2cb3d41544
When the default release was switched from ocata to stein, some of the policies were duplicated. This moves the ocata overrides back to where they belong, and adds overrides for pike, queens, and rocky. Change-Id: I342d69e721b2692987951055e41ed5e153a91d6c
713 lines
20 KiB
YAML
713 lines
20 KiB
YAML
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Default values for barbican.
|
|
# This is a YAML-formatted file.
|
|
# Declare name/value pairs to be passed into your templates.
|
|
# name: value
|
|
|
|
labels:
|
|
api:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
job:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
test:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
|
|
release_group: null
|
|
|
|
images:
|
|
tags:
|
|
bootstrap: docker.io/openstackhelm/heat:stein-ubuntu_bionic
|
|
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
|
|
scripted_test: docker.io/openstackhelm/heat:stein-ubuntu_bionic
|
|
db_init: docker.io/openstackhelm/heat:stein-ubuntu_bionic
|
|
barbican_db_sync: docker.io/openstackhelm/barbican:stein-ubuntu_bionic
|
|
db_drop: docker.io/openstackhelm/heat:stein-ubuntu_bionic
|
|
ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
|
|
ks_service: docker.io/openstackhelm/heat:stein-ubuntu_bionic
|
|
ks_endpoints: docker.io/openstackhelm/heat:stein-ubuntu_bionic
|
|
barbican_api: docker.io/openstackhelm/barbican:stein-ubuntu_bionic
|
|
rabbit_init: docker.io/rabbitmq:3.7-management
|
|
image_repo_sync: docker.io/docker:17.07.0
|
|
pull_policy: "IfNotPresent"
|
|
local_registry:
|
|
active: false
|
|
exclude:
|
|
- dep_check
|
|
- image_repo_sync
|
|
|
|
pod:
|
|
security_context:
|
|
barbican:
|
|
pod:
|
|
runAsUser: 42424
|
|
container:
|
|
barbican_api:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
affinity:
|
|
anti:
|
|
type:
|
|
default: preferredDuringSchedulingIgnoredDuringExecution
|
|
topologyKey:
|
|
default: kubernetes.io/hostname
|
|
weight:
|
|
default: 10
|
|
mounts:
|
|
barbican_api:
|
|
init_container: null
|
|
barbican_api:
|
|
volumeMounts:
|
|
volumes:
|
|
barbican_bootstrap:
|
|
init_container: null
|
|
barbican_bootstrap:
|
|
volumeMounts:
|
|
volumes:
|
|
barbican_tests:
|
|
init_container: null
|
|
barbican_tests:
|
|
volumeMounts:
|
|
volumes:
|
|
barbican_db_sync:
|
|
barbican_db_sync:
|
|
volumeMounts:
|
|
volumes:
|
|
replicas:
|
|
api: 1
|
|
lifecycle:
|
|
upgrades:
|
|
deployments:
|
|
revision_history: 3
|
|
pod_replacement_strategy: RollingUpdate
|
|
rolling_update:
|
|
max_unavailable: 1
|
|
max_surge: 3
|
|
disruption_budget:
|
|
api:
|
|
min_available: 0
|
|
resources:
|
|
enabled: false
|
|
api:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
jobs:
|
|
bootstrap:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
db_init:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
db_sync:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
db_drop:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
rabbit_init:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
ks_endpoints:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
ks_service:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
ks_user:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
tests:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
image_repo_sync:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
|
|
network:
|
|
api:
|
|
ingress:
|
|
public: true
|
|
classes:
|
|
namespace: "nginx"
|
|
cluster: "nginx-cluster"
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
|
external_policy_local: false
|
|
node_port:
|
|
enabled: false
|
|
port: 30486
|
|
|
|
network_policy:
|
|
barbican:
|
|
ingress:
|
|
- {}
|
|
egress:
|
|
- {}
|
|
|
|
bootstrap:
|
|
enabled: false
|
|
ks_user: barbican
|
|
script: |
|
|
openstack token issue
|
|
|
|
dependencies:
|
|
dynamic:
