Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / d6568eb07acbbd4124983b217b08a5cf469481ea / . / charts / heat / values.yaml
blob: c9b8cdd952acea4b90f530ba10415d8d2f241201 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for heat.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21labels:
22 api:
23 node_selector_key: openstack-control-plane
24 node_selector_value: enabled
25 cfn:
26 node_selector_key: openstack-control-plane
27 node_selector_value: enabled
28 cloudwatch:
29 node_selector_key: openstack-control-plane
30 node_selector_value: enabled
31 engine:
32 node_selector_key: openstack-control-plane
33 node_selector_value: enabled
34 job:
35 node_selector_key: openstack-control-plane
36 node_selector_value: enabled
37 test:
38 node_selector_key: openstack-control-plane
39 node_selector_value: enabled
40
41images:
42 tags:
43 test: docker.io/xrally/xrally-openstack:2.0.0
44 bootstrap: docker.io/openstackhelm/heat:stein-ubuntu_bionic
45 db_init: docker.io/openstackhelm/heat:stein-ubuntu_bionic
46 heat_db_sync: docker.io/openstackhelm/heat:stein-ubuntu_bionic
47 db_drop: docker.io/openstackhelm/heat:stein-ubuntu_bionic
48 rabbit_init: docker.io/rabbitmq:3.7-management
49 ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
50 ks_service: docker.io/openstackhelm/heat:stein-ubuntu_bionic
51 ks_endpoints: docker.io/openstackhelm/heat:stein-ubuntu_bionic
52 heat_api: docker.io/openstackhelm/heat:stein-ubuntu_bionic
53 heat_cfn: docker.io/openstackhelm/heat:stein-ubuntu_bionic
54 heat_cloudwatch: docker.io/openstackhelm/heat:stein-ubuntu_bionic
55 heat_engine: docker.io/openstackhelm/heat:stein-ubuntu_bionic
56 heat_engine_cleaner: docker.io/openstackhelm/heat:stein-ubuntu_bionic
57 heat_purge_deleted: docker.io/openstackhelm/heat:stein-ubuntu_bionic
58 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
59 image_repo_sync: docker.io/docker:17.07.0
60 pull_policy: "IfNotPresent"
61 local_registry:
62 active: false
63 exclude:
64 - dep_check
65 - image_repo_sync
66
67jobs:
68 engine_cleaner:
69 cron: "*/5 * * * *"
70 starting_deadline: 600
71 history:
72 success: 3
73 failed: 1
74
75 purge_deleted:
76 cron: "20 */24 * * *"
77 purge_age: 60
78 history:
79 success: 3
80 failed: 1
81
82conf:
83 rally_tests:
84 run_tempest: false
85 tests:
86 HeatStacks.create_update_delete_stack:
87 - args:
88 template_path: /tmp/rally-jobs/random_strings.yaml
89 updated_template_path: /tmp/rally-jobs/updated_random_strings_replace.yaml
90 runner:
91 concurrency: 1
92 times: 1
93 type: constant
94 sla:
95 failure_rate:
96 max: 0
97 HeatStacks.create_check_delete_stack:
98 - args:
99 template_path: /tmp/rally-jobs/random_strings.yaml
100 runner:
101 concurrency: 1
102 times: 1
103 type: constant
104 sla:
105 failure_rate:
106 max: 0
107 HeatStacks.create_and_delete_stack:
108 - args:
109 template_path: /tmp/rally-jobs/resource_group_with_constraint.yaml
110 runner:
111 concurrency: 1
112 times: 1
113 type: constant
114 sla:
115 failure_rate:
116 max: 0
117 HeatStacks.create_and_list_stack:
118 - args:
119 template_path: /tmp/rally-jobs/default.yaml
120 runner:
121 concurrency: 1
122 times: 1
123 type: constant
124 sla:
125 failure_rate:
126 max: 0
127 HeatStacks.create_snapshot_restore_delete_stack:
128 - args:
129 template_path: /tmp/rally-jobs/random_strings.yaml
130 runner:
131 concurrency: 1
132 times: 1
133 type: constant
134 sla:
135 failure_rate:
136 max: 0
137 HeatStacks.create_stack_and_list_output:
138 - args:
139 template_path: /tmp/rally-jobs/resource_group_with_outputs.yaml
140 runner:
141 concurrency: 1
142 times: 1
143 type: constant
144 sla:
145 failure_rate:
146 max: 0
147 HeatStacks.create_stack_and_list_output_via_API:
148 - args:
149 template_path: /tmp/rally-jobs/resource_group_with_outputs.yaml
150 runner:
151 concurrency: 1
152 times: 1
153 type: constant
154 sla:
155 failure_rate:
156 max: 0
157 templates:
158 - name: /tmp/rally-jobs/default.yaml
159 template: |
160 heat_template_version: 2014-10-16
161 - name: /tmp/rally-jobs/random_strings.yaml
162 template: |
163 heat_template_version: 2014-10-16
164 description: Test template for rally create-update-delete scenario
165 resources:
166 test_string_one:
167 type: OS::Heat::RandomString
168 properties:
169 length: 20
170 test_string_two:
171 type: OS::Heat::RandomString
172 properties:
173 length: 20
174 - name: /tmp/rally-jobs/resource_group_with_constraint.yaml
175 template: |
176 heat_template_version: 2013-05-23
177 description: Template for testing caching.
