Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / glance / values.yaml
blob: 6eae655a6e53da60c752bb3bc280e534fa36abbe [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for glance.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18# radosgw, rbd, swift or pvc
19---
20storage: swift
21
22labels:
23 api:
24 node_selector_key: openstack-control-plane
25 node_selector_value: enabled
26 job:
27 node_selector_key: openstack-control-plane
28 node_selector_value: enabled
29 test:
30 node_selector_key: openstack-control-plane
31 node_selector_value: enabled
32
33release_group: null
34
35images:
36 tags:
37 test: docker.io/xrally/xrally-openstack:2.0.0
38 glance_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_xenial
39 glance_metadefs_load: docker.io/openstackhelm/glance:wallaby-ubuntu_focal
40 db_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
41 glance_db_sync: docker.io/openstackhelm/glance:wallaby-ubuntu_focal
42 db_drop: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
43 ks_user: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
44 ks_service: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
45 ks_endpoints: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
46 rabbit_init: docker.io/rabbitmq:3.7-management
47 glance_api: docker.io/openstackhelm/glance:wallaby-ubuntu_focal
48 # Bootstrap image requires curl
49 bootstrap: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
50 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
51 image_repo_sync: docker.io/docker:17.07.0
52 pull_policy: "IfNotPresent"
53 local_registry:
54 active: false
55 exclude:
56 - dep_check
57 - image_repo_sync
58
59bootstrap:
60 enabled: true
61 ks_user: admin
62 script: null
63 structured:
64 images:
65 cirros:
66 id: null
Rico Linc6ac7a12023-11-03 00:25:40 +0800[diff] [blame]67 name: "Cirros 0.6.2 64-bit"
68 source_url: "http://download.cirros-cloud.net/0.6.2/"
69 image_file: "cirros-0.6.2-x86_64-disk.img"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]70 min_disk: 1
71 image_type: qcow2
72 container_format: bare
73 private: true
74 properties:
75 # NOTE: If you want to restrict hypervisor type for this image,
76 # uncomment this and write specific hypervisor type.
77 # hypervisor_type: "qemu"
78 os_distro: "cirros"
79
80ceph_client:
81 configmap: ceph-etc
82 user_secret_name: pvc-ceph-client-key
83
84network_policy:
85 glance:
86 ingress:
87 - {}
88 egress:
89 - {}
90
91conf:
92 software:
93 rbd:
94 rbd_store_pool_app_name: glance-image
95 rally_tests:
96 run_tempest: false
97 tests:
98 GlanceImages.create_and_delete_image:
99 - args:
100 container_format: bare
101 disk_format: qcow2
Rico Linc6ac7a12023-11-03 00:25:40 +0800[diff] [blame]102 image_location: http://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]103 runner:
104 concurrency: 1
105 times: 1
106 type: constant
107 sla:
108 failure_rate:
109 max: 0
110 GlanceImages.create_and_list_image:
111 - args:
112 container_format: bare
113 disk_format: qcow2
Rico Linc6ac7a12023-11-03 00:25:40 +0800[diff] [blame]114 image_location: http://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]115 runner:
116 concurrency: 1
117 times: 1
118 type: constant
119 sla:
120 failure_rate:
121 max: 0
122 ceph:
123 monitors: []
124 admin_keyring: null
125 override:
126 append:
127 ceph_client:
128 override:
129 append:
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]130 paste:
131 pipeline:glance-api:
132 pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
133 pipeline:glance-api-caching:
134 pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp
135 pipeline:glance-api-cachemanagement:
136 pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
137 pipeline:glance-api-keystone:
138 pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context rootapp
139 pipeline:glance-api-keystone+caching:
140 pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context cache rootapp
141 pipeline:glance-api-keystone+cachemanagement:
142 pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context cache cachemanage rootapp
143 pipeline:glance-api-trusted-auth:
144 pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp
145 pipeline:glance-api-trusted-auth+cachemanagement:
146 pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp
147 composite:rootapp:
148 paste.composite_factory: glance.api:root_app_factory
149 /: apiversions
150 /v1: apiv1app
151 /v2: apiv2app
152 app:apiversions:
153 paste.app_factory: glance.api.versions:create_resource
154 app:apiv1app:
155 paste.app_factory: glance.api.v1.router:API.factory
156 app:apiv2app:
157 paste.app_factory: glance.api.v2.router:API.factory
158 filter:healthcheck:
159 paste.filter_factory: oslo_middleware:Healthcheck.factory
160 backends: disable_by_file
161 disable_by_file_path: /etc/glance/healthcheck_disable
162 filter:versionnegotiation:
163 paste.filter_factory: glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
164 filter:cache:
165 paste.filter_factory: glance.api.middleware.cache:CacheFilter.factory
166 filter:cachemanage:
167 paste.filter_factory: glance.api.middleware.cache_manage:CacheManageFilter.factory
168 filter:context:
169 paste.filter_factory: glance.api.middleware.context:ContextMiddleware.factory
170 filter:unauthenticated-context:
171 paste.filter_factory: glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
172 filter:authtoken:
173 paste.filter_factory: keystonemiddleware.auth_token:filter_factory
174 delay_auth_decision: true
175 filter:audit:
176 paste.filter_factory: keystonemiddleware.audit:filter_factory
177 audit_map_file: /etc/glance/api_audit_map.conf
178 filter:gzip:
179 paste.filter_factory: glance.api.middleware.gzip:GzipMiddleware.factory
180 filter:osprofiler:
181 paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
182 hmac_keys: SECRET_KEY # DEPRECATED
183 enabled: yes # DEPRECATED
184 filter:cors:
185 paste.filter_factory: oslo_middleware.cors:filter_factory
186 oslo_config_project: glance
187 oslo_config_program: glance-api
188 filter:http_proxy_to_wsgi:
189 paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]190 policy: {}
191 glance_sudoers: |
192 # This sudoers file supports rootwrap for both Kolla and LOCI Images.
193 Defaults !requiretty
194 Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
195 glance ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/glance-rootwrap /etc/glance/rootwrap.conf *, /var/lib/openstack/bin/glance-rootwrap /etc/glance/rootwrap.conf *
196 rootwrap: |
197 # Configuration for glance-rootwrap
198 # This file should be owned by (and only-writable by) the root user
199
200 [DEFAULT]
201 # List of directories to load filter definitions from (separated by ',').
202 # These directories MUST all be only writeable by root !
203 filters_path=/etc/glance/rootwrap.d,/usr/share/glance/rootwrap
204
205 # List of directories to search executables in, in case filters do not
206 # explicitely specify a full path (separated by ',')
207 # If not specified, defaults to system PATH environment variable.
208 # These directories MUST all be only writeable by root !
209 exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin
210
211 # Enable logging to syslog
212 # Default value is False
213 use_syslog=False
214
215 # Which syslog facility to use.
216 # Valid values include auth, authpriv, syslog, local0, local1...
217 # Default value is 'syslog'
218 syslog_log_facility=syslog
219
220 # Which messages to log.
221 # INFO means log all usage
222 # ERROR means only log unsuccessful attempts
223 syslog_log_level=ERROR
224 rootwrap_filters:
225 glance_cinder_store:
226 pods:
227 - api
228 content: |
229 # glance-rootwrap command filters for glance cinder store
230 # This file should be owned by (and only-writable by) the root user
231
232 [Filters]
233 # cinder store driver
234 disk_chown: RegExpFilter, chown, root, chown, \d+, /dev/(?!.*/\.\.).*
235
236 # os-brick library commands
237 # os_brick.privileged.run_as_root oslo.privsep context
238 # This line ties the superuser privs with the config files, context name,
239 # and (implicitly) the actual python code invoked.
240 privsep-rootwrap: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, os_brick.privileged.default, --privsep_sock_path, /tmp/.*
241
242 chown: CommandFilter, chown, root
243 mount: CommandFilter, mount, root
244 umount: CommandFilter, umount, root
245 glance:
246 DEFAULT:
247 log_config_append: /etc/glance/logging.conf
248 # NOTE(portdirect): the bind port should not be defined, and is manipulated
249 # via the endpoints section.