|
|
common:
|
|
local_image_registry:
|
|
jobs:
|
|
- barbican-image-repo-sync
|
|
services:
|
|
- endpoint: node
|
|
service: local_image_registry
|
|
static:
|
|
api:
|
|
jobs:
|
|
- barbican-db-sync
|
|
- barbican-ks-user
|
|
- barbican-ks-endpoints
|
|
- barbican-rabbit-init
|
|
services:
|
|
- endpoint: internal
|
|
service: oslo_db
|
|
- endpoint: internal
|
|
service: identity
|
|
- endpoint: internal
|
|
service: oslo_messaging
|
|
db_drop:
|
|
services:
|
|
- endpoint: internal
|
|
service: oslo_db
|
|
db_init:
|
|
services:
|
|
- endpoint: internal
|
|
service: oslo_db
|
|
db_sync:
|
|
jobs:
|
|
- barbican-db-init
|
|
services:
|
|
- endpoint: internal
|
|
service: oslo_db
|
|
image_repo_sync:
|
|
services:
|
|
- endpoint: internal
|
|
service: local_image_registry
|
|
ks_endpoints:
|
|
jobs:
|
|
- barbican-ks-service
|
|
services:
|
|
- endpoint: internal
|
|
service: identity
|
|
ks_service:
|
|
services:
|
|
- endpoint: internal
|
|
service: identity
|
|
ks_user:
|
|
services:
|
|
- endpoint: internal
|
|
service: identity
|
|
rabbit_init:
|
|
services:
|
|
- endpoint: internal
|
|
service: oslo_messaging
|
|
|
|
conf:
|
|
paste:
|
|
composite:main:
|
|
use: egg:Paste#urlmap
|
|
/: barbican_version
|
|
/v1: barbican-api-keystone
|
|
pipeline:barbican_version:
|
|
pipeline: cors http_proxy_to_wsgi versionapp
|
|
pipeline:barbican_api:
|
|
pipeline: cors http_proxy_to_wsgi unauthenticated-context apiapp
|
|
pipeline:barbican-profile:
|
|
pipeline: cors http_proxy_to_wsgi unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions profile apiapp
|
|
pipeline:barbican-api-keystone:
|
|
pipeline: cors http_proxy_to_wsgi authtoken context apiapp
|
|
pipeline:barbican-api-keystone-audit:
|
|
pipeline: http_proxy_to_wsgi authtoken context audit apiapp
|
|
app:apiapp:
|
|
paste.app_factory: barbican.api.app:create_main_app
|
|
app:versionapp:
|
|
paste.app_factory: barbican.api.app:create_version_app
|
|
filter:simple:
|
|
paste.filter_factory: barbican.api.middleware.simple:SimpleFilter.factory
|
|
filter:unauthenticated-context:
|
|
paste.filter_factory: barbican.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
|
filter:context:
|
|
paste.filter_factory: barbican.api.middleware.context:ContextMiddleware.factory
|
|
filter:audit:
|
|
paste.filter_factory: keystonemiddleware.audit:filter_factory
|
|
audit_map_file: /etc/barbican/api_audit_map.conf
|
|
filter:authtoken:
|
|
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
|
|
filter:profile:
|
|
use: egg:repoze.profile
|
|
log_filename: myapp.profile
|
|
cachegrind_filename: cachegrind.out.myapp
|
|
discard_first_request: true
|
|
path: /__profile__
|
|
flush_at_shutdown: true
|
|
unwind: false
|
|
filter:cors:
|
|
paste.filter_factory: oslo_middleware.cors:filter_factory
|
|
oslo_config_project: barbican
|
|
filter:http_proxy_to_wsgi:
|
|
paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
|
|
policy:
|
|
admin: role:admin
|
|
observer: role:observer
|
|
creator: role:creator
|
|
audit: role:audit
|
|
service_admin: role:key-manager:service-admin
|
|
admin_or_user_does_not_work: project_id:%(project_id)s
|
|
admin_or_user: rule:admin or project_id:%(project_id)s
|
|
admin_or_creator: rule:admin or rule:creator
|
|
all_but_audit: rule:admin or rule:observer or rule:creator
|
|
all_users: rule:admin or rule:observer or rule:creator or rule:audit or rule:service_admin
|
|
secret_acl_read: "'read':%(target.secret.read)s"
|
|
secret_private_read: "'False':%(target.secret.read_project_access)s"
|
|
container_acl_read: "'read':%(target.container.read)s"
|
|
container_private_read: "'False':%(target.container.read_project_access)s"
|
|
secret_non_private_read: rule:all_users and rule:secret_project_match and not rule:secret_private_read
|
|
