# Copyright 2019 Wind River Systems, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Default values for panko. # This is a YAML-formatted file. # Declare name/value pairs to be passed into your templates. # name: value release_group: null labels: api: node_selector_key: openstack-control-plane node_selector_value: enabled job: node_selector_key: openstack-control-plane node_selector_value: enabled test: node_selector_key: openstack-control-plane node_selector_value: enabled images: tags: test: docker.io/xrally/xrally-openstack:1.3.0 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 db_init: docker.io/openstackhelm/heat:ocata-ubuntu_xenial db_drop: docker.io/openstackhelm/heat:ocata-ubuntu_xenial bootstrap: docker.io/openstackhelm/heat:ocata-ubuntu_xenial panko_db_sync: docker.io/kolla/ubuntu-source-panko-api:ocata ks_user: docker.io/openstackhelm/heat:ocata-ubuntu_xenial ks_service: docker.io/openstackhelm/heat:ocata-ubuntu_xenial ks_endpoints: docker.io/openstackhelm/heat:ocata-ubuntu_xenial panko_api: docker.io/kolla/ubuntu-source-panko-api:ocata panko_events_cleaner: docker.io/kolla/ubuntu-source-panko-base:ocata image_repo_sync: docker.io/docker:17.07.0 pull_policy: "IfNotPresent" local_registry: active: false exclude: - dep_check - image_repo_sync jobs: events_cleaner: # hourly cron: "0 * * * *" history: success: 3 failed: 1 network: api: ingress: public: true classes: namespace: "nginx" cluster: "nginx-cluster" annotations: nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false port: 8977 dependencies: dynamic: common: local_image_registry: jobs: - panko-image-repo-sync services: - endpoint: node service: local_image_registry static: api: jobs: - panko-db-sync - panko-ks-user - panko-ks-endpoints services: - endpoint: internal service: oslo_db - endpoint: internal service: identity events_cleaner: jobs: - panko-db-sync - panko-ks-user - panko-ks-endpoints services: - endpoint: internal service: oslo_db - endpoint: internal service: identity bootstrap: services: - endpoint: internal service: identity db_init: services: - endpoint: internal service: oslo_db db_sync: jobs: - panko-db-init services: - endpoint: internal service: oslo_db db_drop: services: - endpoint: internal service: oslo_db ks_endpoints: jobs: - panko-ks-service services: - endpoint: internal service: identity ks_service: services: - endpoint: internal service: identity ks_user: services: - endpoint: internal service: identity image_repo_sync: services: - endpoint: internal service: local_image_registry tests: jobs: - panko-db-sync services: - endpoint: internal service: identity - endpoint: internal service: oslo_db - endpoint: internal service: event # Names of secrets used by bootstrap and environmental checks secrets: identity: admin: panko-keystone-admin panko: panko-keystone-user test: panko-keystone-test oslo_db: admin: panko-db-admin panko: panko-db-user tls: event: api: public: panko-tls-public bootstrap: enabled: false ks_user: panko script: | openstack token issue conf: rally_tests: run_tempest: false tests: CeilometerEvents.create_user_and_get_event: - runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 CeilometerEvents.create_user_and_list_event_types: - runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 CeilometerEvents.create_user_and_list_events: - runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 wsgi_panko: | Listen 0.0.0.0:{{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded CustomLog /dev/stdout combined env=!forwarded CustomLog /dev/stdout proxy env=forwarded WSGIDaemonProcess panko processes=2 threads=1 user=panko group=panko display-name=%{GROUP} WSGIProcessGroup panko WSGIScriptAlias / /var/www/cgi-bin/panko/panko-api WSGIApplicationGroup %{GLOBAL} = 2.4> ErrorLogFormat "%{cu}t %M" ErrorLog /dev/stdout SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded CustomLog /dev/stdout combined env=!forwarded CustomLog /dev/stdout proxy env=forwarded paste: pipeline:main: pipeline: cors http_proxy_to_wsgi request_id authtoken audit api-server app:api-server: paste.app_factory: panko.api.app:app_factory filter:authtoken: paste.filter_factory: keystonemiddleware.auth_token:filter_factory oslo_config_project: panko filter:request_id: paste.filter_factory: oslo_middleware:RequestId.factory filter:cors: paste.filter_factory: oslo_middleware.cors:filter_factory oslo_config_project: panko filter:http_proxy_to_wsgi: paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory oslo_config_project: panko filter:audit: paste.filter_factory: keystonemiddleware.audit:filter_factory audit_map_file: /etc/panko/api_audit_map.conf policy: context_is_admin: role:admin segregation: rule:context_is_admin telemetry:events:index: '' telemetry:events:show: '' panko: DEFAULT: debug: false log_config_append: /etc/panko/logging.conf oslo_middleware: enable_proxy_headers_parsing: true database: event_time_to_live: 86400 max_retries: -1 keystone_authtoken: auth_version: v3 auth_type: password memcache_security_strategy: ENCRYPT logging: loggers: keys: - root - panko handlers: keys: - stdout - stderr - "null" formatters: keys: - context - default logger_root: