Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 1 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 2 | # you may not use this file except in compliance with the License. |
| 3 | # You may obtain a copy of the License at |
| 4 | # |
| 5 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 6 | # |
| 7 | # Unless required by applicable law or agreed to in writing, software |
| 8 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 10 | # See the License for the specific language governing permissions and |
| 11 | # limitations under the License. |
| 12 | |
| 13 | # Default values for glance. |
| 14 | # This is a YAML-formatted file. |
| 15 | # Declare name/value pairs to be passed into your templates. |
| 16 | # name: value |
| 17 | |
| 18 | # radosgw, rbd, swift or pvc |
| 19 | --- |
| 20 | storage: swift |
| 21 | |
| 22 | labels: |
| 23 | api: |
| 24 | node_selector_key: openstack-control-plane |
| 25 | node_selector_value: enabled |
| 26 | job: |
| 27 | node_selector_key: openstack-control-plane |
| 28 | node_selector_value: enabled |
| 29 | test: |
| 30 | node_selector_key: openstack-control-plane |
| 31 | node_selector_value: enabled |
| 32 | |
| 33 | release_group: null |
| 34 | |
| 35 | images: |
| 36 | tags: |
| 37 | test: docker.io/xrally/xrally-openstack:2.0.0 |
| 38 | glance_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_xenial |
| 39 | glance_metadefs_load: docker.io/openstackhelm/glance:wallaby-ubuntu_focal |
| 40 | db_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal |
| 41 | glance_db_sync: docker.io/openstackhelm/glance:wallaby-ubuntu_focal |
| 42 | db_drop: docker.io/openstackhelm/heat:wallaby-ubuntu_focal |
| 43 | ks_user: docker.io/openstackhelm/heat:wallaby-ubuntu_focal |
| 44 | ks_service: docker.io/openstackhelm/heat:wallaby-ubuntu_focal |
| 45 | ks_endpoints: docker.io/openstackhelm/heat:wallaby-ubuntu_focal |
| 46 | rabbit_init: docker.io/rabbitmq:3.7-management |
| 47 | glance_api: docker.io/openstackhelm/glance:wallaby-ubuntu_focal |
| 48 | # Bootstrap image requires curl |
| 49 | bootstrap: docker.io/openstackhelm/heat:wallaby-ubuntu_focal |
| 50 | dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 |
| 51 | image_repo_sync: docker.io/docker:17.07.0 |
| 52 | pull_policy: "IfNotPresent" |
| 53 | local_registry: |
| 54 | active: false |
| 55 | exclude: |
| 56 | - dep_check |
| 57 | - image_repo_sync |
| 58 | |
| 59 | bootstrap: |
| 60 | enabled: true |
| 61 | ks_user: admin |
| 62 | script: null |
| 63 | structured: |
| 64 | images: |
| 65 | cirros: |
| 66 | id: null |
Rico Lin | c6ac7a1 | 2023-11-03 00:25:40 +0800 | [diff] [blame] | 67 | name: "Cirros 0.6.2 64-bit" |
| 68 | source_url: "http://download.cirros-cloud.net/0.6.2/" |
| 69 | image_file: "cirros-0.6.2-x86_64-disk.img" |
Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 70 | min_disk: 1 |
| 71 | image_type: qcow2 |
| 72 | container_format: bare |
| 73 | private: true |
| 74 | properties: |
| 75 | # NOTE: If you want to restrict hypervisor type for this image, |
| 76 | # uncomment this and write specific hypervisor type. |
| 77 | # hypervisor_type: "qemu" |
| 78 | os_distro: "cirros" |
| 79 | |
| 80 | ceph_client: |
| 81 | configmap: ceph-etc |
| 82 | user_secret_name: pvc-ceph-client-key |
| 83 | |
| 84 | network_policy: |
| 85 | glance: |
| 86 | ingress: |
| 87 | - {} |
| 88 | egress: |
| 89 | - {} |
| 90 | |
| 91 | conf: |
| 92 | software: |
| 93 | rbd: |
| 94 | rbd_store_pool_app_name: glance-image |
| 95 | rally_tests: |
| 96 | run_tempest: false |
| 97 | tests: |
| 98 | GlanceImages.create_and_delete_image: |
| 99 | - args: |
| 100 | container_format: bare |
| 101 | disk_format: qcow2 |
Rico Lin | c6ac7a1 | 2023-11-03 00:25:40 +0800 | [diff] [blame] | 102 | image_location: http://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img |
Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 103 | runner: |
| 104 | concurrency: 1 |
| 105 | times: 1 |
| 106 | type: constant |
| 107 | sla: |
| 108 | failure_rate: |
| 109 | max: 0 |
| 110 | GlanceImages.create_and_list_image: |
| 111 | - args: |
| 112 | container_format: bare |
| 113 | disk_format: qcow2 |
Rico Lin | c6ac7a1 | 2023-11-03 00:25:40 +0800 | [diff] [blame] | 114 | image_location: http://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img |
Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 115 | runner: |
