charts/placement/values.yaml

# Copyright 2019 Intel Corporation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Default values for openstack-placement.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

---
release_group: null

labels:
  api:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled
  job:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled

images:
  pull_policy: IfNotPresent
  tags:
    placement: docker.io/openstackhelm/placement:stein-ubuntu_bionic
    ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
    ks_service: docker.io/openstackhelm/heat:stein-ubuntu_bionic
    ks_endpoints: docker.io/openstackhelm/heat:stein-ubuntu_bionic
    db_init: docker.io/openstackhelm/heat:stein-ubuntu_bionic
    db_drop: docker.io/openstackhelm/heat:stein-ubuntu_bionic
    placement_db_sync: docker.io/openstackhelm/placement:stein-ubuntu_bionic
    dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
    image_repo_sync: docker.io/docker:17.07.0
  local_registry:
    active: false
    exclude:
      - dep_check
      - image_repo_sync

network:
  api:
    port: 8778
    ingress:
      public: true
      classes:
        namespace: "nginx"
        cluster: "nginx-cluster"
      annotations:
        nginx.ingress.kubernetes.io/rewrite-target: /
    external_policy_local: false
    node_port:
      enabled: false
      port: 30778

conf:
  software:
    apache2:
      binary: apache2
      start_parameters: -DFOREGROUND
      # Enable/Disable modules
      # a2enmod:
      #   - headers
      #   - rewrite
      # a2dismod:
      #   - status
      a2enmod: null
      a2dismod: null
  policy: {}
  placement:
    DEFAULT:
      debug: false
      use_syslog: false
      log_config_append: /etc/placement/logging.conf
    placement_database:
      connection: null
    keystone_authtoken:
      service_token_roles: service
      service_token_roles_required: true
      auth_version: v3
      auth_type: password
      memcache_security_strategy: ENCRYPT
      service_type: placement
  logging:
    loggers:
      keys:
        - root
        - placement
    handlers:
      keys:
        - stdout
        - stderr
        - "null"
    formatters:
      keys:
        - context
        - default
    logger_root:
      level: WARNING
      handlers: 'null'
    logger_placement:
      level: INFO
      handlers:
        - stdout
      qualname: placement
    logger_amqp:
      level: WARNING
      handlers: stderr
      qualname: amqp
    logger_amqplib:
      level: WARNING
      handlers: stderr
      qualname: amqplib
    logger_eventletwsgi:
      level: WARNING
      handlers: stderr
      qualname: eventlet.wsgi.server
    logger_sqlalchemy:
      level: WARNING
      handlers: stderr
      qualname: sqlalchemy
    logger_boto:
      level: WARNING
      handlers: stderr
      qualname: boto
    handler_null:
      class: logging.NullHandler
      formatter: default
      args: ()
    handler_stdout:
      class: StreamHandler
      args: (sys.stdout,)
      formatter: context
    handler_stderr:
      class: StreamHandler
      args: (sys.stderr,)
      formatter: context
    formatter_context:
      class: oslo_log.formatters.ContextFormatter
      datefmt: "%Y-%m-%d %H:%M:%S"
    formatter_default:
      format: "%(message)s"
      datefmt: "%Y-%m-%d %H:%M:%S"
  wsgi_placement: |
    Listen 0.0.0.0:{{ tuple "placement" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
    SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
    CustomLog /dev/stdout combined env=!forwarded
    CustomLog /dev/stdout proxy env=forwarded
    <VirtualHost *:{{ tuple "placement" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
        WSGIDaemonProcess placement-api processes=4 threads=1 user=placement group=placement display-name=%{GROUP}
        WSGIProcessGroup placement-api
        WSGIScriptAlias / /var/www/cgi-bin/placement/placement-api
        WSGIApplicationGroup %{GLOBAL}
        WSGIPassAuthorization On
        <IfVersion >= 2.4>
          ErrorLogFormat "%{cu}t %M"
        </IfVersion>
        ErrorLog /dev/stdout
        SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
        CustomLog /dev/stdout combined env=!forwarded
        CustomLog /dev/stdout proxy env=forwarded
    </VirtualHost>
    Alias /placement /var/www/cgi-bin/placement/placement-api
    <Location /placement>
        SetHandler wsgi-script
        Options +ExecCGI
        WSGIProcessGroup placement-api
        WSGIApplicationGroup %{GLOBAL}
        WSGIPassAuthorization On
    </Location>

