KHIYANI, RAHUL (rk0850) b4d0793b98 Add pod/contianer security context template to create_db.yaml
This enables the runAsUser and ReadOnly-fs flags overridden in
values.yaml

Change-Id: I2e5cbd57f90ef1f5c09b7a54cd04d92dcfd8edc5
2020-10-22 20:50:25 +00:00

240 lines
5.8 KiB
YAML

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for alerta.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
---
images:
tags:
alerta: docker.io/openstackhelm/alerta:8.0.2
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
alerta_create_db: "docker.io/openstackhelm/patroni:latest-ubuntu_xenial"
pull_policy: IfNotPresent
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
alerta:
node_selector_key: openstack-control-plane
node_selector_value: enabled
alerta_create_db:
node_selectory_key: openstack-control-plane
node_selector_value: enabled
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- alerta-postgresql-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
alerta:
services:
- endpoint: internal
service: alerta-postgresql
alerta_create_db:
services:
- endpoint: internal
service: alerta-postgresql
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
pod:
security_context:
alerta_create_db:
pod:
runAsUser: 65534
container:
alerta_create_db:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
server:
pod:
runAsUser: 0
container:
alerta:
readOnlyRootFilesystem: false
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
weight:
default: 10
replicas:
alerta: 1
mounts:
alerta:
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
termination_grace_period:
alerta:
timeout: 30
resources:
alerta:
enabled: false
limits:
memory: "1024Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
alertmanager:
name: prometheus-alertmanager
namespace: null
hosts:
default: alerts-engine
host_fqdn_override:
default: null
path:
default: null
scheme: http
port:
api:
default: 9093
alerta:
name: alerta
namespace: null
hosts:
default: alerta
public: alerta-public
host_fqdn_override:
default: null
path:
default: null
scheme:
default: 'http'
port:
server:
default: 8080
postgresql:
auth:
admin:
username: postgres
password: password
hosts:
default: postgresql
host_fqdn_override:
default: null
path: /alerta_db
scheme: postgresql
port:
postgresql:
default: 5432
secrets:
postgresql:
admin: postgresql-admin
tls:
alerta:
alerta:
public: alerta-tls-public
storage: []
volume: []
jobs: []
network:
alerta:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/affinity: cookie
nginx.ingress.kubernetes.io/session-cookie-name: kube-ingress-session-alerta
nginx.ingress.kubernetes.io/session-cookie-hash: sha1
nginx.ingress.kubernetes.io/session-cookie-expires: "600"
nginx.ingress.kubernetes.io/session-cookie-max-age: "600"
node_port:
enabled: true
port: 30480
network_policy: []
manifests:
alerta:
configmap_bin: true
configmap_etc: true
deployment: true
ingress: false
secret: true
secret_ingress_tls: false
service: true
service_ingress: false
create_db: true
conf:
alerta:
alertaAdminUser: admin
alertaAdminPassword: changeme
alertaAdminKey: changeme
alertaAPIKey: changeme
alertadb: alerta_db
alertad_conf: |
DEBUG = True
PLUGINS = ['enhance', 'forward', 'normalise', 'prometheus']
ALERTMANAGER_SILENCE_FROM_ACK = True
ALERTMANAGER_API_URL = '{{ tuple "alertmanager" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }}://{{ tuple "alertmanager" "internal" "api" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}'
DATABASE_URL = {{ tuple "postgresql" "internal" "admin" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" |quote}}
alerta_webui_config: |
# ref: http://docs.alerta.io/en/latest/webui.html
'use strict';
angular.module('config', [])
.constant('config', {
'endpoint' : "/api",
'provider' : "basic"
})
.constant('colors', {});
...