| 116 | concurrency: 1 |
| 117 | times: 1 |
| 118 | type: constant |
| 119 | sla: |
| 120 | failure_rate: |
| 121 | max: 0 |
| 122 | ceph: |
| 123 | monitors: [] |
| 124 | admin_keyring: null |
| 125 | override: |
| 126 | append: |
| 127 | ceph_client: |
| 128 | override: |
| 129 | append: |
okozachenko1203 | 5aa4849 | 2023-09-05 19:47:07 +1000 | [diff] [blame] | 130 | paste: |
| 131 | pipeline:glance-api: |
| 132 | pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp |
| 133 | pipeline:glance-api-caching: |
| 134 | pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp |
| 135 | pipeline:glance-api-cachemanagement: |
| 136 | pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp |
| 137 | pipeline:glance-api-keystone: |
| 138 | pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context rootapp |
| 139 | pipeline:glance-api-keystone+caching: |
| 140 | pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context cache rootapp |
| 141 | pipeline:glance-api-keystone+cachemanagement: |
| 142 | pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context cache cachemanage rootapp |
| 143 | pipeline:glance-api-trusted-auth: |
| 144 | pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp |
| 145 | pipeline:glance-api-trusted-auth+cachemanagement: |
| 146 | pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp |
| 147 | composite:rootapp: |
| 148 | paste.composite_factory: glance.api:root_app_factory |
| 149 | /: apiversions |
| 150 | /v1: apiv1app |
| 151 | /v2: apiv2app |
| 152 | app:apiversions: |
| 153 | paste.app_factory: glance.api.versions:create_resource |
| 154 | app:apiv1app: |
| 155 | paste.app_factory: glance.api.v1.router:API.factory |
| 156 | app:apiv2app: |
| 157 | paste.app_factory: glance.api.v2.router:API.factory |
| 158 | filter:healthcheck: |
| 159 | paste.filter_factory: oslo_middleware:Healthcheck.factory |
| 160 | backends: disable_by_file |
| 161 | disable_by_file_path: /etc/glance/healthcheck_disable |
| 162 | filter:versionnegotiation: |
| 163 | paste.filter_factory: glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory |
| 164 | filter:cache: |
| 165 | paste.filter_factory: glance.api.middleware.cache:CacheFilter.factory |
| 166 | filter:cachemanage: |
| 167 | paste.filter_factory: glance.api.middleware.cache_manage:CacheManageFilter.factory |
| 168 | filter:context: |
| 169 | paste.filter_factory: glance.api.middleware.context:ContextMiddleware.factory |
| 170 | filter:unauthenticated-context: |
| 171 | paste.filter_factory: glance.api.middleware.context:UnauthenticatedContextMiddleware.factory |
| 172 | filter:authtoken: |
| 173 | paste.filter_factory: keystonemiddleware.auth_token:filter_factory |
| 174 | delay_auth_decision: true |
| 175 | filter:audit: |
| 176 | paste.filter_factory: keystonemiddleware.audit:filter_factory |
| 177 | audit_map_file: /etc/glance/api_audit_map.conf |
| 178 | filter:gzip: |
| 179 | paste.filter_factory: glance.api.middleware.gzip:GzipMiddleware.factory |
| 180 | filter:osprofiler: |
| 181 | paste.filter_factory: osprofiler.web:WsgiMiddleware.factory |
| 182 | hmac_keys: SECRET_KEY # DEPRECATED |
| 183 | enabled: yes # DEPRECATED |
| 184 | filter:cors: |
| 185 | paste.filter_factory: oslo_middleware.cors:filter_factory |
| 186 | oslo_config_project: glance |
| 187 | oslo_config_program: glance-api |
| 188 | filter:http_proxy_to_wsgi: |
| 189 | paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory |
Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 190 | policy: {} |
| 191 | glance_sudoers: | |
| 192 | # This sudoers file supports rootwrap for both Kolla and LOCI Images. |
| 193 | Defaults !requiretty |
| 194 | Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin" |
| 195 | glance ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/glance-rootwrap /etc/glance/rootwrap.conf *, /var/lib/openstack/bin/glance-rootwrap /etc/glance/rootwrap.conf * |
| 196 | rootwrap: | |
| 197 | # Configuration for glance-rootwrap |
| 198 | # This file should be owned by (and only-writable by) the root user |
| 199 | |
| 200 | [DEFAULT] |
| 201 | # List of directories to load filter definitions from (separated by ','). |
| 202 | # These directories MUST all be only writeable by root ! |
| 203 | filters_path=/etc/glance/rootwrap.d,/usr/share/glance/rootwrap |
| 204 | |
| 205 | # List of directories to search executables in, in case filters do not |
