Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 9b2852d30739701c058296932d8f2da4552bcabe / . / charts / heat / values.yaml
blob: 58f786b6f471923af48c1411bbba982da2fadb9b [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for heat.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21labels:
22 api:
23 node_selector_key: openstack-control-plane
24 node_selector_value: enabled
25 cfn:
26 node_selector_key: openstack-control-plane
27 node_selector_value: enabled
28 cloudwatch:
29 node_selector_key: openstack-control-plane
30 node_selector_value: enabled
31 engine:
32 node_selector_key: openstack-control-plane
33 node_selector_value: enabled
34 job:
35 node_selector_key: openstack-control-plane
36 node_selector_value: enabled
37 test:
38 node_selector_key: openstack-control-plane
39 node_selector_value: enabled
40
41images:
42 tags:
43 test: docker.io/xrally/xrally-openstack:2.0.0
44 bootstrap: docker.io/openstackhelm/heat:stein-ubuntu_bionic
45 db_init: docker.io/openstackhelm/heat:stein-ubuntu_bionic
46 heat_db_sync: docker.io/openstackhelm/heat:stein-ubuntu_bionic
47 db_drop: docker.io/openstackhelm/heat:stein-ubuntu_bionic
48 rabbit_init: docker.io/rabbitmq:3.7-management
49 ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
50 ks_service: docker.io/openstackhelm/heat:stein-ubuntu_bionic
51 ks_endpoints: docker.io/openstackhelm/heat:stein-ubuntu_bionic
52 heat_api: docker.io/openstackhelm/heat:stein-ubuntu_bionic
53 heat_cfn: docker.io/openstackhelm/heat:stein-ubuntu_bionic
54 heat_cloudwatch: docker.io/openstackhelm/heat:stein-ubuntu_bionic
55 heat_engine: docker.io/openstackhelm/heat:stein-ubuntu_bionic
56 heat_engine_cleaner: docker.io/openstackhelm/heat:stein-ubuntu_bionic
57 heat_purge_deleted: docker.io/openstackhelm/heat:stein-ubuntu_bionic
58 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
59 image_repo_sync: docker.io/docker:17.07.0
60 pull_policy: "IfNotPresent"
61 local_registry:
62 active: false
63 exclude:
64 - dep_check
65 - image_repo_sync
66
67jobs:
68 engine_cleaner:
69 cron: "*/5 * * * *"
70 starting_deadline: 600
71 history:
72 success: 3
73 failed: 1
74
75 purge_deleted:
76 cron: "20 */24 * * *"
77 purge_age: 60
78 history:
79 success: 3
80 failed: 1
81
82conf:
83 rally_tests:
84 run_tempest: false
85 tests:
86 HeatStacks.create_update_delete_stack:
87 - args:
88 template_path: /tmp/rally-jobs/random_strings.yaml
89 updated_template_path: /tmp/rally-jobs/updated_random_strings_replace.yaml
90 runner:
91 concurrency: 1
92 times: 1
93 type: constant
94 sla:
95 failure_rate:
96 max: 0
97 HeatStacks.create_check_delete_stack:
98 - args:
99 template_path: /tmp/rally-jobs/random_strings.yaml
100 runner:
101 concurrency: 1
102 times: 1
103 type: constant
104 sla:
105 failure_rate:
106 max: 0
107 HeatStacks.create_and_delete_stack:
108 - args:
109 template_path: /tmp/rally-jobs/resource_group_with_constraint.yaml
110 runner:
111 concurrency: 1
112 times: 1
113 type: constant
114 sla:
115 failure_rate:
116 max: 0
117 HeatStacks.create_and_list_stack:
118 - args:
119 template_path: /tmp/rally-jobs/default.yaml
120 runner:
121 concurrency: 1
122 times: 1
123 type: constant
124 sla:
125 failure_rate:
126 max: 0
127 HeatStacks.create_snapshot_restore_delete_stack:
128 - args:
129 template_path: /tmp/rally-jobs/random_strings.yaml
130 runner:
131 concurrency: 1
132 times: 1
133 type: constant
134 sla:
135 failure_rate:
136 max: 0
137 HeatStacks.create_stack_and_list_output:
138 - args:
139 template_path: /tmp/rally-jobs/resource_group_with_outputs.yaml
140 runner:
141 concurrency: 1
142 times: 1
143 type: constant
144 sla:
145 failure_rate:
146 max: 0
147 HeatStacks.create_stack_and_list_output_via_API:
148 - args:
149 template_path: /tmp/rally-jobs/resource_group_with_outputs.yaml
150 runner:
151 concurrency: 1
152 times: 1
153 type: constant
154 sla:
155 failure_rate:
156 max: 0
157 templates:
158 - name: /tmp/rally-jobs/default.yaml
159 template: |
160 heat_template_version: 2014-10-16
161 - name: /tmp/rally-jobs/random_strings.yaml
162 template: |
163 heat_template_version: 2014-10-16
164 description: Test template for rally create-update-delete scenario
165 resources:
166 test_string_one:
167 type: OS::Heat::RandomString
168 properties:
169 length: 20
170 test_string_two:
171 type: OS::Heat::RandomString
172 properties:
173 length: 20
174 - name: /tmp/rally-jobs/resource_group_with_constraint.yaml
175 template: |
176 heat_template_version: 2013-05-23
177 description: Template for testing caching.
