Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / d1232d2ae535b8d7739dbb2f19eb1c428ad9cd2a / . / charts / heat / values.yaml
blob: 7cd519759efc75486f867c0f4f60e9ead9651675 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for heat.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21labels:
22 api:
23 node_selector_key: openstack-control-plane
24 node_selector_value: enabled
25 cfn:
26 node_selector_key: openstack-control-plane
27 node_selector_value: enabled
28 cloudwatch:
29 node_selector_key: openstack-control-plane
30 node_selector_value: enabled
31 engine:
32 node_selector_key: openstack-control-plane
33 node_selector_value: enabled
34 job:
35 node_selector_key: openstack-control-plane
36 node_selector_value: enabled
37 test:
38 node_selector_key: openstack-control-plane
39 node_selector_value: enabled
40
41images:
42 tags:
43 test: docker.io/xrally/xrally-openstack:2.0.0
44 bootstrap: docker.io/openstackhelm/heat:stein-ubuntu_bionic
45 db_init: docker.io/openstackhelm/heat:stein-ubuntu_bionic
46 heat_db_sync: docker.io/openstackhelm/heat:stein-ubuntu_bionic
47 db_drop: docker.io/openstackhelm/heat:stein-ubuntu_bionic
48 rabbit_init: docker.io/rabbitmq:3.7-management
49 ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
50 ks_service: docker.io/openstackhelm/heat:stein-ubuntu_bionic
51 ks_endpoints: docker.io/openstackhelm/heat:stein-ubuntu_bionic
52 heat_api: docker.io/openstackhelm/heat:stein-ubuntu_bionic
53 heat_cfn: docker.io/openstackhelm/heat:stein-ubuntu_bionic
54 heat_cloudwatch: docker.io/openstackhelm/heat:stein-ubuntu_bionic
55 heat_engine: docker.io/openstackhelm/heat:stein-ubuntu_bionic
56 heat_engine_cleaner: docker.io/openstackhelm/heat:stein-ubuntu_bionic
57 heat_purge_deleted: docker.io/openstackhelm/heat:stein-ubuntu_bionic
58 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
59 image_repo_sync: docker.io/docker:17.07.0
60 pull_policy: "IfNotPresent"
61 local_registry:
62 active: false
63 exclude:
64 - dep_check
65 - image_repo_sync
66
67jobs:
68 engine_cleaner:
69 cron: "*/5 * * * *"
70 starting_deadline: 600
71 history:
72 success: 3
73 failed: 1
74
75 purge_deleted:
76 cron: "20 */24 * * *"
77 purge_age: 60
78 history:
79 success: 3
80 failed: 1
81
82conf:
83 rally_tests:
84 run_tempest: false
85 tests:
86 HeatStacks.create_update_delete_stack:
87 - args:
88 template_path: /tmp/rally-jobs/random_strings.yaml
89 updated_template_path: /tmp/rally-jobs/updated_random_strings_replace.yaml
90 runner:
91 concurrency: 1
92 times: 1
93 type: constant
94 sla:
95 failure_rate:
96 max: 0
97 HeatStacks.create_check_delete_stack:
98 - args:
99 template_path: /tmp/rally-jobs/random_strings.yaml
100 runner:
101 concurrency: 1
102 times: 1
103 type: constant
104 sla:
105 failure_rate:
106 max: 0
107 HeatStacks.create_and_delete_stack:
108 - args:
109 template_path: /tmp/rally-jobs/resource_group_with_constraint.yaml
110 runner:
111 concurrency: 1
112 times: 1
113 type: constant
114 sla:
115 failure_rate:
116 max: 0
117 HeatStacks.create_and_list_stack:
118 - args:
119 template_path: /tmp/rally-jobs/default.yaml
120 runner:
121 concurrency: 1
122 times: 1
123 type: constant
124 sla:
125 failure_rate:
126 max: 0
127 HeatStacks.create_snapshot_restore_delete_stack:
128 - args:
129 template_path: /tmp/rally-jobs/random_strings.yaml
130 runner:
131 concurrency: 1
132 times: 1
133 type: constant
134 sla:
135 failure_rate:
136 max: 0
137 HeatStacks.create_stack_and_list_output:
138 - args:
139 template_path: /tmp/rally-jobs/resource_group_with_outputs.yaml
140 runner:
141 concurrency: 1
142 times: 1
143 type: constant
144 sla:
145 failure_rate:
146 max: 0
147 HeatStacks.create_stack_and_list_output_via_API:
148 - args:
149 template_path: /tmp/rally-jobs/resource_group_with_outputs.yaml
150 runner:
151 concurrency: 1
152 times: 1
153 type: constant
154 sla:
155 failure_rate:
156 max: 0
157 templates:
158 - name: /tmp/rally-jobs/default.yaml
159 template: |
160 heat_template_version: 2014-10-16
161 - name: /tmp/rally-jobs/random_strings.yaml
162 template: |
163 heat_template_version: 2014-10-16
164 description: Test template for rally create-update-delete scenario
165 resources:
166 test_string_one:
167 type: OS::Heat::RandomString
168 properties:
169 length: 20
170 test_string_two:
171 type: OS::Heat::RandomString
172 properties:
173 length: 20
174 - name: /tmp/rally-jobs/resource_group_with_constraint.yaml
175 template: |
176 heat_template_version: 2013-05-23
177 description: Template for testing caching.
178 parameters:
179 count:
180 type: number
181 default: 40
182 delay:
183 type: number
184 default: 0.1
185 resources:
186 rg:
187 type: OS::Heat::ResourceGroup
188 properties:
189 count:
190 get_param: count
191 resource_def:
192 type: OS::Heat::TestResource
193 properties:
194 constraint_prop_secs:
195 get_param: delay
196 - name: /tmp/rally-jobs/resource_group_with_outputs.yaml
197 template: |
198 heat_template_version: 2013-05-23
199 parameters:
200 attr_wait_secs:
201 type: number
202 default: 0.5
203 resources:
204 rg:
205 type: OS::Heat::ResourceGroup
206 properties:
207 count: 10
208 resource_def:
209 type: OS::Heat::TestResource
210 properties:
211 attr_wait_secs:
212 get_param: attr_wait_secs
213 outputs:
214 val1:
215 value:
216 get_attr:
217 - rg
218 - resource.0.output
219 val2:
220 value:
221 get_attr:
222 - rg
223 - resource.1.output
224 val3:
225 value:
226 get_attr:
227 - rg
228 - resource.2.output
229 val4:
230 value:
231 get_attr:
232 - rg
233 - resource.3.output
234 val5:
235 value:
236 get_attr:
237 - rg
238 - resource.4.output
239 val6:
240 value:
241 get_attr:
242 - rg
243 - resource.5.output
244 val7:
245 value:
246 get_attr:
247 - rg
248 - resource.6.output
249 val8:
250 value:
251 get_attr:
252 - rg
253 - resource.7.output
254 val9:
255 value:
256 get_attr:
257 - rg
258 - resource.8.output
259 val10:
260 value:
261 get_attr:
262 - rg
263 - resource.9.output
264 - name: /tmp/rally-jobs/updated_random_strings_replace.yaml
265 template: |
266 heat_template_version: 2014-10-16
267 description: |
268 Test template for create-update-delete-stack scenario in rally.
269 The template deletes one resource from the stack defined by
270 random-strings.yaml.template and re-creates it with the updated parameters
271 (so-called update-replace). That happens because some parameters cannot be
272 changed without resource re-creation. The template allows to measure performance
273 of update-replace operation.