| 206 | # explicitely specify a full path (separated by ',') |
| 207 | # If not specified, defaults to system PATH environment variable. |
| 208 | # These directories MUST all be only writeable by root ! |
| 209 | exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin |
| 210 | |
| 211 | # Enable logging to syslog |
| 212 | # Default value is False |
| 213 | use_syslog=False |
| 214 | |
| 215 | # Which syslog facility to use. |
| 216 | # Valid values include auth, authpriv, syslog, local0, local1... |
| 217 | # Default value is 'syslog' |
| 218 | syslog_log_facility=syslog |
| 219 | |
| 220 | # Which messages to log. |
| 221 | # INFO means log all usage |
| 222 | # ERROR means only log unsuccessful attempts |
| 223 | syslog_log_level=ERROR |
| 224 | rootwrap_filters: |
| 225 | glance_cinder_store: |
| 226 | pods: |
| 227 | - api |
| 228 | content: | |
| 229 | # glance-rootwrap command filters for glance cinder store |
| 230 | # This file should be owned by (and only-writable by) the root user |
| 231 | |
| 232 | [Filters] |
| 233 | # cinder store driver |
| 234 | disk_chown: RegExpFilter, chown, root, chown, \d+, /dev/(?!.*/\.\.).* |
| 235 | |
| 236 | # os-brick library commands |
| 237 | # os_brick.privileged.run_as_root oslo.privsep context |
| 238 | # This line ties the superuser privs with the config files, context name, |
| 239 | # and (implicitly) the actual python code invoked. |
| 240 | privsep-rootwrap: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, os_brick.privileged.default, --privsep_sock_path, /tmp/.* |
| 241 | |
| 242 | chown: CommandFilter, chown, root |
| 243 | mount: CommandFilter, mount, root |
| 244 | umount: CommandFilter, umount, root |
| 245 | glance: |
| 246 | DEFAULT: |
| 247 | log_config_append: /etc/glance/logging.conf |
| 248 | # NOTE(portdirect): the bind port should not be defined, and is manipulated |
| 249 | # via the endpoints section. |
| 250 | bind_port: null |
| 251 | workers: 1 |
| 252 | enable_v1_api: False |
| 253 | oslo_middleware: |
| 254 | enable_proxy_headers_parsing: true |
| 255 | keystone_authtoken: |
okozachenko1203 | 5aa4849 | 2023-09-05 19:47:07 +1000 | [diff] [blame] | 256 | service_token_roles: service |
| 257 | service_token_roles_required: true |
Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 258 | auth_type: password |
| 259 | auth_version: v3 |
| 260 | memcache_security_strategy: ENCRYPT |
Oleksandr Kozachenko | c0022be | 2023-05-23 20:36:21 +0200 | [diff] [blame] | 261 | service_type: image |
Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 262 | glance_store: |
| 263 | cinder_catalog_info: volumev3::internalURL |
| 264 | rbd_store_chunk_size: 8 |
| 265 | rbd_store_replication: 3 |
| 266 | rbd_store_crush_rule: replicated_rule |
| 267 | rbd_store_pool: glance.images |
| 268 | rbd_store_user: glance |
| 269 | rbd_store_ceph_conf: /etc/ceph/ceph.conf |
| 270 | filesystem_store_datadir: /var/lib/glance/images |
| 271 | default_swift_reference: ref1 |
| 272 | swift_store_container: glance |
| 273 | swift_store_create_container_on_put: true |
| 274 | swift_store_config_file: /etc/glance/swift-store.conf |
| 275 | swift_store_endpoint_type: internalURL |
| 276 | paste_deploy: |
| 277 | flavor: keystone |
| 278 | database: |
| 279 | max_retries: -1 |
| 280 | oslo_concurrency: |
| 281 | lock_path: "/var/lib/glance/tmp" |
| 282 | oslo_messaging_notifications: |
| 283 | driver: messagingv2 |
| 284 | oslo_messaging_rabbit: |
| 285 | rabbit_ha_queues: true |
| 286 | oslo_policy: |
| 287 | policy_file: /etc/glance/policy.yaml |
| 288 | cors: {} |
| 289 | logging: |
| 290 | loggers: |
| 291 | keys: |
| 292 | - root |
| 293 | - glance |
| 294 | handlers: |
| 295 | keys: |
| 296 | - stdout |
| 297 | - stderr |
| 298 | - "null" |
| 299 | formatters: |
| 300 | keys: |
| 301 | - context |
| 302 | - default |
| 303 | logger_root: |
| 304 | level: WARNING |
| 305 | handlers: 'null' |
| 306 | logger_glance: |
| 307 | level: INFO |
| 308 | handlers: |
| 309 | - stdout |
| 310 | qualname: glance |
| 311 | logger_amqp: |
| 312 | level: WARNING |
| 313 | handlers: stderr |
| 314 | qualname: amqp |
| 315 | logger_amqplib: |
| 316 | level: WARNING |
| 317 | handlers: stderr |
| 318 | qualname: amqplib |
| 319 | logger_eventletwsgi: |
| 320 | level: WARNING |
| 321 | handlers: stderr |
| 322 | qualname: eventlet.wsgi.server |
