├── .gitignore ├── .gitreview ├── CONTRIBUTING.rst ├── LICENSE ├── Makefile ├── README.rst ├── aodh ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _aodh-alarms-cleaner.sh.tpl │ │ ├── _aodh-api.sh.tpl │ │ ├── _aodh-evaluator.sh.tpl │ │ ├── _aodh-listener.sh.tpl │ │ ├── _aodh-notifier.sh.tpl │ │ ├── _aodh-test.sh.tpl │ │ ├── _bootstrap.sh.tpl │ │ └── _db-sync.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── cron-job-alarms-cleaner.yaml │ ├── deployment-api.yaml │ ├── deployment-evaluator.yaml │ ├── deployment-listener.yaml │ ├── deployment-notifier.yaml │ ├── ingress-api.yaml │ ├── job-bootstrap.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-rabbit-init.yaml │ ├── network_policy.yaml │ ├── pdb-api.yaml │ ├── pod-aodh-test.yaml │ ├── secret-db.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-keystone.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ ├── service-api.yaml │ └── service-ingress-api.yaml └── values.yaml ├── barbican ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _barbican-test.sh.tpl │ │ ├── _barbican.sh.tpl │ │ ├── _bootstrap.sh.tpl │ │ ├── _db-sync.sh.tpl │ │ └── _simple_crypto_kek_rewrap.py.tpl │ ├── certificates.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── deployment-api.yaml │ ├── ingress-api.yaml │ ├── job-bootstrap.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-rabbit-init.yaml │ ├── network_policy.yaml │ ├── pdb-api.yaml │ ├── pod-test.yaml │ ├── secret-db.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-keystone.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ ├── service-api.yaml │ └── service-ingress-api.yaml └── values.yaml ├── bindep.txt ├── ca-clusterissuer ├── Chart.yaml ├── templates │ ├── clusterissuer-ca.yaml │ └── secret-ca.yaml └── values.yaml ├── ca-issuer ├── Chart.yaml ├── templates │ ├── issuer-ca.yaml │ └── secret-ca.yaml └── values.yaml ├── ceilometer ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _ceilometer-api.sh.tpl │ │ ├── _ceilometer-central.sh.tpl │ │ ├── _ceilometer-collector.sh.tpl │ │ ├── _ceilometer-compute.sh.tpl │ │ ├── _ceilometer-ipmi.sh.tpl │ │ ├── _ceilometer-notification.sh.tpl │ │ ├── _db-init-mongodb.sh.tpl │ │ └── _db-sync.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── daemonset-compute.yaml │ ├── daemonset-ipmi.yaml │ ├── deployment-api.yaml │ ├── deployment-central.yaml │ ├── deployment-collector.yaml │ ├── deployment-notification.yaml │ ├── ingress-api.yaml │ ├── job-bootstrap.yaml │ ├── job-db-drop.yaml │ ├── job-db-init-mongodb.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-rabbit-init.yaml │ ├── network_policy.yaml │ ├── pdb-api.yaml │ ├── pod-rally-test.yaml │ ├── secret-db.yaml │ ├── secret-keystone.yaml │ ├── secret-mongodb.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ ├── service-api.yaml │ └── service-ingress-api.yaml └── values.yaml ├── ceph-adapter-rook ├── Chart.yaml ├── README.md ├── templates │ ├── bin │ │ ├── _config-manager.sh.tpl │ │ └── _key-manager.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc-client.yaml │ ├── job-namespace-client-ceph-config.yaml │ └── job-namespace-client-key.yaml └── values.yaml ├── ceph-client ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _helm-tests.sh.tpl │ │ ├── _init-dirs.sh.tpl │ │ ├── mds │ │ │ └── _start.sh.tpl │ │ ├── pool │ │ │ ├── _calc.py.tpl │ │ │ └── _init.sh.tpl │ │ └── utils │ │ │ ├── _checkDNS.sh.tpl │ │ │ ├── _checkDNS_start.sh.tpl │ │ │ ├── _checkPGs.sh.tpl │ │ │ └── _defragOSDs.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc-client.yaml │ ├── cronjob-checkPGs.yaml │ ├── cronjob-defragosds.yaml │ ├── deployment-checkdns.yaml │ ├── deployment-mds.yaml │ ├── job-bootstrap.yaml │ ├── job-image-repo-sync.yaml │ ├── job-rbd-pool.yaml │ ├── pod-helm-tests.yaml │ └── secret-registry.yaml └── values.yaml ├── ceph-mon ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _init-dirs.sh.tpl │ │ ├── _post-apply.sh.tpl │ │ ├── keys │ │ │ ├── _bootstrap-keyring-generator.py.tpl │ │ │ ├── _bootstrap-keyring-manager.sh.tpl │ │ │ └── _storage-keyring-manager.sh.tpl │ │ ├── mgr │ │ │ ├── _check.sh.tpl │ │ │ └── _start.sh.tpl │ │ ├── mon │ │ │ ├── _check.sh.tpl │ │ │ ├── _start.sh.tpl │ │ │ └── _stop.sh.tpl │ │ ├── moncheck │ │ │ ├── _reap-zombies.py.tpl │ │ │ └── _start.sh.tpl │ │ └── utils │ │ │ ├── _checkDNS.sh.tpl │ │ │ ├── _checkObjectReplication.py.tpl │ │ │ └── _checkPGs.py.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── configmap-templates.yaml │ ├── daemonset-mon.yaml │ ├── deployment-mgr.yaml │ ├── deployment-moncheck.yaml │ ├── job-bootstrap.yaml │ ├── job-image-repo-sync.yaml │ ├── job-keyring.yaml │ ├── job-post-apply.yaml │ ├── job-storage-admin-keys.yaml │ ├── secret-registry.yaml │ ├── service-mgr.yaml │ ├── service-mon-discovery.yaml │ ├── service-mon.yaml │ ├── snippets │ │ └── _mon_host_from_k8s_ep.sh.tpl │ └── utils │ │ └── _mon_daemonset_overrides.tpl └── values.yaml ├── ceph-osd ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _helm-tests.sh.tpl │ │ ├── _init-dirs.sh.tpl │ │ ├── _post-apply.sh.tpl │ │ ├── osd │ │ │ ├── _check.sh.tpl │ │ │ ├── _directory.sh.tpl │ │ │ ├── _init.sh.tpl │ │ │ ├── _log-runner-stop.sh.tpl │ │ │ ├── _log-tail.sh.tpl │ │ │ ├── _start.sh.tpl │ │ │ ├── _stop.sh.tpl │ │ │ └── ceph-volume │ │ │ │ ├── _block.sh.tpl │ │ │ │ ├── _bluestore.sh.tpl │ │ │ │ ├── _common.sh.tpl │ │ │ │ ├── _init-ceph-volume-helper-block-logical.sh.tpl │ │ │ │ ├── _init-ceph-volume-helper-bluestore.sh.tpl │ │ │ │ ├── _init-ceph-volume-helper-directory.sh.tpl │ │ │ │ └── _init-with-ceph-volume.sh.tpl │ │ └── utils │ │ │ ├── _checkDNS.sh.tpl │ │ │ ├── _defragOSDs.sh.tpl │ │ │ └── _resolveLocations.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── daemonset-osd.yaml │ ├── job-bootstrap.yaml │ ├── job-image-repo-sync.yaml │ ├── job-post-apply.yaml │ ├── pod-helm-tests.yaml │ ├── secret-registry.yaml │ └── utils │ │ └── _osd_daemonset_overrides.tpl └── values.yaml ├── ceph-provisioners ├── Chart.yaml ├── crds │ ├── snapshot.storage.k8s.io_volumesnapshotclasses.yaml │ ├── snapshot.storage.k8s.io_volumesnapshotcontents.yaml │ └── snapshot.storage.k8s.io_volumesnapshots.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _helm-tests.sh.tpl │ │ └── provisioner │ │ │ ├── cephfs │ │ │ ├── _client-key-manager.sh.tpl │ │ │ └── _start.sh.tpl │ │ │ └── rbd │ │ │ ├── _namespace-client-ceph-config-manager.sh.tpl │ │ │ ├── _namespace-client-key-cleaner.sh.tpl │ │ │ ├── _namespace-client-key-manager.sh.tpl │ │ │ └── _start.sh.tpl │ ├── configmap-bin-provisioner.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc-client.yaml │ ├── configmap-etc-csi.yaml │ ├── daemonset-csi-rbd-plugin.yaml │ ├── deployment-csi-rbd-provisioner.yaml │ ├── job-bootstrap.yaml │ ├── job-cephfs-client-key.yaml │ ├── job-image-repo-sync.yaml │ ├── job-namespace-client-ceph-config.yaml │ ├── job-namespace-client-key-cleaner.yaml │ ├── job-namespace-client-key.yaml │ ├── pod-helm-tests.yaml │ ├── secret-registry.yaml │ └── storageclass.yaml └── values.yaml ├── ceph-rgw ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _ceph-admin-keyring.sh.tpl │ │ ├── _ceph-rgw-storage-init.sh.tpl │ │ ├── _create-rgw-placement-targets.sh.tpl │ │ ├── _helm-tests.sh.tpl │ │ ├── _init-dirs.sh.tpl │ │ ├── _rgw-restart.sh.tpl │ │ ├── rgw │ │ │ ├── _init.sh.tpl │ │ │ ├── _rerun-pool-job.sh.tpl │ │ │ └── _start.sh.tpl │ │ └── utils │ │ │ └── _checkDNS.sh.tpl │ ├── certificates.yaml │ ├── configmap-bin-ks.yaml │ ├── configmap-bin.yaml │ ├── configmap-ceph-rgw-templates.yaml │ ├── configmap-etc-client.yaml │ ├── deployment-rgw.yaml │ ├── ingress-rgw.yaml │ ├── job-bootstrap.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-rgw-placement-targets.yaml │ ├── job-rgw-pool.yaml │ ├── job-rgw-restart.yaml │ ├── job-rgw-storage-init.yaml │ ├── job-s3-admin.yaml │ ├── network_policy.yaml │ ├── pod-helm-tests.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-keystone-rgw.yaml │ ├── secret-keystone.yaml │ ├── secret-registry.yaml │ ├── secret-s3-rgw.yaml │ ├── service-ingress-rgw.yaml │ └── service-rgw.yaml └── values.yaml ├── cert-rotation ├── Chart.yaml ├── templates │ ├── bin │ │ └── _rotate-certs.sh.tpl │ ├── configmap-bin.yaml │ ├── cron-job-cert-rotate.yaml │ ├── job-cert-rotate.yaml │ └── secret-registry.yaml └── values.yaml ├── cinder ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _backup-storage-init.sh.tpl │ │ ├── _bootstrap.sh.tpl │ │ ├── _ceph-admin-keyring.sh.tpl │ │ ├── _ceph-keyring.sh.tpl │ │ ├── _cinder-api.sh.tpl │ │ ├── _cinder-backup.sh.tpl │ │ ├── _cinder-scheduler.sh.tpl │ │ ├── _cinder-volume.sh.tpl │ │ ├── _clean-secrets.sh.tpl │ │ ├── _create-internal-tenant-id.sh.tpl │ │ ├── _db-purge.sh.tpl │ │ ├── _db-sync.sh.tpl │ │ ├── _external-ceph-rbd-admin-keyring.sh.tpl │ │ ├── _iscsiadm.tpl │ │ ├── _multipath.tpl │ │ ├── _multipathd.tpl │ │ ├── _retrieve-internal-tenant-id.sh.tpl │ │ ├── _storage-init.sh.tpl │ │ └── _volume-usage-audit.sh.tpl │ ├── certificates.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── cron-job-cinder-db-purge.yaml │ ├── cron-job-cinder-volume-usage-audit.yaml │ ├── deployment-api.yaml │ ├── deployment-backup.yaml │ ├── deployment-scheduler.yaml │ ├── deployment-volume.yaml │ ├── ingress-api.yaml │ ├── job-backup-storage-init.yaml │ ├── job-bootstrap.yaml │ ├── job-clean.yaml │ ├── job-create-internal-tenant.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-rabbit-init.yaml │ ├── job-storage-init.yaml │ ├── network_policy.yaml │ ├── pdb-api.yaml │ ├── pod-rally-test.yaml │ ├── pvc-backup.yaml │ ├── secret-db.yaml │ ├── secret-external-ceph-keyring.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-keystone.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ ├── service-api.yaml │ ├── service-ingress-api.yaml │ └── utils │ │ ├── _ceph_backend_list.tpl │ │ ├── _has_ceph_backend.tpl │ │ └── _is_ceph_backend.tpl └── values.yaml ├── cyborg ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _cyborg-agent.sh.tpl │ │ ├── _cyborg-api.sh.tpl │ │ ├── _cyborg-conductor.sh.tpl │ │ └── _db-sync.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── daemonset-agent.yaml │ ├── deployment-api.yaml │ ├── deployment-conductor.yaml │ ├── ingress-api.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-rabbit-init.yaml │ ├── network_policy.yaml │ ├── pdb-api.yaml │ ├── secret-db.yaml │ ├── secret-keystone.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ ├── service-api.yaml │ └── service-ingress-api.yaml └── values.yaml ├── daemonjob-controller ├── Chart.yaml ├── templates │ ├── bin │ │ └── _sync-hook.py.tpl │ ├── composite-controller.yaml │ ├── configmap-bin.yaml │ ├── crd.yaml │ ├── deployment.yaml │ ├── job-image-repo-sync.yaml │ ├── secret-registry.yaml │ └── service.yaml └── values.yaml ├── designate ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _db-sync.sh.tpl │ │ ├── _designate-api.sh.tpl │ │ ├── _designate-central.sh.tpl │ │ ├── _designate-mdns.sh.tpl │ │ ├── _designate-producer.sh.tpl │ │ ├── _designate-service-cleaner.sh.tpl │ │ ├── _designate-sink.sh.tpl │ │ └── _designate-worker.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── cron-job-service.cleaner.yaml │ ├── deployment-api.yaml │ ├── deployment-central.yaml │ ├── deployment-mdns.yaml │ ├── deployment-producer.yaml │ ├── deployment-sink.yaml │ ├── deployment-worker.yaml │ ├── ingress-api.yaml │ ├── job-bootstrap.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-rabbit-init.yaml │ ├── pdb-api.yaml │ ├── pdb-central.yaml │ ├── pdb-mdns.yaml │ ├── pdb-producer.yaml │ ├── pdb-sink.yaml │ ├── pdb-worker.yaml │ ├── secret-db.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-keystone.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ ├── service-api.yaml │ ├── service-ingress-api.yaml │ └── service-mdns.yaml └── values.yaml ├── doc ├── helm-docs.rst.gotmpl ├── requirements.txt └── source │ ├── _exts │ └── helm_docs.py │ ├── _static │ └── .placeholder │ ├── chart │ ├── index.rst │ ├── infra_charts.rst │ └── openstack_charts.rst │ ├── conf.py │ ├── devref │ ├── endpoints.rst │ ├── fluent-logging.rst │ ├── images.rst │ ├── index.rst │ ├── networking.rst │ ├── node-and-label-specific-configurations.rst │ ├── oslo-config.rst │ ├── pod-disruption-budgets.rst │ └── upgrades.rst │ ├── index.rst │ ├── install │ ├── before_starting.rst │ ├── index.rst │ ├── ingress.jpg │ ├── kubernetes.rst │ ├── openstack.rst │ └── prerequisites.rst │ ├── logging │ ├── elasticsearch.rst │ ├── fluent-logging.rst │ ├── index.rst │ └── kibana.rst │ ├── monitoring │ ├── grafana.rst │ ├── index.rst │ ├── nagios.rst │ └── prometheus.rst │ ├── readme.rst │ ├── specs │ ├── 2025.1 │ │ └── chart_versioning.rst │ ├── 2025.2 │ │ └── own_service_accounts.rst │ ├── COPYME │ ├── developer-environment.rst │ ├── fluentbit-fluentd-architecture.rst │ ├── index.rst │ ├── multi-os.rst │ ├── neutron-multiple-sdns.rst │ ├── nginx-sidecar.rst │ ├── osh-1.0-requirements.rst │ ├── osh-lma-stack.rst │ ├── support-OCI-image-registry-with-authentication-turned-on.rst │ ├── support-linux-bridge-on-neutron.rst │ ├── tenant-ceph.rst │ └── values-ordering.rst │ ├── testing │ ├── ceph-node-resiliency.rst │ ├── ceph-resiliency │ │ ├── README.rst │ │ ├── disk-failure.rst │ │ ├── failure-domain.rst │ │ ├── host-failure.rst │ │ ├── index.rst │ │ ├── monitor-failure.rst │ │ ├── namespace-deletion.rst │ │ ├── osd-failure.rst │ │ └── validate-object-replication.rst │ ├── ceph-upgrade.rst │ ├── helm-tests.rst │ └── index.rst │ ├── troubleshooting │ ├── ceph.rst │ ├── database.rst │ ├── index.rst │ ├── migrate-ceph-to-rook.rst │ ├── persistent-storage.rst │ └── ubuntu-hwe-kernel.rst │ └── upgrade │ ├── index.rst │ └── multiple-osd-releases.rst ├── elastic-apm-server ├── Chart.yaml ├── templates │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── deployment.yaml │ ├── job-image-repo-sync.yaml │ ├── secret-elasticsearch-creds.yaml │ ├── secret-registry.yaml │ └── service.yaml └── values.yaml ├── elastic-filebeat ├── Chart.yaml ├── templates │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── daemonset.yaml │ ├── job-image-repo-sync.yaml │ ├── secret-elasticsearch-creds.yaml │ └── secret-registry.yaml └── values.yaml ├── elastic-metricbeat ├── Chart.yaml ├── templates │ ├── configmap-etc.yaml │ ├── daemonset-node-metrics.yaml │ ├── deployment-modules.yaml │ ├── job-image-repo-sync.yaml │ ├── secret-elasticsearch-creds.yaml │ └── secret-registry.yaml └── values.yaml ├── elastic-packetbeat ├── Chart.yaml ├── templates │ ├── configmap-etc.yaml │ ├── daemonset.yaml │ ├── job-image-repo-sync.yaml │ ├── secret-elasticsearch-creds.yaml │ └── secret-registry.yaml └── values.yaml ├── elasticsearch ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _apache.sh.tpl │ │ ├── _ceph-admin-keyring.sh.tpl │ │ ├── _create_s3_buckets.sh.tpl │ │ ├── _create_s3_users.sh.tpl │ │ ├── _create_template.sh.tpl │ │ ├── _curator.sh.tpl │ │ ├── _elasticsearch.sh.tpl │ │ ├── _helm-tests.sh.tpl │ │ └── _verify-repositories.sh.tpl │ ├── certificates.yaml │ ├── configmap-bin-curator.yaml │ ├── configmap-bin-elasticsearch.yaml │ ├── configmap-etc-curator.yaml │ ├── configmap-etc-elasticsearch.yaml │ ├── cron-job-curator.yaml │ ├── cron-job-verify-repositories.yaml │ ├── deployment-client.yaml │ ├── deployment-gateway.yaml │ ├── ingress-elasticsearch.yaml │ ├── job-elasticsearch-template.yaml │ ├── job-image-repo-sync.yaml │ ├── job-s3-bucket.yaml │ ├── job-s3-user.yaml │ ├── monitoring │ │ └── prometheus │ │ │ ├── exporter-deployment.yaml │ │ │ ├── exporter-network-policy.yaml │ │ │ └── exporter-service.yaml │ ├── network-policy.yaml │ ├── object-bucket-claim.yaml │ ├── pod-helm-tests.yaml │ ├── secret-elasticsearch.yaml │ ├── secret-environment.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-registry.yaml │ ├── secret-s3-user.yaml │ ├── service-data.yaml │ ├── service-discovery.yaml │ ├── service-gateway.yaml │ ├── service-ingress-elasticsearch.yaml │ ├── service-logging.yaml │ ├── statefulset-data.yaml │ └── statefulset-master.yaml └── values.yaml ├── etcd ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _etcd-db-compact.sh.tpl │ │ ├── _etcd-healthcheck.sh.tpl │ │ └── _etcd.sh.tpl │ ├── configmap-bin.yaml │ ├── cron-job-db-compact.yaml │ ├── job-image-repo-sync.yaml │ ├── secret-registry.yaml │ ├── service-discovery.yaml │ ├── service.yaml │ └── statefulset.yaml └── values.yaml ├── falco ├── Chart.yaml ├── templates │ ├── bin │ │ └── _falco.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── configmap-rules.yaml │ ├── daemonset.yaml │ ├── job-image-repo-sync.yaml │ └── secret-registry.yaml └── values.yaml ├── flannel ├── Chart.yaml ├── templates │ ├── configmap-bin.yaml │ ├── configmap-kube-flannel-cfg.yaml │ ├── daemonset-kube-flannel-ds.yaml │ ├── job-image-repo-sync.yaml │ └── secret-registry.yaml └── values.yaml ├── fluentbit ├── Chart.yaml ├── templates │ ├── bin │ │ └── _fluent-bit.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── daemonset-fluent-bit.yaml │ ├── job-image-repo-sync.yaml │ └── secret-registry.yaml └── values.yaml ├── fluentd ├── Chart.yaml ├── templates │ ├── bin │ │ └── _fluentd.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── daemonset.yaml │ ├── job-image-repo-sync.yaml │ ├── network_policy.yaml │ ├── secret-elasticsearch-creds.yaml │ ├── secret-fluentd.yaml │ ├── secret-kafka-creds.yaml │ ├── secret-registry.yaml │ └── service-fluentd.yaml └── values.yaml ├── glance ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _ceph-admin-keyring.sh.tpl │ │ ├── _ceph-keyring.sh.tpl │ │ ├── _clean-image.sh.tpl │ │ ├── _clean-secrets.sh.tpl │ │ ├── _db-sync.sh.tpl │ │ ├── _glance-api.sh.tpl │ │ ├── _iscsiadm.tpl │ │ ├── _metadefs-load.sh.tpl │ │ ├── _multipath.tpl │ │ ├── _multipathd.tpl │ │ ├── _nginx.sh.tpl │ │ └── _storage-init.sh.tpl │ ├── certificates.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── deployment-api.yaml │ ├── ingress-api.yaml │ ├── job-bootstrap.yaml │ ├── job-clean.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-metadefs-load.yaml │ ├── job-rabbit-init.yaml │ ├── job-storage-init.yaml │ ├── network_policy.yaml │ ├── pdb-api.yaml │ ├── pod-rally-test.yaml │ ├── pvc-images.yaml │ ├── secret-db.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-keystone.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ ├── service-api.yaml │ └── service-ingress-api.yaml └── values.yaml ├── gnocchi ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _ceph-admin-keyring.sh.tpl │ │ ├── _ceph-keyring.sh.tpl │ │ ├── _clean-secrets.sh.tpl │ │ ├── _db-init.sh.tpl │ │ ├── _db-sync.sh.tpl │ │ ├── _gnocchi-api.sh.tpl │ │ ├── _gnocchi-metricd.sh.tpl │ │ ├── _gnocchi-resources-cleaner.sh.tpl │ │ ├── _gnocchi-statsd.sh.tpl │ │ ├── _gnocchi-test.sh.tpl │ │ └── _storage-init.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── cron-job-resources-cleaner.yaml │ ├── daemonset-metricd.yaml │ ├── daemonset-statsd.yaml │ ├── deployment-api.yaml │ ├── ingress-api.yaml │ ├── job-bootstrap.yaml │ ├── job-clean.yaml │ ├── job-db-drop.yaml │ ├── job-db-init-indexer.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-storage-init.yaml │ ├── pdb-api.yaml │ ├── pod-gnocchi-test.yaml │ ├── secret-db-indexer.yaml │ ├── secret-db.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-keystone.yaml │ ├── service-api.yaml │ ├── service-ingress-api.yaml │ └── service-statsd.yaml └── values.yaml ├── grafana ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _db-session-sync.py.tpl │ │ ├── _grafana.sh.tpl │ │ ├── _selenium-tests.py.tpl │ │ └── _set-admin-password.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-dashboards.yaml │ ├── configmap-etc.yaml │ ├── deployment.yaml │ ├── ingress-grafana.yaml │ ├── job-db-init-session.yaml │ ├── job-db-init.yaml │ ├── job-db-session-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-run-migrator.yaml │ ├── job-set-admin-user.yaml │ ├── network_policy.yaml │ ├── pod-helm-tests.yaml │ ├── secret-admin-creds.yaml │ ├── secret-db-session.yaml │ ├── secret-db.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-prom-creds.yaml │ ├── secret-registry.yaml │ ├── secrets │ │ └── _my.cnf.tpl │ ├── service-ingress.yaml │ └── service.yaml └── values.yaml ├── heat ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _db-sync.sh.tpl │ │ ├── _heat-api.sh.tpl │ │ ├── _heat-cfn.sh.tpl │ │ ├── _heat-cloudwatch.sh.tpl │ │ ├── _heat-engine-cleaner.sh.tpl │ │ ├── _heat-engine.sh.tpl │ │ ├── _heat-purge-deleted-active.sh.tpl │ │ └── _trusts.sh.tpl │ ├── certificates.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── cron-job-engine-cleaner.yaml │ ├── cron-job-purge-deleted.yaml │ ├── deployment-api.yaml │ ├── deployment-cfn.yaml │ ├── deployment-cloudwatch.yaml │ ├── deployment-engine.yaml │ ├── ingress-api.yaml │ ├── ingress-cfn.yaml │ ├── ingress-cloudwatch.yaml │ ├── job-bootstrap.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user-domain.yaml │ ├── job-ks-user-trustee.yaml │ ├── job-ks-user.yaml │ ├── job-rabbit-init.yaml │ ├── job-trusts.yaml │ ├── network_policy.yaml │ ├── pdb-api.yaml │ ├── pdb-cfn.yaml │ ├── pdb-cloudwatch.yaml │ ├── pod-rally-test.yaml │ ├── secret-db.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-keystone.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ ├── service-api.yaml │ ├── service-cfn.yaml │ ├── service-cloudwatch.yaml │ ├── service-ingress-api.yaml │ ├── service-ingress-cfn.yaml │ └── service-ingress-cloudwatch.yaml └── values.yaml ├── helm-toolkit ├── Chart.yaml ├── templates │ ├── endpoints │ │ ├── _authenticated_endpoint_uri_lookup.tpl │ │ ├── _authenticated_transport_endpoint_uri_lookup.tpl │ │ ├── _endpoint_host_lookup.tpl │ │ ├── _endpoint_port_lookup.tpl │ │ ├── _endpoint_token_lookup.tpl │ │ ├── _host_and_port_endpoint_uri_lookup.tpl │ │ ├── _hostname_fqdn_endpoint_lookup.tpl │ │ ├── _hostname_namespaced_endpoint_lookup.tpl │ │ ├── _hostname_namespaced_endpoint_namespace_lookup.tpl │ │ ├── _hostname_short_endpoint_lookup.tpl │ │ ├── _keystone_endpoint_name_lookup.tpl │ │ ├── _keystone_endpoint_path_lookup.tpl │ │ ├── _keystone_endpoint_scheme_lookup.tpl │ │ ├── _keystone_endpoint_uri_lookup.tpl │ │ └── _service_name_endpoint_with_namespace_lookup.tpl │ ├── manifests │ │ ├── _ceph-storageclass.tpl │ │ ├── _certificates.tpl │ │ ├── _configmap-oslo-policy.tpl │ │ ├── _ingress.tpl │ │ ├── _job-bootstrap.tpl │ │ ├── _job-db-drop-mysql.tpl │ │ ├── _job-db-init-mysql.tpl │ │ ├── _job-db-sync.tpl │ │ ├── _job-ks-endpoints.tpl │ │ ├── _job-ks-service.tpl │ │ ├── _job-ks-user.yaml.tpl │ │ ├── _job-rabbit-init.yaml.tpl │ │ ├── _job-s3-bucket.yaml.tpl │ │ ├── _job-s3-user.yaml.tpl │ │ ├── _job_image_repo_sync.tpl │ │ ├── _network_policy.tpl │ │ ├── _secret-registry.yaml.tpl │ │ ├── _secret-tls.yaml.tpl │ │ └── _service-ingress.tpl │ ├── scripts │ │ ├── _create-s3-bucket.sh.tpl │ │ ├── _create-s3-user.sh.tpl │ │ ├── _db-drop.py.tpl │ │ ├── _db-init.py.tpl │ │ ├── _db-pg-init.sh.tpl │ │ ├── _image-repo-sync.sh.tpl │ │ ├── _ks-domain-user.sh.tpl │ │ ├── _ks-endpoints.sh.tpl │ │ ├── _ks-service.sh.tpl │ │ ├── _ks-user.sh.tpl │ │ ├── _rabbit-init.sh.tpl │ │ ├── _rally_test.sh.tpl │ │ └── db-backup-restore │ │ │ ├── _backup_main.sh.tpl │ │ │ └── _restore_main.sh.tpl │ ├── snippets │ │ ├── _custom_job_annotations.tpl │ │ ├── _custom_pod_annotations.tpl │ │ ├── _custom_secret_annotations.tpl │ │ ├── _image.tpl │ │ ├── _keystone_openrc_env_vars.tpl │ │ ├── _keystone_secret_openrc.tpl │ │ ├── _keystone_user_create_env_vars.tpl │ │ ├── _kubernetes_apparmor_configmap.tpl │ │ ├── _kubernetes_apparmor_loader_init_container.tpl │ │ ├── _kubernetes_apparmor_volumes.tpl │ │ ├── _kubernetes_container_security_context.tpl │ │ ├── _kubernetes_entrypoint_init_container.tpl │ │ ├── _kubernetes_kubectl_params.tpl │ │ ├── _kubernetes_mandatory_access_control_annotation.tpl │ │ ├── _kubernetes_metadata_labels.tpl │ │ ├── _kubernetes_pod_anti_affinity.tpl │ │ ├── _kubernetes_pod_image_pull_secret.tpl │ │ ├── _kubernetes_pod_priority_class.tpl │ │ ├── _kubernetes_pod_rbac_roles.tpl │ │ ├── _kubernetes_pod_rbac_serviceaccount.tpl │ │ ├── _kubernetes_pod_runtime_class.tpl │ │ ├── _kubernetes_pod_security_context.tpl │ │ ├── _kubernetes_probes.tpl │ │ ├── _kubernetes_resources.tpl │ │ ├── _kubernetes_seccomp_annotation.tpl │ │ ├── _kubernetes_tolerations.tpl │ │ ├── _kubernetes_upgrades_daemonset.tpl │ │ ├── _kubernetes_upgrades_deployment.tpl │ │ ├── _kubernetes_upgrades_statefulset.tpl │ │ ├── _mon_host_from_k8s_ep.sh.tpl │ │ ├── _prometheus_pod_annotations.tpl │ │ ├── _prometheus_service_annotations.tpl │ │ ├── _release_uuid.tpl │ │ ├── _rgw_s3_admin_env_vars.tpl │ │ ├── _rgw_s3_bucket_user_env_vars_rook.tpl │ │ ├── _rgw_s3_secret_creds.tpl │ │ ├── _rgw_s3_user_env_vars.tpl │ │ ├── _service_params.tpl │ │ ├── _tls_volume.tpl │ │ ├── _tls_volume_mount.tpl │ │ └── _values_template_renderer.tpl │ ├── tls │ │ └── _tls_generate_certs.tpl │ └── utils │ │ ├── _comma_joined_service_list.tpl │ │ ├── _configmap_templater.tpl │ │ ├── _daemonset_overrides.tpl │ │ ├── _daemonset_overrides_root.tpl │ │ ├── _dependency_resolver.tpl │ │ ├── _hash.tpl │ │ ├── _hash2.tpl │ │ ├── _host_list.tpl │ │ ├── _image_sync_list.tpl │ │ ├── _joinListWithComma.tpl │ │ ├── _joinListWithCommaAndSingleQuotes.tpl │ │ ├── _joinListWithPrefix.tpl │ │ ├── _joinListWithSpace.tpl │ │ ├── _merge.tpl │ │ ├── _template.tpl │ │ ├── _to_ini.tpl │ │ ├── _to_k8s_env_secret_vars.tpl │ │ ├── _to_k8s_env_vars.tpl │ │ ├── _to_kv_list.tpl │ │ └── _to_oslo_conf.tpl └── values.yaml ├── horizon ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _db-sync.sh.tpl │ │ ├── _django.wsgi.tpl │ │ ├── _horizon.sh.tpl │ │ ├── _manage.py.tpl │ │ └── _selenium-test.py.tpl │ ├── certificates.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── configmap-logo.yaml │ ├── deployment.yaml │ ├── ingress-api.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── network_policy.yaml │ ├── pdb.yaml │ ├── pod-helm-tests.yaml │ ├── secret-db.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-keystone.yaml │ ├── secret-registry.yaml │ ├── service-ingress.yaml │ └── service.yaml └── values.yaml ├── ironic ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _db-sync.sh.tpl │ │ ├── _ironic-api.sh.tpl │ │ ├── _ironic-conductor-init.sh.tpl │ │ ├── _ironic-conductor.sh.tpl │ │ ├── _manage-cleaning-network.sh.tpl │ │ ├── _retreive-cleaning-network.sh.tpl │ │ └── _retreive-swift-config.