Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/2023.2 / . / charts / heat / values.yaml
blob: e242d7d3249ae95e50fab8ab3759ce54e6240d7f [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for heat.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21labels:
22 api:
23 node_selector_key: openstack-control-plane
24 node_selector_value: enabled
25 cfn:
26 node_selector_key: openstack-control-plane
27 node_selector_value: enabled
28 cloudwatch:
29 node_selector_key: openstack-control-plane
30 node_selector_value: enabled
31 engine:
32 node_selector_key: openstack-control-plane
33 node_selector_value: enabled
34 job:
35 node_selector_key: openstack-control-plane
36 node_selector_value: enabled
37 test:
38 node_selector_key: openstack-control-plane
39 node_selector_value: enabled
40
41images:
42 tags:
43 test: docker.io/xrally/xrally-openstack:2.0.0
44 bootstrap: docker.io/openstackhelm/heat:stein-ubuntu_bionic
45 db_init: docker.io/openstackhelm/heat:stein-ubuntu_bionic
46 heat_db_sync: docker.io/openstackhelm/heat:stein-ubuntu_bionic
47 db_drop: docker.io/openstackhelm/heat:stein-ubuntu_bionic
48 rabbit_init: docker.io/rabbitmq:3.7-management
49 ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
50 ks_service: docker.io/openstackhelm/heat:stein-ubuntu_bionic
51 ks_endpoints: docker.io/openstackhelm/heat:stein-ubuntu_bionic
52 heat_api: docker.io/openstackhelm/heat:stein-ubuntu_bionic
53 heat_cfn: docker.io/openstackhelm/heat:stein-ubuntu_bionic
54 heat_cloudwatch: docker.io/openstackhelm/heat:stein-ubuntu_bionic
55 heat_engine: docker.io/openstackhelm/heat:stein-ubuntu_bionic
56 heat_engine_cleaner: docker.io/openstackhelm/heat:stein-ubuntu_bionic
57 heat_purge_deleted: docker.io/openstackhelm/heat:stein-ubuntu_bionic
58 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
59 image_repo_sync: docker.io/docker:17.07.0
60 pull_policy: "IfNotPresent"
61 local_registry:
62 active: false
63 exclude:
64 - dep_check
65 - image_repo_sync
66
67jobs:
68 engine_cleaner:
69 cron: "*/5 * * * *"
70 starting_deadline: 600
71 history:
72 success: 3
73 failed: 1
74
75 purge_deleted:
76 cron: "20 */24 * * *"
77 purge_age: 60
78 history:
79 success: 3
80 failed: 1
81
82conf:
83 rally_tests:
84 run_tempest: false
85 tests:
86 HeatStacks.create_update_delete_stack:
87 - args:
88 template_path: /tmp/rally-jobs/random_strings.yaml
89 updated_template_path: /tmp/rally-jobs/updated_random_strings_replace.yaml
90 runner:
91 concurrency: 1
92 times: 1
93 type: constant
94 sla:
95 failure_rate:
96 max: 0
97 HeatStacks.create_check_delete_stack:
98 - args:
99 template_path: /tmp/rally-jobs/random_strings.yaml
100 runner:
101 concurrency: 1
102 times: 1
103 type: constant
104 sla:
105 failure_rate:
106 max: 0
107 HeatStacks.create_and_delete_stack:
108 - args:
109 template_path: /tmp/rally-jobs/resource_group_with_constraint.yaml
110 runner:
111 concurrency: 1
112 times: 1
113 type: constant
114 sla:
115 failure_rate:
116 max: 0
117 HeatStacks.create_and_list_stack:
118 - args:
119 template_path: /tmp/rally-jobs/default.yaml
120 runner:
121 concurrency: 1
122 times: 1
123 type: constant
124 sla:
125 failure_rate:
126 max: 0
127 HeatStacks.create_snapshot_restore_delete_stack:
128 - args:
129 template_path: /tmp/rally-jobs/random_strings.yaml
130 runner:
131 concurrency: 1
132 times: 1
133 type: constant
134 sla:
135 failure_rate:
136 max: 0
137 HeatStacks.create_stack_and_list_output:
138 - args:
139 template_path: /tmp/rally-jobs/resource_group_with_outputs.yaml
140 runner:
141 concurrency: 1
142 times: 1
143 type: constant
144 sla:
145 failure_rate:
146 max: 0
147 HeatStacks.create_stack_and_list_output_via_API:
148 - args:
149 template_path: /tmp/rally-jobs/resource_group_with_outputs.yaml
150 runner:
151 concurrency: 1
152 times: 1
153 type: constant
154 sla:
155 failure_rate:
156 max: 0
157 templates:
158 - name: /tmp/rally-jobs/default.yaml
159 template: |
160 heat_template_version: 2014-10-16
161 - name: /tmp/rally-jobs/random_strings.yaml
162 template: |
163 heat_template_version: 2014-10-16
164 description: Test template for rally create-update-delete scenario
165 resources:
166 test_string_one:
167 type: OS::Heat::RandomString
168 properties:
169 length: 20
170 test_string_two:
171 type: OS::Heat::RandomString
172 properties:
173 length: 20
174 - name: /tmp/rally-jobs/resource_group_with_constraint.yaml
175 template: |
176 heat_template_version: 2013-05-23
177 description: Template for testing caching.
