airship/porthole
Code Issues Proposed changes
fef241da50
porthole/charts/mysqlclient-utility/values.yaml
Sergiy Markin b475486d96 Switch to py310 and new kubernetes 1.30.0 
By switching to Python 3.10 we need to disable
focal and bionic jobs.

Change-Id: I4ecd3c633e4fc90fea1622beb2e822a0b4c87452
2024-09-23 15:18:21 +00:00

247 lines
6.6 KiB
YAML
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for mysql-client.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
release_group: null
images:
tags:
mariadb: docker.io/openstackhelm/mariadb:latest-ubuntu_jammy
mysqlclient_utility: 'quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_jammy'
image_repo_sync: docker.io/docker:18.09.02
pull_policy: IfNotPresent
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
utility:
node_selector_key: openstack-control-plane
node_selector_value: enabled
pod:
security_context:
mysqlclient:
pod:
runAsUser: 65534
container:
mysqlclient_utility:
allowPrivilegeEscalation: true
readOnlyRootFilesystem: false
mariadb_ondemand:
pod:
runAsUser: 65534
container:
ondemand_perms:
runAsUser: 0
readOnlyRootFilesystem: true
verify_perms:
runAsUser: 0
readOnlyRootFilesystem: true
mariadb_ondemand:
runAsUser: 65534
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
mounts:
mysqlclient:
container:
mysqlclient_utility:
volumes:
- name: runasuser-home
emptyDir: {}
volumeMounts:
- name: runasuser-home
mountPath: /nonexistent
mariadb_ondemand:
container:
mariadb_ondemand:
volumes:
- name: runasuser-home
emptyDir: {}
volumeMounts:
- name: runasuser-home
mountPath: /nonexistent
dns_policy: "ClusterFirstWithHostNet"
replicas:
utility: 1
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
mandatory_access_control:
type: apparmor
mariadb-verify-server:
mariadb-verify-server: runtime/default
mysqlclient-utility:
mysqlclient-utility: runtime/default
mariadb-ondemand:
ondemand-perms: runtime/default
mariadb-ondemand: runtime/default
probes:
utility:
mysqlclient-utility:
readiness:
enabled: true
params:
periodSeconds: 15
timeoutSeconds: 10
initialDelaySeconds: 5
liveness:
enabled: true
params:
periodSeconds: 15
timeoutSeconds: 10
initialDelaySeconds: 5
resources:
enabled: false
utility:
requests:
memory: "100Mi"
cpu: "250m"
limits:
memory: "250Mi"
cpu: "500m"
server:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
bootstrap:
limits:
memory: "1024Mi"
cpu: "2000m"
requests:
memory: "128Mi"
cpu: "500m"
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
mariadb_ondemand:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
conf:
mariadb_backup_restore:
enabled_namespaces: ""
test_database_name: "test_database"
test_database_user: "test_database_user"
secrets:
rgw_secret: mariadb-backup-user
conf_secret: mariadb-backup-restore
tls_secret: mariadb-tls-direct
features:
utility: true
mysqlclientconf:
etc: mysqlclient-etc
mysqlclientfilter:
Filters:
# mysqlclient-rootwrap command filters for mysqlclient utility container
# This file should be owned by (and only-writeable by) the root user
mysql: CommandFilter, mysql, root
kubectl: CommandFilter, kubectl, root
dbutils: CommandFilter, dbutils, nobody
mariadb_ondemand:
ondemapd_pod_sleep_time: 3600
mysqlclientrootwrapconf:
DEFAULT:
# Configuration for mysqlclient-rootwrap
# This file should be owned by (and only-writeable by) the root user
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path: /etc/mysqlclient-utility/rootwrap.d
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/tmp
# Enable logging to syslog
# Default value is False
use_syslog: True
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, local0, local1...
# Default value is 'syslog'
syslog_log_facility: syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level: INFO
#keystone_auth:
# auth_url: http://keystone.openstack.svc.cluster.local/v3
# auth_version: "3"
utility:
# Set to true for development sites,
# Set to false otherwise
always_log_user: true
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- mysqlclient-utility-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
bootstrap:
enabled: true
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
monitoring:
prometheus:
enabled: true
manifests:
configmap_bin: true
configmap_etc_client: true
configmap_etc_sudoers: true
deployment_utility: true
create_test_database: false
View Git Blame Copy Permalink