Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / d2cd687c9513d2b40700e3c53c8660f1f838c01b / . / charts / heat / values.yaml
blob: ce61e7dda5a61e263244e7818a956d48c39026de [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for heat.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21labels:
22 api:
23 node_selector_key: openstack-control-plane
24 node_selector_value: enabled
25 cfn:
26 node_selector_key: openstack-control-plane
27 node_selector_value: enabled
28 cloudwatch:
29 node_selector_key: openstack-control-plane
30 node_selector_value: enabled
31 engine:
32 node_selector_key: openstack-control-plane
33 node_selector_value: enabled
34 job:
35 node_selector_key: openstack-control-plane
36 node_selector_value: enabled
37 test:
38 node_selector_key: openstack-control-plane
39 node_selector_value: enabled
40
41images:
42 tags:
43 test: docker.io/xrally/xrally-openstack:2.0.0
44 bootstrap: docker.io/openstackhelm/heat:stein-ubuntu_bionic
45 db_init: docker.io/openstackhelm/heat:stein-ubuntu_bionic
46 heat_db_sync: docker.io/openstackhelm/heat:stein-ubuntu_bionic
47 db_drop: docker.io/openstackhelm/heat:stein-ubuntu_bionic
48 rabbit_init: docker.io/rabbitmq:3.7-management
49 ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
50 ks_service: docker.io/openstackhelm/heat:stein-ubuntu_bionic
51 ks_endpoints: docker.io/openstackhelm/heat:stein-ubuntu_bionic
52 heat_api: docker.io/openstackhelm/heat:stein-ubuntu_bionic
53 heat_cfn: docker.io/openstackhelm/heat:stein-ubuntu_bionic
54 heat_cloudwatch: docker.io/openstackhelm/heat:stein-ubuntu_bionic
55 heat_engine: docker.io/openstackhelm/heat:stein-ubuntu_bionic
56 heat_engine_cleaner: docker.io/openstackhelm/heat:stein-ubuntu_bionic
57 heat_purge_deleted: docker.io/openstackhelm/heat:stein-ubuntu_bionic
58 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
59 image_repo_sync: docker.io/docker:17.07.0
60 pull_policy: "IfNotPresent"
61 local_registry:
62 active: false
63 exclude:
64 - dep_check
65 - image_repo_sync
66
67jobs:
68 engine_cleaner:
69 cron: "*/5 * * * *"
70 starting_deadline: 600
71 history:
72 success: 3
73 failed: 1
74
75 purge_deleted:
76 cron: "20 */24 * * *"
77 purge_age: 60
78 history:
79 success: 3
80 failed: 1
81
82conf:
83 rally_tests:
84 run_tempest: false
85 tests:
86 HeatStacks.create_update_delete_stack:
87 - args:
88 template_path: /tmp/rally-jobs/random_strings.yaml
89 updated_template_path: /tmp/rally-jobs/updated_random_strings_replace.yaml
90 runner:
91 concurrency: 1
92 times: 1
93 type: constant
94 sla:
95 failure_rate:
96 max: 0
97 HeatStacks.create_check_delete_stack:
98 - args:
99 template_path: /tmp/rally-jobs/random_strings.yaml
100 runner:
101 concurrency: 1
102 times: 1
103 type: constant
104 sla:
105 failure_rate:
106 max: 0
107 HeatStacks.create_and_delete_stack:
108 - args:
109 template_path: /tmp/rally-jobs/resource_group_with_constraint.yaml
110 runner:
111 concurrency: 1
112 times: 1
113 type: constant
114 sla:
115 failure_rate:
116 max: 0
117 HeatStacks.create_and_list_stack:
118 - args:
119 template_path: /tmp/rally-jobs/default.yaml
120 runner:
121 concurrency: 1
122 times: 1
123 type: constant
124 sla:
125 failure_rate:
126 max: 0
127 HeatStacks.create_snapshot_restore_delete_stack:
128 - args:
129 template_path: /tmp/rally-jobs/random_strings.yaml
130 runner:
131 concurrency: 1
132 times: 1
133 type: constant
134 sla:
135 failure_rate:
136 max: 0
137 HeatStacks.create_stack_and_list_output:
138 - args:
139 template_path: /tmp/rally-jobs/resource_group_with_outputs.yaml
140 runner:
141 concurrency: 1
142 times: 1
143 type: constant
144 sla:
145 failure_rate:
146 max: 0
147 HeatStacks.create_stack_and_list_output_via_API:
148 - args:
149 template_path: /tmp/rally-jobs/resource_group_with_outputs.yaml
150 runner:
151 concurrency: 1
152 times: 1
153 type: constant
154 sla:
155 failure_rate:
156 max: 0
157 templates:
158 - name: /tmp/rally-jobs/default.yaml
159 template: |
160 heat_template_version: 2014-10-16
161 - name: /tmp/rally-jobs/random_strings.yaml
162 template: |
163 heat_template_version: 2014-10-16
164 description: Test template for rally create-update-delete scenario
165 resources:
166 test_string_one:
167 type: OS::Heat::RandomString
168 properties:
169 length: 20
170 test_string_two:
171 type: OS::Heat::RandomString
172 properties:
173 length: 20
174 - name: /tmp/rally-jobs/resource_group_with_constraint.yaml
175 template: |
176 heat_template_version: 2013-05-23
177 description: Template for testing caching.
