blob: 6e520ca4ae4949f00777c6e01db0fd1e6324b239 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -05001# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for designate.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21labels:
22 api:
23 node_selector_key: openstack-control-plane
24 node_selector_value: enabled
25 central:
26 node_selector_key: openstack-control-plane
27 node_selector_value: enabled
28 producer:
29 node_selector_key: openstack-control-plane
30 node_selector_value: enabled
31 worker:
32 node_selector_key: openstack-control-plane
33 node_selector_value: enabled
34 job:
35 node_selector_key: openstack-control-plane
36 node_selector_value: enabled
37 mdns:
38 node_selector_key: openstack-control-plane
39 node_selector_value: enabled
40 sink:
41 node_selector_key: openstack-control-plane
42 node_selector_value: enabled
43
44images:
45 tags:
46 bootstrap: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
47 db_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
48 db_drop: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
49 rabbit_init: docker.io/rabbitmq:3.7-management
50 ks_user: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
51 ks_service: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
52 ks_endpoints: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
53 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
54 designate_db_sync: docker.io/openstackhelm/designate:wallaby-ubuntu_focal
55 designate_api: docker.io/openstackhelm/designate:wallaby-ubuntu_focal
56 designate_central: docker.io/openstackhelm/designate:wallaby-ubuntu_focal
57 designate_mdns: docker.io/openstackhelm/designate:wallaby-ubuntu_focal
58 designate_worker: docker.io/openstackhelm/designate:wallaby-ubuntu_focal
59 designate_producer: docker.io/openstackhelm/designate:wallaby-ubuntu_focal
60 designate_sink: docker.io/openstackhelm/designate:wallaby-ubuntu_focal
61 pull_policy: "IfNotPresent"
62 local_registry:
63 active: false
64 exclude:
65 - dep_check
66 - image_repo_sync
67
68pod:
Dong Ma6433b0a2025-02-10 08:55:22 +000069 priorityClassName:
70 designate_api: null
71 designate_central: null
72 designate_mdns: null
73 designate_producer: null
74 designate_sink: null
75 designate_worker: null
76 db_sync: null
77 runtimeClassName:
78 designate_api: null
79 designate_central: null
80 designate_mdns: null
81 designate_producer: null
82 designate_sink: null
83 designate_worker: null
84 db_sync: null
Mohammed Naserf3f59a72023-01-15 21:02:04 -050085 affinity:
86 anti:
87 type:
88 default: preferredDuringSchedulingIgnoredDuringExecution
89 topologyKey:
90 default: kubernetes.io/hostname
91 mounts:
92 designate_api:
93 init_container: null
94 designate_api:
95 volumeMounts:
96 volumes:
97 designate_central:
98 init_container: null
99 designate_central:
100 volumeMounts:
101 volumes:
102 designate_mdns:
103 init_container: null
104 designate_mdns:
105 volumeMounts:
106 volumes:
107 designate_worker:
108 init_container: null
109 designate_worker:
110 volumeMounts:
111 volumes:
112 designate_producer:
113 init_container: null
114 designate_producer:
115 volumeMounts:
116 volumes:
117 designate_sink:
118 init_container: null
119 designate_sink:
120 volumeMounts:
121 volumes:
122 designate_db_sync:
123 designate_db_sync:
124 volumeMounts:
125 volumes:
126 replicas:
127 api: 1
128 central: 1
129 mdns: 1
130 producer: 1
131 sink: 1
132 worker: 1
133 lifecycle:
134 upgrades:
135 deployments:
136 revision_history: 3
137 pod_replacement_strategy: RollingUpdate
138 rolling_update:
139 max_unavailable: 1
140 max_surge: 3
141 disruption_budget:
142 api:
143 min_available: 0
144 central:
145 min_available: 0
146 mdns:
147 min_available: 0
148 worker:
149 min_available: 0
150 producer:
151 min_available: 0
152 sink:
153 min_available: 0
154 termination_grace_period:
155 api:
156 timeout: 30
157 mdns:
158 timeout: 30
159
160 resources:
161 enabled: false
162 api:
163 requests:
164 memory: "128Mi"
165 cpu: "100m"
166 limits:
167 memory: "1024Mi"