level: WARNING handlers: 'null' logger_panko: level: INFO handlers: - stdout qualname: panko logger_amqp: level: WARNING handlers: stderr qualname: amqp logger_amqplib: level: WARNING handlers: stderr qualname: amqplib logger_eventletwsgi: level: WARNING handlers: stderr qualname: eventlet.wsgi.server logger_sqlalchemy: level: WARNING handlers: stderr qualname: sqlalchemy logger_boto: level: WARNING handlers: stderr qualname: boto handler_null: class: logging.NullHandler formatter: default args: () handler_stdout: class: StreamHandler args: (sys.stdout,) formatter: context handler_stderr: class: StreamHandler args: (sys.stderr,) formatter: context formatter_context: class: oslo_log.formatters.ContextFormatter formatter_default: format: "%(message)s" api_audit_map: DEFAULT: target_endpoint_type: event path_keywords: events: message_id capabilities: None event_types: event_type traits: event_type service_endpoints: event: service/event # typically overriden by environmental # values, but should include all endpoints # required by this chart endpoints: cluster_domain_suffix: cluster.local local_image_registry: name: docker-registry namespace: docker-registry hosts: default: localhost internal: docker-registry node: localhost host_fqdn_override: default: null port: registry: node: 5000 identity: name: keystone auth: admin: region_name: RegionOne username: admin password: password project_name: admin user_domain_name: default project_domain_name: default panko: role: admin region_name: RegionOne username: panko password: password project_name: service user_domain_name: service project_domain_name: service test: role: admin region_name: RegionOne username: test password: password project_name: test user_domain_name: service project_domain_name: service hosts: default: keystone internal: keystone-api host_fqdn_override: default: null path: default: /v3 scheme: default: 'http' port: api: default: 80 internal: 5000 event: name: panko hosts: default: panko-api public: panko host_fqdn_override: default: null # NOTE: this chart supports TLS for fqdn over-ridden public # endpoints using the following format: # public: # host: null # tls: # crt: null # key: null path: default: null scheme: default: 'http' port: api: default: 8977 public: 80 oslo_db: auth: admin: username: root password: password panko: username: panko password: password hosts: default: mariadb host_fqdn_override: default: null path: /panko scheme: mysql+pymysql port: mysql: default: 3306 oslo_cache: auth: # NOTE: this is used to define the value for keystone # authtoken cache encryption key, if not set it will be populated # automatically with a random value, but to take advantage of # this feature all services should be set to use the same key, # and memcache service. memcache_secret_key: null hosts: default: memcached host_fqdn_override: default: null port: memcache: default: 11211 fluentd: namespace: null name: fluentd hosts: default: fluentd-logging host_fqdn_override: default: null path: default: null scheme: 'http' port: service: default: 24224 metrics: default: 24220 network_policy: panko: ingress: - {} egress: - {} pod: security_context: panko: pod: runAsUser: 42438 container: panko_api: runAsUser: 0 affinity: anti: type: default: preferredDuringSchedulingIgnoredDuringExecution topologyKey: default: kubernetes.io/hostname weight: default: 10 mounts: panko_api: init_container: null panko_api: volumeMounts: volumes: panko_events_cleaner: init_container: null panko_events_cleaner: volumeMounts: volumes: panko_bootstrap: init_container: null panko_bootstrap: volumeMounts: volumes: panko_tests: init_container: null panko_tests: volumeMounts: volumes: panko_db_sync: panko_db_sync: volumeMounts: volumes: replicas: api: 1 lifecycle: upgrades: deployments: revision_history: 3 pod_replacement_strategy: RollingUpdate rolling_update: max_unavailable: 1 max_surge: 3 disruption_budget: api: min_available: 0 termination_grace_period: api: timeout: 600 resources: enabled: false api: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" jobs: bootstrap: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" db_sync: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" db_init: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_user: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_service: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_endpoints: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" events_cleaner: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" db_drop: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" tests: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" image_repo_sync: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" manifests: configmap_bin: true configmap_etc: true cron_job_events_cleaner: true deployment_api: true ingress_api: true job_bootstrap: true job_db_drop: false job_db_init: true job_image_repo_sync: true job_db_sync: true job_ks_endpoints: true job_ks_service: true job_ks_user: true network_policy: false pdb_api: true pod_rally_test: true secret_db: true secret_keystone: true secret_ingress_tls: true service_api: true service_ingress_api: true