# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for etcdctl-utility.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# name: value
release_group: null
images:
pull_policy: IfNotPresent
tags:
etcdctl_utility: 'quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_jammy'
image_repo_sync: docker.io/docker:18.09.02
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
utility:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
pod:
security_context:
etcd:
pod:
runAsUser: 65534
container:
etcdctl_utility:
allowPrivilegeEscalation: true
readOnlyRootFilesystem: false
etcd_ondemand:
pod:
runAsUser: 0
container:
etcd_ondemand:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
mounts:
etcd:
container:
etcdctl_utility:
volumes:
- name: runasuser-home
emptyDir: {}
volumeMounts:
- name: runasuser-home
mountPath: /nonexistent
etcd_ondemand:
container:
etcd_ondemand:
volumes:
- name: runasuser-home
emptyDir: {}
volumeMounts:
- name: runasuser-home
mountPath: /root
mandatory_access_control:
type: apparmor
etcdctl-utility:
etcdctl-utility: runtime/default
etcd-ondemand:
etcd-ondemand: runtime/default
dns_policy: "ClusterFirstWithHostNet"
replicas:
utility: 1
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
resources:
enabled: false
utility:
requests:
memory: "128Mi"
cpu: "250m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
bootstrap:
limits:
memory: "1024Mi"
cpu: "2000m"
requests:
memory: "128Mi"
cpu: "500m"
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
etcd_ondemand:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
test:
etcdctl:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
conf:
backup:
host_backup_path: /var/backups
etcd_backup_restore:
enabled_namespaces: ""
secrets:
kube_system:
rgw_secret: kubernetes-etcd-backup-user
conf_secret: etcd-backup-restore
etcdctlfilter:
Filters:
# etcdctl-rootwrap command filters for etcdctl utility container
# This file should be owned by (and only-writeable by) the root user
dbutils: CommandFilter, dbutils, nobody
etcdctl: CommandFilter, etcdctl, root
kubectl: CommandFilter, kubectl, root
etcd_ondemand:
ondemapd_pod_sleep_time: 3600
etcdctlrootwrapconf:
DEFAULT:
# Configuration for etcdctl-rootwrap
# This file should be owned by (and only-writeable by) the root user
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path: /etc/etcdctl-utility/rootwrap.d
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin
# Enable logging to syslog
# Default value is False
use_syslog: True
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, local0, local1...
# Default value is 'syslog'
syslog_log_facility: syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level: INFO
etcd:
endpoints: kubernetes-etcd.kube-system.svc.cluster.local
etcdctl_api: "3"
utility:
# Set to true for development sites,
# Set to false otherwise
always_log_user: true
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- etcdctl-utility-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
etcdctl_utility:
services:
- endpoint: internal
service: kubernetes-etcd
bootstrap:
enabled: true
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
etcd:
auth:
client:
tls:
crt: null
ca: null
key: null
path:
crt: /etc/kubernetes/apiserver/pki/etcd-client.pem
ca: /etc/kubernetes/apiserver/pki/etcd-client-ca.pem
key: /etc/kubernetes/apiserver/pki/etcd-client-key.pem
scheme:
default: https
path:
default: ' ' # space required to provide a truly empty path
hosts:
default: 10.96.0.2
host_fqdn_override:
default: null
service:
name: null
port:
client:
default: 2379
peer:
default: 2380
monitoring:
prometheus:
enabled: true
manifests:
configmap_bin: true
configmap_etc_client: true
configmap_etc_sudoers: true
deployment_etcdctl_utility: true
job_image_repo_sync: false
secret_certificates: false