Merge "Update Shipyard Helm Chart"
This commit is contained in:
commit
c6b3657bd5
|
@ -14,15 +14,12 @@
|
|||
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{ include "shipyard.conf.shipyard_values_skeleton" .Values.conf.shipyard | trunc 0 }}
|
||||
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token.auth_uri -}}
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token "auth_uri" | quote | trunc 0 -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.auth_uri -}}
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.shipyard.keystone_authtoken "auth_uri" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
# FIXME fix for broken keystonemiddleware oslo config gen in newton - will remove in future
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.auth_url -}}
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "auth_url" | quote | trunc 0 -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.auth_url -}}
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.shipyard.keystone_authtoken "auth_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
# Add endpoint URI lookup for Airflow Web Server
|
||||
|
@ -41,31 +38,31 @@
|
|||
{{- end -}}
|
||||
|
||||
# Add endpoint URI lookup for memcached servers Connection
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.memcached_servers -}}
|
||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.shipyard.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $userIdentity := .Values.endpoints.identity.auth.user -}}
|
||||
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.project_name -}}
|
||||
{{- set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "project_name" $userIdentity.project_name | quote | trunc 0 -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.shipyard.keystone_authtoken "project_name" $userIdentity.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.project_domain_name -}}
|
||||
{{- set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "project_domain_name" $userIdentity.project_domain_name | quote | trunc 0 -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.shipyard.keystone_authtoken "project_domain_name" $userIdentity.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.user_domain_name -}}
|
||||
{{- set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "user_domain_name" $userIdentity.user_domain_name | quote | trunc 0 -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.shipyard.keystone_authtoken "user_domain_name" $userIdentity.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.username -}}
|
||||
{{- set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "username" $userIdentity.username | quote | trunc 0 -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.shipyard.keystone_authtoken "username" $userIdentity.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.password -}}
|
||||
{{- set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "password" $userIdentity.password | quote | trunc 0 -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.shipyard.keystone_authtoken "password" $userIdentity.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
# Set a random string as secret key.
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token.memcache_secret_key -}}
|
||||
{{- randAlphaNum 64 | set .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token "memcache_secret_key" | quote | trunc 0 -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.memcache_secret_key -}}
|
||||
{{- randAlphaNum 64 | set .Values.conf.shipyard.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -80,26 +77,12 @@ data:
|
|||
{{- if .Values.conf.shipyard.prefix -}}
|
||||
{{ .Values.conf.shipyard.prefix | indent 4 }}
|
||||
{{- end }}
|
||||
{{ tuple "etc/_shipyard.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.shipyard | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.conf.shipyard.append -}}
|
||||
{{ .Values.conf.shipyard.append | indent 4 }}
|
||||
{{- end }}
|
||||
api-paste.ini: |+
|
||||
{{ if .Values.conf.paste.override -}}
|
||||
{{ .Values.conf.paste.override | indent 4 }}
|
||||
{{- else -}}
|
||||
{{- if .Values.conf.paste.prefix -}}
|
||||
{{ .Values.conf.paste.prefix | indent 4 }}
|
||||
{{- end }}
|
||||
{{ tuple "etc/_api-paste.ini.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- if .Values.conf.paste.append -}}
|
||||
{{ .Values.conf.paste.append | indent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.paste | indent 4 }}
