blob: 71694146e7a1a0cbb980ec58f12fdb120f5ac905 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -05001# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for designate.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21labels:
22 api:
23 node_selector_key: openstack-control-plane
24 node_selector_value: enabled
25 central:
26 node_selector_key: openstack-control-plane
27 node_selector_value: enabled
28 producer:
29 node_selector_key: openstack-control-plane
30 node_selector_value: enabled
31 worker:
32 node_selector_key: openstack-control-plane
33 node_selector_value: enabled
34 job:
35 node_selector_key: openstack-control-plane
36 node_selector_value: enabled
37 mdns:
38 node_selector_key: openstack-control-plane
39 node_selector_value: enabled
40 sink:
41 node_selector_key: openstack-control-plane
42 node_selector_value: enabled
43
44images:
45 tags:
46 bootstrap: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
47 db_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
48 db_drop: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
49 rabbit_init: docker.io/rabbitmq:3.7-management
50 ks_user: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
51 ks_service: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
52 ks_endpoints: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
53 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
54 designate_db_sync: docker.io/openstackhelm/designate:wallaby-ubuntu_focal
55 designate_api: docker.io/openstackhelm/designate:wallaby-ubuntu_focal
56 designate_central: docker.io/openstackhelm/designate:wallaby-ubuntu_focal
57 designate_mdns: docker.io/openstackhelm/designate:wallaby-ubuntu_focal
58 designate_worker: docker.io/openstackhelm/designate:wallaby-ubuntu_focal
59 designate_producer: docker.io/openstackhelm/designate:wallaby-ubuntu_focal
60 designate_sink: docker.io/openstackhelm/designate:wallaby-ubuntu_focal
61 pull_policy: "IfNotPresent"
62 local_registry:
63 active: false
64 exclude:
65 - dep_check
66 - image_repo_sync
67
68pod:
69 affinity:
70 anti:
71 type:
72 default: preferredDuringSchedulingIgnoredDuringExecution
73 topologyKey:
74 default: kubernetes.io/hostname
75 mounts:
76 designate_api:
77 init_container: null
78 designate_api:
79 volumeMounts:
80 volumes:
81 designate_central:
82 init_container: null
83 designate_central:
84 volumeMounts:
85 volumes:
86 designate_mdns:
87 init_container: null
88 designate_mdns:
89 volumeMounts:
90 volumes:
91 designate_worker:
92 init_container: null
93 designate_worker:
94 volumeMounts:
95 volumes:
96 designate_producer:
97 init_container: null
98 designate_producer:
99 volumeMounts:
100 volumes:
101 designate_sink:
102 init_container: null
103 designate_sink:
104 volumeMounts:
105 volumes:
106 designate_db_sync:
107 designate_db_sync:
108 volumeMounts:
109 volumes:
110 replicas:
111 api: 1
112 central: 1
113 mdns: 1
114 producer: 1
115 sink: 1
116 worker: 1
117 lifecycle:
118 upgrades:
119 deployments:
120 revision_history: 3
121 pod_replacement_strategy: RollingUpdate
122 rolling_update:
123 max_unavailable: 1
124 max_surge: 3
125 disruption_budget:
126 api:
127 min_available: 0
128 central:
129 min_available: 0
130 mdns:
131 min_available: 0
132 worker:
133 min_available: 0
134 producer:
135 min_available: 0
136 sink:
137 min_available: 0
138 termination_grace_period:
139 api:
140 timeout: 30
141 mdns:
142 timeout: 30
143
144 resources:
145 enabled: false
146 api:
147 requests:
148 memory: "128Mi"
149 cpu: "100m"
150 limits:
151 memory: "1024Mi"
152 cpu: "2000m"
153 jobs:
154 bootstrap:
155 requests:
156 memory: "128Mi"
157 cpu: "100m"
158 limits:
159 memory: "1024Mi"
160 cpu: "2000m"
161 db_init:
162 requests:
163 memory: "128Mi"
164 cpu: "100m"
165 limits:
166 memory: "1024Mi"
