treasuremap/global/software/charts/ucp/armada/armada.yaml

---
schema: armada/Chart/v1
metadata:
  schema: metadata/Document/v1
  name: ucp-armada
  layeringDefinition:
    abstract: false
    layer: global
  storagePolicy: cleartext
  labels:
    name: ucp-armada-global
  substitutions:
    # Chart source
    - src:
        schema: pegleg/SoftwareVersions/v1
        name: software-versions
        path: .charts.ucp.armada
      dest:
        path: .source

    # Images
    - src:
        schema: pegleg/SoftwareVersions/v1
        name: software-versions
        path: .images.ucp.armada
      dest:
        path: .values.images.tags

    # Endpoints
    - src:
        schema: pegleg/EndpointCatalogue/v1
        name: ucp_endpoints
        path: .ucp.identity
      dest:
        path: .values.endpoints.identity
    - src:
        schema: pegleg/EndpointCatalogue/v1
        name: ucp_endpoints
        path: .ucp.armada
      dest:
        path: .values.endpoints.armada

    # Credentials
    - src:
        schema: pegleg/AccountCatalogue/v1
        name: ucp_service_accounts
        path: .ucp.keystone.admin
      dest:
        path: .values.endpoints.identity.auth.admin
    - src:
        schema: pegleg/AccountCatalogue/v1
        name: ucp_service_accounts
        path: .ucp.armada.keystone
      dest:
        path: .values.endpoints.identity.auth.user

    # Secrets
    - dest:
        path: .values.endpoints.identity.auth.admin.password
      src:
        schema: deckhand/Passphrase/v1
        name: ucp_keystone_admin_password
        path: .
    - dest:
        path: .values.endpoints.identity.auth.armada.password
      src:
        schema: deckhand/Passphrase/v1
        name: ucp_armada_keystone_password
        path: .
data:
  chart_name: armada
  release: ucp-armada
  namespace: ucp
  protected:
    continue_processing: false
  wait:
    native:
      # Note(seaneagan): This allows the sidecar tiller (if enabled) to update
      # the armada chart's release status to DEPLOYED before the tiller sidecar
      # goes away when the armada chart is updated, otherwise it can get
      # stuck in PENDING_UPGRADE status.
      enabled: false
    timeout: 900
    labels:
      release_group: clcp-ucp-armada
  test:
    enabled: true
  install:
    no_hooks: false
  upgrade:
    no_hooks: false
    pre:
      delete:
        - type: job
          labels:
            release_group: clcp-ucp-armada
  values:
    pod:
      mandatory_access_control:
        type: apparmor
        armada-api:
          init: runtime/default
          armada-api: runtime/default
          tiller: runtime/default
        armada-api-test:
          armada-api-test: runtime/default
      affinity:
        anti:
          type:
            default: requiredDuringSchedulingIgnoredDuringExecution
      security_context:
        armada:
          pod:
            runAsUser: 1000
      env:
        armada_api:
          - name: ARMADA_UWSGI_TIMEOUT
            value: 10800
      replicas:
        api: 1
    conf:
      armada:
        DEFAULT:
          debug: true
          # Allow lock to expire before timing out. This is needed in case
          # a lock does not get cleaned up, such as when Armada updates itself.
          lock_acquire_timeout: 1800
          lock_expiration: 300
      tiller:
        storage: secret
    manifests:
      deployment_tiller: false
      service_tiller_deploy: false
  dependencies:
    - armada-htk
...