178 parameters:
179 count:
180 type: number
181 default: 40
182 delay:
183 type: number
184 default: 0.1
185 resources:
186 rg:
187 type: OS::Heat::ResourceGroup
188 properties:
189 count:
190 get_param: count
191 resource_def:
192 type: OS::Heat::TestResource
193 properties:
194 constraint_prop_secs:
195 get_param: delay
196 - name: /tmp/rally-jobs/resource_group_with_outputs.yaml
197 template: |
198 heat_template_version: 2013-05-23
199 parameters:
200 attr_wait_secs:
201 type: number
202 default: 0.5
203 resources:
204 rg:
205 type: OS::Heat::ResourceGroup
206 properties:
207 count: 10
208 resource_def:
209 type: OS::Heat::TestResource
210 properties:
211 attr_wait_secs:
212 get_param: attr_wait_secs
213 outputs:
214 val1:
215 value:
216 get_attr:
217 - rg
218 - resource.0.output
219 val2:
220 value:
221 get_attr:
222 - rg
223 - resource.1.output
224 val3:
225 value:
226 get_attr:
227 - rg
228 - resource.2.output
229 val4:
230 value:
231 get_attr:
232 - rg
233 - resource.3.output
234 val5:
235 value:
236 get_attr:
237 - rg
238 - resource.4.output
239 val6:
240 value:
241 get_attr:
242 - rg
243 - resource.5.output
244 val7:
245 value:
246 get_attr:
247 - rg
248 - resource.6.output
249 val8:
250 value:
251 get_attr:
252 - rg
253 - resource.7.output
254 val9:
255 value:
256 get_attr:
257 - rg
258 - resource.8.output
259 val10:
260 value:
261 get_attr:
262 - rg
263 - resource.9.output
264 - name: /tmp/rally-jobs/updated_random_strings_replace.yaml
265 template: |
266 heat_template_version: 2014-10-16
267 description: |
268 Test template for create-update-delete-stack scenario in rally.
269 The template deletes one resource from the stack defined by
270 random-strings.yaml.template and re-creates it with the updated parameters
271 (so-called update-replace). That happens because some parameters cannot be
272 changed without resource re-creation. The template allows to measure performance
273 of update-replace operation.