178 parameters:
179 count:
180 type: number
181 default: 40
182 delay:
183 type: number
184 default: 0.1
185 resources:
186 rg:
187 type: OS::Heat::ResourceGroup
188 properties:
189 count:
190 get_param: count
191 resource_def:
192 type: OS::Heat::TestResource
193 properties:
194 constraint_prop_secs:
195 get_param: delay
196 - name: /tmp/rally-jobs/resource_group_with_outputs.yaml
197 template: |
198 heat_template_version: 2013-05-23
199 parameters:
200 attr_wait_secs:
201 type: number
202 default: 0.5
203 resources:
204 rg:
205 type: OS::Heat::ResourceGroup
206 properties:
207 count: 10
208 resource_def:
209 type: OS::Heat::TestResource
210 properties:
211 attr_wait_secs:
212 get_param: attr_wait_secs
213 outputs:
214 val1:
215 value:
216 get_attr:
217 - rg
218 - resource.0.output
219 val2:
220 value:
221 get_attr:
222 - rg
223 - resource.1.output
224 val3:
225 value:
226 get_attr:
227 - rg
228 - resource.2.output
229 val4:
230 value:
231 get_attr:
232 - rg
233 - resource.3.output
234 val5:
235 value:
236 get_attr:
237 - rg
238 - resource.4.output
239 val6:
240 value:
241 get_attr:
242 - rg
243 - resource.5.output
244 val7:
245 value:
246 get_attr:
247 - rg
248 - resource.6.output
249 val8:
250 value:
251 get_attr:
252 - rg
253 - resource.7.output
254 val9:
255 value:
256 get_attr:
257 - rg
258 - resource.8.output
259 val10:
260 value:
261 get_attr:
262 - rg
263 - resource.9.output
264 - name: /tmp/rally-jobs/updated_random_strings_replace.yaml
265 template: |
266 heat_template_version: 2014-10-16
267 description: |
268 Test template for create-update-delete-stack scenario in rally.
269 The template deletes one resource from the stack defined by
270 random-strings.yaml.template and re-creates it with the updated parameters
271 (so-called update-replace). That happens because some parameters cannot be
272 changed without resource re-creation. The template allows to measure performance
273 of update-replace operation.
274 resources:
275 test_string_one:
276 type: OS::Heat::RandomString
277 properties:
278 length: 20
279 test_string_two:
280 type: OS::Heat::RandomString
281 properties:
282 length: 40
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]283 paste:
284 pipeline:heat-api:
285 pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken audit context apiv1app
286 pipeline:heat-api-standalone:
287 pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app
288 pipeline:heat-api-custombackend:
289 pipeline: cors request_id faultwrap versionnegotiation context custombackendauth apiv1app
290 pipeline:heat-api-cfn:
291 pipeline: cors http_proxy_to_wsgi cfnversionnegotiation osprofiler ec2authtoken authtoken audit context apicfnv1app
292 pipeline:heat-api-cfn-standalone:
293 pipeline: cors http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app
294 pipeline:heat-api-cloudwatch:
295 pipeline: cors versionnegotiation osprofiler ec2authtoken authtoken audit context apicwapp
296 pipeline:heat-api-cloudwatch-standalone:
297 pipeline: cors versionnegotiation ec2authtoken context apicwapp
298 app:apiv1app:
299 paste.app_factory: heat.common.wsgi:app_factory
300 heat.app_factory: heat.api.openstack.v1:API
301 app:apicfnv1app:
302 paste.app_factory: heat.common.wsgi:app_factory
303 heat.app_factory: heat.api.cfn.v1:API
304 app:apicwapp:
305 paste.app_factory: heat.common.wsgi:app_factory
306 heat.app_factory: heat.api.cloudwatch:API
307 filter:versionnegotiation:
308 paste.filter_factory: heat.common.wsgi:filter_factory
309 heat.filter_factory: heat.api.openstack:version_negotiation_filter
310 filter:cors:
311 paste.filter_factory: oslo_middleware.cors:filter_factory
312 oslo_config_project: heat
313 filter:faultwrap:
314 paste.filter_factory: heat.common.wsgi:filter_factory
315 heat.filter_factory: heat.api.openstack:faultwrap_filter
316 filter:cfnversionnegotiation:
317 paste.filter_factory: heat.common.wsgi:filter_factory
318 heat.filter_factory: heat.api.cfn:version_negotiation_filter
319 filter:cwversionnegotiation:
320 paste.filter_factory: heat.common.wsgi:filter_factory
321 heat.filter_factory: heat.api.cloudwatch:version_negotiation_filter
322 filter:context:
323 paste.filter_factory: heat.common.context:ContextMiddleware_filter_factory
324 filter:ec2authtoken:
325 paste.filter_factory: heat.api.aws.ec2token:EC2Token_filter_factory
326 filter:http_proxy_to_wsgi:
327 paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
328 filter:authurl:
329 paste.filter_factory: heat.common.auth_url:filter_factory
330 filter:authtoken:
331 paste.filter_factory: keystonemiddleware.auth_token:filter_factory
332 filter:authpassword:
333 paste.filter_factory: heat.common.auth_password:filter_factory
334 filter:custombackendauth:
335 paste.filter_factory: heat.common.custom_backend_auth:filter_factory
336 filter:audit:
337 paste.filter_factory: keystonemiddleware.audit:filter_factory
338 audit_map_file: /etc/heat/api_audit_map.conf
339 filter:request_id:
340 paste.filter_factory: oslo_middleware.request_id:RequestId.factory
341 filter:osprofiler:
342 paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]343 policy: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]344 heat:
345 DEFAULT:
346 log_config_append: /etc/heat/logging.conf
347 num_engine_workers: 1
348 trusts_delegated_roles: ""
349 host: heat-engine
350 keystone_authtoken:
351 auth_type: password
352 auth_version: v3
353 memcache_security_strategy: ENCRYPT
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]354 service_type: orchestration
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]355 database:
356 max_retries: -1
357 trustee:
358 auth_type: password
359 auth_version: v3
360 heat_api:
361 # NOTE(portdirect): the bind port should not be defined, and is manipulated
362 # via the endpoints section.
363 bind_port: null
364 workers: 1
365 heat_api_cloudwatch:
366 # NOTE(portdirect): the bind port should not be defined, and is manipulated
367 # via the endpoints section.
368 bind_port: null
369 workers: 1
370 heat_api_cfn:
371 # NOTE(portdirect): the bind port should not be defined, and is manipulated
372 # via the endpoints section.
373 bind_port: null
374 workers: 1
375 paste_deploy:
376 api_paste_config: /etc/heat/api-paste.ini
377 clients:
378 endpoint_type: internalURL
379 clients_heat:
380 endpoint_type: publicURL
381 clients_keystone:
382 endpoint_type: internalURL
383 oslo_messaging_notifications:
384 driver: messagingv2
385 oslo_middleware:
386 enable_proxy_headers_parsing: true
387 oslo_messaging_rabbit:
388 rabbit_ha_queues: True
389 oslo_policy:
390 policy_file: /etc/heat/policy.yaml
391 api_audit_map:
392 DEFAULT:
393 target_endpoint_type: None
394 path_keywords:
395 stacks: stack
396 resources: resource
397 preview: None
398 detail: None
399 abandon: None
400 snapshots: snapshot
401 restore: None
402 outputs: output
403 metadata: server
404 signal: None
405 events: event
406 template: None
407 template_versions: template_version
408 functions: None
409 validate: None
410 resource_types: resource_type
411 build_info: None
412 actions: None
413 software_configs: software_config
414 software_deployments: software_deployment
415 services: None
416 service_endpoints:
417 orchestration:service/orchestration
418 logging:
419 loggers:
420 keys:
421 - root
422 - heat
423 handlers:
424 keys:
425 - stdout
426 - stderr
427 - "null"
428 formatters:
429 keys:
430 - context
431 - default
432 logger_root:
433 level: WARNING
434 handlers: 'null'
435 logger_heat:
436 level: INFO
437 handlers:
438 - stdout
439 qualname: heat
440 logger_amqp:
441 level: WARNING
442 handlers: stderr
443 qualname: amqp
444 logger_amqplib:
445 level: WARNING
446 handlers: stderr
447 qualname: amqplib
448 logger_eventletwsgi:
449 level: WARNING
450 handlers: stderr
451 qualname: eventlet.wsgi.server
452 logger_sqlalchemy:
453 level: WARNING
454 handlers: stderr
455 qualname: sqlalchemy
456 logger_boto:
457 level: WARNING
458 handlers: stderr
459 qualname: boto
460 handler_null:
461 class: logging.NullHandler
462 formatter: default
463 args: ()
464 handler_stdout:
465 class: StreamHandler
466 args: (sys.stdout,)
467 formatter: context
468 handler_stderr:
469 class: StreamHandler
470 args: (sys.stderr,)
471 formatter: context
472 formatter_context:
473 class: oslo_log.formatters.ContextFormatter
474 datefmt: "%Y-%m-%d %H:%M:%S"
475 formatter_default:
476 format: "%(message)s"
477 datefmt: "%Y-%m-%d %H:%M:%S"
Mohammed Naser134eac32023-10-04 15:43:54 -0400[diff] [blame]478
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]479 rabbitmq:
480 # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
481 policies:
482 - vhost: "heat"
483 name: "ha_ttl_heat"
484 definition:
485 # mirror messges to other nodes in rmq cluster
486 ha-mode: "all"
487 ha-sync-mode: "automatic"
488 # 70s
489 message-ttl: 70000
490 priority: 0
491 apply-to: all
492 pattern: '^(?!(amq\.|reply_)).*'
Oleksandr Kozachenko92a39f12023-10-03 15:25:15 +0200[diff] [blame]493 heat_api_uwsgi:
494 uwsgi:
495 add-header: "Connection: close"
496 buffer-size: 65535
497 die-on-term: true
498 enable-threads: true
499 exit-on-reload: false
500 hook-master-start: unix_signal:15 gracefully_kill_them_all
501 lazy-apps: true
502 log-x-forwarded-for: true
503 master: true
504 procname-prefix-spaced: "heat-api:"
505 route-user-agent: '^kube-probe.* donotlog:'
506 thunder-lock: true
507 worker-reload-mercy: 80
508 wsgi-file: /var/lib/openstack/bin/heat-wsgi-api
509 heat_api_cfn_uwsgi:
510 uwsgi:
511 add-header: "Connection: close"
512 buffer-size: 65535
513 die-on-term: true
514 enable-threads: true
515 exit-on-reload: false
516 hook-master-start: unix_signal:15 gracefully_kill_them_all
517 lazy-apps: true
518 log-x-forwarded-for: true
519 master: true
520 procname-prefix-spaced: "heat-api-cfn:"
521 route-user-agent: '^kube-probe.* donotlog:'
522 thunder-lock: true
523 worker-reload-mercy: 80
524 wsgi-file: /var/lib/openstack/bin/heat-wsgi-api-cfn
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]525
526network:
527 api:
528 ingress:
529 public: true
530 classes:
531 namespace: "nginx"
532 cluster: "nginx-cluster"
533 annotations:
534 nginx.ingress.kubernetes.io/rewrite-target: /
535 external_policy_local: false
536 node_port:
537 enabled: false
538 port: 30004
539 cfn:
540 ingress:
541 public: true
542 classes:
543 namespace: "nginx"
544 cluster: "nginx-cluster"
545 annotations:
546 nginx.ingress.kubernetes.io/rewrite-target: /
547 node_port:
548 enabled: false
549 port: 30800
550 cloudwatch:
551 ingress:
552 public: true
553 classes:
554 namespace: "nginx"
555 cluster: "nginx-cluster"
556 annotations:
557 nginx.ingress.kubernetes.io/rewrite-target: /
558 node_port:
559 enabled: false
560 port: 30003
561
562bootstrap:
563 enabled: true
564 ks_user: admin
565 script: |
566 #NOTE(portdirect): The Orchestration service automatically assigns the
567 # 'heat_stack_user' role to users that it creates during stack deployment.
568 # By default, this role restricts API operations. To avoid conflicts, do
569 # not add this role to actual users.
