openstack-helm-infra/gnocchi/values.yaml

# Copyright 2018 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Default values for gnocchi.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

labels:
  api:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled
  job:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled
  metricd:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled
  statsd:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled
  test:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled

release_group: null

images:
  tags:
    dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
    gnocchi_storage_init: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20191216
    db_init_indexer: docker.io/postgres:9.5
    # using non-kolla images until kolla supports postgres as
    # an indexer
    db_init: quay.io/attcomdev/ubuntu-source-gnocchi-api:3.0.3
    db_sync: quay.io/attcomdev/ubuntu-source-gnocchi-api:3.0.3
    ks_user: docker.io/openstackhelm/heat:newton-ubuntu_xenial
    ks_service: docker.io/openstackhelm/heat:newton-ubuntu_xenial
    ks_endpoints: docker.io/openstackhelm/heat:newton-ubuntu_xenial
    gnocchi_api: quay.io/attcomdev/ubuntu-source-gnocchi-api:3.0.3
    gnocchi_statsd: quay.io/attcomdev/ubuntu-source-gnocchi-statsd:3.0.3
    gnocchi_metricd: quay.io/attcomdev/ubuntu-source-gnocchi-metricd:3.0.3
    gnocchi_resources_cleaner: quay.io/attcomdev/ubuntu-source-gnocchi-base:3.0.3
    image_repo_sync: docker.io/docker:17.07.0
  pull_policy: "IfNotPresent"
  local_registry:
    active: false
    exclude:
      - dep_check
      - image_repo_sync

jobs:
  resources_cleaner:
    # daily
    cron: "0 */24 * * *"
    deleted_resources_ttl: '1day'
    history:
      success: 3
      failed: 1

network:
  api:
    ingress:
      public: true
      classes:
        namespace: "nginx"
        cluster: "nginx-cluster"
      annotations:
        nginx.ingress.kubernetes.io/rewrite-target: /
    external_policy_local: false
    node_port:
      enabled: false
      port: 8041
  statsd:
    node_port:
      enabled: false
      port: 8125

dependencies:
  dynamic:
    common:
      local_image_registry:
        jobs:
          - gnocchi-image-repo-sync
        services:
          - endpoint: node
            service: local_image_registry
  static:
    api:
      jobs:
        - gnocchi-storage-init
        - gnocchi-db-sync
        - gnocchi-ks-endpoints
        - gnocchi-ks-service
        - gnocchi-ks-user
      services:
        - endpoint: internal
          service: identity
        - endpoint: internal
          service: oslo_db
    clean:
      services: null
    db_init:
      services:
        - endpoint: internal
          service: oslo_db
    db_init_postgresql:
      jobs: null
      services:
        - endpoint: internal
          service: oslo_db_postgresql
    db_sync:
      jobs:
        - gnocchi-storage-init
        - gnocchi-db-init
        - gnocchi-db-init-indexer
      services:
        - endpoint: internal
          service: oslo_db_postgresql
    ks_endpoints:
      jobs:
        - gnocchi-ks-service
      services:
        - endpoint: internal
          service: identity
    ks_service:
      services:
        - endpoint: internal
          service: identity
    ks_user:
      services:
        - endpoint: internal
          service: identity
    metricd:
      jobs:
        - gnocchi-storage-init
        - gnocchi-db-sync
        - gnocchi-ks-user
        - gnocchi-ks-service
        - gnocchi-ks-endpoints
      services:
        - endpoint: internal
          service: oslo_db_postgresql
        - endpoint: internal
          service: metric
    statsd:
      jobs:
        - gnocchi-storage-init
        - gnocchi-db-sync
        - gnocchi-ks-user
        - gnocchi-ks-service
        - gnocchi-ks-endpoints
      services:
        - endpoint: internal
          service: oslo_db_postgresql
        - endpoint: internal
          service: metric
    resources_cleaner:
      jobs:
        - gnocchi-storage-init
        - gnocchi-db-sync
        - gnocchi-ks-user
        - gnocchi-ks-endpoints
      services:
        - endpoint: internal
          service: oslo_db
        - endpoint: internal
          service: identity
        - endpoint: internal
          service: metric
    storage_init:
      services: null
    tests:
      jobs:
        - gnocchi-storage-init
        - gnocchi-db-sync
      services:
        - endpoint: internal
          service: identity
        - endpoint: internal
          service: oslo_db_postgresql
        - endpoint: internal
          service: metric
    image_repo_sync:
      services:
        - endpoint: internal
          service: local_image_registry

