treasuremap/global/software/charts/ucp/deckhand/deckhand.yaml

---
schema: armada/Chart/v1
metadata:
  schema: metadata/Document/v1
  name: ucp-deckhand
  labels:
    name: ucp-deckhand-global
  layeringDefinition:
    abstract: false
    layer: global
  storagePolicy: cleartext
  substitutions:
    # Chart source
    - src:
        schema: pegleg/SoftwareVersions/v1
        name: software-versions
        path: .charts.ucp.deckhand
      dest:
        path: .source

    # Images

    - src:
        schema: pegleg/SoftwareVersions/v1
        name: software-versions
        path: .images.ucp.deckhand
      dest:
        path: .values.images.tags

    # Endpoints
    - src:
        schema: pegleg/EndpointCatalogue/v1
        name: ucp_endpoints
        path: .ucp.identity
      dest:
        path: .values.endpoints.identity
    - src:
        schema: pegleg/EndpointCatalogue/v1
        name: ucp_endpoints
        path: .ucp.postgresql
      dest:
        path: .values.endpoints.postgresql
    - src:
        schema: pegleg/EndpointCatalogue/v1
        name: ucp_endpoints
        path: .ucp.deckhand
      dest:
        path: .values.endpoints.deckhand
    - src:
        schema: pegleg/EndpointCatalogue/v1
        name: ucp_endpoints
        path: .ucp.key_manager
      dest:
        path: .values.endpoints.key_manager
    - src:
        schema: pegleg/EndpointCatalogue/v1
        name: ucp_endpoints
        path: .ucp.oslo_cache
      dest:
        path: .values.endpoints.oslo_cache

    # Deckhand log level
    - src:
        schema: nc/CorridorConfig/v1
        name: corridor-config
        path: .airship.log_level
      dest:
        path: .values.conf.logging.logger_deckhand.level

    # Credentials
    - src:
        schema: pegleg/AccountCatalogue/v1
        name: ucp_service_accounts
        path: .ucp.postgres.admin
      dest:
        path: .values.endpoints.postgresql.auth.admin
    - src:
        schema: pegleg/AccountCatalogue/v1
        name: ucp_service_accounts
        path: .ucp.deckhand.postgres
      dest:
        path: .values.endpoints.postgresql.auth.user
    - src:
        schema: pegleg/AccountCatalogue/v1
        name: ucp_service_accounts
        path: .ucp.deckhand.postgres.database
      dest:
        path: .values.endpoints.postgresql.path
        pattern: DB_NAME
    - src:
        schema: pegleg/AccountCatalogue/v1
        name: ucp_service_accounts
        path: .ucp.deckhand.keystone
      dest:
        path: .values.endpoints.identity.auth.user
    - src:
        schema: pegleg/AccountCatalogue/v1
        name: ucp_service_accounts
        path: .ucp.keystone.admin
      dest:
        path: .values.endpoints.identity.auth.admin

    # Secrets
    - dest:
        path: .values.endpoints.identity.auth.admin.password
      src:
        schema: deckhand/Passphrase/v1
        name: ucp_keystone_admin_password
        path: .
    - dest:
        path: .values.endpoints.postgresql.auth.admin.password
      src:
        schema: deckhand/Passphrase/v1
        name: ucp_postgres_admin_password
        path: .
    - dest:
        path: .values.endpoints.identity.auth.deckhand.password
      src:
        schema: deckhand/Passphrase/v1
        name: ucp_deckhand_keystone_password
        path: .
    - dest:
        path: .values.endpoints.postgresql.auth.user.password
      src:
        schema: deckhand/Passphrase/v1
        name: ucp_deckhand_postgres_password
        path: .
data:
  chart_name: ucp-deckhand
  release: ucp-deckhand
  namespace: ucp
  protected:
    continue_processing: false
  wait:
    timeout: 900
    labels:
      release_group: clcp-ucp-deckhand
  test:
    enabled: true
  install:
    no_hooks: false
  upgrade:
    no_hooks: false
    pre:
      delete:
        - type: job
          labels:
            release_group: clcp-ucp-deckhand
    post:
      create: []
  values:
    pod:
      affinity:
        anti:
          type:
            default: requiredDuringSchedulingIgnoredDuringExecution
      mandatory_access_control:
        type: apparmor
        deckhand-api:
          init: runtime/default
          deckhand-api: runtime/default
        deckhand-db-init:
          init: runtime/default
          deckhand-db-init: runtime/default
        deckhand-db-sync:
          init: runtime/default
          deckhand-db-sync: runtime/default
        deckhand-api-test:
          deckhand-api-test: runtime/default
      replicas:
        deckhand: 1
      security_context:
        deckhand:
          pod:
            runAsUser: 1000
    conf:
      deckhand:
        DEFAULT:
          debug: true
          use_stderr: true
          use_syslog: true
        keystone_authtoken:
          memcache_security_strategy: None
      policy:
        admin_api: role:admin or role:admin_ucp
        admin_viewer: role:admin_ucp_viewer or rule:admin_api
        deckhand:create_cleartext_documents: rule:admin_api
        deckhand:create_encrypted_documents: rule:admin_api
        deckhand:list_cleartext_documents: rule:admin_viewer
        deckhand:list_encrypted_documents: rule:admin_viewer
        deckhand:show_revision: rule:admin_viewer
        deckhand:list_revisions: rule:admin_viewer
        deckhand:delete_revisions: rule:admin_api
        deckhand:show_revision_deepdiff: rule:admin_viewer
        deckhand:show_revision_diff: rule:admin_viewer
        deckhand:create_tag: rule:admin_api
        deckhand:show_tag: rule:admin_viewer
        deckhand:list_tags: rule:admin_viewer
        deckhand:delete_tag: rule:admin_api
        deckhand:delete_tags: rule:admin_api
  dependencies:
    - deckhand-htk
...