178 parameters:
179 count:
180 type: number
181 default: 40
182 delay:
183 type: number
184 default: 0.1
185 resources:
186 rg:
187 type: OS::Heat::ResourceGroup
188 properties:
189 count:
190 get_param: count
191 resource_def:
192 type: OS::Heat::TestResource
193 properties:
194 constraint_prop_secs:
195 get_param: delay
196 - name: /tmp/rally-jobs/resource_group_with_outputs.yaml
197 template: |
198 heat_template_version: 2013-05-23
199 parameters:
200 attr_wait_secs:
201 type: number
202 default: 0.5
203 resources:
204 rg:
205 type: OS::Heat::ResourceGroup
206 properties:
207 count: 10
208 resource_def:
209 type: OS::Heat::TestResource
210 properties:
211 attr_wait_secs:
212 get_param: attr_wait_secs
213 outputs:
214 val1:
215 value:
216 get_attr:
217 - rg
218 - resource.0.output
219 val2:
220 value:
221 get_attr:
222 - rg
223 - resource.1.output
224 val3:
225 value:
226 get_attr:
227 - rg
228 - resource.2.output
229 val4:
230 value:
231 get_attr:
232 - rg
233 - resource.3.output
234 val5:
235 value:
236 get_attr:
237 - rg
238 - resource.4.output
239 val6:
240 value:
241 get_attr:
242 - rg
243 - resource.5.output
244 val7:
245 value:
246 get_attr:
247 - rg
248 - resource.6.output
249 val8:
250 value:
251 get_attr:
252 - rg
253 - resource.7.output
254 val9:
255 value:
256 get_attr:
257 - rg
258 - resource.8.output
259 val10:
260 value:
261 get_attr:
262 - rg
263 - resource.9.output
264 - name: /tmp/rally-jobs/updated_random_strings_replace.yaml
265 template: |
266 heat_template_version: 2014-10-16
267 description: |
268 Test template for create-update-delete-stack scenario in rally.
269 The template deletes one resource from the stack defined by
270 random-strings.yaml.template and re-creates it with the updated parameters
271 (so-called update-replace). That happens because some parameters cannot be
272 changed without resource re-creation. The template allows to measure performance
273 of update-replace operation.
274 resources:
275 test_string_one:
276 type: OS::Heat::RandomString
277 properties:
278 length: 20
279 test_string_two:
280 type: OS::Heat::RandomString
281 properties:
282 length: 40
283 paste:
284 pipeline:heat-api:
285 pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken audit context apiv1app
286 pipeline:heat-api-standalone:
287 pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app
288 pipeline:heat-api-custombackend:
289 pipeline: cors request_id faultwrap versionnegotiation context custombackendauth apiv1app
290 pipeline:heat-api-cfn:
291 pipeline: cors http_proxy_to_wsgi cfnversionnegotiation osprofiler ec2authtoken authtoken audit context apicfnv1app
292 pipeline:heat-api-cfn-standalone:
293 pipeline: cors http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app
294 pipeline:heat-api-cloudwatch:
295 pipeline: cors versionnegotiation osprofiler ec2authtoken authtoken audit context apicwapp
296 pipeline:heat-api-cloudwatch-standalone:
297 pipeline: cors versionnegotiation ec2authtoken context apicwapp
298 app:apiv1app:
299 paste.app_factory: heat.common.wsgi:app_factory
300 heat.app_factory: heat.api.openstack.v1:API
301 app:apicfnv1app:
302 paste.app_factory: heat.common.wsgi:app_factory
303 heat.app_factory: heat.api.cfn.v1:API
304 app:apicwapp:
305 paste.app_factory: heat.common.wsgi:app_factory
306 heat.app_factory: heat.api.cloudwatch:API
307 filter:versionnegotiation:
308 paste.filter_factory: heat.common.wsgi:filter_factory
309 heat.filter_factory: heat.api.openstack:version_negotiation_filter
310 filter:cors:
311 paste.filter_factory: oslo_middleware.cors:filter_factory
312 oslo_config_project: heat
313 filter:faultwrap:
314 paste.filter_factory: heat.common.wsgi:filter_factory
315 heat.filter_factory: heat.api.openstack:faultwrap_filter
316 filter:cfnversionnegotiation:
317 paste.filter_factory: heat.common.wsgi:filter_factory
318 heat.filter_factory: heat.api.cfn:version_negotiation_filter
319 filter:cwversionnegotiation:
320 paste.filter_factory: heat.common.wsgi:filter_factory
321 heat.filter_factory: heat.api.cloudwatch:version_negotiation_filter
322 filter:context:
323 paste.filter_factory: heat.common.context:ContextMiddleware_filter_factory
324 filter:ec2authtoken:
325 paste.filter_factory: heat.api.aws.ec2token:EC2Token_filter_factory
326 filter:http_proxy_to_wsgi:
327 paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
328 filter:authurl:
329 paste.filter_factory: heat.common.auth_url:filter_factory
330 filter:authtoken:
331 paste.filter_factory: keystonemiddleware.auth_token:filter_factory
332 filter:authpassword:
333 paste.filter_factory: heat.common.auth_password:filter_factory
334 filter:custombackendauth:
335 paste.filter_factory: heat.common.custom_backend_auth:filter_factory
336 filter:audit:
337 paste.filter_factory: keystonemiddleware.audit:filter_factory
338 audit_map_file: /etc/heat/api_audit_map.conf
339 filter:request_id:
340 paste.filter_factory: oslo_middleware.request_id:RequestId.factory
341 filter:osprofiler:
342 paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
343 policy:
344 context_is_admin: role:admin and is_admin_project:True
345 project_admin: role:admin
346 deny_stack_user: not role:heat_stack_user
347 deny_everybody: "!"