250 bind_port: null
251 workers: 1
252 enable_v1_api: False
253 oslo_middleware:
254 enable_proxy_headers_parsing: true
255 keystone_authtoken:
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]256 service_token_roles: service
257 service_token_roles_required: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]258 auth_type: password
259 auth_version: v3
260 memcache_security_strategy: ENCRYPT
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]261 service_type: image
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]262 glance_store:
263 cinder_catalog_info: volumev3::internalURL
264 rbd_store_chunk_size: 8
265 rbd_store_replication: 3
266 rbd_store_crush_rule: replicated_rule
267 rbd_store_pool: glance.images
268 rbd_store_user: glance
269 rbd_store_ceph_conf: /etc/ceph/ceph.conf
270 filesystem_store_datadir: /var/lib/glance/images
271 default_swift_reference: ref1
272 swift_store_container: glance
273 swift_store_create_container_on_put: true
274 swift_store_config_file: /etc/glance/swift-store.conf
275 swift_store_endpoint_type: internalURL
276 paste_deploy:
277 flavor: keystone
278 database:
279 max_retries: -1
280 oslo_concurrency:
281 lock_path: "/var/lib/glance/tmp"
282 oslo_messaging_notifications:
283 driver: messagingv2
284 oslo_messaging_rabbit:
285 rabbit_ha_queues: true
286 oslo_policy:
287 policy_file: /etc/glance/policy.yaml
288 cors: {}
289 logging:
290 loggers:
291 keys:
292 - root
293 - glance
294 handlers:
295 keys:
296 - stdout
297 - stderr
298 - "null"
299 formatters:
300 keys:
301 - context
302 - default
303 logger_root:
304 level: WARNING
305 handlers: 'null'
306 logger_glance:
307 level: INFO
308 handlers:
309 - stdout
310 qualname: glance
311 logger_amqp:
312 level: WARNING
313 handlers: stderr
314 qualname: amqp
315 logger_amqplib:
316 level: WARNING
317 handlers: stderr
318 qualname: amqplib
319 logger_eventletwsgi:
320 level: WARNING
321 handlers: stderr
322 qualname: eventlet.wsgi.server
323 logger_sqlalchemy:
324 level: WARNING
325 handlers: stderr
326 qualname: sqlalchemy
327 logger_boto:
328 level: WARNING
329 handlers: stderr
330 qualname: boto
331 handler_null:
332 class: logging.NullHandler
333 formatter: default
334 args: ()
335 handler_stdout:
336 class: StreamHandler
337 args: (sys.stdout,)
338 formatter: context
339 handler_stderr:
340 class: StreamHandler
341 args: (sys.stderr,)
342 formatter: context
343 formatter_context:
344 class: oslo_log.formatters.ContextFormatter
345 datefmt: "%Y-%m-%d %H:%M:%S"
346 formatter_default:
347 format: "%(message)s"
348 datefmt: "%Y-%m-%d %H:%M:%S"
349 api_audit_map:
350 DEFAULT:
351 target_endpoint_type: None
352 path_keywords:
353 detail: None
354 file: None
355 images: image
356 members: member
357 tags: tag
358 service_endpoints:
359 image: 'service/storage/image'
360 swift_store: |
361 [{{ .Values.conf.glance.glance_store.default_swift_reference }}]
362 {{- if eq .Values.storage "radosgw" }}
363 auth_version = 1
364 auth_address = {{ tuple "ceph_object_store" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
365 user = {{ .Values.endpoints.ceph_object_store.auth.glance.username }}:swift
366 key = {{ .Values.endpoints.ceph_object_store.auth.glance.password }}
367 {{- else }}
368 user = {{ .Values.endpoints.identity.auth.glance.project_name }}:{{ .Values.endpoints.identity.auth.glance.username }}
369 key = {{ .Values.endpoints.identity.auth.glance.password }}
370 auth_address = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
371 user_domain_name = {{ .Values.endpoints.identity.auth.glance.user_domain_name }}
372 project_domain_name = {{ .Values.endpoints.identity.auth.glance.project_domain_name }}
373 auth_version = 3
374 # NOTE(portdirect): https://bugs.launchpad.net/glance-store/+bug/1620999
375 project_domain_id =
376 user_domain_id =
377 {{- end -}}
378 rabbitmq:
379 # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
380 policies:
381 - vhost: "glance"
382 name: "ha_ttl_glance"
383 definition:
384 # mirror messges to other nodes in rmq cluster
385 ha-mode: "all"
386 ha-sync-mode: "automatic"
387 # 70s
388 message-ttl: 70000
389 priority: 0
390 apply-to: all
391 pattern: '^(?!(amq\.|reply_)).*'
Oleksandr Kozachenko469612f2023-10-04 17:34:40 +0200[diff] [blame]392 glance_api_uwsgi:
393 uwsgi:
394 add-header: "Connection: close"
395 buffer-size: 65535
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400[diff] [blame]396 chunked-input-limit: "4096000"
Oleksandr Kozachenko469612f2023-10-04 17:34:40 +0200[diff] [blame]397 die-on-term: true
398 enable-threads: true
399 exit-on-reload: false
400 hook-master-start: unix_signal:15 gracefully_kill_them_all
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400[diff] [blame]401 http-auto-chunked: true
402 http-raw-body: true
Oleksandr Kozachenko469612f2023-10-04 17:34:40 +0200[diff] [blame]403 lazy-apps: true
404 log-x-forwarded-for: true
405 master: true
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400[diff] [blame]406 need-app: true
Oleksandr Kozachenko469612f2023-10-04 17:34:40 +0200[diff] [blame]407 procname-prefix-spaced: "glance-api:"
408 route-user-agent: '^kube-probe.* donotlog:'
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400[diff] [blame]409 socket-timeout: 10
Oleksandr Kozachenko469612f2023-10-04 17:34:40 +0200[diff] [blame]410 thunder-lock: true
411 worker-reload-mercy: 80
412 wsgi-file: /var/lib/openstack/bin/glance-wsgi-api
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]413
414network:
415 api:
416 ingress:
417 public: true
418 classes:
419 namespace: "nginx"
420 cluster: "nginx-cluster"
421 annotations:
422 nginx.ingress.kubernetes.io/rewrite-target: /
423 nginx.ingress.kubernetes.io/proxy-body-size: "0"
424 external_policy_local: false
425 node_port:
426 enabled: false
427 port: 30092
428
429volume:
430 class_name: general
431 size: 2Gi
432
433dependencies:
434 dynamic:
435 common:
436 local_image_registry:
437 jobs:
438 - glance-image-repo-sync
439 services:
440 - endpoint: node
441 service: local_image_registry
442 static:
443 api:
444 jobs:
445 - glance-storage-init
446 - glance-db-sync
447 - glance-rabbit-init
448 - glance-ks-user
449 - glance-ks-endpoints
450 services:
451 - endpoint: internal
452 service: oslo_db
453 - endpoint: internal
454 service: identity
455 - endpoint: internal
456 service: oslo_messaging
457 bootstrap:
458 jobs: null
459 services:
460 - endpoint: internal
461 service: identity
462 - endpoint: internal
463 service: image
464 clean:
465 jobs: null
466 db_drop:
467 services:
468 - endpoint: internal
469 service: oslo_db
470 db_init:
471 services:
472 - endpoint: internal
473 service: oslo_db
474 db_sync:
475 jobs:
476 - glance-db-init
477 services:
478 - endpoint: internal
479 service: oslo_db
480 ks_endpoints:
481 jobs:
482 - glance-ks-service
483 services:
484 - endpoint: internal
485 service: identity
486 ks_service:
487 services:
488 - endpoint: internal
489 service: identity
490 ks_user:
491 services:
492 - endpoint: internal
493 service: identity
494 rabbit_init:
495 services:
496 - endpoint: internal
497 service: oslo_messaging
498 storage_init:
499 jobs:
500 - glance-ks-user
501 services: null
502 metadefs_load:
503 jobs:
504 - glance-db-sync
505 services: null
506 tests:
507 services:
508 - endpoint: internal
509 service: oslo_db
510 - endpoint: internal
511 service: identity
512 - endpoint: internal
513 service: image
514 image_repo_sync:
515 services:
516 - endpoint: internal
517 service: local_image_registry
518
519# Names of secrets used by bootstrap and environmental checks
520secrets:
521 identity:
522 admin: glance-keystone-admin
523 glance: glance-keystone-user
524 test: glance-keystone-test
525 oslo_db:
526 admin: glance-db-admin
527 glance: glance-db-user
528 rbd: images-rbd-keyring
529 oslo_messaging:
530 admin: glance-rabbitmq-admin
531 glance: glance-rabbitmq-user
532 tls:
533 image:
534 api:
535 public: glance-tls-public
536 internal: glance-tls-api
537 oci_image_registry:
538 glance: glance-oci-image-registry
539
540# typically overridden by environmental
541# values, but should include all endpoints
542# required by this chart
543endpoints:
544 cluster_domain_suffix: cluster.local
545 local_image_registry:
546 name: docker-registry
547 namespace: docker-registry
548 hosts:
549 default: localhost
550 internal: docker-registry
551 node: localhost
552 host_fqdn_override:
553 default: null
554 port:
555 registry:
556 node: 5000
557 oci_image_registry:
558 name: oci-image-registry