167 cpu: "2000m"
168 db_sync:
169 requests:
170 memory: "128Mi"
171 cpu: "100m"
172 limits:
173 memory: "1024Mi"
174 cpu: "2000m"
175 ks_endpoints:
176 requests:
177 memory: "128Mi"
178 cpu: "100m"
179 limits:
180 memory: "1024Mi"
181 cpu: "2000m"
182 ks_service:
183 requests:
184 memory: "128Mi"
185 cpu: "100m"
186 limits:
187 memory: "1024Mi"
188 cpu: "2000m"
189 ks_user:
190 requests:
191 memory: "128Mi"
192 cpu: "100m"
193 limits:
194 memory: "1024Mi"
195 cpu: "2000m"
196 rabbit_init:
197 requests:
198 memory: "128Mi"
199 cpu: "100m"
200 limits:
201 memory: "1024Mi"
202 cpu: "2000m"
203 tests:
204 requests:
205 memory: "128Mi"
206 cpu: "100m"
207 limits:
208 memory: "1024Mi"
209 cpu: "2000m"
210
211network:
212 api:
213 ingress:
214 public: true
215 classes:
216 namespace: "nginx"
217 cluster: "nginx-cluster"
218 annotations:
219 nginx.ingress.kubernetes.io/rewrite-target: /
220 external_policy_local: false
221 node_port:
222 enabled: false
223 port: 9001
224 mdns:
225 name: "designate-mdns"
226 proto: "http"
227 external_policy_local: false
228 node_port:
229 enabled: true
230 port: 5354
231
232bootstrap:
233 enabled: false
234 script: |
235 openstack token issue
236
237dependencies:
238 dynamic:
239 common:
240 local_image_registry:
241 jobs:
242 - designate-image-repo-sync
243 services:
244 - endpoint: node
245 service: local_image_registry
246 job_rabbit_init:
247 api:
248 jobs:
249 - designate-rabbit-init
250 sink:
251 jobs:
252 - designate-rabbit-init
253 central:
254 jobs:
255 - designate-rabbit-init
256 worker:
257 jobs:
258 - designate-rabbit-init
259 static:
260 db_init:
261 services:
262 - service: oslo_db
263 endpoint: internal
264 db_sync:
265 jobs:
266 - designate-db-init
267 services:
268 - service: oslo_db
269 endpoint: internal
270 ks_user:
271 services:
272 - service: identity
273 endpoint: internal
274 ks_service:
275 services:
276 - service: identity
277 endpoint: internal
278 ks_endpoints:
279 jobs:
280 - designate-ks-service
281 services:
282 - service: identity
283 endpoint: internal
284 rabbit_init:
285 services:
286 - service: oslo_messaging
287 endpoint: internal
288 api:
289 jobs:
290 - designate-db-sync
291 - designate-ks-user
292 - designate-ks-endpoints
293 service:
294 - service: oslo_db
295 endpoint: internal
296 - service: identity
297 endpoint: internal
298 - service: oslo_messaging
299 endpoint: internal
300 central:
301 jobs:
302 - designate-db-sync
303 - designate-ks-user
304 - designate-ks-endpoints
305 service:
306 - service: oslo_db
307 endpoint: internal
308 - service: identity
309 endpoint: internal
310 - service: oslo_messaging
311 endpoint: internal
312 worker:
313 jobs:
314 - designate-db-sync
315 - designate-ks-user
316 - designate-ks-endpoints
317 services:
318 - service: oslo_db
319 endpoint: internal
320 - service: identity
321 endpoint: internal
322 - service: mdns
323 endpoint: internal
324 mdns:
325 jobs:
326 - designate-db-sync
327 - designate-ks-user
328 - designate-ks-endpoints
329 services:
330 - service: oslo_db
331 endpoint: internal
332 - service: identity
333 endpoint: internal
334 producer:
335 jobs:
336 - designate-db-sync
337 - designate-ks-user
338 - designate-ks-endpoints
339 services:
340 - service: oslo_db
341 endpoint: internal
342 - service: identity
343 endpoint: internal
344 sink:
345 jobs:
346 - designate-db-sync
347 - designate-ks-user
348 - designate-ks-endpoints
349 services:
350 - service: oslo_db
351 endpoint: internal
352 - service: identity
353 endpoint: internal
354
355conf:
356 pools: |
357 - name: default
358 # The name is immutable. There will be no option to change the name after
359 # creation and the only way will to change it will be to delete it
360 # (and all zones associated with it) and recreate it.
