Blame - charts/libvirt/values.yaml - atmosphere

blob: c57c9f8487dcc5c07c65ab50d65a07b23399583f [file] [log] [blame]

Mohammed Naser	f3f59a7	2023-01-15 21:02:04 -0500	[diff] [blame]	1	# Licensed under the Apache License, Version 2.0 (the "License");
				2	# you may not use this file except in compliance with the License.
				3	# You may obtain a copy of the License at
				4	#
				5	# http://www.apache.org/licenses/LICENSE-2.0
				6	#
				7	# Unless required by applicable law or agreed to in writing, software
				8	# distributed under the License is distributed on an "AS IS" BASIS,
				9	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				10	# See the License for the specific language governing permissions and
				11	# limitations under the License.
				12
				13	# Default values for libvirt.
				14	# This is a YAML-formatted file.
				15	# Declare name/value pairs to be passed into your templates.
				16	# name: value
				17
				18	---
				19	release_group: null
				20
				21	labels:
				22	agent:
				23	libvirt:
				24	node_selector_key: openstack-compute-node
				25	node_selector_value: enabled
				26
				27	images:
				28	tags:
okozachenko1203	d2cd687	2023-08-31 19:53:51 +1000	[diff] [blame]	29	libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal
				30	libvirt_exporter: vexxhost/libvirtd-exporter:latest
				31	ceph_config_helper: 'docker.io/openstackhelm/ceph-config-helper:ubuntu_focal_17.2.6-1-20230508'
Mohammed Naser	f3f59a7	2023-01-15 21:02:04 -0500	[diff] [blame]	32	dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
				33	image_repo_sync: docker.io/library/docker:17.07.0
okozachenko1203	d2cd687	2023-08-31 19:53:51 +1000	[diff] [blame]	34	kubectl: docker.io/bitnami/kubectl:latest
Mohammed Naser	f3f59a7	2023-01-15 21:02:04 -0500	[diff] [blame]	35	pull_policy: "IfNotPresent"
				36	local_registry:
				37	active: false
				38	exclude:
				39	- dep_check
				40	- image_repo_sync
				41
				42	network:
				43	# provide what type of network wiring will be used
				44	# possible options: openvswitch, linuxbridge, sriov
				45	backend:
				46	- openvswitch
				47
				48	endpoints:
				49	cluster_domain_suffix: cluster.local
				50	local_image_registry:
				51	name: docker-registry
				52	namespace: docker-registry
				53	hosts:
				54	default: localhost
				55	internal: docker-registry
				56	node: localhost
				57	host_fqdn_override:
				58	default: null
				59	port:
				60	registry:
				61	node: 5000
okozachenko1203	d2cd687	2023-08-31 19:53:51 +1000	[diff] [blame]	62	oci_image_registry:
				63	name: oci-image-registry
				64	namespace: oci-image-registry
				65	auth:
				66	enabled: false
				67	libvirt:
				68	username: libvirt
				69	password: password
				70	hosts:
				71	default: localhost
				72	host_fqdn_override:
				73	default: null
				74	port:
				75	registry:
				76	default: null
				77	libvirt_exporter:
				78	port:
				79	metrics:
				80	default: 9474
Mohammed Naser	f3f59a7	2023-01-15 21:02:04 -0500	[diff] [blame]	81
				82	network_policy:
				83	libvirt:
				84	ingress:
				85	- {}
				86	egress:
				87	- {}
				88
				89	ceph_client:
				90	configmap: ceph-etc
				91	user_secret_name: pvc-ceph-client-key
				92
okozachenko1203	fbca509	2023-09-01 02:11:37 +1000	[diff] [blame]	93	# Issuers for TLS certificates
				94	issuers:
				95	# Issuer to issue a certificate for libvirt api when listen_tls is enabled
				96	libvirt:
				97	kind: ClusterIssuer
				98	name: ca-clusterissuer
				99	# Issuer to issue a certificate for vencrypt
				100	vencrypt:
				101	kind: ClusterIssuer
				102	name: ca-clusterissuer
				103
Mohammed Naser	f3f59a7	2023-01-15 21:02:04 -0500	[diff] [blame]	104	conf:
				105	ceph:
				106	enabled: true
				107	admin_keyring: null
				108	cinder:
				109	user: "cinder"
				110	keyring: null
				111	secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
				112	# Cinder Ceph backend that is not configured by the k8s cluter
				113	external_ceph:
				114	enabled: false
				115	user: null
				116	secret_uuid: null
				117	user_secret_name: null
				118	libvirt:
				119	listen_tcp: "1"
				120	listen_tls: "0"
				121	auth_tcp: "none"
				122	ca_file: "/etc/pki/CA/cacert.pem"
				123	cert_file: "/etc/pki/libvirt/servercert.pem"
				124	key_file: "/etc/pki/libvirt/private/serverkey.pem"
				125	auth_unix_rw: "none"
				126	listen_addr: 127.0.0.1
				127	log_level: "3"