|
||||
policy.yaml: |+
|
||||
{{ if .Values.conf.policy.override -}}
|
||||
{{ .Values.conf.policy.override | indent 4 }}
|
||||
{{- else -}}
|
||||
{{ tuple "etc/_policy.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- end }}
|
||||
{{ toYaml .Values.conf.policy | indent 4 }}
|
||||
|
|
|
@ -41,7 +41,7 @@ spec:
|
|||
{{ tuple $envAll $dependencies $mounts_airflow_flower_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: airflow-flower
|
||||
image: {{ .Values.images.airflow }}
|
||||
image: {{ .Values.images.tags.airflow }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.airflow.flower | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
|
|
|
@ -41,7 +41,7 @@ spec:
|
|||
{{ tuple $envAll $dependencies $mounts_airflow_scheduler_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{- if .Values.prod_environment }}
|
||||
- name: airflow-shipyard-init
|
||||
image: {{ .Values.images.shipyard }}
|
||||
image: {{ .Values.images.tags.shipyard }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.shipyard_api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
|
@ -58,7 +58,7 @@ spec:
|
|||
{{- end }}
|
||||
containers:
|
||||
- name: airflow-scheduler
|
||||
image: {{ .Values.images.airflow }}
|
||||
image: {{ .Values.images.tags.airflow }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.airflow.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
|
|
|
@ -41,7 +41,7 @@ spec:
|
|||
{{ tuple $envAll $dependencies $mounts_airflow_web_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{- if .Values.prod_environment }}
|
||||
- name: airflow-shipyard-init
|
||||
image: {{ .Values.images.shipyard }}
|
||||
image: {{ .Values.images.tags.shipyard }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.shipyard_api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
|
@ -58,7 +58,7 @@ spec:
|
|||
{{- end }}
|
||||
containers:
|
||||
- name: airflow-web
|
||||
image: {{ .Values.images.airflow }}
|
||||
image: {{ .Values.images.tags.airflow }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.airflow.web | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
|
|
|
@ -41,7 +41,7 @@ spec:
|
|||
{{ tuple $envAll $dependencies $mounts_airflow_worker_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{- if .Values.prod_environment }}
|
||||
- name: airflow-shipyard-init
|
||||
image: {{ .Values.images.shipyard }}
|
||||
image: {{ .Values.images.tags.shipyard }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.shipyard_api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
|
@ -58,7 +58,7 @@ spec:
|
|||
{{- end }}
|
||||
containers:
|
||||
- name: airflow-worker
|
||||
image: {{ .Values.images.airflow }}
|
||||
image: {{ .Values.images.tags.airflow }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.airflow.worker | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
|
|
|
@ -41,7 +41,7 @@ spec:
|
|||
{{ tuple $envAll $dependencies $mounts_shipyard_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: shipyard
|
||||
image: {{ .Values.images.shipyard }}
|
||||
image: {{ .Values.images.tags.shipyard }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.shipyard_api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
ports:
|
||||
|
|
|
@ -1,25 +0,0 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
#PasteDeploy Configuration File
|
||||
#Used to configure uWSGI middleware pipeline
|
||||
|
||||
[app:shipyard-api]
|
||||
paste.app_factory = shipyard_airflow.shipyard:paste_start_shipyard
|
||||
|
||||
[pipeline:main]
|
||||
pipeline = authtoken shipyard-api
|
||||
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
|
@ -1,40 +0,0 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Actions requiring admin authority
|
||||
#"admin_required": "role:admin"
|
||||
|
||||
# List workflow actions invoked by users
|
||||
# GET /api/v1.0/actions
|
||||
#"workflow_orchestrator:list_actions": "rule:admin_required"
|
||||
|
||||
# Create a workflow action
|
||||
# POST /api/v1.0/actions
|
||||
#"workflow_orchestrator:create_actions": "rule:admin_required"
|
||||
|
||||
# Retreive an action by its id
|
||||
# GET /api/v1.0/actions/{action_id}
|
||||
#"workflow_orchestrator:get_action": "rule:admin_required"
|
||||
|
||||
# Retreive an action step by its id
|
||||
# GET /api/v1.0/actions/{action_id}/steps/{step_id}
|
||||
#"workflow_orchestrator:get_action_step": "rule:admin_required"
|
||||
|
||||