| 323 | logger_sqlalchemy: |
| 324 | level: WARNING |
| 325 | handlers: stderr |
| 326 | qualname: sqlalchemy |
| 327 | logger_boto: |
| 328 | level: WARNING |
| 329 | handlers: stderr |
| 330 | qualname: boto |
| 331 | handler_null: |
| 332 | class: logging.NullHandler |
| 333 | formatter: default |
| 334 | args: () |
| 335 | handler_stdout: |
| 336 | class: StreamHandler |
| 337 | args: (sys.stdout,) |
| 338 | formatter: context |
| 339 | handler_stderr: |
| 340 | class: StreamHandler |
| 341 | args: (sys.stderr,) |
| 342 | formatter: context |
| 343 | formatter_context: |
| 344 | class: oslo_log.formatters.ContextFormatter |
| 345 | datefmt: "%Y-%m-%d %H:%M:%S" |
| 346 | formatter_default: |
| 347 | format: "%(message)s" |
| 348 | datefmt: "%Y-%m-%d %H:%M:%S" |
| 349 | api_audit_map: |
| 350 | DEFAULT: |
| 351 | target_endpoint_type: None |
| 352 | path_keywords: |
| 353 | detail: None |
| 354 | file: None |
| 355 | images: image |
| 356 | members: member |
| 357 | tags: tag |
| 358 | service_endpoints: |
| 359 | image: 'service/storage/image' |
| 360 | swift_store: | |
| 361 | [{{ .Values.conf.glance.glance_store.default_swift_reference }}] |
| 362 | {{- if eq .Values.storage "radosgw" }} |
| 363 | auth_version = 1 |
| 364 | auth_address = {{ tuple "ceph_object_store" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} |
| 365 | user = {{ .Values.endpoints.ceph_object_store.auth.glance.username }}:swift |
| 366 | key = {{ .Values.endpoints.ceph_object_store.auth.glance.password }} |
| 367 | {{- else }} |
| 368 | user = {{ .Values.endpoints.identity.auth.glance.project_name }}:{{ .Values.endpoints.identity.auth.glance.username }} |
| 369 | key = {{ .Values.endpoints.identity.auth.glance.password }} |
| 370 | auth_address = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} |
| 371 | user_domain_name = {{ .Values.endpoints.identity.auth.glance.user_domain_name }} |
| 372 | project_domain_name = {{ .Values.endpoints.identity.auth.glance.project_domain_name }} |
| 373 | auth_version = 3 |
| 374 | # NOTE(portdirect): https://bugs.launchpad.net/glance-store/+bug/1620999 |
| 375 | project_domain_id = |
| 376 | user_domain_id = |
| 377 | {{- end -}} |
| 378 | rabbitmq: |
| 379 | # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones |
| 380 | policies: |
| 381 | - vhost: "glance" |
| 382 | name: "ha_ttl_glance" |
| 383 | definition: |
| 384 | # mirror messges to other nodes in rmq cluster |
| 385 | ha-mode: "all" |
| 386 | ha-sync-mode: "automatic" |
| 387 | # 70s |
| 388 | message-ttl: 70000 |
| 389 | priority: 0 |
| 390 | apply-to: all |
| 391 | pattern: '^(?!(amq\.|reply_)).*' |
Oleksandr Kozachenko | 469612f | 2023-10-04 17:34:40 +0200 | [diff] [blame] | 392 | glance_api_uwsgi: |
| 393 | uwsgi: |
| 394 | add-header: "Connection: close" |
| 395 | buffer-size: 65535 |
Mohammed Naser | cb5d9c3 | 2024-04-03 16:19:01 -0400 | [diff] [blame] | 396 | chunked-input-limit: "4096000" |
Oleksandr Kozachenko | 469612f | 2023-10-04 17:34:40 +0200 | [diff] [blame] | 397 | die-on-term: true |
| 398 | enable-threads: true |
| 399 | exit-on-reload: false |
| 400 | hook-master-start: unix_signal:15 gracefully_kill_them_all |
Mohammed Naser | cb5d9c3 | 2024-04-03 16:19:01 -0400 | [diff] [blame] | 401 | http-auto-chunked: true |
| 402 | http-raw-body: true |
Oleksandr Kozachenko | 469612f | 2023-10-04 17:34:40 +0200 | [diff] [blame] | 403 | lazy-apps: true |
| 404 | log-x-forwarded-for: true |
| 405 | master: true |
Mohammed Naser | cb5d9c3 | 2024-04-03 16:19:01 -0400 | [diff] [blame] | 406 | need-app: true |
Oleksandr Kozachenko | 469612f | 2023-10-04 17:34:40 +0200 | [diff] [blame] | 407 | procname-prefix-spaced: "glance-api:" |
| 408 | route-user-agent: '^kube-probe.* donotlog:' |
Mohammed Naser | cb5d9c3 | 2024-04-03 16:19:01 -0400 | [diff] [blame] | 409 | socket-timeout: 10 |
Oleksandr Kozachenko | 469612f | 2023-10-04 17:34:40 +0200 | [diff] [blame] | 410 | thunder-lock: true |
| 411 | worker-reload-mercy: 80 |
| 412 | wsgi-file: /var/lib/openstack/bin/glance-wsgi-api |
Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 413 | |
| 414 | network: |
| 415 | api: |
| 416 | ingress: |
| 417 | public: true |
| 418 | classes: |
| 419 | namespace: "nginx" |
| 420 | cluster: "nginx-cluster" |
| 421 | annotations: |
| 422 | nginx.ingress.kubernetes.io/rewrite-target: / |
| 423 | nginx.ingress.kubernetes.io/proxy-body-size: "0" |