274 resources:
275 test_string_one:
276 type: OS::Heat::RandomString
277 properties:
278 length: 20
279 test_string_two:
280 type: OS::Heat::RandomString
281 properties:
282 length: 40
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]283 paste:
284 pipeline:heat-api:
285 pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken audit context apiv1app
286 pipeline:heat-api-standalone:
287 pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app
288 pipeline:heat-api-custombackend:
289 pipeline: cors request_id faultwrap versionnegotiation context custombackendauth apiv1app
290 pipeline:heat-api-cfn:
291 pipeline: cors http_proxy_to_wsgi cfnversionnegotiation osprofiler ec2authtoken authtoken audit context apicfnv1app
292 pipeline:heat-api-cfn-standalone:
293 pipeline: cors http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app
294 pipeline:heat-api-cloudwatch:
295 pipeline: cors versionnegotiation osprofiler ec2authtoken authtoken audit context apicwapp
296 pipeline:heat-api-cloudwatch-standalone:
297 pipeline: cors versionnegotiation ec2authtoken context apicwapp
298 app:apiv1app:
299 paste.app_factory: heat.common.wsgi:app_factory
300 heat.app_factory: heat.api.openstack.v1:API
301 app:apicfnv1app:
302 paste.app_factory: heat.common.wsgi:app_factory
303 heat.app_factory: heat.api.cfn.v1:API
304 app:apicwapp:
305 paste.app_factory: heat.common.wsgi:app_factory
306 heat.app_factory: heat.api.cloudwatch:API
307 filter:versionnegotiation:
308 paste.filter_factory: heat.common.wsgi:filter_factory
309 heat.filter_factory: heat.api.openstack:version_negotiation_filter
310 filter:cors:
311 paste.filter_factory: oslo_middleware.cors:filter_factory
312 oslo_config_project: heat
313 filter:faultwrap:
314 paste.filter_factory: heat.common.wsgi:filter_factory
315 heat.filter_factory: heat.api.openstack:faultwrap_filter
316 filter:cfnversionnegotiation:
317 paste.filter_factory: heat.common.wsgi:filter_factory
318 heat.filter_factory: heat.api.cfn:version_negotiation_filter
319 filter:cwversionnegotiation:
320 paste.filter_factory: heat.common.wsgi:filter_factory
321 heat.filter_factory: heat.api.cloudwatch:version_negotiation_filter
322 filter:context:
323 paste.filter_factory: heat.common.context:ContextMiddleware_filter_factory
324 filter:ec2authtoken:
325 paste.filter_factory: heat.api.aws.ec2token:EC2Token_filter_factory
326 filter:http_proxy_to_wsgi:
327 paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
328 filter:authurl:
329 paste.filter_factory: heat.common.auth_url:filter_factory
330 filter:authtoken:
331 paste.filter_factory: keystonemiddleware.auth_token:filter_factory
332 filter:authpassword:
333 paste.filter_factory: heat.common.auth_password:filter_factory
334 filter:custombackendauth:
335 paste.filter_factory: heat.common.custom_backend_auth:filter_factory
336 filter:audit:
337 paste.filter_factory: keystonemiddleware.audit:filter_factory
338 audit_map_file: /etc/heat/api_audit_map.conf
339 filter:request_id:
340 paste.filter_factory: oslo_middleware.request_id:RequestId.factory
341 filter:osprofiler:
342 paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]343 policy: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]344 heat:
345 DEFAULT:
346 log_config_append: /etc/heat/logging.conf
347 num_engine_workers: 1
348 trusts_delegated_roles: ""
349 host: heat-engine
350 keystone_authtoken:
351 auth_type: password
352 auth_version: v3
353 memcache_security_strategy: ENCRYPT
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]354 service_type: orchestration
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]355 database:
356 max_retries: -1
357 trustee:
358 auth_type: password
359 auth_version: v3
360 heat_api:
361 # NOTE(portdirect): the bind port should not be defined, and is manipulated
362 # via the endpoints section.
363 bind_port: null
364 workers: 1
365 heat_api_cloudwatch:
366 # NOTE(portdirect): the bind port should not be defined, and is manipulated
367 # via the endpoints section.
368 bind_port: null
369 workers: 1
370 heat_api_cfn:
371 # NOTE(portdirect): the bind port should not be defined, and is manipulated
372 # via the endpoints section.
