# Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- images: tags: cert_rotation: 'docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic' dep_check: 'quay.io/airshipit/kubernetes-entrypoint:v1.0.0' local_registry: active: false labels: job: node_selector_key: openstack-control-plane node_selector_value: enabled jobs: rotate: # Run at 1:00AM on 1st of each month cron: "0 1 1 * *" starting_deadline: 600 history: success: 3 failed: 1 # Number of day before expiry should certs be rotated. max_days_to_expiry: 45 suspend: false pod: security_context: cert_rotate: pod: runAsUser: 42424 container: cert_rotate: readOnlyRootFilesystem: true allowPrivilegeEscalation: false resources: enabled: false jobs: cert_rotate: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" dependencies: static: cert_rotate: null secrets: oci_image_registry: cert-rotation: cert-rotation-oci-image-registry-key endpoints: cluster_domain_suffix: cluster.local oci_image_registry: name: oci-image-registry namespace: oci-image-registry auth: enabled: false cert-rotation: username: cert-rotation password: password hosts: default: localhost host_fqdn_override: default: null port: registry: default: null manifests: configmap_bin: true cron_job_cert_rotate: false job_cert_rotate: false secret_registry: true ...