# Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Default values for mysql-client. # This is a YAML-formatted file. # Declare name/value pairs to be passed into your templates. # name: value release_group: null images: tags: mariadb: docker.io/openstackhelm/mariadb:latest-ubuntu_jammy mysqlclient_utility: 'quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_jammy' image_repo_sync: docker.io/docker:18.09.02 pull_policy: IfNotPresent local_registry: active: false exclude: - dep_check - image_repo_sync labels: utility: node_selector_key: openstack-control-plane node_selector_value: enabled pod: security_context: mysqlclient: pod: runAsUser: 65534 container: mysqlclient_utility: allowPrivilegeEscalation: true readOnlyRootFilesystem: false mariadb_ondemand: pod: runAsUser: 65534 container: ondemand_perms: runAsUser: 0 readOnlyRootFilesystem: true verify_perms: runAsUser: 0 readOnlyRootFilesystem: true mariadb_ondemand: runAsUser: 65534 readOnlyRootFilesystem: true allowPrivilegeEscalation: false mounts: mysqlclient: container: mysqlclient_utility: volumes: - name: runasuser-home emptyDir: {} volumeMounts: - name: runasuser-home mountPath: /nonexistent mariadb_ondemand: container: mariadb_ondemand: volumes: - name: runasuser-home emptyDir: {} volumeMounts: - name: runasuser-home mountPath: /nonexistent dns_policy: "ClusterFirstWithHostNet" replicas: utility: 1 affinity: anti: type: default: preferredDuringSchedulingIgnoredDuringExecution topologyKey: default: kubernetes.io/hostname mandatory_access_control: type: apparmor mariadb-verify-server: mariadb-verify-server: runtime/default mysqlclient-utility: mysqlclient-utility: runtime/default mariadb-ondemand: ondemand-perms: runtime/default mariadb-ondemand: runtime/default probes: utility: mysqlclient-utility: readiness: enabled: true params: periodSeconds: 15 timeoutSeconds: 10 initialDelaySeconds: 5 liveness: enabled: true params: periodSeconds: 15 timeoutSeconds: 10 initialDelaySeconds: 5 resources: enabled: false utility: requests: memory: "100Mi" cpu: "250m" limits: memory: "250Mi" cpu: "500m" server: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" jobs: bootstrap: limits: memory: "1024Mi" cpu: "2000m" requests: memory: "128Mi" cpu: "500m" image_repo_sync: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" mariadb_ondemand: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" conf: mariadb_backup_restore: enabled_namespaces: "" test_database_name: "test_database" test_database_user: "test_database_user" secrets: rgw_secret: mariadb-backup-user conf_secret: mariadb-backup-restore tls_secret: mariadb-tls-direct features: utility: true mysqlclientconf: etc: mysqlclient-etc mysqlclientfilter: Filters: # mysqlclient-rootwrap command filters for mysqlclient utility container # This file should be owned by (and only-writeable by) the root user mysql: CommandFilter, mysql, root kubectl: CommandFilter, kubectl, root dbutils: CommandFilter, dbutils, nobody mariadb_ondemand: ondemapd_pod_sleep_time: 3600 mysqlclientrootwrapconf: DEFAULT: # Configuration for mysqlclient-rootwrap # This file should be owned by (and only-writeable by) the root user # List of directories to load filter definitions from (separated by ','). # These directories MUST all be only writeable by root ! filters_path: /etc/mysqlclient-utility/rootwrap.d # List of directories to search executables in, in case filters do not # explicitely specify a full path (separated by ',') # If not specified, defaults to system PATH environment variable. # These directories MUST all be only writeable by root ! exec_dirs: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/tmp # Enable logging to syslog # Default value is False use_syslog: True # Which syslog facility to use. # Valid values include auth, authpriv, syslog, local0, local1... # Default value is 'syslog' syslog_log_facility: syslog # Which messages to log. # INFO means log all usage # ERROR means only log unsuccessful attempts syslog_log_level: INFO #keystone_auth: # auth_url: http://keystone.openstack.svc.cluster.local/v3 # auth_version: "3" utility: # Set to true for development sites, # Set to false otherwise always_log_user: true dependencies: dynamic: common: local_image_registry: jobs: - mysqlclient-utility-image-repo-sync services: - endpoint: node service: local_image_registry static: image_repo_sync: services: - endpoint: internal service: local_image_registry bootstrap: enabled: true endpoints: cluster_domain_suffix: cluster.local local_image_registry: name: docker-registry namespace: docker-registry hosts: default: localhost internal: docker-registry node: localhost host_fqdn_override: default: null port: registry: node: 5000 monitoring: prometheus: enabled: true manifests: configmap_bin: true configmap_etc_client: true configmap_etc_sudoers: true deployment_utility: true create_test_database: false