373 bind_port: null
374 workers: 1
375 paste_deploy:
376 api_paste_config: /etc/heat/api-paste.ini
377 clients:
378 endpoint_type: internalURL
379 clients_heat:
380 endpoint_type: publicURL
381 clients_keystone:
382 endpoint_type: internalURL
383 oslo_messaging_notifications:
384 driver: messagingv2
385 oslo_middleware:
386 enable_proxy_headers_parsing: true
387 oslo_messaging_rabbit:
388 rabbit_ha_queues: True
389 oslo_policy:
390 policy_file: /etc/heat/policy.yaml
391 api_audit_map:
392 DEFAULT:
393 target_endpoint_type: None
394 path_keywords:
395 stacks: stack
396 resources: resource
397 preview: None
398 detail: None
399 abandon: None
400 snapshots: snapshot
401 restore: None
402 outputs: output
403 metadata: server
404 signal: None
405 events: event
406 template: None
407 template_versions: template_version
408 functions: None
409 validate: None
410 resource_types: resource_type
411 build_info: None
412 actions: None
413 software_configs: software_config
414 software_deployments: software_deployment
415 services: None
416 service_endpoints:
417 orchestration:service/orchestration
418 logging:
419 loggers:
420 keys:
421 - root
422 - heat
423 handlers:
424 keys:
425 - stdout
426 - stderr
427 - "null"
428 formatters:
429 keys:
430 - context
431 - default
432 logger_root:
433 level: WARNING
434 handlers: 'null'
435 logger_heat:
436 level: INFO
437 handlers:
438 - stdout
439 qualname: heat
440 logger_amqp:
441 level: WARNING
442 handlers: stderr
443 qualname: amqp
444 logger_amqplib:
445 level: WARNING
446 handlers: stderr
447 qualname: amqplib
448 logger_eventletwsgi:
449 level: WARNING
450 handlers: stderr
451 qualname: eventlet.wsgi.server
452 logger_sqlalchemy:
453 level: WARNING
454 handlers: stderr
455 qualname: sqlalchemy
456 logger_boto:
457 level: WARNING
458 handlers: stderr
459 qualname: boto
460 handler_null:
461 class: logging.NullHandler
462 formatter: default
463 args: ()
464 handler_stdout:
465 class: StreamHandler
466 args: (sys.stdout,)
467 formatter: context
468 handler_stderr:
469 class: StreamHandler
470 args: (sys.stderr,)
471 formatter: context
472 formatter_context:
473 class: oslo_log.formatters.ContextFormatter
474 datefmt: "%Y-%m-%d %H:%M:%S"
475 formatter_default:
476 format: "%(message)s"
477 datefmt: "%Y-%m-%d %H:%M:%S"
478
479 rabbitmq:
480 # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
481 policies:
482 - vhost: "heat"
483 name: "ha_ttl_heat"
484 definition:
485 # mirror messges to other nodes in rmq cluster
486 ha-mode: "all"
487 ha-sync-mode: "automatic"
488 # 70s
489 message-ttl: 70000
490 priority: 0
491 apply-to: all
492 pattern: '^(?!(amq\.|reply_)).*'
493
494network:
495 api:
496 ingress:
497 public: true
498 classes:
499 namespace: "nginx"
500 cluster: "nginx-cluster"
501 annotations:
502 nginx.ingress.kubernetes.io/rewrite-target: /
503 external_policy_local: false
504 node_port:
505 enabled: false
506 port: 30004
507 cfn:
508 ingress:
509 public: true
510 classes:
511 namespace: "nginx"
512 cluster: "nginx-cluster"
513 annotations:
514 nginx.ingress.kubernetes.io/rewrite-target: /
515 node_port:
516 enabled: false
517 port: 30800
518 cloudwatch:
519 ingress:
520 public: true
521 classes:
522 namespace: "nginx"
523 cluster: "nginx-cluster"
524 annotations:
525 nginx.ingress.kubernetes.io/rewrite-target: /
526 node_port:
527 enabled: false
528 port: 30003
529
530bootstrap:
531 enabled: true
532 ks_user: admin
533 script: |
534 #NOTE(portdirect): The Orchestration service automatically assigns the
535 # 'heat_stack_user' role to users that it creates during stack deployment.
536 # By default, this role restricts API operations. To avoid conflicts, do
537 # not add this role to actual users.
538 openstack role create --or-show heat_stack_user
539
540dependencies:
541 dynamic:
542 common:
543 local_image_registry:
544 jobs:
545 - heat-image-repo-sync
546 services:
547 - endpoint: node
548 service: local_image_registry
549 static:
550 api:
551 jobs:
552 - heat-db-sync
553 - heat-rabbit-init
554 - heat-ks-user
555 - heat-trustee-ks-user
556 - heat-domain-ks-user
557 - heat-ks-endpoints
558 - heat-bootstrap
559 services:
560 - endpoint: internal
561 service: oslo_db
562 - endpoint: internal
563 service: oslo_messaging
564 - endpoint: internal
565 service: identity
566 cfn:
567 jobs:
568 - heat-db-sync
569 - heat-rabbit-init
570 - heat-ks-user
571 - heat-trustee-ks-user
