204 lines
5.4 KiB
YAML
204 lines
5.4 KiB
YAML
---
|
|
schema: armada/Chart/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: ucp-deckhand
|
|
labels:
|
|
name: ucp-deckhand-global
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: global
|
|
storagePolicy: cleartext
|
|
substitutions:
|
|
# Chart source
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .charts.ucp.deckhand
|
|
dest:
|
|
path: .source
|
|
|
|
# Images
|
|
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .images.ucp.deckhand
|
|
dest:
|
|
path: .values.images.tags
|
|
|
|
# Endpoints
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: ucp_endpoints
|
|
path: .ucp.identity
|
|
dest:
|
|
path: .values.endpoints.identity
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: ucp_endpoints
|
|
path: .ucp.postgresql
|
|
dest:
|
|
path: .values.endpoints.postgresql
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: ucp_endpoints
|
|
path: .ucp.deckhand
|
|
dest:
|
|
path: .values.endpoints.deckhand
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: ucp_endpoints
|
|
path: .ucp.key_manager
|
|
dest:
|
|
path: .values.endpoints.key_manager
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: ucp_endpoints
|
|
path: .ucp.oslo_cache
|
|
dest:
|
|
path: .values.endpoints.oslo_cache
|
|
|
|
# Deckhand log level
|
|
- src:
|
|
schema: nc/CorridorConfig/v1
|
|
name: corridor-config
|
|
path: .airship.log_level
|
|
dest:
|
|
path: .values.conf.logging.logger_deckhand.level
|
|
|
|
# Credentials
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: ucp_service_accounts
|
|
path: .ucp.postgres.admin
|
|
dest:
|
|
path: .values.endpoints.postgresql.auth.admin
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: ucp_service_accounts
|
|
path: .ucp.deckhand.postgres
|
|
dest:
|
|
path: .values.endpoints.postgresql.auth.user
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: ucp_service_accounts
|
|
path: .ucp.deckhand.postgres.database
|
|
dest:
|
|
path: .values.endpoints.postgresql.path
|
|
pattern: DB_NAME
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: ucp_service_accounts
|
|
path: .ucp.deckhand.keystone
|
|
dest:
|
|
path: .values.endpoints.identity.auth.user
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: ucp_service_accounts
|
|
path: .ucp.keystone.admin
|
|
dest:
|
|
path: .values.endpoints.identity.auth.admin
|
|
|
|
# Secrets
|
|
- dest:
|
|
path: .values.endpoints.identity.auth.admin.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: ucp_keystone_admin_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.postgresql.auth.admin.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: ucp_postgres_admin_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.identity.auth.deckhand.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: ucp_deckhand_keystone_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.postgresql.auth.user.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: ucp_deckhand_postgres_password
|
|
path: .
|
|
data:
|
|
chart_name: ucp-deckhand
|
|
release: ucp-deckhand
|
|
namespace: ucp
|
|
protected:
|
|
continue_processing: false
|
|
wait:
|
|
timeout: 900
|
|
labels:
|
|
release_group: clcp-ucp-deckhand
|
|
test:
|
|
enabled: true
|
|
install:
|
|
no_hooks: false
|
|
upgrade:
|
|
no_hooks: false
|
|
pre:
|
|
delete:
|
|
- type: job
|
|
labels:
|
|
release_group: clcp-ucp-deckhand
|
|
post:
|
|
create: []
|
|
values:
|
|
pod:
|
|
affinity:
|
|
anti:
|
|
type:
|
|
default: requiredDuringSchedulingIgnoredDuringExecution
|
|
mandatory_access_control:
|
|
type: apparmor
|
|
deckhand-api:
|
|
init: runtime/default
|
|
deckhand-api: runtime/default
|
|
deckhand-db-init:
|
|
init: runtime/default
|
|
deckhand-db-init: runtime/default
|
|
deckhand-db-sync:
|
|
init: runtime/default
|
|
deckhand-db-sync: runtime/default
|
|
deckhand-api-test:
|
|
deckhand-api-test: runtime/default
|
|
replicas:
|
|
deckhand: 1
|
|
security_context:
|
|
deckhand:
|
|
pod:
|
|
runAsUser: 1000
|
|
conf:
|
|
deckhand:
|
|
DEFAULT:
|
|
debug: true
|
|
use_stderr: true
|
|
use_syslog: true
|
|
keystone_authtoken:
|
|
memcache_security_strategy: None
|
|
policy:
|
|
admin_api: role:admin or role:admin_ucp
|
|
admin_viewer: role:admin_ucp_viewer or rule:admin_api
|
|
deckhand:create_cleartext_documents: rule:admin_api
|
|
deckhand:create_encrypted_documents: rule:admin_api
|
|
deckhand:list_cleartext_documents: rule:admin_viewer
|
|
deckhand:list_encrypted_documents: rule:admin_viewer
|
|
deckhand:show_revision: rule:admin_viewer
|
|
deckhand:list_revisions: rule:admin_viewer
|
|
deckhand:delete_revisions: rule:admin_api
|
|
deckhand:show_revision_deepdiff: rule:admin_viewer
|
|
deckhand:show_revision_diff: rule:admin_viewer
|
|
deckhand:create_tag: rule:admin_api
|
|
deckhand:show_tag: rule:admin_viewer
|
|
deckhand:list_tags: rule:admin_viewer
|
|
deckhand:delete_tag: rule:admin_api
|
|
deckhand:delete_tags: rule:admin_api
|
|
dependencies:
|
|
- deckhand-htk
|
|
...
|