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── deployment-api.yaml │ ├── ingress-api.yaml │ ├── job-bootstrap.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-manage-cleaning-network.yaml │ ├── job-rabbit-init.yaml │ ├── network_policy.yaml │ ├── pdb-api.yaml │ ├── secret-db.yaml │ ├── secret-keystone.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ ├── service-api.yaml │ ├── service-ingress-api.yaml │ └── statefulset-conductor.yaml └── values.yaml ├── keystone ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _cred-clean.py.tpl │ │ ├── _db-sync.sh.tpl │ │ ├── _domain-manage-init.sh.tpl │ │ ├── _domain-manage.py.tpl │ │ ├── _domain-manage.sh.tpl │ │ ├── _endpoint-update.py.tpl │ │ ├── _fernet-manage.py.tpl │ │ └── _keystone-api.sh.tpl │ ├── certificates.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── cron-job-credential-rotate.yaml │ ├── cron-job-fernet-rotate.yaml │ ├── deployment-api.yaml │ ├── ingress-api.yaml │ ├── job-bootstrap.yaml │ ├── job-credential-cleanup.yaml │ ├── job-credential-setup.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-domain-manage.yaml │ ├── job-fernet-setup.yaml │ ├── job-image-repo-sync.yaml │ ├── job-rabbit-init.yaml │ ├── network_policy.yaml │ ├── pdb.yaml │ ├── pod-rally-test.yaml │ ├── secret-credential-keys.yaml │ ├── secret-db.yaml │ ├── secret-fernet-keys.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-keystone.yaml │ ├── secret-ldap-tls.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ ├── service-api.yaml │ └── service-ingress-api.yaml └── values.yaml ├── kibana ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _apache.sh.tpl │ │ ├── _create_kibana_index_patterns.sh.tpl │ │ ├── _flush_kibana_metadata.sh.tpl │ │ └── _kibana.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── deployment.yaml │ ├── ingress-kibana.yaml │ ├── job-flush-kibana-metadata.yaml │ ├── job-image-repo-sync.yaml │ ├── job-register-kibana-indexes.yaml │ ├── network_policy.yaml │ ├── secret-elasticsearch-creds.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-registry.yaml │ ├── service-ingress-kibana.yaml │ └── service.yaml └── values.yaml ├── kube-dns ├── Chart.yaml ├── templates │ ├── configmap-bin.yaml │ ├── configmap-kube-dns.yaml │ ├── deployment-kube-dns.yaml │ ├── job-image-repo-sync.yaml │ ├── secret-registry.yaml │ ├── service-kube-dns.yaml │ └── serviceaccount-kube-dns.yaml └── values.yaml ├── kubernetes-keystone-webhook ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _kubernetes-keystone-webhook-test.sh.tpl │ │ └── _start.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── deployment.yaml │ ├── ingress.yaml │ ├── pod-test.yaml │ ├── secret-certificates.yaml │ ├── secret-keystone.yaml │ ├── secret-registry.yaml │ ├── service-ingress-api.yaml │ └── service.yaml └── values.yaml ├── kubernetes-node-problem-detector ├── Chart.yaml ├── templates │ ├── bin │ │ └── _node-problem-detector.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── daemonset.yaml │ ├── job-image-repo-sync.yaml │ ├── secret-registry.yaml │ └── service.yaml └── values.yaml ├── ldap ├── .helmignore ├── Chart.yaml ├── templates │ ├── _helpers.tpl │ ├── bin │ │ └── _bootstrap.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── job-bootstrap.yaml │ ├── job-image-repo-sync.yaml │ ├── network_policy.yaml │ ├── secret-registry.yaml │ ├── service.yaml │ └── statefulset.yaml └── values.yaml ├── libvirt ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _ceph-admin-keyring.sh.tpl │ │ ├── _ceph-keyring.sh.tpl │ │ └── _libvirt.sh.tpl │ ├── configmap-apparmor.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── daemonset-libvirt.yaml │ ├── job-image-repo-sync.yaml │ ├── network-policy.yaml │ ├── role-cert-manager.yaml │ ├── secret-registry.yaml │ └── utils │ │ └── _to_libvirt_conf.tpl └── values.yaml ├── local-storage ├── Chart.yaml ├── templates │ ├── persistent-volumes.yaml │ └── storage-class.yaml └── values.yaml ├── local-volume-provisioner ├── Chart.yaml ├── templates │ ├── bin │ │ └── _fakemount.py.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── daemonset-lvp.yaml │ ├── job-image-repo-sync.yaml │ ├── secret-registry.yaml │ └── storageclasses.yaml └── values.yaml ├── lockdown ├── Chart.yaml ├── templates │ └── network_policy.yaml └── values.yaml ├── magnum ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _db-sync.sh.tpl │ │ ├── _magnum-api.sh.tpl │ │ ├── _magnum-conductor-init.sh.tpl │ │ └── _magnum-conductor.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── deployment-api.yaml │ ├── ingress-api.yaml │ ├── job-bootstrap.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user-domain.yaml │ ├── job-ks-user.yaml │ ├── job-rabbit-init.yaml │ ├── kubeconfig.tpl │ ├── network_policy.yaml │ ├── pdb-api.yaml │ ├── secret-db.yaml │ ├── secret-keystone.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ ├── service-api.yaml │ ├── service-ingress-api.yaml │ └── statefulset-conductor.yaml └── values.yaml ├── manila ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _db-sync.sh.tpl │ │ ├── _manila-api.sh.tpl │ │ ├── _manila-data.sh.tpl │ │ ├── _manila-scheduler.sh.tpl │ │ ├── _manila-share-init.sh.tpl │ │ └── _manila-share.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── deployment-api.yaml │ ├── deployment-data.yaml │ ├── deployment-scheduler.yaml │ ├── deployment-share.yaml │ ├── ingress-api.yaml │ ├── job-bootstrap.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-rabbit-init.yaml │ ├── network_policy.yaml │ ├── pdb-api.yaml │ ├── pod-rally-test.yaml │ ├── secret-db.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-keystone.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ ├── service-api.yaml │ └── service-ingress-api.yaml └── values.yaml ├── mariadb-backup ├── Chart.yaml ├── README.rst ├── templates │ ├── bin │ │ ├── _backup_mariadb.sh.tpl │ │ ├── _restore_mariadb.sh.tpl │ │ └── _start_mariadb_verify_server.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── cron-job-backup-mariadb.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-user.yaml │ ├── mariadb-backup-pvc.yaml │ ├── secret-backup-restore.yaml │ ├── secret-registry.yaml │ ├── secret-rgw.yaml │ ├── secrets-etc.yaml │ └── secrets │ │ ├── _admin_user.cnf.tpl │ │ └── _admin_user_internal.cnf.tpl └── values.yaml ├── mariadb-cluster ├── .helmignore ├── Chart.yaml ├── README.rst ├── templates │ ├── bin │ │ ├── _liveness.sh.tpl │ │ ├── _readiness.sh.tpl │ │ └── _test.sh.tpl │ ├── certificates.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── job-image-repo-sync.yaml │ ├── job-refresh-statefulset.yaml │ ├── mariadb.yaml │ ├── network_policy.yaml │ ├── pod-test.yaml │ ├── secret-dbadmin-password.yaml │ ├── secret-dbaudit-password.yaml │ ├── secret-registry.yaml │ ├── secret-sst-password.yaml │ ├── secrets-etc.yaml │ └── secrets │ │ ├── _admin_user.cnf.tpl │ │ ├── _admin_user_internal.cnf.tpl │ │ └── _privileges.sql.tpl └── values.yaml ├── mariadb ├── .helmignore ├── Chart.yaml ├── README.rst ├── templates │ ├── bin │ │ ├── _backup_mariadb.sh.tpl │ │ ├── _health.sh.tpl │ │ ├── _mariadb-wait-for-cluster.py.tpl │ │ ├── _mariadb_controller.py.tpl │ │ ├── _prometheus-create-mysql-user.sh.tpl │ │ ├── _prometheus-mysqld-exporter.sh.tpl │ │ ├── _restore_mariadb.sh.tpl │ │ ├── _start.py.tpl │ │ ├── _start_mariadb_verify_server.sh.tpl │ │ └── _test.sh.tpl │ ├── certificates.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── configmap-services-tcp.yaml │ ├── cron-job-backup-mariadb.yaml │ ├── deployment-controller.yaml │ ├── exporter-configmap-bin.yaml │ ├── exporter-job-create-user.yaml │ ├── exporter-secrets-etc.yaml │ ├── job-cluster-wait.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-user.yaml │ ├── mariadb-backup-pvc.yaml │ ├── network_policy.yaml │ ├── pdb-mariadb.yaml │ ├── pod-test.yaml │ ├── secret-backup-restore.yaml │ ├── secret-dbadmin-password.yaml │ ├── secret-dbaudit-password.yaml │ ├── secret-registry.yaml │ ├── secret-rgw.yaml │ ├── secret-sst-password.yaml │ ├── secrets-etc.yaml │ ├── secrets │ │ ├── _admin_user.cnf.tpl │ │ ├── _admin_user_internal.cnf.tpl │ │ └── _prometheus-exporter_user.cnf.tpl │ ├── service-discovery.yaml │ ├── service-master.yaml │ ├── service.yaml │ └── statefulset.yaml └── values.yaml ├── masakari ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _manage-db.sh.tpl │ │ ├── _masakari-api.sh.tpl │ │ ├── _masakari-engine.sh.tpl │ │ ├── _masakari-host-monitor.sh.tpl │ │ ├── _masakari-instance-monitor.sh.tpl │ │ ├── _masakari-monitors-init.sh.tpl │ │ └── _masakari-process-monitor.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── daemonset-host-monitor.yaml │ ├── daemonset-instance-monitor.yaml │ ├── daemonset-process-monitor.yaml │ ├── deployment-api.yaml │ ├── deployment-engine.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-rabbitmq-init.yaml │ ├── pbd-api.yaml │ ├── secret-db.yaml │ ├── secret-keystone.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ └── service-api.yaml └── values.yaml ├── memcached ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _memcached-exporter.sh.tpl │ │ └── _memcached.sh.tpl │ ├── configmap-apparmor.yaml │ ├── configmap-bin.yaml │ ├── job-image-repo-sync.yaml │ ├── network_policy.yaml │ ├── secret-registry.yaml │ ├── service.yaml │ └── statefulset.yaml └── values.yaml ├── metacontroller ├── Chart.yaml ├── templates │ ├── crds.yaml │ ├── job-image-repo-sync.yaml │ ├── secret-registry.yaml │ ├── service.yaml │ └── statefulset.yaml └── values.yaml ├── mistral ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _db-sync.sh.tpl │ │ ├── _mistral-api.sh.tpl │ │ ├── _mistral-engine.sh.tpl │ │ ├── _mistral-event-engine.sh.tpl │ │ └── _mistral-executor.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── deployment-api.yaml │ ├── deployment-executor.yaml │ ├── ingress-api.yaml │ ├── job-bootstrap.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-rabbit-init.yaml │ ├── network_policy.yaml │ ├── pdb-api.yaml │ ├── pod-rally-test.yaml │ ├── secret-db.yaml │ ├── secret-keystone.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ ├── service-api.yaml │ ├── service-ingress-api.yaml │ ├── statefulset-engine.yaml │ └── statefulset-event-engine.yaml └── values.yaml ├── monasca ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _db-sync.sh.tpl │ │ ├── _influxdb-init.sh.tpl │ │ ├── _monasca-agent-init.sh.tpl │ │ ├── _monasca-api.sh.tpl │ │ ├── _monasca-collector.sh.tpl │ │ ├── _monasca-forwarder.sh.tpl │ │ ├── _monasca-notification.sh.tpl │ │ ├── _monasca-persister.sh.tpl │ │ ├── _monasca-statsd.sh.tpl │ │ └── _monasca-thresh.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── configmap-plugins-check.yaml │ ├── configmap-plugins-detection.yaml │ ├── configmap-plugins-etc.yaml │ ├── daemonset-agent.yaml │ ├── deployment-agent.yaml │ ├── deployment-api.yaml │ ├── deployment-notification.yaml │ ├── deployment-persister.yaml │ ├── ingress-api.yaml │ ├── job-bootstrap.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-influxdb-init.yaml │ ├── job-ks-api-endpoints.yaml │ ├── job-ks-api-service.yaml │ ├── job-ks-user.yaml │ ├── job-rabbit-init.yaml │ ├── job-thresh-upload.yaml │ ├── network_policy.yaml │ ├── secret-db.yaml │ ├── secret-influxdb-secret.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-keystone.yaml │ ├── service-ingress.yaml │ └── service.yaml └── values.yaml ├── mongodb ├── Chart.yaml ├── templates │ ├── bin │ │ └── _start.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── job-image-repo-sync.yaml │ ├── secret-db-root-password.yaml │ ├── secret-registry.yaml │ ├── secrets │ │ └── _mongodb.cnf.tpl │ ├── service.yaml │ └── statefulset.yaml └── values.yaml ├── nagios ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _apache.sh.tpl │ │ ├── _nagios-readiness.sh.tpl │ │ └── _selenium-tests.py.tpl │ ├── configmap-additional-plugins.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── deployment.yaml │ ├── ingress-nagios.yaml │ ├── job-image-repo-sync.yaml │ ├── network_policy.yaml │ ├── pod-helm-tests.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-nagios.yaml │ ├── secret-registry.yaml │ ├── service-ingress-nagios.yaml │ └── service.yaml └── values.yaml ├── namespace-config ├── Chart.yaml ├── templates │ └── limit-range.yaml └── values.yaml ├── neutron ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _db-sync.sh.tpl │ │ ├── _health-probe.py.tpl │ │ ├── _neutron-bagpipe-bgp-init.sh.tpl │ │ ├── _neutron-bagpipe-bgp.sh.tpl │ │ ├── _neutron-bgp-dragent.sh.tpl │ │ ├── _neutron-dhcp-agent-init.sh.tpl │ │ ├── _neutron-dhcp-agent.sh.tpl │ │ ├── _neutron-ironic-agent-init.sh.tpl │ │ ├── _neutron-ironic-agent.sh.tpl │ │ ├── _neutron-l2gw-agent.sh.tpl │ │ ├── _neutron-l3-agent-init.sh.tpl │ │ ├── _neutron-l3-agent.sh.tpl │ │ ├── _neutron-linuxbridge-agent-init-modules.sh.tpl │ │ ├── _neutron-linuxbridge-agent-init.sh.tpl │ │ ├── _neutron-linuxbridge-agent.sh.tpl │ │ ├── _neutron-metadata-agent-init.sh.tpl │ │ ├── _neutron-metadata-agent.sh.tpl │ │ ├── _neutron-netns-cleanup-cron.sh.tpl │ │ ├── _neutron-openvswitch-agent-init-modules.sh.tpl │ │ ├── _neutron-openvswitch-agent-init-netoffload.sh.tpl │ │ ├── _neutron-openvswitch-agent-init.sh.tpl │ │ ├── _neutron-openvswitch-agent-liveness.sh.tpl │ │ ├── _neutron-openvswitch-agent-readiness.sh.tpl │ │ ├── _neutron-openvswitch-agent.sh.tpl │ │ ├── _neutron-ovn-db-sync.sh.tpl │ │ ├── _neutron-ovn-init.sh.tpl │ │ ├── _neutron-ovn-metadata-agent.sh.tpl │ │ ├── _neutron-ovn-vpn-agent-init.sh.tpl │ │ ├── _neutron-ovn-vpn-agent.sh.tpl │ │ ├── _neutron-rpc-server.sh.tpl │ │ ├── _neutron-server.sh.tpl │ │ ├── _neutron-sriov-agent-init.sh.tpl │ │ ├── _neutron-sriov-agent.sh.tpl │ │ ├── _neutron-test-force-cleanup.sh.tpl │ │ └── _nginx.sh.tpl │ ├── certificates.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── cron-job-ovn-db-sync.yaml │ ├── daemonset-bagpipe-bgp.yaml │ ├── daemonset-bgp-dragent.yaml │ ├── daemonset-dhcp-agent.yaml │ ├── daemonset-l2gw-agent.yaml │ ├── daemonset-l3-agent.yaml │ ├── daemonset-lb-agent.yaml │ ├── daemonset-metadata-agent.yaml │ ├── daemonset-netns-cleanup-cron.yaml │ ├── daemonset-neutron-ovn-vpn-agent.yaml │ ├── daemonset-ovn-metadata-agent.yaml │ ├── daemonset-ovs-agent.yaml │ ├── daemonset-sriov-agent.yaml │ ├── deployment-ironic-agent.yaml │ ├── deployment-rpc_server.yaml │ ├── deployment-server.yaml │ ├── ingress-server.yaml │ ├── job-bootstrap.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-rabbit-init.yaml │ ├── network_policy.yaml │ ├── pdb-server.yaml │ ├── pod-rally-test.yaml │ ├── secret-db.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-keystone.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ ├── service-ingress-neutron.yaml │ └── service-server.yaml └── values.yaml ├── nfs-provisioner ├── Chart.yaml ├── templates │ ├── configmap-bin.yaml │ ├── deployment.yaml │ ├── job-image-repo-sync.yaml │ ├── secret-registry.yaml │ ├── service.yaml │ ├── storage_class.yaml │ └── volume_claim.yaml └── values.yaml ├── nova ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _cell-setup-init.sh.tpl │ │ ├── _cell-setup.sh.tpl │ │ ├── _ceph-admin-keyring.sh.tpl │ │ ├── _ceph-keyring.sh.tpl │ │ ├── _db-archive-deleted-row.sh.tpl │ │ ├── _db-sync.sh.tpl │ │ ├── _fake-iptables.sh.tpl │ │ ├── _health-probe.py.tpl │ │ ├── _iscsiadm.tpl │ │ ├── _multipath.tpl │ │ ├── _multipathd.tpl │ │ ├── _nova-api-metadata-init.sh.tpl │ │ ├── _nova-api-metadata.sh.tpl │ │ ├── _nova-api.sh.tpl │ │ ├── _nova-compute-init.sh.tpl │ │ ├── _nova-compute-ironic.sh.tpl │ │ ├── _nova-compute.sh.tpl │ │ ├── _nova-conductor.sh.tpl │ │ ├── _nova-console-compute-init.sh.tpl │ │ ├── _nova-console-proxy-init-assets.sh.tpl │ │ ├── _nova-console-proxy-init.sh.tpl │ │ ├── _nova-console-proxy.sh.tpl │ │ ├── _nova-scheduler.sh.tpl │ │ ├── _nova-service-cleaner.sh.tpl │ │ ├── _ssh-init.sh.tpl │ │ ├── _ssh-start.sh.tpl │ │ ├── _storage-init.sh.tpl │ │ └── _wait-for-computes-init.sh.tpl │ ├── certificates.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── cron-job-archive-deleted-rows.yaml │ ├── cron-job-cell-setup.yaml │ ├── cron-job-service-cleaner.yaml │ ├── daemonset-compute.yaml │ ├── deployment-api-metadata.yaml │ ├── deployment-api-osapi.yaml │ ├── deployment-conductor.yaml │ ├── deployment-novncproxy.yaml │ ├── deployment-scheduler.yaml │ ├── deployment-serialproxy.yaml │ ├── deployment-spiceproxy.yaml │ ├── ingress-metadata.yaml │ ├── ingress-novncproxy.yaml │ ├── ingress-osapi.yaml │ ├── ingress-serialproxy.yaml │ ├── ingress-spiceproxy.yaml │ ├── job-bootstrap.yaml │ ├── job-cell-setup.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-nova-storage-init.yaml │ ├── job-rabbit-init.yaml │ ├── netpol-nova.yaml │ ├── pdb-metadata.yaml │ ├── pdb-osapi.yaml │ ├── pod-rally-test.yaml │ ├── secret-db-api.yaml │ ├── secret-db-cell0.yaml │ ├── secret-db.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-keystone.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ ├── secret-ssh.yaml │ ├── service-ingress-metadata.yaml │ ├── service-ingress-novncproxy.yaml │ ├── service-ingress-osapi.yaml │ ├── service-ingress-serialproxy.yaml │ ├── service-ingress-spiceproxy.yaml │ ├── service-metadata.yaml │ ├── service-novncproxy.yaml │ ├── service-osapi.yaml │ ├── service-serialproxy.yaml │ ├── service-spiceproxy.yaml │ └── statefulset-compute-ironic.yaml └── values.yaml ├── octavia ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _db-sync.sh.tpl │ │ ├── _octavia-api.sh.tpl │ │ ├── _octavia-driver-agent.sh.tpl │ │ ├── _octavia-health-manager-get-port.sh.tpl │ │ ├── _octavia-health-manager-nic-init.sh.tpl │ │ ├── _octavia-health-manager.sh.tpl │ │ ├── _octavia-housekeeping.sh.tpl │ │ └── _octavia-worker.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── daemonset-health-manager.yaml │ ├── deployment-api.yaml │ ├── deployment-housekeeping.yaml │ ├── deployment-worker.yaml │ ├── ingress-api.yaml │ ├── job-bootstrap.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoint.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-rabbit-init.yaml │ ├── network_policy.yaml │ ├── pdb-api.yaml │ ├── secret-db-persistence.yaml │ ├── secret-db.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-keystone.yaml │ ├── secret-rabbitmq.yaml │ ├── secret-registry.yaml │ ├── service-api.yaml │ └── service-ingress-api.yaml └── values.yaml ├── openstack ├── .helmignore ├── Chart.yaml ├── charts │ ├── glance │ ├── heat │ ├── helm-toolkit │ ├── horizon │ ├── keystone │ ├── libvirt │ ├── mariadb │ ├── memcached │ ├── neutron │ ├── nova │ ├── openvswitch │ ├── placement │ └── rabbitmq ├── templates │ └── NOTES.txt └── values.yaml ├── openvswitch ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _openvswitch-db-server.sh.tpl │ │ ├── _openvswitch-vswitchd-init-modules.sh.tpl │ │ └── _openvswitch-vswitchd.sh.tpl │ ├── configmap-bin.yaml │ ├── daemonset.yaml │ ├── job-image-repo-sync.yaml │ ├── network-policy.yaml │ └── secret-registry.yaml └── values.yaml ├── ovn ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _ovn-controller-init.sh.tpl │ │ └── _ovn-network-logging-parser.sh.tpl │ ├── clusterrole-controller.yaml │ ├── clusterrolebinding-controller.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── daemonset-controller.yaml │ ├── deployment-northd.yaml │ ├── role-controller.yaml │ ├── role-northd.yaml │ ├── role-ovsdb.yaml │ ├── rolebinding-controller.yaml │ ├── rolebinding-northd.yaml │ ├── rolebinding-ovsdb.yaml │ ├── secret-vector.yaml │ ├── service-ovsdb-nb.yaml │ ├── service-ovsdb-sb.yaml │ ├── statefulset-ovsdb-nb.yaml │ └── statefulset-ovsdb-sb.yaml └── values.yaml ├── placement ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _db-sync.sh.tpl │ │ └── _placement-api.sh.tpl │ ├── certificates.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── deployment.yaml │ ├── ingress.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── network_policy.yaml │ ├── pdb.yaml │ ├── secret-db.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-keystone.yaml │ ├── secret-registry.yaml │ ├── service-ingress.yaml │ └── service.yaml └── values.yaml ├── playbooks ├── build-chart.yaml ├── collect-logs.yaml ├── deploy-env-kubespray.yaml ├── deploy-env.yaml ├── enable-hugepages.yaml ├── inject-keys.yaml ├── lint.yaml ├── mount-volumes.yaml ├── osh-bandit.yaml ├── osh-infra-bandit.yaml ├── prepare-hosts.yaml ├── publish │ ├── post.yaml │ └── run.yaml ├── roles └── run-scripts.yaml ├── postgresql ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _backup_postgresql.sh.tpl │ │ ├── _common_backup_restore.sh.tpl │ │ ├── _db_test.sh.tpl │ │ ├── _postgresql_archive_cleanup.sh.tpl │ │ ├── _readiness.sh.tpl │ │ ├── _remote_retrieve_postgresql.sh.tpl │ │ ├── _remote_store_postgresql.sh.tpl │ │ ├── _restore_postgresql.sh.tpl │ │ └── _start.sh.tpl │ ├── certificates.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── cron-job-backup-postgres.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-user.yaml │ ├── monitoring │ │ └── prometheus │ │ │ ├── bin │ │ │ └── _create-postgresql-exporter-user.sh.tpl │ │ │ ├── exporter-configmap-bin.yaml │ │ │ ├── exporter-configmap-etc.yaml │ │ │ ├── exporter-deployment.yaml │ │ │ ├── exporter-job-create-user.yaml │ │ │ ├── exporter-secrets-etc.yaml │ │ │ └── exporter-service.yaml │ ├── network_policy.yaml │ ├── pod-test.yaml │ ├── postgresql-backup-pvc.yaml │ ├── secret-admin.yaml │ ├── secret-audit.yaml │ ├── secret-backup-restore.yaml │ ├── secret-registry.yaml │ ├── secret-rgw.yaml │ ├── secrets-etc.yaml │ ├── secrets │ │ └── _admin_user.conf.tpl │ ├── service-postgres.yaml │ ├── service-restapi.yaml │ └── statefulset.yaml └── values.yaml ├── powerdns ├── Chart.yaml ├── templates │ ├── bin │ │ └── _powerdns-mysql-sync.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── deployment.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-image-repo-sync.yaml │ ├── secret-db.yaml │ ├── secret-registry.yaml │ └── service.yaml └── values.yaml ├── prometheus-alertmanager ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _alertmanager.sh.tpl │ │ └── _apache.sh.tpl │ ├── clusterrolebinding.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── ingress-alertmanager.yaml │ ├── job-image-repo-sync.yaml │ ├── network_policy.yaml │ ├── secret-admin-user.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-registry.yaml │ ├── service-discovery.yaml │ ├── service-ingress-alertmanager.yaml │ ├── service.yaml │ └── statefulset.yaml └── values.yaml ├── prometheus-blackbox-exporter ├── Chart.yaml ├── templates │ ├── deployment.yaml │ ├── secret-registry.yaml │ ├── secret.yaml │ └── service.yaml └── values.yaml ├── prometheus-kube-state-metrics ├── Chart.yaml ├── templates │ ├── configmap-bin.yaml │ ├── deployment.yaml │ ├── job-image-repo-sync.yaml │ ├── network_policy.yaml │ ├── secret-registry.yaml │ ├── service-controller-manager.yaml │ ├── service-kube-state-metrics.yaml │ └── service-scheduler.yaml └── values.yaml ├── prometheus-mysql-exporter ├── .helmignore ├── Chart.yaml ├── README.rst ├── templates │ ├── bin │ │ ├── _create-mysql-user.sh.tpl │ │ └── _mysqld-exporter.sh.tpl │ ├── exporter-configmap-bin.yaml │ ├── exporter-deployment.yaml │ ├── exporter-job-create-user.yaml │ ├── exporter-network-policy.yaml │ ├── exporter-secrets-etc.yaml │ ├── exporter-service.yaml │ └── secrets │ │ └── _exporter_user.cnf.tpl └── values.yaml ├── prometheus-node-exporter ├── Chart.yaml ├── templates │ ├── bin │ │ └── _node-exporter.sh.tpl │ ├── configmap-bin.yaml │ ├── daemonset.yaml │ ├── job-image-repo-sync.yaml │ ├── secret-registry.yaml │ └── service.yaml └── values.yaml ├── prometheus-openstack-exporter ├── Chart.yaml ├── templates │ ├── bin │ │ └── _prometheus-openstack-exporter.sh.tpl │ ├── configmap-bin.yaml │ ├── deployment.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-user.yaml │ ├── network_policy.yaml │ ├── secret-keystone.yaml │ ├── secret-registry.yaml │ └── service.yaml └── values.yaml ├── prometheus-process-exporter ├── Chart.yaml ├── templates │ ├── daemonset.yaml │ ├── job-image-repo-sync.yaml │ ├── network_policy.yaml │ ├── secret-registry.yaml │ └── service.yaml └── values.yaml ├── prometheus ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _apache.sh.tpl │ │ ├── _helm-tests.sh.tpl │ │ └── _prometheus.sh.tpl │ ├── certificates.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── ingress-prometheus.yaml │ ├── job-image-repo-sync.yaml │ ├── network_policy.yaml │ ├── pod-helm-tests.yaml │ ├── secret-ingress-tls.yaml │ ├── secret-prometheus.yaml │ ├── secret-registry.yaml │ ├── secret-tls-configs.yaml │ ├── service-ingress-prometheus.yaml │ ├── service.yaml │ ├── statefulset.yaml │ └── utils │ │ └── _command_line_flags.tpl └── values.yaml ├── rabbitmq ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _rabbitmq-cookie.sh.tpl │ │ ├── _rabbitmq-liveness.sh.tpl │ │ ├── _rabbitmq-password-hash.py.tpl │ │ ├── _rabbitmq-readiness.sh.tpl │ │ ├── _rabbitmq-start.sh.tpl │ │ ├── _rabbitmq-test.sh.tpl │ │ └── _rabbitmq-wait-for-cluster.sh.tpl │ ├── certificates.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── etc │ │ └── _enabled_plugins.tpl │ ├── ingress-management.yaml │ ├── job-cluster-wait.yaml │ ├── job-image-repo-sync.yaml │ ├── monitoring │ │ └── prometheus │ │ │ ├── exporter-deployment.yaml │ │ │ ├── exporter-network-policy.yaml │ │ │ └── exporter-service.yaml │ ├── network_policy.yaml │ ├── pod-test.yaml │ ├── secret-erlang-cookie.yaml │ ├── secret-rabbit-admin.yaml │ ├── secret-rabbitmq-users-credentials.yaml │ ├── secret-registry.yaml │ ├── service-ingress-management.yaml │ ├── service.yaml │ ├── statefulset.yaml │ └── utils │ │ └── _to_rabbit_config.tpl └── values.yaml ├── rally ├── Chart.yaml ├── README.rst ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _manage-db.sh.tpl │ │ └── _run-task.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── configmap-tasks.yaml │ ├── configmap-test-templates.yaml │ ├── job-bootstrap.yaml │ ├── job-db-init.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-manage-db.yaml │ ├── job-run-task.yaml │ ├── pdb-api.yaml │ ├── pvc-rally.yaml │ ├── secret-db.yaml │ ├── secret-keystone.yaml │ └── secret-registry.yaml └── values.yaml ├── redis ├── Chart.yaml ├── templates │ ├── configmap-bin.yaml │ ├── deployment.yaml │ ├── job-image-repo-sync.yaml │ ├── pod_test.yaml │ ├── secret-registry.yaml │ ├── service.yaml │ └── test │ │ ├── _python_redis_tests.py.tpl │ │ └── _redis_test.sh.tpl └── values.yaml ├── registry ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _bootstrap.sh.tpl │ │ ├── _registry-proxy.sh.tpl │ │ └── _registry.