178 parameters:
179 count:
180 type: number
181 default: 40
182 delay:
183 type: number
184 default: 0.1
185 resources:
186 rg:
187 type: OS::Heat::ResourceGroup
188 properties:
189 count:
190 get_param: count
191 resource_def:
192 type: OS::Heat::TestResource
193 properties:
194 constraint_prop_secs:
195 get_param: delay
196 - name: /tmp/rally-jobs/resource_group_with_outputs.yaml
197 template: |
198 heat_template_version: 2013-05-23
199 parameters:
200 attr_wait_secs:
201 type: number
202 default: 0.5
203 resources:
204 rg:
205 type: OS::Heat::ResourceGroup
206 properties:
207 count: 10
208 resource_def:
209 type: OS::Heat::TestResource
210 properties:
211 attr_wait_secs:
212 get_param: attr_wait_secs
213 outputs:
214 val1:
215 value:
216 get_attr:
217 - rg
218 - resource.0.output
219 val2:
220 value:
221 get_attr:
222 - rg
223 - resource.1.output
224 val3:
225 value:
226 get_attr:
227 - rg
228 - resource.2.output
229 val4:
230 value:
231 get_attr:
232 - rg
233 - resource.3.output
234 val5:
235 value:
236 get_attr:
237 - rg
238 - resource.4.output
239 val6:
240 value:
241 get_attr:
242 - rg
243 - resource.5.output
244 val7:
245 value:
246 get_attr:
247 - rg
248 - resource.6.output
249 val8:
250 value:
251 get_attr:
252 - rg
253 - resource.7.output
254 val9:
255 value:
256 get_attr:
257 - rg
258 - resource.8.output
259 val10:
260 value:
261 get_attr:
262 - rg
263 - resource.9.output
264 - name: /tmp/rally-jobs/updated_random_strings_replace.yaml
265 template: |
266 heat_template_version: 2014-10-16
267 description: |
268 Test template for create-update-delete-stack scenario in rally.
269 The template deletes one resource from the stack defined by
270 random-strings.yaml.template and re-creates it with the updated parameters
271 (so-called update-replace). That happens because some parameters cannot be
272 changed without resource re-creation. The template allows to measure performance
273 of update-replace operation.
274 resources:
275 test_string_one:
276 type: OS::Heat::RandomString
277 properties:
278 length: 20
279 test_string_two:
280 type: OS::Heat::RandomString
281 properties:
282 length: 40
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]283 paste:
284 pipeline:heat-api:
285 pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken audit context apiv1app
286 pipeline:heat-api-standalone:
287 pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app
288 pipeline:heat-api-custombackend:
289 pipeline: cors request_id faultwrap versionnegotiation context custombackendauth apiv1app
290 pipeline:heat-api-cfn:
291 pipeline: cors http_proxy_to_wsgi cfnversionnegotiation osprofiler ec2authtoken authtoken audit context apicfnv1app
292 pipeline:heat-api-cfn-standalone:
293 pipeline: cors http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app
294 pipeline:heat-api-cloudwatch:
295 pipeline: cors versionnegotiation osprofiler ec2authtoken authtoken audit context apicwapp
296 pipeline:heat-api-cloudwatch-standalone:
297 pipeline: cors versionnegotiation ec2authtoken context apicwapp
298 app:apiv1app:
299 paste.app_factory: heat.common.wsgi:app_factory
300 heat.app_factory: heat.api.openstack.v1:API
301 app:apicfnv1app:
302 paste.app_factory: heat.common.wsgi:app_factory
303 heat.app_factory: heat.api.cfn.v1:API
304 app:apicwapp:
305 paste.app_factory: heat.common.wsgi:app_factory
306 heat.app_factory: heat.api.cloudwatch:API
307 filter:versionnegotiation:
308 paste.filter_factory: heat.common.wsgi:filter_factory
309 heat.filter_factory: heat.api.openstack:version_negotiation_filter
310 filter:cors:
311 paste.filter_factory: oslo_middleware.cors:filter_factory
312 oslo_config_project: heat
313 filter:faultwrap:
314 paste.filter_factory: heat.common.wsgi:filter_factory
315 heat.filter_factory: heat.api.openstack:faultwrap_filter
316 filter:cfnversionnegotiation:
317 paste.filter_factory: heat.common.wsgi:filter_factory
318 heat.filter_factory: heat.api.cfn:version_negotiation_filter
319 filter:cwversionnegotiation:
320 paste.filter_factory: heat.common.wsgi:filter_factory
321 heat.filter_factory: heat.api.cloudwatch:version_negotiation_filter