				128	log_outputs: "1:file:/var/log/libvirt/libvirtd.log"
				129	qemu:
okozachenko1203	d2cd687	2023-08-31 19:53:51 +1000	[diff] [blame]	130	vnc_tls: "0"
				131	vnc_tls_x509_verify: "0"
Mohammed Naser	f3f59a7	2023-01-15 21:02:04 -0500	[diff] [blame]	132	stdio_handler: "file"
				133	user: "nova"
				134	group: "kvm"
okozachenko1203	fbca509	2023-09-01 02:11:37 +1000	[diff] [blame]	135	default_tls_x509_cert_dir: /etc/pki/qemu
Mohammed Naser	f3f59a7	2023-01-15 21:02:04 -0500	[diff] [blame]	136	kubernetes:
okozachenko1203	d2cd687	2023-08-31 19:53:51 +1000	[diff] [blame]	137	cgroup: "kubepods.slice"
Mohammed Naser	f3f59a7	2023-01-15 21:02:04 -0500	[diff] [blame]	138
				139	pod:
				140	probes:
				141	libvirt:
				142	libvirt:
				143	liveness:
				144	enabled: true
				145	params:
				146	initialDelaySeconds: 30
				147	periodSeconds: 60
				148	timeoutSeconds: 5
				149	readiness:
				150	enabled: true
				151	params:
				152	initialDelaySeconds: 15
				153	periodSeconds: 60
				154	timeoutSeconds: 5
				155	security_context:
				156	libvirt:
				157	pod:
				158	runAsUser: 0
				159	container:
				160	ceph_admin_keyring_placement:
				161	readOnlyRootFilesystem: false
				162	ceph_keyring_placement:
				163	readOnlyRootFilesystem: false
				164	libvirt:
				165	privileged: true
				166	readOnlyRootFilesystem: false
okozachenko1203	d2cd687	2023-08-31 19:53:51 +1000	[diff] [blame]	167	libvirt_exporter:
				168	privileged: true
				169	sidecars:
				170	libvirt_exporter: false
				171
Mohammed Naser	f3f59a7	2023-01-15 21:02:04 -0500	[diff] [blame]	172	affinity:
				173	anti:
				174	type:
				175	default: preferredDuringSchedulingIgnoredDuringExecution
				176	topologyKey:
				177	default: kubernetes.io/hostname
				178	weight:
				179	default: 10
okozachenko1203	d2cd687	2023-08-31 19:53:51 +1000	[diff] [blame]	180	tolerations:
				181	libvirt:
				182	enabled: false
				183	tolerations:
				184	- key: node-role.kubernetes.io/master
				185	operator: Exists
				186	effect: NoSchedule
				187	- key: node-role.kubernetes.io/control-plane
				188	operator: Exists
				189	effect: NoSchedule
Mohammed Naser	f3f59a7	2023-01-15 21:02:04 -0500	[diff] [blame]	190	dns_policy: "ClusterFirstWithHostNet"
				191	mounts:
				192	libvirt:
				193	init_container: null
				194	libvirt:
				195	lifecycle:
				196	upgrades:
				197	daemonsets:
				198	pod_replacement_strategy: RollingUpdate
				199	libvirt:
				200	enabled: true
				201	min_ready_seconds: 0
				202	max_unavailable: 1
				203	resources:
				204	enabled: false
				205	libvirt:
				206	requests:
				207	memory: "128Mi"
				208	cpu: "100m"
				209	limits:
				210	memory: "1024Mi"
				211	cpu: "2000m"
				212	jobs:
				213	image_repo_sync:
				214	requests:
				215	memory: "128Mi"
				216	cpu: "100m"
				217	limits:
				218	memory: "1024Mi"
				219	cpu: "2000m"
okozachenko1203	d2cd687	2023-08-31 19:53:51 +1000	[diff] [blame]	220	libvirt_exporter:
				221	requests:
				222	memory: "128Mi"
				223	cpu: "100m"
				224	limits:
				225	memory: "256Mi"
				226	cpu: "500m"
Mohammed Naser	f3f59a7	2023-01-15 21:02:04 -0500	[diff] [blame]	227
				228	dependencies:
				229	dynamic:
				230	common:
				231	local_image_registry:
				232	jobs:
				233	- libvirt-image-repo-sync
				234	services:
				235	- endpoint: node
				236	service: local_image_registry
				237	targeted:
Mohammed Naser	d6db245	2023-07-23 14:34:59 +0000	[diff] [blame]	238	ovn:
				239	libvirt:
				240	pod:
				241	- requireSameNode: true
				242	labels:
				243	application: ovn
				244	component: ovn-controller
Mohammed Naser	f3f59a7	2023-01-15 21:02:04 -0500	[diff] [blame]	245	openvswitch:
				246	libvirt:
				247	pod:
				248	- requireSameNode: true
				249	labels:
				250	application: neutron
				251	component: neutron-ovs-agent
				252	linuxbridge:
				253	libvirt:
				254	pod:
				255	- requireSameNode: true
				256	labels:
				257	application: neutron
				258	component: neutron-lb-agent
				259	sriov:
				260	libvirt:
				261	pod:
				262	- requireSameNode: true
				263	labels:
				264	application: neutron
				265	component: neutron-sriov-agent
				266	static:
				267	libvirt:
				268	services: null
				269	image_repo_sync:
				270	services:
				271	- endpoint: internal
				272	service: local_image_registry
				273
okozachenko1203	14e3801	2023-09-01 01:40:19 +1000	[diff] [blame]	274	scripts:
				275	# Script is included here (vs in bin/) to allow overriding.