pod:
  user:
    gnocchi:
      uid: 1000
  affinity:
    anti:
      type:
        default: preferredDuringSchedulingIgnoredDuringExecution
      topologyKey:
        default: kubernetes.io/hostname
      weight:
        default: 10
  mounts:
    gnocchi_api:
      init_container: null
      gnocchi_api:
    gnocchi_statsd:
      init_container: null
      gnocchi_statsd:
    gnocchi_metricd:
      init_container: null
      gnocchi_metricd:
    gnocchi_resources_cleaner:
      init_container: null
      gnocchi_resources_cleaner:
    gnocchi_tests:
      init_container: null
      gnocchi_tests:
  replicas:
    api: 1
  lifecycle:
    upgrades:
      deployments:
        revision_history: 3
        pod_replacement_strategy: RollingUpdate
        rolling_update:
          max_unavailable: 1
          max_surge: 3
      daemonsets:
        pod_replacement_strategy: RollingUpdate
        metricd:
          enabled: false
          min_ready_seconds: 0
          max_unavailable: 1
        statsd:
          enabled: false
          min_ready_seconds: 0
          max_unavailable: 1
    disruption_budget:
      api:
        min_available: 0
    termination_grace_period:
      api:
        timeout: 30
  resources:
    enabled: false
    api:
      requests:
        memory: "124Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    statsd:
      requests:
        memory: "124Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    metricd:
      requests:
        memory: "124Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    jobs:
      clean:
        requests:
          memory: "124Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      db_init:
        requests:
          memory: "124Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      db_sync:
        requests:
          memory: "124Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      ks_endpoints:
        requests:
          memory: "124Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      ks_service:
        requests:
          memory: "124Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      ks_user:
        requests:
          memory: "124Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      resources_cleaner:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      tests:
        requests:
          memory: "124Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      image_repo_sync:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"

conf:
  apache: |
    Listen 0.0.0.0:{{ tuple "metric" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}

    SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
    CustomLog /dev/stdout combined env=!forwarded
    CustomLog /dev/stdout proxy env=forwarded

    <VirtualHost *:{{ tuple "metric" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
        WSGIDaemonProcess gnocchi processes=1 threads=2 user=gnocchi group=gnocchi display-name=%{GROUP}
        WSGIProcessGroup gnocchi
        WSGIScriptAlias / "/var/lib/kolla/venv/lib/python2.7/site-packages/gnocchi/rest/app.wsgi"
        WSGIApplicationGroup %{GLOBAL}

        ErrorLog /dev/stderr
        SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
        CustomLog /dev/stdout combined env=!forwarded
        CustomLog /dev/stdout proxy env=forwarded

        <Directory "/var/lib/kolla/venv/lib/python2.7/site-packages/gnocchi/rest">
              Require all granted
        </Directory>
    </VirtualHost>    
  ceph:
    monitors: []
    admin_keyring: null
    override:
    append:
  paste:
    pipeline:main:
      pipeline: gnocchi+auth
    composite:gnocchi+noauth:
      use: egg:Paste#urlmap
      /: gnocchiversions
      /v1: gnocchiv1+noauth
    composite:gnocchi+auth:
      use: egg:Paste#urlmap
      /: gnocchiversions
      /v1: gnocchiv1+auth
    pipeline:gnocchiv1+noauth:
      pipeline: gnocchiv1
    pipeline:gnocchiv1+auth:
      pipeline: keystone_authtoken gnocchiv1
    app:gnocchiversions:
      paste.app_factory: gnocchi.rest.app:app_factory
      root: gnocchi.rest.VersionsController
    app:gnocchiv1:
      paste.app_factory: gnocchi.rest.app:app_factory
      root: gnocchi.rest.V1Controller
    filter:keystone_authtoken:
      paste.filter_factory: keystonemiddleware.auth_token:filter_factory
      oslo_config_project: gnocchi
  policy:
    admin_or_creator: 'role:admin or project_id:%(created_by_project_id)s'
    resource_owner: 'project_id:%(project_id)s'
    metric_owner: 'project_id:%(resource.project_id)s'
    get status: 'role:admin'
    create resource: ''
    get resource: 'rule:admin_or_creator or rule:resource_owner'
    update resource: 'rule:admin_or_creator'
    delete resource: 'rule:admin_or_creator'
    delete resources: 'rule:admin_or_creator'
    list resource: 'rule:admin_or_creator or rule:resource_owner'
    search resource: 'rule:admin_or_creator or rule:resource_owner'
    create resource type: 'role:admin'
    delete resource type: 'role:admin'
    update resource type: 'role:admin'
    list resource type: ''
    get resource type: ''
    get archive policy: ''
    list archive policy: ''
    create archive policy: 'role:admin'
    update archive policy: 'role:admin'
    delete archive policy: 'role:admin'
    create archive policy rule: 'role:admin'
    get archive policy rule: ''
    list archive policy rule: ''
    delete archive policy rule: 'role:admin'
    create metric: ''
    delete metric: 'rule:admin_or_creator'
    get metric: 'rule:admin_or_creator or rule:metric_owner'
    search metric: 'rule:admin_or_creator or rule:metric_owner'
    list metric: ''
    list all metric: 'role:admin'
    get measures:  'rule:admin_or_creator or rule:metric_owner'
    post measures:  'rule:admin_or_creator'
  gnocchi:
    DEFAULT:
      debug: false
    token:
      provider: uuid
    api:
      auth_mode: keystone
      #NOTE(portdirect): the bind port should not be defined, and is manipulated
      # via the endpoints section.
      port: null
    statsd:
      #NOTE(portdirect): the bind port should not be defined, and is manipulated
      # via the endpoints section.
      port: null
    metricd:
      workers: 1
    database:
      max_retries: -1
    storage:
      driver: ceph
      ceph_pool: gnocchi.metrics
      ceph_username: gnocchi
      ceph_keyring: /etc/ceph/ceph.client.gnocchi.keyring
      ceph_conffile: /etc/ceph/ceph.conf
      file_basepath: /var/lib/gnocchi
      provided_keyring: null
    indexer:
      driver: postgresql
    keystone_authtoken:
      auth_type: password
      auth_version: v3
      memcache_security_strategy: ENCRYPT

