airship/porthole
Code Issues Proposed changes
porthole/charts/etcdctl-utility/values.yaml
anthony.bellino de0f60253c Add host paths and openstack/swift clients to etcdctl utility 
1) Adds etcd on demand job for backup and restore.
2) Adds dbutils implementation to perform manual local and
   remote backup/restore for etcd.
3) Adds the openstack and swift clients to the etcdctl utlity pod so
   that this pod can access etcd remote gateway backup files via the swift interface.
4) Adds kubectl to create backup/restore etcd jobs.

Change-Id: Iadfaa828366bae3a98552891c24d669f2922e1d1
2020-06-23 19:20:50 +00:00

222 lines
5.8 KiB
YAML
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for etcdctl-utility.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# name: value
release_group: null
images:
pull_policy: IfNotPresent
tags:
etcdctl_utility: 'quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_bionic'
image_repo_sync: docker.io/docker:18.09.02
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
utility:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
pod:
security_context:
etcd:
pod:
runAsUser: 65534
container:
etcdctl_utility:
allowPrivilegeEscalation: true
readOnlyRootFilesystem: false
mandatory_access_control:
type: apparmor
etcdctl-utility:
etcdctl-utility: runtime/default
dns_policy: "ClusterFirstWithHostNet"
replicas:
utility: 1
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
resources:
enabled: false
utility:
requests:
memory: "128Mi"
cpu: "250m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
bootstrap:
limits:
memory: "1024Mi"
cpu: "2000m"
requests:
memory: "128Mi"
cpu: "500m"
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
etcd_ondemand:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
test:
etcdctl:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
conf:
backup:
host_backup_path: /var/backups
etcd_backup_restore:
enabled_namespaces: ""
secrets:
kube_system:
rgw_secret: kubernetes-etcd-backup-user
conf_secret: etcd-backup-restore
etcdctlfilter:
Filters:
# etcdctl-rootwrap command filters for etcdctl utility container
# This file should be owned by (and only-writeable by) the root user
dbutils: CommandFilter, dbutils, nobody
etcdctl: CommandFilter, etcdctl, root
kubectl: CommandFilter, kubectl, root
etcdctlrootwrapconf:
DEFAULT:
# Configuration for etcdctl-rootwrap
# This file should be owned by (and only-writeable by) the root user
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path: /etc/etcdctl-utility/rootwrap.d
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin
# Enable logging to syslog
# Default value is False
use_syslog: True
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, local0, local1...
# Default value is 'syslog'
syslog_log_facility: syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level: INFO
etcd:
endpoints: kubernetes-etcd.kube-system.svc.cluster.local
etcdctl_api: "3"
utility:
# Set to true for development sites,
# Set to false otherwise
always_log_user: true
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- etcdctl-utility-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
etcdctl_utility:
services:
- endpoint: internal
service: kubernetes-etcd
bootstrap:
enabled: true
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
etcd:
auth:
client:
tls:
crt: null
ca: null
key: null
path:
crt: /etc/kubernetes/apiserver/pki/etcd-client.pem
ca: /etc/kubernetes/apiserver/pki/etcd-client-ca.pem
key: /etc/kubernetes/apiserver/pki/etcd-client-key.pem
scheme:
default: https
path:
default: ' ' # space required to provide a truly empty path
hosts:
default: 10.96.0.2
host_fqdn_override:
default: null
service:
name: null
port:
client:
default: 2379
peer:
default: 2380
monitoring:
prometheus:
enabled: true
manifests:
configmap_bin: true
configmap_etc_client: true
configmap_etc_sudoers: true
deployment_etcdctl_utility: true
job_image_repo_sync: false
secret_certificates: true
View Git Blame Copy Permalink