572 - heat-domain-ks-user
573 - heat-ks-endpoints
574 - heat-bootstrap
575 services:
576 - endpoint: internal
577 service: oslo_db
578 - endpoint: internal
579 service: oslo_messaging
580 - endpoint: internal
581 service: identity
582 cloudwatch:
583 jobs:
584 - heat-db-sync
585 - heat-rabbit-init
586 - heat-ks-user
587 - heat-trustee-ks-user
588 - heat-domain-ks-user
589 - heat-ks-endpoints
590 - heat-bootstrap
591 services:
592 - endpoint: internal
593 service: oslo_db
594 - endpoint: internal
595 service: oslo_messaging
596 - endpoint: internal
597 service: identity
598 db_drop:
599 services:
600 - endpoint: internal
601 service: oslo_db
602 db_init:
603 services:
604 - endpoint: internal
605 service: oslo_db
606 db_sync:
607 jobs:
608 - heat-db-init
609 services:
610 - endpoint: internal
611 service: oslo_db
612 bootstrap:
613 services:
614 - endpoint: internal
615 service: identity
616 engine:
617 jobs:
618 - heat-db-sync
619 - heat-rabbit-init
620 - heat-ks-user
621 - heat-trustee-ks-user
622 - heat-domain-ks-user
623 - heat-ks-endpoints
624 - heat-bootstrap
625 services:
626 - endpoint: internal
627 service: oslo_db
628 - endpoint: internal
629 service: oslo_messaging
630 - endpoint: internal
631 service: identity
632 engine_cleaner:
633 jobs:
634 - heat-db-sync
635 - heat-ks-user
636 - heat-trustee-ks-user
637 - heat-domain-ks-user
638 - heat-ks-endpoints
639 services:
640 - endpoint: internal
641 service: oslo_db
642 - endpoint: internal
643 service: oslo_messaging
644 - endpoint: internal
645 service: identity
646 purge_deleted:
647 jobs:
648 - heat-db-sync
649 - heat-ks-user
650 - heat-trustee-ks-user
651 - heat-domain-ks-user
652 - heat-ks-endpoints
653 services:
654 - endpoint: internal
655 service: oslo_db
656 - endpoint: internal
657 service: oslo_messaging
658 - endpoint: internal
659 service: identity
660 ks_endpoints:
661 jobs:
662 - heat-ks-service
663 services:
664 - endpoint: internal
665 service: identity
666 ks_service:
667 services:
668 - endpoint: internal
669 service: identity
670 ks_user:
671 services:
672 - endpoint: internal
673 service: identity
674 rabbit_init:
675 services:
676 - endpoint: internal
677 service: oslo_messaging
678 trusts:
679 jobs:
680 - heat-ks-user
681 - heat-trustee-ks-user
682 - heat-domain-ks-user
683 services:
684 - endpoint: internal
685 service: identity
686 image_repo_sync:
687 services:
688 - endpoint: internal
689 service: local_image_registry
690 tests:
691 services:
692 - endpoint: internal
693 service: identity
694 - endpoint: internal
695 service: orchestration
696
697# Names of secrets used by bootstrap and environmental checks
698secrets:
699 identity:
700 admin: heat-keystone-admin
701 heat: heat-keystone-user
702 heat_trustee: heat-keystone-trustee
703 heat_stack_user: heat-keystone-stack-user
704 test: heat-keystone-test
705 oslo_db:
706 admin: heat-db-admin
707 heat: heat-db-user
708 oslo_messaging:
709 admin: heat-rabbitmq-admin
710 heat: heat-rabbitmq-user
711 tls:
712 orchestration:
713 api:
714 public: heat-tls-public
715 internal: heat-tls-api
716 cloudformation:
717 cfn:
718 public: cloudformation-tls-public
719 internal: heat-tls-cfn
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]720 oci_image_registry:
721 heat: heat-oci-image-registry
722
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]723# typically overridden by environmental
724# values, but should include all endpoints
725# required by this chart
726endpoints:
727 cluster_domain_suffix: cluster.local
728 local_image_registry:
729 name: docker-registry
730 namespace: docker-registry
731 hosts:
732 default: localhost
733 internal: docker-registry
734 node: localhost
735 host_fqdn_override:
736 default: null
737 port:
738 registry:
739 node: 5000
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]740 oci_image_registry:
741 name: oci-image-registry
742 namespace: oci-image-registry
743 auth:
744 enabled: false
745 heat:
746 username: heat
747 password: password
748 hosts:
749 default: localhost
750 host_fqdn_override:
751 default: null
752 port:
753 registry:
754 default: null
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]755 identity:
756 name: keystone
757 auth:
758 admin:
759 region_name: RegionOne
760 username: admin
761 password: password
762 project_name: admin
763 user_domain_name: default
764 project_domain_name: default
765 heat:
766 role: admin
767 region_name: RegionOne
