215 lines
6.0 KiB
YAML
215 lines
6.0 KiB
YAML
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
---
|
|
images:
|
|
tags:
|
|
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
|
|
ks_user: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
|
|
results_publisher: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
|
|
sonobuoy_api: sonobuoy/sonobuoy:v0.16.4
|
|
systemd_logs: gcr.io/heptio-images/sonobuoy-plugin-systemd-logs:v0.1
|
|
pull_policy: "IfNotPresent"
|
|
local_registry:
|
|
active: false
|
|
exclude: []
|
|
|
|
labels:
|
|
api:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
job:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
|
|
dependencies:
|
|
dynamic: {}
|
|
static:
|
|
sonobuoy:
|
|
jobs:
|
|
- sonobuoy-ks-user
|
|
|
|
pod:
|
|
security_context:
|
|
sonobuoy:
|
|
pod:
|
|
runAsUser: 1000
|
|
container:
|
|
kube_sonobuoy:
|
|
readOnlyRootFilesystem: true
|
|
allowPrivilegeEscalation: false
|
|
resources:
|
|
enabled: false
|
|
jobs:
|
|
ks_user:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "2000m"
|
|
|
|
secrets:
|
|
identity:
|
|
admin: sonobuoy-keystone-admin
|
|
sonobuoy: sonobuoy-keystone-user
|
|
|
|
endpoints:
|
|
cluster_domain_suffix: cluster.local
|
|
identity:
|
|
name: keystone
|
|
auth:
|
|
admin:
|
|
region_name: RegionOne
|
|
username: admin
|
|
password: password
|
|
project_name: admin
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
sonobuoy:
|
|
role: admin
|
|
region_name: RegionOne
|
|
username: sonobuoy
|
|
password: password
|
|
project_name: sonobuoy
|
|
user_domain_name: sonobuoy
|
|
project_domain_name: sonobuoy
|
|
hosts:
|
|
default: keystone
|
|
internal: keystone-api
|
|
host_fqdn_override:
|
|
default: null
|
|
path:
|
|
default: /v3
|
|
scheme:
|
|
default: http
|
|
port:
|
|
api:
|
|
default: 80
|
|
internal: 5000
|
|
|
|
manifests:
|
|
configmap_bin: true
|
|
configmap_plugins: true
|
|
job_ks_user: true
|
|
pod_api: true
|
|
secret_etc: true
|
|
secret_keystone: true
|
|
secret_plugin_values: true
|
|
serviceaccount_readonly: false
|
|
# enable Role for pod/exec in conf.exec_role_namespace for the readonly service account
|
|
# requires the conf.exec_role_namespace namespace to exist before installing this chart
|
|
serviceaccount_readonly_exec: false
|
|
|
|
conf:
|
|
# the namespace where the readonly serviceaccount can perform pod/exec
|
|
# manifests.serviceaccount_readonly_exec must be set to true
|
|
exec_role_namespace: null
|
|
publish_results: true
|
|
# NOTE: use to store results on host; disabled by default.
|
|
host_results_path: null
|
|
# Injected values root used by (some of) the plugins. This `plugin_values`
|
|
# root is the parent for a mapping of named sections, each of which will be
|
|
# added as a file in the plugin-values secret.
|
|
#
|
|
# Plugins will be responsible for mounting the appropriate information,
|
|
# e.g. as /etc/test/<filename> to the plugin container(s) as appropriate.
|
|
#
|
|
# A default entry/file will be supplied, but is expected to be overridden by
|
|
# deployment.
|
|
#
|
|
# In the case of supplying this info to the plugin(s), each plugin will need
|
|
# to do the mounting of the secret into the correct place, similar to what is
|
|
# shown in this values file at conf.plugins[0].data.spec.volumeMounts, and
|
|
# conf.plugins[0].data.extra-volumes
|
|
#
|
|
# Each entry under plugin-values needs to be keyed by the filename for that
|
|
# set of values. The yaml mapped by each filename will be the contents of
|
|
# the file.
|
|
plugin_values:
|
|
demo:
|
|
placeholder: value
|
|
swift:
|
|
container_name: sonobuoy
|
|
# delete objects after 1 month (60 * 60 * 24 * 30 seconds)
|
|
delete_objects_after_seconds: "2592000"
|
|
object_name_prefix: ""
|
|
sonobuoy:
|
|
Description: "sonobuoy run for scanner.heptio.com"
|
|
Version: v0.16.4
|
|
ResultsDir: /tmp/resultshost
|
|
Resources:
|
|
- Nodes
|
|
- ServerVersion
|
|
Filters:
|
|
Namespaces: ""
|
|
LabelSelector: ""
|
|
Server:
|
|
bindaddress: 0.0.0.0
|
|
bindport: 8080
|
|
advertiseaddress: ""
|
|
timeoutseconds: 8000
|
|
Plugins:
|
|
- name: systemd-logs
|
|
PluginSearchPath:
|
|
- /plugins.d
|
|
Limits:
|
|
PodLogs:
|
|
SizeLimitBytes: 10000
|
|
# NOTE: the Namespace should not be defined and is set in sonobuoy-etc
|
|
Namespace: null
|
|
# NOTE: the WorkerImage should not be defined and is set in sonobuoy-etc
|
|
WorkerImage: null
|
|
ImagePullPolicy: IfNotPresent
|
|
plugins:
|
|
- name: systemd_logs.yaml
|
|
data: |
|
|
sonobuoy-config:
|
|
driver: DaemonSet
|
|
plugin-name: systemd-logs
|
|
result-type: systemd_logs
|
|
spec:
|
|
name: sonobuoy-systemd-logs-config
|
|
env:
|
|
- name: CHROOT_DIR
|
|
value: /node
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
- name: RESULTS_DIR
|
|
value: /tmp/results
|
|
image: {{ .Values.images.tags.systemd_logs }}
|
|
imagePullPolicy: Always
|
|
command:
|
|
- sh
|
|
- -c
|
|
- /get_systemd_logs.sh && sleep 3600
|
|
securityContext:
|
|
privileged: true
|
|
volumeMounts:
|
|
- mountPath: /tmp/results
|
|
name: results
|
|
readOnly: false
|
|
- mountPath: /node
|
|
name: root
|
|
readOnly: false
|
|
- mountPath: /etc/test
|
|
name: configured-values
|
|
readOnly: true
|
|
extra-volumes:
|
|
- name: configured-values
|
|
secret:
|
|
secretName: plugin-values
|
|
defaultMode: 444
|
|
...
|