ceph_client:
  configmap: ceph-etc
  user_secret_name: pvc-ceph-client-key

secrets:
  identity:
    admin: gnocchi-keystone-admin
    gnocchi: gnocchi-keystone-user
  oslo_db:
    admin: gnocchi-db-admin
    gnocchi: gnocchi-db-user
  oslo_db_indexer:
    admin: gnocchi-db-indexer-admin
    gnocchi: gnocchi-db-indexer-user
  rbd: gnocchi-rbd-keyring
  tls:
    metric:
      api:
        public: gnocchi-tls-public

bootstrap:
  enabled: false
  ks_user: gnocchi
  script: |
    openstack token issue    

# typically overridden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
  cluster_domain_suffix: cluster.local
  local_image_registry:
    name: docker-registry
    namespace: docker-registry
    hosts:
      default: localhost
      internal: docker-registry
      node: localhost
    host_fqdn_override:
      default: null
    port:
      registry:
        node: 5000
  identity:
    name: keystone
    auth:
      admin:
        username: "admin"
        user_domain_name: "default"
        password: "password"
        project_name: "admin"
        project_domain_name: "default"
        region_name: "RegionOne"
        os_auth_type: "password"
        os_tenant_name: "admin"
      gnocchi:
        username: "gnocchi"
        role: "admin"
        password: "password"
        project_name: "service"
        region_name: "RegionOne"
        os_auth_type: "password"
        os_tenant_name: "service"
        user_domain_name: service
        project_domain_name: service
    hosts:
      default: keystone
      internal: keystone-api
    host_fqdn_override:
      default: null
    path:
      default: /v3
    scheme:
      default: 'http'
    port:
      api:
        default: 80
        internal: 5000
  metric:
    name: gnocchi
    hosts:
      default: gnocchi-api
      public: gnocchi
    host_fqdn_override:
      default: null
      # NOTE: this chart supports TLS for fqdn over-ridden public
      # endpoints using the following format:
      # public:
      #   host: null
      #   tls:
      #     crt: null
      #     key: null
    path:
      default: null
    scheme:
      default: 'http'
    port:
      api:
        default: 8041
        public: 80
  metric_statsd:
    name: gnocchi-statsd
    hosts:
      default: gnocchi-statsd
    host_fqdn_override:
      default: null
    path:
      default: null
    scheme:
      default: null
    port:
      statsd:
        default: 8125
  oslo_db_postgresql:
    auth:
      admin:
        username: postgres
        password: password
      gnocchi:
        username: gnocchi
        password: password
    hosts:
      default: postgresql
    host_fqdn_override:
      default: null
    path: /gnocchi
    scheme: postgresql
    port:
      postgresql:
        default: 5432
  oslo_db:
    auth:
      admin:
        username: root
        password: password
      gnocchi:
        username: gnocchi
        password: password
    hosts:
      default: mariadb
    host_fqdn_override:
      default: null
    path: /gnocchi
    scheme: mysql+pymysql
    port:
      mysql:
        default: 3306
  oslo_cache:
    auth:
      # NOTE(portdirect): this is used to define the value for keystone
      # authtoken cache encryption key, if not set it will be populated
      # automatically with a random value, but to take advantage of
      # this feature all services should be set to use the same key,
      # and memcache service.
      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
      default: null
    port:
      memcache:
        default: 11211

manifests:
  configmap_bin: true
  configmap_etc: true
  cron_job_resources_cleaner: true
  daemonset_metricd: true
  daemonset_statsd: true
  deployment_api: true
  ingress_api: true
  job_bootstrap: true
  job_clean: true
  job_db_drop: false
  job_db_init_indexer: true
  job_db_init: true
  job_image_repo_sync: true
  secret_db_indexer: true
  job_db_sync: true
  job_ks_endpoints: true
  job_ks_service: true
  job_ks_user: true
  job_storage_init: true
  pdb_api: true
  pod_gnocchi_test: true
  secret_db: true
  secret_keystone: true
  secret_ingress_tls: true
  service_api: true
  service_ingress_api: true
  service_statsd: true