559 namespace: oci-image-registry
560 auth:
561 enabled: false
562 glance:
563 username: glance
564 password: password
565 hosts:
566 default: localhost
567 host_fqdn_override:
568 default: null
569 port:
570 registry:
571 default: null
572 identity:
573 name: keystone
574 auth:
575 admin:
576 region_name: RegionOne
577 username: admin
578 password: password
579 project_name: admin
580 user_domain_name: default
581 project_domain_name: default
582 glance:
583 role: admin
584 region_name: RegionOne
585 username: glance
586 password: password
587 project_name: service
588 user_domain_name: service
589 project_domain_name: service
590 test:
591 role: admin
592 region_name: RegionOne
593 username: glance-test
594 password: password
595 project_name: test
596 user_domain_name: service
597 project_domain_name: service
598 hosts:
599 default: keystone
600 internal: keystone-api
601 host_fqdn_override:
602 default: null
603 path:
604 default: /v3
605 scheme:
606 default: http
607 port:
608 api:
609 default: 80
610 internal: 5000
611 image:
612 name: glance
613 hosts:
614 default: glance-api
615 public: glance
616 host_fqdn_override:
617 default: null
618 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
619 # endpoints using the following format:
620 # public:
621 # host: null
622 # tls:
623 # crt: null
624 # key: null
625 path:
626 default: null
627 scheme:
628 default: http
629 service: http
630 port:
631 api:
632 default: 9292
633 public: 80
634 oslo_db:
635 auth:
636 admin:
637 username: root
638 password: password
639 secret:
640 tls:
641 internal: mariadb-tls-direct
642 glance:
643 username: glance
644 password: password
645 hosts:
646 default: mariadb
647 host_fqdn_override:
648 default: null
649 path: /glance
650 scheme: mysql+pymysql
651 port:
652 mysql:
653 default: 3306
654 oslo_cache:
655 auth:
656 # NOTE(portdirect): this is used to define the value for keystone
657 # authtoken cache encryption key, if not set it will be populated
658 # automatically with a random value, but to take advantage of
659 # this feature all services should be set to use the same key,
660 # and memcache service.
661 memcache_secret_key: null
662 hosts:
663 default: memcached
664 host_fqdn_override:
665 default: null
666 port:
667 memcache:
668 default: 11211
669 oslo_messaging:
670 auth:
671 admin:
672 username: rabbitmq
673 password: password
674 secret:
675 tls:
676 internal: rabbitmq-tls-direct
677 glance:
678 username: glance
679 password: password
680 statefulset:
681 replicas: 2
682 name: rabbitmq-rabbitmq
683 hosts:
684 default: rabbitmq
685 host_fqdn_override:
686 default: null
687 path: /glance
688 scheme: rabbit
689 port:
690 amqp:
691 default: 5672
692 http:
693 default: 15672
694 object_store:
695 name: swift
696 namespace: ceph
697 auth:
698 glance:
699 tmpurlkey: supersecret
700 hosts:
701 default: ceph-rgw
702 public: radosgw
703 host_fqdn_override:
704 default: null
705 path:
706 default: /swift/v1/KEY_$(tenant_id)s
707 scheme:
708 default: http
709 port:
710 api:
711 default: 8088
712 public: 80
713 ceph_object_store:
714 name: radosgw
715 namespace: ceph
716 auth:
717 glance:
718 username: glance
719 password: password
720 tmpurlkey: supersecret
721 hosts:
722 default: ceph-rgw
723 public: radosgw
724 host_fqdn_override:
725 default: null
726 path:
727 default: /auth/v1.0
728 scheme:
729 default: http
730 port:
731 api:
732 default: 8088
733 public: 80
734 fluentd:
735 namespace: null
736 name: fluentd
737 hosts:
738 default: fluentd-logging
739 host_fqdn_override:
740 default: null
741 path:
742 default: null
743 scheme: 'http'
744 port:
745 service:
746 default: 24224
747 metrics:
748 default: 24220
749 dashboard:
750 name: horizon
751 hosts:
752 default: horizon-int
753 public: horizon
754 host_fqdn_override:
755 default: null
756 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
757 # endpoints using the following format:
758 # public:
759 # host: null
760 # tls:
761 # crt: null
762 # key: null
763 path:
764 default: null
765 scheme:
766 default: http
767 public: https
768 port:
769 web:
770 default: 80
771 public: 443
772 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
773 # They are using to enable the Egress K8s network policy.