361 description: Default Pool
362
363 attributes: {}
364
365 # List out the NS records for zones hosted within this pool
366 # This should be a record that is created outside of designate, that
367 # points to the public IP of the controller node.
368 ns_records:
369 - hostname: {{ printf "ns.%s.svc.%s." .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
370 priority: 1
371
372 # List out the nameservers for this pool. These are the actual DNS servers.
373 # We use these to verify changes have propagated to all nameservers.
374 nameservers:
375 - host: ${POWERDNS_SERVICE_HOST}
376 port: {{ tuple "powerdns" "internal" "powerdns" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
377
378 # List out the targets for this pool. For BIND there will be one
379 # entry for each BIND server, as we have to run rndc command on each server
380 targets:
381 - type: pdns4
382 description: PowerDNS Server
383
384 # List out the designate-mdns servers from which PowerDNS servers should
385 # request zone transfers (AXFRs) from.
386 # This should be the IP of the controller node.
387 # If you have multiple controllers you can add multiple masters
388 # by running designate-mdns on them, and adding them here.
389 masters:
390 - host: ${MINIDNS_SERVICE_HOST}
391 port: {{ tuple "mdns" "internal" "ipc" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
392
393 # PowerDNS Configuration options
394 options:
395 host: ${POWERDNS_SERVICE_HOST}
396 port: {{ tuple "powerdns" "internal" "powerdns" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
397 api_endpoint: http://${POWERDNS_SERVICE_HOST}:{{ tuple "powerdns" "internal" "powerdns_api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
398 api_token: {{ tuple "powerdns" "service" . | include "helm-toolkit.endpoints.endpoint_token_lookup" }}
okozachenko12035aa48492023-09-05 19:47:07 +1000399 paste:
400 composite:osapi_dns:
401 use: egg:Paste#urlmap
402 /: osapi_dns_versions
403 /v2: osapi_dns_v2
404 /admin: osapi_dns_admin
405 composite:osapi_dns_versions:
406 use: call:designate.api.middleware:auth_pipeline_factory
407 noauth: http_proxy_to_wsgi cors maintenance faultwrapper osapi_dns_app_versions
408 keystone: http_proxy_to_wsgi cors maintenance faultwrapper osapi_dns_app_versions
409 app:osapi_dns_app_versions:
410 paste.app_factory: designate.api.versions:factory
411 composite:osapi_dns_v2:
412 use: call:designate.api.middleware:auth_pipeline_factory
413 noauth: http_proxy_to_wsgi cors request_id faultwrapper validation_API_v2 noauthcontext maintenance normalizeuri osapi_dns_app_v2
414 keystone: http_proxy_to_wsgi cors request_id faultwrapper validation_API_v2 authtoken keystonecontext maintenance normalizeuri osapi_dns_app_v2
415 app:osapi_dns_app_v2:
416 paste.app_factory: designate.api.v2:factory
417 composite:osapi_dns_admin:
418 use: call:designate.api.middleware:auth_pipeline_factory
419 noauth: http_proxy_to_wsgi cors request_id faultwrapper noauthcontext maintenance normalizeuri osapi_dns_app_admin
420 keystone: http_proxy_to_wsgi cors request_id faultwrapper authtoken keystonecontext maintenance normalizeuri osapi_dns_app_admin
421 app:osapi_dns_app_admin:
422 paste.app_factory: designate.api.admin:factory
423 filter:cors:
424 paste.filter_factory: oslo_middleware.cors:filter_factory
425 oslo_config_project: designate
426 filter:request_id:
427 paste.filter_factory: oslo_middleware:RequestId.factory
428 filter:http_proxy_to_wsgi:
429 paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
430 filter:noauthcontext:
431 paste.filter_factory: designate.api.middleware:NoAuthContextMiddleware.factory
432 filter:authtoken:
433 paste.filter_factory: keystonemiddleware.auth_token:filter_factory
434 filter:keystonecontext:
435 paste.filter_factory: designate.api.middleware:KeystoneContextMiddleware.factory
436 filter:maintenance:
437 paste.filter_factory: designate.api.middleware:MaintenanceMiddleware.factory
438 filter:normalizeuri:
439 paste.filter_factory: designate.api.middleware:NormalizeURIMiddleware.factory