# Retreive an action validation by its id
|
||||
# GET /api/v1.0/actions/{action_id}/validations/{validation_id}
|
||||
#"workflow_orchestrator:get_action_validation": "rule:admin_required"
|
||||
|
||||
# Send a control to an action
|
||||
# POST /api/v1.0/actions/{action_id}/control/{control_verb}
|
||||
#"workflow_orchestrator:invoke_action_control": "rule:admin_required"
|
|
@ -1,383 +0,0 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{ include "shipyard.conf.shipyard_values_skeleton" .Values.conf.shipyard | trunc 0 }}
|
||||
{{ include "shipyard.conf.shipyard" .Values.conf.shipyard }}
|
||||
|
||||
{{- define "shipyard.conf.shipyard_values_skeleton" -}}
|
||||
|
||||
{{- if not .base -}}{{- set . "base" dict -}}{{- end -}}
|
||||
{{- if not .shipyard -}}{{- set . "shipyard" dict -}}{{- end -}}
|
||||
{{- if not .deckhand -}}{{- set . "deckhand" dict -}}{{- end -}}
|
||||
{{- if not .armada -}}{{- set . "armada" dict -}}{{- end -}}
|
||||
{{- if not .drydock -}}{{- set . "drydock" dict -}}{{- end -}}
|
||||
{{- if not .healthcheck -}}{{- set . "healthcheck" dict -}}{{- end -}}
|
||||
{{- if not .keystone_authtoken -}}{{- set . "keystone_authtoken" dict -}}{{- end -}}
|
||||
{{- if not .keystone_authtoken.keystonemiddleware -}}{{- set .keystone_authtoken "keystonemiddleware" dict -}}{{- end -}}
|
||||
{{- if not .keystone_authtoken.keystonemiddleware.auth_token -}}{{- set .keystone_authtoken.keystonemiddleware "auth_token" dict -}}{{- end -}}
|
||||
{{- if not .keystone_authtoken.shipyard_orchestrator -}}{{- set .keystone_authtoken "shipyard_orchestrator" dict -}}{{- end -}}
|
||||
{{- if not .oslo_policy -}}{{- set . "oslo_policy" dict -}}{{- end -}}
|
||||
{{- if not .oslo_policy.oslo -}}{{- set .oslo_policy "oslo" dict -}}{{- end -}}
|
||||
{{- if not .oslo_policy.oslo.policy -}}{{- set .oslo_policy.oslo "policy" dict -}}{{- end -}}
|
||||
{{- if not .logging -}}{{- set . "logging" dict -}}{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{- define "shipyard.conf.shipyard" -}}
|
||||
|
||||
[base]
|
||||
{{ if not .base.web_server }}#{{ end }}web_server = {{ .base.web_server | default "<None>" }}
|
||||
{{ if not .base.postgresql_db }}#{{ end }}postgresql_db = {{ .base.postgresql_db | default "<None>" }}
|
||||
{{ if not .base.postgresql_airflow_db }}#{{ end }}postgresql_airflow_db = {{ .base.postgresql_airflow_db | default "<None>" }}
|
||||
|
||||
[shipyard]
|
||||
{{ if not .shipyard.service_type }}#{{ end }}service_type = {{ .shipyard.service_type | default "shipyard" }}
|
||||
|
||||
[deckhand]
|
||||
{{ if not .deckhand.service_type }}#{{ end }}service_type = {{ .deckhand.service_type | default "deckhand" }}
|
||||
|
||||
[armada]
|
||||
{{ if not .armada.service_type }}#{{ end }}service_type = {{ .armada.service_type | default "armada" }}
|
||||
|
||||
[drydock]
|
||||
{{ if not .drydock.service_type }}#{{ end }}service_type = {{ .drydock.service_type | default "physicalprovisioner" }}
|
||||
{{ if not .drydock.verify_site_query_interval }}#{{ end }}verify_site_query_interval = {{ .drydock.verify_site_query_interval | default "10" }}
|
||||
{{ if not .drydock.verify_site_task_timeout }}#{{ end }}verify_site_task_timeout = {{ .drydock.verify_site_task_timeout | default "60" }}
|
||||
{{ if not .drydock.prepare_site_query_interval }}#{{ end }}prepare_site_query_interval = {{ .drydock.prepare_site_query_interval | default "10" }}
|
||||
{{ if not .drydock.prepare_site_task_timeout }}#{{ end }}prepare_site_task_timeout = {{ .drydock.prepare_site_task_timeout | default "120" }}
|
||||
{{ if not .drydock.prepare_node_query_interval }}#{{ end }}prepare_node_query_interval = {{ .drydock.prepare_node_query_interval | default "30" }}
|
||||
{{ if not .drydock.prepare_node_task_timeout }}#{{ end }}prepare_node_task_timeout = {{ .drydock.prepare_node_task_timeout | default "1800" }}
|
||||
{{ if not .drydock.deploy_node_query_interval }}#{{ end }}deploy_node_query_interval = {{ .drydock.deploy_node_query_interval | default "30" }}
|
||||
{{ if not .drydock.deploy_node_task_timeout }}#{{ end }}deploy_node_task_timeout = {{ .drydock.deploy_node_task_timeout | default "3600" }}
|
||||
|
||||
[healthcheck]
|
||||
{{ if not .healthcheck.schema }}#{{ end }}schema = {{ .healthcheck.schema | default "<None>" }}
|
||||
{{ if not .healthcheck.endpoint }}#{{ end }}endpoint = {{ .healthcheck.endpoint | default "<None>" }}
|
||||
|
||||
[keystone_authtoken]
