charts/ironic/values.yaml

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Default values for ironic.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value

---
release_group: null

helm3_hook: true

labels:
  api:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled
  conductor:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled
  job:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled

images:
  tags:
    ironic_manage_cleaning_network: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
    ironic_retrive_cleaning_network: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
    ironic_retrive_swift_config: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
    # Bootstrap image requires curl
    bootstrap: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
    db_drop: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
    db_init: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
    ironic_db_sync: docker.io/openstackhelm/ironic:2024.1-ubuntu_jammy
    ks_user: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
    ks_service: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
    ks_endpoints: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
    rabbit_init: docker.io/rabbitmq:3.13-management
    ironic_api: docker.io/openstackhelm/ironic:2024.1-ubuntu_jammy
    ironic_conductor: docker.io/openstackhelm/ironic:2024.1-ubuntu_jammy
    ironic_pxe: docker.io/openstackhelm/ironic:2024.1-ubuntu_jammy
    ironic_pxe_init: docker.io/openstackhelm/ironic:2024.1-ubuntu_jammy
    ironic_pxe_http: docker.io/nginx:1.13.3
    dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
    image_repo_sync: docker.io/docker:17.07.0
  pull_policy: "IfNotPresent"
  local_registry:
    active: false
    exclude:
      - dep_check
      - image_repo_sync

conf:
  paste:
    override:
    append:
  policy: {}
  tftp_map_file: |
    re ^(/tftpboot/) /tftpboot/\2
    re ^/tftpboot/ /tftpboot/
    re ^(^/) /tftpboot/\1
    re ^([^/]) /tftpboot/\1
  nginx: |
    user  nginx;
    worker_processes  1;
    error_log  /var/log/nginx/error.log warn;
    pid        /var/run/nginx.pid;
    events {
        worker_connections  1024;
    }
    http {
        include       /etc/nginx/mime.types;
        default_type  application/octet-stream;
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
        access_log  /var/log/nginx/access.log  main;
        sendfile        on;
        #tcp_nopush     on;
        keepalive_timeout  65;
        #gzip  on;
        server {
          listen       OSH_PXE_IP:{{ tuple "baremetal" "internal" "pxe_http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }};
          server_name  localhost;
          #charset koi8-r;
          #access_log  /var/log/nginx/host.access.log  main;
          location / {
              root   /var/lib/openstack-helm/httpboot;
          }
        }
    }
  ironic:
    DEFAULT:
      log_config_append: /etc/ironic/logging.conf
    api:
      port: null
    conductor:
      api_url: null
    database:
      connection: null
      max_retries: -1
    deploy:
      http_root: /var/lib/openstack-helm/httpboot
    glance:
      auth_type: password
      swift_temp_url_duration: 86400
      temp_url_endpoint_type: swift
      swift_container: glance
      swift_api_version: v1
      auth_section: glance
    inspector:
      auth_type: password
    keystone_authtoken:
      service_token_roles: service
      service_token_roles_required: true
      auth_type: password
      auth_version: v3
    neutron:
      auth_type: password
    pxe:
      pxe_append_params: "nofb nomodeset vga=normal ipa-debug=1"
      images_path: /var/lib/openstack-helm/ironic/images
      instance_master_path: /var/lib/openstack-helm/ironic/master_images
      pxe_config_template: $pybasedir/drivers/modules/ipxe_config.template
      uefi_pxe_config_template: $pybasedir/drivers/modules/ipxe_config.template
      tftp_root: /var/lib/openstack-helm/tftpboot
      tftp_master_path: /var/lib/openstack-helm/tftpboot/master_images
      pxe_bootfile_name: undionly.kpxe
      uefi_pxe_bootfile_name: ipxe.efi
      ipxe_enabled: true
    service_catalog:
      auth_type: password
    service_user:
      auth_type: password
      send_service_user_token: true
    swift:
      auth_url: null
    oslo_policy:
      policy_file: /etc/ironic/policy.yaml
  logging:
    loggers:
      keys:
        - root
        - ironic
    handlers:
      keys:
        - stdout
        - stderr
        - "null"
    formatters:
      keys:
        - context
        - default
    logger_root:
      level: WARNING
      handlers: 'null'
    logger_ironic:
      level: INFO
      handlers:
        - stdout
      qualname: ironic
    logger_amqp:
      level: WARNING
      handlers: stderr
      qualname: amqp
    logger_amqplib:
      level: WARNING
      handlers: stderr
      qualname: amqplib
    logger_eventletwsgi:
      level: WARNING
      handlers: stderr
      qualname: eventlet.wsgi.server
    logger_sqlalchemy:
      level: WARNING
      handlers: stderr
      qualname: sqlalchemy
    logger_boto:
      level: WARNING
      handlers: stderr
      qualname: boto
    handler_null:
      class: logging.NullHandler
      formatter: default
      args: ()
    handler_stdout:
      class: StreamHandler
      args: (sys.stdout,)
      formatter: context
    handler_stderr:
      class: StreamHandler
      args: (sys.stderr,)
      formatter: context
    formatter_context:
      class: oslo_log.formatters.ContextFormatter
      datefmt: "%Y-%m-%d %H:%M:%S"
    formatter_default:
      format: "%(message)s"
      datefmt: "%Y-%m-%d %H:%M:%S"

