# Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Default values for mariadb. # This is a YAML-formatted file. # Declare name/value pairs to be passed into your templates. # name: value --- release_group: null images: tags: mariadb: docker.io/openstackhelm/mariadb:latest-ubuntu_focal ks_user: docker.io/openstackhelm/heat:wallaby-ubuntu_focal dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal mariadb_backup: quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_focal pull_policy: "IfNotPresent" local_registry: active: false exclude: - dep_check labels: server: node_selector_key: openstack-control-plane node_selector_value: enabled job: node_selector_key: openstack-control-plane node_selector_value: enabled pod: security_context: server: pod: runAsUser: 999 container: perms: runAsUser: 0 readOnlyRootFilesystem: true init: runAsUser: 0 allowPrivilegeEscalation: false readOnlyRootFilesystem: false agent: runAsUser: 0 allowPrivilegeEscalation: false readOnlyRootFilesystem: false mariadb: runAsUser: 0 allowPrivilegeEscalation: false readOnlyRootFilesystem: false mariadb_backup: pod: runAsUser: 65534 container: backup_perms: runAsUser: 0 readOnlyRootFilesystem: true verify_perms: runAsUser: 0 readOnlyRootFilesystem: true mariadb_backup: runAsUser: 65534 readOnlyRootFilesystem: true allowPrivilegeEscalation: false tests: pod: runAsUser: 999 container: test: runAsUser: 999 readOnlyRootFilesystem: true affinity: anti: type: default: preferredDuringSchedulingIgnoredDuringExecution topologyKey: default: kubernetes.io/hostname weight: default: 10 tolerations: mariadb: enabled: false tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule replicas: server: 3 prometheus_mysql_exporter: 1 lifecycle: upgrades: deployments: revision_history: 3 pod_replacement_strategy: RollingUpdate rolling_update: max_unavailable: 1 max_surge: 3 termination_grace_period: prometheus_mysql_exporter: timeout: 30 error_pages: timeout: 10 disruption_budget: mariadb: min_available: 0 resources: enabled: false server: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" jobs: tests: limits: memory: "1024Mi" cpu: "2000m" requests: memory: "128Mi" cpu: "100m" image_repo_sync: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" mariadb_backup: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_user: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" dependencies: dynamic: common: local_image_registry: jobs: - mariadb-server-image-repo-sync services: - endpoint: node service: local_image_registry static: mariadb_server_ks_user: services: - endpoint: internal service: oslo_db mariadb_backup: services: - endpoint: internal service: oslo_db image_repo_sync: services: - endpoint: internal service: local_image_registry tests: services: - endpoint: internal service: oslo_db volume: backup: enabled: true class_name: general size: 5Gi jobs: mariadb_backup: # activeDeadlineSeconds == 0 means no deadline activeDeadlineSeconds: 0 backoffLimit: 6 cron: "0 0 * * *" history: success: 3 failed: 1 ks_user: # activeDeadlineSeconds == 0 means no deadline activeDeadlineSeconds: 0 backoffLimit: 6 conf: mariadb_server: setup_wait: iteration: 30 duration: 5 database: my: | [mysqld] datadir=/var/lib/mysql basedir=/usr ignore-db-dirs=lost+found [client-server] !includedir /etc/mysql/conf.d/ backup: enabled: false base_path: /var/backup validateData: ageOffset: 120 mysqldump_options: > --single-transaction --quick --add-drop-database --add-drop-table --add-locks --databases days_to_keep: 3 remote_backup: enabled: false container_name: mariadb days_to_keep: 14 storage_policy: default-placement number_of_retries: 5 delay_range: min: 30 max: 60 throttle_backups: enabled: false sessions_limit: 480 lock_expire_after: 7200 retry_after: 3600 container_name: throttle-backups-manager secrets: identity: admin: keystone-admin-user mariadb-server: mariadb-backup-user mariadb: backup_restore: mariadb-backup-restore oci_image_registry: mariadb: mariadb-oci-image-registry-key tls: oslo_db: server: public: mariadb-tls-server internal: mariadb-tls-direct # typically overridden by environmental # values, but should include all endpoints # required by this chart endpoints: cluster_domain_suffix: cluster.local local_image_registry: name: docker-registry namespace: docker-registry hosts: default: localhost internal: docker-registry node: localhost host_fqdn_override: default: null port: registry: node: 5000 oci_image_registry: name: oci-image-registry namespace: oci-image-registry auth: enabled: false mariadb: username: mariadb password: password hosts: default: localhost host_fqdn_override: default: null port: registry: default: null oslo_db: namespace: null auth: admin: username: root password: password sst: username: sst password: password audit: username: audit password: password exporter: username: exporter password: password hosts: default: mariadb-server-primary direct: mariadb-server-internal discovery: mariadb-discovery server: mariadb-server host_fqdn_override: default: null path: null scheme: mysql+pymysql port: mysql: default: 3306 wsrep: default: 4567 identity: name: backup-storage-auth namespace: openstack auth: admin: # Auth URL of null indicates local authentication # HTK will form the URL unless specified here auth_url: null region_name: RegionOne username: admin password: password project_name: admin user_domain_name: default project_domain_name: default mariadb: # Auth URL of null indicates local authentication # HTK will form the URL unless specified here auth_url: null role: admin region_name: RegionOne username: mariadb-backup-user password: password project_name: service user_domain_name: service project_domain_name: service hosts: default: keystone internal: keystone-api host_fqdn_override: default: null path: default: /v3 scheme: default: 'http' port: api: default: 80 internal: 5000 network_policy: mariadb: ingress: - {} egress: - {} # Helm hook breaks for helm2. # Set helm3_hook: false in case helm2 is used. helm3_hook: true manifests: certificates: false configmap_bin: true configmap_etc: true job_ks_user: false cron_job_mariadb_backup: true pvc_backup: true network_policy: false pod_test: true secret_dbadmin_password: true secret_sst_password: true secret_dbaudit_password: true secret_backup_restore: true secret_etc: true ...