|
||||
|
||||
#
|
||||
# From keystonemiddleware.auth_token
|
||||
#
|
||||
|
||||
# Complete "public" Identity API endpoint. This endpoint should not be an
|
||||
# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
|
||||
# clients are redirected to this endpoint to authenticate. Although this
|
||||
# endpoint should ideally be unversioned, client support in the wild varies.
|
||||
# If you're using a versioned v2 endpoint here, then this should *not* be the
|
||||
# same endpoint the service user utilizes for validating tokens, because normal
|
||||
# end users may not be able to reach that endpoint. (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.auth_uri
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.auth_uri }}#{{ end }}auth_uri = {{ .keystone_authtoken.keystonemiddleware.auth_token.auth_uri | default "<None>" }}
|
||||
|
||||
# API version of the admin Identity API endpoint. (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.auth_version
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.auth_version }}#{{ end }}auth_version = {{ .keystone_authtoken.keystonemiddleware.auth_token.auth_version | default "<None>" }}
|
||||
|
||||
# Do not handle authorization requests within the middleware, but delegate the
|
||||
# authorization decision to downstream WSGI components. (boolean value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.delay_auth_decision
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.delay_auth_decision }}#{{ end }}delay_auth_decision = {{ .keystone_authtoken.keystonemiddleware.auth_token.delay_auth_decision | default "false" }}
|
||||
|
||||
# Request timeout value for communicating with Identity API server. (integer
|
||||
# value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.http_connect_timeout
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.http_connect_timeout }}#{{ end }}http_connect_timeout = {{ .keystone_authtoken.keystonemiddleware.auth_token.http_connect_timeout | default "<None>" }}
|
||||
|
||||
# How many times are we trying to reconnect when communicating with Identity API
|
||||
# Server. (integer value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.http_request_max_retries
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.http_request_max_retries }}#{{ end }}http_request_max_retries = {{ .keystone_authtoken.keystonemiddleware.auth_token.http_request_max_retries | default "3" }}
|
||||
|
||||
# Request environment key where the Swift cache object is stored. When
|
||||
# auth_token middleware is deployed with a Swift cache, use this option to have
|
||||
# the middleware share a caching backend with swift. Otherwise, use the
|
||||
# ``memcached_servers`` option instead. (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.cache
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.cache }}#{{ end }}cache = {{ .keystone_authtoken.keystonemiddleware.auth_token.cache | default "<None>" }}
|
||||
|
||||
# Required if identity server requires client certificate (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.certfile
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.certfile }}#{{ end }}certfile = {{ .keystone_authtoken.keystonemiddleware.auth_token.certfile | default "<None>" }}
|
||||
|
||||
# Required if identity server requires client certificate (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.keyfile
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.keyfile }}#{{ end }}keyfile = {{ .keystone_authtoken.keystonemiddleware.auth_token.keyfile | default "<None>" }}
|
||||
|
||||
# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
|
||||
# Defaults to system CAs. (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.cafile
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.cafile }}#{{ end }}cafile = {{ .keystone_authtoken.keystonemiddleware.auth_token.cafile | default "<None>" }}
|
||||
|
||||
# Verify HTTPS connections. (boolean value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.insecure
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.insecure }}#{{ end }}insecure = {{ .keystone_authtoken.keystonemiddleware.auth_token.insecure | default "false" }}
|
||||
|
||||
# The region in which the identity server can be found. (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.region_name
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.region_name }}#{{ end }}region_name = {{ .keystone_authtoken.keystonemiddleware.auth_token.region_name | default "<None>" }}
|
||||
|
||||
# DEPRECATED: Directory used to cache files related to PKI tokens. This option
|
||||
# has been deprecated in the Ocata release and will be removed in the P
|
||||
# release. (string value)
|
||||
# This option is deprecated for removal since Ocata.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: PKI token format is no longer supported.
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.signing_dir
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.signing_dir }}#{{ end }}signing_dir = {{ .keystone_authtoken.keystonemiddleware.auth_token.signing_dir | default "<None>" }}
|
||||
|
||||
# Optionally specify a list of memcached server(s) to use for caching. If left
|
||||
# undefined, tokens will instead be cached in-process. (list value)
|
||||
# Deprecated group/name - [keystone_authtoken]/memcache_servers
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcached_servers
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcached_servers }}#{{ end }}memcached_servers = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcached_servers | default "<None>" }}
|
||||
|
||||
# In order to prevent excessive effort spent validating tokens, the middleware
|
||||
# caches previously-seen tokens for a configurable duration (in seconds). Set to
|
||||
# -1 to disable caching completely. (integer value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.token_cache_time
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.token_cache_time }}#{{ end }}token_cache_time = {{ .keystone_authtoken.keystonemiddleware.auth_token.token_cache_time | default "300" }}
|
||||
|
||||
# DEPRECATED: Determines the frequency at which the list of revoked tokens is
|
||||
# retrieved from the Identity service (in seconds). A high number of revocation
|
||||
# events combined with a low cache duration may significantly reduce
|
||||
# performance. Only valid for PKI tokens. This option has been deprecated in
|
||||
# the Ocata release and will be removed in the P release. (integer value)
|
||||
# This option is deprecated for removal since Ocata.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: PKI token format is no longer supported.
