0808cf5198
External traffic policy "local" would be preffered when openstack service is accessed from external via node port. This option has an effect only when service node port is enabled. Change-Id: Ic68cfc59dc39dc842d4790deffa70efe433dd7a6
411 lines
9.9 KiB
YAML
411 lines
9.9 KiB
YAML
# Copyright 2017 The Openstack-Helm Authors.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Default values for keystone.
|
|
# This is a YAML-formatted file.
|
|
# Declare name/value pairs to be passed into your templates.
|
|
# name: value
|
|
|
|
release_group: null
|
|
|
|
labels:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
|
|
images:
|
|
tags:
|
|
bootstrap: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
|
|
db_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
|
|
db_sync: docker.io/kolla/ubuntu-source-magnum-api:3.0.3
|
|
db_drop: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
|
|
ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
|
|
ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
|
|
ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
|
|
api: docker.io/kolla/ubuntu-source-magnum-api:3.0.3
|
|
conductor: docker.io/kolla/ubuntu-source-magnum-conductor:3.0.3
|
|
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
|
pull_policy: "IfNotPresent"
|
|
|
|
conf:
|
|
paste:
|
|
pipeline:main:
|
|
pipeline: cors healthcheck request_id authtoken api_v1
|
|
app:api_v1:
|
|
paste.app_factory: magnum.api.app:app_factory
|
|
filter:authtoken:
|
|
acl_public_routes: /, /v1
|
|
paste.filter_factory: magnum.api.middleware.auth_token:AuthTokenMiddleware.factory
|
|
filter:request_id:
|
|
paste.filter_factory: oslo_middleware:RequestId.factory
|
|
filter:cors:
|
|
paste.filter_factory: oslo_middleware.cors:filter_factory
|
|
oslo_config_project: magnum
|
|
filter:healthcheck:
|
|
paste.filter_factory: oslo_middleware:Healthcheck.factory
|
|
backends: disable_by_file
|
|
disable_by_file_path: /etc/magnum/healthcheck_disable
|
|
policy:
|
|
context_is_admin: role:admin
|
|
admin_or_owner: is_admin:True or project_id:%(project_id)s
|
|
default: rule:admin_or_owner
|
|
admin_api: rule:context_is_admin
|
|
admin_or_user: is_admin:True or user_id:%(user_id)s
|
|
cluster_user: user_id:%(trustee_user_id)s
|
|
deny_cluster_user: not domain_id:%(trustee_domain_id)s
|
|
bay:create: rule:deny_cluster_user
|
|
bay:delete: rule:deny_cluster_user
|
|
bay:detail: rule:deny_cluster_user
|
|
bay:get: rule:deny_cluster_user
|
|
bay:get_all: rule:deny_cluster_user
|
|
bay:update: rule:deny_cluster_user
|
|
baymodel:create: rule:deny_cluster_user
|
|
baymodel:delete: rule:deny_cluster_user
|
|
baymodel:detail: rule:deny_cluster_user
|
|
baymodel:get: rule:deny_cluster_user
|
|
baymodel:get_all: rule:deny_cluster_user
|
|
baymodel:update: rule:deny_cluster_user
|
|
baymodel:publish: rule:admin_or_owner
|
|
cluster:create: rule:deny_cluster_user
|
|
cluster:delete: rule:deny_cluster_user
|
|
cluster:detail: rule:deny_cluster_user
|
|
cluster:get: rule:deny_cluster_user
|
|
cluster:get_all: rule:deny_cluster_user
|
|
cluster:update: rule:deny_cluster_user
|
|
clustertemplate:create: rule:deny_cluster_user
|
|
clustertemplate:delete: rule:deny_cluster_user
|
|
clustertemplate:detail: rule:deny_cluster_user
|
|
clustertemplate:get: rule:deny_cluster_user
|
|
clustertemplate:get_all: rule:deny_cluster_user
|
|
clustertemplate:update: rule:deny_cluster_user
|
|
clustertemplate:publish: rule:admin_or_owner
|
|
rc:create: rule:default
|
|
rc:delete: rule:default
|
|
rc:detail: rule:default
|
|
rc:get: rule:default
|
|
rc:get_all: rule:default
|
|
rc:update: rule:default
|
|
certificate:create: rule:admin_or_user or rule:cluster_user
|
|
certificate:get: rule:admin_or_user or rule:cluster_user
|
|
magnum-service:get_all: rule:admin_api
|
|
magnum:
|
|
DEFAULT:
|
|
transport_url: null
|
|
database:
|
|
max_retries: -1
|
|
keystone_authtoken:
|
|
auth_type: password
|
|
auth_version: v3
|
|
memcache_security_strategy: ENCRYPT
|
|
api:
|
|
port: 9511
|
|
host: 0.0.0.0
|
|
|
|
network:
|
|
api:
|
|
ingress:
|
|
public: true
|
|
external_policy_local: false
|
|
node_port:
|
|
enabled: false
|
|
port: 30511
|
|
|
|
bootstrap:
|
|
enabled: false
|
|
script: |
|
|
openstack token issue
|
|
|
|
dependencies:
|
|
db_init:
|
|
services:
|
|
- service: oslo_db
|
|
endpoint: internal
|
|
db_sync:
|
|
jobs:
|
|
- magnum-db-init
|
|
services:
|
|
- service: oslo_db
|
|
endpoint: internal
|
|
db_drop:
|
|
services:
|
|