768 username: heat
769 password: password
770 project_name: service
771 user_domain_name: service
772 project_domain_name: service
773 heat_trustee:
774 role: admin
775 region_name: RegionOne
776 username: heat-trust
777 password: password
778 project_name: service
779 user_domain_name: service
780 project_domain_name: service
781 heat_stack_user:
782 role: admin
783 region_name: RegionOne
784 username: heat-domain
785 password: password
786 domain_name: heat
787 test:
788 role: admin
789 region_name: RegionOne
790 username: heat-test
791 password: password
792 project_name: test
793 user_domain_name: service
794 project_domain_name: service
795 hosts:
796 default: keystone
797 internal: keystone-api
798 host_fqdn_override:
799 default: null
800 path:
801 default: /v3
802 scheme:
803 default: 'http'
804 port:
805 api:
806 default: 80
807 internal: 5000
808 orchestration:
809 name: heat
810 hosts:
811 default: heat-api
812 public: heat
813 host_fqdn_override:
814 default: null
815 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
816 # endpoints using the following format:
817 # public:
818 # host: null
819 # tls:
820 # crt: null
821 # key: null
822 path:
823 default: '/v1/%(project_id)s'
824 scheme:
825 default: 'http'
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]826 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]827 port:
828 api:
829 default: 8004
830 public: 80
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]831 service: 8004
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]832 cloudformation:
833 name: heat-cfn
834 hosts:
835 default: heat-cfn
836 public: cloudformation
837 host_fqdn_override:
838 default: null
839 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
840 # endpoints using the following format:
841 # public:
842 # host: null
843 # tls:
844 # crt: null
845 # key: null
846 path:
847 default: /v1
848 scheme:
849 default: 'http'
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]850 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]851 port:
852 api:
853 default: 8000
854 public: 80
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]855 service: 8000
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]856 # Cloudwatch does not get an entry in the keystone service catalog
857 cloudwatch:
858 name: heat-cloudwatch
859 hosts:
860 default: heat-cloudwatch
861 public: cloudwatch
862 host_fqdn_override:
863 default: null
864 path:
865 default: null
866 type: null
867 scheme:
868 default: 'http'
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]869 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]870 port:
871 api:
872 default: 8003
873 public: 80
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]874 service: 8003
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]875 oslo_db:
876 auth:
877 admin:
878 username: root
879 password: password
880 secret:
881 tls:
882 internal: mariadb-tls-direct
883 heat:
884 username: heat
885 password: password
886 hosts:
887 default: mariadb
888 host_fqdn_override:
889 default: null
890 path: /heat
891 scheme: mysql+pymysql
892 port:
893 mysql:
894 default: 3306
895 oslo_cache:
896 auth:
897 # NOTE(portdirect): this is used to define the value for keystone
898 # authtoken cache encryption key, if not set it will be populated
899 # automatically with a random value, but to take advantage of
900 # this feature all services should be set to use the same key,
901 # and memcache service.
902 memcache_secret_key: null
903 hosts:
904 default: memcached
905 host_fqdn_override:
906 default: null
907 port:
908 memcache:
909 default: 11211
910 oslo_messaging:
911 auth:
912 admin:
913 username: rabbitmq
914 password: password
915 secret:
916 tls:
917 internal: rabbitmq-tls-direct
918 heat:
919 username: heat
920 password: password
921 statefulset:
922 replicas: 2
923 name: rabbitmq-rabbitmq
924 hosts:
925 default: rabbitmq
926 host_fqdn_override:
927 default: null
928 path: /heat
929 scheme: rabbit
930 port:
931 amqp:
932 default: 5672
933 http:
934 default: 15672
935 fluentd:
936 namespace: null
937 name: fluentd
938 hosts:
939 default: fluentd-logging
940 host_fqdn_override:
941 default: null
942 path:
943 default: null
944 scheme: 'http'
945 port:
946 service:
947 default: 24224
948 metrics:
949 default: 24220
950 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
951 # They are using to enable the Egress K8s network policy.
