forked from openstack/openstack-helm-infra
-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
244 lines (225 loc) · 5.45 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http:https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for ldap.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
pod:
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
weight:
default: 10
replicas:
server: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
resources:
enabled: false
server:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
bootstrap:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
mounts:
ldap_data_load:
init_container: null
ldap_data_load:
images:
tags:
bootstrap: "docker.io/osixia/openldap:1.2.0"
ldap: "docker.io/osixia/openldap:1.2.0"
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
pull_policy: IfNotPresent
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- ldap-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
ldap:
jobs: null
bootstrap:
services:
- endpoint: internal
service: ldap
server:
jobs:
- ldap-load-data
services:
- endpoint: internal
service: ldap
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
storage:
pvc:
enabled: true
size: 2Gi
class_name: general
host:
data_path: /data/openstack-helm/ldap
config_path: /data/openstack-helm/config
labels:
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
bootstrap:
enabled: false
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
ldap:
hosts:
default: ldap
host_fqdn_override:
default: null
path: null
scheme: 'ldap'
port:
ldap:
default: 389
network_policy:
ldap:
ingress:
- {}
egress:
- {}
data:
sample: |
dn: ou=People,dc=cluster,dc=local
objectclass: organizationalunit
ou: People
description: We the People
# NOTE: Password is "password" without quotes
dn: uid=alice,ou=People,dc=cluster,dc=local
objectClass: inetOrgPerson
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
sn: Alice
cn: alice
uid: alice
userPassword: {SSHA}+i3t/DLCgLDGaIOAmfeFJ2kDeJWmPUDH
description: SHA
gidNumber: 1000
uidNumber: 1493
homeDirectory: /home/alice
mail: [email protected]
# NOTE: Password is "password" without quotes
dn: uid=bob,ou=People,dc=cluster,dc=local
objectClass: inetOrgPerson
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
sn: Bob
cn: bob
uid: bob
userPassword: {SSHA}fCJ5vuW1BQ4/OfOVkkx1qjwi7yHFuGNB
description: MD5
gidNumber: 1000
uidNumber: 5689
homeDirectory: /home/bob
mail: [email protected]
dn: ou=Groups,dc=cluster,dc=local
objectclass: organizationalunit
ou: Groups
description: We the People
dn: cn=cryptography,ou=Groups,dc=cluster,dc=local
objectclass: top
objectclass: posixGroup
gidNumber: 418
cn: cryptography
description: Cryptography Team
memberUID: uid=alice,ou=People,dc=cluster,dc=local
memberUID: uid=bob,ou=People,dc=cluster,dc=local
dn: cn=blue,ou=Groups,dc=cluster,dc=local
objectclass: top
objectclass: posixGroup
gidNumber: 419
cn: blue
description: Blue Team
memberUID: uid=bob,ou=People,dc=cluster,dc=local
dn: cn=red,ou=Groups,dc=cluster,dc=local
objectclass: top
objectclass: posixGroup
gidNumber: 420
cn: red
description: Red Team
memberUID: uid=alice,ou=People,dc=cluster,dc=local
secrets:
identity:
admin: admin
ldap: ldap
openldap:
domain: cluster.local
password: password
manifests:
configmap_bin: true
configmap_etc: true
job_bootstrap: true
job_image_repo_sync: true
network_policy: false
statefulset: true
service: true