| 424 | external_policy_local: false |
| 425 | node_port: |
| 426 | enabled: false |
| 427 | port: 30092 |
| 428 | |
| 429 | volume: |
| 430 | class_name: general |
| 431 | size: 2Gi |
| 432 | |
| 433 | dependencies: |
| 434 | dynamic: |
| 435 | common: |
| 436 | local_image_registry: |
| 437 | jobs: |
| 438 | - glance-image-repo-sync |
| 439 | services: |
| 440 | - endpoint: node |
| 441 | service: local_image_registry |
| 442 | static: |
| 443 | api: |
| 444 | jobs: |
| 445 | - glance-storage-init |
| 446 | - glance-db-sync |
| 447 | - glance-rabbit-init |
| 448 | - glance-ks-user |
| 449 | - glance-ks-endpoints |
| 450 | services: |
| 451 | - endpoint: internal |
| 452 | service: oslo_db |
| 453 | - endpoint: internal |
| 454 | service: identity |
| 455 | - endpoint: internal |
| 456 | service: oslo_messaging |
| 457 | bootstrap: |
| 458 | jobs: null |
| 459 | services: |
| 460 | - endpoint: internal |
| 461 | service: identity |
| 462 | - endpoint: internal |
| 463 | service: image |
| 464 | clean: |
| 465 | jobs: null |
| 466 | db_drop: |
| 467 | services: |
| 468 | - endpoint: internal |
| 469 | service: oslo_db |
| 470 | db_init: |
| 471 | services: |
| 472 | - endpoint: internal |
| 473 | service: oslo_db |
| 474 | db_sync: |
| 475 | jobs: |
| 476 | - glance-db-init |
| 477 | services: |
| 478 | - endpoint: internal |
| 479 | service: oslo_db |
| 480 | ks_endpoints: |
| 481 | jobs: |
| 482 | - glance-ks-service |
| 483 | services: |
| 484 | - endpoint: internal |
| 485 | service: identity |
| 486 | ks_service: |
| 487 | services: |
| 488 | - endpoint: internal |
| 489 | service: identity |
| 490 | ks_user: |
| 491 | services: |
| 492 | - endpoint: internal |
| 493 | service: identity |
| 494 | rabbit_init: |
| 495 | services: |
| 496 | - endpoint: internal |
| 497 | service: oslo_messaging |
| 498 | storage_init: |
| 499 | jobs: |
| 500 | - glance-ks-user |
| 501 | services: null |
| 502 | metadefs_load: |
| 503 | jobs: |
| 504 | - glance-db-sync |
| 505 | services: null |
| 506 | tests: |
| 507 | services: |
| 508 | - endpoint: internal |
| 509 | service: oslo_db |
| 510 | - endpoint: internal |
| 511 | service: identity |
| 512 | - endpoint: internal |
| 513 | service: image |
| 514 | image_repo_sync: |
| 515 | services: |
| 516 | - endpoint: internal |
| 517 | service: local_image_registry |
| 518 | |
| 519 | # Names of secrets used by bootstrap and environmental checks |
| 520 | secrets: |
| 521 | identity: |
| 522 | admin: glance-keystone-admin |
| 523 | glance: glance-keystone-user |
| 524 | test: glance-keystone-test |
| 525 | oslo_db: |
| 526 | admin: glance-db-admin |
| 527 | glance: glance-db-user |
| 528 | rbd: images-rbd-keyring |
| 529 | oslo_messaging: |
| 530 | admin: glance-rabbitmq-admin |
| 531 | glance: glance-rabbitmq-user |
| 532 | tls: |
| 533 | image: |
| 534 | api: |
| 535 | public: glance-tls-public |
| 536 | internal: glance-tls-api |
| 537 | oci_image_registry: |
| 538 | glance: glance-oci-image-registry |
| 539 | |
| 540 | # typically overridden by environmental |
| 541 | # values, but should include all endpoints |
| 542 | # required by this chart |
| 543 | endpoints: |
| 544 | cluster_domain_suffix: cluster.local |
| 545 | local_image_registry: |
| 546 | name: docker-registry |
| 547 | namespace: docker-registry |
| 548 | hosts: |
| 549 | default: localhost |
| 550 | internal: docker-registry |
| 551 | node: localhost |
| 552 | host_fqdn_override: |
| 553 | default: null |
| 554 | port: |
| 555 | registry: |
| 556 | node: 5000 |
| 557 | oci_image_registry: |
| 558 | name: oci-image-registry |
| 559 | namespace: oci-image-registry |
| 560 | auth: |
| 561 | enabled: false |
| 562 | glance: |
| 563 | username: glance |
| 564 | password: password |
| 565 | hosts: |
| 566 | default: localhost |
| 567 | host_fqdn_override: |
| 568 | default: null |
| 569 | port: |
| 570 | registry: |
| 571 | default: null |
| 572 | identity: |
| 573 | name: keystone |
| 574 | auth: |
| 575 | admin: |
| 576 | region_name: RegionOne |
| 577 | username: admin |
| 578 | password: password |
| 579 | project_name: admin |
| 580 | user_domain_name: default |
| 581 | project_domain_name: default |
| 582 | glance: |
| 583 | role: admin |
| 584 | region_name: RegionOne |
| 585 | username: glance |
| 586 | password: password |
| 587 | project_name: service |
