porthole/charts/etcdctl-utility/values.yaml

# Copyright 2019 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Default values for etcdctl-utility.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# name: value


deployment:
  etcdctl: true

release_group: null

images:
  pull_policy: IfNotPresent
  tags:
    etcdctl_utility: 'quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_bionic'
    image_repo_sync: docker.io/docker:18.09.02
  pull_policy: "IfNotPresent"
  local_registry:
    active: false
    exclude:
      - dep_check
      - image_repo_sync

labels:
  utility:
    node_selector_key: openstack-helm-node-class
    node_selector_value: primary
  job:
    node_selector_key: openstack-helm-node-class
    node_selector_value: primary

pod:
  security_context:
    etcdctl_util:
      pod:
        runAsUser: 65534
      container:
        etcdctl_utility:
          allowPrivilegeEscalation: true
          readOnlyRootFilesystem: false
  mandatory_access_control:
    type: apparmor
    etcdctl-utility:
      etcdctl-utility: runtime/default
  dns_policy: "ClusterFirstWithHostNet"
  replicas:
    utility: 1
  affinity:
    anti:
      type:
        default: preferredDuringSchedulingIgnoredDuringExecution
      topologyKey:
        default: kubernetes.io/hostname
  resources:
    enabled: false
    utility:
      requests:
        memory: "128Mi"
        cpu: "250m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    jobs:
      bootstrap:
        limits:
          memory: "1024Mi"
          cpu: "2000m"
        requests:
          memory: "128Mi"
          cpu: "500m"
      image_repo_sync:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
    test:
      etcdctl:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
conf:
  etcdctlfilter:
    Filters:
      # etcdctl-rootwrap command filters for etcdctl utility container
      # This file should be owned by (and only-writeable by) the root user
      etcdctl: CommandFilter, etcdctl, root
  etcdctlrootwrapconf:
    DEFAULT:
      # Configuration for etcdctl-rootwrap
      # This file should be owned by (and only-writeable by) the root user
      # List of directories to load filter definitions from (separated by ',').
      # These directories MUST all be only writeable by root !
      filters_path: /etc/etcdctl-utility/rootwrap.d
      # List of directories to search executables in, in case filters do not
      # explicitely specify a full path (separated by ',')
      # If not specified, defaults to system PATH environment variable.
      # These directories MUST all be only writeable by root !
      exec_dirs: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin
      # Enable logging to syslog
      # Default value is False
      use_syslog: True
      # Which syslog facility to use.
      # Valid values include auth, authpriv, syslog, local0, local1...
      # Default value is 'syslog'
      syslog_log_facility: syslog
      # Which messages to log.
      # INFO means log all usage
      # ERROR means only log unsuccessful attempts
      syslog_log_level: INFO
  etcd:
    endpoints: kubernetes-etcd.kube-system.svc.cluster.local
    etcdctl_api: "3"
  utility:
    location_corridor: c1
    # Set to true for development sites,
    # Set to false otherwise
    always_log_user: true

dependencies:
  dynamic:
    common:
      local_image_registry:
        jobs:
          - etcdctl-utility-image-repo-sync
        services:
          - endpoint: node
            service: local_image_registry
  static:
    image_repo_sync:
      services:
        - endpoint: internal
          service: local_image_registry
    etcdctl_utility:
      services:
        - endpoint: internal
          service: kubernetes-etcd

bootstrap:
  enabled: true

endpoints:
  cluster_domain_suffix: cluster.local
  local_image_registry:
    name: docker-registry
    namespace: docker-registry
    hosts:
      default: localhost
      internal: docker-registry
      node: localhost
    host_fqdn_override:
      default: null
    port:
      registry:
        node: 5000
  etcd:
    auth:
      client:
        tls:
          crt: null
          ca: null
          key: null
        path:
          crt: /etc/kubernetes/apiserver/pki/etcd-client.pem
          ca: /etc/kubernetes/apiserver/pki/etcd-client-ca.pem
          key: /etc/kubernetes/apiserver/pki/etcd-client-key.pem
    scheme:
      default: https
    path:
      default: ' '  # space required to provide a truly empty path
    hosts:
      default: 10.96.0.2
    host_fqdn_override:
      default: null
    service:
      name: null
    port:
      client:
        default: 2379
      peer:
        default: 2380

monitoring:
  prometheus:
    enabled: true

manifests:
  configmap_bin: true
  configmap_etc_client: true
  configmap_etc_sudoers: true
  deployment_etcdctl_utility: true
  job_image_repo_sync: false
  secret_certificates: true