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.revocation_cache_time
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.revocation_cache_time }}#{{ end }}revocation_cache_time = {{ .keystone_authtoken.keystonemiddleware.auth_token.revocation_cache_time | default "10" }}
|
||||
|
||||
# (Optional) If defined, indicate whether token data should be authenticated or
|
||||
# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
|
||||
# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
|
||||
# cache. If the value is not one of these options or empty, auth_token will
|
||||
# raise an exception on initialization. (string value)
|
||||
# Allowed values: None, MAC, ENCRYPT
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_security_strategy
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_security_strategy }}#{{ end }}memcache_security_strategy = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_security_strategy | default "None" }}
|
||||
|
||||
# (Optional, mandatory if memcache_security_strategy is defined) This string is
|
||||
# used for key derivation. (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_secret_key
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_secret_key }}#{{ end }}memcache_secret_key = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_secret_key | default "<None>" }}
|
||||
|
||||
# (Optional) Number of seconds memcached server is considered dead before it is
|
||||
# tried again. (integer value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_dead_retry
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_dead_retry }}#{{ end }}memcache_pool_dead_retry = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_dead_retry | default "300" }}
|
||||
|
||||
# (Optional) Maximum total number of open connections to every memcached server.
|
||||
# (integer value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_maxsize
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_maxsize }}#{{ end }}memcache_pool_maxsize = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_maxsize | default "10" }}
|
||||
|
||||
# (Optional) Socket timeout in seconds for communicating with a memcached
|
||||
# server. (integer value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_socket_timeout
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_socket_timeout }}#{{ end }}memcache_pool_socket_timeout = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_socket_timeout | default "3" }}
|
||||
|
||||
# (Optional) Number of seconds a connection to memcached is held unused in the
|
||||
# pool before it is closed. (integer value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_unused_timeout
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_unused_timeout }}#{{ end }}memcache_pool_unused_timeout = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_unused_timeout | default "60" }}
|
||||
|
||||
# (Optional) Number of seconds that an operation will wait to get a memcached
|
||||
# client connection from the pool. (integer value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_conn_get_timeout
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_conn_get_timeout }}#{{ end }}memcache_pool_conn_get_timeout = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_conn_get_timeout | default "10" }}
|
||||
|
||||
# (Optional) Use the advanced (eventlet safe) memcached client pool. The
|
||||
# advanced pool will only work under python 2.x. (boolean value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_use_advanced_pool
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_use_advanced_pool }}#{{ end }}memcache_use_advanced_pool = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_use_advanced_pool | default "false" }}
|
||||
|
||||
# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
|
||||
# middleware will not ask for service catalog on token validation and will not
|
||||
# set the X-Service-Catalog header. (boolean value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.include_service_catalog
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.include_service_catalog }}#{{ end }}include_service_catalog = {{ .keystone_authtoken.keystonemiddleware.auth_token.include_service_catalog | default "true" }}
|
||||
|
||||
# Used to control the use and type of token binding. Can be set to: "disabled"
|
||||
# to not check token binding. "permissive" (default) to validate binding
|
||||
# information if the bind type is of a form known to the server and ignore it if
|
||||
# not. "strict" like "permissive" but if the bind type is unknown the token will
|
||||
# be rejected. "required" any form of token binding is needed to be allowed.
|
||||
# Finally the name of a binding method that must be present in tokens. (string
|
||||
# value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.enforce_token_bind
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.enforce_token_bind }}#{{ end }}enforce_token_bind = {{ .keystone_authtoken.keystonemiddleware.auth_token.enforce_token_bind | default "permissive" }}
|
||||
|
||||
# DEPRECATED: If true, the revocation list will be checked for cached tokens.
|
||||
# This requires that PKI tokens are configured on the identity server. (boolean
|
||||
# value)
|
||||
# This option is deprecated for removal since Ocata.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: PKI token format is no longer supported.
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.check_revocations_for_cached
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.check_revocations_for_cached }}#{{ end }}check_revocations_for_cached = {{ .keystone_authtoken.keystonemiddleware.auth_token.check_revocations_for_cached | default "false" }}
|
||||
|
||||
# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a
|
||||
# single algorithm or multiple. The algorithms are those supported by Python
|
||||
# standard hashlib.new(). The hashes will be tried in the order given, so put
|
||||
# the preferred one first for performance. The result of the first hash will be
|
||||
# stored in the cache. This will typically be set to multiple values only while
|
||||
# migrating from a less secure algorithm to a more secure one. Once all the old
|
||||
# tokens are expired this option should be set to a single value for better
|
||||
# performance. (list value)
|
||||
# This option is deprecated for removal since Ocata.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: PKI token format is no longer supported.