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── daemonset-registry-proxy.yaml │ ├── deployment-registry.yaml │ ├── etc │ │ └── _default.conf.tpl │ ├── job-bootstrap.yaml │ ├── pvc-images.yaml │ ├── secret-registry.yaml │ └── service-registry.yaml └── values.yaml ├── release.asc ├── releasenotes ├── config.yaml ├── notes │ ├── added-nova-uid-parameter-to-ovs-chart-41d2b05b79300a31.yaml │ ├── aodh.yaml │ ├── barbican-ead8061b2a6b1b1b.yaml │ ├── barbican.yaml │ ├── ca-clusterissuer.yaml │ ├── ca-issuer.yaml │ ├── ceilometer.yaml │ ├── ceph-adapter-rook.yaml │ ├── ceph-client.yaml │ ├── ceph-mon.yaml │ ├── ceph-osd.yaml │ ├── ceph-provisioners.yaml │ ├── ceph-rgw.yaml │ ├── cert-rotation.yaml │ ├── change-default-ovs-image-c1e24787f1b03170.yaml │ ├── change-memcache-backend-2d85a3c75b32db39.yaml │ ├── changed-ovs-dpdk-root-key-f8aaf3ad65189c8a.yaml │ ├── cinder-4e17dd8ee84ca1a2.yaml │ ├── cinder-8f8fd56d2c9a5d75.yaml │ ├── cinder-a530fe90112c74d1.yaml │ ├── cinder.yaml │ ├── common-f19dec4799b18756.yaml │ ├── cyborg.yaml │ ├── daemonjob-controller.yaml │ ├── designate-9ed4257ab657b224.yaml │ ├── designate.yaml │ ├── elastic-apm-server.yaml │ ├── elastic-filebeat.yaml │ ├── elastic-metricbeat.yaml │ ├── elastic-packetbeat.yaml │ ├── elasticsearch-127e34013b70451d.yaml │ ├── elasticsearch-653d4b77cf26c277.yaml │ ├── elasticsearch.yaml │ ├── etcd.yaml │ ├── falco.yaml │ ├── flannel.yaml │ ├── fluentbit.yaml │ ├── fluentd.yaml │ ├── glance.yaml │ ├── gnocchi.yaml │ ├── grafana.yaml │ ├── heat.yaml │ ├── helm-toolkit-49593d58783c3a97.yaml │ ├── helm-toolkit-fa49be61648b2d72.yaml │ ├── helm-toolkit.yaml │ ├── horizon.yaml │ ├── increase-default-logging-31db0e9d3e51b429.yaml │ ├── ingress.yaml │ ├── ironic.yaml │ ├── keystone-9bca09a40cc3dc68.yaml │ ├── keystone-healthcheck-1f72d266f886e735.yaml │ ├── keystone.yaml │ ├── kibana-c0b39f760a7c5b80.yaml │ ├── kibana.yaml │ ├── kube-dns.yaml │ ├── kubernetes-keystone-webhook.yaml │ ├── kubernetes-node-problem-detector.yaml │ ├── ldap.yaml │ ├── libvirt.yaml │ ├── local-storage.yaml │ ├── local-volume-provisioner.yaml │ ├── lockdown.yaml │ ├── magnum.yaml │ ├── manila-7bf5ad7472dbf691.yaml │ ├── manila.yaml │ ├── mariadb-backup.yaml │ ├── mariadb-cluster.yaml │ ├── mariadb.yaml │ ├── masakari.yaml │ ├── memcached.yaml │ ├── metacontroller.yaml │ ├── mistral.yaml │ ├── monasca.yaml │ ├── mongodb.yaml │ ├── nagios.yaml │ ├── namespace-config.yaml │ ├── neutron-013c9be46456b92c.yaml │ ├── neutron-b2247f89a5f258aa.yaml │ ├── neutron-b225c11a5e1d522d.yaml │ ├── neutron-c0c7ca4e49cbf03c.yaml │ ├── neutron-f0674e08d80fc203.yaml │ ├── neutron.yaml │ ├── nfs-provisioner.yaml │ ├── nova-b0749b6144e2b871.yaml │ ├── nova-c59fc7469b3a8500.yaml │ ├── nova.yaml │ ├── octavia.yaml │ ├── openstack.yaml │ ├── openvswitch-0b37403ffc75bb63.yaml │ ├── openvswitch-5c0d74ca4f420e56.yaml │ ├── openvswitch-e761d6733b84bdc7.yaml │ ├── openvswitch.yaml │ ├── other-23a753cb53b10bb8.yaml │ ├── ovn-3b9e82e5d469bc98.yaml │ ├── ovn-50ba6d3611decff9.yaml │ ├── ovn-a82eced671495a3d.yaml │ ├── ovn.yaml │ ├── panko.yaml │ ├── placement.yaml │ ├── podsecuritypolicy.yaml │ ├── postgresql.yaml │ ├── powerdns.yaml │ ├── prometheus-alertmanager.yaml │ ├── prometheus-blackbox-exporter.yaml │ ├── prometheus-kube-state-metrics.yaml │ ├── prometheus-mysql-exporter.yaml │ ├── prometheus-node-exporter.yaml │ ├── prometheus-openstack-exporter.yaml │ ├── prometheus-process-exporter.yaml │ ├── prometheus.yaml │ ├── rabbitmq.yaml │ ├── rally.yaml │ ├── redis.yaml │ ├── registry.yaml │ ├── rename-ceph-rbd-pool-app-name.yaml │ ├── shaker.yaml │ ├── skyline-794e9be9cc48f98d.yaml │ ├── tacker.yaml │ └── tempest.yaml ├── requirements.txt └── source │ ├── conf.py │ ├── current.rst │ ├── index.rst │ └── locale │ └── en_GB │ └── LC_MESSAGES │ └── releasenotes.po ├── roles ├── build-helm-packages │ ├── defaults │ │ └── main.yml │ ├── tasks │ │ ├── main.yaml │ │ └── setup-helm-serve.yaml │ └── templates │ │ └── helm-serve.service.j2 ├── clean-host │ └── tasks │ │ └── main.yaml ├── deploy-apparmor │ └── tasks │ │ └── main.yaml ├── deploy-docker │ ├── defaults │ │ └── main.yml │ ├── tasks │ │ ├── deploy-ansible-docker-support.yaml │ │ └── main.yaml │ └── templates │ │ ├── centos-docker.service.j2 │ │ ├── fedora-docker.service.j2 │ │ ├── http-proxy.conf.j2 │ │ └── ubuntu-docker.service.j2 ├── deploy-env │ ├── README.md │ ├── defaults │ │ └── main.yaml │ ├── files │ │ ├── calico_patch.yaml │ │ ├── cluster_resolv.conf │ │ ├── containerd_config.toml │ │ ├── daemon.json │ │ ├── hosts │ │ ├── hosts.toml │ │ ├── kubeadm_config.yaml │ │ ├── loop-setup.service │ │ ├── nginx_tcp_proxy.conf │ │ ├── resolv.conf │ │ └── ssh_config │ ├── handlers │ │ └── main.yaml │ └── tasks │ │ ├── buildset_registry_alias.yaml │ │ ├── calico.yaml │ │ ├── cilium.yaml │ │ ├── client_cluster_ssh.yaml │ │ ├── client_cluster_tunnel.yaml │ │ ├── containerd.yaml │ │ ├── coredns_resolver.yaml │ │ ├── flannel.yaml │ │ ├── ingress.yaml │ │ ├── k8s_client.yaml │ │ ├── k8s_common.yaml │ │ ├── k8s_control_plane.yaml │ │ ├── loopback_devices.yaml │ │ ├── main.yaml │ │ ├── metallb.yaml │ │ ├── openstack_metallb_endpoint.yaml │ │ ├── openstack_provider_gateway.yaml │ │ └── prerequisites.yaml ├── deploy-jq │ └── tasks │ │ └── main.yaml ├── deploy-package │ ├── defaults │ │ └── main.yml │ └── tasks │ │ ├── dist.yaml │ │ └── pip.yaml ├── deploy-python-pip │ ├── defaults │ │ └── main.yml │ └── tasks │ │ └── main.yaml ├── deploy-python │ └── tasks │ │ └── main.yaml ├── deploy-selenium │ └── tasks │ │ └── main.yaml ├── describe-kubernetes-objects │ └── tasks │ │ └── main.yaml ├── disable-local-nameserver │ └── tasks │ │ └── main.yaml ├── enable-hugepages │ ├── defaults │ │ └── main.yaml │ └── tasks │ │ └── main.yaml ├── gather-host-logs │ └── tasks │ │ └── main.yaml ├── gather-pod-logs │ └── tasks │ │ └── main.yaml ├── gather-prom-metrics │ └── tasks │ │ └── main.yaml ├── gather-selenium-data │ └── tasks │ │ └── main.yaml ├── helm-release-status │ └── tasks │ │ └── main.yaml ├── mount-extra-volume │ ├── defaults │ │ └── main.yml │ └── tasks │ │ └── main.yaml ├── osh-bandit │ ├── defaults │ │ └── main.yaml │ └── tasks │ │ └── main.yaml ├── osh-run-script-set │ ├── defaults │ │ └── main.yaml │ └── tasks │ │ └── main.yaml ├── osh-run-script │ ├── defaults │ │ └── main.yaml │ └── tasks │ │ └── main.yaml ├── override-images │ ├── defaults │ │ └── main.yaml │ └── tasks │ │ └── main.yaml ├── setup-firewall │ └── tasks │ │ └── main.yaml └── upgrade-host │ ├── defaults │ └── main.yml │ └── tasks │ └── main.yaml ├── shaker ├── Chart.yaml ├── templates │ ├── bin │ │ └── _run-tests.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-user.yaml │ ├── pod-shaker-test.yaml │ ├── pvc-shaker.yaml │ ├── secret-keystone.yaml │ ├── secret-registry.yaml │ └── service-shaker.yaml └── values.yaml ├── skyline ├── Chart.yaml ├── templates │ ├── certificates.yaml │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── deployment.yaml │ ├── ingress.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-ks-user.yaml │ ├── secret-db.yaml │ ├── secret-keystone.yaml │ ├── service-ingress.yaml │ └── service.yaml └── values.yaml ├── tacker ├── .helmignore ├── Chart.yaml ├── templates │ ├── bin │ │ ├── _db-sync.sh.tpl │ │ ├── _tacker-test.sh.tpl │ │ ├── _tacker_conductor.sh.tpl │ │ └── _tacker_server.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── deployment-conductor.yaml │ ├── deployment-server.yaml │ ├── ingress-api.yaml │ ├── job-db-drop.yaml │ ├── job-db-init.yaml │ ├── job-db-sync.yaml │ ├── job-ks-endpoints.yaml │ ├── job-ks-service.yaml │ ├── job-ks-user.yaml │ ├── job-rabbit-init.yaml │ ├── pod-test.yaml │ ├── pvc.yaml │ ├── secret-db.yaml │ ├── secret-keystone.yaml │ ├── secret-rabbitmq.yaml │ ├── service-api.yaml │ ├── service-conductor.yaml │ └── service-ingress-api.yaml └── values.yaml ├── tempest ├── Chart.yaml ├── templates │ ├── _helpers.tpl │ ├── bin │ │ └── _run-tests.sh.tpl │ ├── configmap-bin.yaml │ ├── configmap-etc.yaml │ ├── job-image-repo-sync.yaml │ ├── job-ks-user.yaml │ ├── job-run-tests.yaml │ ├── pvc-tempest.yaml │ ├── secret-keystone.yaml │ └── secret-registry.yaml └── values.yaml ├── tests ├── dns-test.yaml └── pvc-test.yaml ├── tools ├── changelog.py ├── chart_version.sh ├── debug_sleep.sh ├── deployment │ ├── baremetal │ │ ├── 005-setup-nodes.sh │ │ ├── 010-setup-client.sh │ │ ├── 030-ceph.sh │ │ ├── 035-ceph-ns-activate.sh │ │ ├── 040-mariadb.sh │ │ ├── 050-rabbitmq.sh │ │ ├── 060-memcached.sh │ │ ├── 070-keystone.sh │ │ ├── 090-glance.sh │ │ ├── 100-heat.sh │ │ ├── 110-compute-kit.sh │ │ ├── 800-create-baremetal-host-aggregate.sh │ │ ├── 810-register-baremetal-nodes.sh │ │ ├── 820-create-baremetal-flavor.sh │ │ ├── 900-use-it.sh │ │ ├── fake-baremetal-1.xml │ │ └── heat-basic-bm-deployment.yaml │ ├── ceph │ │ ├── ceph-adapter-rook.sh │ │ ├── ceph-ns-activate.sh │ │ ├── ceph-radosgw.sh │ │ ├── ceph-rook.sh │ │ ├── ceph.sh │ │ ├── ceph_legacy.sh │ │ ├── migrate-after.sh │ │ ├── migrate-before.sh │ │ ├── migrate-to-rook-ceph.sh │ │ └── migrate-values.sh │ ├── common │ │ ├── cert-manager.sh │ │ ├── clean-it.sh │ │ ├── daemonjob-controller.sh │ │ ├── deploy-docker-registry.sh │ │ ├── env-variables.sh │ │ ├── falco.sh │ │ ├── force-cronjob-run.sh │ │ ├── heat-basic-vm-deployment.yaml │ │ ├── heat-public-net-deployment.yaml │ │ ├── heat-subnet-pool-deployment.yaml │ │ ├── heat-vm-volume-attach.yaml │ │ ├── ingress.sh │ │ ├── ldap.sh │ │ ├── lockdown-netpol.sh │ │ ├── memcached.sh │ │ ├── metacontroller.sh │ │ ├── namespace-config.sh │ │ ├── nfs-provisioner.sh │ │ ├── openstack-exporter.sh │ │ ├── prepare-charts.sh │ │ ├── prepare-helm-repos-local.sh │ │ ├── prepare-helm-repos-public.sh │ │ ├── prepare-k8s.sh │ │ ├── pull-images.sh │ │ ├── rabbitmq.sh │ │ ├── rally-reports.yaml │ │ ├── run-helm-tests.sh │ │ ├── setup-certificates.sh │ │ ├── setup-client.sh │ │ ├── sleep.sh │ │ ├── test-networkpolicy.sh │ │ ├── use-it.sh │ │ ├── validate-umbrella-upgrade-config-changes-do-not-update-other-components.sh │ │ └── validate-umbrella-upgrade-no-side-effects.sh │ ├── component │ │ ├── aodh │ │ │ └── aodh.sh │ │ ├── barbican │ │ │ └── barbican.sh │ │ ├── ceilometer │ │ │ └── ceilometer.sh │ │ ├── cinder │ │ │ └── cinder.sh │ │ ├── common │ │ │ ├── ldap.sh │ │ │ ├── mariadb.sh │ │ │ ├── memcached.sh │ │ │ ├── openstack.sh │ │ │ └── rabbitmq.sh │ │ ├── compute-kit │ │ │ ├── compute-kit-sr-iov.sh │ │ │ ├── compute-kit.sh │ │ │ ├── libvirt.sh │ │ │ └── openvswitch.sh │ │ ├── glance │ │ │ └── glance.sh │ │ ├── heat │ │ │ └── heat.sh │ │ ├── horizon │ │ │ └── horizon.sh │ │ ├── keystone │ │ │ └── keystone.sh │ │ ├── magnum │ │ │ └── magnum.sh │ │ ├── manila │ │ │ └── manila.sh │ │ ├── mistral │ │ │ └── mistral.sh │ │ ├── nfs-provisioner │ │ │ └── nfs-provisioner.sh │ │ ├── octavia │ │ │ ├── 180-create-resource-for-octavia.sh │ │ │ ├── 190-create-octavia-certs.sh │ │ │ └── 200-octavia.sh │ │ ├── ovn │ │ │ └── ovn.sh │ │ ├── skyline │ │ │ └── skyline.sh │ │ └── tacker │ │ │ └── tacker.sh │ ├── db │ │ ├── mariadb-backup.sh │ │ ├── mariadb-operator-cluster.sh │ │ ├── mariadb.sh │ │ └── postgresql.sh │ ├── logging │ │ ├── elasticsearch.sh │ │ ├── fluentbit.sh │ │ ├── fluentd.sh │ │ └── kibana.sh │ ├── monitoring │ │ ├── alertmanager.sh │ │ ├── blackbox-exporter.sh │ │ ├── grafana.sh │ │ ├── kube-state-metrics.sh │ │ ├── mysql-exporter.sh │ │ ├── nagios.sh │ │ ├── node-exporter.sh │ │ ├── node-problem-detector.sh │ │ ├── openstack-exporter.sh │ │ ├── process-exporter.sh │ │ └── prometheus.sh │ └── openstack │ │ └── keystone.sh └── gate │ └── selenium │ ├── grafana-selenium.sh │ ├── grafanaSelenium.py │ ├── kibana-selenium.sh │ ├── kibanaSelenium.py │ ├── nagios-selenium.sh │ ├── nagiosSelenium.py │ ├── prometheus-selenium.sh │ ├── prometheusSelenium.py │ ├── seleniumtester.py │ ├── skyline-selenium.sh │ └── skylineSelenium.py ├── tox.ini ├── values_overrides ├── aodh │ └── annotations.yaml ├── barbican │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2023.1-ubuntu_jammy.yaml │ ├── 2023.2-ubuntu_jammy.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── annotations.yaml │ ├── apparmor.yaml │ ├── netpol.yaml │ ├── tls-offloading.yaml │ ├── tls.yaml │ ├── victoria-ubuntu_focal.yaml │ ├── wallaby-ubuntu_focal.yaml │ ├── xena-ubuntu_focal.yaml │ ├── yoga-ubuntu_focal.yaml │ ├── zed-ubuntu_focal.yaml │ └── zed-ubuntu_jammy.yaml ├── ceilometer │ └── annotations.yaml ├── ceph-client │ └── apparmor.yaml ├── ceph-mon │ └── apparmor.yaml ├── ceph-osd │ └── apparmor.yaml ├── ceph-provisioners │ └── apparmor.yaml ├── ceph-rgw │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── apparmor.yaml │ ├── netpol.yaml │ └── tls.yaml ├── cinder │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2023.1-ubuntu_jammy.yaml │ ├── 2023.2-ubuntu_jammy.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── annotations.yaml │ ├── apparmor.yaml │ ├── backend_pure.yaml │ ├── external-ceph-backend.yaml │ ├── external-ceph-configmap.yaml │ ├── netpol.yaml │ ├── nfs-cinder-backup.yaml │ ├── qos.yaml │ ├── tls-offloading.yaml │ ├── tls.yaml │ ├── victoria-ubuntu_focal.yaml │ ├── wallaby-ubuntu_focal.yaml │ ├── xena-ubuntu_focal.yaml │ ├── yoga-ubuntu_focal.yaml │ ├── zed-ubuntu_focal.yaml │ └── zed-ubuntu_jammy.yaml ├── cyborg │ └── annotations.yaml ├── daemonjob-controller │ └── apparmor.yaml ├── designate │ └── annotations.yaml ├── elastic-apm-server │ └── apparmor.yaml ├── elastic-filebeat │ └── apparmor.yaml ├── elasticsearch │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── apparmor.yaml │ ├── local-storage.yaml │ ├── remote-cluster.yaml │ └── tls.yaml ├── fluentd │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── apparmor.yaml │ └── tls.yaml ├── glance │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2023.1-ubuntu_jammy.yaml │ ├── 2023.2-ubuntu_jammy.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── annotations.yaml │ ├── apparmor.yaml │ ├── bootstrap-ubuntu-image.yaml │ ├── netpol.yaml │ ├── tls-offloading.yaml │ ├── tls.yaml │ ├── victoria-ubuntu_focal.yaml │ ├── wallaby-ubuntu_focal.yaml │ ├── xena-ubuntu_focal.yaml │ ├── yoga-ubuntu_focal.yaml │ ├── zed-ubuntu_focal.yaml │ └── zed-ubuntu_jammy.yaml ├── gnocchi │ └── 2023.2-ubuntu-jammy.yaml ├── grafana │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── apparmor.yaml │ ├── calico.yaml │ ├── ceph.yaml │ ├── containers.yaml │ ├── coredns.yaml │ ├── elasticsearch.yaml │ ├── home_dashboard.yaml │ ├── kubernetes.yaml │ ├── nginx.yaml │ ├── nodes.yaml │ ├── openstack.yaml │ ├── persistentvolume.yaml │ ├── prometheus.yaml │ ├── sqlite3.yaml │ └── tls.yaml ├── heat │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2023.1-ubuntu_jammy.yaml │ ├── 2023.2-ubuntu_jammy.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── annotations.yaml │ ├── apparmor.yaml │ ├── netpol.yaml │ ├── tls-offloading.yaml │ ├── tls.yaml │ ├── victoria-ubuntu_focal.yaml │ ├── wallaby-ubuntu_focal.yaml │ ├── xena-ubuntu_focal.yaml │ ├── yoga-ubuntu_focal.yaml │ ├── zed-ubuntu_focal.yaml │ └── zed-ubuntu_jammy.yaml ├── horizon │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2023.1-ubuntu_jammy.yaml │ ├── 2023.2-ubuntu_jammy.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── annotations.yaml │ ├── apparmor.yaml │ ├── logo.yaml │ ├── netpol.yaml │ ├── tls.yaml │ ├── victoria-ubuntu_focal.yaml │ ├── wallaby-ubuntu_focal.yaml │ ├── xena-ubuntu_focal.yaml │ ├── yoga-ubuntu_focal.yaml │ ├── zed-ubuntu_focal.yaml │ └── zed-ubuntu_jammy.yaml ├── ironic │ ├── annotations.yaml │ └── standalone.yaml ├── keystone │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2023.1-ubuntu_jammy.yaml │ ├── 2023.2-ubuntu_jammy.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── annotations.yaml │ ├── apparmor.yaml │ ├── internal-reverse-proxy.yaml │ ├── ldap.yaml │ ├── netpol.yaml │ ├── tls-custom.yaml │ ├── tls.yaml │ ├── victoria-ubuntu_focal.yaml │ ├── wallaby-ubuntu_focal.yaml │ ├── xena-ubuntu_focal.yaml │ ├── yoga-ubuntu_focal.yaml │ ├── zed-ubuntu_focal.yaml │ └── zed-ubuntu_jammy.yaml ├── kibana │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── apparmor.yaml │ └── tls.yaml ├── kubernetes-keystone-webhook │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ └── 2025.1-ubuntu_noble.yaml ├── kubernetes-node-problem-detector │ └── apparmor.yaml ├── libvirt │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2023.1-ubuntu_jammy.yaml │ ├── 2023.2-ubuntu_jammy.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── apparmor.yaml │ ├── cinder-external-ceph-backend.yaml │ ├── netpol.yaml │ ├── node_overrides.yaml │ ├── ovn.yaml │ └── ssl.yaml ├── local-storage │ └── local-storage.yaml ├── magnum │ └── annotations.yaml ├── manila │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2023.1-ubuntu_jammy.yaml │ ├── 2023.2-ubuntu_jammy.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── annotations.yaml │ ├── apparmor.yaml │ ├── tls-offloading.yaml │ ├── tls.yaml │ ├── xena-ubuntu_focal.yaml │ ├── yoga-ubuntu_focal.yaml │ ├── zed-ubuntu_focal.yaml │ └── zed-ubuntu_jammy.yaml ├── mariadb-backup │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2023.2-ubuntu_jammy.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── apparmor.yaml │ ├── backups.yaml │ ├── staggered-backups.yaml │ ├── tls.yaml │ └── ubuntu_focal.yaml ├── mariadb-cluster │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2023.2-ubuntu_jammy.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── apparmor.yaml │ ├── downscaled.yaml │ ├── local-storage.yaml │ ├── netpol.yaml │ ├── prometheus.yaml │ ├── tls.yaml │ ├── ubuntu_focal.yaml │ └── upscaled.yaml ├── mariadb │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── apparmor.yaml │ ├── backups.yaml │ ├── local-storage.yaml │ ├── netpol.yaml │ ├── staggered-backups.yaml │ ├── tls.yaml │ ├── ubuntu_focal.yaml │ └── wait-for-cluster.yaml ├── masakari │ └── annotations.yaml ├── memcached │ ├── apparmor.yaml │ └── netpol.yaml ├── metacontroller │ └── apparmor.yaml ├── mistral │ └── annotations.yaml ├── monasca │ ├── annotations.yaml │ ├── libvirt.yaml │ └── nvidia.yaml ├── nagios │ ├── apparmor.yaml │ ├── elasticsearch-objects.yaml │ ├── openstack-objects.yaml │ ├── postgresql-objects.yaml │ └── tls.yaml ├── neutron │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2023.1-ubuntu_jammy.yaml │ ├── 2023.2-ubuntu_jammy.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── annotations.yaml │ ├── apparmor.yaml │ ├── bagpipe_bgp.yaml │ ├── dpdk-bond.yaml │ ├── dpdk.yaml │ ├── gate.yaml │ ├── l2gateway.yaml │ ├── netpol.yaml │ ├── ovn.yaml │ ├── ovn_vpn.yaml │ ├── shared-sriov-ovs-dpdk-bond.yaml │ ├── tf.yaml │ ├── tls-offloading.yaml │ ├── tls.yaml │ ├── victoria-ubuntu_focal.yaml │ ├── wallaby-ubuntu_focal.yaml │ ├── xena-ubuntu_focal.yaml │ ├── yoga-ubuntu_focal.yaml │ ├── zed-ubuntu_focal.yaml │ └── zed-ubuntu_jammy.yaml ├── nova │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2023.1-ubuntu_jammy.yaml │ ├── 2023.2-ubuntu_jammy.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── annotations.yaml │ ├── apparmor.yaml │ ├── cntt.yaml │ ├── dpdk.yaml │ ├── netpol.yaml │ ├── opensuse_15.yaml │ ├── ovn.yaml │ ├── ssh.yaml │ ├── tf.yaml │ ├── tls-offloading.yaml │ ├── tls.yaml │ ├── victoria-ubuntu_focal.yaml │ ├── wallaby-ubuntu_focal.yaml │ ├── xena-ubuntu_focal.yaml │ ├── yoga-ubuntu_focal.yaml │ ├── zed-ubuntu_focal.yaml │ └── zed-ubuntu_jammy.yaml ├── octavia │ └── annotations.yaml ├── openstack │ ├── glance │ │ ├── 2023.1-ubuntu_focal.yaml │ │ ├── 2023.1-ubuntu_jammy.yaml │ │ ├── 2023.2-ubuntu_jammy.yaml │ │ ├── 2024.1-ubuntu_jammy.yaml │ │ ├── 2024.2-ubuntu_jammy.yaml │ │ ├── 2025.1-ubuntu_jammy.yaml │ │ ├── 2025.1-ubuntu_noble.yaml │ │ ├── apparmor.yaml │ │ ├── netpol.yaml │ │ ├── tls.yaml │ │ ├── victoria-ubuntu_focal.yaml │ │ ├── wallaby-ubuntu_focal.yaml │ │ ├── zed-ubuntu_focal.yaml │ │ └── zed-ubuntu_jammy.yaml │ ├── heat │ │ ├── 2023.1-ubuntu_focal.yaml │ │ ├── 2023.1-ubuntu_jammy.yaml │ │ ├── 2023.2-ubuntu_jammy.yaml │ │ ├── 2024.1-ubuntu_jammy.yaml │ │ ├── 2024.2-ubuntu_jammy.yaml │ │ ├── 2025.1-ubuntu_jammy.yaml │ │ ├── 2025.1-ubuntu_noble.yaml │ │ ├── apparmor.yaml │ │ ├── netpol.yaml │ │ ├── tls.yaml │ │ ├── victoria-ubuntu_focal.yaml │ │ ├── wallaby-ubuntu_focal.yaml │ │ ├── zed-ubuntu_focal.yaml │ │ └── zed-ubuntu_jammy.yaml │ ├── horizon │ │ ├── 2023.1-ubuntu_focal.yaml │ │ ├── 2023.1-ubuntu_jammy.yaml │ │ ├── 2023.2-ubuntu_jammy.yaml │ │ ├── 2024.1-ubuntu_jammy.yaml │ │ ├── 2024.2-ubuntu_jammy.yaml │ │ ├── 2025.1-ubuntu_jammy.yaml │ │ ├── 2025.1-ubuntu_noble.yaml │ │ ├── apparmor.yaml │ │ ├── netpol.yaml │ │ ├── tls.yaml │ │ ├── victoria-ubuntu_focal.yaml │ │ ├── wallaby-ubuntu_focal.yaml │ │ ├── xena-ubuntu_focal.yaml │ │ ├── yoga-ubuntu_focal.yaml │ │ ├── zed-ubuntu_focal.yaml │ │ └── zed-ubuntu_jammy.yaml │ ├── keystone │ │ ├── 2023.1-ubuntu_focal.yaml │ │ ├── 2023.1-ubuntu_jammy.yaml │ │ ├── 2023.2-ubuntu_jammy.yaml │ │ ├── 2024.1-ubuntu_jammy.yaml │ │ ├── 2024.2-ubuntu_jammy.yaml │ │ ├── 2025.1-ubuntu_jammy.yaml │ │ ├── 2025.1-ubuntu_noble.yaml │ │ ├── apparmor.yaml │ │ ├── ldap.yaml │ │ ├── netpol.yaml │ │ ├── tls.yaml │ │ ├── victoria-ubuntu_focal.yaml │ │ ├── wallaby-ubuntu_focal.yaml │ │ ├── zed-ubuntu_focal.yaml │ │ └── zed-ubuntu_jammy.yaml │ ├── libvirt │ │ ├── 2023.1-ubuntu_focal.yaml │ │ ├── 2023.1-ubuntu_jammy.yaml │ │ ├── 2023.2-ubuntu_jammy.yaml │ │ ├── 2024.1-ubuntu_jammy.yaml │ │ ├── 2024.2-ubuntu_jammy.yaml │ │ ├── 2025.1-ubuntu_jammy.yaml │ │ ├── 2025.1-ubuntu_noble.yaml │ │ ├── apparmor.yaml │ │ ├── cinder-external-ceph-backend.yaml │ │ ├── netpol.yaml │ │ ├── ssl.yaml │ │ ├── victoria-ubuntu_focal.yaml │ │ ├── wallaby-ubuntu_focal.yaml │ │ ├── zed-ubuntu_focal.yaml │ │ └── zed-ubuntu_jammy.yaml │ ├── mariadb │ │ ├── apparmor.yaml │ │ ├── local-storage.yaml │ │ ├── netpol.yaml │ │ └── tls.yaml │ ├── memcached │ │ ├── apparmor.yaml │ │ └── netpol.yaml │ ├── neutron │ │ ├── 2023.1-ubuntu_focal.yaml │ │ ├── 2023.1-ubuntu_jammy.yaml │ │ ├── 2023.2-ubuntu_jammy.yaml │ │ ├── 2024.1-ubuntu_jammy.yaml │ │ ├── 2024.2-ubuntu_jammy.yaml │ │ ├── 2025.1-ubuntu_jammy.yaml │ │ ├── 2025.1-ubuntu_noble.yaml │ │ ├── apparmor.yaml │ │ ├── dpdk-bond.yaml │ │ ├── dpdk.yaml │ │ ├── gate.yaml │ │ ├── netpol.yaml │ │ ├── shared-sriov-ovs-dpdk-bond.yaml │ │ ├── tf.yaml │ │ ├── tls.yaml │ │ ├── victoria-ubuntu_focal.yaml │ │ ├── wallaby-ubuntu_focal.yaml │ │ ├── zed-ubuntu_focal.yaml │ │ └── zed-ubuntu_jammy.yaml │ ├── nova │ │ ├── 2023.1-ubuntu_focal.yaml │ │ ├── 2023.1-ubuntu_jammy.yaml │ │ ├── 2023.2-ubuntu_jammy.yaml │ │ ├── 2024.1-ubuntu_jammy.yaml │ │ ├── 2024.2-ubuntu_jammy.yaml │ │ ├── 2025.1-ubuntu_jammy.yaml │ │ ├── 2025.1-ubuntu_noble.yaml │ │ ├── apparmor.yaml │ │ ├── cntt.yaml │ │ ├── netpol.yaml │ │ ├── opensuse_15.yaml │ │ ├── ssh.yaml │ │ ├── tf.yaml │ │ ├── tls-offloading.yaml │ │ ├── tls.yaml │ │ ├── victoria-ubuntu_focal.yaml │ │ ├── wallaby-ubuntu_focal.yaml │ │ ├── wallaby.yaml │ │ ├── zed-ubuntu_focal.yaml │ │ └── zed-ubuntu_jammy.yaml │ ├── openvswitch │ │ ├── apparmor.yaml │ │ ├── dpdk-opensuse_15.yaml │ │ ├── dpdk-ubuntu_bionic.yaml │ │ ├── netpol.yaml │ │ └── vswitchd-probes.yaml │ ├── placement │ │ ├── 2023.1-ubuntu_focal.yaml │ │ ├── 2023.1-ubuntu_jammy.yaml │ │ ├── 2023.2-ubuntu_jammy.yaml │ │ ├── 2024.1-ubuntu_jammy.yaml │ │ ├── 2024.2-ubuntu_jammy.yaml │ │ ├── 2025.1-ubuntu_jammy.yaml │ │ ├── 2025.1-ubuntu_noble.yaml │ │ ├── apparmor.yaml │ │ ├── netpol.yaml │ │ ├── tls.yaml │ │ ├── train-ubuntu_bionic.yaml │ │ ├── victoria-ubuntu_focal.yaml │ │ ├── wallaby-ubuntu_focal.yaml │ │ ├── zed-ubuntu_focal.yaml │ │ └── zed-ubuntu_jammy.yaml │ └── rabbitmq │ │ ├── apparmor.yaml │ │ ├── netpol.yaml │ │ └── tls.yaml ├── openvswitch │ ├── apparmor.yaml │ ├── dpdk-ubuntu_focal.yaml │ ├── dpdk-ubuntu_jammy.yaml │ ├── netpol.yaml │ ├── ovn.yaml │ ├── ubuntu_focal.yaml │ ├── ubuntu_jammy.yaml │ └── vswitchd-probes.yaml ├── ovn │ ├── ubuntu_focal.yaml │ └── ubuntu_jammy.yaml ├── placement │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2023.1-ubuntu_jammy.yaml │ ├── 2023.2-ubuntu_jammy.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── annotations.yaml │ ├── apparmor.yaml │ ├── netpol.yaml │ ├── tls-offloading.yaml │ ├── tls.yaml │ ├── victoria-ubuntu_focal.yaml │ ├── wallaby-ubuntu_focal.yaml │ ├── xena-ubuntu_focal.yaml │ ├── yoga-ubuntu_focal.yaml │ ├── zed-ubuntu_focal.yaml │ └── zed-ubuntu_jammy.yaml ├── postgresql │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── apparmor.yaml │ ├── backups.yaml │ ├── netpol.yaml │ ├── staggered-backups.yaml │ └── tls.yaml ├── powerdns │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ └── 2025.1-ubuntu_noble.yaml ├── prometheus-alertmanager │ └── apparmor.yaml ├── prometheus-blackbox-exporter │ └── apparmor.yaml ├── prometheus-kube-state-metrics │ └── apparmor.yaml ├── prometheus-mysql-exporter │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2023.2-ubuntu_jammy.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── apparmor.yaml │ ├── prometheus.yaml │ └── tls.yaml ├── prometheus-node-exporter │ └── apparmor.yaml ├── prometheus-openstack-exporter │ ├── apparmor.yaml │ ├── netpol.yaml │ └── tls.yaml ├── prometheus-process-exporter │ └── apparmor.yaml ├── prometheus │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── alertmanager.yaml │ ├── apparmor.yaml │ ├── ceph.yaml │ ├── elasticsearch.yaml │ ├── kubernetes.yaml │ ├── local-storage.yaml │ ├── nodes.yaml │ ├── openstack.yaml │ ├── postgresql.yaml │ └── tls.yaml ├── rabbitmq │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2023.1-ubuntu_jammy.yaml │ ├── 2023.2-ubuntu_jammy.