# Copyright 2017 The Openstack-Helm Authors. # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # This file provides defaults for shipyard and airflow # Indicate whether it is production or development environment prod_environment: true labels: job: node_selector_key: ucp-control-plane node_selector_value: enabled shipyard: node_selector_key: ucp-control-plane node_selector_value: enabled airflow: node_selector_key: ucp-control-plane node_selector_value: enabled images: tags: airflow: quay.io/attcomdev/airflow:latest shipyard: quay.io/attcomdev/shipyard:latest dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 shipyard_db_init: docker.io/postgres:9.5 shipyard_db_sync: quay.io/attcomdev/shipyard:latest airflow_db_init: docker.io/postgres:9.5 airflow_db_sync: quay.io/attcomdev/airflow:latest ks_user: docker.io/openstackhelm/heat:ocata ks_service: docker.io/openstackhelm/heat:ocata ks_endpoints: docker.io/openstackhelm/heat:ocata image_repo_sync: docker.io/docker:17.07.0 pull_policy: "IfNotPresent" local_registry: active: false exclude: - dep_check - image_repo_sync release_group: null network: shipyard: ingress: public: true classes: namespace: "nginx" cluster: "nginx-cluster" annotations: nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/proxy-read-timeout: "600" node_port: 31901 enable_node_port: false airflow: ingress: public: true proxy_read_timeout: 600 flower: name: airflow-flower port: 5555 enable_node_port: false web: name: airflow-web port: 8080 node_port: 32080 enable_node_port: false worker: name: airflow-worker port: 8793 enable_node_port: false dependencies: static: shipyard_db_init: jobs: - airflow-db-init - airflow-db-sync services: - service: postgresql_shipyard_db endpoint: internal - service: airflow_flower endpoint: internal - service: airflow_web endpoint: internal shipyard_db_sync: jobs: - shipyard-db-init services: - service: postgresql_shipyard_db endpoint: internal airflow_db_init: services: - service: postgresql_airflow_db endpoint: internal airflow_db_sync: jobs: - airflow-db-init services: - service: postgresql_airflow_db endpoint: internal ks_user: services: - service: identity endpoint: internal ks_service: services: - service: identity endpoint: internal ks_endpoints: jobs: - shipyard-ks-service services: - service: identity endpoint: internal shipyard: jobs: - shipyard-db-init - shipyard-db-sync - shipyard-ks-endpoints - shipyard-ks-user - shipyard-ks-endpoints services: - service: airflow_flower endpoint: internal - service: airflow_web endpoint: internal - service: identity endpoint: internal - service: postgresql_shipyard_db endpoint: internal airflow_server: jobs: - airflow-db-init - airflow-db-sync services: - service: postgresql_airflow_db endpoint: internal - service: oslo_messaging endpoint: internal volume_worker: class_name: general size: 5Gi logrotate: days_before_deletion: 30 # typically overriden by environmental # values, but should include all endpoints # required by this chart endpoints: cluster_domain_suffix: cluster.local identity: name: keystone auth: shipyard: region_name: RegionOne role: admin project_name: service project_domain_name: default user_domain_name: default username: shipyard password: password admin: region_name: RegionOne project_name: admin password: password username: admin user_domain_name: default project_domain_name: default hosts: default: keystone-api public: keystone path: default: /v3 scheme: default: http port: admin: default: 35357 api: default: 80 host_fqdn_override: default: null shipyard: name: shipyard hosts: default: shipyard-int public: shipyard-api port: api: default: 9000 public: 80 path: default: /api/v1.0 scheme: default: http host_fqdn_override: default: null # NOTE(bryan-strassner): this chart supports TLS for fqdn over-ridden public # endpoints using the following format: # public: # host: null # tls: # crt: null # key: null airflow_web: name: airflow-web hosts: default: airflow-web-int public: airflow-web port: airflow_web: default: 8080 public: 80 path: default: / scheme: default: http host_fqdn_override: default: null airflow_flower: name: airflow-flower hosts: default: airflow-flower port: airflow_flower: default: 5555 path: default: / scheme: default: http host_fqdn_override: default: null airflow_worker: name: airflow-worker hosts: default: airflow-worker discovery: airflow-worker-discovery host_fqdn_override: default: null path: null scheme: 'http' port: airflow_worker: default: 8793 postgresql_shipyard_db: name: postgresql_shipyard_db auth: admin: username: postgres password: password user: username: shipyard password: password database: shipyard hosts: default: postgresql path: /shipyard scheme: postgresql+psycopg2 port: postgresql: default: 5432 host_fqdn_override: default: null postgresql_airflow_db: name: postgresql_airflow_db auth: admin: username: postgres password: password user: username: airflow password: password database: airflow hosts: default: postgresql path: /airflow scheme: postgresql+psycopg2 port: postgresql: default: 5432 host_fqdn_override: default: null postgresql_airflow_celery_db: name: postgresql_airflow_celery_db auth: admin: username: postgres password: password user: username: airflow password: password database: airflow hosts: default: postgresql path: /airflow scheme: db+postgresql port: postgresql: default: 5432 host_fqdn_override: default: null oslo_messaging: auth: user: username: rabbitmq password: password hosts: default: rabbitmq host_fqdn_override: default: null path: / scheme: amqp port: amqp: default: 5672 oslo_cache: hosts: default: memcached host_fqdn_override: default: null port: memcache: default: 11211 secrets: identity: admin: shipyard-keystone-admin shipyard: shipyard-keystone-user postgresql_shipyard_db: admin: shipyard-db-admin user: shipyard-db-user postgresql_airflow_db: admin: airflow-db-admin user: airflow-db-user tls: shipyard: shipyard: public: shipyard-tls-public conf: uwsgi: threads: 1 workers: 4 policy: admin_required: role:admin workflow_orchestrator:list_actions: rule:admin_required workflow_orchestrator:create_action: rule:admin_required workflow_orchestrator:get_action: rule:admin_required workflow_orchestrator:get_action_step: rule:admin_required workflow_orchestrator:get_action_step_logs: rule:admin_required workflow_orchestrator:get_action_validation: rule:admin_required workflow_orchestrator:invoke_action_control: rule:admin_required workflow_orchestrator:get_configdocs_status: rule:admin_required workflow_orchestrator:create_configdocs: rule:admin_required workflow_orchestrator:get_configdocs: rule:admin_required workflow_orchestrator:commit_configdocs: rule:admin_required workflow_orchestrator:get_renderedconfigdocs: rule:admin_required workflow_orchestrator:list_workflows: rule:admin_required workflow_orchestrator:get_workflow: rule:admin_required workflow_orchestrator:get_site_statuses: rule:admin_required paste: app:shipyard-api: paste.app_factory: shipyard_airflow.shipyard_api:paste_start_shipyard pipeline:main: pipeline: authtoken shipyard-api filter:authtoken: paste.filter_factory: keystonemiddleware.auth_token:filter_factory shipyard: base: web_server: shipyard: service_type: shipyard deckhand: service_type: deckhand armada: service_type: armada drydock: service_type: physicalprovisioner promenade: service_type: kubernetesprovisioner keystone_authtoken: delay_auth_decision: true auth_type: password auth_section: keystone_authtoken auth_version: v3 memcache_security_strategy: ENCRYPT requests_config: airflow_log_connect_timeout: 5 airflow_log_read_timeout: 300 deckhand_client_connect_timeout: 5 deckhand_client_read_timeout: 300 validation_connect_timeout: 5 validation_read_timeout: 300 airflow: worker_endpoint_scheme: 'http' worker_port: 8793 k8s_logs: ucp_namespace: 'ucp' oslo_policy: policy_file: /etc/shipyard/policy.yaml # If non-existent rule is used, the request should be denied. The # deny_all rule is hard coded in the policy.py code to allow no access. policy_default_rule: deny_all airflow_config_file: path: /usr/local/airflow/airflow.cfg airflow: core: airflow_home: /usr/local/airflow dags_folder: /usr/local/airflow/dags base_log_folder: /usr/local/airflow/logs remote_logging: "False" remote_log_conn_id: encrypt_s3_logs: "False" logging_level: "INFO" log_format: "[%%(asctime)s] {{%%(filename)s:%%(lineno)d}} %%(levelname)s - %%(message)s" simple_log_format: "%%(asctime)s %%(levelname)s - %%(message)s" default_timezone: "utc" executor: "CeleryExecutor" sql_alchemy_pool_enabled: "True" sql_alchemy_pool_size: 5 sql_alchemy_pool_recycle: 3600 sql_alchemy_reconnect_timeout: 30 parallelism: 32 dag_concurrency: 16 dags_are_paused_at_creation: "False" non_pooled_task_slot_count: 128 max_active_runs_per_dag: 16 load_examples: "False" plugins_folder: /usr/local/airflow/plugins fernet_key: fKp7omMJ4QlTxfZzVBSiyXVgeCK-6epRjGgMpEIsjvs= donot_pickle: "False" dagbag_import_timeout: 30 task_runner: "BashTaskRunner" default_impersonation: security: secure_mode: "True" unit_test_mode: "False" enable_xcom_pickling: "False" killed_task_cleanup_time: 60 cli: api_client: airflow.api.client.local_client