348 cloudformation:ListStacks: rule:deny_stack_user
349 cloudformation:CreateStack: rule:deny_stack_user
350 cloudformation:DescribeStacks: rule:deny_stack_user
351 cloudformation:DeleteStack: rule:deny_stack_user
352 cloudformation:UpdateStack: rule:deny_stack_user
353 cloudformation:CancelUpdateStack: rule:deny_stack_user
354 cloudformation:DescribeStackEvents: rule:deny_stack_user
355 cloudformation:ValidateTemplate: rule:deny_stack_user
356 cloudformation:GetTemplate: rule:deny_stack_user
357 cloudformation:EstimateTemplateCost: rule:deny_stack_user
358 cloudformation:DescribeStackResource: ''
359 cloudformation:DescribeStackResources: rule:deny_stack_user
360 cloudformation:ListStackResources: rule:deny_stack_user
361 cloudwatch:DeleteAlarms: rule:deny_stack_user
362 cloudwatch:DescribeAlarmHistory: rule:deny_stack_user
363 cloudwatch:DescribeAlarms: rule:deny_stack_user
364 cloudwatch:DescribeAlarmsForMetric: rule:deny_stack_user
365 cloudwatch:DisableAlarmActions: rule:deny_stack_user
366 cloudwatch:EnableAlarmActions: rule:deny_stack_user
367 cloudwatch:GetMetricStatistics: rule:deny_stack_user
368 cloudwatch:ListMetrics: rule:deny_stack_user
369 cloudwatch:PutMetricAlarm: rule:deny_stack_user
370 cloudwatch:PutMetricData: ''
371 cloudwatch:SetAlarmState: rule:deny_stack_user
372 actions:action: rule:deny_stack_user
373 build_info:build_info: rule:deny_stack_user
374 events:index: rule:deny_stack_user
375 events:show: rule:deny_stack_user
376 resource:index: rule:deny_stack_user
377 resource:metadata: ''
378 resource:signal: ''
379 resource:mark_unhealthy: rule:deny_stack_user
380 resource:show: rule:deny_stack_user
381 stacks:abandon: rule:deny_stack_user
382 stacks:create: rule:deny_stack_user
383 stacks:delete: rule:deny_stack_user
384 stacks:detail: rule:deny_stack_user
385 stacks:export: rule:deny_stack_user
386 stacks:generate_template: rule:deny_stack_user
387 stacks:global_index: rule:deny_everybody
388 stacks:index: rule:deny_stack_user
389 stacks:list_resource_types: rule:deny_stack_user
390 stacks:list_template_versions: rule:deny_stack_user
391 stacks:list_template_functions: rule:deny_stack_user
392 stacks:lookup: ''
393 stacks:preview: rule:deny_stack_user
394 stacks:resource_schema: rule:deny_stack_user
395 stacks:show: rule:deny_stack_user
396 stacks:template: rule:deny_stack_user
397 stacks:environment: rule:deny_stack_user
398 stacks:files: rule:deny_stack_user
399 stacks:update: rule:deny_stack_user
400 stacks:update_patch: rule:deny_stack_user
401 stacks:preview_update: rule:deny_stack_user
402 stacks:preview_update_patch: rule:deny_stack_user
403 stacks:validate_template: rule:deny_stack_user
404 stacks:snapshot: rule:deny_stack_user
405 stacks:show_snapshot: rule:deny_stack_user
406 stacks:delete_snapshot: rule:deny_stack_user
407 stacks:list_snapshots: rule:deny_stack_user
408 stacks:restore_snapshot: rule:deny_stack_user
409 stacks:list_outputs: rule:deny_stack_user
410 stacks:show_output: rule:deny_stack_user
411 software_configs:global_index: rule:deny_everybody
412 software_configs:index: rule:deny_stack_user
413 software_configs:create: rule:deny_stack_user
414 software_configs:show: rule:deny_stack_user
415 software_configs:delete: rule:deny_stack_user
416 software_deployments:index: rule:deny_stack_user
417 software_deployments:create: rule:deny_stack_user
418 software_deployments:show: rule:deny_stack_user
419 software_deployments:update: rule:deny_stack_user
420 software_deployments:delete: rule:deny_stack_user
421 software_deployments:metadata: ''
422 service:index: rule:context_is_admin
423 resource_types:OS::Nova::Flavor: rule:project_admin
424 resource_types:OS::Cinder::EncryptedVolumeType: rule:project_admin
425 resource_types:OS::Cinder::VolumeType: rule:project_admin
426 resource_types:OS::Cinder::Quota: rule:project_admin
427 resource_types:OS::Manila::ShareType: rule:project_admin
428 resource_types:OS::Neutron::QoSPolicy: rule:project_admin