274 resources:
275 test_string_one:
276 type: OS::Heat::RandomString
277 properties:
278 length: 20
279 test_string_two:
280 type: OS::Heat::RandomString
281 properties:
282 length: 40
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]283 paste: {}
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]284 policy: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]285 heat:
286 DEFAULT:
287 log_config_append: /etc/heat/logging.conf
288 num_engine_workers: 1
289 trusts_delegated_roles: ""
290 host: heat-engine
291 keystone_authtoken:
292 auth_type: password
293 auth_version: v3
294 memcache_security_strategy: ENCRYPT
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]295 service_type: orchestration
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]296 database:
297 max_retries: -1
298 trustee:
299 auth_type: password
300 auth_version: v3
301 heat_api:
302 # NOTE(portdirect): the bind port should not be defined, and is manipulated
303 # via the endpoints section.
304 bind_port: null
305 workers: 1
306 heat_api_cloudwatch:
307 # NOTE(portdirect): the bind port should not be defined, and is manipulated
308 # via the endpoints section.
309 bind_port: null
310 workers: 1
311 heat_api_cfn:
312 # NOTE(portdirect): the bind port should not be defined, and is manipulated
313 # via the endpoints section.
314 bind_port: null
315 workers: 1
316 paste_deploy:
317 api_paste_config: /etc/heat/api-paste.ini
318 clients:
319 endpoint_type: internalURL
320 clients_heat:
321 endpoint_type: publicURL
322 clients_keystone:
323 endpoint_type: internalURL
324 oslo_messaging_notifications:
325 driver: messagingv2
326 oslo_middleware:
327 enable_proxy_headers_parsing: true
328 oslo_messaging_rabbit:
329 rabbit_ha_queues: True
330 oslo_policy:
331 policy_file: /etc/heat/policy.yaml
332 api_audit_map:
333 DEFAULT:
334 target_endpoint_type: None
335 path_keywords:
336 stacks: stack
337 resources: resource
338 preview: None
339 detail: None
340 abandon: None
341 snapshots: snapshot
342 restore: None
343 outputs: output
344 metadata: server
345 signal: None
346 events: event
347 template: None
348 template_versions: template_version
349 functions: None
350 validate: None
351 resource_types: resource_type
352 build_info: None
353 actions: None
354 software_configs: software_config
355 software_deployments: software_deployment
356 services: None
357 service_endpoints:
358 orchestration:service/orchestration
359 logging:
360 loggers:
361 keys:
362 - root
363 - heat
364 handlers:
365 keys:
366 - stdout
367 - stderr
368 - "null"
369 formatters:
370 keys:
371 - context
372 - default
373 logger_root:
374 level: WARNING
375 handlers: 'null'
376 logger_heat:
377 level: INFO
378 handlers:
379 - stdout
380 qualname: heat
381 logger_amqp:
382 level: WARNING
383 handlers: stderr
384 qualname: amqp
385 logger_amqplib:
386 level: WARNING
387 handlers: stderr
388 qualname: amqplib
389 logger_eventletwsgi:
390 level: WARNING
391 handlers: stderr
392 qualname: eventlet.wsgi.server
393 logger_sqlalchemy:
394 level: WARNING
395 handlers: stderr
396 qualname: sqlalchemy
397 logger_boto:
398 level: WARNING
399 handlers: stderr
400 qualname: boto
401 handler_null:
402 class: logging.NullHandler
403 formatter: default
404 args: ()
405 handler_stdout:
406 class: StreamHandler
407 args: (sys.stdout,)
408 formatter: context
409 handler_stderr:
410 class: StreamHandler
411 args: (sys.stderr,)
412 formatter: context
413 formatter_context:
414 class: oslo_log.formatters.ContextFormatter
415 datefmt: "%Y-%m-%d %H:%M:%S"
416 formatter_default:
417 format: "%(message)s"
418 datefmt: "%Y-%m-%d %H:%M:%S"
419
420 rabbitmq:
421 # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
422 policies:
423 - vhost: "heat"
424 name: "ha_ttl_heat"
425 definition:
426 # mirror messges to other nodes in rmq cluster
427 ha-mode: "all"
428 ha-sync-mode: "automatic"
429 # 70s
430 message-ttl: 70000
431 priority: 0
432 apply-to: all
433 pattern: '^(?!(amq\.|reply_)).*'
434
435network:
436 api:
437 ingress:
438 public: true
439 classes:
440 namespace: "nginx"
441 cluster: "nginx-cluster"
442 annotations:
443 nginx.ingress.kubernetes.io/rewrite-target: /
444 external_policy_local: false
445 node_port:
446 enabled: false
447 port: 30004
448 cfn:
449 ingress:
450 public: true
451 classes:
452 namespace: "nginx"
453 cluster: "nginx-cluster"
454 annotations:
455 nginx.ingress.kubernetes.io/rewrite-target: /
456 node_port:
457 enabled: false
458 port: 30800
459 cloudwatch:
460 ingress:
461 public: true
462 classes:
463 namespace: "nginx"
464 cluster: "nginx-cluster"
465 annotations:
466 nginx.ingress.kubernetes.io/rewrite-target: /
467 node_port:
468 enabled: false
469 port: 30003
470
471bootstrap:
472 enabled: true
473 ks_user: admin
474 script: |
475 #NOTE(portdirect): The Orchestration service automatically assigns the
476 # 'heat_stack_user' role to users that it creates during stack deployment.