| 588 | user_domain_name: service |
| 589 | project_domain_name: service |
| 590 | test: |
| 591 | role: admin |
| 592 | region_name: RegionOne |
| 593 | username: glance-test |
| 594 | password: password |
| 595 | project_name: test |
| 596 | user_domain_name: service |
| 597 | project_domain_name: service |
| 598 | hosts: |
| 599 | default: keystone |
| 600 | internal: keystone-api |
| 601 | host_fqdn_override: |
| 602 | default: null |
| 603 | path: |
| 604 | default: /v3 |
| 605 | scheme: |
| 606 | default: http |
| 607 | port: |
| 608 | api: |
| 609 | default: 80 |
| 610 | internal: 5000 |
| 611 | image: |
| 612 | name: glance |
| 613 | hosts: |
| 614 | default: glance-api |
| 615 | public: glance |
| 616 | host_fqdn_override: |
| 617 | default: null |
| 618 | # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public |
| 619 | # endpoints using the following format: |
| 620 | # public: |
| 621 | # host: null |
| 622 | # tls: |
| 623 | # crt: null |
| 624 | # key: null |
| 625 | path: |
| 626 | default: null |
| 627 | scheme: |
| 628 | default: http |
| 629 | service: http |
| 630 | port: |
| 631 | api: |
| 632 | default: 9292 |
| 633 | public: 80 |
| 634 | oslo_db: |
| 635 | auth: |
| 636 | admin: |
| 637 | username: root |
| 638 | password: password |
| 639 | secret: |
| 640 | tls: |
| 641 | internal: mariadb-tls-direct |
| 642 | glance: |
| 643 | username: glance |
| 644 | password: password |
| 645 | hosts: |
| 646 | default: mariadb |
| 647 | host_fqdn_override: |
| 648 | default: null |
| 649 | path: /glance |
| 650 | scheme: mysql+pymysql |
| 651 | port: |
| 652 | mysql: |
| 653 | default: 3306 |
| 654 | oslo_cache: |
| 655 | auth: |
| 656 | # NOTE(portdirect): this is used to define the value for keystone |
| 657 | # authtoken cache encryption key, if not set it will be populated |
| 658 | # automatically with a random value, but to take advantage of |
| 659 | # this feature all services should be set to use the same key, |
| 660 | # and memcache service. |
| 661 | memcache_secret_key: null |
| 662 | hosts: |
| 663 | default: memcached |
| 664 | host_fqdn_override: |
| 665 | default: null |
| 666 | port: |
| 667 | memcache: |
| 668 | default: 11211 |
| 669 | oslo_messaging: |
| 670 | auth: |
| 671 | admin: |
| 672 | username: rabbitmq |
| 673 | password: password |
| 674 | secret: |
| 675 | tls: |
| 676 | internal: rabbitmq-tls-direct |
| 677 | glance: |
| 678 | username: glance |
| 679 | password: password |
| 680 | statefulset: |
| 681 | replicas: 2 |
| 682 | name: rabbitmq-rabbitmq |
| 683 | hosts: |
| 684 | default: rabbitmq |
| 685 | host_fqdn_override: |
| 686 | default: null |
| 687 | path: /glance |
| 688 | scheme: rabbit |
| 689 | port: |
| 690 | amqp: |
| 691 | default: 5672 |
| 692 | http: |
| 693 | default: 15672 |
| 694 | object_store: |
| 695 | name: swift |
| 696 | namespace: ceph |
| 697 | auth: |
| 698 | glance: |
| 699 | tmpurlkey: supersecret |
| 700 | hosts: |
| 701 | default: ceph-rgw |
| 702 | public: radosgw |
| 703 | host_fqdn_override: |
| 704 | default: null |
| 705 | path: |
| 706 | default: /swift/v1/KEY_$(tenant_id)s |
| 707 | scheme: |
| 708 | default: http |
| 709 | port: |
| 710 | api: |
| 711 | default: 8088 |
| 712 | public: 80 |
| 713 | ceph_object_store: |
| 714 | name: radosgw |
| 715 | namespace: ceph |
| 716 | auth: |
| 717 | glance: |
| 718 | username: glance |
| 719 | password: password |
| 720 | tmpurlkey: supersecret |
| 721 | hosts: |
| 722 | default: ceph-rgw |
| 723 | public: radosgw |
| 724 | host_fqdn_override: |
| 725 | default: null |
| 726 | path: |
| 727 | default: /auth/v1.0 |
| 728 | scheme: |
| 729 | default: http |
| 730 | port: |
| 731 | api: |
| 732 | default: 8088 |
| 733 | public: 80 |
| 734 | fluentd: |
| 735 | namespace: null |
| 736 | name: fluentd |
| 737 | hosts: |
| 738 | default: fluentd-logging |
| 739 | host_fqdn_override: |
| 740 | default: null |
| 741 | path: |
| 742 | default: null |
| 743 | scheme: 'http' |
| 744 | port: |
| 745 | service: |
| 746 | default: 24224 |
| 747 | metrics: |
| 748 | default: 24220 |
| 749 | dashboard: |
| 750 | name: horizon |
| 751 | hosts: |
| 752 | default: horizon-int |
| 753 | public: horizon |
| 754 | host_fqdn_override: |
| 755 | default: null |
| 756 | # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public |
| 757 | # endpoints using the following format: |
| 758 | # public: |