429 resource_types:OS::Neutron::QoSBandwidthLimitRule: rule:project_admin
430 resource_types:OS::Nova::HostAggregate: rule:project_admin
431 resource_types:OS::Cinder::QoSSpecs: rule:project_admin
432 heat:
433 DEFAULT:
434 log_config_append: /etc/heat/logging.conf
435 num_engine_workers: 1
436 trusts_delegated_roles: ""
437 host: heat-engine
438 keystone_authtoken:
439 auth_type: password
440 auth_version: v3
441 memcache_security_strategy: ENCRYPT
442 database:
443 max_retries: -1
444 trustee:
445 auth_type: password
446 auth_version: v3
447 heat_api:
448 # NOTE(portdirect): the bind port should not be defined, and is manipulated
449 # via the endpoints section.
450 bind_port: null
451 workers: 1
452 heat_api_cloudwatch:
453 # NOTE(portdirect): the bind port should not be defined, and is manipulated
454 # via the endpoints section.
455 bind_port: null
456 workers: 1
457 heat_api_cfn:
458 # NOTE(portdirect): the bind port should not be defined, and is manipulated
459 # via the endpoints section.
460 bind_port: null
461 workers: 1
462 paste_deploy:
463 api_paste_config: /etc/heat/api-paste.ini
464 clients:
465 endpoint_type: internalURL
466 clients_heat:
467 endpoint_type: publicURL
468 clients_keystone:
469 endpoint_type: internalURL
470 oslo_messaging_notifications:
471 driver: messagingv2
472 oslo_middleware:
473 enable_proxy_headers_parsing: true
474 oslo_messaging_rabbit:
475 rabbit_ha_queues: True
476 oslo_policy:
477 policy_file: /etc/heat/policy.yaml
478 api_audit_map:
479 DEFAULT:
480 target_endpoint_type: None
481 path_keywords:
482 stacks: stack
483 resources: resource
484 preview: None
485 detail: None
486 abandon: None
487 snapshots: snapshot
488 restore: None
489 outputs: output
490 metadata: server
491 signal: None
492 events: event
493 template: None
494 template_versions: template_version
495 functions: None
496 validate: None
497 resource_types: resource_type
498 build_info: None
499 actions: None
500 software_configs: software_config
501 software_deployments: software_deployment
502 services: None
503 service_endpoints:
504 orchestration:service/orchestration
505 logging:
506 loggers:
507 keys:
508 - root
509 - heat
510 handlers:
511 keys:
512 - stdout
513 - stderr
514 - "null"
515 formatters:
516 keys:
517 - context
518 - default
519 logger_root:
520 level: WARNING
521 handlers: 'null'
522 logger_heat:
523 level: INFO
524 handlers:
525 - stdout
526 qualname: heat
527 logger_amqp:
528 level: WARNING
529 handlers: stderr
530 qualname: amqp
531 logger_amqplib:
532 level: WARNING
533 handlers: stderr
534 qualname: amqplib
535 logger_eventletwsgi:
536 level: WARNING
537 handlers: stderr
538 qualname: eventlet.wsgi.server
539 logger_sqlalchemy:
540 level: WARNING
541 handlers: stderr
542 qualname: sqlalchemy
543 logger_boto:
544 level: WARNING
545 handlers: stderr
546 qualname: boto
547 handler_null:
548 class: logging.NullHandler
549 formatter: default
550 args: ()
551 handler_stdout:
552 class: StreamHandler
553 args: (sys.stdout,)
554 formatter: context
555 handler_stderr:
556 class: StreamHandler
557 args: (sys.stderr,)
558 formatter: context
559 formatter_context:
560 class: oslo_log.formatters.ContextFormatter
561 datefmt: "%Y-%m-%d %H:%M:%S"
562 formatter_default:
563 format: "%(message)s"
564 datefmt: "%Y-%m-%d %H:%M:%S"
565
566 rabbitmq:
567 # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
568 policies:
569 - vhost: "heat"
570 name: "ha_ttl_heat"
571 definition:
572 # mirror messges to other nodes in rmq cluster
573 ha-mode: "all"
574 ha-sync-mode: "automatic"
575 # 70s
576 message-ttl: 70000
577 priority: 0
578 apply-to: all
579 pattern: '^(?!(amq\.|reply_)).*'
580
581network:
582 api:
583 ingress:
584 public: true
585 classes:
586 namespace: "nginx"
587 cluster: "nginx-cluster"
588 annotations:
589 nginx.ingress.kubernetes.io/rewrite-target: /
590 external_policy_local: false
591 node_port:
592 enabled: false
593 port: 30004
594 cfn:
595 ingress:
596 public: true
597 classes:
598 namespace: "nginx"