conductor:
  http:
    enabled: true
    init_script: |
      #!/bin/bash
      set -ex
      if [ "x" == "x${PROVISIONER_INTERFACE}" ]; then
        echo "Provisioner interface is not set"
        exit 1
      fi

      function net_pxe_addr {
       ip addr | awk "/inet / && /${PROVISIONER_INTERFACE}/{print \$2; exit }"
      }
      function net_pxe_ip {
       echo $(net_pxe_addr) | awk -F '/' '{ print $1; exit }'
      }
      PXE_IP=$(net_pxe_ip)

      if [ "x" == "x${PXE_IP}" ]; then
        echo "Could not find IP for pxe to bind to"
        exit 1
      fi

      sed "s|OSH_PXE_IP|${PXE_IP}|g" /etc/nginx/nginx.conf > /tmp/pod-shared/nginx.conf
    script: |
      #!/bin/bash
      set -ex
      mkdir -p /var/lib/openstack-helm/httpboot
      cp -v /tmp/pod-shared/nginx.conf /etc/nginx/nginx.conf
      exec nginx -g 'daemon off;'
  pxe:
    enabled: true
    init_script: |
      #!/bin/bash
      set -ex
      # default to Ubuntu path
      FILEPATH=${FILEPATH:-/usr/lib/ipxe}

      mkdir -p /var/lib/openstack-helm/tftpboot
      mkdir -p /var/lib/openstack-helm/tftpboot/master_images

      for FILE in undionly.kpxe ipxe.efi pxelinux.0 snponly.efi; do
        # copy in default file
        if [ -f $FILEPATH/$FILE ]; then
          cp -v $FILEPATH/$FILE /var/lib/openstack-helm/tftpboot
        fi

      done
    script: |
      #!/bin/bash
      set -ex
      function net_pxe_addr {
       ip addr | awk "/inet / && /${PROVISIONER_INTERFACE}/{print \$2; exit }"
      }
      function net_pxe_ip {
       echo $(net_pxe_addr) | awk -F '/' '{ print $1; exit }'
      }
      PXE_IP=$(net_pxe_ip)

      if [ "x" == "x${PXE_IP}" ]; then
        echo "Could not find IP for pxe to bind to"
        exit 1
      fi

      ln -s /var/lib/openstack-helm/tftpboot /tftpboot
      exec /usr/sbin/in.tftpd \
        --verbose \
        --foreground \
        --user root \
        --address ${PXE_IP}:69 \
        --map-file /tftp-map-file /tftpboot

network:
  pxe:
    device: ironic-pxe
    neutron_network_name: baremetal
    neutron_subnet_name: baremetal
    neutron_provider_network: ironic
    neutron_subnet_gateway: 172.24.6.1/24
    neutron_subnet_cidr: 172.24.6.0/24
    neutron_subnet_alloc_start: 172.24.6.100
    neutron_subnet_alloc_end: 172.24.6.200
    neutron_subnet_dns_nameserver: 10.96.0.10
  api:
    ingress:
      public: true
      classes:
        namespace: "nginx"
        cluster: "nginx-cluster"
      annotations:
        nginx.ingress.kubernetes.io/rewrite-target: /
    node_port:
      enabled: false
      port: 30511