477 # By default, this role restricts API operations. To avoid conflicts, do
478 # not add this role to actual users.
479 openstack role create --or-show heat_stack_user
480
481dependencies:
482 dynamic:
483 common:
484 local_image_registry:
485 jobs:
486 - heat-image-repo-sync
487 services:
488 - endpoint: node
489 service: local_image_registry
490 static:
491 api:
492 jobs:
493 - heat-db-sync
494 - heat-rabbit-init
495 - heat-ks-user
496 - heat-trustee-ks-user
497 - heat-domain-ks-user
498 - heat-ks-endpoints
499 - heat-bootstrap
500 services:
501 - endpoint: internal
502 service: oslo_db
503 - endpoint: internal
504 service: oslo_messaging
505 - endpoint: internal
506 service: identity
507 cfn:
508 jobs:
509 - heat-db-sync
510 - heat-rabbit-init
511 - heat-ks-user
512 - heat-trustee-ks-user
513 - heat-domain-ks-user
514 - heat-ks-endpoints
515 - heat-bootstrap
516 services:
517 - endpoint: internal
518 service: oslo_db
519 - endpoint: internal
520 service: oslo_messaging
521 - endpoint: internal
522 service: identity
523 cloudwatch:
524 jobs:
525 - heat-db-sync
526 - heat-rabbit-init
527 - heat-ks-user
528 - heat-trustee-ks-user
529 - heat-domain-ks-user
530 - heat-ks-endpoints
531 - heat-bootstrap
532 services:
533 - endpoint: internal
534 service: oslo_db
535 - endpoint: internal
536 service: oslo_messaging
537 - endpoint: internal
538 service: identity
539 db_drop:
540 services:
541 - endpoint: internal
542 service: oslo_db
543 db_init:
544 services:
545 - endpoint: internal
546 service: oslo_db
547 db_sync:
548 jobs:
549 - heat-db-init
550 services:
551 - endpoint: internal
552 service: oslo_db
553 bootstrap:
554 services:
555 - endpoint: internal
556 service: identity
557 engine:
558 jobs:
559 - heat-db-sync
560 - heat-rabbit-init
561 - heat-ks-user
562 - heat-trustee-ks-user
563 - heat-domain-ks-user
564 - heat-ks-endpoints
565 - heat-bootstrap
566 services:
567 - endpoint: internal
568 service: oslo_db
569 - endpoint: internal
570 service: oslo_messaging
571 - endpoint: internal
572 service: identity
573 engine_cleaner:
574 jobs:
575 - heat-db-sync
576 - heat-ks-user
577 - heat-trustee-ks-user
578 - heat-domain-ks-user
579 - heat-ks-endpoints
580 services:
581 - endpoint: internal
582 service: oslo_db
583 - endpoint: internal
584 service: oslo_messaging
585 - endpoint: internal
586 service: identity
587 purge_deleted:
588 jobs:
589 - heat-db-sync
590 - heat-ks-user
591 - heat-trustee-ks-user
592 - heat-domain-ks-user
593 - heat-ks-endpoints
594 services:
595 - endpoint: internal
596 service: oslo_db
597 - endpoint: internal
598 service: oslo_messaging
599 - endpoint: internal
600 service: identity
601 ks_endpoints:
602 jobs:
603 - heat-ks-service
604 services:
605 - endpoint: internal
606 service: identity
607 ks_service:
608 services:
609 - endpoint: internal
610 service: identity
611 ks_user:
612 services:
613 - endpoint: internal
614 service: identity
615 rabbit_init:
616 services:
617 - endpoint: internal
618 service: oslo_messaging
619 trusts:
620 jobs:
621 - heat-ks-user
622 - heat-trustee-ks-user
623 - heat-domain-ks-user
624 services:
625 - endpoint: internal
626 service: identity
627 image_repo_sync:
628 services:
629 - endpoint: internal