599 cluster: "nginx-cluster"
600 annotations:
601 nginx.ingress.kubernetes.io/rewrite-target: /
602 node_port:
603 enabled: false
604 port: 30800
605 cloudwatch:
606 ingress:
607 public: true
608 classes:
609 namespace: "nginx"
610 cluster: "nginx-cluster"
611 annotations:
612 nginx.ingress.kubernetes.io/rewrite-target: /
613 node_port:
614 enabled: false
615 port: 30003
616
617bootstrap:
618 enabled: true
619 ks_user: admin
620 script: |
621 #NOTE(portdirect): The Orchestration service automatically assigns the
622 # 'heat_stack_user' role to users that it creates during stack deployment.
623 # By default, this role restricts API operations. To avoid conflicts, do
624 # not add this role to actual users.
625 openstack role create --or-show heat_stack_user
626
627dependencies:
628 dynamic:
629 common:
630 local_image_registry:
631 jobs:
632 - heat-image-repo-sync
633 services:
634 - endpoint: node
635 service: local_image_registry
636 static:
637 api:
638 jobs:
639 - heat-db-sync
640 - heat-rabbit-init
641 - heat-ks-user
642 - heat-trustee-ks-user
643 - heat-domain-ks-user
644 - heat-ks-endpoints
645 - heat-bootstrap
646 services:
647 - endpoint: internal
648 service: oslo_db
649 - endpoint: internal
650 service: oslo_messaging
651 - endpoint: internal
652 service: identity
653 cfn:
654 jobs:
655 - heat-db-sync
656 - heat-rabbit-init
657 - heat-ks-user
658 - heat-trustee-ks-user
659 - heat-domain-ks-user
660 - heat-ks-endpoints
661 - heat-bootstrap
662 services:
663 - endpoint: internal
664 service: oslo_db
665 - endpoint: internal
666 service: oslo_messaging
667 - endpoint: internal
668 service: identity
669 cloudwatch:
670 jobs:
671 - heat-db-sync
672 - heat-rabbit-init
673 - heat-ks-user
674 - heat-trustee-ks-user
675 - heat-domain-ks-user
676 - heat-ks-endpoints
677 - heat-bootstrap
678 services:
679 - endpoint: internal
680 service: oslo_db
681 - endpoint: internal
682 service: oslo_messaging
683 - endpoint: internal
684 service: identity
685 db_drop:
686 services:
687 - endpoint: internal
688 service: oslo_db
689 db_init:
690 services:
691 - endpoint: internal
692 service: oslo_db
693 db_sync:
694 jobs:
695 - heat-db-init
696 services:
697 - endpoint: internal
698 service: oslo_db
699 bootstrap:
700 services:
701 - endpoint: internal
702 service: identity
703 engine:
704 jobs:
705 - heat-db-sync
706 - heat-rabbit-init
707 - heat-ks-user
708 - heat-trustee-ks-user
709 - heat-domain-ks-user
710 - heat-ks-endpoints
711 - heat-bootstrap
712 services:
713 - endpoint: internal
714 service: oslo_db
715 - endpoint: internal
716 service: oslo_messaging
717 - endpoint: internal
718 service: identity
719 engine_cleaner:
720 jobs:
721 - heat-db-sync
722 - heat-ks-user
723 - heat-trustee-ks-user
724 - heat-domain-ks-user
725 - heat-ks-endpoints
726 services:
727 - endpoint: internal
728 service: oslo_db
729 - endpoint: internal
730 service: oslo_messaging
731 - endpoint: internal
732 service: identity
733 purge_deleted:
734 jobs:
735 - heat-db-sync
736 - heat-ks-user
737 - heat-trustee-ks-user
738 - heat-domain-ks-user
739 - heat-ks-endpoints
740 services:
741 - endpoint: internal
742 service: oslo_db
743 - endpoint: internal
744 service: oslo_messaging
745 - endpoint: internal
746 service: identity
747 ks_endpoints:
748 jobs:
749 - heat-ks-service
750 services:
751 - endpoint: internal
752 service: identity
753 ks_service:
754 services:
755 - endpoint: internal
756 service: identity
757 ks_user:
758 services:
759 - endpoint: internal
760 service: identity
761 rabbit_init:
762 services:
763 - endpoint: internal
764 service: oslo_messaging
765 trusts:
766 jobs:
767 - heat-ks-user
768 - heat-trustee-ks-user
769 - heat-domain-ks-user
770 services:
771 - endpoint: internal
772 service: identity
773 image_repo_sync:
774 services:
775 - endpoint: internal
776 service: local_image_registry
777 tests:
778 services:
779 - endpoint: internal
780 service: identity
781 - endpoint: internal
782 service: orchestration
783