570 openstack role create --or-show heat_stack_user
571
572dependencies:
573 dynamic:
574 common:
575 local_image_registry:
576 jobs:
577 - heat-image-repo-sync
578 services:
579 - endpoint: node
580 service: local_image_registry
581 static:
582 api:
583 jobs:
584 - heat-db-sync
585 - heat-rabbit-init
586 - heat-ks-user
587 - heat-trustee-ks-user
588 - heat-domain-ks-user
589 - heat-ks-endpoints
590 - heat-bootstrap
591 services:
592 - endpoint: internal
593 service: oslo_db
594 - endpoint: internal
595 service: oslo_messaging
596 - endpoint: internal
597 service: identity
598 cfn:
599 jobs:
600 - heat-db-sync
601 - heat-rabbit-init
602 - heat-ks-user
603 - heat-trustee-ks-user
604 - heat-domain-ks-user
605 - heat-ks-endpoints
606 - heat-bootstrap
607 services:
608 - endpoint: internal
609 service: oslo_db
610 - endpoint: internal
611 service: oslo_messaging
612 - endpoint: internal
613 service: identity
614 cloudwatch:
615 jobs:
616 - heat-db-sync
617 - heat-rabbit-init
618 - heat-ks-user
619 - heat-trustee-ks-user
620 - heat-domain-ks-user
621 - heat-ks-endpoints
622 - heat-bootstrap
623 services:
624 - endpoint: internal
625 service: oslo_db
626 - endpoint: internal
627 service: oslo_messaging
628 - endpoint: internal
629 service: identity
630 db_drop:
631 services:
632 - endpoint: internal
633 service: oslo_db
634 db_init:
635 services:
636 - endpoint: internal
637 service: oslo_db
638 db_sync:
639 jobs:
640 - heat-db-init
641 services:
642 - endpoint: internal
643 service: oslo_db
644 bootstrap:
645 services:
646 - endpoint: internal
647 service: identity
648 engine:
649 jobs:
650 - heat-db-sync
651 - heat-rabbit-init
652 - heat-ks-user
653 - heat-trustee-ks-user
654 - heat-domain-ks-user
655 - heat-ks-endpoints
656 - heat-bootstrap
657 services:
658 - endpoint: internal
659 service: oslo_db
660 - endpoint: internal
661 service: oslo_messaging
662 - endpoint: internal
663 service: identity
664 engine_cleaner:
665 jobs:
666 - heat-db-sync
667 - heat-ks-user
668 - heat-trustee-ks-user
669 - heat-domain-ks-user
670 - heat-ks-endpoints
671 services:
672 - endpoint: internal
673 service: oslo_db
674 - endpoint: internal
675 service: oslo_messaging
676 - endpoint: internal
677 service: identity
678 purge_deleted:
679 jobs:
680 - heat-db-sync
681 - heat-ks-user
682 - heat-trustee-ks-user
683 - heat-domain-ks-user
684 - heat-ks-endpoints
685 services:
686 - endpoint: internal
687 service: oslo_db
688 - endpoint: internal
689 service: oslo_messaging
690 - endpoint: internal
691 service: identity
692 ks_endpoints:
693 jobs:
694 - heat-ks-service
695 services:
696 - endpoint: internal
697 service: identity
698 ks_service:
699 services:
700 - endpoint: internal
701 service: identity
702 ks_user:
703 services:
704 - endpoint: internal
705 service: identity
706 rabbit_init:
707 services:
708 - endpoint: internal
709 service: oslo_messaging
710 trusts:
711 jobs:
712 - heat-ks-user
713 - heat-trustee-ks-user
714 - heat-domain-ks-user
715 services:
716 - endpoint: internal
717 service: identity
718 image_repo_sync:
719 services:
720 - endpoint: internal
721 service: local_image_registry
722 tests:
723 services:
724 - endpoint: internal
725 service: identity
726 - endpoint: internal
727 service: orchestration
728
729# Names of secrets used by bootstrap and environmental checks
730secrets:
731 identity:
732 admin: heat-keystone-admin
733 heat: heat-keystone-user
734 heat_trustee: heat-keystone-trustee
735 heat_stack_user: heat-keystone-stack-user
736 test: heat-keystone-test
737 oslo_db:
738 admin: heat-db-admin
739 heat: heat-db-user
740 oslo_messaging:
741 admin: heat-rabbitmq-admin
742 heat: heat-rabbitmq-user
743 tls:
744 orchestration:
745 api:
746 public: heat-tls-public
747 internal: heat-tls-api
748 cloudformation:
749 cfn:
750 public: cloudformation-tls-public
751 internal: heat-tls-cfn
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]752 oci_image_registry:
753 heat: heat-oci-image-registry
754
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]755# typically overridden by environmental
756# values, but should include all endpoints
757# required by this chart
758endpoints:
759 cluster_domain_suffix: cluster.local
760 local_image_registry:
761 name: docker-registry
762 namespace: docker-registry
763 hosts:
764 default: localhost
765 internal: docker-registry
766 node: localhost
767 host_fqdn_override:
768 default: null
769 port:
770 registry:
771 node: 5000
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]772 oci_image_registry:
773 name: oci-image-registry
774 namespace: oci-image-registry
775 auth:
776 enabled: false
777 heat:
778 username: heat
779 password: password
780 hosts:
781 default: localhost
782 host_fqdn_override:
783 default: null
784 port:
785 registry:
786 default: null
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]787 identity:
788 name: keystone
789 auth:
790 admin:
791 region_name: RegionOne
792 username: admin
793 password: password
794 project_name: admin
795 user_domain_name: default
796 project_domain_name: default
797 heat:
798 role: admin
799 region_name: RegionOne
800 username: heat
801 password: password
802 project_name: service
803 user_domain_name: service
804 project_domain_name: service
805 heat_trustee:
806 role: admin
807 region_name: RegionOne
808 username: heat-trust
809 password: password
810 project_name: service
811 user_domain_name: service
812 project_domain_name: service
813 heat_stack_user:
814 role: admin
815 region_name: RegionOne
816 username: heat-domain
817 password: password
818 domain_name: heat
819 test:
820 role: admin
821 region_name: RegionOne
822 username: heat-test
823 password: password
824 project_name: test
825 user_domain_name: service
826 project_domain_name: service
827 hosts:
828 default: keystone
829 internal: keystone-api
830 host_fqdn_override:
831 default: null
832 path:
833 default: /v3
834 scheme:
835 default: 'http'
836 port:
837 api:
838 default: 80
839 internal: 5000
840 orchestration:
841 name: heat
842 hosts:
843 default: heat-api
844 public: heat
845 host_fqdn_override:
846 default: null
847 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
848 # endpoints using the following format:
849 # public:
850 # host: null
851 # tls:
852 # crt: null
853 # key: null
854 path:
855 default: '/v1/%(project_id)s'
856 scheme:
857 default: 'http'
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]858 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]859 port:
860 api:
861 default: 8004
862 public: 80
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]863 service: 8004
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]864 cloudformation:
865 name: heat-cfn
866 hosts:
867 default: heat-cfn
868 public: cloudformation
869 host_fqdn_override:
870 default: null
871 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
872 # endpoints using the following format:
873 # public:
874 # host: null
875 # tls:
876 # crt: null
877 # key: null
878 path:
879 default: /v1
880 scheme:
881 default: 'http'
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]882 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]883 port:
884 api:
885 default: 8000
886 public: 80
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]887 service: 8000
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]888 # Cloudwatch does not get an entry in the keystone service catalog
889 cloudwatch:
890 name: heat-cloudwatch
891 hosts:
892 default: heat-cloudwatch
893 public: cloudwatch
894 host_fqdn_override:
895 default: null
896 path:
897 default: null
898 type: null
899 scheme:
900 default: 'http'
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]901 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]902 port:
903 api:
904 default: 8003
905 public: 80
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]906 service: 8003
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]907 oslo_db:
908 auth:
909 admin:
910 username: root
911 password: password
912 secret:
913 tls:
914 internal: mariadb-tls-direct
915 heat:
916 username: heat
917 password: password
918 hosts:
919 default: mariadb
920 host_fqdn_override:
921 default: null
922 path: /heat
923 scheme: mysql+pymysql
924 port:
925 mysql:
926 default: 3306
927 oslo_cache:
928 auth:
929 # NOTE(portdirect): this is used to define the value for keystone
930 # authtoken cache encryption key, if not set it will be populated
931 # automatically with a random value, but to take advantage of
932 # this feature all services should be set to use the same key,
933 # and memcache service.
934 memcache_secret_key: null
935 hosts:
936 default: memcached
937 host_fqdn_override:
938 default: null
939 port:
940 memcache:
941 default: 11211
942 oslo_messaging:
943 auth:
944 admin:
945 username: rabbitmq
946 password: password
947 secret:
948 tls:
949 internal: rabbitmq-tls-direct
950 heat:
951 username: heat
952 password: password
953 statefulset:
954 replicas: 2
955 name: rabbitmq-rabbitmq
956 hosts:
957 default: rabbitmq
958 host_fqdn_override:
959 default: null
960 path: /heat
961 scheme: rabbit
962 port:
963 amqp:
964 default: 5672
965 http:
966 default: 15672
967 fluentd:
968 namespace: null
969 name: fluentd
970 hosts:
971 default: fluentd-logging
972 host_fqdn_override:
973 default: null
974 path:
975 default: null
976 scheme: 'http'
977 port:
978 service:
979 default: 24224
980 metrics:
981 default: 24220
982 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
983 # They are using to enable the Egress K8s network policy.
