blob: d7051158fe6ac6bd62704d8e9f879362ebc6ed7d [file] [log] [blame]
Rico Lind020bc22023-11-01 01:57:03 +08001# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for staffeln.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19labels:
20 api:
21 node_selector_key: openstack-control-plane
22 node_selector_value: enabled
23 conductor:
24 node_selector_key: openstack-control-plane
25 node_selector_value: enabled
26 job:
27 node_selector_key: openstack-control-plane
28 node_selector_value: enabled
29 test:
30 node_selector_key: openstack-control-plane
31 node_selector_value: enabled
32
33release_group: null
34
35# NOTE(philsphicas): the pre-install hook breaks upgrade for helm2
36# Set to false to upgrade using helm2
37helm3_hook: true
38
39images:
40 tags:
41 bootstrap: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
42 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
43 db_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
44 db_drop: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
45 staffeln_db_sync: ghcr.io/vexxhost/staffeln:v2.2.3
46 staffeln_api: ghcr.io/vexxhost/staffeln:v2.2.3
47 staffeln_conductor: ghcr.io/vexxhost/staffeln:v2.2.3
48 image_repo_sync: docker.io/docker:17.07.0
49 pull_policy: "IfNotPresent"
50 local_registry:
51 active: false
52 exclude:
53 - dep_check
54 - image_repo_sync
55
56pod:
57 security_context:
58 staffeln:
59 pod:
60 runAsUser: 42424
61 container:
62 staffeln_api:
63 allowPrivilegeEscalation: false
64 readOnlyRootFilesystem: true
65 staffeln_conductor:
66 allowPrivilegeEscalation: false
67 readOnlyRootFilesystem: true
68 test:
69 pod:
70 runAsUser: 42424
71 container:
72 staffeln_test:
73 allowPrivilegeEscalation: false
74 readOnlyRootFilesystem: true
75 affinity:
76 anti:
77 type:
78 default: preferredDuringSchedulingIgnoredDuringExecution
79 topologyKey:
80 default: kubernetes.io/hostname
81 weight:
82 default: 10
83 tolerations:
84 staffeln:
85 enabled: false
86 tolerations:
87 - key: node-role.kubernetes.io/master
88 operator: Exists
89 effect: NoSchedule
90 mounts:
91 staffeln_api:
92 init_container: null
93 staffeln_api:
94 volumeMounts:
95 volumes:
96 staffeln_conductor:
97 init_container: null
98 staffeln_conductor:
99 volumeMounts:
100 volumes:
101 staffeln_bootstrap:
102 init_container: null
103 staffeln_bootstrap:
104 volumeMounts:
105 volumes:
106 staffeln_tests:
107 init_container: null
108 staffeln_tests:
109 volumeMounts:
110 volumes:
111 staffeln_db_sync:
112 staffeln_db_sync:
113 volumeMounts:
114 volumes:
115 replicas:
116 api: 1
117 conductor: 1
118 lifecycle:
119 upgrades:
120 deployments:
121 revision_history: 3
122 pod_replacement_strategy: RollingUpdate
123 rolling_update:
124 max_unavailable: 1
125 max_surge: 3
126 disruption_budget:
127 api:
128 min_available: 0
129 conductor:
130 min_available: 0
131 resources:
132 enabled: false
133 api:
134 requests:
135 memory: "128Mi"
136 cpu: "100m"
137 limits:
138 memory: "1024Mi"
139 cpu: "2000m"
140 conductor:
141 requests:
142 memory: "128Mi"
143 cpu: "100m"
144 limits:
145 memory: "1024Mi"
146 cpu: "2000m"
147 jobs:
148 bootstrap:
149 requests:
150 memory: "128Mi"
151 cpu: "100m"
152 limits:
153 memory: "1024Mi"
154 cpu: "2000m"
155 db_init:
156 requests:
157 memory: "128Mi"
158 cpu: "100m"
159 limits:
160 memory: "1024Mi"
161 cpu: "2000m"
162 db_sync:
163 requests:
164 memory: "128Mi"
165 cpu: "100m"
166 limits:
167 memory: "1024Mi"
168 cpu: "2000m"
169 db_drop:
170 requests:
171 memory: "128Mi"
172 cpu: "100m"
173 limits:
174 memory: "1024Mi"
175 cpu: "2000m"
176 tests:
177 requests:
178 memory: "128Mi"
179 cpu: "100m"
180 limits:
181 memory: "1024Mi"
182 cpu: "2000m"
183 image_repo_sync:
184 requests:
185 memory: "128Mi"
186 cpu: "100m"
187 limits:
188 memory: "1024Mi"
189 cpu: "2000m"
190
191network:
192 api:
193 ingress:
194 public: false
195 classes:
196 namespace: "nginx"
197 cluster: "nginx-cluster"
198 annotations:
199 nginx.ingress.kubernetes.io/rewrite-target: /
200 external_policy_local: false
201 node_port:
202 enabled: false
203 port: 8808
204
205network_policy:
206 staffeln:
207 ingress:
208 - {}
209 egress:
210 - {}
211
212bootstrap:
213 enabled: true
214 script: null
215
216dependencies:
217 dynamic:
218 common:
219 local_image_registry:
220 jobs:
221 - staffeln-image-repo-sync
222 services:
223 - endpoint: node
224 service: local_image_registry
225 static:
226 api:
227 jobs:
228 - staffeln-db-sync
229 services:
230 - endpoint: internal
231 service: oslo_db
232 - endpoint: internal
233 service: identity
234 conductor:
235 jobs:
236 - staffeln-db-sync
237 services:
238 - endpoint: internal
239 service: oslo_db
240 - endpoint: internal
241 service: identity
242 - endpoint: internal
243 service: oslo_messaging
244 db_drop:
245 services:
246 - endpoint: internal
247 service: oslo_db
248 db_init:
249 services:
250 - endpoint: internal
251 service: oslo_db
252 db_sync:
253 jobs:
254 - staffeln-db-init
255 services:
256 - endpoint: internal
257 service: oslo_db
258 image_repo_sync:
259 services:
260 - endpoint: internal
261 service: local_image_registry
262
263conf:
264 clouds:
265 clouds:
266 envvars:
267 auth: {}
268 staffeln:
269 conductor:
270 backup_metadata_key: __staffeln_backup
271 retention_metadata_key: __staffeln_retention
Michiel Piscaer31656d22023-11-16 09:02:13 +0100272 backup_min_interval: 86400
273 backup_service_period: 3600
274 retention_service_period: 3600
275 backup_cycle_timout: 6h
276 retention_time: 2w
Rico Lind020bc22023-11-01 01:57:03 +0800277 database:
278 max_retries: -1
Rico Lin96b42382024-02-24 02:57:32 +0800279 db_max_retries: 60
280 pool_timeout: 600
281 use_db_reconnect: true
Rico Lind020bc22023-11-01 01:57:03 +0800282 coordination:
283 backend_url: ""
284 logging:
285 loggers:
286 keys:
287 - root
288 - staffeln
289 handlers:
290 keys:
291 - stdout
292 - stderr
293 - "null"
294 formatters:
295 keys:
296 - context
297 - default
298 logger_root:
299 level: WARNING
300 handlers: 'null'
301 logger_staffeln:
302 level: INFO
303 handlers:
304 - stdout
305 qualname: staffeln
306 logger_amqp:
307 level: WARNING
308 handlers: stderr
309 qualname: amqp
310 logger_amqplib:
311 level: WARNING
312 handlers: stderr
313 qualname: amqplib
314 logger_eventletwsgi:
315 level: WARNING
316 handlers: stderr
317 qualname: eventlet.wsgi.server
318 logger_sqlalchemy:
319 level: WARNING
320 handlers: stderr
321 qualname: sqlalchemy
322 logger_boto:
323 level: WARNING
324 handlers: stderr
325 qualname: boto
326 handler_null:
327 class: logging.NullHandler
328 formatter: default
329 args: ()
330 handler_stdout:
331 class: StreamHandler
332 args: (sys.stdout,)
333 formatter: context
334 handler_stderr:
335 class: StreamHandler
336 args: (sys.stderr,)
337 formatter: context
338 formatter_context:
339 class: oslo_log.formatters.ContextFormatter
340 datefmt: "%Y-%m-%d %H:%M:%S"
341 formatter_default:
342 format: "%(message)s"
343 datefmt: "%Y-%m-%d %H:%M:%S"
344# Names of secrets used by bootstrap and environmental checks
345secrets:
346 identity:
347 admin: staffeln-keystone-admin
348 oslo_db:
349 admin: staffeln-db-admin
350 staffeln: staffeln-db-user
351 oci_image_registry:
352 staffeln: staffeln-oci-image-registry
353
354endpoints:
355 cluster_domain_suffix: cluster.local
356 local_image_registry:
357 name: docker-registry
358 namespace: docker-registry
359 hosts:
360 default: localhost
361 internal: docker-registry
362 node: localhost
363 host_fqdn_override:
364 default: null
365 port:
366 registry:
367 node: 5000
368 oci_image_registry:
369 name: oci-image-registry
370 namespace: oci-image-registry
371 auth:
372 enabled: false
373 staffeln:
374 username: staffeln
375 password: password
376 hosts:
377 default: localhost
378 host_fqdn_override:
379 default: null
380 port:
381 registry:
382 default: null
383 identity:
384 name: keystone
385 auth:
386 admin:
387 region_name: RegionOne
388 username: admin
389 password: password
390 project_name: admin
391 user_domain_name: default
392 project_domain_name: default
393 hosts:
394 default: keystone
395 internal: keystone-api
396 host_fqdn_override:
397 default: null
398 path:
399 default: /v3
400 scheme:
401 default: http
402 port:
403 api:
404 default: 80
405 internal: 5000
406 staffeln:
407 name: staffeln
408 hosts:
409 default: staffeln-api
410 public: staffeln
411 host_fqdn_override:
412 default: null
413 path:
414 default: '/v1'
415 scheme:
416 default: http
417 service: http
418 port:
419 api:
420 default: 8808
421 public: 80
422 service: 8808
423 oslo_db:
424 auth:
425 admin:
426 username: root
427 password: password
428 secret:
429 tls:
430 internal: mariadb-tls-direct
431 staffeln:
432 username: staffeln
433 password: password
434 hosts:
435 default: mariadb
436 host_fqdn_override:
437 default: null
438 path: /staffeln
439 scheme: mysql+pymysql
440 port:
441 mysql:
442 default: 3306
443 oslo_cache:
444 auth:
445 # NOTE(portdirect): this is used to define the value for keystone
446 # authtoken cache encryption key, if not set it will be populated
447 # automatically with a random value, but to take advantage of
448 # this feature all services should be set to use the same key,
449 # and memcache service.
450 memcache_secret_key: null
451 hosts:
452 default: memcached
453 host_fqdn_override:
454 default: null
455 port:
456 memcache:
457 default: 11211
458 fluentd:
459 namespace: null
460 name: fluentd
461 hosts:
462 default: fluentd-logging
463 host_fqdn_override:
464 default: null
465 path:
466 default: null
467 scheme: 'http'
468 port:
469 service:
470 default: 24224
471 metrics:
472 default: 24220
473 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
474 # They are using to enable the Egress K8s network policy.
475 kube_dns:
476 namespace: kube-system
477 name: kubernetes-dns
478 hosts:
479 default: kube-dns
480 host_fqdn_override:
481 default: null
482 path:
483 default: null
484 scheme: http
485 port:
486 dns:
487 default: 53
488 protocol: UDP
489 ingress:
490 namespace: null
491 name: ingress
492 hosts:
493 default: ingress
494 port:
495 ingress:
496 default: 80
497
498tls:
499 identity: false
500 oslo_db: false
501
502manifests:
503 certificates: false
504 configmap_bin: true
505 configmap_etc: true
506 deployment_api: true
507 deployment_conductor: true
508 job_bootstrap: true
509 job_db_init: true
510 job_db_sync: true
511 job_db_drop: false
512 job_image_repo_sync: true
513 pdb_api: true
514 secret_db: true
515 network_policy: false
516 secret_registry: true
517 service_ingress_api: true
518 service_api: true
519...