784# Names of secrets used by bootstrap and environmental checks
785secrets:
786 identity:
787 admin: heat-keystone-admin
788 heat: heat-keystone-user
789 heat_trustee: heat-keystone-trustee
790 heat_stack_user: heat-keystone-stack-user
791 test: heat-keystone-test
792 oslo_db:
793 admin: heat-db-admin
794 heat: heat-db-user
795 oslo_messaging:
796 admin: heat-rabbitmq-admin
797 heat: heat-rabbitmq-user
798 tls:
799 orchestration:
800 api:
801 public: heat-tls-public
802 internal: heat-tls-api
803 cloudformation:
804 cfn:
805 public: cloudformation-tls-public
806 internal: heat-tls-cfn
807# typically overridden by environmental
808# values, but should include all endpoints
809# required by this chart
810endpoints:
811 cluster_domain_suffix: cluster.local
812 local_image_registry:
813 name: docker-registry
814 namespace: docker-registry
815 hosts:
816 default: localhost
817 internal: docker-registry
818 node: localhost
819 host_fqdn_override:
820 default: null
821 port:
822 registry:
823 node: 5000
824 identity:
825 name: keystone
826 auth:
827 admin:
828 region_name: RegionOne
829 username: admin
830 password: password
831 project_name: admin
832 user_domain_name: default
833 project_domain_name: default
834 heat:
835 role: admin
836 region_name: RegionOne
837 username: heat
838 password: password
839 project_name: service
840 user_domain_name: service
841 project_domain_name: service
842 heat_trustee:
843 role: admin
844 region_name: RegionOne
845 username: heat-trust
846 password: password
847 project_name: service
848 user_domain_name: service
849 project_domain_name: service
850 heat_stack_user:
851 role: admin
852 region_name: RegionOne
853 username: heat-domain
854 password: password
855 domain_name: heat
856 test:
857 role: admin
858 region_name: RegionOne
859 username: heat-test
860 password: password
861 project_name: test
862 user_domain_name: service
863 project_domain_name: service
864 hosts:
865 default: keystone
866 internal: keystone-api
867 host_fqdn_override:
868 default: null
869 path:
870 default: /v3
871 scheme:
872 default: 'http'
873 port:
874 api:
875 default: 80
876 internal: 5000
877 orchestration:
878 name: heat
879 hosts:
880 default: heat-api
881 public: heat
882 host_fqdn_override:
883 default: null
884 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
885 # endpoints using the following format:
886 # public:
887 # host: null
888 # tls:
889 # crt: null
890 # key: null
891 path:
892 default: '/v1/%(project_id)s'
893 scheme:
894 default: 'http'
895 port:
896 api:
897 default: 8004
898 public: 80
899 cloudformation:
900 name: heat-cfn
901 hosts:
902 default: heat-cfn
903 public: cloudformation
904 host_fqdn_override:
905 default: null
906 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
907 # endpoints using the following format:
908 # public:
909 # host: null
910 # tls:
911 # crt: null
912 # key: null
913 path:
914 default: /v1
915 scheme:
916 default: 'http'
917 port:
918 api:
919 default: 8000
920 public: 80
921 # Cloudwatch does not get an entry in the keystone service catalog
922 cloudwatch:
923 name: heat-cloudwatch
924 hosts:
925 default: heat-cloudwatch
926 public: cloudwatch
927 host_fqdn_override:
928 default: null
929 path:
930 default: null
931 type: null
932 scheme:
933 default: 'http'
934 port:
935 api:
936 default: 8003
937 public: 80
938 oslo_db:
939 auth:
940 admin:
941 username: root
942 password: password
943 secret:
944 tls:
945 internal: mariadb-tls-direct
946 heat:
947 username: heat
948 password: password
949 hosts:
950 default: mariadb
951 host_fqdn_override:
952 default: null
953 path: /heat
954 scheme: mysql+pymysql
955 port:
956 mysql:
957 default: 3306
958 oslo_cache:
959 auth:
960 # NOTE(portdirect): this is used to define the value for keystone
961 # authtoken cache encryption key, if not set it will be populated
962 # automatically with a random value, but to take advantage of
963 # this feature all services should be set to use the same key,
964 # and memcache service.
