airship/porthole
Code Issues Proposed changes
master
porthole/charts/postgresql-utility/values.yaml
Sergiy Markin b475486d96 Switch to py310 and new kubernetes 1.30.0 
By switching to Python 3.10 we need to disable
focal and bionic jobs.

Change-Id: I4ecd3c633e4fc90fea1622beb2e822a0b4c87452
2024-09-23 15:18:21 +00:00

243 lines
6.4 KiB
YAML
Raw Permalink Blame History

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for postgresql-utility.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
release_group: null
images:
pull_policy: IfNotPresent
tags:
postgresql_utility: 'quay.io/airshipit/porthole-postgresql-utility:latest-ubuntu_jammy'
image_repo_sync: docker.io/docker:18.09.02
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
utility:
node_selector_key: openstack-control-plane
node_selector_value: enabled
pod:
security_context:
postgresql:
pod:
runAsUser: 65534
container:
postgresql_utility:
allowPrivilegeEscalation: true
readOnlyRootFilesystem: false
postgresql_ondemand:
pod:
runAsUser: 65534
container:
backup_perms:
runAsUser: 0
readOnlyRootFilesystem: true
postgresql_ondemand:
runAsUser: 65534
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
mounts:
postgresql:
container:
postgresql_utility:
volumes:
- name: runasuser-home
emptyDir: {}
volumeMounts:
- name: runasuser-home
mountPath: /nonexistent
postgresql_ondemand:
container:
postgresql_ondemand:
volumes:
- name: runasuser-home
emptyDir: {}
volumeMounts:
- name: runasuser-home
mountPath: /nonexistent
dns_policy: "ClusterFirstWithHostNet"
replicas:
utility: 1
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
mandatory_access_control:
type: apparmor
postgresql-utility:
postgresql-utility: runtime/default
postgresql-ondemand:
backup-perms: runtime/default
postgresql-ondemand: runtime/default
resources:
enabled: false
utility:
requests:
memory: "100Mi"
cpu: "250m"
limits:
memory: "250Mi"
cpu: "500m"
jobs:
bootstrap:
limits:
memory: "1024Mi"
cpu: "2000m"
requests:
memory: "128Mi"
cpu: "500m"
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
postgresql_ondemand:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
secrets:
postgresql:
admin: postgresql-admin
conf:
postgresql_backup_restore:
enabled_namespaces: "openstack"
test_database_name: "test_database"
test_database_user: "test_database_user"
secrets:
rgw_secret: postgresql-backup-user
conf_secret: postgresql-backup-restore
features:
utility: true
postgresqlconf:
etc: postgresql-etc
postgresqlfilter:
Filters:
# postgresql-rootwrap command filters for postgresql utility container
# This file should be owned by (and only-writeable by) the root user
# Below are example command filters. access to postgresql cluster can be restricted by creating a user with less privilages
psql: CommandFilter, psql, root
kubectl: CommandFilter, kubectl, root
dbutils: CommandFilter, dbutils, nobody
postgresql_ondemand:
ondemapd_pod_sleep_time: 3600
postgresqlrootwrap:
DEFAULT:
# Configuration for postgresql-rootwrap
# This file should be owned by (and only-writeable by) the root user
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path: /etc/postgresql/rootwrap.d
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/tmp
# Enable logging to syslog
# Default value is False
use_syslog: True
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, local0, local1...
# Default value is 'syslog'
syslog_log_facility: syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level: INFO
utility:
# Set to true for development sites,
# Set to false otherwise
always_log_user: true
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- postgresql-utility-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
bootstrap:
jobs: null
postgresqlfs_client_key_generator:
jobs: null
namespace_client_key_cleaner:
jobs: null
namespace_client_key_generator:
jobs: null
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
bootstrap:
enabled: true
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
postgresql:
auth:
admin:
username: postgres
password: password
hosts:
default: postgresql
host_fqdn_override:
default: null
port:
postgresql:
default: 5432
monitoring:
prometheus:
enabled: true
manifests:
configmap_bin: true
configmap_etc_client: true
configmap_etc_sudoers: true
configmap_etc: true
secret_etc: true
secret_admin: true
deployment_utility: true
create_test_database: false
View Git Blame Copy Permalink