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.hash_algorithms
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.hash_algorithms }}#{{ end }}hash_algorithms = {{ .keystone_authtoken.keystonemiddleware.auth_token.hash_algorithms | default "md5" }}
|
||||
|
||||
# A choice of roles that must be present in a service token. Service tokens are
|
||||
# allowed to request that an expired token can be used and so this check should
|
||||
# tightly control that only actual services should be sending this token. Roles
|
||||
# here are applied as an ANY check so any role in this list must be present.
|
||||
# For backwards compatibility reasons this currently only affects the
|
||||
# allow_expired check. (list value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles }}#{{ end }}service_token_roles = {{ .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles | default "service" }}
|
||||
|
||||
# For backwards compatibility reasons we must let valid service tokens pass
|
||||
# that don't pass the service_token_roles check as valid. Setting this true
|
||||
# will become the default in a future release and should be enabled if
|
||||
# possible. (boolean value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles_required
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles_required }}#{{ end }}service_token_roles_required = {{ .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles_required | default "false" }}
|
||||
|
||||
# Authentication type to load (string value)
|
||||
# Deprecated group/name - [keystone_authtoken]/auth_plugin
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.auth_type
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.auth_type }}#{{ end }}auth_type = {{ .keystone_authtoken.keystonemiddleware.auth_token.auth_type | default "<None>" }}
|
||||
|
||||
# Config Section from which to load plugin specific options (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.auth_section
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.auth_section }}#{{ end }}auth_section = {{ .keystone_authtoken.keystonemiddleware.auth_token.auth_section | default "<None>" }}
|
||||
|
||||
|
||||
|
||||
#
|
||||
# From shipyard_orchestrator
|
||||
#
|
||||
|
||||
# Authentication URL (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.auth_url
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.auth_url }}#{{ end }}auth_url = {{ .keystone_authtoken.shipyard_orchestrator.auth_url | default "<None>" }}
|
||||
|
||||
# Domain ID to scope to (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.domain_id
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.domain_id }}#{{ end }}domain_id = {{ .keystone_authtoken.shipyard_orchestrator.domain_id | default "<None>" }}
|
||||
|
||||
# Domain name to scope to (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.domain_name
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.domain_name }}#{{ end }}domain_name = {{ .keystone_authtoken.shipyard_orchestrator.domain_name | default "<None>" }}
|
||||
|
||||
# Project ID to scope to (string value)
|
||||
# Deprecated group/name - [keystone_authtoken]/tenant-id
|
||||
# from .keystone_authtoken.shipyard_orchestrator.project_id
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.project_id }}#{{ end }}project_id = {{ .keystone_authtoken.shipyard_orchestrator.project_id | default "<None>" }}
|
||||
|
||||
# Project name to scope to (string value)
|
||||
# Deprecated group/name - [keystone_authtoken]/tenant-name
|
||||
# from .keystone_authtoken.shipyard_orchestrator.project_name
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.project_name }}#{{ end }}project_name = {{ .keystone_authtoken.shipyard_orchestrator.project_name | default "<None>" }}
|
||||
|
||||
# Domain ID containing project (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.project_domain_id
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.project_domain_id }}#{{ end }}project_domain_id = {{ .keystone_authtoken.shipyard_orchestrator.project_domain_id | default "<None>" }}
|
||||
|
||||
# Domain name containing project (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.project_domain_name
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.project_domain_name }}#{{ end }}project_domain_name = {{ .keystone_authtoken.shipyard_orchestrator.project_domain_name | default "<None>" }}
|
||||
|
||||
# Trust ID (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.trust_id
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.trust_id }}#{{ end }}trust_id = {{ .keystone_authtoken.shipyard_orchestrator.trust_id | default "<None>" }}
|
||||
|
||||
# Optional domain ID to use with v3 and v2 parameters. It will be used for both
|
||||
# the user and project domain in v3 and ignored in v2 authentication. (string
|
||||
# value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.default_domain_id
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.default_domain_id }}#{{ end }}default_domain_id = {{ .keystone_authtoken.shipyard_orchestrator.default_domain_id | default "<None>" }}