965 memcache_secret_key: null
966 hosts:
967 default: memcached
968 host_fqdn_override:
969 default: null
970 port:
971 memcache:
972 default: 11211
973 oslo_messaging:
974 auth:
975 admin:
976 username: rabbitmq
977 password: password
978 secret:
979 tls:
980 internal: rabbitmq-tls-direct
981 heat:
982 username: heat
983 password: password
984 statefulset:
985 replicas: 2
986 name: rabbitmq-rabbitmq
987 hosts:
988 default: rabbitmq
989 host_fqdn_override:
990 default: null
991 path: /heat
992 scheme: rabbit
993 port:
994 amqp:
995 default: 5672
996 http:
997 default: 15672
998 fluentd:
999 namespace: null
1000 name: fluentd
1001 hosts:
1002 default: fluentd-logging
1003 host_fqdn_override:
1004 default: null
1005 path:
1006 default: null
1007 scheme: 'http'
1008 port:
1009 service:
1010 default: 24224
1011 metrics:
1012 default: 24220
1013 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
1014 # They are using to enable the Egress K8s network policy.
1015 kube_dns:
1016 namespace: kube-system
1017 name: kubernetes-dns
1018 hosts:
1019 default: kube-dns
1020 host_fqdn_override:
1021 default: null
1022 path:
1023 default: null
1024 scheme: http
1025 port:
1026 dns:
1027 default: 53
1028 protocol: UDP
1029 ingress:
1030 namespace: null
1031 name: ingress
1032 hosts:
1033 default: ingress
1034 port:
1035 ingress:
1036 default: 80
1037
1038pod:
1039 security_context:
1040 heat:
1041 pod:
1042 runAsUser: 42424
1043 container:
1044 heat_api:
1045 readOnlyRootFilesystem: true
1046 allowPrivilegeEscalation: false
1047 heat_cfn:
1048 readOnlyRootFilesystem: true
1049 allowPrivilegeEscalation: false
1050 heat_cloudwatch:
1051 readOnlyRootFilesystem: true
1052 allowPrivilegeEscalation: false
1053 heat_engine:
1054 readOnlyRootFilesystem: true
1055 allowPrivilegeEscalation: false
1056 trusts:
1057 pod:
1058 runAsUser: 42424
1059 container:
1060 heat_trusts:
1061 readOnlyRootFilesystem: true
1062 allowPrivilegeEscalation: false
1063 ks_user:
1064 pod:
1065 runAsUser: 42424
1066 container:
1067 heat_ks_domain_user:
1068 readOnlyRootFilesystem: true
1069 allowPrivilegeEscalation: false
1070 engine_cleaner:
1071 pod:
1072 runAsUser: 42424
1073 container:
1074 heat_engine_cleaner:
1075 readOnlyRootFilesystem: true
1076 allowPrivilegeEscalation: false
1077 affinity:
1078 anti:
1079 type:
1080 default: preferredDuringSchedulingIgnoredDuringExecution
1081 topologyKey:
1082 default: kubernetes.io/hostname
1083 weight:
1084 default: 10
1085 mounts:
1086 heat_api:
1087 init_container: null
1088 heat_api:
1089 volumeMounts:
1090 volumes:
1091 heat_cfn:
1092 init_container: null
1093 heat_cfn:
1094 volumeMounts:
1095 volumes:
1096 heat_cloudwatch:
1097 init_container: null
1098 heat_cloudwatch:
1099 volumeMounts:
1100 volumes:
1101 heat_engine:
1102 init_container: null
1103 heat_engine:
1104 volumeMounts:
1105 volumes:
1106 heat_bootstrap:
1107 init_container: null
1108 heat_bootstrap:
1109 volumeMounts:
1110 volumes:
1111 heat_trusts:
1112 init_container: null
1113 heat_trusts:
1114 volumeMounts:
1115 volumes:
1116 heat_engine_cleaner:
1117 init_container: null
1118 heat_engine_cleaner:
1119 volumeMounts:
1120 volumes:
1121 heat_purge_deleted:
1122 init_container: null
1123 heat_purge_deleted:
1124 volumeMounts:
1125 volumes:
1126 heat_tests:
1127 init_container: null
1128 heat_tests:
1129 volumeMounts:
1130 volumes:
1131 heat_db_sync:
1132 heat_db_sync:
1133 volumeMounts:
1134 volumes:
1135 replicas:
1136 api: 1
1137 cfn: 1
1138 cloudwatch: 1
1139 engine: 1
1140 lifecycle:
1141 upgrades:
1142 deployments:
1143 revision_history: 3
1144 pod_replacement_strategy: RollingUpdate
1145 rolling_update:
1146 max_unavailable: 1
1147 max_surge: 3