168 cpu: "2000m"
169 jobs:
170 bootstrap:
171 requests:
172 memory: "128Mi"
173 cpu: "100m"
174 limits:
175 memory: "1024Mi"
176 cpu: "2000m"
177 db_init:
178 requests:
179 memory: "128Mi"
180 cpu: "100m"
181 limits:
182 memory: "1024Mi"
183 cpu: "2000m"
184 db_sync:
185 requests:
186 memory: "128Mi"
187 cpu: "100m"
188 limits:
189 memory: "1024Mi"
190 cpu: "2000m"
191 ks_endpoints:
192 requests:
193 memory: "128Mi"
194 cpu: "100m"
195 limits:
196 memory: "1024Mi"
197 cpu: "2000m"
198 ks_service:
199 requests:
200 memory: "128Mi"
201 cpu: "100m"
202 limits:
203 memory: "1024Mi"
204 cpu: "2000m"
205 ks_user:
206 requests:
207 memory: "128Mi"
208 cpu: "100m"
209 limits:
210 memory: "1024Mi"
211 cpu: "2000m"
212 rabbit_init:
213 requests:
214 memory: "128Mi"
215 cpu: "100m"
216 limits:
217 memory: "1024Mi"
218 cpu: "2000m"
219 tests:
220 requests:
221 memory: "128Mi"
222 cpu: "100m"
223 limits:
224 memory: "1024Mi"
225 cpu: "2000m"
226
227network:
228 api:
229 ingress:
230 public: true
231 classes:
232 namespace: "nginx"
233 cluster: "nginx-cluster"
234 annotations:
235 nginx.ingress.kubernetes.io/rewrite-target: /
236 external_policy_local: false
237 node_port:
238 enabled: false
239 port: 9001
240 mdns:
241 name: "designate-mdns"
242 proto: "http"
243 external_policy_local: false
244 node_port:
245 enabled: true
246 port: 5354
247
248bootstrap:
249 enabled: false
250 script: |
251 openstack token issue
252
253dependencies:
254 dynamic:
255 common:
256 local_image_registry:
257 jobs:
258 - designate-image-repo-sync
259 services:
260 - endpoint: node
261 service: local_image_registry
262 job_rabbit_init:
263 api:
264 jobs:
265 - designate-rabbit-init
266 sink:
267 jobs:
268 - designate-rabbit-init
269 central:
270 jobs:
271 - designate-rabbit-init
272 worker:
273 jobs:
274 - designate-rabbit-init
275 static:
276 db_init:
277 services:
278 - service: oslo_db
279 endpoint: internal
280 db_sync:
281 jobs:
282 - designate-db-init
283 services:
284 - service: oslo_db
285 endpoint: internal
286 ks_user:
287 services:
288 - service: identity
289 endpoint: internal
290 ks_service:
291 services:
292 - service: identity
293 endpoint: internal
294 ks_endpoints:
295 jobs:
296 - designate-ks-service
297 services:
298 - service: identity
299 endpoint: internal
300 rabbit_init:
301 services:
302 - service: oslo_messaging
303 endpoint: internal
304 api:
305 jobs:
306 - designate-db-sync
307 - designate-ks-user
308 - designate-ks-endpoints
309 service:
310 - service: oslo_db
311 endpoint: internal
312 - service: identity
313 endpoint: internal
314 - service: oslo_messaging
315 endpoint: internal
316 central:
317 jobs:
318 - designate-db-sync
319 - designate-ks-user
320 - designate-ks-endpoints
321 service:
322 - service: oslo_db
323 endpoint: internal
324 - service: identity
325 endpoint: internal
326 - service: oslo_messaging
327 endpoint: internal
328 worker:
329 jobs:
330 - designate-db-sync
331 - designate-ks-user
332 - designate-ks-endpoints
333 services:
334 - service: oslo_db
335 endpoint: internal
336 - service: identity
337 endpoint: internal
338 - service: mdns
339 endpoint: internal
340 mdns:
341 jobs:
342 - designate-db-sync
343 - designate-ks-user
344 - designate-ks-endpoints
345 services:
346 - service: oslo_db
347 endpoint: internal
348 - service: identity
349 endpoint: internal
350 producer:
351 jobs:
352 - designate-db-sync
353 - designate-ks-user
354 - designate-ks-endpoints
355 services:
356 - service: oslo_db
357 endpoint: internal
358 - service: identity
359 endpoint: internal
360 sink:
361 jobs:
362 - designate-db-sync
363 - designate-ks-user
364 - designate-ks-endpoints
365 services:
366 - service: oslo_db
367 endpoint: internal
368 - service: identity
369 endpoint: internal
370
371conf:
372 pools: |
373 - name: default
374 # The name is immutable. There will be no option to change the name after
375 # creation and the only way will to change it will be to delete it
376 # (and all zones associated with it) and recreate it.