|
||||
|
||||
# Optional domain name to use with v3 API and v2 parameters. It will be used for
|
||||
# both the user and project domain in v3 and ignored in v2 authentication.
|
||||
# (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.default_domain_name
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.default_domain_name }}#{{ end }}default_domain_name = {{ .keystone_authtoken.shipyard_orchestrator.default_domain_name | default "<None>" }}
|
||||
|
||||
# User id (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.user_id
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.user_id }}#{{ end }}user_id = {{ .keystone_authtoken.shipyard_orchestrator.user_id | default "<None>" }}
|
||||
|
||||
# Username (string value)
|
||||
# Deprecated group/name - [keystone_authtoken]/user-name
|
||||
# from .keystone_authtoken.shipyard_orchestrator.username
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.username }}#{{ end }}username = {{ .keystone_authtoken.shipyard_orchestrator.username | default "<None>" }}
|
||||
|
||||
# User's domain id (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.user_domain_id
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.user_domain_id }}#{{ end }}user_domain_id = {{ .keystone_authtoken.shipyard_orchestrator.user_domain_id | default "<None>" }}
|
||||
|
||||
# User's domain name (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.user_domain_name
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.user_domain_name }}#{{ end }}user_domain_name = {{ .keystone_authtoken.shipyard_orchestrator.user_domain_name | default "<None>" }}
|
||||
|
||||
# User's password (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.password
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.password }}#{{ end }}password = {{ .keystone_authtoken.shipyard_orchestrator.password | default "<None>" }}
|
||||
|
||||
|
||||
[oslo_policy]
|
||||
|
||||
#
|
||||
# From oslo.policy
|
||||
#
|
||||
|
||||
# The file that defines policies. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/policy_file
|
||||
# from .oslo_policy.oslo.policy.policy_file
|
||||
{{ if not .oslo_policy.oslo.policy.policy_file }}#{{ end }}policy_file = {{ .oslo_policy.oslo.policy.policy_file | default "policy.json" }}
|
||||
|
||||
# Default rule. Enforced when a requested rule is not found. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/policy_default_rule
|
||||
# from .oslo_policy.oslo.policy.policy_default_rule
|
||||
{{ if not .oslo_policy.oslo.policy.policy_default_rule }}#{{ end }}policy_default_rule = {{ .oslo_policy.oslo.policy.policy_default_rule | default "default" }}
|
||||
|
||||
# Directories where policy configuration files are stored. They can be relative
|
||||
# to any directory in the search path defined by the config_dir option, or
|
||||
# absolute paths. The file defined by policy_file must exist for these
|
||||
# directories to be searched. Missing or empty directories are ignored. (multi
|
||||
# valued)
|
||||
# Deprecated group/name - [DEFAULT]/policy_dirs
|
||||
# from .oslo_policy.oslo.policy.policy_dirs (multiopt)
|
||||
{{ if not .oslo_policy.oslo.policy.policy_dirs }}#policy_dirs = {{ .oslo_policy.oslo.policy.policy_dirs | default "policy.d" }}{{ else }}{{ range .oslo_policy.oslo.policy.policy_dirs }}policy_dirs = {{ . }}
|
||||
{{ end }}{{ end }}
|
||||
|
||||
|
||||
|
||||
[logging]
|
||||
|
||||
#
|
||||
# From shipyard_airflow
|
||||
#
|
||||
# The default logging level for the root logger. ERROR=40, WARNING=30, INFO=20,
|
||||
# DEBUG=10 (integer value)
|
||||
{{ if not .logging.log_level }}#{{ end }}log_level = {{ .logging.log_level | default "10" }}
|
||||
|
||||
{{- end -}}
|
||||
|
|
@ -35,7 +35,7 @@ spec:
|
|||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: airflow-db-init
|
||||
image: {{ .Values.images.airflow_db_init | quote }}
|
||||
image: {{ .Values.images.tags.airflow_db_init | quote }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy | quote }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.airflow_db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
|
|
|
@ -35,7 +35,7 @@ spec:
|
|||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: airflow-db-sync
|
||||
image: {{ .Values.images.airflow_db_sync }}
|
||||
image: {{ .Values.images.tags.airflow_db_sync }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.airflow_db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
|
|
|
@ -33,7 +33,7 @@ spec:
|
|||
{{- range $key1, $osServiceType := tuple "shipyard" }}
|
||||
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
|
||||
- name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }}
|
||||
image: {{ $envAll.Values.images.ks_endpoints }}