440 filter:faultwrapper:
441 paste.filter_factory: designate.api.middleware:FaultWrapperMiddleware.factory
442 filter:validation_API_v2:
443 paste.filter_factory: designate.api.middleware:APIv2ValidationErrorMiddleware.factory
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000444 policy: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500445 designate:
446 DEFAULT:
447 debug: false
448 log_config_append: /etc/designate/logging.conf
449 service:api:
450 auth_strategy: keystone
451 enable_api_v2: true
452 enable_api_admin: true
453 enabled_extensions_v2: quotas,reports
454 workers: 2
455 service:worker:
456 enabled: true
457 notify: false
458 oslo_middleware:
459 enable_proxy_headers_parsing: true
460 oslo_policy:
461 policy_file: /etc/designate/policy.yaml
462 database:
463 max_retries: -1
464 storage:sqlalchemy:
465 max_retries: -1
466 keystone_authtoken:
467 auth_version: v3
468 auth_type: password
469 memcache_security_strategy: ENCRYPT
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200470 service_type: dns
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500471 logging:
472 loggers:
473 keys:
474 - root
475 - designate
476 handlers:
477 keys:
478 - stdout
479 - stderr
480 - "null"
481 formatters:
482 keys:
483 - context
484 - default
485 logger_root:
486 level: WARNING
487 handlers: 'null'
488 logger_designate:
489 level: INFO
490 handlers:
491 - stdout
492 qualname: designate
493 logger_amqp:
494 level: WARNING
495 handlers: stderr
496 qualname: amqp
497 logger_amqplib:
498 level: WARNING
499 handlers: stderr
500 qualname: amqplib
501 logger_eventletwsgi:
502 level: WARNING
503 handlers: stderr
504 qualname: eventlet.wsgi.server
505 logger_sqlalchemy:
506 level: WARNING
507 handlers: stderr
508 qualname: sqlalchemy
509 logger_boto:
510 level: WARNING
511 handlers: stderr
512 qualname: boto
513 handler_null:
514 class: logging.NullHandler
515 formatter: default
516 args: ()
517 handler_stdout:
518 class: StreamHandler
519 args: (sys.stdout,)
520 formatter: context
521 handler_stderr:
522 class: StreamHandler
523 args: (sys.stderr,)
524 formatter: context
525 formatter_context:
526 class: oslo_log.formatters.ContextFormatter
527 datefmt: "%Y-%m-%d %H:%M:%S"
528 formatter_default:
529 format: "%(message)s"
530 datefmt: "%Y-%m-%d %H:%M:%S"
Oleksandr Kozachenkoc5f29032023-10-03 15:20:34 +0200531 designate_api_uwsgi:
532 uwsgi:
533 add-header: "Connection: close"
534 buffer-size: 65535
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400535 chunked-input-limit: "4096000"
Oleksandr Kozachenkoc5f29032023-10-03 15:20:34 +0200536 die-on-term: true
537 enable-threads: true
538 exit-on-reload: false
539 hook-master-start: unix_signal:15 gracefully_kill_them_all
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400540 http-auto-chunked: true
541 http-raw-body: true
Oleksandr Kozachenkoc5f29032023-10-03 15:20:34 +0200542 lazy-apps: true
543 log-x-forwarded-for: true
544 master: true
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400545 need-app: true
Oleksandr Kozachenkoc5f29032023-10-03 15:20:34 +0200546 procname-prefix-spaced: "designate-api:"
547 route-user-agent: '^kube-probe.* donotlog:'
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400548 socket-timeout: 10
Oleksandr Kozachenkoc5f29032023-10-03 15:20:34 +0200549 thunder-lock: true
550 worker-reload-mercy: 80
551 wsgi-file: /var/lib/openstack/bin/designate-api-wsgi
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500552
553# Names of secrets used by bootstrap and environmental checks
554secrets:
555 identity:
556 admin: designate-keystone-admin
557 designate: designate-keystone-user
558 test: designate-keystone-test
559 oslo_db:
560 admin: designate-db-admin
561 designate: designate-db-user
562 oslo_messaging:
563 admin: designate-rabbitmq-admin
564 designate: designate-rabbitmq-user
565 tls:
566 dns:
567 api:
568 public: designate-tls-public
569 oci_image_registry:
570 designate: designate-oci-image-registry