secret_decrypt_non_private_read: rule:all_but_audit and rule:secret_project_match
|
|
and not rule:secret_private_read
|
|
container_non_private_read: rule:all_users and rule:container_project_match and not
|
|
rule:container_private_read
|
|
secret_project_admin: rule:admin and rule:secret_project_match
|
|
secret_project_creator: rule:creator and rule:secret_project_match and rule:secret_creator_user
|
|
container_project_admin: rule:admin and rule:container_project_match
|
|
container_project_creator: rule:creator and rule:container_project_match and rule:container_creator_user
|
|
version:get: "@"
|
|
secret:decrypt: rule:secret_decrypt_non_private_read or rule:secret_project_creator
|
|
or rule:secret_project_admin or rule:secret_acl_read
|
|
secret:get: rule:secret_non_private_read or rule:secret_project_creator or rule:secret_project_admin
|
|
or rule:secret_acl_read
|
|
secret:put: rule:admin_or_creator and rule:secret_project_match
|
|
secret:delete: rule:secret_project_admin or rule:secret_project_creator
|
|
secrets:post: rule:admin_or_creator
|
|
secrets:get: rule:all_but_audit
|
|
orders:post: rule:admin_or_creator
|
|
orders:get: rule:all_but_audit
|
|
order:get: rule:all_users
|
|
order:put: rule:admin_or_creator
|
|
order:delete: rule:admin
|
|
consumer:get: rule:admin or rule:observer or rule:creator or rule:audit or rule:container_non_private_read
|
|
or rule:container_project_creator or rule:container_project_admin or rule:container_acl_read
|
|
consumers:get: rule:admin or rule:observer or rule:creator or rule:audit or rule:container_non_private_read
|
|
or rule:container_project_creator or rule:container_project_admin or rule:container_acl_read
|
|
consumers:post: rule:admin or rule:container_non_private_read or rule:container_project_creator
|
|
or rule:container_project_admin or rule:container_acl_read
|
|
consumers:delete: rule:admin or rule:container_non_private_read or rule:container_project_creator
|
|
or rule:container_project_admin or rule:container_acl_read
|
|
containers:post: rule:admin_or_creator
|
|
containers:get: rule:all_but_audit
|
|
container:get: rule:container_non_private_read or rule:container_project_creator or
|
|
rule:container_project_admin or rule:container_acl_read
|
|
container:delete: rule:container_project_admin or rule:container_project_creator
|
|
container_secret:post: rule:admin
|
|
container_secret:delete: rule:admin
|
|
transport_key:get: rule:all_users
|
|
transport_key:delete: rule:admin
|
|
transport_keys:get: rule:all_users
|
|
transport_keys:post: rule:admin
|
|
certificate_authorities:get_limited: rule:all_users
|
|
certificate_authorities:get_all: rule:admin
|
|
certificate_authorities:post: rule:admin
|
|
certificate_authorities:get_preferred_ca: rule:all_users
|
|
certificate_authorities:get_global_preferred_ca: rule:service_admin
|
|
certificate_authorities:unset_global_preferred: rule:service_admin
|
|
certificate_authority:delete: rule:admin
|
|
certificate_authority:get: rule:all_users
|
|
certificate_authority:get_cacert: rule:all_users
|
|
certificate_authority:get_ca_cert_chain: rule:all_users
|
|
certificate_authority:get_projects: rule:service_admin
|
|
certificate_authority:add_to_project: rule:admin
|
|
certificate_authority:remove_from_project: rule:admin
|
|
certificate_authority:set_preferred: rule:admin
|
|
certificate_authority:set_global_preferred: rule:service_admin
|
|
secret_acls:put_patch: rule:secret_project_admin or rule:secret_project_creator
|
|
secret_acls:delete: rule:secret_project_admin or rule:secret_project_creator
|
|
secret_acls:get: rule:all_but_audit and rule:secret_project_match
|
|
container_acls:put_patch: rule:container_project_admin or rule:container_project_creator
|
|
container_acls:delete: rule:container_project_admin or rule:container_project_creator
|
|
