forked from cedadev/jasmin-cloud
-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
280 lines (267 loc) · 10.6 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
nameOverride: ""
fullnameOverride: ""
api:
image:
repository: ghcr.io/stackhpc/jasmin-cloud-api
pullPolicy: IfNotPresent
tag: "{{ .Chart.AppVersion }}"
imagePullSecrets: []
replicaCount: 1
podAnnotations: {}
podSecurityContext: {}
securityContext:
capabilities:
drop: [ALL]
readOnlyRootFilesystem: true
runAsNonRoot: true
service:
type: ClusterIP
port: 8080
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}
ui:
image:
repository: ghcr.io/stackhpc/jasmin-cloud-ui
pullPolicy: IfNotPresent
tag: "{{ .Chart.AppVersion }}"
imagePullSecrets: []
replicaCount: 1
podAnnotations: {}
podSecurityContext: {}
securityContext:
capabilities:
drop: [ALL]
readOnlyRootFilesystem: true
runAsNonRoot: true
service:
type: ClusterIP
port: 8080
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}
ingress:
enabled: false
host: cloud.example.local
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# TLS is enabled if this is given
tlsSecretName:
settings:
# The Django secret key
# If not given, a randomly generated key will be used
# However this will be different on each deployment which may cause sessions to be terminated
secretKey:
# Use debug mode (recommended false in production)
debug: false
# Allow cookies to be sent over HTTPS only (MUST be true in production)
secureCookies: true
# The available clouds
availableClouds:
- name: example
label: 'Example Cloud'
url: http://cloud.example.local/dashboard
# The current cloud
currentCloud: example
# The authenticator to use
# The parameters for the provider will be re-used where appropriate
authenticator:
# The type of authenticator to use (currently only openstack-{password,federation} are supported)
type: openstack-password
# By default, the OpenStack password authenticator will use the parameters from
# the OpenStack provider
openstackPassword: {}
# Parameters for the OpenStack federation authenticator
openstackFederation:
# The URL that should be used for the federated authentication
federationUrl: https://keystone.cloud.example.local/v3/auth/OS-FEDERATION/websso/<authtype>
# The cloud provider to use
provider:
# The type of provider to use (currently only openstack is supported)
type: openstack
# Parameters for the openstack provider
openstack:
# The Keystone authentication URL
authUrl: https://keystone.cloud.example.local/v3
# The domain to use
domain: default
# The OpenStack interface to use
# Should rarely need to be changed from the default
interface:
# Whether or not to verify SSL
verifySsl: true
# The template to use for the name of the internal network
# If this is given, then auto-created tenant internal networks are disabled
# The fragment '{tenant_name}' is replaced with the current tenancy name, e.g.:
# internalNetTemplate: "{tenant_name}-private"
internalNetTemplate:
# The template to use for the name of the external network
# As with internalNetTemplate above, the current tenancy name is interpolated into
# the given template
# If not given and there is exactly one external network available to a tenant then
# that is used, otherwise an error is raised when operations requiring an external
# network are attempted
externalNetTemplate:
# The CIDR to use for auto-created tenant internal networks
# Defaults to 192.168.3.0/24 if not given, which should be OK for most circumstances
internalNetCidr:
# Settings for the internal app proxy, used to provide user access to apps
appProxy:
# Whether the app proxy should be deployed or not
enabled: false
# Prevent the tunnel-proxy chart from deploy it's own Consul
# We will deploy our own as we want to use it in other places as well
consul:
enabled: false
proxy:
# The base domain for the app proxy
baseDomain:
# By default, use the consul server for the internal Consul
consulServerAddress: "{{ include \"jasmin-cloud.consulServerAddress\" . }}"
# Settings for apps
# By default, this assumes that the internal app proxy is used
apps:
# Determines whether apps are enabled or not
# If the internal app proxy is enabled, this is automatically true
enabled: false
# The base domain for the app proxy
# Defaults to the domain for the internal app proxy
proxyBaseDomain: "{{ include \"jasmin-cloud.appProxyBaseDomain\" . }}"
# The proxy SSHD host
# By default it tries to infer the SSHD host for the internal app proxy
# However it may sometimes be necessary to help the chart out, especially when
# using LoadBalancer services
proxySSHDHost: "{{ include \"jasmin-cloud.appProxySSHDHost\" . }}"
# The proxy SSHD port
# By default it attempts to infer the SSHD port for the internal app proxy
proxySSHDPort: "{{ include \"jasmin-cloud.appProxySSHDPort\" . }}"
# The URL of the post-deploy script to execute
postDeployScriptUrl:
# Configuration for the internal Consul instance
consul:
# Indicates whether the internal Consul instance should be created
# This only applies if Consul is required for a feature that is enabled, e.g.
# the app proxy or as a Terraform backend for the cluster engine
enabled: true
spec: {}
# The cluster engine to use for Cluster-as-a-Service support
clusterEngine:
# Whether the cluster engine should be enabled or not
enabled: false
# The type of cluster engine to use (currently only AWX is supported)
type: awx
# Parameters for the awx cluster engine
# By default, we use values that will work with the internal AWX
awx:
# The AWX or Ansible Tower URL
# The URL is treated as a template when rendering resources
url: http://{{ include "jasmin-cloud.componentname" (list . "awx-service") }}
# Whether to verify SSL with the AWX/Tower API
verifySsl: true
# The username to use for the AWX/Tower API
# This user must be at least an org admin for the CaaS organisation
username: admin
# The name of a secret to get the AWX password from
# This is treated as a template when rendering resources
# By default, this will be the admin password secret for the internal instance
passwordSecretName: "{{ include \"jasmin-cloud.componentname\" (list . \"awx-admin-password\") }}"
# Indicates whether teams should be created automatically
createTeams: true
# Indicates whether automatically-created teams should be granted access
# to all cluster types
createTeamAllowAllPermission: true
# Indicates whether CaaS resources should be created in AWX
createResources: true
# Creating resources requires the admin user
# If the user specified above is not a global admin, a separate admin username and
# password secret should be specified
adminUsername:
adminPasswordSecretName:
# Definition of the default projects and job templates.
# By default, the StackHPC demo appliances will be used
defaultProjects:
# - # The name of the project (required)
# name: My Site Appliances
# # The git URL of the project (required)
# gitUrl: https://github.com/myorg/site-appliances.git
# # The branch, tag or commit id to use (required)
# gitVersion: master
# # The base URL for cluster metadata files (required)
# metadataRoot: https://raw.githubusercontent.com/myorg/site-appliances/master/ui-meta
# ##
# # OPTIONAL KEYS
# ##
# # Indicates if the project should be updated to the latest version on each job launch
# # Can be useful during development but recommend to leave as false in production
# # Defaults to false if not given
# alwaysUpdate: true
# # List of playbooks to create job templates for
# # If not given, a job template is created for each playbook in the project
# playbooks: ['cluster1-playbook.yml', 'cluster2-playbook.yml']
# # Map whose keys are the playbooks and whose values are maps of Ansible extra_vars for those playbooks
# extraVars:
# # This special key can be used to set common extra_vars for all playbooks in a project
# __ALL__: { var1: value1, var2: value2 }
# cluster1-playbook.yml: { var1: "override value1" }
# # (ADVANCED) Definition of a custom execution environment for the project
# executionEnvironment:
# # The image to use (required)
# image: registry.example.com/org/image:tag
# # Whether to re-pull the image each time it is required (defaults to false if not given)
# alwaysPull: true
# Configuration for the Terraform backend
terraformBackend:
# Indicates if the Terraform backend should be configured
enabled: true
# The type of the Terraform backend to use (currently only consul is supported)
type: consul
# Configuration for the consul backend
consul:
# The address, including port, of the Consul server to use
# By default, use the internal Consul
address: "{{ include \"jasmin-cloud.consulServerAddress\" . }}"
# Configuration for the internal AWX instance
awx:
# Indicates whether the internal AWX instance should be created
# This only applies if the cluster engine is enabled with type AWX
enabled: true
# The spec for the internal AWX instance
spec:
create_preload_data: false
garbage_collect_secrets: true
# The SSH key store to use
# The JASMIN Cloud Portal asks this store for the SSH key for a user
sshKeyStore:
# The type of key store to use (provider, dummy and ldap are supported)
type: provider
# Parameters for the dummy key store
dummy:
# The SSH public key to use
key:
# Parameters for the LDAP key store
ldap:
# The LDAP primary server
primary: ldap://ldap.example.com
# List of LDAP replica servers
replicas: []
# The base DN where users exist
baseDn: OU=Users,DC=example,DC=com
# Properties for applying themes
theme:
# The URL of the Bootstrap CSS to use (must be Bootstrap 5)
bootstrapCssUrl: https://cdn.jsdelivr.net/npm/[email protected]/dist/pulse/bootstrap.min.css
# Any custom CSS that should be included
customCss:
# For example, the following installs a custom logo in the top navbar in place of the cloud name
# customCss: |
# .navbar-brand {
# background-image: url(<url of logo, which could be a data url>);
# background-size: auto 100%;
# background-repeat: no-repeat;
# width: <width that is required for logo to show properly in px>;
# text-overflow: hidden;
# color: rgb(0, 0, 0, 0) !important;
# }