630 service: local_image_registry
631 tests:
632 services:
633 - endpoint: internal
634 service: identity
635 - endpoint: internal
636 service: orchestration
637
638# Names of secrets used by bootstrap and environmental checks
639secrets:
640 identity:
641 admin: heat-keystone-admin
642 heat: heat-keystone-user
643 heat_trustee: heat-keystone-trustee
644 heat_stack_user: heat-keystone-stack-user
645 test: heat-keystone-test
646 oslo_db:
647 admin: heat-db-admin
648 heat: heat-db-user
649 oslo_messaging:
650 admin: heat-rabbitmq-admin
651 heat: heat-rabbitmq-user
652 tls:
653 orchestration:
654 api:
655 public: heat-tls-public
656 internal: heat-tls-api
657 cloudformation:
658 cfn:
659 public: cloudformation-tls-public
660 internal: heat-tls-cfn
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]661 oci_image_registry:
662 heat: heat-oci-image-registry
663
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]664# typically overridden by environmental
665# values, but should include all endpoints
666# required by this chart
667endpoints:
668 cluster_domain_suffix: cluster.local
669 local_image_registry:
670 name: docker-registry
671 namespace: docker-registry
672 hosts:
673 default: localhost
674 internal: docker-registry
675 node: localhost
676 host_fqdn_override:
677 default: null
678 port:
679 registry:
680 node: 5000
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]681 oci_image_registry:
682 name: oci-image-registry
683 namespace: oci-image-registry
684 auth:
685 enabled: false
686 heat:
687 username: heat
688 password: password
689 hosts:
690 default: localhost
691 host_fqdn_override:
692 default: null
693 port:
694 registry:
695 default: null
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]696 identity:
697 name: keystone
698 auth:
699 admin:
700 region_name: RegionOne
701 username: admin
702 password: password
703 project_name: admin
704 user_domain_name: default
705 project_domain_name: default
706 heat:
707 role: admin
708 region_name: RegionOne
709 username: heat
710 password: password
711 project_name: service
712 user_domain_name: service
713 project_domain_name: service
714 heat_trustee:
715 role: admin
716 region_name: RegionOne
717 username: heat-trust
718 password: password
719 project_name: service
720 user_domain_name: service
721 project_domain_name: service
722 heat_stack_user:
723 role: admin
724 region_name: RegionOne
725 username: heat-domain
726 password: password
727 domain_name: heat
728 test:
729 role: admin
730 region_name: RegionOne
731 username: heat-test
732 password: password
733 project_name: test
734 user_domain_name: service
735 project_domain_name: service
736 hosts:
737 default: keystone
738 internal: keystone-api
739 host_fqdn_override:
740 default: null
741 path:
742 default: /v3
743 scheme:
744 default: 'http'
745 port:
746 api:
747 default: 80
748 internal: 5000
749 orchestration:
750 name: heat
751 hosts:
752 default: heat-api
753 public: heat
754 host_fqdn_override:
755 default: null
756 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
757 # endpoints using the following format:
758 # public:
759 # host: null
760 # tls:
761 # crt: null
762 # key: null
763 path:
764 default: '/v1/%(project_id)s'