377 description: Default Pool
378
379 attributes: {}
380
381 # List out the NS records for zones hosted within this pool
382 # This should be a record that is created outside of designate, that
383 # points to the public IP of the controller node.
384 ns_records:
385 - hostname: {{ printf "ns.%s.svc.%s." .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
386 priority: 1
387
388 # List out the nameservers for this pool. These are the actual DNS servers.
389 # We use these to verify changes have propagated to all nameservers.
390 nameservers:
391 - host: ${POWERDNS_SERVICE_HOST}
392 port: {{ tuple "powerdns" "internal" "powerdns" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
393
394 # List out the targets for this pool. For BIND there will be one
395 # entry for each BIND server, as we have to run rndc command on each server
396 targets:
397 - type: pdns4
398 description: PowerDNS Server
399
400 # List out the designate-mdns servers from which PowerDNS servers should
401 # request zone transfers (AXFRs) from.
402 # This should be the IP of the controller node.
403 # If you have multiple controllers you can add multiple masters
404 # by running designate-mdns on them, and adding them here.
405 masters:
406 - host: ${MINIDNS_SERVICE_HOST}
407 port: {{ tuple "mdns" "internal" "ipc" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
408
409 # PowerDNS Configuration options
410 options:
411 host: ${POWERDNS_SERVICE_HOST}
412 port: {{ tuple "powerdns" "internal" "powerdns" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
413 api_endpoint: http://${POWERDNS_SERVICE_HOST}:{{ tuple "powerdns" "internal" "powerdns_api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
414 api_token: {{ tuple "powerdns" "service" . | include "helm-toolkit.endpoints.endpoint_token_lookup" }}
okozachenko12035aa48492023-09-05 19:47:07 +1000415 paste:
416 composite:osapi_dns:
417 use: egg:Paste#urlmap
418 /: osapi_dns_versions
419 /v2: osapi_dns_v2
420 /admin: osapi_dns_admin
421 composite:osapi_dns_versions:
422 use: call:designate.api.middleware:auth_pipeline_factory
423 noauth: http_proxy_to_wsgi cors maintenance faultwrapper osapi_dns_app_versions
424 keystone: http_proxy_to_wsgi cors maintenance faultwrapper osapi_dns_app_versions
425 app:osapi_dns_app_versions:
426 paste.app_factory: designate.api.versions:factory
427 composite:osapi_dns_v2:
428 use: call:designate.api.middleware:auth_pipeline_factory
429 noauth: http_proxy_to_wsgi cors request_id faultwrapper validation_API_v2 noauthcontext maintenance normalizeuri osapi_dns_app_v2
430 keystone: http_proxy_to_wsgi cors request_id faultwrapper validation_API_v2 authtoken keystonecontext maintenance normalizeuri osapi_dns_app_v2
431 app:osapi_dns_app_v2:
432 paste.app_factory: designate.api.v2:factory
433 composite:osapi_dns_admin:
434 use: call:designate.api.middleware:auth_pipeline_factory
435 noauth: http_proxy_to_wsgi cors request_id faultwrapper noauthcontext maintenance normalizeuri osapi_dns_app_admin
436 keystone: http_proxy_to_wsgi cors request_id faultwrapper authtoken keystonecontext maintenance normalizeuri osapi_dns_app_admin
437 app:osapi_dns_app_admin:
438 paste.app_factory: designate.api.admin:factory
439 filter:cors:
440 paste.filter_factory: oslo_middleware.cors:filter_factory
441 oslo_config_project: designate
442 filter:request_id:
443 paste.filter_factory: oslo_middleware:RequestId.factory
444 filter:http_proxy_to_wsgi:
445 paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
446 filter:noauthcontext:
447 paste.filter_factory: designate.api.middleware:NoAuthContextMiddleware.factory
448 filter:authtoken:
449 paste.filter_factory: keystonemiddleware.auth_token:filter_factory
450 filter:keystonecontext:
451 paste.filter_factory: designate.api.middleware:KeystoneContextMiddleware.factory
452 filter:maintenance:
453 paste.filter_factory: designate.api.middleware:MaintenanceMiddleware.factory
454 filter:normalizeuri:
455 paste.filter_factory: designate.api.middleware:NormalizeURIMiddleware.factory