endpoints:
  cluster_domain_suffix: cluster.local
  local_image_registry:
    name: docker-registry
    namespace: docker-registry
    hosts:
      default: localhost
      internal: docker-registry
      node: localhost
    host_fqdn_override:
      default: null
    port:
      registry:
        node: 5000
  oci_image_registry:
    name: oci-image-registry
    namespace: oci-image-registry
    auth:
      enabled: false
      placement:
        username: placement
        password: password
    hosts:
      default: localhost
    host_fqdn_override:
      default: null
    port:
      registry:
        default: null
  oslo_db:
    auth:
      admin:
        username: root
        password: password
        secret:
          tls:
            internal: mariadb-tls-direct
      placement:
        username: placement
        password: password
      # NOTE: This should be the username/password used to access the nova_api
      # database. This is required only if database migration from nova to
      # placement is desired.
      nova_api:
        username: nova
        password: password
    hosts:
      default: mariadb
    host_fqdn_override:
      default: null
    path: /placement
    scheme: mysql+pymysql
    port:
      mysql:
        default: 3306
  oslo_cache:
    auth:
      # NOTE(portdirect): this is used to define the value for keystone
      # authtoken cache encryption key, if not set it will be populated
      # automatically with a random value, but to take advantage of
      # this feature all services should be set to use the same key,
      # and memcache service.
      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
      default: null
    port:
      memcache:
        default: 11211
  identity:
    name: keystone
    auth:
      admin:
        region_name: RegionOne
        username: admin
        password: password
        project_name: admin
        user_domain_name: default
        project_domain_name: default
      placement:
        role: admin
        region_name: RegionOne
        username: placement
        password: password
        project_name: service
        user_domain_name: service
        project_domain_name: service
    hosts:
      default: keystone
      internal: keystone-api
    host_fqdn_override:
      default: null
    path:
      default: /v3
    scheme:
      default: http
    port:
      api:
        default: 80
        internal: 5000
  placement:
    name: placement
    hosts:
      default: placement-api
      public: placement
    host_fqdn_override:
      default: null
    path:
      default: /
    scheme:
      default: 'http'
      service: 'http'
    port:
      api:
        default: 8778
        public: 80
        service: 8778

pod:
  security_context:
    placement:
      pod:
        runAsUser: 42424
      container:
        placement_api:
          readOnlyRootFilesystem: false
          runAsUser: 0
        placement_mysql_migration:
          readOnlyRootFilesystem: false
          runAsUser: 0
  affinity:
    anti:
      type:
        default: preferredDuringSchedulingIgnoredDuringExecution
      topologyKey:
        default: kubernetes.io/hostname
  tolerations:
    placement:
      enabled: false
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      - key: node-role.kubernetes.io/control-plane
        operator: Exists
        effect: NoSchedule
  mounts:
    placement:
      init_container: null
      placement:
        volumeMounts:
        volumes:
  replicas:
    api: 1
  lifecycle:
    upgrades:
      deployments:
        revision_history: 3
        pod_replacement_strategy: RollingUpdate
        rolling_update:
          max_unavailable: 1
          max_surge: 3
    disruption_budget:
      api:
        min_available: 0
    termination_grace_period:
      api:
        timeout: 30
  resources:
    enabled: false
    api:
      requests:
        memory: "128Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    jobs:
      db_init:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      db_sync:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      db_drop:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      ks_endpoints:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      ks_service:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      ks_user:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"

secrets:
  identity:
    admin: placement-keystone-admin
    placement: placement-keystone-user
  oslo_db:
    admin: placement-db-admin
    placement: placement-db-user
  tls:
    placement:
      api:
        public: placement-tls-public
        internal: placement-tls-api
  oci_image_registry:
    placement: placement-oci-image-registry

dependencies:
  dynamic:
    common:
      local_image_registry:
        jobs:
          - image-repo-sync
        services:
          - endpoint: node
            service: local_image_registry
  static:
    api:
      jobs:
        - placement-db-sync
        - placement-ks-service
        - placement-ks-user
        - placement-ks-endpoints
    ks_endpoints:
      jobs:
        - placement-ks-user
        - placement-ks-service
      services:
        - endpoint: internal
          service: identity
    ks_service:
      services:
        - endpoint: internal
          service: identity
    ks_user:
      services:
        - endpoint: internal
          service: identity
    db_drop:
      services:
        - endpoint: internal
          service: oslo_db
    db_init:
      services:
        - endpoint: internal
          service: oslo_db
    db_sync:
      jobs:
        - placement-db-init
      services:
        - endpoint: internal
          service: oslo_db

# NOTE(helm_hook): helm_hook might break for helm2 binary.
# set helm3_hook: false when using the helm2 binary.
helm3_hook: true

tls:
  identity: false
  oslo_messaging: false
  oslo_db: false

manifests:
  certificates: false
  configmap_bin: true
  configmap_etc: true
  deployment: true
  job_image_repo_sync: true
  job_db_init: true
  job_db_sync: true
  job_db_drop: false
  job_ks_endpoints: true
  job_ks_service: true
  job_ks_user: true
  network_policy: false
  secret_db: true
  secret_ingress_tls: true
  secret_registry: true
  pdb: true
  ingress: true
  secret_keystone: true
  service_ingress: true
  service: true
...