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── apparmor.yaml │ ├── builtin-metrics.yaml │ ├── netpol.yaml │ ├── rabbitmq-exporter.yaml │ ├── tls.yaml │ ├── yoga-ubuntu_focal.yaml │ ├── zed-ubuntu_focal.yaml │ └── zed-ubuntu_jammy.yaml ├── rally │ ├── annotations.yaml │ └── tls-offloading.yaml ├── tacker │ ├── 2023.1-ubuntu_focal.yaml │ ├── 2023.1-ubuntu_jammy.yaml │ ├── 2023.2-ubuntu_jammy.yaml │ ├── 2024.1-ubuntu_jammy.yaml │ ├── 2024.2-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_jammy.yaml │ ├── 2025.1-ubuntu_noble.yaml │ ├── annotations.yaml │ ├── zed-ubuntu_focal.yaml │ └── zed-ubuntu_jammy.yaml └── tempest │ └── annotations.yaml ├── yamllint-templates.conf ├── yamllint.conf └── zuul.d ├── 2024.1.yaml ├── 2024.2.yaml ├── 2025.1.yaml ├── base.yaml ├── infra_jobs.yaml ├── nodesets.yaml └── project.yaml /.gitreview: -------------------------------------------------------------------------------- 1 | [gerrit] 2 | host=review.opendev.org 3 | port=29418 4 | project=openstack/openstack-helm.git 5 | -------------------------------------------------------------------------------- /aodh/templates/bin/_aodh-alarms-cleaner.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | 19 | exec aodh-expirer 20 | -------------------------------------------------------------------------------- /aodh/templates/bin/_db-sync.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Copyright 2019 Wind River Systems, Inc. 5 | 6 | Licensed under the Apache License, Version 2.0 (the "License"); 7 | you may not use this file except in compliance with the License. 8 | You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, software 13 | distributed under the License is distributed on an "AS IS" BASIS, 14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | See the License for the specific language governing permissions and 16 | limitations under the License. 17 | */}} 18 | 19 | set -ex 20 | 21 | exec aodh-dbsync 22 | -------------------------------------------------------------------------------- /barbican/.helmignore: -------------------------------------------------------------------------------- 1 | values_overrides 2 | -------------------------------------------------------------------------------- /barbican/templates/bin/_bootstrap.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | {{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} 19 | -------------------------------------------------------------------------------- /bindep.txt: -------------------------------------------------------------------------------- 1 | # This file facilitates OpenStack-CI package installation 2 | # before the execution of any tests. 3 | 4 | # Required to build language docs 5 | gettext 6 | -------------------------------------------------------------------------------- /ceilometer/templates/bin/_bootstrap.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | {{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} 19 | -------------------------------------------------------------------------------- /ceilometer/templates/bin/_db-sync.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | 19 | exec ceilometer-upgrade 20 | -------------------------------------------------------------------------------- /ceph-client/templates/bin/_bootstrap.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | {{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} 19 | -------------------------------------------------------------------------------- /ceph-mon/templates/bin/_bootstrap.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | {{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} 19 | -------------------------------------------------------------------------------- /ceph-mon/templates/bin/keys/_bootstrap-keyring-generator.py.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/python 2 | import os 3 | import struct 4 | import time 5 | import base64 6 | key = os.urandom(16) 7 | header = struct.pack( 8 | '=2.0.0,!=2.1.0 # BSD 6 | openstackdocstheme>=2.2.1 # Apache-2.0 7 | reno>=3.1.0 # Apache-2.0 8 | -------------------------------------------------------------------------------- /doc/source/_static/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-helm/3c7964f1c5c43c18686833f9a39f122cc8c21dd7/doc/source/_static/.placeholder -------------------------------------------------------------------------------- /doc/source/chart/index.rst: -------------------------------------------------------------------------------- 1 | Chart Options 2 | ============= 3 | 4 | Here are the charts with their documented values.yaml's for OpenStack Helm: 5 | 6 | .. toctree:: 7 | :maxdepth: 2 8 | 9 | openstack_charts 10 | infra_charts 11 | -------------------------------------------------------------------------------- /doc/source/chart/openstack_charts.rst: -------------------------------------------------------------------------------- 1 | OpenStack charts options 2 | ------------------------ 3 | 4 | .. toctree:: 5 | :maxdepth: 2 6 | 7 | aodh 8 | barbican 9 | ceilometer 10 | cinder 11 | cyborg 12 | designate 13 | glance 14 | heat 15 | horizon 16 | ironic 17 | keystone 18 | magnum 19 | manila 20 | masakari 21 | mistral 22 | monasca 23 | neutron 24 | nova 25 | octavia 26 | openstack 27 | placement 28 | rally 29 | skyline 30 | tacker 31 | tempest 32 | -------------------------------------------------------------------------------- /doc/source/devref/index.rst: -------------------------------------------------------------------------------- 1 | Developer References 2 | ==================== 3 | 4 | Contents: 5 | 6 | .. toctree:: 7 | :maxdepth: 2 8 | 9 | endpoints 10 | images 11 | networking 12 | oslo-config 13 | pod-disruption-budgets 14 | upgrades 15 | fluent-logging 16 | node-and-label-specific-configurations 17 | -------------------------------------------------------------------------------- /doc/source/index.rst: -------------------------------------------------------------------------------- 1 | Welcome to OpenStack-Helm's documentation! 2 | ========================================== 3 | 4 | Contents: 5 | 6 | .. toctree:: 7 | :maxdepth: 2 8 | 9 | readme 10 | install/index 11 | chart/index 12 | devref/index 13 | testing/index 14 | monitoring/index 15 | logging/index 16 | upgrade/index 17 | troubleshooting/index 18 | specs/index 19 | 20 | Indices and Tables 21 | ================== 22 | 23 | * :ref:`genindex` 24 | * :ref:`search` 25 | -------------------------------------------------------------------------------- /doc/source/install/before_starting.rst: -------------------------------------------------------------------------------- 1 | Before starting 2 | =============== 3 | 4 | The OpenStack-Helm charts are published in the `openstack-helm`_ helm repository. 5 | Let's enable it: 6 | 7 | .. code-block:: bash 8 | 9 | helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm 10 | 11 | The OpenStack-Helm `plugin`_ provides some helper commands used later on. 12 | So, let's install it: 13 | 14 | .. code-block:: bash 15 | 16 | helm plugin install https://opendev.org/openstack/openstack-helm-plugin 17 | 18 | .. _openstack-helm: https://tarballs.opendev.org/openstack/openstack-helm 19 | .. _plugin: https://opendev.org/openstack/openstack-helm-plugin.git 20 | -------------------------------------------------------------------------------- /doc/source/install/index.rst: -------------------------------------------------------------------------------- 1 | Installation 2 | ============ 3 | 4 | Here are sections that describe how to install OpenStack using OpenStack-Helm: 5 | 6 | .. toctree:: 7 | :maxdepth: 2 8 | 9 | before_starting 10 | kubernetes 11 | prerequisites 12 | openstack 13 | -------------------------------------------------------------------------------- /doc/source/install/ingress.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-helm/3c7964f1c5c43c18686833f9a39f122cc8c21dd7/doc/source/install/ingress.jpg -------------------------------------------------------------------------------- /doc/source/logging/index.rst: -------------------------------------------------------------------------------- 1 | OpenStack-Helm Logging 2 | ====================== 3 | 4 | Contents: 5 | 6 | .. toctree:: 7 | :maxdepth: 2 8 | 9 | elasticsearch 10 | fluent-logging 11 | kibana 12 | -------------------------------------------------------------------------------- /doc/source/monitoring/index.rst: -------------------------------------------------------------------------------- 1 | OpenStack-Helm Monitoring 2 | ========================= 3 | 4 | Contents: 5 | 6 | .. toctree:: 7 | :maxdepth: 2 8 | 9 | grafana 10 | prometheus 11 | nagios 12 | -------------------------------------------------------------------------------- /doc/source/readme.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../../README.rst 2 | -------------------------------------------------------------------------------- /doc/source/testing/ceph-resiliency/index.rst: -------------------------------------------------------------------------------- 1 | =============== 2 | Ceph Resiliency 3 | =============== 4 | 5 | .. toctree:: 6 | :maxdepth: 2 7 | 8 | README 9 | monitor-failure 10 | osd-failure 11 | disk-failure 12 | host-failure 13 | failure-domain 14 | validate-object-replication 15 | namespace-deletion 16 | -------------------------------------------------------------------------------- /doc/source/testing/index.rst: -------------------------------------------------------------------------------- 1 | ======= 2 | Testing 3 | ======= 4 | 5 | .. toctree:: 6 | :maxdepth: 2 7 | 8 | helm-tests 9 | ceph-resiliency/index 10 | ceph-upgrade 11 | ceph-node-resiliency 12 | -------------------------------------------------------------------------------- /doc/source/troubleshooting/ubuntu-hwe-kernel.rst: -------------------------------------------------------------------------------- 1 | ================= 2 | Ubuntu HWE Kernel 3 | ================= 4 | 5 | To make use of CephFS in Ubuntu the HWE Kernel is required, until the issue 6 | described `here `_ 7 | is fixed. 8 | 9 | Installation 10 | ============ 11 | 12 | To deploy the HWE kernel, prior to deploying Kubernetes and OpenStack-Helm 13 | the following commands should be run on each node: 14 | 15 | .. code-block:: shell 16 | 17 | #!/bin/bash 18 | sudo -H apt-get update 19 | sudo -H apt-get install -y linux-generic-hwe-16.04 20 | sudo -H reboot now 21 | -------------------------------------------------------------------------------- /doc/source/upgrade/index.rst: -------------------------------------------------------------------------------- 1 | Upgrade 2 | ======= 3 | 4 | Contents: 5 | 6 | .. toctree:: 7 | :maxdepth: 2 8 | 9 | multiple-osd-releases 10 | -------------------------------------------------------------------------------- /glance/.helmignore: -------------------------------------------------------------------------------- 1 | values_overrides 2 | -------------------------------------------------------------------------------- /glance/templates/bin/_db-sync.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | 19 | glance-manage db_sync 20 | -------------------------------------------------------------------------------- /glance/templates/bin/_nginx.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -xe 3 | 4 | COMMAND="${@:-start}" 5 | 6 | start () { 7 | envsubst < /etc/nginx/nginx.conf > /tmp/nginx.conf 8 | cat /tmp/nginx.conf 9 | nginx -t -c /tmp/nginx.conf 10 | exec nginx -c /tmp/nginx.conf 11 | } 12 | 13 | stop () { 14 | nginx -s stop 15 | } 16 | 17 | $COMMAND 18 | -------------------------------------------------------------------------------- /gnocchi/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /gnocchi/templates/bin/_bootstrap.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | {{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} 19 | -------------------------------------------------------------------------------- /gnocchi/templates/bin/_db-sync.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | 19 | exec gnocchi-upgrade 20 | -------------------------------------------------------------------------------- /gnocchi/templates/bin/_gnocchi-statsd.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -x 18 | exec gnocchi-statsd \ 19 | --config-file /etc/gnocchi/gnocchi.conf 20 | -------------------------------------------------------------------------------- /heat/.helmignore: -------------------------------------------------------------------------------- 1 | values_overrides 2 | -------------------------------------------------------------------------------- /heat/templates/bin/_bootstrap.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | {{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} 19 | -------------------------------------------------------------------------------- /heat/templates/bin/_db-sync.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | 19 | heat-manage db_sync 20 | -------------------------------------------------------------------------------- /heat/templates/bin/_heat-engine-cleaner.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | 19 | heat-manage service clean 20 | -------------------------------------------------------------------------------- /heat/templates/bin/_heat-purge-deleted-active.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | 19 | heat-manage purge_deleted -g minutes "$1" 20 | -------------------------------------------------------------------------------- /horizon/.helmignore: -------------------------------------------------------------------------------- 1 | values_overrides 2 | -------------------------------------------------------------------------------- /ironic/templates/bin/_db-sync.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | 19 | ironic-dbsync upgrade 20 | -------------------------------------------------------------------------------- /keystone/.helmignore: -------------------------------------------------------------------------------- 1 | values_overrides 2 | -------------------------------------------------------------------------------- /keystone/templates/bin/_bootstrap.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | 19 | {{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} 20 | -------------------------------------------------------------------------------- /ldap/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.pyc 16 | *.bak 17 | *.tmp 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | -------------------------------------------------------------------------------- /ldap/templates/bin/_bootstrap.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -xe 3 | 4 | {{- $url := tuple "ldap" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} 5 | {{- $port := tuple "ldap" "internal" "ldap" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} 6 | LDAPHOST="{{ .Values.endpoints.ldap.scheme }}://{{ $url }}:{{ $port }}" 7 | ADMIN="cn={{ .Values.secrets.identity.admin }},{{ tuple .Values.openldap.domain . | include "splitdomain" }}" 8 | ldapadd -x -D $ADMIN -H $LDAPHOST -w {{ .Values.openldap.password }} -f /etc/sample_data.ldif 9 | -------------------------------------------------------------------------------- /libvirt/.helmignore: -------------------------------------------------------------------------------- 1 | values_overrides 2 | -------------------------------------------------------------------------------- /libvirt/templates/configmap-apparmor.yaml: -------------------------------------------------------------------------------- 1 | {{/* 2 | Licensed under the Apache License, Version 2.0 (the "License"); 3 | you may not use this file except in compliance with the License. 4 | You may obtain a copy of the License at 5 | 6 | http://www.apache.org/licenses/LICENSE-2.0 7 | 8 | Unless required by applicable law or agreed to in writing, software 9 | distributed under the License is distributed on an "AS IS" BASIS, 10 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | See the License for the specific language governing permissions and 12 | limitations under the License. 13 | */}} 14 | 15 | {{- dict "envAll" . "component" "libvirt" | include "helm-toolkit.snippets.kubernetes_apparmor_configmap" }} 16 | -------------------------------------------------------------------------------- /magnum/templates/bin/_bootstrap.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | {{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} 19 | -------------------------------------------------------------------------------- /magnum/templates/bin/_db-sync.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | 19 | magnum-db-manage upgrade 20 | -------------------------------------------------------------------------------- /manila/.helmignore: -------------------------------------------------------------------------------- 1 | values_overrides 2 | -------------------------------------------------------------------------------- /manila/templates/bin/_db-sync.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | 19 | exec manila-manage db sync 20 | -------------------------------------------------------------------------------- /mariadb-backup/README.rst: -------------------------------------------------------------------------------- 1 | openstack-helm/mariadb-backup 2 | ====================== 3 | 4 | By default, this chart creates a mariadb-backup cronjob that runs in a schedule 5 | in order to create mysql backups. 6 | 7 | This chart depends on mariadb-cluster chart. 8 | 9 | The backups are stored in a PVC and also are possible to upload then to a remote 10 | RGW container. 11 | 12 | You must ensure that your control nodes that should receive mariadb 13 | instances are labeled with ``openstack-control-plane=enabled``, or 14 | whatever you have configured in values.yaml for the label 15 | configuration: 16 | 17 | :: 18 | 19 | kubectl label nodes openstack-control-plane=enabled --all 20 | -------------------------------------------------------------------------------- /mariadb-cluster/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /mariadb-cluster/README.rst: -------------------------------------------------------------------------------- 1 | openstack-helm/mariadb 2 | ====================== 3 | 4 | By default, this chart creates a 3-member mariadb galera cluster. 5 | 6 | This chart depends on mariadb-operator chart. 7 | 8 | The StatefulSets all leverage PVCs to provide stateful storage to 9 | ``/var/lib/mysql``. 10 | 11 | You must ensure that your control nodes that should receive mariadb 12 | instances are labeled with ``openstack-control-plane=enabled``, or 13 | whatever you have configured in values.yaml for the label 14 | configuration: 15 | 16 | :: 17 | 18 | kubectl label nodes openstack-control-plane=enabled --all 19 | -------------------------------------------------------------------------------- /mariadb/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /masakari/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /masakari/templates/bin/_manage-db.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | exec -ex 18 | 19 | masakari-manage db sync -------------------------------------------------------------------------------- /mistral/templates/bin/_bootstrap.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | {{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} 19 | -------------------------------------------------------------------------------- /monasca/.helmignore: -------------------------------------------------------------------------------- 1 | values_overrides 2 | -------------------------------------------------------------------------------- /monasca/templates/bin/_bootstrap.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | {{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} 19 | -------------------------------------------------------------------------------- /monasca/templates/bin/_db-sync.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | 19 | monasca_db upgrade 20 | 21 | echo 'Finished DB migrations' 22 | -------------------------------------------------------------------------------- /neutron/.helmignore: -------------------------------------------------------------------------------- 1 | values_overrides 2 | -------------------------------------------------------------------------------- /neutron/templates/bin/_bootstrap.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | {{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} 19 | -------------------------------------------------------------------------------- /neutron/templates/bin/_neutron-bagpipe-bgp.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -x 18 | exec bagpipe-bgp 19 | -------------------------------------------------------------------------------- /neutron/templates/bin/_nginx.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -xe 3 | 4 | COMMAND="${@:-start}" 5 | 6 | start () { 7 | envsubst < /etc/nginx/nginx.conf > /tmp/nginx.conf 8 | cat /tmp/nginx.conf 9 | nginx -t -c /tmp/nginx.conf 10 | exec nginx -c /tmp/nginx.conf 11 | } 12 | 13 | stop () { 14 | nginx -s stop 15 | } 16 | 17 | $COMMAND 18 | -------------------------------------------------------------------------------- /nova/.helmignore: -------------------------------------------------------------------------------- 1 | values_overrides 2 | -------------------------------------------------------------------------------- /nova/templates/bin/_fake-iptables.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | exit 0 18 | -------------------------------------------------------------------------------- /nova/templates/bin/_nova-conductor.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -x 18 | exec nova-conductor \ 19 | --config-file /etc/nova/nova.conf 20 | -------------------------------------------------------------------------------- /nova/templates/bin/_nova-scheduler.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -xe 18 | 19 | exec nova-scheduler \ 20 | --config-file /etc/nova/nova.conf 21 | -------------------------------------------------------------------------------- /octavia/templates/secret-db-persistence.yaml: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright 2024 Vexxhost Inc. 3 | SPDX-License-Identifier: APACHE-2.0 4 | */}} 5 | 6 | {{- if .Values.manifests.secret_db_persistence }} 7 | {{- $envAll := . }} 8 | {{- range $key1, $userClass := tuple "admin" "octavia" }} 9 | {{- $secretName := index $envAll.Values.secrets.oslo_db_persistence $userClass }} 10 | --- 11 | apiVersion: v1 12 | kind: Secret 13 | metadata: 14 | name: {{ $secretName }} 15 | type: Opaque 16 | data: 17 | DB_CONNECTION: {{ tuple "oslo_db_persistence" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} 18 | {{- end }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /openstack/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /openstack/charts/glance: -------------------------------------------------------------------------------- 1 | ../../glance/ -------------------------------------------------------------------------------- /openstack/charts/heat: -------------------------------------------------------------------------------- 1 | ../../heat -------------------------------------------------------------------------------- /openstack/charts/helm-toolkit: -------------------------------------------------------------------------------- 1 | ../../helm-toolkit -------------------------------------------------------------------------------- /openstack/charts/horizon: -------------------------------------------------------------------------------- 1 | ../../horizon -------------------------------------------------------------------------------- /openstack/charts/keystone: -------------------------------------------------------------------------------- 1 | ../../keystone/ -------------------------------------------------------------------------------- /openstack/charts/libvirt: -------------------------------------------------------------------------------- 1 | ../../libvirt -------------------------------------------------------------------------------- /openstack/charts/mariadb: -------------------------------------------------------------------------------- 1 | ../../mariadb -------------------------------------------------------------------------------- /openstack/charts/memcached: -------------------------------------------------------------------------------- 1 | ../../memcached -------------------------------------------------------------------------------- /openstack/charts/neutron: -------------------------------------------------------------------------------- 1 | ../../neutron/ -------------------------------------------------------------------------------- /openstack/charts/nova: -------------------------------------------------------------------------------- 1 | ../../nova/ -------------------------------------------------------------------------------- /openstack/charts/openvswitch: -------------------------------------------------------------------------------- 1 | ../../openvswitch -------------------------------------------------------------------------------- /openstack/charts/placement: -------------------------------------------------------------------------------- 1 | ../../placement/ -------------------------------------------------------------------------------- /openstack/charts/rabbitmq: -------------------------------------------------------------------------------- 1 | ../../rabbitmq -------------------------------------------------------------------------------- /openstack/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | The Openstack chart (a.k.a umbrella chart) is deprecated and will be deleted after 2025.2 release. 2 | 3 | For details see the discussion [1]. 4 | 5 | [1] https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/thread/LAFZHXWIEM5MIT2KY2SXBE77NIOG7GK2/ 6 | -------------------------------------------------------------------------------- /openvswitch/.helmignore: -------------------------------------------------------------------------------- 1 | values_overrides 2 | -------------------------------------------------------------------------------- /ovn/.helmignore: -------------------------------------------------------------------------------- 1 | values_overrides 2 | -------------------------------------------------------------------------------- /placement/.helmignore: -------------------------------------------------------------------------------- 1 | values_overrides 2 | -------------------------------------------------------------------------------- /placement/templates/bin/_db-sync.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Copyright 2019 Intel Corporation. 5 | 6 | Licensed under the Apache License, Version 2.0 (the "License"); 7 | you may not use this file except in compliance with the License. 