promenade/charts/etcd/values.yaml

# Copyright 2017 AT&T Intellectual Property.  All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

images:
  tags:
    etcd: quay.io/coreos/etcd:v3.5.12
    etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
    etcdctl_backup: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
    dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
    ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
  pull_policy: "IfNotPresent"
  local_registry:
    active: false
    exclude:
      - dep_check
      - image_repo_sync

labels:
  anchor:
    node_selector_key: etcd-example
    node_selector_value: enabled
  job:
    node_selector_key: example-etcd
    node_selector_value: enabled

anchor:
  dns_policy: ClusterFirstWithHostNet
  enable_cleanup: true
  etcdctl_endpoint: example-etcd
  host_data_path: /var/lib/etcd/example
  # How many monitoring loops the anchor goes through with an unhealthy member
  # before removing the member from the cluster and recreating
  saddness_threshold: 3
  kubelet:
    manifest_path: /etc/kubernetes/manifests

  period: 15
  health_wait_period: 60

etcd:
  host_etc_path: /etc/etcd-example
  host_data_path: /var/lib/etcd/example
  cleanup_data: true
  etcdctl_api: "3"
  logging:
    log_level: debug
backup:
  enabled: true
  host_backup_path: /var/backups
  backup_log_file: /var/log/etcd-backup.log
  no_backup_keep: 10
  etcdctl_dial_timeout: 15s
  remote_backup:
    enabled: false
    container_name: etcd
    days_to_keep: 14
    storage_policy: default-placement
    number_of_retries: 5
    delay_range:
      min: 30
      max: 60
    throttle_backups:
      enabled: false
      sessions_limit: 480
      lock_expire_after: 7200
      retry_after: 3600
      container_name: throttle-backups-manager

endpoints:
  identity:
    name: backup-storage-auth
    namespace: null
    auth:
      example-admin:
        # Auth URL of null indicates local authentication
        # HTK will form the URL unless specified here
        auth_url: null
        region_name: RegionOne
        username: example-admin
        password: password
        project_name: admin
        user_domain_name: default
        project_domain_name: default
      example-etcd:
        # Auth URL of null indicates local authentication
        # HTK will form the URL unless specified here
        auth_url: null
        role: admin
        region_name: RegionOne
        username: example-etcd-backup-user
        password: password
        project_name: service
        user_domain_name: service
        project_domain_name: service
    hosts:
      default: keystone
      internal: keystone-api
    host_fqdn_override:
      default: null
    path:
      default: /v3
    scheme:
      default: 'http'
    port:
      api:
        default: 80
        internal: 5000
network:
  service_client:
    name: service_client
    port: 2379
    target_port: 2379
    enable_node_port: false
  service_peer:
    name: service_peer
    port: 2380
    target_port: 2380
    enable_node_port: false

service:
  # requires override for a specific use case e.g. calico-etcd or kubernetes-etcd
  name: example-etcd
  ip: null

bootstrapping:
  enabled: false
  host_directory: /var/lib/anchor/etcd-example
  filename: bootstrap
  # XXX Can I just generalize to an anchor timeout?
  timeout: 300

secrets:
  tls:
    client:
      ca: placeholder
    peer:
      ca: placeholder
  anchor:
    tls:
      cert: placeholder
      key: placeholder
  etcd:
    backup_restore: etcd-backup-restore
  identity:
    example-admin: example-admin-user
    example-etcd: example-backup-user

nodes:
  - name: example-0
    tls:
      client:
        cert: placeholder
        key: placeholder
      peer:
        cert: placeholder
        key: placeholder

dependencies:
   static:
     backup_etcd:
       jobs:
         - etcd-ks-user
pod:
  security_context:
    anchor:
      pod:
        runAsUser: 65534
      container:
        etcdctl:
          runAsUser: 0
          readOnlyRootFilesystem: false
    etcd_backup:
      pod:
        runAsUser: 65534
      container:
        etcd_backup:
          runAsUser: 0
          readOnlyRootFilesystem: false
    etcd:
      pod:
        runAsUser: 65534
      container:
        etcd:
          runAsUser: 0
          readOnlyRootFilesystem: false
    etcd_test:
      pod:
        runAsUser: 65534
      container:
        etcd_test:
          runAsUser: 0
          readOnlyRootFilesystem: false
  probes:
    etcd:
      etcd:
        liveness:
          enabled: true
          params:
            failureThreshold: 10
            initialDelaySeconds: 15
            periodSeconds: 30
            timeoutSeconds: 3
        readiness:
          enabled: true
          params:
            failureThreshold: 10
            initialDelaySeconds: 5
            periodSeconds: 30
    etcd-anchor:
      etcdctl:
        readiness:
          enabled: true
          params:
            failureThreshold: 10
            initialDelaySeconds: 5
            periodSeconds: 30
  mounts:
    daemonset_anchor:
      daemonset_anchor:
  replicas:
    apiserver: 3
  lifecycle:
    upgrades:
      daemonsets:
        pod_replacement_strategy: RollingUpdate
        anchor:
          enabled: false
          min_ready_seconds: 0
          max_unavailable: 1
    termination_grace_period:
      daemonset_anchor:
        timeout: 3600
  resources:
    enabled: false
    daemonset_anchor:
      requests:
        memory: "128Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    etcd_pod:
      requests:
        memory: "128Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    test:
      limits:
        memory: "128Mi"
        cpu: "100m"
      requests:
        memory: "128Mi"
        cpu: "100m"
    jobs:
      etcdbackup:
        limits:
          memory: "128Mi"
          cpu: "100m"
        requests:
          memory: "128Mi"
          cpu: "100m"
      ks_user:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
  mandatory_access_control:
    type: apparmor
    # requires override for a specific use case e.g. calico-etcd or kubernetes-etcd
    etcd:
      etcd: runtime/default
    etcd-anchor:
      etcdctl: runtime/default
    etcd-test:
      etcd-test: runtime/default
    etcd-backup:
      etcd-backup: runtime/default
  env:
    etcd:
      # can be used for tuning, e.g. https://etcd.io/docs/v3.4.0/tuning/
      # or other flags, e.g. https://etcd.io/docs/v3.4.0/op-guide/configuration/
      # ETCD_HEARTBEAT_INTERVAL: 100
      # ETCD_ELECTION_TIMEOUT: 1000
      # ETCD_SNAPSHOT_COUNT: 10000

jobs:
  etcd_backup:
    cron: "0 */12 * * *"
    history:
      success: 3
      failed: 1

manifests:
  configmap_bin: true
  configmap_certs: true
  configmap_etc: true
  daemonset_anchor: true
  secret: true
  secret_backup_restore: false
  service: true
  test_etcd_health: true
  cron_etcd_backup: true
  job_ks_user: false