|
||||
image: {{ $envAll.Values.images.tags.ks_endpoints }}
|
||||
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
|
|
|
@ -34,7 +34,7 @@ spec:
|
|||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "shipyard" }}
|
||||
- name: {{ $osServiceType }}-ks-service-registration
|
||||
image: {{ $envAll.Values.images.ks_service }}
|
||||
image: {{ $envAll.Values.images.tags.ks_service }}
|
||||
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
|
||||
command:
|
||||
- /tmp/ks-service.sh
|
||||
|
|
|
@ -30,7 +30,7 @@ spec:
|
|||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: shipyard-ks-user
|
||||
image: {{ .Values.images.ks_user }}
|
||||
image: {{ .Values.images.tags.ks_user }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
|
|
|
@ -35,7 +35,7 @@ spec:
|
|||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: shipyard-db-init
|
||||
image: {{ .Values.images.shipyard_db_init | quote }}
|
||||
image: {{ .Values.images.tags.shipyard_db_init | quote }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy | quote }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.shipyard_db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
|
|
|
@ -35,7 +35,7 @@ spec:
|
|||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: shipyard-db-sync
|
||||
image: {{ .Values.images.shipyard_db_sync }}
|
||||
image: {{ .Values.images.tags.shipyard_db_sync }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.shipyard_db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
|
|
|
@ -22,16 +22,17 @@ labels:
|
|||
node_selector_value: enabled
|
||||
|
||||
images:
|
||||
airflow: quay.io/attcomdev/airflow:latest
|
||||
shipyard: quay.io/attcomdev/shipyard:latest
|
||||
dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0
|
||||
shipyard_db_init: docker.io/postgres:9.5
|
||||
shipyard_db_sync: docker.io/postgres:9.5
|
||||
airflow_db_init: docker.io/postgres:9.5
|
||||
airflow_db_sync: quay.io/attcomdev/airflow:latest
|
||||
ks_user: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
|
||||
ks_service: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
|
||||
ks_endpoints: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
|
||||
tags:
|
||||
airflow: quay.io/attcomdev/airflow:latest
|
||||
shipyard: quay.io/attcomdev/shipyard:latest
|
||||
dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0
|
||||
shipyard_db_init: docker.io/postgres:9.5
|
||||
shipyard_db_sync: docker.io/postgres:9.5
|
||||
airflow_db_init: docker.io/postgres:9.5
|
||||
airflow_db_sync: quay.io/attcomdev/airflow:latest
|
||||
ks_user: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
|
||||
ks_service: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
|
||||
ks_endpoints: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
|
||||
pull_policy: "IfNotPresent"
|
||||
|
||||
release_group: null
|
||||
|
@ -288,8 +289,28 @@ database:
|
|||
db_root_user: postgres
|
||||
|
||||
conf:
|
||||
policy:
|
||||
admin_required: role:admin
|
||||
workflow_orchestrator:list_actions: rule:admin_required
|
||||
workflow_orchestrator:create_action: rule:admin_required
|
||||
workflow_orchestrator:get_action: rule:admin_required
|
||||
workflow_orchestrator:get_action_step: rule:admin_required
|
||||
workflow_orchestrator:get_action_validation: rule:admin_required
|
||||
workflow_orchestrator:invoke_action_control: rule:admin_required
|
||||
workflow_orchestrator:create_configdocs: rule:admin_required
|
||||
workflow_orchestrator:get_configdocs: rule:admin_required
|
||||
workflow_orchestrator:commit_configdocs: rule:admin_required
|
||||
workflow_orchestrator:get_renderedconfigdocs: rule:admin_required
|
||||
paste:
|
||||
app:shipyard-api:
|
||||
paste.app_factory: shipyard_airflow.shipyard:paste_start_shipyard
|
||||
pipeline:main:
|
||||
pipeline: authtoken shipyard-api
|
||||
filter:authtoken:
|
||||
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
|
||||
shipyard:
|
||||
base:
|
||||
web_server:
|
||||
shipyard:
|
||||
service_type: shipyard
|
||||
deckhand:
|
||||
|
@ -310,19 +331,11 @@ conf:
|
|||
schema: http
|
||||
endpoint: /api/v1.0/health
|
||||
keystone_authtoken:
|
||||
keystonemiddleware:
|
||||
auth_token:
|
||||
delay_auth_decision: true
|
||||
auth_type: password
|
||||
auth_section: keystone_authtoken
|
||||
auth_version: v3
|
||||
memcache_security_strategy: ENCRYPT
|
||||
paste:
|
||||
override:
|
||||
append:
|
||||
policy:
|
||||
override:
|
||||
append:
|
||||
delay_auth_decision: true
|
||||
auth_type: password
|
||||
auth_section: keystone_authtoken
|
||||
auth_version: v3
|
||||
memcache_security_strategy: ENCRYPT
|
||||
airflow:
|
||||
override:
|
||||
append:
|
||||
|
|
Loading…
Reference in New Issue