bootstrap:
  image:
    enabled: true
    openstack:
      enabled: true
      ks_user: ironic
    # NOTE: if source_base is null the source will be used as is
    source_base: http://tarballs.openstack.org/ironic-python-agent/tinyipa/files
    structured:
      ironic-agent.initramfs:
        source: tinyipa-stable-wallaby.gz
        disk_format: ari
        container_format: ari
      ironic-agent.kernel:
        source: tinyipa-stable-wallaby.vmlinuz
        disk_format: aki
        container_format: aki
  network:
    enabled: true
    openstack:
      enabled: true
  object_store:
    enabled: true
    openstack:
      enabled: true

dependencies:
  dynamic:
    common:
      local_image_registry:
        jobs:
          - ironic-image-repo-sync
        services:
          - endpoint: node
            service: local_image_registry
  static:
    api:
      jobs:
        - ironic-db-sync
        - ironic-ks-user
        - ironic-ks-endpoints
        - ironic-manage-cleaning-network
        - ironic-rabbit-init
      services:
        - endpoint: internal
          service: oslo_db
        - endpoint: internal
          service: identity
        - endpoint: internal
          service: oslo_messaging
    bootstrap:
      jobs: null
      services:
        - endpoint: internal
          service: identity
        - endpoint: internal
          service: image
        - endpoint: internal
          service: baremetal
    conductor:
      jobs:
        - ironic-db-sync
        - ironic-ks-user
        - ironic-ks-endpoints
        - ironic-manage-cleaning-network
        - ironic-rabbit-init
      services:
        - endpoint: internal
          service: oslo_db
        - endpoint: internal
          service: identity
        - endpoint: internal
          service: baremetal
        - endpoint: internal
          service: oslo_messaging
    db_drop:
      services:
        - endpoint: internal
          service: oslo_db
    db_init:
      services:
        - endpoint: internal
          service: oslo_db
    db_sync:
      jobs:
        - ironic-db-init
      services:
        - endpoint: internal
          service: oslo_db
    ks_endpoints:
      jobs:
        - ironic-ks-service
      services:
        - endpoint: internal
          service: identity
    ks_service:
      services:
        - endpoint: internal
          service: identity
    ks_user:
      services:
        - endpoint: internal
          service: identity
    rabbit_init:
      services:
      - endpoint: internal
        service: oslo_messaging
    manage_cleaning_network:
      services:
        - endpoint: internal
          service: network
    image_repo_sync:
      services:
        - endpoint: internal
          service: local_image_registry

# Names of secrets used by bootstrap and environmental checks
secrets:
  identity:
    admin: ironic-keystone-admin
    ironic: ironic-keystone-user
    glance: ironic-glance-keystone-user
  oslo_db:
    admin: ironic-db-admin
    ironic: ironic-db-user
  oslo_messaging:
    admin: ironic-rabbitmq-admin
    ironic: ironic-rabbitmq-user
  oci_image_registry:
    ironic: ironic-oci-image-registry