8 | You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, software 13 | distributed under the License is distributed on an "AS IS" BASIS, 14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | See the License for the specific language governing permissions and 16 | limitations under the License. 17 | */}} 18 | 19 | set -ex 20 | 21 | placement-manage db sync 22 | -------------------------------------------------------------------------------- /playbooks/inject-keys.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | tasks: 4 | - name: Put keys to .ssh/authorized_keys 5 | lineinfile: 6 | path: /home/zuul/.ssh/authorized_keys 7 | state: present 8 | line: "{{ item }}" 9 | loop: 10 | - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMyM6sgu/Xgg+VaLJX5c6gy6ynYX7pO7XNobnKotYRulcEkmiLprvLSg+WP25VDAcSoif3rek3qiVnEYh6R2/Go= vlad@russell" 11 | ... 12 | -------------------------------------------------------------------------------- /playbooks/mount-volumes.yaml: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | # See the License for the specific language governing permissions and 11 | # limitations under the License. 12 | 13 | --- 14 | - hosts: all 15 | roles: 16 | - mount-extra-volume 17 | ... 18 | -------------------------------------------------------------------------------- /playbooks/osh-bandit.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: primary 3 | roles: 4 | - ensure-python 5 | - ensure-pip 6 | - osh-bandit 7 | ... 8 | -------------------------------------------------------------------------------- /playbooks/osh-infra-bandit.yaml: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | # See the License for the specific language governing permissions and 11 | # limitations under the License. 12 | 13 | --- 14 | - hosts: primary 15 | roles: 16 | - ensure-python 17 | - ensure-pip 18 | - osh-bandit 19 | ... 20 | -------------------------------------------------------------------------------- /playbooks/prepare-hosts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | roles: 4 | - start-zuul-console 5 | - ensure-python 6 | - ensure-pip 7 | - clear-firewall 8 | ... 9 | -------------------------------------------------------------------------------- /playbooks/roles: -------------------------------------------------------------------------------- 1 | ../roles -------------------------------------------------------------------------------- /postgresql/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /postgresql/templates/bin/_readiness.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | 19 | pg_isready -U ${POSTGRES_USER} 20 | -------------------------------------------------------------------------------- /prometheus-mysql-exporter/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /prometheus-mysql-exporter/README.rst: -------------------------------------------------------------------------------- 1 | openstack-helm/mariadb 2 | ====================== 3 | 4 | By default, this chart creates a 3-member mariadb galera cluster. 5 | 6 | This chart depends on mariadb-operator chart. 7 | 8 | The StatefulSets all leverage PVCs to provide stateful storage to 9 | ``/var/lib/mysql``. 10 | 11 | You must ensure that your control nodes that should receive mariadb 12 | instances are labeled with ``openstack-control-plane=enabled``, or 13 | whatever you have configured in values.yaml for the label 14 | configuration: 15 | 16 | :: 17 | 18 | kubectl label nodes openstack-control-plane=enabled --all 19 | -------------------------------------------------------------------------------- /rabbitmq/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | 23 | 24 | -------------------------------------------------------------------------------- /rabbitmq/templates/etc/_enabled_plugins.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Licensed under the Apache License, Version 2.0 (the "License"); 3 | you may not use this file except in compliance with the License. 4 | You may obtain a copy of the License at 5 | 6 | http://www.apache.org/licenses/LICENSE-2.0 7 | 8 | Unless required by applicable law or agreed to in writing, software 9 | distributed under the License is distributed on an "AS IS" BASIS, 10 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | See the License for the specific language governing permissions and 12 | limitations under the License. 13 | */}} 14 | 15 | [{{ include "helm-toolkit.utils.joinListWithComma" .Values.conf.enabled_plugins }}]. 16 | -------------------------------------------------------------------------------- /rally/templates/bin/_bootstrap.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | {{/* 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */}} 15 | 16 | set -ex 17 | {{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} 18 | -------------------------------------------------------------------------------- /redis/templates/test/_redis_test.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -ex 3 | 4 | echo "Start Redis Test" 5 | echo "Print Environmental variables" 6 | echo $REDIS_HOST 7 | echo $REDIS_PORT 8 | echo $REDIS_DB 9 | 10 | python /tmp/python-tests.py 11 | -------------------------------------------------------------------------------- /registry/templates/bin/_registry-proxy.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | 19 | exec nginx -g "daemon off;" 20 | -------------------------------------------------------------------------------- /registry/templates/bin/_registry.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | 19 | exec registry serve /etc/docker/registry/config.yml 20 | -------------------------------------------------------------------------------- /releasenotes/notes/barbican-ead8061b2a6b1b1b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | barbican: 3 | - Use more standard DB config setting 4 | ... 5 | -------------------------------------------------------------------------------- /releasenotes/notes/ca-clusterissuer.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ca-clusterissuer: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Update htk requirements 5 | - 0.1.2 Update Chart.yaml apiVersion to v2 6 | - 2024.2.0 Update version to align with the Openstack release cycle 7 | ... 8 | -------------------------------------------------------------------------------- /releasenotes/notes/ca-issuer.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ca-issuer: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Update apiVersion of Issuer to v1 6 | - 0.1.3 Revert - Update apiVersion of Issuer to v1 7 | - 0.2.0 Only Cert-manager version v1.0.0 or greater will be supported 8 | - 0.2.1 Cert-manager "< v1.0.0" supports cert-manager.io/v1alpha3 else use api cert-manager.io/v1 9 | - 0.2.2 Update htk requirements 10 | - 0.2.3 Update Chart.yaml apiVersion to v2 11 | - 2024.2.0 Update version to align with the Openstack release cycle 12 | ... 13 | -------------------------------------------------------------------------------- /releasenotes/notes/ceph-adapter-rook.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ceph-adapter-rook: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Update Ceph images to Jammy and Reef 18.2.1 5 | - 0.1.2 Update Ceph images to patched 18.2.2 and restore debian-reef repo 6 | - 0.1.3 Simplify and remove unnecessary entities 7 | - 0.1.4 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 8 | - 0.1.5 Update Chart.yaml apiVersion to v2 9 | - 2024.2.0 Update version to align with the Openstack release cycle 10 | ... 11 | -------------------------------------------------------------------------------- /releasenotes/notes/cert-rotation.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | cert-rotation: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Return true if grep finds no match 5 | - 0.1.2 Correct and enhance the rotation script 6 | - 0.1.3 Update htk requirements 7 | - 0.1.4 Consider initContainers when restarting resources 8 | - 0.1.5 Migrated CronJob resource to batch/v1 API version 9 | - 0.1.6 Added OCI registry authentication 10 | - 0.1.7 Update all Ceph images to Focal 11 | - 0.1.8 Update Ceph images to Jammy and Reef 18.2.1 12 | - 0.1.9 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 13 | - 0.1.10 Update Chart.yaml apiVersion to v2 14 | - 2024.2.0 Update version to align with the Openstack release cycle 15 | ... 16 | -------------------------------------------------------------------------------- /releasenotes/notes/change-default-ovs-image-c1e24787f1b03170.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - | 4 | The default image used by the openvswitch chart has been changed from a 5 | a Debian based image including a source build of openvswitch v2.8.1 to an 6 | Ubuntu Bionic based image including a distribution provided build of 7 | openvswitch v2.9.2. 8 | ... 9 | -------------------------------------------------------------------------------- /releasenotes/notes/change-memcache-backend-2d85a3c75b32db39.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - | 4 | memcache backend for nova has been changed from oslo_cache.memcache_pool 5 | to dogpile.cache.memcached. You can revert to previous behaviour by 6 | setting conf.nova.cache.backend to "oslo_cache.memcache_pool". 7 | ... 8 | -------------------------------------------------------------------------------- /releasenotes/notes/changed-ovs-dpdk-root-key-f8aaf3ad65189c8a.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - | 4 | The root configuration key of the DPDK section has been changed from 5 | "dpdk" to "ovs_dpdk" to achieve parity with the corresponding configuration 6 | key in the Neutron chart. 7 | ... 8 | -------------------------------------------------------------------------------- /releasenotes/notes/cinder-4e17dd8ee84ca1a2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | cinder: 3 | - Fix ingress resource generation 4 | ... 5 | -------------------------------------------------------------------------------- /releasenotes/notes/cinder-8f8fd56d2c9a5d75.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | cinder: 3 | - | 4 | Add cronjob to purge old deleted database entries 5 | ... 6 | -------------------------------------------------------------------------------- /releasenotes/notes/cinder-a530fe90112c74d1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | cinder: 3 | - | 4 | Unhardcode readiness/liveness probe parameters for cinder-api 5 | ... 6 | -------------------------------------------------------------------------------- /releasenotes/notes/common-f19dec4799b18756.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Add support for runtimeClassName and priorityClassName 5 | ... 6 | -------------------------------------------------------------------------------- /releasenotes/notes/cyborg.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | cyborg: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Migrated PodDisruptionBudget resource to policy/v1 API version 5 | - 0.1.2 Added OCI registry authentication 6 | - 0.1.3 Define service_type in keystone_authtoken to support application credentials with access rules 7 | - 0.1.4 Enable custom annotations for Openstack pods 8 | - 0.1.5 Enable custom annotations for Openstack secrets 9 | - 0.1.6 Update images used by default 10 | - 0.1.7 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 11 | - 0.1.8 Update Chart.yaml apiVersion to v2 12 | - 2024.2.0 Update version to align with the Openstack release cycle 13 | ... 14 | -------------------------------------------------------------------------------- /releasenotes/notes/daemonjob-controller.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | daemonjob-controller: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Add default value for property in x-kubernetes-list-map-keys 6 | - 0.1.3 Update to container image repo k8s.gcr.io 7 | - 0.1.4 Use full image ref for docker official images 8 | - 0.1.5 Update htk requirements 9 | - 0.1.6 Added OCI registry authentication 10 | - 0.1.7 Update kubernetes registry to registry.k8s.io 11 | - 0.1.8 Update Chart.yaml apiVersion to v2 12 | - 2024.2.0 Update version to align with the Openstack release cycle 13 | ... 14 | -------------------------------------------------------------------------------- /releasenotes/notes/designate-9ed4257ab657b224.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | designate: 3 | - | 4 | Add a periodic job to clean Designate services which not report 5 | it's heartbeat within two heartbeat interval cycle. 6 | ... 7 | -------------------------------------------------------------------------------- /releasenotes/notes/elastic-apm-server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | elastic-apm-server: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Use full image ref for docker official images 6 | - 0.1.3 Update htk requirements 7 | - 0.1.4 Added OCI registry authentication 8 | - 0.1.5 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 9 | - 0.1.6 Update Chart.yaml apiVersion to v2 10 | - 2024.2.0 Update version to align with the Openstack release cycle 11 | ... 12 | -------------------------------------------------------------------------------- /releasenotes/notes/elastic-filebeat.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | elastic-filebeat: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Use full image ref for docker official images 6 | - 0.1.3 Update htk requirements 7 | - 0.1.4 Added OCI registry authentication 8 | - 0.1.5 Replace node-role.kubernetes.io/master with control-plane 9 | - 0.1.6 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 10 | - 0.1.7 Update Chart.yaml apiVersion to v2 11 | - 2024.2.0 Update version to align with the Openstack release cycle 12 | ... 13 | -------------------------------------------------------------------------------- /releasenotes/notes/elastic-metricbeat.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | elastic-metricbeat: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Update RBAC apiVersion from /v1beta1 to /v1 6 | - 0.1.3 Use full image ref for docker official images 7 | - 0.1.4 Update htk requirements 8 | - 0.1.5 Added OCI registry authentication 9 | - 0.1.6 Replace node-role.kubernetes.io/master with control-plane 10 | - 0.1.7 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 11 | - 0.1.8 Update Chart.yaml apiVersion to v2 12 | - 2024.2.0 Update version to align with the Openstack release cycle 13 | ... 14 | -------------------------------------------------------------------------------- /releasenotes/notes/elastic-packetbeat.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | elastic-packetbeat: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Use full image ref for docker official images 6 | - 0.1.3 Update htk requirements 7 | - 0.1.4 Added OCI registry authentication 8 | - 0.1.5 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 9 | - 0.1.6 Update Chart.yaml apiVersion to v2 10 | - 2024.2.0 Update version to align with the Openstack release cycle 11 | ... 12 | -------------------------------------------------------------------------------- /releasenotes/notes/elasticsearch-127e34013b70451d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | elasticsearch: 3 | - Upgrade to the latest v8.18.1 4 | - Replace the elasticsearch_templates image with a 5 | lighweight upstream image that includes yq and jq 6 | - Switch to the upstream image, as S3 repository 7 | support is natively integrated starting from v8.x 8 | (https://www.elastic.co/guide/en/elasticsearch/plugins/8.0/repository-s3.html) 9 | and elasticsearch_templates is replaced to use jq 10 | ... 11 | -------------------------------------------------------------------------------- /releasenotes/notes/elasticsearch-653d4b77cf26c277.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | elasticsearch: 3 | - Upgrade the Prometheus elasticsearch-exporter to the latest v1.9.0 4 | - Rename the slm flag according to the changelog 5 | https://github.com/prometheus-community/elasticsearch_exporter/releases/tag/v1.9.0 6 | ... 7 | -------------------------------------------------------------------------------- /releasenotes/notes/etcd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | etcd: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Update to container image repo k8s.gcr.io 6 | - 0.1.3 Use full image ref for docker official images 7 | - 0.1.4 Update htk requirements 8 | - 0.1.5 Added OCI registry authentication 9 | - 0.1.6 Update kubernetes registry to registry.k8s.io 10 | - 0.1.7 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 11 | - 0.1.8 Switch etcd to staetefulset 12 | - 0.1.9 Adding cronjob with etcd compaction 13 | - 0.1.10 Update Chart.yaml apiVersion to v2 14 | - 2024.2.0 Update version to align with the Openstack release cycle 15 | ... 16 | -------------------------------------------------------------------------------- /releasenotes/notes/flannel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | flannel: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Use full image ref for docker official images 6 | - 0.1.3 Update htk requirements 7 | - 0.1.4 Added OCI registry authentication 8 | - 0.1.5 Replace node-role.kubernetes.io/master with control-plane 9 | - 0.1.6 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 10 | - 0.1.7 Update Chart.yaml apiVersion to v2 11 | - 2024.2.0 Update version to align with the Openstack release cycle 12 | ... 13 | -------------------------------------------------------------------------------- /releasenotes/notes/fluentbit.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fluentbit: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Use full image ref for docker official images 6 | - 0.1.3 Update htk requirements 7 | - 0.1.4 Added OCI registry authentication 8 | - 0.1.5 Replace node-role.kubernetes.io/master with control-plane 9 | - 0.1.6 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 10 | - 0.1.7 Update Chart.yaml apiVersion to v2 11 | - 2024.2.0 Update version to align with the Openstack release cycle 12 | ... 13 | -------------------------------------------------------------------------------- /releasenotes/notes/helm-toolkit-49593d58783c3a97.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | helm-toolkit: 3 | - | 4 | Add priorityClassName and runtimeClassName snippets 5 | ... 6 | -------------------------------------------------------------------------------- /releasenotes/notes/helm-toolkit-fa49be61648b2d72.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | helm-toolkit: 3 | - | 4 | Mount volumes requested into the job's pod. 5 | ... 6 | -------------------------------------------------------------------------------- /releasenotes/notes/increase-default-logging-31db0e9d3e51b429.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - | 4 | The logging for barbican, cinder, congress, glance, heat, ironic, 5 | keystone, magnum, mistral, neutron, nova, and senlin has been increased to 6 | log all warnings (and above) to stdout by default. 7 | ... 8 | -------------------------------------------------------------------------------- /releasenotes/notes/keystone-9bca09a40cc3dc68.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Fix the number of max active fernet keys 4 | ... 5 | -------------------------------------------------------------------------------- /releasenotes/notes/keystone-healthcheck-1f72d266f886e735.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | keystone: 3 | - Use oslo.middleware healthcheck endpoint for liveness and readiness 4 | ... 5 | -------------------------------------------------------------------------------- /releasenotes/notes/kibana-c0b39f760a7c5b80.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kibana: 3 | - Upgrade to the latest v8.18.1, in sync with Elasticsearch 4 | ... 5 | -------------------------------------------------------------------------------- /releasenotes/notes/kube-dns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kube-dns: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Update to container image repo k8s.gcr.io 6 | - 0.1.3 Use full image ref for docker official images 7 | - 0.1.4 Update htk requirements 8 | - 0.1.5 Added OCI registry authentication 9 | - 0.1.6 Replace node-role.kubernetes.io/master with control-plane 10 | - 0.1.7 Update kubernetes registry to registry.k8s.io 11 | - 0.1.8 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 12 | - 0.1.9 Update Chart.yaml apiVersion to v2 13 | - 2024.2.0 Update version to align with the Openstack release cycle 14 | ... 15 | -------------------------------------------------------------------------------- /releasenotes/notes/ldap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ldap: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Use full image ref for docker official images 6 | - 0.1.3 Update htk requirements 7 | - 0.1.4 Added OCI registry authentication 8 | - 0.1.5 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 9 | - 0.1.6 Update Chart.yaml apiVersion to v2 10 | - 2024.2.0 Update version to align with the Openstack release cycle 11 | ... 12 | -------------------------------------------------------------------------------- /releasenotes/notes/local-storage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | local-storage: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Update htk requirements 6 | - 0.1.3 Update Chart.yaml apiVersion to v2 7 | - 2024.2.0 Update version to align with the Openstack release cycle 8 | ... 9 | -------------------------------------------------------------------------------- /releasenotes/notes/local-volume-provisioner.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | local-volume-provisioner: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Update Chart.yaml apiVersion to v2 5 | - 2024.2.0 Update version to align with the Openstack release cycle 6 | ... 7 | -------------------------------------------------------------------------------- /releasenotes/notes/lockdown.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | lockdown: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Allows toggling 5 | - 0.1.2 Update Chart.yaml apiVersion to v2 6 | - 2024.2.0 Update version to align with the Openstack release cycle 7 | ... 8 | -------------------------------------------------------------------------------- /releasenotes/notes/manila-7bf5ad7472dbf691.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | manila: 3 | - Use more standard DB config setting 4 | ... 5 | -------------------------------------------------------------------------------- /releasenotes/notes/mariadb-backup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | mariadb-backup: 3 | - 0.0.1 Initial Chart 4 | - 0.0.2 Added staggered backups support 5 | - 0.0.3 Backups verification improvements 6 | - 0.0.4 Added throttling remote backups 7 | - 0.0.5 Add 2024.1 overrides 8 | - 0.0.6 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 9 | - 0.0.7 Add 2024.2 overrides 10 | - 0.0.8 Update Chart.yaml apiVersion to v2 11 | - 2024.2.0 Update version to align with the Openstack release cycle 12 | ... 13 | -------------------------------------------------------------------------------- /releasenotes/notes/mariadb-cluster.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | mariadb-cluster: 3 | - 0.0.1 Initial Chart 4 | - 0.0.2 Enable auto-upgrade 5 | - 0.0.3 Fixed TLS config and added x509 requirement 6 | - 0.0.4 Add 2024.1 overrides 7 | - 0.0.5 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 8 | - 0.0.6 Add 2024.2 overrides 9 | - 0.0.7 Allow to use default storage class 10 | - 0.0.8 Update Chart.yaml apiVersion to v2 11 | - 2024.2.0 Update version to align with the Openstack release cycle 12 | ... 13 | -------------------------------------------------------------------------------- /releasenotes/notes/metacontroller.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | metacontroller: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Fix disappearing metacontroller CRDs on upgrade 6 | - 0.1.3 Use full image ref for docker official images 7 | - 0.1.4 Update htk requirements 8 | - 0.1.5 Fix field validation error 9 | - 0.1.6 Added OCI registry authentication 10 | - 0.1.7 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 11 | - 0.1.8 Update Chart.yaml apiVersion to v2 12 | - 2024.2.0 Update version to align with the Openstack release cycle 13 | ... 14 | -------------------------------------------------------------------------------- /releasenotes/notes/monasca.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | monasca: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Update osh-selenium image used by default 5 | - 0.1.2 Enable custom annotations for Openstack pods 6 | - 0.1.3 Enable custom annotations for Openstack secrets 7 | - 0.1.4 Update images used by default 8 | - 0.1.5 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 9 | - 0.1.6 Update Chart.yaml apiVersion to v2 10 | - 2024.2.0 Update version to align with the Openstack release cycle 11 | ... 12 | -------------------------------------------------------------------------------- /releasenotes/notes/mongodb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | mongodb: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Use full image ref for docker official images 6 | - 0.1.3 Update htk requirements 7 | - 0.1.4 Added OCI registry authentication 8 | - 0.1.5 Add conf file for MongoDB 9 | - 0.1.6 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 10 | - 0.1.7 Update Chart.yaml apiVersion to v2 11 | - 2024.2.0 Update version to align with the Openstack release cycle 12 | ... 13 | -------------------------------------------------------------------------------- /releasenotes/notes/namespace-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | namespace-config: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Grant access to existing PodSecurityPolicy 5 | - 0.1.2 Rmove PodSecurityPolicy 6 | - 0.1.3 Update Chart.yaml apiVersion to v2 7 | - 2024.2.0 Update version to align with the Openstack release cycle 8 | ... 9 | -------------------------------------------------------------------------------- /releasenotes/notes/neutron-013c9be46456b92c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | neutron: 3 | - | 4 | Fix neutron ironic agent fail to start with missing host information. 5 | ... 