openstack-helm/panko/values.yaml
Gage Hugo 44882d60e2 Update xrally version to 2.0.0
This change updates the xrally image from 1.3.0 to 2.0.0
in order to better match the current versions of openstack
we are running in the gate.

Change-Id: I3f417a20e0f6d34b9e7ed569207a3df90c6ddfd2
2020-07-31 20:00:24 +00:00

627 lines
15 KiB
YAML

# Copyright 2019 Wind River Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for panko.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
---
release_group: null
labels:
api:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
images:
tags:
test: docker.io/xrally/xrally-openstack:2.0.0
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
db_init: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
db_drop: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
bootstrap: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
panko_db_sync: docker.io/kolla/ubuntu-source-panko-api:ocata
ks_user: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
ks_service: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
ks_endpoints: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
panko_api: docker.io/kolla/ubuntu-source-panko-api:ocata
panko_events_cleaner: docker.io/kolla/ubuntu-source-panko-base:ocata
image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
jobs:
events_cleaner:
# hourly
cron: "0 * * * *"
history:
success: 3
failed: 1
network:
api:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 8977
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- panko-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
api:
jobs:
- panko-db-sync
- panko-ks-user
- panko-ks-endpoints
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: identity
events_cleaner:
jobs:
- panko-db-sync
- panko-ks-user
- panko-ks-endpoints
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: identity
bootstrap:
services:
- endpoint: internal
service: identity
db_init:
services:
- endpoint: internal
service: oslo_db
db_sync:
jobs:
- panko-db-init
services:
- endpoint: internal
service: oslo_db
db_drop:
services:
- endpoint: internal
service: oslo_db
ks_endpoints:
jobs:
- panko-ks-service
services:
- endpoint: internal
service: identity
ks_service:
services:
- endpoint: internal
service: identity
ks_user:
services:
- endpoint: internal
service: identity
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
tests:
jobs:
- panko-db-sync
services:
- endpoint: internal
service: identity
- endpoint: internal
service: oslo_db
- endpoint: internal
service: event
# Names of secrets used by bootstrap and environmental checks
secrets:
identity:
admin: panko-keystone-admin
panko: panko-keystone-user
test: panko-keystone-test
oslo_db:
admin: panko-db-admin
panko: panko-db-user
tls:
event:
api:
public: panko-tls-public
bootstrap:
enabled: false
ks_user: panko
script: |
openstack token issue
conf:
rally_tests:
run_tempest: false
tests:
CeilometerEvents.create_user_and_get_event:
- runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
CeilometerEvents.create_user_and_list_event_types:
- runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
CeilometerEvents.create_user_and_list_events:
- runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
wsgi_panko: |
Listen 0.0.0.0:{{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
<VirtualHost *:{{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
WSGIDaemonProcess panko processes=2 threads=1 user=panko group=panko display-name=%{GROUP}
WSGIProcessGroup panko
WSGIScriptAlias / /var/www/cgi-bin/panko/panko-api
WSGIApplicationGroup %{GLOBAL}
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /dev/stdout
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
</VirtualHost>
paste:
pipeline:main:
pipeline: cors http_proxy_to_wsgi request_id authtoken audit api-server
app:api-server:
paste.app_factory: panko.api.app:app_factory
filter:authtoken:
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
oslo_config_project: panko
filter:request_id:
paste.filter_factory: oslo_middleware:RequestId.factory
filter:cors:
paste.filter_factory: oslo_middleware.cors:filter_factory
oslo_config_project: panko
filter:http_proxy_to_wsgi:
paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
oslo_config_project: panko
filter:audit:
paste.filter_factory: keystonemiddleware.audit:filter_factory
audit_map_file: /etc/panko/api_audit_map.conf
policy:
context_is_admin: role:admin
segregation: rule:context_is_admin
telemetry:events:index: ''
telemetry:events:show: ''