765 scheme:
766 default: 'http'
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]767 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]768 port:
769 api:
770 default: 8004
771 public: 80
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]772 service: 8004
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]773 cloudformation:
774 name: heat-cfn
775 hosts:
776 default: heat-cfn
777 public: cloudformation
778 host_fqdn_override:
779 default: null
780 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
781 # endpoints using the following format:
782 # public:
783 # host: null
784 # tls:
785 # crt: null
786 # key: null
787 path:
788 default: /v1
789 scheme:
790 default: 'http'
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]791 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]792 port:
793 api:
794 default: 8000
795 public: 80
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]796 service: 8000
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]797 # Cloudwatch does not get an entry in the keystone service catalog
798 cloudwatch:
799 name: heat-cloudwatch
800 hosts:
801 default: heat-cloudwatch
802 public: cloudwatch
803 host_fqdn_override:
804 default: null
805 path:
806 default: null
807 type: null
808 scheme:
809 default: 'http'
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]810 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]811 port:
812 api:
813 default: 8003
814 public: 80
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]815 service: 8003
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]816 oslo_db:
817 auth:
818 admin:
819 username: root
820 password: password
821 secret:
822 tls:
823 internal: mariadb-tls-direct
824 heat:
825 username: heat
826 password: password
827 hosts:
828 default: mariadb
829 host_fqdn_override:
830 default: null
831 path: /heat
832 scheme: mysql+pymysql
833 port:
834 mysql:
835 default: 3306
836 oslo_cache:
837 auth:
838 # NOTE(portdirect): this is used to define the value for keystone
839 # authtoken cache encryption key, if not set it will be populated
840 # automatically with a random value, but to take advantage of
841 # this feature all services should be set to use the same key,
842 # and memcache service.
843 memcache_secret_key: null
844 hosts:
845 default: memcached
846 host_fqdn_override:
847 default: null
848 port:
849 memcache:
850 default: 11211
851 oslo_messaging:
852 auth:
853 admin:
854 username: rabbitmq
855 password: password
856 secret:
857 tls:
858 internal: rabbitmq-tls-direct
859 heat:
860 username: heat
861 password: password
862 statefulset:
863 replicas: 2
864 name: rabbitmq-rabbitmq
865 hosts:
866 default: rabbitmq
867 host_fqdn_override:
868 default: null
869 path: /heat
870 scheme: rabbit
871 port:
872 amqp:
873 default: 5672
874 http:
875 default: 15672
876 fluentd:
877 namespace: null
878 name: fluentd
879 hosts:
880 default: fluentd-logging
881 host_fqdn_override:
882 default: null
883 path:
884 default: null
885 scheme: 'http'
886 port:
887 service:
888 default: 24224
889 metrics:
890 default: 24220
891 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
892 # They are using to enable the Egress K8s network policy.