6 | -------------------------------------------------------------------------------- /releasenotes/notes/neutron-b2247f89a5f258aa.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # To create a new release note related to a specific chart: 3 | # reno new 4 | # 5 | # To create a new release note for a common change (when multiple charts 6 | # are changed): 7 | # reno new common 8 | neutron: 9 | - | 10 | Add interface name parameter for DPDK configs 11 | ... 12 | -------------------------------------------------------------------------------- /releasenotes/notes/neutron-b225c11a5e1d522d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | neutron: 3 | - | 4 | Fix OVN support in neutron DHCP. 5 | ... 6 | -------------------------------------------------------------------------------- /releasenotes/notes/neutron-c0c7ca4e49cbf03c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | neutron: 3 | - | 4 | Fix port duplication in neutron server deployment 5 | ... 6 | -------------------------------------------------------------------------------- /releasenotes/notes/neutron-f0674e08d80fc203.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | neutron: 3 | - | 4 | Add new cron job for neutron ovn db sync that runs evey 5 mins by default. 5 | This could be use as log alert if any part out of sync. 6 | Or it can be use as automatic repair method to prevent 7 | OVN DB got modified and failed it's purpose. 8 | This cron job is default disabled. 9 | Set `.Values.manifests.cron_job_ovn_db_sync_repair` to 10 | `true` to enable the cronjob. 11 | The sync mode for the cronjob is default only for check sync status. 12 | Set `.Values.jobs.ovn_db_sync_repair.sync_mode` to `repair` for enable 13 | automatic repair and sync OVN DB from Neutron DB. 14 | ... 15 | -------------------------------------------------------------------------------- /releasenotes/notes/nfs-provisioner.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nfs-provisioner: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Use full image ref for docker official images 6 | - 0.1.3 Update htk requirements 7 | - 0.1.4 Added OCI registry authentication 8 | - 0.1.5 Update image version 9 | - 0.1.6 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 10 | - 0.1.7 Update Chart.yaml apiVersion to v2 11 | - 2024.2.0 Update version to align with the Openstack release cycle 12 | ... 13 | -------------------------------------------------------------------------------- /releasenotes/notes/nova-b0749b6144e2b871.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nova: 3 | - Add custom annotations to the nova-cell-setup job 4 | ... 5 | -------------------------------------------------------------------------------- /releasenotes/notes/nova-c59fc7469b3a8500.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nova: 3 | - Add serialproxy support 4 | ... 5 | -------------------------------------------------------------------------------- /releasenotes/notes/openvswitch-0b37403ffc75bb63.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | openvswitch: 3 | - Change Open vSwitch to run with non-root user 4 | ... 5 | -------------------------------------------------------------------------------- /releasenotes/notes/openvswitch-5c0d74ca4f420e56.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | openvswitch: 3 | - Set nova user as owner for hugepages mount path 4 | ... 5 | -------------------------------------------------------------------------------- /releasenotes/notes/openvswitch-e761d6733b84bdc7.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | openvswitch: 3 | - Make the --user flag for OVS server optional 4 | ... 5 | -------------------------------------------------------------------------------- /releasenotes/notes/other-23a753cb53b10bb8.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - | 4 | Use Loci images by default in all charts. Loci builds 5 | images using periodic pipeline and publishes them to 6 | Docker Hub registry and to Quay registry which has 7 | more tolerant rate limits which is more convenient for 8 | users with anonymous accounts. 9 | ... 10 | -------------------------------------------------------------------------------- /releasenotes/notes/ovn-3b9e82e5d469bc98.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Implement daemonset overrides 4 | ... 5 | -------------------------------------------------------------------------------- /releasenotes/notes/ovn-50ba6d3611decff9.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ovn: 3 | - Add OVN Kubernetes support 4 | ... 5 | -------------------------------------------------------------------------------- /releasenotes/notes/ovn-a82eced671495a3d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ovn: 3 | - Add OVN network logging parser 4 | ... 5 | -------------------------------------------------------------------------------- /releasenotes/notes/panko.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | panko: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.2.0 Remove support for releases before T 6 | - 1.0.0 Removed due to retirement 7 | ... 8 | -------------------------------------------------------------------------------- /releasenotes/notes/podsecuritypolicy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | podsecuritypolicy: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Update htk requirements 6 | - 1.0.0 Remove chart due to PodSecurityPolicy deprecation 7 | ... 8 | -------------------------------------------------------------------------------- /releasenotes/notes/powerdns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | powerdns: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Use full image ref for docker official images 6 | - 0.1.3 Helm 3 - Fix Job labels 7 | - 0.1.4 Update htk requirements 8 | - 0.1.5 Update default image values 9 | - 0.1.6 Added OCI registry authentication 10 | - 0.1.7 Add 2023.1 Ubuntu Focal overrides 11 | - 0.1.8 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 12 | - 0.1.9 Add 2024.1 Ubuntu Jammy overrides 13 | - 0.1.10 Add 2024.2 overrides 14 | - 0.1.11 Update Chart.yaml apiVersion to v2 15 | - 2024.2.0 Update version to align with the Openstack release cycle 16 | ... 17 | -------------------------------------------------------------------------------- /releasenotes/notes/prometheus-blackbox-exporter.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prometheus-blackbox-exporter: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Rename image key name 6 | - 0.1.3 Update htk requirements 7 | - 0.1.4 Fix indentation 8 | - 0.1.5 Added OCI registry authentication 9 | - 0.1.6 Update Chart.yaml apiVersion to v2 10 | - 2024.2.0 Update version to align with the Openstack release cycle 11 | ... 12 | -------------------------------------------------------------------------------- /releasenotes/notes/prometheus-kube-state-metrics.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prometheus-kube-state-metrics: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Update to make current 6 | - 0.1.3 Update image version from v2.0.0-alpha to v2.0.0-alpha-1 7 | - 0.1.4 Use full image ref for docker official images 8 | - 0.1.5 Fix helm3 compatability 9 | - 0.1.6 Update htk requirements 10 | - 0.1.7 Added OCI registry authentication 11 | - 0.1.8 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 12 | - 0.1.9 Update Chart.yaml apiVersion to v2 13 | - 2024.2.0 Update version to align with the Openstack release cycle 14 | ... 15 | -------------------------------------------------------------------------------- /releasenotes/notes/prometheus-mysql-exporter.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prometheus-mysql-exporter: 3 | - 0.0.1 Initial Chart 4 | - 0.0.2 Add 2024.1 overrides 5 | - 0.0.3 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 6 | - 0.0.4 Fix typo in the values_overrides directory name 7 | - 0.0.5 Add 2024.2 overrides 8 | - 0.0.6 Update Chart.yaml apiVersion to v2 9 | - 2024.2.0 Update version to align with the Openstack release cycle 10 | ... 11 | -------------------------------------------------------------------------------- /releasenotes/notes/prometheus-node-exporter.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prometheus-node-exporter: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Add possibility to use overrides for some charts 6 | - 0.1.3 Use full image ref for docker official images 7 | - 0.1.4 Update htk requirements 8 | - 0.1.5 Added OCI registry authentication 9 | - 0.1.6 Replace node-role.kubernetes.io/master with control-plane 10 | - 0.1.7 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 11 | - 0.1.8 Update Chart.yaml apiVersion to v2 12 | - 2024.2.0 Update version to align with the Openstack release cycle 13 | ... 14 | -------------------------------------------------------------------------------- /releasenotes/notes/prometheus-process-exporter.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prometheus-process-exporter: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Fix values_overrides directory naming 6 | - 0.1.3 Use full image ref for docker official images 7 | - 0.1.4 Update htk requirements 8 | - 0.1.5 Added OCI registry authentication 9 | - 0.1.6 Replace node-role.kubernetes.io/master with control-plane 10 | - 0.1.7 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 11 | - 0.1.8 Update Chart.yaml apiVersion to v2 12 | - 2024.2.0 Update version to align with the Openstack release cycle 13 | ... 14 | -------------------------------------------------------------------------------- /releasenotes/notes/redis.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | redis: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Use full image ref for docker official images 6 | - 0.1.3 Update htk requirements 7 | - 0.1.4 Added OCI registry authentication 8 | - 0.1.5 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 9 | - 0.1.6 Update Chart.yaml apiVersion to v2 10 | - 2024.2.0 Update version to align with the Openstack release cycle 11 | ... 12 | -------------------------------------------------------------------------------- /releasenotes/notes/rename-ceph-rbd-pool-app-name.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - | 4 | rbd_pool_app_name is a Ceph pool attribute. Moving it from conf.software.rbd to 5 | conf.ceph.pools as app_name. This means that conf.software.rbd.rbd_pool_app_name 6 | is now conf.ceph.pools.cinder.volumes.app_name and conf.software.rbd.rbd_pool_app_name_backup 7 | is now conf.ceph.pools.backup.app_name. 8 | ... 9 | -------------------------------------------------------------------------------- /releasenotes/notes/shaker.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | shaker: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" 5 | - 0.1.2 Use full image ref for docker official images 6 | - 0.1.3 Fix helm3 linting issue 7 | - 0.1.4 Update htk requirements 8 | - 0.1.5 Update default image value 9 | - 0.1.6 Added OCI registry authentication 10 | - 0.1.7 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 11 | - 0.1.8 Update Chart.yaml apiVersion to v2 12 | - 2024.2.0 Update version to align with the Openstack release cycle 13 | ... 14 | -------------------------------------------------------------------------------- /releasenotes/notes/skyline-794e9be9cc48f98d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | skyline: 3 | - | 4 | Initial release of the Skyline chart 5 | ... 6 | -------------------------------------------------------------------------------- /releasenotes/notes/tacker.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | tacker: 3 | - 0.1.0 Initial Chart 4 | - 0.1.1 Add Ubuntu Jammy overrides 5 | - 0.1.2 Add 2023.2 Ubuntu Jammy overrides 6 | - 0.1.3 Add 2024.1 overrides 7 | - 0.1.4 Enable custom annotations for Openstack secrets 8 | - 0.1.5 Update images used by default 9 | - 0.1.6 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default 10 | - 0.1.7 Add Tacker Test Job 11 | - 0.1.8 Add 2024.2 Ubuntu Jammy overrides 12 | - 0.1.9 Update Chart.yaml apiVersion to v2 13 | - 2024.2.0 Update version to align with the Openstack release cycle 14 | ... 15 | -------------------------------------------------------------------------------- /releasenotes/requirements.txt: -------------------------------------------------------------------------------- 1 | # The order of packages is significant, because pip processes them in the order 2 | # of appearance. Changing the order has an impact on the overall integration 3 | # process, which may cause wedges in the gate later. 4 | 5 | sphinx>=2.0.0,!=2.1.0 # BSD 6 | openstackdocstheme>=2.2.1 # Apache-2.0 7 | reno>=3.1.0 # Apache-2.0 8 | -------------------------------------------------------------------------------- /releasenotes/source/current.rst: -------------------------------------------------------------------------------- 1 | ============================== 2 | Current Series Release Notes 3 | ============================== 4 | 5 | .. release-notes:: 6 | -------------------------------------------------------------------------------- /releasenotes/source/index.rst: -------------------------------------------------------------------------------- 1 | ============================= 2 | OpenStack-Helm Release Notes 3 | ============================= 4 | 5 | .. toctree:: 6 | :maxdepth: 1 7 | 8 | current 9 | -------------------------------------------------------------------------------- /roles/build-helm-packages/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | # See the License for the specific language governing permissions and 11 | # limitations under the License. 12 | 13 | --- 14 | version: 15 | helm: v3.12.2 16 | url: 17 | helm_repo: https://get.helm.sh 18 | ... 19 | -------------------------------------------------------------------------------- /roles/build-helm-packages/templates/helm-serve.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Helm Server 3 | After=network.target 4 | 5 | [Service] 6 | User={{ helm_server_user.stdout }} 7 | Restart=always 8 | ExecStart=/usr/bin/helm serve 9 | 10 | [Install] 11 | WantedBy=multi-user.target 12 | -------------------------------------------------------------------------------- /roles/deploy-docker/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | # See the License for the specific language governing permissions and 11 | # limitations under the License. 12 | 13 | --- 14 | proxy: 15 | http: null 16 | https: null 17 | noproxy: null 18 | ... 19 | -------------------------------------------------------------------------------- /roles/deploy-docker/templates/http-proxy.conf.j2: -------------------------------------------------------------------------------- 1 | [Service] 2 | Environment="HTTP_PROXY={{ proxy.http }}" 3 | Environment="HTTPS_PROXY={{ proxy.https }}" 4 | Environment="NO_PROXY={{ proxy.noproxy }}" 5 | -------------------------------------------------------------------------------- /roles/deploy-env/files/cluster_resolv.conf: -------------------------------------------------------------------------------- 1 | nameserver 10.96.0.10 2 | -------------------------------------------------------------------------------- /roles/deploy-env/files/daemon.json: -------------------------------------------------------------------------------- 1 | { 2 | "data-root": "{{ docker.root_path }}", 3 | "exec-opts": ["native.cgroupdriver=systemd"], 4 | "log-driver": "json-file", 5 | "log-opts": { 6 | "max-size": "100m" 7 | }, 8 | {% if registry_mirror is defined %} 9 | "registry-mirrors": ["{{ registry_mirror }}"], 10 | {% endif %} 11 | {% if insecure_registries is defined %} 12 | "insecure-registries": ["{{ insecure_registries }}"], 13 | {% endif %} 14 | "storage-driver": "overlay2", 15 | "live-restore": true 16 | } 17 | -------------------------------------------------------------------------------- /roles/deploy-env/files/hosts: -------------------------------------------------------------------------------- 1 | 127.0.0.1 localhost 2 | {{ ansible_default_ipv4['address'] }} {{ ansible_hostname }} 3 | {% if buildset_registry is defined and (buildset_registry.host | ipaddr) %} 4 | {{ buildset_registry.host }} zuul-jobs.buildset-registry 5 | {% endif %} 6 | -------------------------------------------------------------------------------- /roles/deploy-env/files/hosts.toml: -------------------------------------------------------------------------------- 1 | {% if item.skip_server is not defined or not item.skip_server %} 2 | server = "{{ item.server | default('https://' + item.namespace) }}" 3 | {% endif %} 4 | 5 | [host."{{ item.mirror }}"] 6 | capabilities = ["pull", "resolve", "push"] 7 | {% if item.ca is defined %} 8 | ca = "{{ item.ca }}" 9 | {% endif %} 10 | {% if item.skip_verify is defined and item.skip_verify %} 11 | skip_verify = true 12 | {% endif %} 13 | -------------------------------------------------------------------------------- /roles/deploy-env/files/kubeadm_config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kubeproxy.config.k8s.io/v1alpha1 3 | kind: KubeProxyConfiguration 4 | mode: ipvs 5 | ipvs: 6 | strictARP: true 7 | ... 8 | --- 9 | apiVersion: kubeadm.k8s.io/v1beta3 10 | kind: ClusterConfiguration 11 | networking: 12 | serviceSubnet: "{{ kubeadm.service_cidr }}" # --service-cidr 13 | podSubnet: "{{ kubeadm.pod_network_cidr }}" # --pod-network-cidr 14 | dnsDomain: "cluster.local" 15 | ... 16 | --- 17 | apiVersion: kubeadm.k8s.io/v1beta3 18 | kind: InitConfiguration 19 | nodeRegistration: 20 | taints: [] 21 | ... 22 | --- 23 | apiVersion: kubeadm.k8s.io/v1beta3 24 | kind: JoinConfiguration 25 | nodeRegistration: 26 | taints: [] 27 | ... 28 | -------------------------------------------------------------------------------- /roles/deploy-env/files/loop-setup.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Setup loop devices 3 | DefaultDependencies=no 4 | Conflicts=umount.target 5 | Before=local-fs.target 6 | After=systemd-udevd.service 7 | Requires=systemd-udevd.service 8 | 9 | [Service] 10 | Type=oneshot 11 | ExecStart=/sbin/losetup {{ loopback_device }} '{{ loopback_image }}' 12 | ExecStop=/sbin/losetup -d {{ loopback_device }} 13 | TimeoutSec=60 14 | RemainAfterExit=yes 15 | 16 | [Install] 17 | WantedBy=local-fs.target 18 | Also=systemd-udevd.service 19 | -------------------------------------------------------------------------------- /roles/deploy-env/files/resolv.conf: -------------------------------------------------------------------------------- 1 | nameserver {{ nameserver_ip }} 2 | -------------------------------------------------------------------------------- /roles/deploy-env/files/ssh_config: -------------------------------------------------------------------------------- 1 | StrictHostKeyChecking no 2 | -------------------------------------------------------------------------------- /roles/deploy-env/tasks/flannel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add Flannel Helm repo 3 | become_user: "{{ kubectl.user }}" 4 | when: inventory_hostname in (groups['primary'] | default([])) 5 | block: 6 | - name: Add Flannel chart repo 7 | shell: | 8 | helm repo add flannel https://flannel-io.github.io/flannel/ 9 | 10 | - name: Install Flannel 11 | shell: | 12 | helm upgrade --install flannel flannel/flannel \ 13 | --version {{ flannel_version }} \ 14 | --namespace kube-flannel \ 15 | --create-namespace \ 16 | --set podCidr="{{ kubeadm.pod_network_cidr }}" 17 | ... 18 | -------------------------------------------------------------------------------- /roles/deploy-package/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | # See the License for the specific language governing permissions and 11 | # limitations under the License. 12 | 13 | --- 14 | proxy: 15 | http: null 16 | https: null 17 | noproxy: null 18 | ... 19 | -------------------------------------------------------------------------------- /roles/deploy-python-pip/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | # See the License for the specific language governing permissions and 11 | # limitations under the License. 12 | 13 | --- 14 | proxy: 15 | http: null 16 | https: null 17 | noproxy: null 18 | ... 19 | -------------------------------------------------------------------------------- /roles/mount-extra-volume/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | # See the License for the specific language governing permissions and 11 | # limitations under the License. 12 | 13 | --- 14 | extra_volume: 15 | size: 80G 16 | type: Linux 17 | mount_point: /opt/ext_vol 18 | ... 19 | -------------------------------------------------------------------------------- /roles/osh-bandit/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | # See the License for the specific language governing permissions and 11 | # limitations under the License. 12 | 13 | --- 14 | work_dir: "{{ zuul.project.src_dir }}" 15 | helm_version: "v3.6.3" 16 | bandit_version: "1.7.1" 17 | ... 18 | -------------------------------------------------------------------------------- /roles/override-images/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | # See the License for the specific language governing permissions and 11 | # limitations under the License. 12 | 13 | --- 14 | work_dir: "{{ zuul.project.src_dir }}" 15 | ... 16 | -------------------------------------------------------------------------------- /roles/upgrade-host/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | # See the License for the specific language governing permissions and 11 | # limitations under the License. 12 | 13 | --- 14 | ubuntu_kernel_hwe: false 15 | ... 16 | -------------------------------------------------------------------------------- /shaker/templates/bin/_run-tests.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {{/* 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */}} 16 | 17 | set -ex 18 | 19 | {{ .Values.conf.script }} 20 | -------------------------------------------------------------------------------- /tacker/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /tacker/templates/bin/_db-sync.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | {{/* 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */}} 15 | 16 | set -ex 17 | 18 | tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head 19 | -------------------------------------------------------------------------------- /tools/debug_sleep.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sleep 86400 4 | -------------------------------------------------------------------------------- /tools/deployment/baremetal/030-ceph.sh: -------------------------------------------------------------------------------- 1 | ../component/ceph/ceph.sh -------------------------------------------------------------------------------- /tools/deployment/baremetal/035-ceph-ns-activate.sh: -------------------------------------------------------------------------------- 1 | ../component/ceph/ceph-ns-activate.sh -------------------------------------------------------------------------------- /tools/deployment/baremetal/040-mariadb.sh: -------------------------------------------------------------------------------- 1 | ../component/common/mariadb.sh -------------------------------------------------------------------------------- /tools/deployment/baremetal/050-rabbitmq.sh: -------------------------------------------------------------------------------- 1 | ../component/common/rabbitmq.sh -------------------------------------------------------------------------------- /tools/deployment/baremetal/060-memcached.sh: -------------------------------------------------------------------------------- 1 | ../component/common/memcached.sh -------------------------------------------------------------------------------- /tools/deployment/baremetal/070-keystone.sh: -------------------------------------------------------------------------------- 1 | ../component/keystone/keystone.sh -------------------------------------------------------------------------------- /tools/deployment/baremetal/090-glance.sh: -------------------------------------------------------------------------------- 1 | ../component/glance/glance.sh -------------------------------------------------------------------------------- /tools/deployment/baremetal/100-heat.sh: -------------------------------------------------------------------------------- 1 | ../component/heat/heat.sh -------------------------------------------------------------------------------- /tools/deployment/common/heat-vm-volume-attach.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | heat_template_version: 2016-10-14 3 | 4 | parameters: 5 | instance_uuid: 6 | type: string 7 | 8 | resources: 9 | cinder_volume: 10 | type: OS::Cinder::Volume 11 | properties: 12 | name: vol1 13 | size: 1 14 | 15 | cinder_volume_attach: 16 | type: OS::Cinder::VolumeAttachment 17 | properties: 18 | instance_uuid: 19 | get_param: instance_uuid 20 | volume_id: 21 | get_resource: cinder_volume 22 | ... 23 | -------------------------------------------------------------------------------- /tools/deployment/common/prepare-charts.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Licensed under the Apache License, Version 2.0 (the "License"); 3 | # you may not use this file except in compliance with the License. 4 | # You may obtain a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, 10 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | set -ex 15 | 16 | # Build all OSH charts 17 | make all SKIP_CHANGELOG=1 18 | -------------------------------------------------------------------------------- /tools/deployment/common/run-helm-tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -x 3 | 4 | APPLICATION=$1 5 | RELEASE_GROUP=${2:-${APPLICATION}} 6 | NAMESPACE=${3:-openstack} 7 | : ${HELM_TESTS_TRIES:=2} 8 | timeout=${OSH_TEST_TIMEOUT:-900} 9 | 10 | run_tests() { 11 | # Delete the test pod if it still exists 12 | kubectl delete pods -l application=${APPLICATION},release_group=${RELEASE_GROUP},component=test --namespace=${NAMESPACE} --ignore-not-found 13 | helm test ${APPLICATION} --timeout ${timeout}s --namespace=${NAMESPACE} 14 | } 15 | 16 | for i in $(seq 1 ${HELM_TESTS_TRIES}); do 17 | echo "Run helm tests for ${APPLICATION}. Try #${i}" 18 | run_tests 19 | RC=$? 20 | [ ${RC} -eq "0" ] && break 21 | done 22 | exit ${RC} 23 | -------------------------------------------------------------------------------- /tools/deployment/common/sleep.