322 filter:context:
323 paste.filter_factory: heat.common.context:ContextMiddleware_filter_factory
324 filter:ec2authtoken:
325 paste.filter_factory: heat.api.aws.ec2token:EC2Token_filter_factory
326 filter:http_proxy_to_wsgi:
327 paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
328 filter:authurl:
329 paste.filter_factory: heat.common.auth_url:filter_factory
330 filter:authtoken:
331 paste.filter_factory: keystonemiddleware.auth_token:filter_factory
332 filter:authpassword:
333 paste.filter_factory: heat.common.auth_password:filter_factory
334 filter:custombackendauth:
335 paste.filter_factory: heat.common.custom_backend_auth:filter_factory
336 filter:audit:
337 paste.filter_factory: keystonemiddleware.audit:filter_factory
338 audit_map_file: /etc/heat/api_audit_map.conf
339 filter:request_id:
340 paste.filter_factory: oslo_middleware.request_id:RequestId.factory
341 filter:osprofiler:
342 paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]343 policy: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]344 heat:
345 DEFAULT:
346 log_config_append: /etc/heat/logging.conf
347 num_engine_workers: 1
348 trusts_delegated_roles: ""
349 host: heat-engine
350 keystone_authtoken:
351 auth_type: password
352 auth_version: v3
353 memcache_security_strategy: ENCRYPT
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]354 service_type: orchestration
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]355 database:
356 max_retries: -1
357 trustee:
358 auth_type: password
359 auth_version: v3
360 heat_api:
361 # NOTE(portdirect): the bind port should not be defined, and is manipulated
362 # via the endpoints section.
363 bind_port: null
364 workers: 1
365 heat_api_cloudwatch:
366 # NOTE(portdirect): the bind port should not be defined, and is manipulated
367 # via the endpoints section.
368 bind_port: null
369 workers: 1
370 heat_api_cfn:
371 # NOTE(portdirect): the bind port should not be defined, and is manipulated
372 # via the endpoints section.
373 bind_port: null
374 workers: 1
375 paste_deploy:
376 api_paste_config: /etc/heat/api-paste.ini
377 clients:
378 endpoint_type: internalURL
379 clients_heat:
380 endpoint_type: publicURL
381 clients_keystone:
382 endpoint_type: internalURL
383 oslo_messaging_notifications:
384 driver: messagingv2
385 oslo_middleware:
386 enable_proxy_headers_parsing: true
387 oslo_messaging_rabbit:
388 rabbit_ha_queues: True
389 oslo_policy:
390 policy_file: /etc/heat/policy.yaml
391 api_audit_map:
392 DEFAULT:
393 target_endpoint_type: None
394 path_keywords:
395 stacks: stack
396 resources: resource
397 preview: None
398 detail: None
399 abandon: None
400 snapshots: snapshot
401 restore: None
402 outputs: output
403 metadata: server
404 signal: None
405 events: event
406 template: None
407 template_versions: template_version
408 functions: None
409 validate: None
410 resource_types: resource_type
411 build_info: None
412 actions: None
413 software_configs: software_config
414 software_deployments: software_deployment
415 services: None
416 service_endpoints:
417 orchestration:service/orchestration
418 logging:
419 loggers:
420 keys:
421 - root
422 - heat
423 handlers:
424 keys:
425 - stdout
426 - stderr
427 - "null"
428 formatters:
429 keys:
430 - context
431 - default
432 logger_root:
433 level: WARNING
434 handlers: 'null'
435 logger_heat:
436 level: INFO
437 handlers:
438 - stdout
439 qualname: heat
440 logger_amqp:
441 level: WARNING
442 handlers: stderr
443 qualname: amqp
444 logger_amqplib:
445 level: WARNING
446 handlers: stderr
447 qualname: amqplib
448 logger_eventletwsgi:
449 level: WARNING
450 handlers: stderr
451 qualname: eventlet.wsgi.server
452 logger_sqlalchemy:
453 level: WARNING
454 handlers: stderr
455 qualname: sqlalchemy
456 logger_boto:
457 level: WARNING
458 handlers: stderr
459 qualname: boto
460 handler_null:
461 class: logging.NullHandler
462 formatter: default
463 args: ()
464 handler_stdout:
465 class: StreamHandler
466 args: (sys.stdout,)
467 formatter: context
468 handler_stderr:
469 class: StreamHandler
470 args: (sys.stderr,)
471 formatter: context
472 formatter_context:
473 class: oslo_log.formatters.ContextFormatter
474 datefmt: "%Y-%m-%d %H:%M:%S"
475 formatter_default:
476 format: "%(message)s"
477 datefmt: "%Y-%m-%d %H:%M:%S"
Mohammed Naser134eac32023-10-04 15:43:54 -0400[diff] [blame]478
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]479 rabbitmq:
480 # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
481 policies:
482 - vhost: "heat"
483 name: "ha_ttl_heat"
484 definition:
485 # mirror messges to other nodes in rmq cluster
486 ha-mode: "all"
487 ha-sync-mode: "automatic"
488 # 70s
489 message-ttl: 70000
490 priority: 0
491 apply-to: all
492 pattern: '^(?!(amq\.|reply_)).*'
Oleksandr Kozachenko92a39f12023-10-03 15:25:15 +0200[diff] [blame]493 heat_api_uwsgi:
494 uwsgi:
495 add-header: "Connection: close"
496 buffer-size: 65535
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400[diff] [blame]497 chunked-input-limit: "4096000"
Oleksandr Kozachenko92a39f12023-10-03 15:25:15 +0200[diff] [blame]498 die-on-term: true
499 enable-threads: true
500 exit-on-reload: false
501 hook-master-start: unix_signal:15 gracefully_kill_them_all
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400[diff] [blame]502 http-auto-chunked: true
503 http-raw-body: true
Oleksandr Kozachenko92a39f12023-10-03 15:25:15 +0200[diff] [blame]504 lazy-apps: true
505 log-x-forwarded-for: true
506 master: true
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400[diff] [blame]507 need-app: true
Oleksandr Kozachenko92a39f12023-10-03 15:25:15 +0200[diff] [blame]508 procname-prefix-spaced: "heat-api:"
509 route-user-agent: '^kube-probe.* donotlog:'
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400[diff] [blame]510 socket-timeout: 10
Oleksandr Kozachenko92a39f12023-10-03 15:25:15 +0200[diff] [blame]511 thunder-lock: true
512 worker-reload-mercy: 80
513 wsgi-file: /var/lib/openstack/bin/heat-wsgi-api
514 heat_api_cfn_uwsgi:
515 uwsgi:
516 add-header: "Connection: close"
517 buffer-size: 65535
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400[diff] [blame]518 chunked-input-limit: 4096000
Oleksandr Kozachenko92a39f12023-10-03 15:25:15 +0200[diff] [blame]519 die-on-term: true
520 enable-threads: true
521 exit-on-reload: false
522 hook-master-start: unix_signal:15 gracefully_kill_them_all
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400[diff] [blame]523 http-auto-chunked: true
524 http-raw-body: true
Oleksandr Kozachenko92a39f12023-10-03 15:25:15 +0200[diff] [blame]525 lazy-apps: true
526 log-x-forwarded-for: true
527 master: true
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400[diff] [blame]528 need-app: true
Oleksandr Kozachenko92a39f12023-10-03 15:25:15 +0200[diff] [blame]529 procname-prefix-spaced: "heat-api-cfn:"
530 route-user-agent: '^kube-probe.* donotlog:'
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400[diff] [blame]531 socket-timeout: 10
Oleksandr Kozachenko92a39f12023-10-03 15:25:15 +0200[diff] [blame]532 thunder-lock: true
533 worker-reload-mercy: 80
534 wsgi-file: /var/lib/openstack/bin/heat-wsgi-api-cfn
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]535
536network:
537 api:
538 ingress:
539 public: true
540 classes:
541 namespace: "nginx"
542 cluster: "nginx-cluster"
543 annotations:
544 nginx.ingress.kubernetes.io/rewrite-target: /
545 external_policy_local: false
546 node_port:
547 enabled: false
548 port: 30004
549 cfn:
550 ingress:
551 public: true
552 classes:
553 namespace: "nginx"
554 cluster: "nginx-cluster"
555 annotations:
556 nginx.ingress.kubernetes.io/rewrite-target: /
557 node_port:
558 enabled: false
559 port: 30800
560 cloudwatch:
561 ingress:
562 public: true
563 classes:
564 namespace: "nginx"
565 cluster: "nginx-cluster"
566 annotations:
567 nginx.ingress.kubernetes.io/rewrite-target: /
568 node_port:
569 enabled: false
570 port: 30003
571
572bootstrap:
573 enabled: true
574 ks_user: admin
575 script: |
576 #NOTE(portdirect): The Orchestration service automatically assigns the
577 # 'heat_stack_user' role to users that it creates during stack deployment.
578 # By default, this role restricts API operations. To avoid conflicts, do
579 # not add this role to actual users.