api: auth_backend: airflow.api.auth.backend.default operators: default_owner: "Airflow" default_cpus: 1 default_ram: 512 default_disk: 512 default_igpus: 0 webserver: web_server_host: 0.0.0.0 web_server_port: 8080 web_server_ssl_cert: web_server_ssl_key: web_server_worker_timeout: 120 worker_refresh_batch_size: 1 worker_refresh_interval: 30 secret_key: "temporary_key" workers: 4 worker_class: "sync" access_logfile: "-" error_logfile: "-" expose_config: "False" authenticate: "False" filter_by_owner: "False" owner_mode: "user" dag_default_view: "tree" dag_orientation: "LR" demo_mode: "False" log_fetch_timeout_sec: 5 hide_paused_dags_by_default: "False" page_size: 100 email: email_backend: airflow.utils.send_email_smtp smtp: smtp_host: "localhost" smtp_starttls: "True" smtp_ssl: "False" smtp_user: "airflow" smtp_port: 25 smtp_password: "airflow" smtp_mail_from: airflow@airflow.local celery: celery_app_name: airflow.executors.celery_executor worker_concurrency: 16 worker_log_server_port: 8793 flower_host: 0.0.0.0 flower_url_prefix: flower_port: 5555 default_queue: "default" celery_config_options: airflow.config_templates.default_celery.DEFAULT_CELERY_CONFIG celery_broker_transport_options: visibility_timeout: 21600 ssl_active: "False" ssl_key: ssl_cert: ssl_cacert: scheduler: job_heartbeat_sec: 5 scheduler_heartbeat_sec: 5 run_duration: -1 min_file_process_interval: 0 dag_dir_list_interval: 300 print_stats_interval: 30 child_process_log_directory: /usr/local/airflow/logs/scheduler scheduler_zombie_task_threshold: 300 catchup_by_default: "True" max_tis_per_query: 0 max_threads: 2 authenticate: "False" ldap: uri: user_filter: user_name_attr: group_member_attr: superuser_filter: data_profiler_filter: bind_user: bind_password: basedn: cacert: search_scope: admin: hide_sensitive_variable_fields: "True" pod: mounts: dag_path: /home/ubuntu/workbench/dags plugin_path: /home/ubuntu/workbench/plugins log_path: /home/ubuntu/workbench/logs airflow_flower: init_container: null airflow_flower: airflow_scheduler: init_container: null airflow_scheduler: airflow_worker: init_container: null airflow_worker: airflow_web: init_container: null airflow_web: shipyard: init_container: null shipyard: shipyard_db_init: init_container: null shipyard_db_init: shipyard_db_sync: init_container: null shipyard_db_sync: replicas: shipyard: api: 2 airflow: web: 2 worker: 2 flower: 2 scheduler: 2 lifecycle: upgrades: deployments: revision_history: 3 pod_replacement_strategy: RollingUpdate rolling_update: max_unavailable: 1 max_surge: 3 termination_grace_period: airflow: timeout: 30 shipyard: timeout: 30 resources: enabled: false airflow: flower: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" logrotate: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" scheduler: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" web: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" worker: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" shipyard_api: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" jobs: airflow_db_init: limits: memory: "128Mi" cpu: "500m" requests: memory: "128Mi" cpu: "500m" airflow_db_sync: limits: memory: "128Mi" cpu: "500m" requests: memory: "128Mi" cpu: "500m" ks_endpoints: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" ks_service: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" ks_user: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" shipyard_db_init: limits: memory: "128Mi" cpu: "500m" requests: memory: "128Mi" cpu: "500m" shipyard_db_sync: limits: memory: "128Mi" cpu: "500m" requests: memory: "128Mi" cpu: "500m" test: shipyard: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" airflow: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" manifests: configmap_shipyard_bin: true configmap_shipyard_etc: true configmap_airflow_bin: true configmap_airflow_etc: true deployment_airflow_flower: true deployment_airflow_scheduler: true deployment_shipyard: true deployment_airflow_web: true statefulset_airflow_worker: true ingress_airflow_api: true ingress_shipyard_api: true job_shipyard_db_init: true job_shipyard_db_sync: true job_airflow_db_init: true job_airflow_db_sync: true job_ks_endpoints: true job_ks_service: true job_ks_user: true secret_airflow_db: true secret_shipyard_db: true secret_ingress_tls: true secret_keystone: true service_airflow_ingress: true service_airflow_flower: true service_shipyard: true service_shipyard_ingress: true service_airflow_web: true service_airflow_worker: true service_discovery_airflow_worker: true test_shipyard_api: true