774 kube_dns:
775 namespace: kube-system
776 name: kubernetes-dns
777 hosts:
778 default: kube-dns
779 host_fqdn_override:
780 default: null
781 path:
782 default: null
783 scheme: http
784 port:
785 dns:
786 default: 53
787 protocol: UDP
788 ingress:
789 namespace: null
790 name: ingress
791 hosts:
792 default: ingress
793 port:
794 ingress:
795 default: 80
796
797pod:
Dong Ma414c0902025-02-10 09:56:42 +0000[diff] [blame]798 priorityClassName:
799 glance_api: null
800 glance_tests: null
801 db_sync: null
802 runtimeClassName:
803 glance_api: null
804 glance_tests: null
805 db_sync: null
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]806 security_context:
807 glance:
808 pod:
809 runAsUser: 42424
810 container:
811 glance_perms:
812 readOnlyRootFilesystem: true
813 runAsUser: 0
814 ceph_keyring_placement:
815 readOnlyRootFilesystem: true
816 runAsUser: 0
817 glance_api:
818 readOnlyRootFilesystem: true
819 allowPrivilegeEscalation: false
820 nginx:
821 readOnlyRootFilesystem: false
822 runAsUser: 0
823 clean:
824 pod:
825 runAsUser: 42424
826 container:
827 glance_secret_clean:
828 readOnlyRootFilesystem: true
829 allowPrivilegeEscalation: false
830 metadefs_load:
831 pod:
832 runAsUser: 42424
833 container:
834 glance_metadefs_load:
835 readOnlyRootFilesystem: true
836 allowPrivilegeEscalation: false
837 storage_init:
838 pod:
839 runAsUser: 42424
840 container:
841 ceph_keyring_placement:
842 readOnlyRootFilesystem: true
843 allowPrivilegeEscalation: false
844 glance_storage_init:
845 readOnlyRootFilesystem: true
846 allowPrivilegeEscalation: false
847 test:
848 pod:
849 runAsUser: 42424
850 container:
851 glance_test_ks_user:
852 readOnlyRootFilesystem: true
853 allowPrivilegeEscalation: false
854 glance_test:
855 runAsUser: 65500
856 readOnlyRootFilesystem: true
857 allowPrivilegeEscalation: false
858 affinity:
859 anti:
860 type:
861 default: preferredDuringSchedulingIgnoredDuringExecution
862 topologyKey:
863 default: kubernetes.io/hostname
864 weight:
865 default: 10
866 tolerations:
867 glance:
868 enabled: false
869 tolerations:
870 - key: node-role.kubernetes.io/master
871 operator: Exists
872 effect: NoSchedule
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]873 - key: node-role.kubernetes.io/control-plane
874 operator: Exists
875 effect: NoSchedule
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]876 useHostNetwork:
877 api: false
878 mounts:
879 glance_api:
880 init_container: null
881 glance_api:
882 volumeMounts:
883 volumes:
884 glance_tests:
885 init_container: null
886 glance_tests:
887 volumeMounts:
888 volumes:
889 glance_db_sync:
890 glance_db_sync:
891 volumeMounts:
892 volumes:
893 replicas:
894 api: 1
895 lifecycle:
896 upgrades:
897 deployments:
898 revision_history: 3
899 pod_replacement_strategy: RollingUpdate
900 rolling_update:
901 max_unavailable: 1
902 max_surge: 3
903 disruption_budget:
904 api:
905 min_available: 0
906 termination_grace_period:
907 api:
908 timeout: 30
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]909 probes:
910 api:
911 glance-api:
912 readiness:
913 enabled: true
914 params:
Oleksandr Kozachenko469612f2023-10-04 17:34:40 +0200[diff] [blame]915 periodSeconds: 10
916 timeoutSeconds: 5