580 openstack role create --or-show heat_stack_user
581
582dependencies:
583 dynamic:
584 common:
585 local_image_registry:
586 jobs:
587 - heat-image-repo-sync
588 services:
589 - endpoint: node
590 service: local_image_registry
591 static:
592 api:
593 jobs:
594 - heat-db-sync
595 - heat-rabbit-init
596 - heat-ks-user
597 - heat-trustee-ks-user
598 - heat-domain-ks-user
599 - heat-ks-endpoints
600 - heat-bootstrap
601 services:
602 - endpoint: internal
603 service: oslo_db
604 - endpoint: internal
605 service: oslo_messaging
606 - endpoint: internal
607 service: identity
608 cfn:
609 jobs:
610 - heat-db-sync
611 - heat-rabbit-init
612 - heat-ks-user
613 - heat-trustee-ks-user
614 - heat-domain-ks-user
615 - heat-ks-endpoints
616 - heat-bootstrap
617 services:
618 - endpoint: internal
619 service: oslo_db
620 - endpoint: internal
621 service: oslo_messaging
622 - endpoint: internal
623 service: identity
624 cloudwatch:
625 jobs:
626 - heat-db-sync
627 - heat-rabbit-init
628 - heat-ks-user
629 - heat-trustee-ks-user
630 - heat-domain-ks-user
631 - heat-ks-endpoints
632 - heat-bootstrap
633 services:
634 - endpoint: internal
635 service: oslo_db
636 - endpoint: internal
637 service: oslo_messaging
638 - endpoint: internal
639 service: identity
640 db_drop:
641 services:
642 - endpoint: internal
643 service: oslo_db
644 db_init:
645 services:
646 - endpoint: internal
647 service: oslo_db
648 db_sync:
649 jobs:
650 - heat-db-init
651 services:
652 - endpoint: internal
653 service: oslo_db
654 bootstrap:
655 services:
656 - endpoint: internal
657 service: identity
658 engine:
659 jobs:
660 - heat-db-sync
661 - heat-rabbit-init
662 - heat-ks-user
663 - heat-trustee-ks-user
664 - heat-domain-ks-user
665 - heat-ks-endpoints
666 - heat-bootstrap
667 services:
668 - endpoint: internal
669 service: oslo_db
670 - endpoint: internal
671 service: oslo_messaging
672 - endpoint: internal
673 service: identity
674 engine_cleaner:
675 jobs:
676 - heat-db-sync
677 - heat-ks-user
678 - heat-trustee-ks-user
679 - heat-domain-ks-user
680 - heat-ks-endpoints
681 services:
682 - endpoint: internal
683 service: oslo_db
684 - endpoint: internal
685 service: oslo_messaging
686 - endpoint: internal
687 service: identity
688 purge_deleted:
689 jobs:
690 - heat-db-sync
691 - heat-ks-user
692 - heat-trustee-ks-user
693 - heat-domain-ks-user
694 - heat-ks-endpoints
695 services:
696 - endpoint: internal
697 service: oslo_db
698 - endpoint: internal
699 service: oslo_messaging
700 - endpoint: internal
701 service: identity
702 ks_endpoints:
703 jobs:
704 - heat-ks-service
705 services:
706 - endpoint: internal
707 service: identity
708 ks_service:
709 services:
710 - endpoint: internal
711 service: identity
712 ks_user:
713 services:
714 - endpoint: internal
715 service: identity
716 rabbit_init:
717 services:
718 - endpoint: internal
719 service: oslo_messaging
720 trusts:
721 jobs:
722 - heat-ks-user
723 - heat-trustee-ks-user
724 - heat-domain-ks-user
725 services:
726 - endpoint: internal
727 service: identity
728 image_repo_sync:
729 services:
730 - endpoint: internal
731 service: local_image_registry
732 tests:
733 services:
734 - endpoint: internal
735 service: identity
736 - endpoint: internal
737 service: orchestration
738
739# Names of secrets used by bootstrap and environmental checks
740secrets:
741 identity:
742 admin: heat-keystone-admin
743 heat: heat-keystone-user
744 heat_trustee: heat-keystone-trustee
745 heat_stack_user: heat-keystone-stack-user
746 test: heat-keystone-test
747 oslo_db:
748 admin: heat-db-admin
749 heat: heat-db-user
750 oslo_messaging:
751 admin: heat-rabbitmq-admin
752 heat: heat-rabbitmq-user
753 tls:
754 orchestration:
755 api:
756 public: heat-tls-public
757 internal: heat-tls-api
758 cloudformation:
759 cfn:
760 public: cloudformation-tls-public
761 internal: heat-tls-cfn
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]762 oci_image_registry:
763 heat: heat-oci-image-registry
764
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]765# typically overridden by environmental
766# values, but should include all endpoints
767# required by this chart
768endpoints:
769 cluster_domain_suffix: cluster.local
770 local_image_registry:
771 name: docker-registry
772 namespace: docker-registry
773 hosts:
774 default: localhost
775 internal: docker-registry
776 node: localhost
777 host_fqdn_override:
778 default: null
779 port:
780 registry:
781 node: 5000
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]782 oci_image_registry:
783 name: oci-image-registry
784 namespace: oci-image-registry
785 auth:
786 enabled: false
787 heat:
788 username: heat
789 password: password
790 hosts:
791 default: localhost
792 host_fqdn_override:
793 default: null
794 port:
795 registry:
796 default: null
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]797 identity:
798 name: keystone
799 auth:
800 admin:
801 region_name: RegionOne
802 username: admin
803 password: password
804 project_name: admin
805 user_domain_name: default
806 project_domain_name: default
807 heat:
808 role: admin
809 region_name: RegionOne
810 username: heat
811 password: password
812 project_name: service
813 user_domain_name: service
814 project_domain_name: service
815 heat_trustee:
816 role: admin
817 region_name: RegionOne
818 username: heat-trust
819 password: password
820 project_name: service
821 user_domain_name: service
822 project_domain_name: service
823 heat_stack_user:
824 role: admin
825 region_name: RegionOne
826 username: heat-domain
827 password: password
828 domain_name: heat
829 test:
830 role: admin
831 region_name: RegionOne
832 username: heat-test
833 password: password
834 project_name: test
835 user_domain_name: service
836 project_domain_name: service
837 hosts:
838 default: keystone
839 internal: keystone-api
840 host_fqdn_override:
841 default: null
842 path:
843 default: /v3
844 scheme:
845 default: 'http'
846 port:
847 api:
848 default: 80
849 internal: 5000
850 orchestration:
851 name: heat
852 hosts:
853 default: heat-api
854 public: heat
855 host_fqdn_override:
856 default: null
857 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
858 # endpoints using the following format:
859 # public:
860 # host: null
861 # tls:
862 # crt: null
863 # key: null
864 path:
865 default: '/v1/%(project_id)s'
866 scheme:
867 default: 'http'
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]868 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]869 port:
870 api:
871 default: 8004
872 public: 80
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]873 service: 8004
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]874 cloudformation:
875 name: heat-cfn
876 hosts:
877 default: heat-cfn
878 public: cloudformation
879 host_fqdn_override:
880 default: null
881 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
882 # endpoints using the following format:
883 # public:
884 # host: null
885 # tls:
886 # crt: null
887 # key: null
888 path:
889 default: /v1
890 scheme:
891 default: 'http'
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]892 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]893 port:
894 api:
895 default: 8000
896 public: 80
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]897 service: 8000
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]898 # Cloudwatch does not get an entry in the keystone service catalog
899 cloudwatch:
900 name: heat-cloudwatch
901 hosts:
902 default: heat-cloudwatch
903 public: cloudwatch
904 host_fqdn_override:
905 default: null
906 path:
907 default: null
908 type: null
909 scheme:
910 default: 'http'
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]911 service: 'http'
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]912 port:
913 api:
914 default: 8003
915 public: 80
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]916 service: 8003
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]917 oslo_db:
918 auth:
919 admin:
920 username: root
921 password: password
922 secret:
923 tls:
924 internal: mariadb-tls-direct
925 heat:
926 username: heat
927 password: password
928 hosts:
929 default: mariadb
930 host_fqdn_override:
931 default: null
932 path: /heat
933 scheme: mysql+pymysql
934 port:
935 mysql:
936 default: 3306
937 oslo_cache:
938 auth:
939 # NOTE(portdirect): this is used to define the value for keystone
940 # authtoken cache encryption key, if not set it will be populated
941 # automatically with a random value, but to take advantage of
942 # this feature all services should be set to use the same key,
943 # and memcache service.
944 memcache_secret_key: null
945 hosts:
946 default: memcached
947 host_fqdn_override:
948 default: null
949 port:
950 memcache:
951 default: 11211
952 oslo_messaging:
953 auth:
954 admin:
955 username: rabbitmq
956 password: password
957 secret:
958 tls:
959 internal: rabbitmq-tls-direct
960 heat:
961 username: heat
962 password: password
963 statefulset:
964 replicas: 2
965 name: rabbitmq-rabbitmq
966 hosts:
967 default: rabbitmq
968 host_fqdn_override:
969 default: null
970 path: /heat
971 scheme: rabbit
972 port:
973 amqp:
974 default: 5672
975 http:
976 default: 15672
977 fluentd:
978 namespace: null
979 name: fluentd
980 hosts:
981 default: fluentd-logging
982 host_fqdn_override:
983 default: null
984 path:
985 default: null
986 scheme: 'http'
987 port:
988 service:
989 default: 24224
990 metrics:
991 default: 24220
992 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
993 # They are using to enable the Egress K8s network policy.
