry: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1403 service_ingress: true
1404 service: true
1405...