openstack/openstack-helm
Code Issues Proposed changes
56d4657561
openstack-helm/glance/values.yaml
Hyunsun Moon 0808cf5198 Add option to set external policy to local for openstack services 
External traffic policy "local" would be preffered when openstack
service is accessed from external via node port. This option has an
effect only when service node port is enabled.

Change-Id: Ic68cfc59dc39dc842d4790deffa70efe433dd7a6
2017-11-02 15:07:21 +09:00

656 lines
17 KiB
YAML
Raw Blame History

# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for glance.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
# radosgw, rbd, swift or pvc
storage: radosgw
labels:
node_selector_key: openstack-control-plane
node_selector_value: enabled
release_group: null
images:
tags:
test: docker.io/kolla/ubuntu-source-rally:4.0.0
storage_init: quay.io/attcomdev/ceph-daemon:tag-build-master-jewel-ubuntu-16.04
db_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
db_sync: docker.io/kolla/ubuntu-source-glance-api:3.0.3
db_drop: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
api: docker.io/kolla/ubuntu-source-glance-api:3.0.3
registry: docker.io/kolla/ubuntu-source-glance-registry:3.0.3
# Bootstrap image requires curl
bootstrap: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
pull_policy: "IfNotPresent"
bootstrap:
enabled: true
images:
cirros:
id: null
name: "Cirros 0.3.5 64-bit"
source_url: "http://download.cirros-cloud.net/0.3.5/"
image_file: "cirros-0.3.5-x86_64-disk.img"
min_disk: 1
image_type: qcow2
container_format: bare
private: true
properties:
hypervisor_type: "qemu"
os_distro: "cirros"
conf:
rally_tests:
run_tempest: false
tests:
GlanceImages.create_and_delete_image:
- args:
container_format: bare
disk_format: qcow2
image_location: http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
GlanceImages.create_and_list_image:
- args:
container_format: bare
disk_format: qcow2
image_location: http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
ceph:
monitors: []
admin_keyring: null
override:
append:
ceph_client:
override:
append:
paste:
pipeline:glance-api:
pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
pipeline:glance-api-caching:
pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp
pipeline:glance-api-cachemanagement:
pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
pipeline:glance-api-keystone:
pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context rootapp
pipeline:glance-api-keystone+caching:
pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache rootapp
pipeline:glance-api-keystone+cachemanagement:
pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache cachemanage rootapp
pipeline:glance-api-trusted-auth:
pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp
pipeline:glance-api-trusted-auth+cachemanagement:
pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp
composite:rootapp:
paste.composite_factory: glance.api:root_app_factory
/: apiversions
/v1: apiv1app
/v2: apiv2app
app:apiversions:
paste.app_factory: glance.api.versions:create_resource
app:apiv1app:
paste.app_factory: glance.api.v1.router:API.factory
app:apiv2app:
paste.app_factory: glance.api.v2.router:API.factory
filter:healthcheck:
paste.filter_factory: oslo_middleware:Healthcheck.factory
backends: disable_by_file
disable_by_file_path: /etc/glance/healthcheck_disable
filter:versionnegotiation:
paste.filter_factory: glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
filter:cache:
paste.filter_factory: glance.api.middleware.cache:CacheFilter.factory
filter:cachemanage:
paste.filter_factory: glance.api.middleware.cache_manage:CacheManageFilter.factory
filter:context:
paste.filter_factory: glance.api.middleware.context:ContextMiddleware.factory
filter:unauthenticated-context:
paste.filter_factory: glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
filter:authtoken:
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
delay_auth_decision: true
filter:gzip:
paste.filter_factory: glance.api.middleware.gzip:GzipMiddleware.factory
filter:osprofiler:
paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
hmac_keys: SECRET_KEY #DEPRECATED
enabled: yes #DEPRECATED
filter:cors:
paste.filter_factory: oslo_middleware.cors:filter_factory
oslo_config_project: glance
oslo_config_program: glance-api
filter:http_proxy_to_wsgi:
paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
policy:
context_is_admin: role:admin
default: role:admin
add_image: ''
delete_image: ''
get_image: ''
get_images: ''
modify_image: ''
publicize_image: role:admin
copy_from: ''
download_image: ''
upload_image: ''
delete_image_location: ''
get_image_location: ''
set_image_location: ''
add_member: ''
delete_member: ''
get_member: ''
get_members: ''
modify_member: ''
manage_image_cache: role:admin
get_task: role:admin
get_tasks: role:admin
add_task: role:admin
modify_task: role:admin
deactivate: ''
reactivate: ''
get_metadef_namespace: ''
get_metadef_namespaces: ''
modify_metadef_namespace: ''
add_metadef_namespace: ''
get_metadef_object: ''
get_metadef_objects: ''
modify_metadef_object: ''
add_metadef_object: ''
list_metadef_resource_types: ''
get_metadef_resource_type: ''
add_metadef_resource_type_association: ''
get_metadef_property: ''
get_metadef_properties: ''
modify_metadef_property: ''
add_metadef_property: ''
get_metadef_tag: ''
get_metadef_tags: ''
modify_metadef_tag: ''
add_metadef_tag: ''
add_metadef_tags: ''
glance:
DEFAULT:
bind_port: 9292
keystone_authtoken:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
glance_store:
rbd_store_chunk_size: 8
rbd_store_pool: images
rbd_store_user: images
rbd_store_ceph_conf: /etc/ceph/ceph.conf
filesystem_store_datadir: /var/lib/glance/images
default_swift_reference: ref1
swift_store_container: glance
swift_store_create_container_on_put: true
swift_store_config_file: /etc/glance/swift-store.conf
paste_deploy:
flavor: keystone
database:
max_retries: -1
oslo_messaging_notifications:
driver: messagingv2
paste_registry:
pipeline:glance-registry:
pipeline: healthcheck osprofiler unauthenticated-context registryapp
pipeline:glance-registry-keystone:
pipeline: healthcheck osprofiler authtoken context registryapp
pipeline:glance-registry-trusted-auth:
pipeline: healthcheck osprofiler context registryapp
app:registryapp:
paste.app_factory: glance.registry.api:API.factory
filter:healthcheck:
paste.filter_factory: oslo_middleware:Healthcheck.factory
backends: disable_by_file
disable_by_file_path: /etc/glance/healthcheck_disable
filter:context:
paste.filter_factory: glance.api.middleware.context:ContextMiddleware.factory
filter:unauthenticated-context:
paste.filter_factory: glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
filter:authtoken:
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
filter:osprofiler:
paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
hmac_keys: SECRET_KEY #DEPRECATED
enabled: yes #DEPRECATED
glance_registry:
DEFAULT:
bind_port: 9191
keystone_authtoken:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
paste_deploy:
flavor: keystone
database:
max_retries: -1
oslo_messaging_notifications:
driver: messagingv2
swift_store:
override:
append:
network:
api:
ingress:
public: true
proxy_body_size: 1024M
external_policy_local: false
node_port:
enabled: false
port: 30092
registry:
ingress:
public: true
external_policy_local: false
node_port:
enabled: false
port: 30091
volume:
class_name: general
size: 2Gi
dependencies:
storage_init:
services:
db_init:
services:
- service: oslo_db
endpoint: internal
db_sync:
jobs:
- glance-db-init
services:
- service: oslo_db
endpoint: internal
db_drop:
services:
- service: oslo_db
endpoint: internal
bootstrap:
jobs:
- glance-storage-init
- glance-db-sync
- glance-ks-user
- glance-ks-endpoints
services:
- service: identity
endpoint: internal
- service: image
endpoint: internal
ks_user:
services:
- service: identity
endpoint: internal
ks_service:
services:
- service: identity
endpoint: internal
ks_endpoints:
jobs:
- glance-ks-service
services:
- service: identity
endpoint: internal
api:
jobs:
- glance-storage-init
- glance-db-sync
- glance-ks-user
- glance-ks-endpoints
services:
- service: oslo_db
endpoint: internal
- service: identity
endpoint: internal
registry:
jobs:
- glance-storage-init
- glance-db-sync
- glance-ks-user
- glance-ks-endpoints
services:
- service: oslo_db
endpoint: internal
- service: identity
endpoint: internal
- service: image
endpoint: internal
tests:
services:
- service: oslo_db
endpoint: internal
- service: identity
endpoint: internal
- service: image
endpoint: internal
# Names of secrets used by bootstrap and environmental checks
secrets:
identity:
admin: glance-keystone-admin
user: glance-keystone-user
oslo_db:
admin: glance-db-admin
user: glance-db-user
rbd: images-rbd-keyring
# typically overriden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
cluster_domain_suffix: cluster.local
identity:
name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
user:
role: admin
region_name: RegionOne
username: glance
password: password
project_name: service
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
admin:
default: 35357
api:
default: 80
image:
name: glance
hosts:
default: glance-api
public: glance
host_fqdn_override:
default: null
path:
default: null
scheme:
default: http
port:
api:
default: 9292
public: 80
image_registry:
name: glance-registry
hosts:
default: glance-registry
public: glance-reg
host_fqdn_override:
default: null
path:
default: null
scheme:
default: 'http'
port:
api:
default: 9191
public: 80
oslo_db:
auth:
admin:
username: root
password: password
user:
username: glance
password: password
hosts:
default: mariadb
host_fqdn_override:
default: null
path: /glance
scheme: mysql+pymysql
port:
mysql:
default: 3306
oslo_cache:
hosts:
default: memcached
host_fqdn_override:
default: null
port:
memcache:
default: 11211
oslo_messaging:
auth:
admin:
username: admin
password: password
user:
username: rabbitmq
password: password
hosts:
default: rabbitmq
host_fqdn_override:
default: null
path: /
scheme: rabbit
port:
amqp:
default: 5672
ceph_object_store:
name: radosgw
namespace: ceph
auth:
user:
username: glance
password: password
tmpurlkey: supersecret
hosts:
default: ceph-rgw
host_fqdn_override:
default: null
path:
default: /auth/v1.0
scheme:
default: http
port:
api:
default: 8088
pod:
user:
glance:
uid: 1000
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
mounts:
glance_api:
init_container: null
glance_api:
glance_registry:
init_container: null
glance_registry:
glance_tests:
init_container: null
glance_tests:
replicas:
api: 1
registry: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
disruption_budget:
api:
min_available: 0
registry:
min_available: 0
termination_grace_period:
api:
timeout: 600
registry:
timeout: 600
resources:
enabled: false
api:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
registry:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
storage_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_drop:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_user:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_service:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_endpoints:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
bootstrap:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
manifests:
configmap_bin: true
configmap_etc: true
deployment_api: true
deployment_registry: true
ingress_api: true
ingress_registry: true
job_bootstrap: true
job_clean: true
job_db_init: true
job_db_sync: true
job_db_drop: false
job_ks_endpoints: true
job_ks_service: true
job_ks_user: true
job_storage_init: true
pdb_api: true
pdb_registry: true
pod_rally_test: true
pvc_images: true
secret_db: true
secret_keystone: true
service_ingress_api: true
service_ingress_registry: true
service_api: true
service_registry: true
View Git Blame Copy Permalink