				276	cert_init_sh: \|
				277	#!/bin/bash
				278	set -x
				279
Mohammed Naser	a7a27f8	2023-10-09 22:47:31 -0400	[diff] [blame]	280	HOSTNAME_FQDN=$(hostname --fqdn)
okozachenko1203	14e3801	2023-09-01 01:40:19 +1000	[diff] [blame]	281
Mohammed Naser	a7a27f8	2023-10-09 22:47:31 -0400	[diff] [blame]	282	# Script to create certs for each libvirt pod based on pod IP (by default).
okozachenko1203	14e3801	2023-09-01 01:40:19 +1000	[diff] [blame]	283	cat <<EOF \| kubectl apply -f -
				284	apiVersion: cert-manager.io/v1
				285	kind: Certificate
				286	metadata:
				287	name: ${POD_NAME}-${TYPE}
				288	namespace: ${POD_NAMESPACE}
				289	ownerReferences:
				290	- apiVersion: v1
				291	kind: Pod
				292	name: ${POD_NAME}
				293	uid: ${POD_UID}
				294	spec:
				295	secretName: ${POD_NAME}-${TYPE}
				296	commonName: ${POD_IP}
				297	usages:
				298	- client auth
				299	- server auth
				300	dnsNames:
				301	- ${HOSTNAME}
Mohammed Naser	a7a27f8	2023-10-09 22:47:31 -0400	[diff] [blame]	302	- ${HOSTNAME_FQDN}
okozachenko1203	14e3801	2023-09-01 01:40:19 +1000	[diff] [blame]	303	ipAddresses:
				304	- ${POD_IP}
				305	issuerRef:
				306	kind: ${ISSUER_KIND}
				307	name: ${ISSUER_NAME}
				308	EOF
				309
				310	kubectl -n ${POD_NAMESPACE} wait --for=condition=Ready --timeout=300s \
				311	certificate/${POD_NAME}-${TYPE}
				312
				313	# NOTE(mnaser): cert-manager does not clean-up the secrets when the certificate
				314	# is deleted, so we should add an owner reference to the secret
				315	# to ensure that it is cleaned up when the pod is deleted.
				316	kubectl -n ${POD_NAMESPACE} patch secret ${POD_NAME}-${TYPE} \
				317	--type=json -p='[{"op": "add", "path": "/metadata/ownerReferences", "value": [{"apiVersion": "v1", "kind": "Pod", "name": "'${POD_NAME}'", "uid": "'${POD_UID}'"}]}]'
				318
				319	kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.crt}' \| base64 -d > /tmp/${TYPE}.crt
				320	kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.key}' \| base64 -d > /tmp/${TYPE}.key
				321	kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.ca\.crt}' \| base64 -d > /tmp/${TYPE}-ca.crt
				322
Mohammed Naser	f3f59a7	2023-01-15 21:02:04 -0500	[diff] [blame]	323	manifests:
				324	configmap_bin: true
				325	configmap_etc: true
				326	daemonset_libvirt: true
				327	job_image_repo_sync: true
				328	network_policy: false
okozachenko1203	d2cd687	2023-08-31 19:53:51 +1000	[diff] [blame]	329	role_cert_manager: false
				330	secret_registry: true
				331
				332	secrets:
				333	oci_image_registry:
				334	libvirt: libvirt-oci-image-registry-key
				335	tls:
				336	server: libvirt-tls-server
				337	client: libvirt-tls-client
Mohammed Naser	f3f59a7	2023-01-15 21:02:04 -0500	[diff] [blame]	338	...