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]917 liveness:
918 enabled: true
919 params:
Oleksandr Kozachenko469612f2023-10-04 17:34:40 +0200[diff] [blame]920 initialDelaySeconds: 5
921 periodSeconds: 10
922 timeoutSeconds: 5
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]923 resources:
924 enabled: false
925 api:
926 requests:
927 memory: "128Mi"
928 cpu: "100m"
929 limits:
930 memory: "1024Mi"
931 cpu: "2000m"
932 jobs:
933 storage_init:
934 requests:
935 memory: "128Mi"
936 cpu: "100m"
937 limits:
938 memory: "1024Mi"
939 cpu: "2000m"
940 metadefs_load:
941 requests:
942 memory: "128Mi"
943 cpu: "100m"
944 limits:
945 memory: "1024Mi"
946 cpu: "2000m"
947 db_sync:
948 requests:
949 memory: "128Mi"
950 cpu: "100m"
951 limits:
952 memory: "1024Mi"
953 cpu: "2000m"
954 db_init:
955 requests:
956 memory: "128Mi"
957 cpu: "100m"
958 limits:
959 memory: "1024Mi"
960 cpu: "2000m"
961 db_drop:
962 requests:
963 memory: "128Mi"
964 cpu: "100m"
965 limits:
966 memory: "1024Mi"
967 cpu: "2000m"
968 ks_user:
969 requests:
970 memory: "128Mi"
971 cpu: "100m"
972 limits:
973 memory: "1024Mi"
974 cpu: "2000m"
975 ks_service:
976 requests:
977 memory: "128Mi"
978 cpu: "100m"
979 limits:
980 memory: "1024Mi"
981 cpu: "2000m"
982 ks_endpoints:
983 requests:
984 memory: "128Mi"
985 cpu: "100m"
986 limits:
987 memory: "1024Mi"
988 cpu: "2000m"
989 rabbit_init:
990 requests:
991 memory: "128Mi"
992 cpu: "100m"
993 limits:
994 memory: "1024Mi"
995 cpu: "2000m"
996 bootstrap:
997 requests:
998 memory: "128Mi"
999 cpu: "100m"
1000 limits:
1001 memory: "1024Mi"
1002 cpu: "2000m"
1003 tests:
1004 requests:
1005 memory: "128Mi"
1006 cpu: "100m"
1007 limits:
1008 memory: "1024Mi"
1009 cpu: "2000m"
1010 image_repo_sync:
1011 requests:
1012 memory: "128Mi"
1013 cpu: "100m"
1014 limits:
1015 memory: "1024Mi"
1016 cpu: "2000m"
1017
1018# NOTE(helm_hook): helm_hook might break for helm2 binary.
1019# set helm3_hook: false when using the helm2 binary.
1020helm3_hook: true
1021
1022tls:
1023 identity: false
1024 oslo_messaging: false
1025 oslo_db: false
1026
1027manifests:
1028 certificates: false
1029 configmap_bin: true
1030 configmap_etc: true
1031 deployment_api: true
1032 ingress_api: true
1033 job_bootstrap: true
1034 job_clean: true
1035 job_db_init: true
1036 job_db_sync: true
1037 job_db_drop: false
1038 job_image_repo_sync: true
1039 job_ks_endpoints: true
1040 job_ks_service: true
1041 job_ks_user: true
1042 job_storage_init: true
1043 job_metadefs_load: true
1044 job_rabbit_init: true
1045 pdb_api: true
1046 pod_rally_test: true
1047 pvc_images: true
1048 network_policy: false
1049 secret_db: true
1050 secret_ingress_tls: true
1051 secret_keystone: true
1052 secret_rabbitmq: true
1053 secret_registry: true
1054 service_ingress_api: true
1055 service_api: true
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]1056
1057# NOTE: This is for enable helm resource-policy to keep glance-images PVC.
1058# set keep_pvc: true when allow helm resource-policy to keep for PVC.
1059# This will requires mannual delete for PVC.
1060# set keep_pvc: false when disallow helm resource-policy to keep for PVC.
1061# This will allow helm to delete the PVC.
1062keep_pvc: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1063...