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -ex 4 | 5 | while true; do 6 | echo "Sleeping for 100 seconds..." 7 | done 8 | -------------------------------------------------------------------------------- /tools/gate/selenium/grafana-selenium.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -xe 4 | 5 | export CHROMEDRIVER="${CHROMEDRIVER:="/etc/selenium/chromedriver"}" 6 | export ARTIFACTS_DIR="${ARTIFACTS_DIR:="/tmp/artifacts/"}" 7 | 8 | export GRAFANA_USER="admin" 9 | export GRAFANA_PASSWORD="password" 10 | export GRAFANA_URI="grafana.osh-infra.svc.cluster.local" 11 | 12 | python3 $(readlink -f $(dirname $0))/grafanaSelenium.py 13 | -------------------------------------------------------------------------------- /tools/gate/selenium/nagios-selenium.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -xe 4 | 5 | export CHROMEDRIVER="${CHROMEDRIVER:="/etc/selenium/chromedriver"}" 6 | export ARTIFACTS_DIR="${ARTIFACTS_DIR:="/tmp/artifacts/"}" 7 | 8 | export NAGIOS_USER="nagiosadmin" 9 | export NAGIOS_PASSWORD="password" 10 | export NAGIOS_URI="nagios.osh-infra.svc.cluster.local" 11 | 12 | python3 $(readlink -f $(dirname $0))/nagiosSelenium.py 13 | -------------------------------------------------------------------------------- /tools/gate/selenium/prometheus-selenium.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -xe 4 | 5 | export CHROMEDRIVER="${CHROMEDRIVER:="/etc/selenium/chromedriver"}" 6 | export ARTIFACTS_DIR="${ARTIFACTS_DIR:="/tmp/artifacts/"}" 7 | 8 | export PROMETHEUS_USER="admin" 9 | export PROMETHEUS_PASSWORD="changeme" 10 | export PROMETHEUS_URI="prometheus.osh-infra.svc.cluster.local" 11 | 12 | python3 tools/gate/selenium/prometheusSelenium.py 13 | -------------------------------------------------------------------------------- /tools/gate/selenium/skyline-selenium.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -xe 4 | 5 | export CHROMEDRIVER="${CHROMEDRIVER:="/etc/selenium/chromedriver"}" 6 | export ARTIFACTS_DIR="${ARTIFACTS_DIR:="/tmp/artifacts/"}" 7 | 8 | export SKYLINE_USER="admin" 9 | export SKYLINE_PASSWORD="password" 10 | export SKYLINE_URI="skyline.openstack.svc.cluster.local" 11 | 12 | python3 $(readlink -f $(dirname $0))/skylineSelenium.py 13 | -------------------------------------------------------------------------------- /values_overrides/aodh/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | aodh_api: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | aodh: 18 | custom.tld/key: "value" 19 | tls: 20 | alarming_api_public: 21 | custom.tld/key: "value" 22 | ... 23 | -------------------------------------------------------------------------------- /values_overrides/barbican/2023.1-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | bootstrap: "docker.io/openstackhelm/heat:2023.1-ubuntu_focal" 5 | scripted_test: "docker.io/openstackhelm/heat:2023.1-ubuntu_focal" 6 | db_init: "docker.io/openstackhelm/heat:2023.1-ubuntu_focal" 7 | barbican_db_sync: "docker.io/openstackhelm/barbican:2023.1-ubuntu_focal" 8 | db_drop: "docker.io/openstackhelm/heat:2023.1-ubuntu_focal" 9 | ks_user: "docker.io/openstackhelm/heat:2023.1-ubuntu_focal" 10 | ks_service: "docker.io/openstackhelm/heat:2023.1-ubuntu_focal" 11 | ks_endpoints: "docker.io/openstackhelm/heat:2023.1-ubuntu_focal" 12 | barbican_api: "docker.io/openstackhelm/barbican:2023.1-ubuntu_focal" 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/barbican/2023.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | bootstrap: "docker.io/openstackhelm/heat:2023.1-ubuntu_jammy" 5 | scripted_test: "docker.io/openstackhelm/heat:2023.1-ubuntu_jammy" 6 | db_init: "docker.io/openstackhelm/heat:2023.1-ubuntu_jammy" 7 | barbican_db_sync: "docker.io/openstackhelm/barbican:2023.1-ubuntu_jammy" 8 | db_drop: "docker.io/openstackhelm/heat:2023.1-ubuntu_jammy" 9 | ks_user: "docker.io/openstackhelm/heat:2023.1-ubuntu_jammy" 10 | ks_service: "docker.io/openstackhelm/heat:2023.1-ubuntu_jammy" 11 | ks_endpoints: "docker.io/openstackhelm/heat:2023.1-ubuntu_jammy" 12 | barbican_api: "docker.io/openstackhelm/barbican:2023.1-ubuntu_jammy" 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/barbican/2023.2-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | bootstrap: "quay.io/airshipit/heat:2023.2-ubuntu_jammy" 5 | scripted_test: "quay.io/airshipit/heat:2023.2-ubuntu_jammy" 6 | db_init: "quay.io/airshipit/heat:2023.2-ubuntu_jammy" 7 | barbican_db_sync: "quay.io/airshipit/barbican:2023.2-ubuntu_jammy" 8 | db_drop: "quay.io/airshipit/heat:2023.2-ubuntu_jammy" 9 | ks_user: "quay.io/airshipit/heat:2023.2-ubuntu_jammy" 10 | ks_service: "quay.io/airshipit/heat:2023.2-ubuntu_jammy" 11 | ks_endpoints: "quay.io/airshipit/heat:2023.2-ubuntu_jammy" 12 | barbican_api: "quay.io/airshipit/barbican:2023.2-ubuntu_jammy" 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/barbican/2024.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | bootstrap: "quay.io/airshipit/heat:2024.1-ubuntu_jammy" 5 | scripted_test: "quay.io/airshipit/heat:2024.1-ubuntu_jammy" 6 | db_init: "quay.io/airshipit/heat:2024.1-ubuntu_jammy" 7 | barbican_db_sync: "quay.io/airshipit/barbican:2024.1-ubuntu_jammy" 8 | db_drop: "quay.io/airshipit/heat:2024.1-ubuntu_jammy" 9 | ks_user: "quay.io/airshipit/heat:2024.1-ubuntu_jammy" 10 | ks_service: "quay.io/airshipit/heat:2024.1-ubuntu_jammy" 11 | ks_endpoints: "quay.io/airshipit/heat:2024.1-ubuntu_jammy" 12 | barbican_api: "quay.io/airshipit/barbican:2024.1-ubuntu_jammy" 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/barbican/2024.2-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | bootstrap: "quay.io/airshipit/heat:2024.2-ubuntu_jammy" 5 | scripted_test: "quay.io/airshipit/heat:2024.2-ubuntu_jammy" 6 | db_init: "quay.io/airshipit/heat:2024.2-ubuntu_jammy" 7 | barbican_db_sync: "quay.io/airshipit/barbican:2024.2-ubuntu_jammy" 8 | db_drop: "quay.io/airshipit/heat:2024.2-ubuntu_jammy" 9 | ks_user: "quay.io/airshipit/heat:2024.2-ubuntu_jammy" 10 | ks_service: "quay.io/airshipit/heat:2024.2-ubuntu_jammy" 11 | ks_endpoints: "quay.io/airshipit/heat:2024.2-ubuntu_jammy" 12 | barbican_api: "quay.io/airshipit/barbican:2024.2-ubuntu_jammy" 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/barbican/2025.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | bootstrap: "quay.io/airshipit/heat:2025.1-ubuntu_jammy" 5 | scripted_test: "quay.io/airshipit/heat:2025.1-ubuntu_jammy" 6 | db_init: "quay.io/airshipit/heat:2025.1-ubuntu_jammy" 7 | barbican_db_sync: "quay.io/airshipit/barbican:2025.1-ubuntu_jammy" 8 | db_drop: "quay.io/airshipit/heat:2025.1-ubuntu_jammy" 9 | ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_jammy" 10 | ks_service: "quay.io/airshipit/heat:2025.1-ubuntu_jammy" 11 | ks_endpoints: "quay.io/airshipit/heat:2025.1-ubuntu_jammy" 12 | barbican_api: "quay.io/airshipit/barbican:2025.1-ubuntu_jammy" 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/barbican/2025.1-ubuntu_noble.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | bootstrap: "quay.io/airshipit/heat:2025.1-ubuntu_noble" 5 | scripted_test: "quay.io/airshipit/heat:2025.1-ubuntu_noble" 6 | db_init: "quay.io/airshipit/heat:2025.1-ubuntu_noble" 7 | barbican_db_sync: "quay.io/airshipit/barbican:2025.1-ubuntu_noble" 8 | db_drop: "quay.io/airshipit/heat:2025.1-ubuntu_noble" 9 | ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_noble" 10 | ks_service: "quay.io/airshipit/heat:2025.1-ubuntu_noble" 11 | ks_endpoints: "quay.io/airshipit/heat:2025.1-ubuntu_noble" 12 | barbican_api: "quay.io/airshipit/barbican:2025.1-ubuntu_noble" 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/barbican/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | barbican_api: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | barbican: 18 | custom.tld/key: "value" 19 | tls: 20 | key_manager_api_public: 21 | custom.tld/key: "value" 22 | ... 23 | -------------------------------------------------------------------------------- /values_overrides/barbican/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | barbican-api: 6 | barbican-api: runtime/default 7 | init: runtime/default 8 | barbican-test: 9 | init: runtime/default 10 | barbican-test: runtime/default 11 | ... 12 | -------------------------------------------------------------------------------- /values_overrides/barbican/tls-offloading.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | identity: 4 | auth: 5 | admin: 6 | cacert: /etc/ssl/certs/openstack-helm.crt 7 | barbican: 8 | cacert: /etc/ssl/certs/openstack-helm.crt 9 | 10 | tls: 11 | identity: true 12 | ... 13 | -------------------------------------------------------------------------------- /values_overrides/barbican/tls.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | manifests: 3 | certificates: true 4 | tls: 5 | identity: true 6 | oslo_messaging: true 7 | oslo_db: true 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/barbican/xena-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | bootstrap: "docker.io/openstackhelm/heat:xena-ubuntu_focal" 5 | scripted_test: "docker.io/openstackhelm/heat:xena-ubuntu_focal" 6 | db_init: "docker.io/openstackhelm/heat:xena-ubuntu_focal" 7 | barbican_db_sync: "docker.io/openstackhelm/barbican:xena-ubuntu_focal" 8 | db_drop: "docker.io/openstackhelm/heat:xena-ubuntu_focal" 9 | ks_user: "docker.io/openstackhelm/heat:xena-ubuntu_focal" 10 | ks_service: "docker.io/openstackhelm/heat:xena-ubuntu_focal" 11 | ks_endpoints: "docker.io/openstackhelm/heat:xena-ubuntu_focal" 12 | barbican_api: "docker.io/openstackhelm/barbican:xena-ubuntu_focal" 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/barbican/yoga-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | bootstrap: "docker.io/openstackhelm/heat:yoga-ubuntu_focal" 5 | scripted_test: "docker.io/openstackhelm/heat:yoga-ubuntu_focal" 6 | db_init: "docker.io/openstackhelm/heat:yoga-ubuntu_focal" 7 | barbican_db_sync: "docker.io/openstackhelm/barbican:yoga-ubuntu_focal" 8 | db_drop: "docker.io/openstackhelm/heat:yoga-ubuntu_focal" 9 | ks_user: "docker.io/openstackhelm/heat:yoga-ubuntu_focal" 10 | ks_service: "docker.io/openstackhelm/heat:yoga-ubuntu_focal" 11 | ks_endpoints: "docker.io/openstackhelm/heat:yoga-ubuntu_focal" 12 | barbican_api: "docker.io/openstackhelm/barbican:yoga-ubuntu_focal" 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/barbican/zed-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | bootstrap: "docker.io/openstackhelm/heat:zed-ubuntu_focal" 5 | scripted_test: "docker.io/openstackhelm/heat:zed-ubuntu_focal" 6 | db_init: "docker.io/openstackhelm/heat:zed-ubuntu_focal" 7 | barbican_db_sync: "docker.io/openstackhelm/barbican:zed-ubuntu_focal" 8 | db_drop: "docker.io/openstackhelm/heat:zed-ubuntu_focal" 9 | ks_user: "docker.io/openstackhelm/heat:zed-ubuntu_focal" 10 | ks_service: "docker.io/openstackhelm/heat:zed-ubuntu_focal" 11 | ks_endpoints: "docker.io/openstackhelm/heat:zed-ubuntu_focal" 12 | barbican_api: "docker.io/openstackhelm/barbican:zed-ubuntu_focal" 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/barbican/zed-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | bootstrap: "docker.io/openstackhelm/heat:zed-ubuntu_jammy" 5 | scripted_test: "docker.io/openstackhelm/heat:zed-ubuntu_jammy" 6 | db_init: "docker.io/openstackhelm/heat:zed-ubuntu_jammy" 7 | barbican_db_sync: "docker.io/openstackhelm/barbican:zed-ubuntu_jammy" 8 | db_drop: "docker.io/openstackhelm/heat:zed-ubuntu_jammy" 9 | ks_user: "docker.io/openstackhelm/heat:zed-ubuntu_jammy" 10 | ks_service: "docker.io/openstackhelm/heat:zed-ubuntu_jammy" 11 | ks_endpoints: "docker.io/openstackhelm/heat:zed-ubuntu_jammy" 12 | barbican_api: "docker.io/openstackhelm/barbican:zed-ubuntu_jammy" 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/ceilometer/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | ceilometer_compute: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | ceilometer: 18 | custom.tld/key: "value" 19 | ... 20 | -------------------------------------------------------------------------------- /values_overrides/ceph-client/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | ceph-checkdns: 6 | ceph-checkdns: runtime/default 7 | init: runtime/default 8 | ceph-mds: 9 | ceph-mds: runtime/default 10 | ceph-init-dirs: runtime/default 11 | ceph-rbd-pool: 12 | ceph-rbd-pool: runtime/default 13 | init: runtime/default 14 | ceph-client-bootstrap: 15 | ceph-client-bootstrap: runtime/default 16 | init: runtime/default 17 | ceph-client-test: 18 | init: runtime/default 19 | ceph-cluster-helm-test: runtime/default 20 | bootstrap: 21 | enabled: true 22 | manifests: 23 | job_bootstrap: true 24 | 25 | ... 26 | -------------------------------------------------------------------------------- /values_overrides/ceph-osd/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | ceph-osd-default: 6 | ceph-osd-default: runtime/default 7 | log-runner: runtime/default 8 | ceph-init-dirs: runtime/default 9 | ceph-log-ownership: runtime/default 10 | osd-init: runtime/default 11 | init: runtime/default 12 | ceph-osd-test: 13 | init: runtime/default 14 | ceph-cluster-helm-test: runtime/default 15 | ceph-osd-post-apply: 16 | ceph-osd-post-apply: runtime/default 17 | init: runtime/default 18 | lifecycle: 19 | upgrades: 20 | daemonsets: 21 | pod_replacement_strategy: OnDelete 22 | ... 23 | -------------------------------------------------------------------------------- /values_overrides/ceph-rgw/netpol.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | manifests: 3 | network_policy: true 4 | network_policy: 5 | rgw: 6 | egress: 7 | - to: 8 | - ipBlock: 9 | cidr: 172.17.0.1/16 10 | - to: 11 | ports: 12 | - protocol: TCP 13 | port: 80 14 | - protocol: TCP 15 | port: 443 16 | - to: 17 | - ipBlock: 18 | cidr: %%%REPLACE_API_ADDR%%%/32 19 | ports: 20 | - protocol: TCP 21 | port: %%%REPLACE_API_PORT%%% 22 | ... 23 | -------------------------------------------------------------------------------- /values_overrides/cinder/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | cinder_api: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | cinder: 18 | custom.tld/key: "value" 19 | rbd: 20 | volume_external: 21 | custom.tld/key: "value" 22 | tls: 23 | volume_api_public: 24 | custom.tld/key: "value" 25 | ... 26 | -------------------------------------------------------------------------------- /values_overrides/cinder/netpol.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | manifests: 3 | network_policy: true 4 | network_policy: 5 | cinder: 6 | egress: 7 | - to: 8 | - ipBlock: 9 | cidr: 172.17.0.1/16 10 | - to: 11 | - ipBlock: 12 | cidr: %%%REPLACE_API_ADDR%%%/16 13 | - to: 14 | - ipBlock: 15 | cidr: %%%REPLACE_API_ADDR%%%/32 16 | ports: 17 | - protocol: TCP 18 | port: %%%REPLACE_API_PORT%%% 19 | ... 20 | -------------------------------------------------------------------------------- /values_overrides/cinder/nfs-cinder-backup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | conf: 3 | cinder: 4 | DEFAULT: 5 | backup_driver: cinder.backup.drivers.nfs.NFSBackupDriver 6 | backup_mount_point_base: /backup/openstack/cinder 7 | backup_share: 10.30.1.3:/ 8 | pod: 9 | mounts: 10 | cinder_backup: 11 | cinder_backup: 12 | volumeMounts: 13 | - mountPath: /backup 14 | name: nfs-backup 15 | volumes: 16 | - emptyDir: {} 17 | name: nfs-backup 18 | security_context: 19 | cinder_backup: 20 | container: 21 | cinder_backup: 22 | readOnlyRootFilesystem: false 23 | runAsGroup: 42424 24 | runAsUser: 42424 25 | ... 26 | -------------------------------------------------------------------------------- /values_overrides/cinder/qos.yaml: -------------------------------------------------------------------------------- 1 | # NOTE: In this yaml file, an example qos is created 2 | # and associated with volume type rbd1 3 | 4 | --- 5 | bootstrap: 6 | high-iops: 7 | consumer: front-end 8 | properties: 9 | read_iops_sec: 20000 10 | write_iops_sec: 10000 11 | associates: 12 | - rbd1 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/cinder/tls-offloading.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | identity: 4 | auth: 5 | admin: 6 | cacert: /etc/ssl/certs/openstack-helm.crt 7 | test: 8 | cacert: /etc/ssl/certs/openstack-helm.crt 9 | 10 | tls: 11 | identity: true 12 | ... 13 | -------------------------------------------------------------------------------- /values_overrides/cyborg/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | cyborg_api: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | cyborg: 18 | custom.tld/key: "value" 19 | ... 20 | -------------------------------------------------------------------------------- /values_overrides/daemonjob-controller/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | daemonjob-controller: 6 | controller: runtime/default 7 | ... 8 | -------------------------------------------------------------------------------- /values_overrides/designate/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | designate_api: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | designate: 18 | custom.tld/key: "value" 19 | tls: 20 | dns_api_public: 21 | custom.tld/key: "value" 22 | ... 23 | -------------------------------------------------------------------------------- /values_overrides/elastic-apm-server/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | elastic-apm-server: 6 | init: runtime/default 7 | elastic-apm-server: runtime/default 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/elastic-filebeat/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | filebeat: 6 | filebeat: runtime/default 7 | init: runtime/default 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/elasticsearch/local-storage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | replicas: 4 | data: 1 5 | storage: 6 | data: 7 | requests: 8 | storage: 1Gi 9 | storage_class: local-storage 10 | master: 11 | requests: 12 | storage: 1Gi 13 | storage_class: local-storage 14 | manifests: 15 | cron_curator: false 16 | cron_verify_repositories: false 17 | job_snapshot_repository: false 18 | job_elasticsearch_templates: false 19 | job_s3_user: false 20 | job_s3_bucket: false 21 | helm_tests: false 22 | ... 23 | -------------------------------------------------------------------------------- /values_overrides/fluentd/2025.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | # See the License for the specific language governing permissions and 11 | # limitations under the License. 12 | 13 | --- 14 | images: 15 | tags: 16 | helm_tests: quay.io/airshipit/heat:2025.1-ubuntu_jammy 17 | ... 18 | -------------------------------------------------------------------------------- /values_overrides/fluentd/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | fluentd: 6 | fluentd: runtime/default 7 | init: runtime/default 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/glance/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | glance_api: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | glance: 18 | custom.tld/key: "value" 19 | tls: 20 | image_api_public: 21 | custom.tld/key: "value" 22 | ... 23 | -------------------------------------------------------------------------------- /values_overrides/glance/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | glance-api: 6 | glance-api: runtime/default 7 | glance-perms: runtime/default 8 | init: runtime/default 9 | nginx: runtime/default 10 | glance-metadefs-load: 11 | init: runtime/default 12 | glance-metadefs-load: runtime/default 13 | glance-storage-init: 14 | init: runtime/default 15 | glance-storage-init: runtime/default 16 | glance-test: 17 | init: runtime/default 18 | glance-test: runtime/default 19 | glance-test-ks-user: runtime/default 20 | manifests: 21 | certificates: true 22 | ... 23 | -------------------------------------------------------------------------------- /values_overrides/glance/bootstrap-ubuntu-image.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | bootstrap: 3 | structured: 4 | images: 5 | ubuntu_miniaml: 6 | name: "Ubuntu Jammy Minimal" 7 | source_url: "https://cloud-images.ubuntu.com/minimal/releases/jammy/release/" 8 | image_file: "ubuntu-22.04-minimal-cloudimg-amd64.img" 9 | id: null 10 | min_disk: 3 11 | image_type: qcow2 12 | container_format: bare 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/glance/tls-offloading.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | identity: 4 | auth: 5 | admin: 6 | cacert: /etc/ssl/certs/openstack-helm.crt 7 | test: 8 | cacert: /etc/ssl/certs/openstack-helm.crt 9 | 10 | tls: 11 | identity: true 12 | ... 13 | -------------------------------------------------------------------------------- /values_overrides/grafana/sqlite3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | static: 4 | grafana: 5 | jobs: null 6 | services: null 7 | manifests: 8 | job_db_init: false 9 | job_db_init_session: false 10 | job_db_session_sync: false 11 | job_image_repo_sync: true 12 | job_run_migrator: false 13 | job_set_admin_user: false 14 | secret_db: false 15 | secret_db_session: false 16 | conf: 17 | grafana: 18 | database: 19 | type: sqlite3 20 | path: /var/lib/grafana/data/sqlite3.db 21 | session: 22 | provider: file 23 | provider_config: sessions 24 | ... 25 | -------------------------------------------------------------------------------- /values_overrides/heat/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | heat_api: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | heat: 18 | custom.tld/key: "value" 19 | tls: 20 | orchestration_api_public: 21 | custom.tld/key: "value" 22 | ... 23 | -------------------------------------------------------------------------------- /values_overrides/heat/tls-offloading.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | identity: 4 | auth: 5 | admin: 6 | cacert: /etc/ssl/certs/openstack-helm.crt 7 | heat: 8 | cacert: /etc/ssl/certs/openstack-helm.crt 9 | heat_trustee: 10 | cacert: /etc/ssl/certs/openstack-helm.crt 11 | test: 12 | cacert: /etc/ssl/certs/openstack-helm.crt 13 | 14 | tls: 15 | identity: true 16 | ... 17 | -------------------------------------------------------------------------------- /values_overrides/horizon/2023.1-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | db_init: docker.io/openstackhelm/heat:2023.1-ubuntu_focal 5 | db_drop: docker.io/openstackhelm/heat:2023.1-ubuntu_focal 6 | horizon_db_sync: docker.io/openstackhelm/horizon:2023.1-ubuntu_focal 7 | horizon: docker.io/openstackhelm/horizon:2023.1-ubuntu_focal 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/horizon/2023.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | db_init: docker.io/openstackhelm/heat:2023.1-ubuntu_jammy 5 | db_drop: docker.io/openstackhelm/heat:2023.1-ubuntu_jammy 6 | horizon_db_sync: docker.io/openstackhelm/horizon:2023.1-ubuntu_jammy 7 | horizon: docker.io/openstackhelm/horizon:2023.1-ubuntu_jammy 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/horizon/2023.2-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | db_init: quay.io/airshipit/heat:2023.2-ubuntu_jammy 5 | db_drop: quay.io/airshipit/heat:2023.2-ubuntu_jammy 6 | horizon_db_sync: quay.io/airshipit/horizon:2023.2-ubuntu_jammy 7 | horizon: quay.io/airshipit/horizon:2023.2-ubuntu_jammy 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/horizon/2024.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | db_init: quay.io/airshipit/heat:2024.1-ubuntu_jammy 5 | db_drop: quay.io/airshipit/heat:2024.1-ubuntu_jammy 6 | horizon_db_sync: quay.io/airshipit/horizon:2024.1-ubuntu_jammy 7 | horizon: quay.io/airshipit/horizon:2024.1-ubuntu_jammy 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/horizon/2024.2-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | db_init: quay.io/airshipit/heat:2024.2-ubuntu_jammy 5 | db_drop: quay.io/airshipit/heat:2024.2-ubuntu_jammy 6 | horizon_db_sync: quay.io/airshipit/horizon:2024.2-ubuntu_jammy 7 | horizon: quay.io/airshipit/horizon:2024.2-ubuntu_jammy 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/horizon/2025.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | db_init: quay.io/airshipit/heat:2025.1-ubuntu_jammy 5 | db_drop: quay.io/airshipit/heat:2025.1-ubuntu_jammy 6 | horizon_db_sync: quay.io/airshipit/horizon:2025.1-ubuntu_jammy 7 | horizon: quay.io/airshipit/horizon:2025.1-ubuntu_jammy 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/horizon/2025.1-ubuntu_noble.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | db_init: quay.io/airshipit/heat:2025.1-ubuntu_noble 5 | db_drop: quay.io/airshipit/heat:2025.1-ubuntu_noble 6 | horizon_db_sync: quay.io/airshipit/horizon:2025.1-ubuntu_noble 7 | horizon: quay.io/airshipit/horizon:2025.1-ubuntu_noble 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/horizon/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | horizon: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | horizon: 18 | custom.tld/key: "value" 19 | tls: 20 | dashboard_dashboard_public: 21 | custom.tld/key: "value" 22 | ... 23 | -------------------------------------------------------------------------------- /values_overrides/horizon/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | horizon: 6 | horizon: runtime/default 7 | init: runtime/default 8 | horizon-db-sync: 9 | horizon-db-sync: runtime/default 10 | init: runtime/default 11 | horizon-test: 12 | init: runtime/default 13 | horizon-test: runtime/default 14 | ... 