# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # This file provides defaults for deckhand labels: node_selector_key: ucp-control-plane node_selector_value: enabled images: tags: deckhand: quay.io/attcomdev/deckhand:latest dep_check: "quay.io/stackanetes/kubernetes-entrypoint:v0.3.1" db_init: docker.io/postgres:9.5 db_sync: quay.io/attcomdev/deckhand:latest ks_endpoints: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton ks_user: docker.io/openstackhelm/heat:newton pull_policy: "IfNotPresent" release_group: null network: ingress: public: true port: 9000 node_port: 31902 enable_node_port: false dependencies: db_init: services: - service: postgresql endpoint: internal db_sync: jobs: - deckhand-db-init services: - service: postgresql endpoint: internal ks_user: services: - service: identity endpoint: internal ks_service: services: - service: identity endpoint: internal ks_endpoints: jobs: - deckhand-ks-service services: - service: identity endpoint: internal deckhand: jobs: - deckhand-ks-endpoints - deckhand-ks-user - deckhand-ks-endpoints services: - service: identity endpoint: internal - service: key_manager endpoint: internal # typically overridden by environmental # values, but should include all endpoints # required by this chart endpoints: cluster_domain_suffix: cluster.local identity: name: keystone auth: user: region_name: RegionOne role: admin project_name: service project_domain_name: default user_domain_name: default username: deckhand password: password admin: region_name: RegionOne project_name: admin password: password username: admin user_domain_name: default project_domain_name: default hosts: default: keystone-api public: keystone path: default: /v3 scheme: default: http port: admin: default: 35357 api: default: 80 host_fqdn_override: default: null deckhand: name: deckhand hosts: default: deckhand-int public: deckhand-api port: api: default: 9000 public: 80 path: default: /api/v1.0 scheme: default: http host_fqdn_override: default: null postgresql: name: postgresql auth: admin: username: postgres password: password user: username: deckhand password: password database: deckhand hosts: default: postgresql path: /deckhand scheme: postgresql+psycopg2 port: postgresql: default: 5432 host_fqdn_override: default: null key_manager: name: barbican hosts: default: barbican-api public: barbican host_fqdn_override: default: null path: default: /v1 scheme: default: http port: api: default: 9311 public: 80 oslo_cache: hosts: default: memcached host_fqdn_override: default: null port: memcache: default: 11211 secrets: identity: admin: deckhand-keystone-admin user: deckhand-keystone-user postgresql: admin: deckhand-db-admin user: deckhand-db-user conf: uwsgi: # NOTE(fmontei): Deckhand's database is not configured to work with # multiprocessing. Currently there is a data race on acquiring shared # SQLAlchemy engine pooled connection strings when workers > 1. As a # workaround, we use multiple threads but only 1 worker. For more # information, see: https://github.com/att-comdev/deckhand/issues/20 threads: 4 workers: 1 policy: admin_api: role:admin deckhand:create_cleartext_documents: rule:admin_api deckhand:create_encrypted_documents: rule:admin_api deckhand:list_cleartext_documents: rule:admin_api deckhand:list_encrypted_documents: rule:admin_api deckhand:show_revision: rule:admin_api deckhand:list_revisions: rule:admin_api deckhand:delete_revisions: rule:admin_api deckhand:show_revision_diff: rule:admin_api deckhand:create_tag: rule:admin_api deckhand:show_tag: rule:admin_api deckhand:list_tags: rule:admin_api deckhand:delete_tag: rule:admin_api deckhand:delete_tags: rule:admin_api paste: filter:authtoken: paste.filter_factory: keystonemiddleware.auth_token:filter_factory filter:debug: use: egg:oslo.middleware#debug filter:cors: paste.filter_factory: oslo_middleware.cors:filter_factory oslo_config_project: deckhand filter:request_id: paste.filter_factory: oslo_middleware:RequestId.factory app:api: paste.app_factory: deckhand.service:deckhand_app_factory pipeline:deckhand_api: pipeline: authtoken api deckhand: DEFAULT: debug: true use_stderr: true use_syslog: true profiler: false database: connection: keystone_authtoken: delay_auth_decision: true auth_type: password auth_version: v3 memcache_security_strategy: ENCRYPT oslo_policy: policy_file: policy.yaml policy_default_rule: default policy_dirs: policy.d barbican: api_endpoint: logging: loggers: keys: 'root, deckhand, error' handlers: keys: 'null, stderr, stdout, syslog' formatters: keys: 'simple, context' logger_deckhand: level: DEBUG handlers: stdout qualname: deckhand logger_error: level: ERROR handlers: stderr qualname: deckhand logger_root: level: WARNING handlers: null handler_null: class: 'logging.NullHandler' formatter: context args: '()' handler_stderr: class: StreamHandler args: '(sys.stderr,)' formatter: context handler_stdout: class: StreamHandler args: '(sys.stdout,)' formatter: context handler_syslog: class: 'handlers.SysLogHandler' level: ERROR args: "('/dev/log', handlers.SysLogHandler.LOG_USER)" formatter_context: class: 'oslo_log.formatters.ContextFormatter' formatter_simple: format: "%(asctime)s.%(msecs)03d %(process)d %(levelname)s: %(message)s" pod: mounts: deckhand_db_init: init_container: null deckhand_db_init: deckhand_db_sync: init_container: null deckhand_db_sync: deckhand: init_container: null deckhand: lifecycle: upgrades: deployments: revision_history: 3 pod_replacement_strategy: RollingUpdate rolling_update: max_unavailable: 1 max_surge: 3 termination_grace_period: deckhand: timeout: 30 replicas: deckhand: 1 resources: enabled: false api: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" jobs: ks_user: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" ks_service: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" ks_endpoints: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" test: deckhand: limits: memory: "128Mi" cpu: "100m" requests: memory: "128Mi" cpu: "100m" manifests: configmap_bin: true configmap_etc: true deployment: true job_db_init: true job_db_sync: true job_ks_endpoints: true job_ks_service: true job_ks_user: true secret_db: true secret_keystone: true service_api: true ingress_api: true service: true service_ingress: true test_deckhand_api: true