456 filter:faultwrapper:
457 paste.filter_factory: designate.api.middleware:FaultWrapperMiddleware.factory
458 filter:validation_API_v2:
459 paste.filter_factory: designate.api.middleware:APIv2ValidationErrorMiddleware.factory
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000460 policy: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500461 designate:
462 DEFAULT:
463 debug: false
464 log_config_append: /etc/designate/logging.conf
465 service:api:
466 auth_strategy: keystone
467 enable_api_v2: true
468 enable_api_admin: true
469 enabled_extensions_v2: quotas,reports
470 workers: 2
471 service:worker:
472 enabled: true
473 notify: false
474 oslo_middleware:
475 enable_proxy_headers_parsing: true
476 oslo_policy:
477 policy_file: /etc/designate/policy.yaml
478 database:
479 max_retries: -1
480 storage:sqlalchemy:
481 max_retries: -1
482 keystone_authtoken:
483 auth_version: v3
484 auth_type: password
485 memcache_security_strategy: ENCRYPT
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200486 service_type: dns
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500487 logging:
488 loggers:
489 keys:
490 - root
491 - designate
492 handlers:
493 keys:
494 - stdout
495 - stderr
496 - "null"
497 formatters:
498 keys:
499 - context
500 - default
501 logger_root:
502 level: WARNING
503 handlers: 'null'
504 logger_designate:
505 level: INFO
506 handlers:
507 - stdout
508 qualname: designate
509 logger_amqp:
510 level: WARNING
511 handlers: stderr
512 qualname: amqp
513 logger_amqplib:
514 level: WARNING
515 handlers: stderr
516 qualname: amqplib
517 logger_eventletwsgi:
518 level: WARNING
519 handlers: stderr
520 qualname: eventlet.wsgi.server
521 logger_sqlalchemy:
522 level: WARNING
523 handlers: stderr
524 qualname: sqlalchemy
525 logger_boto:
526 level: WARNING
527 handlers: stderr
528 qualname: boto
529 handler_null:
530 class: logging.NullHandler
531 formatter: default
532 args: ()
533 handler_stdout:
534 class: StreamHandler
535 args: (sys.stdout,)
536 formatter: context
537 handler_stderr:
538 class: StreamHandler
539 args: (sys.stderr,)
540 formatter: context
541 formatter_context:
542 class: oslo_log.formatters.ContextFormatter
543 datefmt: "%Y-%m-%d %H:%M:%S"
544 formatter_default:
545 format: "%(message)s"
546 datefmt: "%Y-%m-%d %H:%M:%S"
Oleksandr Kozachenkoc5f29032023-10-03 15:20:34 +0200547 designate_api_uwsgi:
548 uwsgi:
549 add-header: "Connection: close"
550 buffer-size: 65535
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400551 chunked-input-limit: "4096000"
Oleksandr Kozachenkoc5f29032023-10-03 15:20:34 +0200552 die-on-term: true
553 enable-threads: true
554 exit-on-reload: false
555 hook-master-start: unix_signal:15 gracefully_kill_them_all
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400556 http-auto-chunked: true
557 http-raw-body: true
Oleksandr Kozachenkoc5f29032023-10-03 15:20:34 +0200558 lazy-apps: true
559 log-x-forwarded-for: true
560 master: true
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400561 need-app: true
Oleksandr Kozachenkoc5f29032023-10-03 15:20:34 +0200562 procname-prefix-spaced: "designate-api:"
563 route-user-agent: '^kube-probe.* donotlog:'
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400564 socket-timeout: 10
Oleksandr Kozachenkoc5f29032023-10-03 15:20:34 +0200565 thunder-lock: true
566 worker-reload-mercy: 80
567 wsgi-file: /var/lib/openstack/bin/designate-api-wsgi
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500568
569# Names of secrets used by bootstrap and environmental checks
570secrets:
571 identity:
572 admin: designate-keystone-admin
573 designate: designate-keystone-user
574 test: designate-keystone-test
575 oslo_db:
576 admin: designate-db-admin
577 designate: designate-db-user
578 oslo_messaging:
579 admin: designate-rabbitmq-admin
580 designate: designate-rabbitmq-user
581 tls:
582 dns:
583 api:
584 public: designate-tls-public
585 oci_image_registry:
586 designate: designate-oci-image-registry