1148 disruption_budget:
1149 api:
1150 min_available: 0
1151 cfn:
1152 min_available: 0
1153 cloudwatch:
1154 min_available: 0
1155 termination_grace_period:
1156 api:
1157 timeout: 30
1158 cfn:
1159 timeout: 30
1160 cloudwatch:
1161 timeout: 30
1162 engine:
1163 timeout: 30
1164 resources:
1165 enabled: false
1166 api:
1167 requests:
1168 memory: "128Mi"
1169 cpu: "100m"
1170 limits:
1171 memory: "1024Mi"
1172 cpu: "2000m"
1173 cfn:
1174 requests:
1175 memory: "128Mi"
1176 cpu: "100m"
1177 limits:
1178 memory: "1024Mi"
1179 cpu: "2000m"
1180 cloudwatch:
1181 requests:
1182 memory: "128Mi"
1183 cpu: "100m"
1184 limits:
1185 memory: "1024Mi"
1186 cpu: "2000m"
1187 engine:
1188 requests:
1189 memory: "128Mi"
1190 cpu: "100m"
1191 limits:
1192 memory: "1024Mi"
1193 cpu: "2000m"
1194 jobs:
1195 bootstrap:
1196 requests:
1197 memory: "128Mi"
1198 cpu: "100m"
1199 limits:
1200 memory: "1024Mi"
1201 cpu: "2000m"
1202 db_init:
1203 requests:
1204 memory: "128Mi"
1205 cpu: "100m"
1206 limits:
1207 memory: "1024Mi"
1208 cpu: "2000m"
1209 db_sync:
1210 requests:
1211 memory: "128Mi"
1212 cpu: "100m"
1213 limits:
1214 memory: "1024Mi"
1215 cpu: "2000m"
1216 db_drop:
1217 requests:
1218 memory: "128Mi"
1219 cpu: "100m"
1220 limits:
1221 memory: "1024Mi"
1222 cpu: "2000m"
1223 ks_endpoints:
1224 requests:
1225 memory: "128Mi"
1226 cpu: "100m"
1227 limits:
1228 memory: "1024Mi"
1229 cpu: "2000m"
1230 ks_service:
1231 requests:
1232 memory: "128Mi"
1233 cpu: "100m"
1234 limits:
1235 memory: "1024Mi"
1236 cpu: "2000m"
1237 ks_user:
1238 requests:
1239 memory: "128Mi"
1240 cpu: "100m"
1241 limits:
1242 memory: "1024Mi"
1243 cpu: "2000m"
1244 rabbit_init:
1245 requests:
1246 memory: "128Mi"
1247 cpu: "100m"
1248 limits:
1249 memory: "1024Mi"
1250 cpu: "2000m"
1251 tests:
1252 requests:
1253 memory: "128Mi"
1254 cpu: "100m"
1255 limits:
1256 memory: "1024Mi"
1257 cpu: "2000m"
1258 trusts:
1259 requests:
1260 memory: "128Mi"
1261 cpu: "100m"
1262 limits:
1263 memory: "1024Mi"
1264 cpu: "2000m"
1265 engine_cleaner:
1266 requests:
1267 memory: "128Mi"
1268 cpu: "100m"
1269 limits:
1270 memory: "1024Mi"
1271 cpu: "2000m"
1272 purge_deleted:
1273 requests:
1274 memory: "124Mi"
1275 cpu: "100m"
1276 limits:
1277 memory: "1024Mi"
1278 cpu: "2000m"
1279 image_repo_sync:
1280 requests:
1281 memory: "128Mi"
1282 cpu: "100m"
1283 limits:
1284 memory: "1024Mi"
1285 cpu: "2000m"
1286
1287network_policy:
1288 heat:
1289 ingress:
1290 - {}
1291 egress:
1292 - {}
1293
1294# NOTE(helm_hook): helm_hook might break for helm2 binary.
1295# set helm3_hook: false when using the helm2 binary.
1296helm3_hook: true
1297
1298manifests:
1299 certificates: false
1300 configmap_bin: true
1301 configmap_etc: true
1302 cron_job_engine_cleaner: true
1303 cron_job_purge_deleted: true
1304 deployment_api: true
1305 deployment_cfn: true
1306 deployment_cloudwatch: false
1307 deployment_engine: true
1308 ingress_api: true
1309 ingress_cfn: true
1310 ingress_cloudwatch: false
1311 job_bootstrap: true
1312 job_db_init: true
1313 job_db_sync: true
1314 job_db_drop: false
1315 job_image_repo_sync: true
1316 job_ks_endpoints: true
1317 job_ks_service: true
1318 job_ks_user_domain: true
1319 job_ks_user_trustee: true
1320 job_ks_user: true
1321 job_rabbit_init: true
1322 pdb_api: true
1323 pdb_cfn: true
1324 pdb_cloudwatch: false
1325 pod_rally_test: true
1326 network_policy: false
1327 secret_db: true
1328 secret_ingress_tls: true
1329 secret_keystone: true
1330 secret_rabbitmq: true
1331 service_api: true
1332 service_cfn: true
1333 service_cloudwatch: false
1334 service_ingress_api: true
1335 service_ingress_cfn: true
1336 service_ingress_cloudwatch: false
1337 statefulset_engine: false
1338...