# Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- images: tags: dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 ks_user: docker.io/openstackhelm/heat:ocata-ubuntu_xenial results_publisher: docker.io/openstackhelm/heat:ocata-ubuntu_xenial sonobuoy_api: sonobuoy/sonobuoy:v0.16.4 systemd_logs: gcr.io/heptio-images/sonobuoy-plugin-systemd-logs:v0.1 pull_policy: "IfNotPresent" local_registry: active: false exclude: [] labels: api: node_selector_key: openstack-control-plane node_selector_value: enabled job: node_selector_key: openstack-control-plane node_selector_value: enabled dependencies: dynamic: {} static: sonobuoy: jobs: - sonobuoy-ks-user pod: security_context: sonobuoy: pod: runAsUser: 1000 container: kube_sonobuoy: readOnlyRootFilesystem: true allowPrivilegeEscalation: false resources: enabled: false jobs: ks_user: requests: memory: "128Mi" cpu: "100m" limits: memory: "128Mi" cpu: "2000m" secrets: identity: admin: sonobuoy-keystone-admin sonobuoy: sonobuoy-keystone-user endpoints: cluster_domain_suffix: cluster.local identity: name: keystone auth: admin: region_name: RegionOne username: admin password: password project_name: admin user_domain_name: default project_domain_name: default sonobuoy: role: admin region_name: RegionOne username: sonobuoy password: password project_name: sonobuoy user_domain_name: sonobuoy project_domain_name: sonobuoy hosts: default: keystone internal: keystone-api host_fqdn_override: default: null path: default: /v3 scheme: default: http port: api: default: 80 internal: 5000 manifests: configmap_bin: true configmap_plugins: true job_ks_user: true pod_api: true secret_etc: true secret_keystone: true secret_plugin_values: true serviceaccount_readonly: false # enable Role for pod/exec in conf.exec_role_namespace for the readonly service account # requires the conf.exec_role_namespace namespace to exist before installing this chart serviceaccount_readonly_exec: false conf: # the namespace where the readonly serviceaccount can perform pod/exec # manifests.serviceaccount_readonly_exec must be set to true exec_role_namespace: null publish_results: true # NOTE: use to store results on host; disabled by default. host_results_path: null # Injected values root used by (some of) the plugins. This `plugin_values` # root is the parent for a mapping of named sections, each of which will be # added as a file in the plugin-values secret. # # Plugins will be responsible for mounting the appropriate information, # e.g. as /etc/test/ to the plugin container(s) as appropriate. # # A default entry/file will be supplied, but is expected to be overridden by # deployment. # # In the case of supplying this info to the plugin(s), each plugin will need # to do the mounting of the secret into the correct place, similar to what is # shown in this values file at conf.plugins[0].data.spec.volumeMounts, and # conf.plugins[0].data.extra-volumes # # Each entry under plugin-values needs to be keyed by the filename for that # set of values. The yaml mapped by each filename will be the contents of # the file. plugin_values: demo: placeholder: value swift: container_name: sonobuoy # delete objects after 1 month (60 * 60 * 24 * 30 seconds) delete_objects_after_seconds: "2592000" object_name_prefix: "" sonobuoy: Description: "sonobuoy run for scanner.heptio.com" Version: v0.16.4 ResultsDir: /tmp/resultshost Resources: - Nodes - ServerVersion Filters: Namespaces: "" LabelSelector: "" Server: bindaddress: 0.0.0.0 bindport: 8080 advertiseaddress: "" timeoutseconds: 8000 Plugins: - name: systemd-logs PluginSearchPath: - /plugins.d Limits: PodLogs: SizeLimitBytes: 10000 # NOTE: the Namespace should not be defined and is set in sonobuoy-etc Namespace: null # NOTE: the WorkerImage should not be defined and is set in sonobuoy-etc WorkerImage: null ImagePullPolicy: IfNotPresent plugins: - name: systemd_logs.yaml data: | sonobuoy-config: driver: DaemonSet plugin-name: systemd-logs result-type: systemd_logs spec: name: sonobuoy-systemd-logs-config env: - name: CHROOT_DIR value: /node - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: RESULTS_DIR value: /tmp/results image: {{ .Values.images.tags.systemd_logs }} imagePullPolicy: Always command: - sh - -c - /get_systemd_logs.sh && sleep 3600 securityContext: privileged: true volumeMounts: - mountPath: /tmp/results name: results readOnly: false - mountPath: /node name: root readOnly: false - mountPath: /etc/test name: configured-values readOnly: true extra-volumes: - name: configured-values secret: secretName: plugin-values defaultMode: 444 ...