587
588endpoints:
589 cluster_domain_suffix: cluster.local
590 local_image_registry:
591 name: docker-registry
592 namespace: docker-registry
593 hosts:
594 default: localhost
595 internal: docker-registry
596 node: localhost
597 host_fqdn_override:
598 default: null
599 port:
600 registry:
601 node: 5000
602 oci_image_registry:
603 name: oci-image-registry
604 namespace: oci-image-registry
605 auth:
606 enabled: false
607 designate:
608 username: designate
609 password: password
610 hosts:
611 default: localhost
612 host_fqdn_override:
613 default: null
614 port:
615 registry:
616 default: null
617 identity:
618 name: keystone
619 auth:
620 admin:
621 region_name: RegionOne
622 username: admin
623 password: password
624 project_name: admin
625 user_domain_name: default
626 project_domain_name: default
627 designate:
628 role: admin
629 region_name: RegionOne
630 username: designate
631 password: password
632 project_name: service
633 user_domain_name: service
634 project_domain_name: service
635 test:
636 role: admin
637 region_name: RegionOne
638 username: designate-test
639 password: password
640 project_name: test
641 user_domain_name: service
642 project_domain_name: service
643 hosts:
644 default: keystone
645 internal: keystone-api
646 host_fqdn_override:
647 default: null
648 path:
649 default: /v3
650 scheme:
651 default: http
652 port:
653 api:
654 default: 80
655 internal: 5000
656 dns:
657 name: designate
658 hosts:
659 default: designate-api
660 public: designate
661 host_fqdn_override:
662 default: null
663 path:
664 default: /
665 scheme:
666 default: 'http'
667 port:
668 api:
669 default: 9001
670 public: 80
671 mdns:
672 name: minidns
673 hosts:
674 default: minidns
675 public: designate-mdns
676 host_fqdn_override:
677 default: null
678 path:
679 default: null
680 scheme:
681 default: 'tcp'
682 port:
683 ipc:
684 default: 5354
685 oslo_db:
686 auth:
687 admin:
688 username: root
689 password: password
690 designate:
691 username: designate
692 password: password
693 hosts:
694 default: mariadb
695 host_fqdn_override:
696 default: null
697 path: /designate
698 scheme: mysql+pymysql
699 port:
700 mysql:
701 default: 3306
702 oslo_cache:
703 hosts:
704 default: memcached
705 host_fqdn_override:
706 default: null
707 port:
708 memcache:
709 default: 11211
710 auth:
711 # NOTE: this is used to define the value for keystone
712 # authtoken cache encryption key, if not set it will be populated
713 # automatically with a random value, but to take advantage of
714 # this feature all services should be set to use the same key,
715 # and memcache service.
716 memcache_secret_key: null
717 oslo_messaging:
718 auth:
719 admin:
720 username: rabbitmq
721 password: password
722 designate:
723 username: designate
724 password: password
725 statefulset:
726 replicas: 2
727 name: rabbitmq-rabbitmq
728 hosts:
729 default: rabbitmq
730 host_fqdn_override:
731 default: null
732 path: /designate
733 scheme: rabbit
734 port:
735 amqp:
736 default: 5672
737 http:
738 default: 15672
739 powerdns:
740 auth:
741 service:
742 token: chiave_segreta
743 hosts:
744 default: powerdns
745 host_fqdn_override:
746 default: null
747 port:
748 powerdns_api:
749 default: 8081
750 powerdns:
751 default: 53
752
753manifests:
754 configmap_bin: true
755 configmap_etc: true
756 deployment_api: true
757 deployment_central: true
758 deployment_worker: true
759 deployment_producer: true
760 deployment_mdns: true
761 deployment_sink: false
762 ingress_api: true
763 job_bootstrap: true
764 job_db_init: true
765 job_db_sync: true
766 job_ks_endpoints: true
767 job_ks_service: true
768 job_ks_user: true
769 job_rabbit_init: true
770 pdb_api: true
771 pdb_producer: true
772 pdb_central: true
773 pdb_worker: true
774 pdb_mdns: true
775 pdb_sink: false
776 secret_db: true
777 secret_ingress_tls: true
778 secret_keystone: true
779 secret_rabbitmq: true
780 secret_registry: true
781 service_api: true
782 service_mdns: true
783 service_ingress_api: true
784...