- service: oslo_db
|
|
endpoint: internal
|
|
ks_user:
|
|
services:
|
|
- service: identity
|
|
endpoint: internal
|
|
ks_service:
|
|
services:
|
|
- service: identity
|
|
endpoint: internal
|
|
ks_endpoints:
|
|
jobs:
|
|
- magnum-ks-service
|
|
services:
|
|
- service: identity
|
|
endpoint: internal
|
|
api:
|
|
jobs:
|
|
- magnum-db-sync
|
|
- magnum-ks-user
|
|
- magnum-ks-endpoints
|
|
services:
|
|
- service: oslo_db
|
|
endpoint: internal
|
|
- service: identity
|
|
endpoint: internal
|
|
conductor:
|
|
jobs:
|
|
- magnum-db-sync
|
|
- magnum-ks-user
|
|
- magnum-ks-endpoints
|
|
services:
|
|
- service: oslo_db
|
|
endpoint: internal
|
|
- service: identity
|
|
endpoint: internal
|
|
|
|
# Names of secrets used by bootstrap and environmental checks
|
|
secrets:
|
|
identity:
|
|
admin: magnum-keystone-admin
|
|
user: magnum-keystone-user
|
|
oslo_db:
|
|
admin: magnum-db-admin
|
|
user: magnum-db-user
|
|
|
|
# typically overriden by environmental
|
|
# values, but should include all endpoints
|
|
# required by this chart
|
|
endpoints:
|
|
cluster_domain_suffix: cluster.local
|
|
identity:
|
|
name: keystone
|
|
auth:
|
|
admin:
|
|
region_name: RegionOne
|
|
username: admin
|
|
password: password
|
|
project_name: admin
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
user:
|
|
role: admin
|
|
region_name: RegionOne
|
|
username: magnum
|
|
password: password
|
|
project_name: service
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
hosts:
|
|
default: keystone-api
|
|
public: keystone
|
|
host_fqdn_override:
|
|
default: null
|
|
path:
|
|
default: /v3
|
|
scheme:
|
|
default: http
|
|
port:
|
|
admin:
|
|
default: 35357
|
|
api:
|
|
default: 80
|
|
container_infra:
|
|
name: magnum
|
|
hosts:
|
|
default: magnum-api
|
|
public: magnum
|
|
host_fqdn_override:
|
|
default: null
|
|
path:
|
|
default: /v1
|
|
scheme:
|
|
default: http
|
|
port:
|
|
api:
|
|
default: 9511
|
|
public: 80
|
|
oslo_db:
|
|
auth:
|
|
admin:
|
|
username: root
|
|
password: password
|
|
user:
|
|
username: magnum
|
|
password: password
|
|
hosts:
|
|
default: mariadb
|
|
host_fqdn_override:
|
|
default: null
|
|
path: /magnum
|
|
scheme: mysql+pymysql
|
|
port:
|
|
mysql:
|
|
default: 3306
|
|
oslo_cache:
|
|
hosts:
|
|
default: memcached
|
|
host_fqdn_override:
|
|
default: null
|
|
port:
|
|
memcache:
|
|
default: 11211
|
|
oslo_messaging:
|
|
auth:
|
|
admin:
|
|
username: admin
|
|
password: password
|
|
user:
|
|
username: rabbitmq
|
|
password: password
|
|
hosts:
|
|
default: rabbitmq
|
|
host_fqdn_override:
|
|
default: null
|
|
path: /
|
|
scheme: rabbit
|
|
port:
|
|
amqp:
|
|
default: 5672
|
|
|
|
pod:
|
|
user:
|
|
magnum:
|
|
uid: 1000
|
|
affinity:
|
|
anti:
|
|
type:
|
|
default: preferredDuringSchedulingIgnoredDuringExecution
|
|
topologyKey:
|
|
default: kubernetes.io/hostname
|
|
mounts:
|
|
magnum_api:
|
|
init_container: null
|
|
magnum_api:
|
|
magnum_conductor:
|
|
init_container: null
|
|
magnum_conductor:
|
|
magnum_bootstrap:
|
|
init_container: null
|
|
magnum_bootstrap:
|
|
replicas:
|
|
api: 1
|
|
conductor: 1
|
|
lifecycle:
|
|
upgrades:
|
|
deployments:
|
|
revision_history: 3
|
|
pod_replacement_strategy: RollingUpdate
|
|
rolling_update:
|
|
max_unavailable: 1
|
|
max_surge: 3
|
|
disruption_budget:
|
|
api:
|
|
min_available: 0
|
|
termination_grace_period:
|
|
api:
|
|
timeout: 30
|
|
resources:
|
|
enabled: false
|
|
api:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
conductor:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
jobs:
|
|
bootstrap:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
db_init:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
db_sync:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
db_drop:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
ks_endpoints:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
ks_service:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
ks_user:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
tests:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
|
|
manifests:
|
|
configmap_bin: true
|
|
configmap_etc: true
|
|
deployment_api: true
|
|
ingress_api: true
|
|
job_bootstrap: true
|
|
job_db_init: true
|
|
job_db_sync: true
|
|
job_db_drop: false
|
|
job_ks_endpoints: true
|
|
job_ks_service: true
|
|
job_ks_user: true
|
|
pdb_api: true
|
|
secret_db: true
|
|
secret_keystone: true
|
|
service_api: true
|
|
service_ingress_api: true
|
|
statefulset_conductor: true
|