952 kube_dns:
953 namespace: kube-system
954 name: kubernetes-dns
955 hosts:
956 default: kube-dns
957 host_fqdn_override:
958 default: null
959 path:
960 default: null
961 scheme: http
962 port:
963 dns:
964 default: 53
965 protocol: UDP
966 ingress:
967 namespace: null
968 name: ingress
969 hosts:
970 default: ingress
971 port:
972 ingress:
973 default: 80
974
975pod:
976 security_context:
977 heat:
978 pod:
979 runAsUser: 42424
980 container:
981 heat_api:
982 readOnlyRootFilesystem: true
983 allowPrivilegeEscalation: false
984 heat_cfn:
985 readOnlyRootFilesystem: true
986 allowPrivilegeEscalation: false
987 heat_cloudwatch:
988 readOnlyRootFilesystem: true
989 allowPrivilegeEscalation: false
990 heat_engine:
991 readOnlyRootFilesystem: true
992 allowPrivilegeEscalation: false
993 trusts:
994 pod:
995 runAsUser: 42424
996 container:
997 heat_trusts:
998 readOnlyRootFilesystem: true
999 allowPrivilegeEscalation: false
1000 ks_user:
1001 pod:
1002 runAsUser: 42424
1003 container:
1004 heat_ks_domain_user:
1005 readOnlyRootFilesystem: true
1006 allowPrivilegeEscalation: false
1007 engine_cleaner:
1008 pod:
1009 runAsUser: 42424
1010 container:
1011 heat_engine_cleaner:
1012 readOnlyRootFilesystem: true
1013 allowPrivilegeEscalation: false
1014 affinity:
1015 anti:
1016 type:
1017 default: preferredDuringSchedulingIgnoredDuringExecution
1018 topologyKey:
1019 default: kubernetes.io/hostname
1020 weight:
1021 default: 10
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1022 tolerations:
1023 heat:
1024 enabled: false
1025 tolerations:
1026 - key: node-role.kubernetes.io/master
1027 operator: Exists
1028 effect: NoSchedule
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1029 - key: node-role.kubernetes.io/control-plane
1030 operator: Exists
1031 effect: NoSchedule
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1032 mounts:
1033 heat_api:
1034 init_container: null
1035 heat_api:
1036 volumeMounts:
1037 volumes:
1038 heat_cfn:
1039 init_container: null
1040 heat_cfn:
1041 volumeMounts:
1042 volumes:
1043 heat_cloudwatch:
1044 init_container: null
1045 heat_cloudwatch:
1046 volumeMounts:
1047 volumes:
1048 heat_engine:
1049 init_container: null
1050 heat_engine:
1051 volumeMounts:
1052 volumes:
1053 heat_bootstrap:
1054 init_container: null
1055 heat_bootstrap:
1056 volumeMounts:
1057 volumes:
1058 heat_trusts:
1059 init_container: null
1060 heat_trusts:
1061 volumeMounts:
1062 volumes:
1063 heat_engine_cleaner:
1064 init_container: null
1065 heat_engine_cleaner:
1066 volumeMounts:
1067 volumes:
1068 heat_purge_deleted:
1069 init_container: null
1070 heat_purge_deleted:
1071 volumeMounts:
1072 volumes:
1073 heat_tests:
1074 init_container: null
1075 heat_tests:
1076 volumeMounts:
1077 volumes:
1078 heat_db_sync:
1079 heat_db_sync:
1080 volumeMounts:
1081 volumes:
1082 replicas:
1083 api: 1
1084 cfn: 1
1085 cloudwatch: 1
1086 engine: 1
1087 lifecycle:
1088 upgrades:
1089 deployments:
1090 revision_history: 3
1091 pod_replacement_strategy: RollingUpdate
1092 rolling_update:
1093 max_unavailable: 1
1094 max_surge: 3
1095 disruption_budget:
1096 api:
1097 min_available: 0
1098 cfn:
1099 min_available: 0
1100 cloudwatch:
1101 min_available: 0
1102 termination_grace_period:
1103 api:
1104 timeout: 30
1105 cfn:
1106 timeout: 30
1107 cloudwatch:
1108 timeout: 30
1109 engine:
1110 timeout: 30
1111 resources:
1112 enabled: false
1113 api:
1114 requests:
1115 memory: "128Mi"
1116 cpu: "100m"
1117 limits:
1118 memory: "1024Mi"
1119 cpu: "2000m"
1120 cfn:
1121 requests:
1122 memory: "128Mi"
