# Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Default values for ranger-agent. # This is a YAML-formatted file. # Declare name/value pairs to be passed into your templates. # name: value --- images: tags: db_drop: docker.io/openstackhelm/heat:stein-ubuntu_bionic db_init: docker.io/openstackhelm/heat:stein-ubuntu_bionic dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 image_repo_sync: docker.io/docker:17.07.0 ks_endpoints: docker.io/openstackhelm/heat:stein-ubuntu_bionic ks_service: docker.io/openstackhelm/heat:stein-ubuntu_bionic ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic rabbit_init: docker.io/rabbitmq:3.7-management ranger-agent_db_sync: quay.io/attcomdev/ranger-agent:7a994622705a949953d5d1552e4186c576fdcff9 ranger_agent: quay.io/attcomdev/ranger-agent:7a994622705a949953d5d1552e4186c576fdcff9 scripted_test: docker.io/openstackhelm/heat:newton-ubuntu_xenial pull_policy: "IfNotPresent" local_registry: active: false exclude: - dep_check - image_repo_sync labels: api: node_selector_key: openstack-control-plane node_selector_value: enabled engine: node_selector_key: openstack-control-plane node_selector_value: enabled job: node_selector_key: openstack-control-plane node_selector_value: enabled test: node_selector_key: openstack-control-plane node_selector_value: enabled dependencies: dynamic: common: local_image_registry: jobs: - ranger-agent-image-repo-sync services: - endpoint: node service: local_image_registry static: api: jobs: - ranger-agent-db-sync - ranger-agent-ks-user - ranger-agent-ks-endpoints - ranger-agent-rabbit-init services: - service: oslo_db endpoint: internal db_drop: services: - service: oslo_db endpoint: internal db_init: services: - service: oslo_db endpoint: internal db_sync: jobs: - ranger-agent-db-init services: - service: oslo_db endpoint: internal engine: jobs: - ranger-agent-db-sync - ranger-agent-ks-user - ranger-agent-rabbit-init services: - service: oslo_db endpoint: internal - service: identity endpoint: internal - service: orchestration endpoint: internal - service: image endpoint: internal image_repo_sync: services: - endpoint: internal service: local_image_registry ks_endpoints: jobs: - ranger-agent-ks-service services: - service: identity endpoint: internal ks_service: services: - service: identity endpoint: internal ks_user: services: - service: identity endpoint: internal rabbit_init: services: - service: oslo_messaging endpoint: internal tests: services: - service: identity endpoint: internal - service: orchestration endpoint: internal - service: ranger-agent endpoint: internal add_region: services: - service: ranger-agent endpoint: internal network: api: ingress: public: true classes: namespace: "nginx" cluster: "nginx-cluster" annotations: nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/configuration-snippet: | more_set_headers "X-Frame-Options: deny"; more_set_headers "X-XSS-Protection: 1; mode=block"; external_policy_local: false node_port: enabled: false port: 30010 pod: security_context: ranger_agent: pod: runAsUser: 1000 container: ranger_agent_api: readOnlyRootFilesystem: false allowPrivilegeEscalation: false ranger_agent_engine: readOnlyRootFilesystem: false allowPrivilegeEscalation: false add_region: pod: runAsUser: 1000 container: ranger_agent_add_region: readOnlyRootFilesystem: true allowPrivilegeEscalation: false test: pod: runAsUser: 1000 container: ranger_agent_test: readOnlyRootFilesystem: true allowPrivilegeEscalation: false affinity: anti: type: default: preferredDuringSchedulingIgnoredDuringExecution topologyKey: default: kubernetes.io/hostname mounts: ranger_agent_api: init_container: null ranger_agent_api: ranger_agent_engine: init_container: null ranger_agent_engine: ranger_agent_tests: init_container: null ranger_agent_tests: ranger_agent_add_region: init_container: null ranger_agent_add_region: replicas: api: 1 engine: 1 lifecycle: upgrades: deployments: revision_history: 3 pod_replacement_strategy: RollingUpdate rolling_update: max_unavailable: 1 max_surge: 3 disruption_budget: ranger_agent_api: min_available: 0 ranger_agent_engine: min_available: 0 termination_grace_period: ranger_agent_api: timeout: 30 ranger_agent_engine: timeout: 30 resources: enabled: false jobs: db_drop: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" db_init: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" db_sync: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" image_repo_sync: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_endpoints: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_service: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_user: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" rabbit_init: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" tests: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" add_region: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ranger_agent_api: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ranger_agent_engine: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" probes: api: ranger-agent-api: readiness: enabled: true params: initialDelaySeconds: 80 periodSeconds: 95 timeoutSeconds: 85 liveness: enabled: true params: initialDelaySeconds: 120 periodSeconds: 95 timeoutSeconds: 85 engine: ranger-agent-engine: readiness: enabled: true params: initialDelaySeconds: 80 periodSeconds: 95 timeoutSeconds: 85 liveness: enabled: true params: initialDelaySeconds: 120 periodSeconds: 95 timeoutSeconds: 85 # Names of secrets used and environmental checks secrets: identity: admin: admin ranger: ranger-service-admin ranger_admin: ranger-admin ranger_agent: ranger-agent-admin oslo_db: admin: ranger-agent-db-admin ranger_agent: ranger-agent-db-user oslo_messaging: admin: ranger-agent-rabbitmq-admin ranger-agent: ranger-agent-rabbitmq-user tls: ranger_agent: api: public: ranger-agent internal: ranger-agent-tls-api # ranger_agent_engine: # engine: # internal: ranger-agent-tls-engine # typically overridden by environmental # values, but should include all endpoints # required by this chart endpoints: cluster_domain_suffix: cluster.local local_image_registry: name: docker-registry namespace: docker-registry hosts: default: localhost internal: docker-registry node: localhost host_fqdn_override: default: null port: registry: node: 5000 identity: name: keystone auth: admin: region_name: RegionOne username: admin password: password project_name: admin user_domain_name: default project_domain_name: default ranger_agent: role: admin region_name: RegionOne username: ranger-agent-admin password: password project_name: service user_domain_name: default project_domain_name: default ranger: role: - admin - admin_support - admin_viewer - ranger_customer_creator - ranger_flavor_creator - admin_image region_name: RegionOne username: ranger-admin password: password project_name: service user_domain_name: default project_domain_name: default ranger_admin: role: admin region_name: RegionOne username: ranger-admin password: password project_name: admin user_domain_name: default project_domain_name: default hosts: default: keystone internal: keystone-api host_fqdn_override: default: null path: default: /v3 scheme: default: http port: api: default: 80 internal: 5000 image: name: glance hosts: default: glance-api public: glance host_fqdn_override: default: null path: default: null scheme: default: http port: api: default: 9292 public: 80 orchestration: name: heat hosts: default: heat-api public: heat host_fqdn_override: default: null path: default: '/v1/%(project_id)s' scheme: default: 'http' port: api: default: 8004 public: 80 oslo_cache: hosts: default: memcached host_fqdn_override: default: null port: memcache: default: 11211 oslo_db: auth: admin: username: root password: password secret: tls: internal: mariadb-tls-direct ranger_agent: username: ranger-agent password: password hosts: default: mariadb host_fqdn_override: default: null path: /ord scheme: mysql+pymysql port: mysql: default: 3306 oslo_messaging: auth: admin: username: rabbitmq password: password ranger-agent: username: ranger-agent password: password statefulset: replicas: 2 name: rabbitmq-rabbitmq hosts: default: rabbitmq host_fqdn_override: default: null path: /ranger-agent scheme: rabbit port: amqp: default: 5672 http: default: 15672 ranger_agent: name: ranger-agent hosts: default: ranger-api public: ranger-agent # NOTE: this chart supports TLS for fqdn over-ridden public # endpoints using the following format: # public: # host: null # tls: # crt: null # key: null host_fqdn_override: default: null path: default: "/v1/ord/ord_notifier/" scheme: default: 'http' port: api: default: 9010 public: 80 dashboard: name: horizon hosts: default: horizon-int public: horizon host_fqdn_override: default: null path: default: null scheme: default: http public: https port: web: default: 80 public: 443 manifests: certificates: false configmap_bin: true configmap_etc: true deployment_ranger_agent_api: true deployment_ranger_agent_engine: true ingress_ranger_agent_api: true job_add_region: false job_db_drop: false job_db_init: true job_db_sync: true job_image_repo_sync: true job_ks_endpoints: true job_ks_service: true job_ks_user: true job_ks_user_ranger: true job_rabbit_init: true pdb_api: true pod_test: true secret_db: true secret_ingress_tls: true secret_keystone: true secret_rabbitmq: true secret_ssh_key: true service_ingress_ranger_agent_api: true service_ranger_agent_api: true conf: paste: pipeline:main: pipeline: request_id api-server app:api-server: paste.app_factory: ord.api.app:app_factory filter:authtoken: paste.filter_factory: keystonemiddleware.auth_token:filter_factory filter:request_id: paste.filter_factory: oslo_middleware:RequestId.factory ranger_agent: DEFAULT: api_workers: 1 debug: false verbose: true pecan_debug: true repo_connection_timeout: 120 resource_creation_timeout_min: 100 resource_creation_timeout_max: 300 use_stderr: true api_paste_config: /etc/ranger-agent/api-paste.ini local_repo: ranger_repo resource_status_check_wait: 15 enable_heat_health_check: true retry_limits: 5 api: host: 0.0.0.0 database: max_retries: -1 keystone_authtoken: auth_type: password auth_version: v3 orm: rds_listener_endpoint: http://localhost:8777/v1/rds/status orm_template_repo_url: git@github.com:ranger-agent/templates.git repo_pull_check_wait: 2 retry_limits: 5 oslo_messaging_notifications: driver: messagingv2 oslo_messaging_rabbit: rabbit_ha_queues: true ssh: user: ranger_agent user_home: /home/ranger_agent ssh_key_file: ranger_agent ssh_key: null ssh_config: null test: expected_end_status_key: "ORD_000" region: parameters: |- { "rangerAgentVersion": "2.0", "OSVersion": "Stein" } rms_listener_endpoint: http://localhost:7003/v2/orm/regions retry_duration_minutes: 360 retry_interval_minutes: 15 rabbitmq: policies: - vhost: "ranger-agent" name: "ha_ttl_ranger_agent" definition: # mirror messges to other nodes in rmq cluster ha-mode: "all" ha-sync-mode: "automatic" # 70s message-ttl: 70000 priority: 0 apply-to: all pattern: '^(?!(amq\.|reply_)).*' ...