984 kube_dns:
985 namespace: kube-system
986 name: kubernetes-dns
987 hosts:
988 default: kube-dns
989 host_fqdn_override:
990 default: null
991 path:
992 default: null
993 scheme: http
994 port:
995 dns:
996 default: 53
997 protocol: UDP
998 ingress:
999 namespace: null
1000 name: ingress
1001 hosts:
1002 default: ingress
1003 port:
1004 ingress:
1005 default: 80
1006
1007pod:
1008 security_context:
1009 heat:
1010 pod:
1011 runAsUser: 42424
1012 container:
1013 heat_api:
1014 readOnlyRootFilesystem: true
1015 allowPrivilegeEscalation: false
1016 heat_cfn:
1017 readOnlyRootFilesystem: true
1018 allowPrivilegeEscalation: false
1019 heat_cloudwatch:
1020 readOnlyRootFilesystem: true
1021 allowPrivilegeEscalation: false
1022 heat_engine:
1023 readOnlyRootFilesystem: true
1024 allowPrivilegeEscalation: false
1025 trusts:
1026 pod:
1027 runAsUser: 42424
1028 container:
1029 heat_trusts:
1030 readOnlyRootFilesystem: true
1031 allowPrivilegeEscalation: false
1032 ks_user:
1033 pod:
1034 runAsUser: 42424
1035 container:
1036 heat_ks_domain_user:
1037 readOnlyRootFilesystem: true
1038 allowPrivilegeEscalation: false
1039 engine_cleaner:
1040 pod:
1041 runAsUser: 42424
1042 container:
1043 heat_engine_cleaner:
1044 readOnlyRootFilesystem: true
1045 allowPrivilegeEscalation: false
1046 affinity:
1047 anti:
1048 type:
1049 default: preferredDuringSchedulingIgnoredDuringExecution
1050 topologyKey:
1051 default: kubernetes.io/hostname
1052 weight:
1053 default: 10
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1054 tolerations:
1055 heat:
1056 enabled: false
1057 tolerations:
1058 - key: node-role.kubernetes.io/master
1059 operator: Exists
1060 effect: NoSchedule
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1061 - key: node-role.kubernetes.io/control-plane
1062 operator: Exists
1063 effect: NoSchedule
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1064 mounts:
1065 heat_api:
1066 init_container: null
1067 heat_api:
1068 volumeMounts:
1069 volumes:
1070 heat_cfn:
1071 init_container: null
1072 heat_cfn:
1073 volumeMounts:
1074 volumes:
1075 heat_cloudwatch:
1076 init_container: null
1077 heat_cloudwatch:
1078 volumeMounts:
1079 volumes:
1080 heat_engine:
1081 init_container: null
1082 heat_engine:
1083 volumeMounts:
1084 volumes:
1085 heat_bootstrap:
1086 init_container: null
1087 heat_bootstrap:
1088 volumeMounts:
1089 volumes:
1090 heat_trusts:
1091 init_container: null
1092 heat_trusts:
1093 volumeMounts:
1094 volumes:
1095 heat_engine_cleaner:
1096 init_container: null
1097 heat_engine_cleaner:
1098 volumeMounts:
1099 volumes:
1100 heat_purge_deleted:
1101 init_container: null
1102 heat_purge_deleted:
1103 volumeMounts:
1104 volumes:
1105 heat_tests:
1106 init_container: null
1107 heat_tests:
1108 volumeMounts:
1109 volumes:
1110 heat_db_sync:
1111 heat_db_sync:
1112 volumeMounts:
1113 volumes:
1114 replicas:
1115 api: 1
1116 cfn: 1
1117 cloudwatch: 1
1118 engine: 1
1119 lifecycle:
1120 upgrades:
1121 deployments:
1122 revision_history: 3
1123 pod_replacement_strategy: RollingUpdate
1124 rolling_update:
1125 max_unavailable: 1
1126 max_surge: 3
1127 disruption_budget:
1128 api:
1129 min_available: 0
1130 cfn:
1131 min_available: 0
1132 cloudwatch:
1133 min_available: 0
1134 termination_grace_period:
1135 api:
1136 timeout: 30
1137 cfn:
1138 timeout: 30
1139 cloudwatch:
1140 timeout: 30
1141 engine:
1142 timeout: 30
1143 resources:
1144 enabled: false
1145 api:
1146 requests:
1147 memory: "128Mi"
1148 cpu: "100m"
1149 limits:
1150 memory: "1024Mi"
1151 cpu: "2000m"
1152 cfn:
1153 requests:
1154 memory: "128Mi"
1155 cpu: "100m"
1156 limits:
1157 memory: "1024Mi"
1158 cpu: "2000m"
1159 cloudwatch:
1160 requests:
1161 memory: "128Mi"
1162 cpu: "100m"
1163 limits:
1164 memory: "1024Mi"
1165 cpu: "2000m"
1166 engine:
1167 requests:
1168 memory: "128Mi"
1169 cpu: "100m"
1170 limits:
1171 memory: "1024Mi"
1172 cpu: "2000m"
1173 jobs:
1174 bootstrap:
1175 requests:
1176 memory: "128Mi"
1177 cpu: "100m"
1178 limits:
1179 memory: "1024Mi"
1180 cpu: "2000m"
1181 db_init:
1182 requests:
1183 memory: "128Mi"
1184 cpu: "100m"
1185 limits:
1186 memory: "1024Mi"
1187 cpu: "2000m"
1188 db_sync:
1189 requests:
1190 memory: "128Mi"
1191 cpu: "100m"
1192 limits:
1193 memory: "1024Mi"
1194 cpu: "2000m"
1195 db_drop:
1196 requests:
1197 memory: "128Mi"
1198 cpu: "100m"
1199 limits:
1200 memory: "1024Mi"
1201 cpu: "2000m"
1202 ks_endpoints:
1203 requests:
1204 memory: "128Mi"
1205 cpu: "100m"
1206 limits:
1207 memory: "1024Mi"
1208 cpu: "2000m"
1209 ks_service:
1210 requests:
1211 memory: "128Mi"
1212 cpu: "100m"
1213 limits:
1214 memory: "1024Mi"
1215 cpu: "2000m"
1216 ks_user:
1217 requests:
1218 memory: "128Mi"
1219 cpu: "100m"
1220 limits:
1221 memory: "1024Mi"
1222 cpu: "2000m"
1223 rabbit_init:
1224 requests:
1225 memory: "128Mi"
1226 cpu: "100m"
1227 limits:
1228 memory: "1024Mi"
1229 cpu: "2000m"
1230 tests:
1231 requests:
1232 memory: "128Mi"
1233 cpu: "100m"
1234 limits:
1235 memory: "1024Mi"
1236 cpu: "2000m"
1237 trusts:
1238 requests:
1239 memory: "128Mi"
1240 cpu: "100m"
1241 limits:
1242 memory: "1024Mi"
1243 cpu: "2000m"
1244 engine_cleaner:
1245 requests:
1246 memory: "128Mi"
1247 cpu: "100m"
1248 limits:
1249 memory: "1024Mi"
1250 cpu: "2000m"
1251 purge_deleted:
1252 requests:
1253 memory: "124Mi"
1254 cpu: "100m"
1255 limits:
1256 memory: "1024Mi"
1257 cpu: "2000m"
1258 image_repo_sync:
1259 requests:
1260 memory: "128Mi"
1261 cpu: "100m"
1262 limits:
1263 memory: "1024Mi"
1264 cpu: "2000m"
1265
1266network_policy:
1267 heat:
1268 ingress:
1269 - {}
1270 egress:
1271 - {}
1272
1273# NOTE(helm_hook): helm_hook might break for helm2 binary.
1274# set helm3_hook: false when using the helm2 binary.
1275helm3_hook: true
1276
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1277tls:
1278 identity: false
1279 oslo_messaging: false
1280 oslo_db: false
1281
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1282manifests:
1283 certificates: false
1284 configmap_bin: true
1285 configmap_etc: true
1286 cron_job_engine_cleaner: true
1287 cron_job_purge_deleted: true
1288 deployment_api: true
1289 deployment_cfn: true
1290 deployment_cloudwatch: false
1291 deployment_engine: true
1292 ingress_api: true
1293 ingress_cfn: true
1294 ingress_cloudwatch: false
1295 job_bootstrap: true
1296 job_db_init: true
1297 job_db_sync: true
1298 job_db_drop: false
1299 job_image_repo_sync: true
1300 job_ks_endpoints: true
1301 job_ks_service: true
1302 job_ks_user_domain: true
1303 job_ks_user_trustee: true
1304 job_ks_user: true
1305 job_rabbit_init: true
1306 pdb_api: true
1307 pdb_cfn: true
1308 pdb_cloudwatch: false
1309 pod_rally_test: true
1310 network_policy: false
1311 secret_db: true
1312 secret_ingress_tls: true
1313 secret_keystone: true
1314 secret_rabbitmq: true
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1315 secret_registry: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1316 service_api: true
1317 service_cfn: true
1318 service_cloudwatch: false
1319 service_ingress_api: true
1320 service_ingress_cfn: true
1321 service_ingress_cloudwatch: false
1322 statefulset_engine: false
1323...