openstack
/
openstack-helm-addons
Code Issues Proposed changes
openstack-helm-addons/ranger/values.yaml

750 lines
16 KiB
YAML
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
images:
tags:
db_drop: docker.io/openstackhelm/heat:newton-ubuntu_xenial
db_init: docker.io/openstackhelm/heat:newton-ubuntu_xenial
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
ranger: quay.io/attcomdev/ranger:14173e31114f924a75e89357added5315fd7e9f7
ranger_db_sync: quay.io/attcomdev/ranger:14173e31114f924a75e89357added5315fd7e9f7
scripted_test: docker.io/openstackhelm/heat:newton-ubuntu_xenial
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
uuid:
node_selector_key: openstack-control-plane
node_selector_value: enabled
audit:
node_selector_key: openstack-control-plane
node_selector_value: enabled
cms:
node_selector_key: openstack-control-plane
node_selector_value: enabled
fms:
node_selector_key: openstack-control-plane
node_selector_value: enabled
ims:
node_selector_key: openstack-control-plane
node_selector_value: enabled
rds:
node_selector_key: openstack-control-plane
node_selector_value: enabled
rms:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- keystone-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
db_drop:
services:
- service: oslo_db
endpoint: internal
db_init:
services:
- service: oslo_db
endpoint: internal
db_sync:
jobs:
- ranger-db-init
services:
- service: oslo_db
endpoint: internal
image_repo_sync:
services:
- service: local_image_registry
endpoint: internal
audit:
jobs:
- ranger-db-sync
services:
- service: oslo_db
endpoint: internal
cms:
jobs:
- ranger-db-sync
services:
- service: oslo_db
endpoint: internal
fms:
jobs:
- ranger-db-sync
services:
- service: oslo_db
endpoint: internal
ims:
jobs:
- ranger-db-sync
services:
- service: oslo_db
endpoint: internal
rds:
jobs:
- ranger-db-sync
services:
- service: oslo_db
endpoint: internal
rms:
jobs:
- ranger-db-sync
services:
- service: oslo_db
endpoint: internal
uuid:
jobs:
- ranger-db-sync
services:
- service: oslo_db
endpoint: internal
tests:
services:
- service: cms
endpoint: internal
- service: fms
endpoint: internal
- service: ims
endpoint: internal
- service: rds
endpoint: internal
- service: rms
endpoint: internal
- service: audit
endpoint: internal
- service: uuid
endpoint: internal
pod:
security_context:
ranger:
pod:
runAsUser: 1000
container:
ranger_services:
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
mounts:
ranger:
init_container: null
audit:
cms:
fms:
ims:
rds:
rms:
uuid:
ranger_tests:
init_container: null
ranger_tests:
replicas:
ranger: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
disruption_budget:
ranger:
min_available: 0
termination_grace_period:
ranger:
timeout: 30
resources:
enabled: false
jobs:
db_drop:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
audit:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
cms:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
fms:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ims:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
rds:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
rms:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
uuid:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
probes:
audit:
ranger-audit-service:
readiness:
enabled: true
params:
initialDelaySeconds: 90
periodSeconds: 120
timeoutSeconds: 110
liveness:
enabled: true
params:
initialDelaySeconds: 120
periodSeconds: 300
timeoutSeconds: 280
cms:
ranger-cms-service:
readiness:
enabled: true
params:
initialDelaySeconds: 90
periodSeconds: 120
timeoutSeconds: 110
liveness:
enabled: true
params:
initialDelaySeconds: 120
periodSeconds: 300
timeoutSeconds: 280
fms:
ranger-fms-service:
readiness:
enabled: true
params:
initialDelaySeconds: 90
periodSeconds: 120
timeoutSeconds: 110
liveness:
enabled: true
params:
initialDelaySeconds: 120
periodSeconds: 300
timeoutSeconds: 280
ims:
ranger-ims-service:
readiness:
enabled: true
params:
initialDelaySeconds: 90
periodSeconds: 120
timeoutSeconds: 110
liveness:
enabled: true
params:
initialDelaySeconds: 120
periodSeconds: 300
timeoutSeconds: 280
rds:
ranger-rds-service:
readiness:
enabled: true
params:
initialDelaySeconds: 90
periodSeconds: 120
timeoutSeconds: 110
liveness:
enabled: true
params:
initialDelaySeconds: 120
periodSeconds: 300
timeoutSeconds: 280
rms:
ranger-rms-service:
readiness:
enabled: true
params:
initialDelaySeconds: 90
periodSeconds: 120
timeoutSeconds: 110
liveness:
enabled: true
params:
initialDelaySeconds: 120
periodSeconds: 300
timeoutSeconds: 280
uuid:
ranger-uuid-service:
readiness:
enabled: true
params:
initialDelaySeconds: 90
periodSeconds: 120
timeoutSeconds: 110
liveness:
enabled: true
params:
initialDelaySeconds: 120
periodSeconds: 300
timeoutSeconds: 280
# Names of secrets used and environmental checks
secrets:
oslo_db:
admin: ranger-db-admin
ranger: ranger-db-user
tls:
cms:
cms:
public: cms
fms:
fms:
public: fms
ims:
ims:
public: ims
rds:
rds:
public: rds
rms:
rms:
public: rms
audit:
audit:
public: audit
uuid:
uuid:
public: uuid
# typically overriden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
audit:
name: audit
hosts:
default: audit-api
public: audit
host_fqdn_override:
default: null
path:
default: /v1/audit/transaction
scheme:
default: http
port:
api:
default: 7008
public: 80
cms:
name: cms
hosts:
default: cms-api
public: cms
# NOTE: this chart supports TLS for fqdn over-ridden public
# endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
host_fqdn_override:
default: null
path:
default: /v1/orm/customers
scheme:
default: http
port:
api:
default: 7080
public: 80
fms:
name: fms
hosts:
default: fms-api
public: fms
host_fqdn_override:
default: null
path:
default: /v1/orm/flavors
scheme:
default: http
port:
api:
default: 8082
public: 80
identity:
name: keystone
auth:
ranger:
role: admin
region_name: RegionOne
username: ranger-admin
password: password
project_name: service
user_domain_name: default
project_domain_name: default
ranger_admin:
role: admin
region_name: RegionOne
username: ranger-admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
hosts:
default: keystone
internal: keystone-api
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
api:
default: 80
internal: 5000
ims:
name: ims
hosts:
default: ims-api
public: ims
host_fqdn_override:
default: null
path:
default: /v1/orm/images
scheme:
default: http
port:
api:
default: 8084
public: 80
oslo_cache:
hosts:
default: memcached
host_fqdn_override:
default: null
port:
memcache:
default: 11211
oslo_db:
auth:
admin:
username: root
password: password
ranger:
username: ranger
password: password
hosts:
default: mariadb
host_fqdn_override:
default: null
path: /orm
scheme: mysql+pymysql
port:
mysql:
default: 3306
rds:
name: rds
hosts:
default: rds-api
public: rds
host_fqdn_override:
default: null
path:
default: /v1/rds/status
scheme:
default: http
port:
api:
default: 8777
public: 80
rms:
name: rms
hosts:
default: rms-api
public: rms
host_fqdn_override:
default: null
path:
default: /v2/orm/regions
scheme:
default: http
port:
api:
default: 7003
public: 80
uuid:
name: uuid
hosts:
default: uuid-api
public: uuid
host_fqdn_override:
default: null
path:
default: /v1/uuids
scheme:
default: http
port:
api:
default: 7001
public: 80
network:
audit:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 38776
cms:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 37080
fms:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 38082
ims:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 38084
rds:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 38777
rms:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 38080
uuid:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 38090
manifests:
configmap_bin: true
configmap_etc: true
deployment_ranger_services: true
ingress_cms: true
ingress_fms: true
ingress_ims: true
ingress_rds: true
ingress_rms: true
ingress_audit: true
ingress_uuid: true
secret_db: true
secret_ingress_tls: true
secret_ssh_key: true
job_db_drop: false
job_db_init: true
job_db_sync: true
job_image_repo_sync: true
pdb_api: true
pod_test: true
service_ingress_cms: true
service_ingress_fms: true
service_ingress_ims: true
service_ingress_rds: true
service_ingress_rms: true
service_ingress_audit: true
service_ingress_uuid: true
service_audit: true
service_cms: true
service_fms: true
service_ims: true
service_rds: true
service_rms: true
service_uuid: true
conf:
ranger:
DEFAULT:
protocol: http
log_level: INFO
orm_host: 0.0.0.0
pecan_debug: True
ssl_verify: False
use_handlers: console
ranger_agent_https_enabled: False
ranger_agent_client_cert_path: ''
audit:
log: null
cli:
base_region: RegionOne
cms:
log: null
database:
max_retries: -1
fms:
log: null
ims:
log: null
keystone_authtoken:
auth_type: password
auth_version: v3
auth_enabled: False
rds:
log: null
repo_remote_location: git@127.0.0.1:/home/repo/ORM.git
repo_user: orm
repo_email: orm@test.com
rms:
log: null
uuid:
log: null
ssh:
user: ranger
user_home: /home/ranger
ssh_key_file: ranger
ssh_key: null
ssh_config: null
cert:
ranger_agent_client_cert: null
...
View Git Blame Copy Permalink