571
572endpoints:
573 cluster_domain_suffix: cluster.local
574 local_image_registry:
575 name: docker-registry
576 namespace: docker-registry
577 hosts:
578 default: localhost
579 internal: docker-registry
580 node: localhost
581 host_fqdn_override:
582 default: null
583 port:
584 registry:
585 node: 5000
586 oci_image_registry:
587 name: oci-image-registry
588 namespace: oci-image-registry
589 auth:
590 enabled: false
591 designate:
592 username: designate
593 password: password
594 hosts:
595 default: localhost
596 host_fqdn_override:
597 default: null
598 port:
599 registry:
600 default: null
601 identity:
602 name: keystone
603 auth:
604 admin:
605 region_name: RegionOne
606 username: admin
607 password: password
608 project_name: admin
609 user_domain_name: default
610 project_domain_name: default
611 designate:
612 role: admin
613 region_name: RegionOne
614 username: designate
615 password: password
616 project_name: service
617 user_domain_name: service
618 project_domain_name: service
619 test:
620 role: admin
621 region_name: RegionOne
622 username: designate-test
623 password: password
624 project_name: test
625 user_domain_name: service
626 project_domain_name: service
627 hosts:
628 default: keystone
629 internal: keystone-api
630 host_fqdn_override:
631 default: null
632 path:
633 default: /v3
634 scheme:
635 default: http
636 port:
637 api:
638 default: 80
639 internal: 5000
640 dns:
641 name: designate
642 hosts:
643 default: designate-api
644 public: designate
645 host_fqdn_override:
646 default: null
647 path:
648 default: /
649 scheme:
650 default: 'http'
651 port:
652 api:
653 default: 9001
654 public: 80
655 mdns:
656 name: minidns
657 hosts:
658 default: minidns
659 public: designate-mdns
660 host_fqdn_override:
661 default: null
662 path:
663 default: null
664 scheme:
665 default: 'tcp'
666 port:
667 ipc:
668 default: 5354
669 oslo_db:
670 auth:
671 admin:
672 username: root
673 password: password
674 designate:
675 username: designate
676 password: password
677 hosts:
678 default: mariadb
679 host_fqdn_override:
680 default: null
681 path: /designate
682 scheme: mysql+pymysql
683 port:
684 mysql:
685 default: 3306
686 oslo_cache:
687 hosts:
688 default: memcached
689 host_fqdn_override:
690 default: null
691 port:
692 memcache:
693 default: 11211
694 auth:
695 # NOTE: this is used to define the value for keystone
696 # authtoken cache encryption key, if not set it will be populated
697 # automatically with a random value, but to take advantage of
698 # this feature all services should be set to use the same key,
699 # and memcache service.
700 memcache_secret_key: null
701 oslo_messaging:
702 auth:
703 admin:
704 username: rabbitmq
705 password: password
706 designate:
707 username: designate
708 password: password
709 statefulset:
710 replicas: 2
711 name: rabbitmq-rabbitmq
712 hosts:
713 default: rabbitmq
714 host_fqdn_override:
715 default: null
716 path: /designate
717 scheme: rabbit
718 port:
719 amqp:
720 default: 5672
721 http:
722 default: 15672
723 powerdns:
724 auth:
725 service:
726 token: chiave_segreta
727 hosts:
728 default: powerdns
729 host_fqdn_override:
730 default: null
731 port:
732 powerdns_api:
733 default: 8081
734 powerdns:
735 default: 53
736
737manifests:
738 configmap_bin: true
739 configmap_etc: true
740 deployment_api: true
741 deployment_central: true
742 deployment_worker: true
743 deployment_producer: true
744 deployment_mdns: true
745 deployment_sink: false
746 ingress_api: true
747 job_bootstrap: true
748 job_db_init: true
749 job_db_sync: true
750 job_ks_endpoints: true
751 job_ks_service: true
752 job_ks_user: true
753 job_rabbit_init: true
754 pdb_api: true
755 pdb_producer: true
756 pdb_central: true
757 pdb_worker: true
758 pdb_mdns: true
759 pdb_sink: false
760 secret_db: true
761 secret_ingress_tls: true
762 secret_keystone: true
763 secret_rabbitmq: true
764 secret_registry: true
765 service_api: true
766 service_mdns: true
767 service_ingress_api: true
768...