container_acls:get: rule:all_but_audit and rule:container_project_match
|
|
quotas:get: rule:all_users
|
|
project_quotas:get: rule:service_admin
|
|
project_quotas:put: rule:service_admin
|
|
project_quotas:delete: rule:service_admin
|
|
secret_meta:get: rule:all_but_audit
|
|
secret_meta:post: rule:admin_or_creator
|
|
secret_meta:put: rule:admin_or_creator
|
|
secret_meta:delete: rule:admin_or_creator
|
|
secretstores:get: rule:admin
|
|
secretstores:get_global_default: rule:admin
|
|
secretstores:get_preferred: rule:admin
|
|
secretstore_preferred:post: rule:admin
|
|
secretstore_preferred:delete: rule:admin
|
|
secretstore:get: rule:admin
|
|
secret_project_match: project_id:%(target.secret.project_id)s
|
|
secret_creator_user: user_id:%(target.secret.creator_id)s
|
|
container_project_match: project_id:%(target.container.project_id)s
|
|
container_creator_user: user_id:%(target.container.creator_id)s
|
|
audit_map:
|
|
DEFAULT:
|
|
# default target endpoint type
|
|
# should match the endpoint type defined in service catalog
|
|
target_endpoint_type: key-manager
|
|
custom_actions:
|
|
# map urls ending with specific text to a unique action
|
|
# Don't need custom mapping for other resource operations
|
|
# Note: action should match action names defined in CADF taxonomy
|
|
acl/get: read
|
|
path_keywords:
|
|
# path of api requests for CADF target typeURI
|
|
# Just need to include top resource path to identify class of resources
|
|
secrets: null
|
|
containers: null
|
|
orders: null
|
|
cas: "None"
|
|
quotas: null
|
|
project-quotas: null
|
|
service_endpoints:
|
|
# map endpoint type defined in service catalog to CADF typeURI
|
|
key-manager: service/security/keymanager
|
|
barbican_api:
|
|
uwsgi:
|
|
socket: null
|
|
protocol: http
|
|
processes: 1
|
|
lazy: true
|
|
vacuum: true
|
|
no-default-app: true
|
|
memory-report: true
|
|
plugins: python
|
|
paste: "config:/etc/barbican/barbican-api-paste.ini"
|
|
add-header: "Connection: close"
|
|
barbican:
|
|
DEFAULT:
|
|
transport_url: null
|
|
log_config_append: /etc/barbican/logging.conf
|
|
keystone_authtoken:
|
|
auth_type: password
|
|
auth_version: v3
|
|
memcache_security_strategy: ENCRYPT
|
|
memcache_secret_key: null
|
|
database:
|
|
max_retries: -1
|
|
barbican_api:
|
|
#NOTE(portdirect): the bind port should not be defined, and is manipulated
|
|
# via the endpoints section.
|
|
bind_port: null
|
|
logging:
|
|
loggers:
|
|
keys:
|
|
- root
|
|
- barbican
|
|
handlers:
|
|
keys:
|
|
- stdout
|
|
- stderr
|
|
- "null"
|
|
formatters:
|
|
keys:
|
|
- context
|
|
- default
|
|
logger_root:
|
|
level: WARNING
|
|
handlers: stdout
|
|
logger_barbican:
|
|
level: INFO
|
|
handlers:
|
|
- stdout
|
|
qualname: barbican
|
|
logger_amqp:
|
|
level: WARNING
|
|
handlers: stderr
|
|
qualname: amqp
|
|
logger_amqplib:
|
|
level: WARNING
|
|
handlers: stderr
|
|
qualname: amqplib
|
|
logger_eventletwsgi:
|
|
level: WARNING
|
|
handlers: stderr
|
|
qualname: eventlet.wsgi.server
|
|
logger_sqlalchemy:
|
|
level: WARNING
|
|
handlers: stderr
|
|
qualname: sqlalchemy
|
|
logger_boto:
|
|
level: WARNING
|
|
handlers: stderr
|
|
qualname: boto
|
|
handler_null:
|
|
class: logging.NullHandler
|
|
formatter: default
|
|
args: ()
|
|
handler_stdout:
|
|
class: StreamHandler
|
|
args: (sys.stdout,)
|
|
formatter: context
|
|
handler_stderr:
|
|
class: StreamHandler
|
|
args: (sys.stderr,)
|
|
formatter: context
|
|
formatter_context:
|
|
class: oslo_log.formatters.ContextFormatter
|
|
datefmt: "%Y-%m-%d %H:%M:%S"
|
|
formatter_default:
|
|
format: "%(message)s"
|
|
datefmt: "%Y-%m-%d %H:%M:%S"
|
|
|
|
# Names of secrets used by bootstrap and environmental checks
|
|
secrets:
|
|
identity:
|
|
admin: barbican-keystone-admin
|
|
barbican: barbican-keystone-user
|
|
oslo_db:
|
|
admin: barbican-db-admin