panko:
DEFAULT:
debug: false
log_config_append: /etc/panko/logging.conf
oslo_middleware:
enable_proxy_headers_parsing: true
database:
event_time_to_live: 86400
max_retries: -1
keystone_authtoken:
auth_version: v3
auth_type: password
memcache_security_strategy: ENCRYPT
logging:
loggers:
keys:
- root
- panko
handlers:
keys:
- stdout
- stderr
- "null"
formatters:
keys:
- context
- default
logger_root:
level: WARNING
handlers: 'null'
logger_panko:
level: INFO
handlers:
- stdout
qualname: panko
logger_amqp:
level: WARNING
handlers: stderr
qualname: amqp
logger_amqplib:
level: WARNING
handlers: stderr
qualname: amqplib
logger_eventletwsgi:
level: WARNING
handlers: stderr
qualname: eventlet.wsgi.server
logger_sqlalchemy:
level: WARNING
handlers: stderr
qualname: sqlalchemy
logger_boto:
level: WARNING
handlers: stderr
qualname: boto
handler_null:
class: logging.NullHandler
formatter: default
args: ()
handler_stdout:
class: StreamHandler
args: (sys.stdout,)
formatter: context
handler_stderr:
class: StreamHandler
args: (sys.stderr,)
formatter: context
formatter_context:
class: oslo_log.formatters.ContextFormatter
formatter_default:
format: "%(message)s"
api_audit_map:
DEFAULT:
target_endpoint_type: event
path_keywords:
events: message_id
capabilities: None
event_types: event_type
traits: event_type
service_endpoints:
event: service/event
# typically overriden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
identity:
name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
panko:
role: admin
region_name: RegionOne
username: panko
password: password
project_name: service
user_domain_name: service
project_domain_name: service
test:
role: admin
region_name: RegionOne
username: test
password: password
project_name: test
user_domain_name: service
project_domain_name: service
hosts:
default: keystone
internal: keystone-api
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: 'http'
port:
api:
default: 80
internal: 5000
event:
name: panko
hosts:
default: panko-api
public: panko
host_fqdn_override:
default: null
# NOTE: this chart supports TLS for fqdn over-ridden public
# endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
path:
default: null
scheme:
default: 'http'
port:
api:
default: 8977
public: 80
oslo_db:
auth:
admin:
username: root
password: password
panko:
username: panko
password: password
hosts:
default: mariadb
host_fqdn_override:
default: null
path: /panko
scheme: mysql+pymysql
port:
mysql:
default: 3306
oslo_cache:
auth:
# NOTE: this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts:
default: memcached
host_fqdn_override:
default: null
port:
memcache:
default: 11211
fluentd:
namespace: null
name: fluentd
hosts:
default: fluentd-logging
host_fqdn_override:
default: null
path:
default: null
scheme: 'http'
port:
service:
default: 24224
metrics:
default: 24220
network_policy:
panko:
ingress:
- {}
egress:
- {}
pod:
security_context:
panko:
pod:
runAsUser: 42438
container:
panko_api:
runAsUser: 0
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
weight:
default: 10
mounts:
panko_api:
init_container: null
panko_api:
volumeMounts:
volumes:
panko_events_cleaner:
init_container: null
panko_events_cleaner:
volumeMounts:
volumes:
panko_bootstrap:
init_container: null
panko_bootstrap:
volumeMounts:
volumes:
panko_tests:
init_container: null
panko_tests:
volumeMounts:
volumes:
panko_db_sync:
panko_db_sync:
volumeMounts:
volumes:
replicas:
api: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
disruption_budget:
api:
min_available: 0
termination_grace_period:
api:
timeout: 600
resources:
enabled: false
api:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
bootstrap:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_user:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_service:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_endpoints:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
events_cleaner:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_drop:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
manifests:
configmap_bin: true
configmap_etc: true
cron_job_events_cleaner: true
deployment_api: true
ingress_api: true
job_bootstrap: true
job_db_drop: false
job_db_init: true
job_image_repo_sync: true
job_db_sync: true
job_ks_endpoints: true
job_ks_service: true
job_ks_user: true
network_policy: false
pdb_api: true
pod_rally_test: true
secret_db: true
secret_keystone: true
secret_ingress_tls: true
service_api: true
service_ingress_api: true
...