893 kube_dns:
894 namespace: kube-system
895 name: kubernetes-dns
896 hosts:
897 default: kube-dns
898 host_fqdn_override:
899 default: null
900 path:
901 default: null
902 scheme: http
903 port:
904 dns:
905 default: 53
906 protocol: UDP
907 ingress:
908 namespace: null
909 name: ingress
910 hosts:
911 default: ingress
912 port:
913 ingress:
914 default: 80
915
916pod:
917 security_context:
918 heat:
919 pod:
920 runAsUser: 42424
921 container:
922 heat_api:
923 readOnlyRootFilesystem: true
924 allowPrivilegeEscalation: false
925 heat_cfn:
926 readOnlyRootFilesystem: true
927 allowPrivilegeEscalation: false
928 heat_cloudwatch:
929 readOnlyRootFilesystem: true
930 allowPrivilegeEscalation: false
931 heat_engine:
932 readOnlyRootFilesystem: true
933 allowPrivilegeEscalation: false
934 trusts:
935 pod:
936 runAsUser: 42424
937 container:
938 heat_trusts:
939 readOnlyRootFilesystem: true
940 allowPrivilegeEscalation: false
941 ks_user:
942 pod:
943 runAsUser: 42424
944 container:
945 heat_ks_domain_user:
946 readOnlyRootFilesystem: true
947 allowPrivilegeEscalation: false
948 engine_cleaner:
949 pod:
950 runAsUser: 42424
951 container:
952 heat_engine_cleaner:
953 readOnlyRootFilesystem: true
954 allowPrivilegeEscalation: false
955 affinity:
956 anti:
957 type:
958 default: preferredDuringSchedulingIgnoredDuringExecution
959 topologyKey:
960 default: kubernetes.io/hostname
961 weight:
962 default: 10
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]963 tolerations:
964 heat:
965 enabled: false
966 tolerations:
967 - key: node-role.kubernetes.io/master
968 operator: Exists
969 effect: NoSchedule
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]970 - key: node-role.kubernetes.io/control-plane
971 operator: Exists
972 effect: NoSchedule
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]973 mounts:
974 heat_api:
975 init_container: null
976 heat_api:
977 volumeMounts:
978 volumes:
979 heat_cfn:
980 init_container: null
981 heat_cfn:
982 volumeMounts:
983 volumes:
984 heat_cloudwatch:
985 init_container: null
986 heat_cloudwatch:
987 volumeMounts:
988 volumes:
989 heat_engine:
990 init_container: null
991 heat_engine:
992 volumeMounts:
993 volumes:
994 heat_bootstrap:
995 init_container: null
996 heat_bootstrap:
997 volumeMounts:
998 volumes:
999 heat_trusts:
1000 init_container: null
1001 heat_trusts:
1002 volumeMounts:
1003 volumes:
1004 heat_engine_cleaner:
1005 init_container: null
1006 heat_engine_cleaner:
1007 volumeMounts:
1008 volumes:
1009 heat_purge_deleted:
1010 init_container: null
1011 heat_purge_deleted:
1012 volumeMounts:
1013 volumes:
1014 heat_tests:
1015 init_container: null
1016 heat_tests:
1017 volumeMounts:
1018 volumes:
1019 heat_db_sync:
1020 heat_db_sync:
1021 volumeMounts:
1022 volumes:
1023 replicas:
1024 api: 1
1025 cfn: 1
1026 cloudwatch: 1
1027 engine: 1
1028 lifecycle:
1029 upgrades:
1030 deployments:
1031 revision_history: 3
1032 pod_replacement_strategy: RollingUpdate
1033 rolling_update:
1034 max_unavailable: 1
1035 max_surge: 3
1036 disruption_budget:
1037 api:
1038 min_available: 0
1039 cfn:
1040 min_available: 0
1041 cloudwatch:
1042 min_available: 0
1043 termination_grace_period:
1044 api:
1045 timeout: 30
1046 cfn:
1047 timeout: 30
1048 cloudwatch:
1049 timeout: 30
1050 engine:
1051 timeout: 30
1052 resources:
1053 enabled: false
1054 api:
1055 requests:
1056 memory: "128Mi"
1057 cpu: "100m"
1058 limits:
1059 memory: "1024Mi"
1060 cpu: "2000m"
1061 cfn:
1062 requests:
1063 memory: "128Mi"
1064 cpu: "100m"
1065 limits:
1066 memory: "1024Mi"
1067 cpu: "2000m"
1068 cloudwatch:
1069 requests:
1070 memory: "128Mi"
1071 cpu: "100m"
1072 limits:
1073 memory: "1024Mi"
1074 cpu: "2000m"
1075 engine:
1076 requests:
1077 memory: "128Mi"
1078 cpu: "100m"
1079 limits:
1080 memory: "1024Mi"
1081 cpu: "2000m"
1082 jobs:
1083 bootstrap:
1084 requests:
1085 memory: "128Mi"
1086 cpu: "100m"
1087 limits:
1088 memory: "1024Mi"
1089 cpu: "2000m"
1090 db_init:
1091 requests:
1092 memory: "128Mi"
1093 cpu: "100m"
1094 limits:
1095 memory: "1024Mi"
1096 cpu: "2000m"
1097 db_sync:
1098 requests:
1099 memory: "128Mi"
1100 cpu: "100m"
1101 limits:
1102 memory: "1024Mi"
1103 cpu: "2000m"
1104 db_drop:
1105 requests:
1106 memory: "128Mi"
1107 cpu: "100m"
1108 limits:
1109 memory: "1024Mi"
1110 cpu: "2000m"
1111 ks_endpoints:
1112 requests:
1113 memory: "128Mi"
1114 cpu: "100m"
1115 limits:
1116 memory: "1024Mi"
1117 cpu: "2000m"
1118 ks_service:
1119 requests:
1120 memory: "128Mi"
1121 cpu: "100m"
1122 limits:
1123 memory: "1024Mi"
1124 cpu: "2000m"
1125 ks_user:
1126 requests:
1127 memory: "128Mi"
1128 cpu: "100m"
1129 limits:
1130 memory: "1024Mi"
1131 cpu: "2000m"
1132 rabbit_init:
1133 requests:
1134 memory: "128Mi"
1135 cpu: "100m"
1136 limits:
1137 memory: "1024Mi"
1138 cpu: "2000m"
1139 tests:
1140 requests:
1141 memory: "128Mi"
1142 cpu: "100m"
1143 limits:
1144 memory: "1024Mi"
1145 cpu: "2000m"
1146 trusts:
1147 requests:
1148 memory: "128Mi"
1149 cpu: "100m"
1150 limits:
1151 memory: "1024Mi"
1152 cpu: "2000m"
1153 engine_cleaner:
1154 requests:
1155 memory: "128Mi"
1156 cpu: "100m"
1157 limits:
1158 memory: "1024Mi"
1159 cpu: "2000m"
1160 purge_deleted:
1161 requests:
1162 memory: "124Mi"
1163 cpu: "100m"
1164 limits:
1165 memory: "1024Mi"
1166 cpu: "2000m"
1167 image_repo_sync:
1168 requests:
1169 memory: "128Mi"
1170 cpu: "100m"
1171 limits:
1172 memory: "1024Mi"
1173 cpu: "2000m"
1174
1175network_policy:
1176 heat:
1177 ingress:
1178 - {}
1179 egress:
1180 - {}
1181
1182# NOTE(helm_hook): helm_hook might break for helm2 binary.
1183# set helm3_hook: false when using the helm2 binary.
1184helm3_hook: true
1185
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1186tls:
1187 identity: false
1188 oslo_messaging: false
1189 oslo_db: false
1190
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1191manifests:
1192 certificates: false
1193 configmap_bin: true
1194 configmap_etc: true
1195 cron_job_engine_cleaner: true
1196 cron_job_purge_deleted: true
1197 deployment_api: true
1198 deployment_cfn: true
1199 deployment_cloudwatch: false
1200 deployment_engine: true
1201 ingress_api: true
1202 ingress_cfn: true
1203 ingress_cloudwatch: false
1204 job_bootstrap: true
1205 job_db_init: true
1206 job_db_sync: true
1207 job_db_drop: false
1208 job_image_repo_sync: true
1209 job_ks_endpoints: true
1210 job_ks_service: true
1211 job_ks_user_domain: true
1212 job_ks_user_trustee: true
1213 job_ks_user: true
1214 job_rabbit_init: true
1215 pdb_api: true
1216 pdb_cfn: true
1217 pdb_cloudwatch: false
1218 pod_rally_test: true
1219 network_policy: false
1220 secret_db: true
1221 secret_ingress_tls: true
1222 secret_keystone: true
1223 secret_rabbitmq: true
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1224 secret_registry: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1225 service_api: true
1226 service_cfn: true
1227 service_cloudwatch: false
1228 service_ingress_api: true
1229 service_ingress_cfn: true
1230 service_ingress_cloudwatch: false
1231 statefulset_engine: false
1232...