openstack-helm-infra/memcached/values.yaml
RAHUL KHIYANI 2cc0317fc3 Memcached: Fix security context
This PS adds the missing allowPrivilegeEscalation flag in container
securityContext

Change-Id: Ie10951bd43de563fec09795feedc0050dcd4ebbe
2019-04-23 13:29:44 +00:00

208 lines
4.6 KiB
YAML

# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for memcached.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
conf:
memcached:
max_connections: 8192
# NOTE(pordirect): this should match the value in
# `pod.resources.memcached.memory`
memory: 1024
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- memcached-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
memcached:
jobs: null
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
prometheus_memcached_exporter:
services:
- endpoint: internal
service: oslo_cache
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
oslo_cache:
namespace: null
host_fqdn_override:
default: null
hosts:
default: memcached
namespace: null
port:
memcache:
default: 11211
prometheus_memcached_exporter:
namespace: null
hosts:
default: memcached-exporter
host_fqdn_override:
default: null
path:
default: /metrics
scheme:
default: 'http'
port:
metrics:
default: 9150
kube_dns:
namespace: kube-system
name: kubernetes-dns
hosts:
default: kube-dns
host_fqdn_override:
default: null
path:
default: null
scheme: http
port:
dns_tcp:
default: 53
dns:
default: 53
protocol: UDP
network_policy:
memcached:
ingress:
- {}
monitoring:
prometheus:
enabled: false
memcached_exporter:
scrape: true
images:
pull_policy: IfNotPresent
tags:
dep_check: 'quay.io/stackanetes/kubernetes-entrypoint:v0.3.1'
memcached: 'docker.io/memcached:1.5.5'
prometheus_memcached_exporter: docker.io/prom/memcached-exporter:v0.4.1
image_repo_sync: docker.io/docker:17.07.0
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
prometheus_memcached_exporter:
node_selector_key: openstack-control-plane
node_selector_value: enabled
manifests:
configmap_bin: true
deployment: true
job_image_repo_sync: true
network_policy: false
service: true
monitoring:
prometheus:
configmap_bin: true
deployment_exporter: true
service_exporter: true
pod:
security_context:
memcached_exporter:
pod:
runAsUser: 65534
container:
memcached_exporter:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
server:
pod:
runAsUser: 65534
container:
memcached:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
affinity:
anti:
topologyKey:
default: kubernetes.io/hostname
type:
default: preferredDuringSchedulingIgnoredDuringExecution
lifecycle:
upgrades:
deployments:
pod_replacement_strategy: RollingUpdate
revision_history: 3
rolling_update:
max_surge: 3
max_unavailable: 1
termination_grace_period:
memcached:
timeout: 30
prometheus_memcached_exporter:
timeout: 30
replicas:
server: 1
prometheus_memcached_exporter: 1
resources:
enabled: false
memcached:
limits:
cpu: "2000m"
memory: "1024Mi"
requests:
cpu: "500m"
memory: "128Mi"
prometheus_memcached_exporter:
limits:
memory: "1024Mi"
cpu: "2000m"
requests:
cpu: 500m
memory: 128Mi
jobs:
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"