| 759 | # host: null |
| 760 | # tls: |
| 761 | # crt: null |
| 762 | # key: null |
| 763 | path: |
| 764 | default: null |
| 765 | scheme: |
| 766 | default: http |
| 767 | public: https |
| 768 | port: |
| 769 | web: |
| 770 | default: 80 |
| 771 | public: 443 |
| 772 | # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress |
| 773 | # They are using to enable the Egress K8s network policy. |
| 774 | kube_dns: |
| 775 | namespace: kube-system |
| 776 | name: kubernetes-dns |
| 777 | hosts: |
| 778 | default: kube-dns |
| 779 | host_fqdn_override: |
| 780 | default: null |
| 781 | path: |
| 782 | default: null |
| 783 | scheme: http |
| 784 | port: |
| 785 | dns: |
| 786 | default: 53 |
| 787 | protocol: UDP |
| 788 | ingress: |
| 789 | namespace: null |
| 790 | name: ingress |
| 791 | hosts: |
| 792 | default: ingress |
| 793 | port: |
| 794 | ingress: |
| 795 | default: 80 |
| 796 | |
| 797 | pod: |
Dong Ma | 414c090 | 2025-02-10 09:56:42 +0000 | [diff] [blame] | 798 | priorityClassName: |
| 799 | glance_api: null |
| 800 | glance_tests: null |
| 801 | db_sync: null |
| 802 | runtimeClassName: |
| 803 | glance_api: null |
| 804 | glance_tests: null |
| 805 | db_sync: null |
Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 806 | security_context: |
| 807 | glance: |
| 808 | pod: |
| 809 | runAsUser: 42424 |
| 810 | container: |
| 811 | glance_perms: |
| 812 | readOnlyRootFilesystem: true |
| 813 | runAsUser: 0 |
| 814 | ceph_keyring_placement: |
| 815 | readOnlyRootFilesystem: true |
| 816 | runAsUser: 0 |
| 817 | glance_api: |
| 818 | readOnlyRootFilesystem: true |
| 819 | allowPrivilegeEscalation: false |
| 820 | nginx: |
| 821 | readOnlyRootFilesystem: false |
| 822 | runAsUser: 0 |
| 823 | clean: |
| 824 | pod: |
| 825 | runAsUser: 42424 |
| 826 | container: |
| 827 | glance_secret_clean: |
| 828 | readOnlyRootFilesystem: true |
| 829 | allowPrivilegeEscalation: false |
| 830 | metadefs_load: |
| 831 | pod: |
| 832 | runAsUser: 42424 |
| 833 | container: |
| 834 | glance_metadefs_load: |
| 835 | readOnlyRootFilesystem: true |
| 836 | allowPrivilegeEscalation: false |
| 837 | storage_init: |
| 838 | pod: |
| 839 | runAsUser: 42424 |
| 840 | container: |
| 841 | ceph_keyring_placement: |
| 842 | readOnlyRootFilesystem: true |
| 843 | allowPrivilegeEscalation: false |
| 844 | glance_storage_init: |
| 845 | readOnlyRootFilesystem: true |
| 846 | allowPrivilegeEscalation: false |
| 847 | test: |
| 848 | pod: |
| 849 | runAsUser: 42424 |
| 850 | container: |
| 851 | glance_test_ks_user: |
| 852 | readOnlyRootFilesystem: true |
| 853 | allowPrivilegeEscalation: false |
| 854 | glance_test: |
| 855 | runAsUser: 65500 |
| 856 | readOnlyRootFilesystem: true |
| 857 | allowPrivilegeEscalation: false |
| 858 | affinity: |
| 859 | anti: |
| 860 | type: |
| 861 | default: preferredDuringSchedulingIgnoredDuringExecution |
| 862 | topologyKey: |
| 863 | default: kubernetes.io/hostname |
| 864 | weight: |
| 865 | default: 10 |
| 866 | tolerations: |
| 867 | glance: |
| 868 | enabled: false |
| 869 | tolerations: |
| 870 | - key: node-role.kubernetes.io/master |
| 871 | operator: Exists |
| 872 | effect: NoSchedule |
Oleksandr Kozachenko | c0022be | 2023-05-23 20:36:21 +0200 | [diff] [blame] | 873 | - key: node-role.kubernetes.io/control-plane |
| 874 | operator: Exists |
| 875 | effect: NoSchedule |
Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 876 | useHostNetwork: |
| 877 | api: false |
| 878 | mounts: |
| 879 | glance_api: |
| 880 | init_container: null |
| 881 | glance_api: |
| 882 | volumeMounts: |
| 883 | volumes: |
| 884 | glance_tests: |
| 885 | init_container: null |
| 886 | glance_tests: |
| 887 | volumeMounts: |
| 888 | volumes: |
| 889 | glance_db_sync: |
| 890 | glance_db_sync: |
| 891 | volumeMounts: |
| 892 | volumes: |
| 893 | replicas: |
| 894 | api: 1 |
| 895 | lifecycle: |
| 896 | upgrades: |
| 897 | deployments: |
| 898 | revision_history: 3 |
| 899 | pod_replacement_strategy: RollingUpdate |
| 900 | rolling_update: |
| 901 | max_unavailable: 1 |
| 902 | max_surge: 3 |
| 903 | disruption_budget: |
| 904 | api: |
| 905 | min_available: 0 |
| 906 | termination_grace_period: |
| 907 | api: |
| 908 | timeout: 30 |
okozachenko1203 | 5aa4849 | 2023-09-05 19:47:07 +1000 | [diff] [blame] | 909 | probes: |
| 910 | api: |
| 911 | glance-api: |
| 912 | readiness: |