# typically overridden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
  cluster_domain_suffix: cluster.local
  local_image_registry:
    name: docker-registry
    namespace: docker-registry
    hosts:
      default: localhost
      internal: docker-registry
      node: localhost
    host_fqdn_override:
      default: null
    port:
      registry:
        node: 5000
  oci_image_registry:
    name: oci-image-registry
    namespace: oci-image-registry
    auth:
      enabled: false
      ironic:
        username: ironic
        password: password
    hosts:
      default: localhost
    host_fqdn_override:
      default: null
    port:
      registry:
        default: null
  identity:
    name: keystone
    auth:
      admin:
        region_name: RegionOne
        username: admin
        password: password
        project_name: admin
        user_domain_name: default
        project_domain_name: default
      glance:
        role: admin,service
        region_name: RegionOne
        username: glance
        password: password
        project_name: service
        user_domain_name: service
        project_domain_name: service
      ironic:
        role: admin,service
        region_name: RegionOne
        username: ironic
        password: password
        project_name: service
        user_domain_name: service
        project_domain_name: service
    hosts:
      default: keystone
      internal: keystone-api
    host_fqdn_override:
      default: null
    path:
      default: /v3
    scheme:
      default: http
    port:
      api:
        default: 80
        internal: 5000
  baremetal:
    name: ironic
    hosts:
      default: ironic-api
      public: ironic
    host_fqdn_override:
      default: null
    path:
      default: null
    scheme:
      default: http
    port:
      api:
        default: 6385
        public: 80
      pxe_http:
        default: 8080
  image:
    name: glance
    hosts:
      default: glance-api
      public: glance
    host_fqdn_override:
      default: null
    path:
      default: null
    scheme:
      default: http
    port:
      api:
        default: 9292
        public: 80
  oslo_db:
    auth:
      admin:
        username: root
        password: password
      ironic:
        username: ironic
        password: password
    hosts:
      default: mariadb
    host_fqdn_override:
      default: null
    path: /ironic
    scheme: mysql+pymysql
    port:
      mysql:
        default: 3306
  oslo_cache:
    auth:
      # NOTE(portdirect): this is used to define the value for keystone
      # authtoken cache encryption key, if not set it will be populated
      # automatically with a random value, but to take advantage of
      # this feature all services should be set to use the same key,
      # and memcache service.
      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
      default: null
    port:
      memcache:
        default: 11211
  oslo_messaging:
    auth:
      admin:
        username: rabbitmq
        password: password
      ironic:
        username: ironic
        password: password
    statefulset:
      replicas: 2
      name: rabbitmq-rabbitmq
    hosts:
      default: rabbitmq
    host_fqdn_override:
      default: null
    path: /ironic
    scheme: rabbit
    port:
      amqp:
        default: 5672
      http:
        default: 15672
  network:
    name: neutron
    hosts:
      default: neutron-server
      public: neutron
    host_fqdn_override:
      default: null
    path:
      default: null
    scheme:
      default: 'http'
    port:
      api:
        default: 9696
        public: 80
  object_store:
    name: swift
    namespace: ceph
    auth:
      glance:
        tmpurlkey: supersecret
    hosts:
      default: ceph-rgw
    host_fqdn_override:
      default: null
    path:
      default: /swift/v1/KEY_$(tenant_id)s
    scheme:
      default: http
    port:
      api:
        default: 8088
  fluentd:
    namespace: null
    name: fluentd
    hosts:
      default: fluentd-logging
    host_fqdn_override:
      default: null
    path:
      default: null
    scheme: 'http'
    port:
      service:
        default: 24224
      metrics:
        default: 24220

pod:
  priorityClassName:
    ironic_api: null
    ironic_conductor: null
    bootstrap: null
    db_sync: null
  runtimeClassName:
    ironic_api: null
    ironic_conductor: null
    bootstrap: null
    db_sync: null
  affinity:
    anti:
      type:
        default: preferredDuringSchedulingIgnoredDuringExecution
      topologyKey:
        default: kubernetes.io/hostname
      weight:
        default: 10
  tolerations:
    ironic:
      enabled: false
      tolerations:
        - key: node-role.kubernetes.io/master
          operator: Exists
          effect: NoSchedule
        - key: node-role.kubernetes.io/control-plane
          operator: Exists
          effect: NoSchedule
  mounts:
    ironic_api:
      init_container: null
      ironic_api:
        volumeMounts:
        volumes:
    ironic_conductor:
      init_container: null
      ironic_conductor:
        volumeMounts:
        volumes:
    ironic_bootstrap:
      init_container: null
      ironic_bootstrap:
        volumeMounts:
        volumes:
    ironic_db_sync:
      ironic_db_sync:
        volumeMounts:
        volumes:
  replicas:
    api: 1
    conductor: 1
  lifecycle:
    upgrades:
      deployments:
        revision_history: 3
        pod_replacement_strategy: RollingUpdate
        rolling_update:
          max_unavailable: 1
          max_surge: 3
    disruption_budget:
      api:
        min_available: 0
    termination_grace_period:
      api:
        timeout: 30
  resources:
    enabled: false
    api:
      requests:
        memory: "128Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    conductor:
      requests:
        memory: "128Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    jobs:
      bootstrap:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      db_drop:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      db_init:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      db_sync:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      ks_endpoints:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      ks_service:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      ks_user:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      rabbit_init:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      tests:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      image_repo_sync:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
  useHostNetwork:
    conductor: true
  useHostIPC:
    conductor: true

network_policy:
  ironic:
    ingress:
      - {}
    egress:
      - {}

manifests:
  configmap_bin: true
  configmap_etc: true
  deployment_api: true
  ingress_api: true
  job_bootstrap: true
  job_db_drop: false
  job_db_init: true
  job_db_sync: true
  job_image_repo_sync: true
  job_ks_endpoints: true
  job_ks_service: true
  job_ks_user: true
  job_manage_cleaning_network: true
  job_rabbit_init: true
  pdb_api: true
  network_policy: false
  secret_db: true
  secret_keystone: true
  secret_rabbitmq: true
  secret_registry: true
  service_api: true
  service_ingress_api: true
  statefulset_conductor: true
...