# Copyright 2019 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Default values for calicoctl-client.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value

images:
  tags:
    calicoctl_utility: 'docker.io/deepakdt/ctl:v3.4.0'
    image_repo_sync: docker.io/docker:17.07.0
  pull_policy: IfNotPresent
  local_registry:
    active: false
    exclude:
      - dep_check
      - image_repo_sync
      - calicoctl_utility

pod:
  resources:
    enabled: true
    jobs:
      image_repo_sync:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
    utility:
      requests:
        memory: "100Mi"
        cpu: "250m"
      limits:
        memory: "250Mi"
        cpu: "500m"
  dns_policy: "ClusterFirstWithHostNet"
  replicas:
    utility: 1
  sec_context:
    run_as_user: 65534

release_group: null

labels:
  utility:
    node_selector_key: util-calicoctl
    node_selector_value: enabled
  job:
    node_selector_key: openstack-helm-node-class
    node_selector_value: primary

dependencies:
  dynamic:
    common:
      local_image_registry:
        jobs:
          - calicoctl-utility-image-repo-sync
        services:
          - endpoint: node
            service: local_image_registry
  static:
    image_repo_sync:
      services:
        - endpoint: internal
          service: local_image_registry
    calicoctl_utility:
      services:
        - endpoint: internal
          service: calico-etcd

endpoints:
  cluster_domain_suffix: cluster.local
  local_image_registry:
    name: docker-registry
    namespace: docker-registry
    hosts:
      default: localhost
      internal: docker-registry
      node: localhost
    host_fqdn_override:
      default: null
    port:
      registry:
        node: 5000
  etcd:
    auth:
      client:
        tls:
          crt: null
          ca: null
          key: null
        path:
          # these must be within /etc/calico
          crt: /etc/calico/pki/crt
          ca: /etc/calico/pki/ca
          key: /etc/calico/pki/key
    scheme:
      default: https
    path:
      default: ' '  # space required to provide a truly empty path
    hosts:
      default: 10.96.232.136
    host_fqdn_override:
      default: null
    service:
      name: null
    port:
      client:
        default: 6666
      peer:
        default: 6667

conf:
  calicoctl_filter:
    Filters:
      # calicoctl-rootwrap command filters for calicoctl utility container
      # This file should be owned by (and only-writable by) the root user
      # Below are example command filters. access can be restricted by creating a user with less privileges
      # calicoctl_00: CommandFilter, calicoctl, root
      # Below are examples of RegExpFilter. This will restrict available calicoctl options even with admin user
      calicoctl_help_00: RegExpFilter, calicoctl, root, calicoctl, -h
      calicoctl_help_01: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, -h
      calicoctl_get_01: RegExpFilter, calicoctl, root, calicoctl, get, .*
      calicoctl_get_03: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*
      calicoctl_get_04: RegExpFilter, calicoctl, root, calicoctl, get, .*, --export
      calicoctl_get_05: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, --export
      calicoctl_get_06: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename|-o|--output|-n|--namespace, .*
      calicoctl_get_07: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename|-o|--output|-n|--namespace, .*
      calicoctl_get_08: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export
      calicoctl_get_09: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export
      calicoctl_get_10: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*
      calicoctl_get_11: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*
      calicoctl_get_12: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --export
      calicoctl_get_13: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --export
      calicoctl_get_14: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*
      calicoctl_get_15: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*
      calicoctl_get_16: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export
      calicoctl_get_17: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export
      calicoctl_get_18: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces
      calicoctl_get_19: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces
      calicoctl_get_20: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export
      calicoctl_get_21: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export

      calicoctl_convert_00: RegExpFilter, calicoctl, root, calicoctl, convert, -h
      calicoctl_convert_01: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename|-o|--output, .*
      calicoctl_convert_02: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename|-o|--output, .*
      calicoctl_convert_03: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename|-o|--output, .*, --ignore-validation
      calicoctl_convert_04: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename|-o|--output, .*, --ignore-validation
      calicoctl_convert_05: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename, .*, -o|--output, .*
      calicoctl_convert_06: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename, .*, -o|--output, .*
      calicoctl_convert_07: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename, .*, -o|--output, .*, --ignore-validation
      calicoctl_convert_08: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename, .*, -o|--output, .*, --ignore-validation

      calicoctl_ipam_00: RegExpFilter, calicoctl, root, calicoctl, ipam, show, --ip=.*
      calicoctl_ipam_01: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, ipam, show, --ip=.*

      calicoctl_version_00: RegExpFilter, calicoctl, root, calicoctl, version
      calicoctl_version_01: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, version
  calicoctl_rootwrap:
    DEFAULT:
      # Configuration for calicoctl-rootwrap
      # This file should be owned by (and only-writeable by) the root user
      # List of directories to load filter definitions from (separated by ',').
      # These directories MUST all be only writeable by root !
      filters_path: /etc/calicoctl/rootwrap.d
      # List of directories to search executables in, in case filters do not
      # explicitely specify a full path (separated by ',')
      # If not specified, defaults to system PATH environment variable.
      # These directories MUST all be only writeable by root !
      exec_dirs: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/tmp
      # Enable logging to syslog
      # Default value is False
      use_syslog: true
      # Which syslog facility to use.
      # Valid values include auth, authpriv, syslog, local0, local1...
      # Default value is 'syslog'
      syslog_log_facility: syslog
      # Which messages to log.
      # INFO means log all usage
      # ERROR means only log unsuccessful attempts
      syslog_log_level: DEBUG
  utility:
    location_corridor: c1

manifests:
  configmap_bin: true
  configmap_etc_client: true
  deployment_calicoctl_utility: true
  job_image_repo_sync: false
  secret_certificates: true