| 913 | enabled: true |
| 914 | params: |
Oleksandr Kozachenko | 469612f | 2023-10-04 17:34:40 +0200 | [diff] [blame] | 915 | periodSeconds: 10 |
| 916 | timeoutSeconds: 5 |
okozachenko1203 | 5aa4849 | 2023-09-05 19:47:07 +1000 | [diff] [blame] | 917 | liveness: |
| 918 | enabled: true |
| 919 | params: |
Oleksandr Kozachenko | 469612f | 2023-10-04 17:34:40 +0200 | [diff] [blame] | 920 | initialDelaySeconds: 5 |
| 921 | periodSeconds: 10 |
| 922 | timeoutSeconds: 5 |
Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 923 | resources: |
| 924 | enabled: false |
| 925 | api: |
| 926 | requests: |
| 927 | memory: "128Mi" |
| 928 | cpu: "100m" |
| 929 | limits: |
| 930 | memory: "1024Mi" |
| 931 | cpu: "2000m" |
| 932 | jobs: |
| 933 | storage_init: |
| 934 | requests: |
| 935 | memory: "128Mi" |
| 936 | cpu: "100m" |
| 937 | limits: |
| 938 | memory: "1024Mi" |
| 939 | cpu: "2000m" |
| 940 | metadefs_load: |
| 941 | requests: |
| 942 | memory: "128Mi" |
| 943 | cpu: "100m" |
| 944 | limits: |
| 945 | memory: "1024Mi" |
| 946 | cpu: "2000m" |
| 947 | db_sync: |
| 948 | requests: |
| 949 | memory: "128Mi" |
| 950 | cpu: "100m" |
| 951 | limits: |
| 952 | memory: "1024Mi" |
| 953 | cpu: "2000m" |
| 954 | db_init: |
| 955 | requests: |
| 956 | memory: "128Mi" |
| 957 | cpu: "100m" |
| 958 | limits: |
| 959 | memory: "1024Mi" |
| 960 | cpu: "2000m" |
| 961 | db_drop: |
| 962 | requests: |
| 963 | memory: "128Mi" |
| 964 | cpu: "100m" |
| 965 | limits: |
| 966 | memory: "1024Mi" |
| 967 | cpu: "2000m" |
| 968 | ks_user: |
| 969 | requests: |
| 970 | memory: "128Mi" |
| 971 | cpu: "100m" |
| 972 | limits: |
| 973 | memory: "1024Mi" |
| 974 | cpu: "2000m" |
| 975 | ks_service: |
| 976 | requests: |
| 977 | memory: "128Mi" |
| 978 | cpu: "100m" |
| 979 | limits: |
| 980 | memory: "1024Mi" |
| 981 | cpu: "2000m" |
| 982 | ks_endpoints: |
| 983 | requests: |
| 984 | memory: "128Mi" |
| 985 | cpu: "100m" |
| 986 | limits: |
| 987 | memory: "1024Mi" |
| 988 | cpu: "2000m" |
| 989 | rabbit_init: |
| 990 | requests: |
| 991 | memory: "128Mi" |
| 992 | cpu: "100m" |
| 993 | limits: |
| 994 | memory: "1024Mi" |
| 995 | cpu: "2000m" |
| 996 | bootstrap: |
| 997 | requests: |
| 998 | memory: "128Mi" |
| 999 | cpu: "100m" |
| 1000 | limits: |
| 1001 | memory: "1024Mi" |
| 1002 | cpu: "2000m" |
| 1003 | tests: |
| 1004 | requests: |
| 1005 | memory: "128Mi" |
| 1006 | cpu: "100m" |
| 1007 | limits: |
| 1008 | memory: "1024Mi" |
| 1009 | cpu: "2000m" |
| 1010 | image_repo_sync: |
| 1011 | requests: |
| 1012 | memory: "128Mi" |
| 1013 | cpu: "100m" |
| 1014 | limits: |
| 1015 | memory: "1024Mi" |
| 1016 | cpu: "2000m" |
| 1017 | |
| 1018 | # NOTE(helm_hook): helm_hook might break for helm2 binary. |
| 1019 | # set helm3_hook: false when using the helm2 binary. |
| 1020 | helm3_hook: true |
| 1021 | |
| 1022 | tls: |
| 1023 | identity: false |
| 1024 | oslo_messaging: false |
| 1025 | oslo_db: false |
| 1026 | |
| 1027 | manifests: |
| 1028 | certificates: false |
| 1029 | configmap_bin: true |
| 1030 | configmap_etc: true |
| 1031 | deployment_api: true |
| 1032 | ingress_api: true |
| 1033 | job_bootstrap: true |
| 1034 | job_clean: true |
| 1035 | job_db_init: true |
| 1036 | job_db_sync: true |
| 1037 | job_db_drop: false |
| 1038 | job_image_repo_sync: true |
| 1039 | job_ks_endpoints: true |
| 1040 | job_ks_service: true |
| 1041 | job_ks_user: true |
| 1042 | job_storage_init: true |
| 1043 | job_metadefs_load: true |
| 1044 | job_rabbit_init: true |
| 1045 | pdb_api: true |
| 1046 | pod_rally_test: true |
| 1047 | pvc_images: true |
| 1048 | network_policy: false |
| 1049 | secret_db: true |
| 1050 | secret_ingress_tls: true |
| 1051 | secret_keystone: true |
| 1052 | secret_rabbitmq: true |
| 1053 | secret_registry: true |
| 1054 | service_ingress_api: true |
| 1055 | service_api: true |
okozachenko1203 | 5aa4849 | 2023-09-05 19:47:07 +1000 | [diff] [blame] | 1056 | |
| 1057 | # NOTE: This is for enable helm resource-policy to keep glance-images PVC. |
| 1058 | # set keep_pvc: true when allow helm resource-policy to keep for PVC. |
| 1059 | # This will requires mannual delete for PVC. |
| 1060 | # set keep_pvc: false when disallow helm resource-policy to keep for PVC. |
| 1061 | # This will allow helm to delete the PVC. |
| 1062 | keep_pvc: true |
Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 1063 | ... |