1123 cpu: "100m"
1124 limits:
1125 memory: "1024Mi"
1126 cpu: "2000m"
1127 cloudwatch:
1128 requests:
1129 memory: "128Mi"
1130 cpu: "100m"
1131 limits:
1132 memory: "1024Mi"
1133 cpu: "2000m"
1134 engine:
1135 requests:
1136 memory: "128Mi"
1137 cpu: "100m"
1138 limits:
1139 memory: "1024Mi"
1140 cpu: "2000m"
1141 jobs:
1142 bootstrap:
1143 requests:
1144 memory: "128Mi"
1145 cpu: "100m"
1146 limits:
1147 memory: "1024Mi"
1148 cpu: "2000m"
1149 db_init:
1150 requests:
1151 memory: "128Mi"
1152 cpu: "100m"
1153 limits:
1154 memory: "1024Mi"
1155 cpu: "2000m"
1156 db_sync:
1157 requests:
1158 memory: "128Mi"
1159 cpu: "100m"
1160 limits:
1161 memory: "1024Mi"
1162 cpu: "2000m"
1163 db_drop:
1164 requests:
1165 memory: "128Mi"
1166 cpu: "100m"
1167 limits:
1168 memory: "1024Mi"
1169 cpu: "2000m"
1170 ks_endpoints:
1171 requests:
1172 memory: "128Mi"
1173 cpu: "100m"
1174 limits:
1175 memory: "1024Mi"
1176 cpu: "2000m"
1177 ks_service:
1178 requests:
1179 memory: "128Mi"
1180 cpu: "100m"
1181 limits:
1182 memory: "1024Mi"
1183 cpu: "2000m"
1184 ks_user:
1185 requests:
1186 memory: "128Mi"
1187 cpu: "100m"
1188 limits:
1189 memory: "1024Mi"
1190 cpu: "2000m"
1191 rabbit_init:
1192 requests:
1193 memory: "128Mi"
1194 cpu: "100m"
1195 limits:
1196 memory: "1024Mi"
1197 cpu: "2000m"
1198 tests:
1199 requests:
1200 memory: "128Mi"
1201 cpu: "100m"
1202 limits:
1203 memory: "1024Mi"
1204 cpu: "2000m"
1205 trusts:
1206 requests:
1207 memory: "128Mi"
1208 cpu: "100m"
1209 limits:
1210 memory: "1024Mi"
1211 cpu: "2000m"
1212 engine_cleaner:
1213 requests:
1214 memory: "128Mi"
1215 cpu: "100m"
1216 limits:
1217 memory: "1024Mi"
1218 cpu: "2000m"
1219 purge_deleted:
1220 requests:
1221 memory: "124Mi"
1222 cpu: "100m"
1223 limits:
1224 memory: "1024Mi"
1225 cpu: "2000m"
1226 image_repo_sync:
1227 requests:
1228 memory: "128Mi"
1229 cpu: "100m"
1230 limits:
1231 memory: "1024Mi"
1232 cpu: "2000m"
1233
1234network_policy:
1235 heat:
1236 ingress:
1237 - {}
1238 egress:
1239 - {}
1240
1241# NOTE(helm_hook): helm_hook might break for helm2 binary.
1242# set helm3_hook: false when using the helm2 binary.
1243helm3_hook: true
1244
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1245tls:
1246 identity: false
1247 oslo_messaging: false
1248 oslo_db: false
1249
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1250manifests:
1251 certificates: false
1252 configmap_bin: true
1253 configmap_etc: true
1254 cron_job_engine_cleaner: true
1255 cron_job_purge_deleted: true
1256 deployment_api: true
1257 deployment_cfn: true
1258 deployment_cloudwatch: false
1259 deployment_engine: true
1260 ingress_api: true
1261 ingress_cfn: true
1262 ingress_cloudwatch: false
1263 job_bootstrap: true
1264 job_db_init: true
1265 job_db_sync: true
1266 job_db_drop: false
1267 job_image_repo_sync: true
1268 job_ks_endpoints: true
1269 job_ks_service: true
1270 job_ks_user_domain: true
1271 job_ks_user_trustee: true
1272 job_ks_user: true
1273 job_rabbit_init: true
1274 pdb_api: true
1275 pdb_cfn: true
1276 pdb_cloudwatch: false
1277 pod_rally_test: true
1278 network_policy: false
1279 secret_db: true
1280 secret_ingress_tls: true
1281 secret_keystone: true
1282 secret_rabbitmq: true
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1283 secret_registry: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1284 service_api: true
1285 service_cfn: true
1286 service_cloudwatch: false
1287 service_ingress_api: true
1288 service_ingress_cfn: true
1289 service_ingress_cloudwatch: false
1290 statefulset_engine: false
1291...