994 kube_dns:
995 namespace: kube-system
996 name: kubernetes-dns
997 hosts:
998 default: kube-dns
999 host_fqdn_override:
1000 default: null
1001 path:
1002 default: null
1003 scheme: http
1004 port:
1005 dns:
1006 default: 53
1007 protocol: UDP
1008 ingress:
1009 namespace: null
1010 name: ingress
1011 hosts:
1012 default: ingress
1013 port:
1014 ingress:
1015 default: 80
1016
1017pod:
Dong Madb3860e2025-02-10 11:24:08 +0000[diff] [blame]1018 priorityClassName:
1019 heat_api: null
1020 heat_cfn: null
1021 heat_cloudwatch: null
1022 heat_tests: null
1023 heat_engine_cleaner: null
1024 heat_purge_deleted: null
1025 heat_engine: null
Dong Ma0504b3c2025-02-13 16:15:52 +0000[diff] [blame]1026 heat_trusts: null
1027 bootstrap: null
Dong Madb3860e2025-02-10 11:24:08 +0000[diff] [blame]1028 db_sync: null
1029 runtimeClassName:
1030 heat_api: null
1031 heat_cfn: null
1032 heat_cloudwatch: null
1033 heat_tests: null
1034 heat_engine_cleaner: null
1035 heat_purge_deleted: null
1036 heat_engine: null
Dong Ma0504b3c2025-02-13 16:15:52 +0000[diff] [blame]1037 heat_trusts: null
1038 bootstrap: null
Dong Madb3860e2025-02-10 11:24:08 +0000[diff] [blame]1039 db_sync: null
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1040 security_context:
1041 heat:
1042 pod:
1043 runAsUser: 42424
1044 container:
1045 heat_api:
1046 readOnlyRootFilesystem: true
1047 allowPrivilegeEscalation: false
1048 heat_cfn:
1049 readOnlyRootFilesystem: true
1050 allowPrivilegeEscalation: false
1051 heat_cloudwatch:
1052 readOnlyRootFilesystem: true
1053 allowPrivilegeEscalation: false
1054 heat_engine:
1055 readOnlyRootFilesystem: true
1056 allowPrivilegeEscalation: false
1057 trusts:
1058 pod:
1059 runAsUser: 42424
1060 container:
1061 heat_trusts:
1062 readOnlyRootFilesystem: true
1063 allowPrivilegeEscalation: false
1064 ks_user:
1065 pod:
1066 runAsUser: 42424
1067 container:
1068 heat_ks_domain_user:
1069 readOnlyRootFilesystem: true
1070 allowPrivilegeEscalation: false
1071 engine_cleaner:
1072 pod:
1073 runAsUser: 42424
1074 container:
1075 heat_engine_cleaner:
1076 readOnlyRootFilesystem: true
1077 allowPrivilegeEscalation: false
1078 affinity:
1079 anti:
1080 type:
1081 default: preferredDuringSchedulingIgnoredDuringExecution
1082 topologyKey:
1083 default: kubernetes.io/hostname
1084 weight:
1085 default: 10
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1086 tolerations:
1087 heat:
1088 enabled: false
1089 tolerations:
1090 - key: node-role.kubernetes.io/master
1091 operator: Exists
1092 effect: NoSchedule
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1093 - key: node-role.kubernetes.io/control-plane
1094 operator: Exists
1095 effect: NoSchedule
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1096 mounts:
1097 heat_api:
1098 init_container: null
1099 heat_api:
1100 volumeMounts:
1101 volumes:
1102 heat_cfn:
1103 init_container: null
1104 heat_cfn:
1105 volumeMounts:
1106 volumes:
1107 heat_cloudwatch:
1108 init_container: null
1109 heat_cloudwatch:
1110 volumeMounts:
1111 volumes:
1112 heat_engine:
1113 init_container: null
1114 heat_engine:
1115 volumeMounts:
1116 volumes:
1117 heat_bootstrap:
1118 init_container: null
1119 heat_bootstrap:
1120 volumeMounts:
1121 volumes:
1122 heat_trusts:
1123 init_container: null
1124 heat_trusts:
1125 volumeMounts:
1126 volumes:
1127 heat_engine_cleaner:
1128 init_container: null
1129 heat_engine_cleaner:
1130 volumeMounts:
1131 volumes:
1132 heat_purge_deleted:
1133 init_container: null
1134 heat_purge_deleted:
1135 volumeMounts:
1136 volumes:
1137 heat_tests:
1138 init_container: null
1139 heat_tests:
1140 volumeMounts:
1141 volumes:
1142 heat_db_sync:
1143 heat_db_sync:
1144 volumeMounts:
1145 volumes:
1146 replicas:
1147 api: 1
1148 cfn: 1
1149 cloudwatch: 1
1150 engine: 1
1151 lifecycle:
1152 upgrades:
1153 deployments:
1154 revision_history: 3
1155 pod_replacement_strategy: RollingUpdate
1156 rolling_update:
1157 max_unavailable: 1
1158 max_surge: 3
1159 disruption_budget:
1160 api:
1161 min_available: 0
1162 cfn:
1163 min_available: 0
1164 cloudwatch:
1165 min_available: 0
1166 termination_grace_period:
1167 api:
1168 timeout: 30
1169 cfn:
1170 timeout: 30
1171 cloudwatch:
1172 timeout: 30
1173 engine:
1174 timeout: 30
1175 resources:
1176 enabled: false
1177 api:
1178 requests:
1179 memory: "128Mi"
1180 cpu: "100m"
1181 limits:
1182 memory: "1024Mi"
1183 cpu: "2000m"
1184 cfn:
1185 requests:
1186 memory: "128Mi"
1187 cpu: "100m"
1188 limits:
1189 memory: "1024Mi"
1190 cpu: "2000m"
1191 cloudwatch:
1192 requests:
1193 memory: "128Mi"
1194 cpu: "100m"
1195 limits:
1196 memory: "1024Mi"
1197 cpu: "2000m"
1198 engine:
1199 requests:
1200 memory: "128Mi"
1201 cpu: "100m"
1202 limits:
1203 memory: "1024Mi"
1204 cpu: "2000m"
1205 jobs:
1206 bootstrap:
1207 requests:
1208 memory: "128Mi"
1209 cpu: "100m"
1210 limits:
1211 memory: "1024Mi"
1212 cpu: "2000m"
1213 db_init:
1214 requests:
1215 memory: "128Mi"
1216 cpu: "100m"
1217 limits:
1218 memory: "1024Mi"
1219 cpu: "2000m"
1220 db_sync:
1221 requests:
1222 memory: "128Mi"
1223 cpu: "100m"
1224 limits:
1225 memory: "1024Mi"
1226 cpu: "2000m"
1227 db_drop:
1228 requests:
1229 memory: "128Mi"
1230 cpu: "100m"
1231 limits:
1232 memory: "1024Mi"
1233 cpu: "2000m"
1234 ks_endpoints:
1235 requests:
1236 memory: "128Mi"
1237 cpu: "100m"
1238 limits:
1239 memory: "1024Mi"
1240 cpu: "2000m"
1241 ks_service:
1242 requests:
1243 memory: "128Mi"
1244 cpu: "100m"
1245 limits:
1246 memory: "1024Mi"
1247 cpu: "2000m"
1248 ks_user:
1249 requests:
1250 memory: "128Mi"
1251 cpu: "100m"
1252 limits:
1253 memory: "1024Mi"
1254 cpu: "2000m"
1255 rabbit_init:
1256 requests:
1257 memory: "128Mi"
1258 cpu: "100m"
1259 limits:
1260 memory: "1024Mi"
1261 cpu: "2000m"
1262 tests:
1263 requests:
1264 memory: "128Mi"
1265 cpu: "100m"
1266 limits:
1267 memory: "1024Mi"
1268 cpu: "2000m"
1269 trusts:
1270 requests:
1271 memory: "128Mi"
1272 cpu: "100m"
1273 limits:
1274 memory: "1024Mi"
1275 cpu: "2000m"
1276 engine_cleaner:
1277 requests:
1278 memory: "128Mi"
1279 cpu: "100m"
1280 limits:
1281 memory: "1024Mi"
1282 cpu: "2000m"
1283 purge_deleted:
1284 requests:
1285 memory: "124Mi"
1286 cpu: "100m"
1287 limits:
1288 memory: "1024Mi"
1289 cpu: "2000m"
1290 image_repo_sync:
1291 requests:
1292 memory: "128Mi"
1293 cpu: "100m"
1294 limits:
1295 memory: "1024Mi"
1296 cpu: "2000m"
1297
1298network_policy:
1299 heat:
1300 ingress:
1301 - {}
1302 egress:
1303 - {}
1304
1305# NOTE(helm_hook): helm_hook might break for helm2 binary.
1306# set helm3_hook: false when using the helm2 binary.
1307helm3_hook: true
1308
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1309tls:
1310 identity: false
1311 oslo_messaging: false
1312 oslo_db: false
1313
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1314manifests:
1315 certificates: false
1316 configmap_bin: true
1317 configmap_etc: true
1318 cron_job_engine_cleaner: true
1319 cron_job_purge_deleted: true
1320 deployment_api: true
1321 deployment_cfn: true
1322 deployment_cloudwatch: false
1323 deployment_engine: true
1324 ingress_api: true
1325 ingress_cfn: true
1326 ingress_cloudwatch: false
1327 job_bootstrap: true
1328 job_db_init: true
1329 job_db_sync: true
1330 job_db_drop: false
1331 job_image_repo_sync: true
1332 job_ks_endpoints: true
1333 job_ks_service: true
1334 job_ks_user_domain: true
1335 job_ks_user_trustee: true
1336 job_ks_user: true
1337 job_rabbit_init: true
1338 pdb_api: true
1339 pdb_cfn: true
1340 pdb_cloudwatch: false
1341 pod_rally_test: true
1342 network_policy: false
1343 secret_db: true
1344 secret_ingress_tls: true
1345 secret_keystone: true
1346 secret_rabbitmq: true
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]1347 secret_registry: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1348 service_api: true
1349 service_cfn: true
1350 service_cloudwatch: false
1351 service_ingress_api: true
1352 service_ingress_cfn: true
1353 service_ingress_cloudwatch: false
1354 statefulset_engine: false
1355...