|
|
barbican: barbican-db-user
|
|
oslo_messaging:
|
|
admin: barbican-rabbitmq-admin
|
|
barbican: barbican-rabbitmq-user
|
|
tls:
|
|
key_manager:
|
|
api:
|
|
public: barbican-tls-public
|
|
|
|
endpoints:
|
|
cluster_domain_suffix: cluster.local
|
|
local_image_registry:
|
|
name: docker-registry
|
|
namespace: docker-registry
|
|
hosts:
|
|
default: localhost
|
|
internal: docker-registry
|
|
node: localhost
|
|
host_fqdn_override:
|
|
default: null
|
|
port:
|
|
registry:
|
|
node: 5000
|
|
identity:
|
|
name: keystone
|
|
auth:
|
|
admin:
|
|
region_name: RegionOne
|
|
username: admin
|
|
password: password
|
|
project_name: admin
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
barbican:
|
|
role: admin
|
|
region_name: RegionOne
|
|
username: barbican
|
|
password: password
|
|
project_name: service
|
|
user_domain_name: service
|
|
project_domain_name: service
|
|
hosts:
|
|
default: keystone
|
|
internal: keystone-api
|
|
host_fqdn_override:
|
|
default: null
|
|
path:
|
|
default: /v3
|
|
scheme:
|
|
default: http
|
|
port:
|
|
api:
|
|
default: 80
|
|
internal: 5000
|
|
key_manager:
|
|
name: barbican
|
|
hosts:
|
|
default: barbican-api
|
|
public: barbican
|
|
host_fqdn_override:
|
|
default: null
|
|
path:
|
|
default: /
|
|
scheme:
|
|
default: http
|
|
port:
|
|
api:
|
|
default: 9311
|
|
public: 80
|
|
oslo_db:
|
|
auth:
|
|
admin:
|
|
username: root
|
|
password: password
|
|
barbican:
|
|
username: barbican
|
|
password: password
|
|
hosts:
|
|
default: mariadb
|
|
host_fqdn_override:
|
|
default: null
|
|
path: /barbican
|
|
scheme: mysql+pymysql
|
|
port:
|
|
mysql:
|
|
default: 3306
|
|
oslo_messaging:
|
|
auth:
|
|
admin:
|
|
username: rabbitmq
|
|
password: password
|
|
barbican:
|
|
username: barbican
|
|
password: password
|
|
statefulset:
|
|
replicas: 2
|
|
name: rabbitmq-rabbitmq
|
|
hosts:
|
|
default: rabbitmq
|
|
host_fqdn_override:
|
|
default: null
|
|
path: /barbican
|
|
scheme: rabbit
|
|
port:
|
|
amqp:
|
|
default: 5672
|
|
http:
|
|
default: 15672
|
|
oslo_cache:
|
|
auth:
|
|
# NOTE(portdirect): this is used to define the value for keystone
|
|
# authtoken cache encryption key, if not set it will be populated
|
|
# automatically with a random value, but to take advantage of
|
|
# this feature all services should be set to use the same key,
|
|
# and memcache service.
|
|
memcache_secret_key: null
|
|
hosts:
|
|
default: memcached
|
|
host_fqdn_override:
|
|
default: null
|
|
port:
|
|
memcache:
|
|
default: 11211
|
|
fluentd:
|
|
namespace: null
|
|
name: fluentd
|
|
hosts:
|
|
default: fluentd-logging
|
|
host_fqdn_override:
|
|
default: null
|
|
path:
|
|
default: null
|
|
scheme: 'http'
|
|
port:
|
|
service:
|
|
default: 24224
|
|
metrics:
|
|
default: 24220
|
|
# NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
|
|
# They are using to enable the Egress K8s network policy.
|
|
kube_dns:
|
|
namespace: kube-system
|
|
name: kubernetes-dns
|
|
hosts:
|
|
default: kube-dns
|
|
host_fqdn_override:
|
|
default: null
|
|
path:
|
|
default: null
|
|
scheme: http
|
|
port:
|
|
dns:
|
|
default: 53
|
|
protocol: UDP
|
|
ingress:
|
|
namespace: null
|
|
name: ingress
|
|
hosts:
|
|
default: ingress
|
|
port:
|
|
ingress:
|
|
default: 80
|
|
|
|
manifests:
|
|
configmap_bin: true
|
|
configmap_etc: true
|
|
deployment_api: true
|
|
ingress_api: true
|
|
job_bootstrap: true
|
|
job_db_init: true
|
|
job_db_sync: true
|
|
job_db_drop: false
|
|
job_image_repo_sync: true
|
|
job_rabbit_init: true
|
|
job_ks_endpoints: true
|
|
job_ks_service: true
|
|
job_ks_user: true
|
|
pdb_api: true
|
|
pod_test: true
|
|
secret_db: true
|
|
network_policy: false
|
|
secret_ingress_tls: true
|
|
secret_keystone: true
|
|
secret_rabbitmq: true
|
|
service_ingress_api: true
|
|
service_api: true
|