15 | -------------------------------------------------------------------------------- /values_overrides/horizon/victoria-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | db_init: docker.io/openstackhelm/heat:victoria-ubuntu_focal 5 | db_drop: docker.io/openstackhelm/heat:victoria-ubuntu_focal 6 | horizon_db_sync: docker.io/openstackhelm/horizon:victoria-ubuntu_focal 7 | horizon: docker.io/openstackhelm/horizon:victoria-ubuntu_focal 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/horizon/wallaby-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | db_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal 5 | db_drop: docker.io/openstackhelm/heat:wallaby-ubuntu_focal 6 | horizon_db_sync: docker.io/openstackhelm/horizon:wallaby-ubuntu_focal 7 | horizon: docker.io/openstackhelm/horizon:wallaby-ubuntu_focal 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/horizon/xena-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | db_init: docker.io/openstackhelm/heat:xena-ubuntu_focal 5 | db_drop: docker.io/openstackhelm/heat:xena-ubuntu_focal 6 | horizon_db_sync: docker.io/openstackhelm/horizon:xena-ubuntu_focal 7 | horizon: docker.io/openstackhelm/horizon:xena-ubuntu_focal 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/horizon/yoga-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | db_init: docker.io/openstackhelm/heat:yoga-ubuntu_focal 5 | db_drop: docker.io/openstackhelm/heat:yoga-ubuntu_focal 6 | horizon_db_sync: docker.io/openstackhelm/horizon:yoga-ubuntu_focal 7 | horizon: docker.io/openstackhelm/horizon:yoga-ubuntu_focal 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/horizon/zed-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | db_init: docker.io/openstackhelm/heat:zed-ubuntu_focal 5 | db_drop: docker.io/openstackhelm/heat:zed-ubuntu_focal 6 | horizon_db_sync: docker.io/openstackhelm/horizon:zed-ubuntu_focal 7 | horizon: docker.io/openstackhelm/horizon:zed-ubuntu_focal 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/horizon/zed-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | db_init: docker.io/openstackhelm/heat:zed-ubuntu_jammy 5 | db_drop: docker.io/openstackhelm/heat:zed-ubuntu_jammy 6 | horizon_db_sync: docker.io/openstackhelm/horizon:zed-ubuntu_jammy 7 | horizon: docker.io/openstackhelm/horizon:zed-ubuntu_jammy 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/ironic/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | ironic_api: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | ironic: 18 | custom.tld/key: "value" 19 | ... 20 | -------------------------------------------------------------------------------- /values_overrides/keystone/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | keystone-api: 6 | keystone-api: runtime/default 7 | keystone-credential-setup: 8 | keystone-credential-setup: runtime/default 9 | keystone-fernet-setup: 10 | keystone-fernet-setup: runtime/default 11 | keystone-credential-cleanup: 12 | keystone-credential-cleanup: runtime/default 13 | keystone-domain-manage: 14 | keystone-domain-manage: runtime/default 15 | keystone-domain-manage-init: runtime/default 16 | keystone-test: 17 | init: runtime/default 18 | keystone-test: runtime/default 19 | keystone-test-ks-user: runtime/default 20 | ... 21 | -------------------------------------------------------------------------------- /values_overrides/keystone/internal-reverse-proxy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | identity: 4 | host_fqdn_override: 5 | public: example.com 6 | scheme: 7 | default: https 8 | public: https 9 | internal: https 10 | service: http 11 | port: 12 | api: 13 | default: 443 14 | internal: 443 15 | service: 5000 16 | ... 17 | -------------------------------------------------------------------------------- /values_overrides/keystone/tls-custom.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | identity: 4 | auth: 5 | admin: 6 | cacert: /etc/ssl/certs/openstack-helm.crt 7 | test: 8 | cacert: /etc/ssl/certs/openstack-helm.crt 9 | 10 | secrets: 11 | tls: 12 | identity: 13 | api: 14 | # manually created 15 | internal: keystone-tls-api 16 | 17 | tls: 18 | identity: true 19 | ... 20 | -------------------------------------------------------------------------------- /values_overrides/kibana/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | kibana: 6 | kibana: runtime/default 7 | init: runtime/default 8 | apache-proxy: runtime/default 9 | register-kibana-indexes: 10 | register-kibana-indexes: runtime/default 11 | init: runtime/default 12 | flush-kibana-metadata: 13 | flush-kibana-metadata: runtime/default 14 | init: runtime/default 15 | ... 16 | -------------------------------------------------------------------------------- /values_overrides/kibana/tls.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | conf: 3 | kibana: 4 | elasticsearch: 5 | ssl: 6 | certificateAuthorities: ["/etc/elasticsearch/certs/ca.crt"] 7 | verificationMode: certificate 8 | endpoints: 9 | elasticsearch: 10 | scheme: 11 | default: "https" 12 | port: 13 | http: 14 | default: 443 15 | kibana: 16 | host_fqdn_override: 17 | default: 18 | tls: 19 | issuerRef: 20 | name: ca-issuer 21 | kind: ClusterIssue 22 | manifests: 23 | certificates: true 24 | ... 25 | -------------------------------------------------------------------------------- /values_overrides/kubernetes-node-problem-detector/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | node-problem-detector: 6 | node-problem-detector: runtime/default 7 | init: runtime/default 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/libvirt/2023.1-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal 5 | ... 6 | -------------------------------------------------------------------------------- /values_overrides/libvirt/2023.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | libvirt: docker.io/openstackhelm/libvirt:2023.1-ubuntu_jammy 5 | ... 6 | -------------------------------------------------------------------------------- /values_overrides/libvirt/2023.2-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | libvirt: docker.io/openstackhelm/libvirt:2023.2-ubuntu_jammy 5 | ... 6 | -------------------------------------------------------------------------------- /values_overrides/libvirt/2024.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | libvirt: docker.io/openstackhelm/libvirt:2024.1-ubuntu_jammy 5 | ... 6 | -------------------------------------------------------------------------------- /values_overrides/libvirt/2024.2-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | libvirt: docker.io/openstackhelm/libvirt:2024.1-ubuntu_jammy 5 | ... 6 | -------------------------------------------------------------------------------- /values_overrides/libvirt/2025.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | libvirt: docker.io/openstackhelm/libvirt:2025.1-ubuntu_noble 5 | ... 6 | -------------------------------------------------------------------------------- /values_overrides/libvirt/2025.1-ubuntu_noble.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | libvirt: docker.io/openstackhelm/libvirt:2025.1-ubuntu_noble 5 | ... 6 | -------------------------------------------------------------------------------- /values_overrides/libvirt/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | libvirt-libvirt-default: 6 | libvirt: runtime/default 7 | ... 8 | -------------------------------------------------------------------------------- /values_overrides/libvirt/cinder-external-ceph-backend.yaml: -------------------------------------------------------------------------------- 1 | # Note: This yaml file serves as an example for overriding the manifest 2 | # to enable additional externally managed Ceph Cinder backend. When additional 3 | # externally managed Ceph Cinder backend is provisioned as shown in 4 | # cinder/values_overrides/external-ceph-backend.yaml of repo openstack-helm, 5 | # below override is needed to store the secret key of the cinder user in 6 | # libvirt. 7 | --- 8 | conf: 9 | ceph: 10 | cinder: 11 | external_ceph: 12 | enabled: true 13 | user: cinder2 14 | secret_uuid: 3f0133e4-8384-4743-9473-fecacc095c74 15 | user_secret_name: cinder-volume-external-rbd-keyring 16 | ... 17 | -------------------------------------------------------------------------------- /values_overrides/libvirt/netpol.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | manifests: 3 | network_policy: true 4 | ... 5 | -------------------------------------------------------------------------------- /values_overrides/libvirt/node_overrides.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # We have two nodes labeled with node-nics-type=4nics and node-nics-type=2nics 3 | # on first node we pick up libvirt bind address from ens3 interface 4 | # on second node we pick up libvirt bind address from ens0 interface 5 | overrides: 6 | libvirt_libvirt: 7 | overrides_default: false 8 | labels: 9 | node-nics-type::4nics: 10 | values: 11 | conf: 12 | dynamic_options: 13 | libvirt: 14 | listen_interface: ens3 15 | node-nics-type::2nics: 16 | values: 17 | conf: 18 | dynamic_options: 19 | libvirt: 20 | listen_interface: ens0 21 | ... 22 | -------------------------------------------------------------------------------- /values_overrides/libvirt/ovn.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | dynamic: 4 | targeted: 5 | openvswitch: 6 | libvirt: 7 | pod: [] 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/libvirt/ssl.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | conf: 3 | libvirt: 4 | listen_tcp: "0" 5 | listen_tls: "1" 6 | listen_addr: 0.0.0.0 7 | ... 8 | -------------------------------------------------------------------------------- /values_overrides/magnum/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | magnum_api: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | magnum: 18 | custom.tld/key: "value" 19 | ... 20 | -------------------------------------------------------------------------------- /values_overrides/manila/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | manila_api: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | manila: 18 | custom.tld/key: "value" 19 | tls: 20 | share_api_public: 21 | custom.tld/key: "value" 22 | ... 23 | -------------------------------------------------------------------------------- /values_overrides/manila/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | manila-api: 6 | manila-api: runtime/default 7 | init: runtime/default 8 | manila-test: 9 | init: runtime/default 10 | manila-test: runtime/default 11 | ... 12 | -------------------------------------------------------------------------------- /values_overrides/manila/tls-offloading.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | identity: 4 | auth: 5 | admin: 6 | cacert: /etc/ssl/certs/openstack-helm.crt 7 | manila: 8 | cacert: /etc/ssl/certs/openstack-helm.crt 9 | 10 | tls: 11 | identity: true 12 | ... 13 | -------------------------------------------------------------------------------- /values_overrides/manila/tls.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | manifests: 3 | certificates: true 4 | ... 5 | -------------------------------------------------------------------------------- /values_overrides/mariadb-backup/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | mariadb-backup: 6 | init: runtime/default 7 | mariadb-backup: runtime/default 8 | mariadb-verify-server: runtime/default 9 | create-sql-user: 10 | init: runtime/default 11 | exporter-create-sql-user: runtime/default 12 | 13 | manifests: 14 | cron_job_mariadb_backup: true 15 | ... 16 | -------------------------------------------------------------------------------- /values_overrides/mariadb-backup/backups.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | conf: 3 | backup: 4 | enabled: true 5 | remote_backup: 6 | enabled: false 7 | volume: 8 | backup: 9 | enabled: true 10 | manifests: 11 | pvc_backup: true 12 | job_ks_user: false 13 | cron_job_mariadb_backup: true 14 | secret_backup_restore: true 15 | ... 16 | -------------------------------------------------------------------------------- /values_overrides/mariadb-backup/tls.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | oslo_db: 4 | host_fqdn_override: 5 | default: 6 | tls: 7 | secretName: mariadb-tls-direct 8 | issuerRef: 9 | name: ca-issuer 10 | kind: ClusterIssuer 11 | manifests: 12 | certificates: true 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/mariadb-cluster/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | mariadb-server: 6 | init-0: runtime/default 7 | agent: runtime/default 8 | init: runtime/default 9 | metrics: runtime/default 10 | mariadb: runtime/default 11 | mariadb-test: 12 | init: runtime/default 13 | mariadb-test: runtime/default 14 | refresh-statefulset: 15 | init: runtime/default 16 | mariadb-refresh-statefulset: runtime/default 17 | 18 | monitoring: 19 | prometheus: 20 | enabled: true 21 | ... 22 | -------------------------------------------------------------------------------- /values_overrides/mariadb-cluster/downscaled.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | conf: 3 | galera: 4 | enabled: false 5 | pod: 6 | replicas: 7 | server: 1 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/mariadb-cluster/local-storage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | replicas: 4 | server: 1 5 | volume: 6 | size: 1Gi 7 | class_name: local-storage 8 | monitoring: 9 | prometheus: 10 | enabled: false 11 | ... 12 | -------------------------------------------------------------------------------- /values_overrides/mariadb-cluster/prometheus.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | monitoring: 3 | prometheus: 4 | enabled: true 5 | manifests: 6 | monitoring: 7 | prometheus: 8 | configmap_bin: true 9 | deployment_exporter: true 10 | job_user_create: true 11 | secret_etc: true 12 | service_exporter: true 13 | network_policy_exporter: true 14 | ... 15 | -------------------------------------------------------------------------------- /values_overrides/mariadb-cluster/tls.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | oslo_db: 4 | host_fqdn_override: 5 | default: 6 | tls: 7 | secretName: mariadb-tls-direct 8 | issuerRef: 9 | name: ca-issuer 10 | kind: ClusterIssuer 11 | manifests: 12 | certificates: true 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/mariadb-cluster/upscaled.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | conf: 3 | galera: 4 | enabled: true 5 | pod: 6 | replicas: 7 | server: 3 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/mariadb/backups.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | conf: 3 | backup: 4 | enabled: true 5 | remote_backup: 6 | enabled: false 7 | volume: 8 | backup: 9 | enabled: true 10 | manifests: 11 | pvc_backup: true 12 | job_ks_user: false 13 | cron_job_mariadb_backup: true 14 | secret_backup_restore: true 15 | ... 16 | -------------------------------------------------------------------------------- /values_overrides/mariadb/local-storage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | replicas: 4 | server: 1 5 | volume: 6 | size: 1Gi 7 | class_name: local-storage 8 | monitoring: 9 | prometheus: 10 | enabled: false 11 | ... 12 | -------------------------------------------------------------------------------- /values_overrides/mariadb/tls.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | security_context: 4 | server: 5 | container: 6 | perms: 7 | readOnlyRootFilesystem: false 8 | mariadb: 9 | runAsUser: 0 10 | allowPrivilegeEscalation: true 11 | readOnlyRootFilesystem: false 12 | endpoints: 13 | oslo_db: 14 | host_fqdn_override: 15 | default: 16 | tls: 17 | secretName: mariadb-tls-direct 18 | issuerRef: 19 | name: ca-issuer 20 | kind: ClusterIssuer 21 | manifests: 22 | certificates: true 23 | ... 24 | -------------------------------------------------------------------------------- /values_overrides/mariadb/wait-for-cluster.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | manifests: 3 | job_cluster_wait: true 4 | ... 5 | -------------------------------------------------------------------------------- /values_overrides/masakari/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | masakari_api: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | masakari: 18 | custom.tld/key: "value" 19 | ... 20 | -------------------------------------------------------------------------------- /values_overrides/memcached/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | prometheus_memcached_exporter: 6 | init: runtime/default 7 | memcached-exporter: runtime/default 8 | memcached: 9 | init: runtime/default 10 | memcached: runtime/default 11 | 12 | monitoring: 13 | prometheus: 14 | enabled: false 15 | ... 16 | -------------------------------------------------------------------------------- /values_overrides/metacontroller/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | metacontroller: 6 | metacontroller: runtime/default 7 | ... 8 | -------------------------------------------------------------------------------- /values_overrides/mistral/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | mistral_api: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | mistral: 18 | custom.tld/key: "value" 19 | ... 20 | -------------------------------------------------------------------------------- /values_overrides/monasca/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | monasca_api: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | tls: 17 | monitoring_api_public: 18 | custom.tld/key: "value" 19 | metrics_db: 20 | influxdb: 21 | custom.tld/key: "value" 22 | ... 23 | -------------------------------------------------------------------------------- /values_overrides/nagios/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | nagios: 6 | nagios: runtime/default 7 | init: runtime/default 8 | define-nagios-hosts: runtime/default 9 | apache-proxy: runtime/default 10 | nagios-test: 11 | init: runtime/default 12 | nagios-helm-tests: runtime/default 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/nagios/tls.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | monitoring: 4 | scheme: 5 | default: "https" 6 | port: 7 | http: 8 | default: 443 9 | elasticsearch: 10 | scheme: 11 | default: "https" 12 | port: 13 | http: 14 | default: 443 15 | manifests: 16 | certificates: true 17 | ... 18 | -------------------------------------------------------------------------------- /values_overrides/neutron/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | neutron_server: 8 | another.tld/foo: "bar" 9 | neutron_rpc_server: 10 | another.tld/foo: "bar" 11 | secret: 12 | default: 13 | custom.tld/key: "value" 14 | custom.tld/key2: "value2" 15 | identity: 16 | admin: 17 | another.tld/foo: "bar" 18 | oci_image_registry: 19 | neutron: 20 | custom.tld/key: "value" 21 | tls: 22 | network_server_public: 23 | custom.tld/key: "value" 24 | ... 25 | -------------------------------------------------------------------------------- /values_overrides/neutron/dpdk.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | network: 3 | interface: 4 | tunnel: null 5 | conf: 6 | plugins: 7 | openvswitch_agent: 8 | agent: 9 | tunnel_types: vxlan 10 | ovs: 11 | bridge_mappings: public:br-ex 12 | datapath_type: netdev 13 | vhostuser_socket_dir: /var/run/openvswitch/vhostuser 14 | ovs_dpdk: 15 | enabled: true 16 | driver: uio_pci_generic 17 | nics: [] 18 | # CHANGE-ME: modify pci_id according to your hardware 19 | # - name: dpdk0 20 | # pci_id: '0000:05:00.0' 21 | # bridge: br-tun 22 | # migrate_ip: true 23 | bridges: 24 | - name: br-tun 25 | bonds: [] 26 | ... 27 | -------------------------------------------------------------------------------- /values_overrides/neutron/gate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | network: 3 | interface: 4 | tunnel: docker0 5 | conf: 6 | neutron: 7 | DEFAULT: 8 | l3_ha: False 9 | max_l3_agents_per_router: 1 10 | l3_ha_network_type: vxlan 11 | dhcp_agents_per_network: 1 12 | plugins: 13 | ml2_conf: 14 | ml2_type_flat: 15 | flat_networks: public 16 | openvswitch_agent: 17 | agent: 18 | tunnel_types: vxlan 19 | ovs: 20 | bridge_mappings: public:br-ex 21 | linuxbridge_agent: 22 | linux_bridge: 23 | bridge_mappings: public:br-ex 24 | ... 25 | -------------------------------------------------------------------------------- /values_overrides/neutron/netpol.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | manifests: 3 | network_policy: true 4 | network_policy: 5 | neutron: 6 | egress: 7 | - to: 8 | - ipBlock: 9 | cidr: %%%REPLACE_API_ADDR%%%/32 10 | ports: 11 | - protocol: TCP 12 | port: %%%REPLACE_API_PORT%%% 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/neutron/tls-offloading.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | identity: 4 | auth: 5 | admin: 6 | cacert: /etc/ssl/certs/openstack-helm.crt 7 | neutron: 8 | cacert: /etc/ssl/certs/openstack-helm.crt 9 | test: 10 | cacert: /etc/ssl/certs/openstack-helm.crt 11 | 12 | tls: 13 | identity: true 14 | ... 15 | -------------------------------------------------------------------------------- /values_overrides/nova/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | nova_api_osapi: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | nova: 18 | custom.tld/key: "value" 19 | tls: 20 | compute_osapi_public: 21 | custom.tld/key: "value" 22 | ssh: 23 | keys: 24 | custom.tld/key: "value" 25 | ... 26 | -------------------------------------------------------------------------------- /values_overrides/nova/dpdk.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | conf: 3 | nova: 4 | libvirt: 5 | virt_type: kvm 6 | cpu_mode: host-model 7 | ... 8 | -------------------------------------------------------------------------------- /values_overrides/nova/netpol.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | manifests: 3 | network_policy: true 4 | network_policy: 5 | nova: 6 | egress: 7 | - to: 8 | - podSelector: 9 | matchLabels: 10 | application: nova 11 | - to: 12 | - ipBlock: 13 | cidr: %%%REPLACE_API_ADDR%%%/32 14 | ports: 15 | - protocol: TCP 16 | port: %%%REPLACE_API_PORT%%% 17 | ... 18 | -------------------------------------------------------------------------------- /values_overrides/nova/opensuse_15.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | conf: 3 | software: 4 | apache2: 5 | binary: apache2ctl 6 | start_parameters: -DFOREGROUND -k start 7 | site_dir: /etc/apache2/vhosts.d 8 | conf_dir: /etc/apache2/conf.d 9 | a2enmod: 10 | - version 11 | security: | 12 | 13 | Options Indexes FollowSymLinks 14 | AllowOverride All 15 | 16 | Require all granted 17 | 18 | 19 | Order allow,deny 20 | Allow from all 21 | 22 | 23 | nova: 24 | DEFAULT: 25 | mkisofs_cmd: mkisofs 26 | ... 27 | -------------------------------------------------------------------------------- /values_overrides/nova/ovn.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | dynamic: 4 | targeted: 5 | openvswitch: 6 | compute: 7 | pod: [] 8 | 9 | conf: 10 | nova: 11 | DEFAULT: 12 | vif_plugging_is_fatal: true 13 | vif_plugging_timeout: 300 14 | ... 15 | -------------------------------------------------------------------------------- /values_overrides/nova/tls-offloading.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | identity: 4 | auth: 5 | admin: 6 | cacert: /etc/ssl/certs/openstack-helm.crt 7 | nova: 8 | cacert: /etc/ssl/certs/openstack-helm.crt 9 | test: 10 | cacert: /etc/ssl/certs/openstack-helm.crt 11 | 12 | tls: 13 | identity: true 14 | ... 15 | -------------------------------------------------------------------------------- /values_overrides/octavia/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | octavia_api: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | octavia: 18 | custom.tld/key: "value" 19 | tls: 20 | load_balancer_api_public: 21 | custom.tld/key: "value" 22 | ... 23 | -------------------------------------------------------------------------------- /values_overrides/openstack/horizon/2023.1-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | horizon: 3 | images: 4 | tags: 5 | db_init: docker.io/openstackhelm/heat:2023.1-ubuntu_focal 6 | db_drop: docker.io/openstackhelm/heat:2023.1-ubuntu_focal 7 | horizon_db_sync: docker.io/openstackhelm/horizon:2023.1-ubuntu_focal 8 | horizon: docker.io/openstackhelm/horizon:2023.1-ubuntu_focal 9 | ... 10 | -------------------------------------------------------------------------------- /values_overrides/openstack/horizon/2023.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | horizon: 3 | images: 4 | tags: 5 | db_init: docker.io/openstackhelm/heat:2023.1-ubuntu_jammy 6 | db_drop: docker.io/openstackhelm/heat:2023.1-ubuntu_jammy 7 | horizon_db_sync: docker.io/openstackhelm/horizon:2023.1-ubuntu_jammy 8 | horizon: docker.io/openstackhelm/horizon:2023.1-ubuntu_jammy 9 | ... 10 | -------------------------------------------------------------------------------- /values_overrides/openstack/horizon/2023.2-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | horizon: 3 | images: 4 | tags: 5 | db_init: quay.io/airshipit/heat:2023.2-ubuntu_jammy 6 | db_drop: quay.io/airshipit/heat:2023.2-ubuntu_jammy 7 | horizon_db_sync: quay.io/airshipit/horizon:2023.2-ubuntu_jammy 8 | horizon: quay.io/airshipit/horizon:2023.2-ubuntu_jammy 9 | ... 10 | -------------------------------------------------------------------------------- /values_overrides/openstack/horizon/2024.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | horizon: 3 | images: 4 | tags: 5 | db_init: quay.io/airshipit/heat:2024.1-ubuntu_jammy 6 | db_drop: quay.io/airshipit/heat:2024.1-ubuntu_jammy 7 | horizon_db_sync: quay.io/airshipit/horizon:2024.1-ubuntu_jammy 8 | horizon: quay.io/airshipit/horizon:2024.1-ubuntu_jammy 9 | ... 10 | -------------------------------------------------------------------------------- /values_overrides/openstack/horizon/2024.2-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | horizon: 3 | images: 4 | tags: 5 | db_init: quay.io/airshipit/heat:2024.2-ubuntu_jammy 6 | db_drop: quay.io/airshipit/heat:2024.2-ubuntu_jammy 7 | horizon_db_sync: quay.io/airshipit/horizon:2024.2-ubuntu_jammy 8 | horizon: quay.io/airshipit/horizon:2024.2-ubuntu_jammy 9 | ... 10 | -------------------------------------------------------------------------------- /values_overrides/openstack/horizon/2025.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | horizon: 3 | images: 4 | tags: 5 | db_init: quay.io/airshipit/heat:2025.1-ubuntu_jammy 6 | db_drop: quay.io/airshipit/heat:2025.1-ubuntu_jammy 7 | horizon_db_sync: quay.io/airshipit/horizon:2025.1-ubuntu_jammy 8 | horizon: quay.io/airshipit/horizon:2025.1-ubuntu_jammy 9 | ... 10 | -------------------------------------------------------------------------------- /values_overrides/openstack/horizon/2025.1-ubuntu_noble.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | horizon: 3 | images: 4 | tags: 5 | db_init: quay.io/airshipit/heat:2025.1-ubuntu_noble 6 | db_drop: quay.io/airshipit/heat:2025.1-ubuntu_noble 7 | horizon_db_sync: quay.io/airshipit/horizon:2025.1-ubuntu_noble 8 | horizon: quay.io/airshipit/horizon:2025.1-ubuntu_noble 9 | ... 10 | -------------------------------------------------------------------------------- /values_overrides/openstack/horizon/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | horizon: 3 | pod: 4 | mandatory_access_control: 5 | type: apparmor 6 | horizon: 7 | horizon: runtime/default 8 | init: runtime/default 9 | horizon-db-sync: 10 | horizon-db-sync: runtime/default 11 | init: runtime/default 12 | horizon-test: 13 | init: runtime/default 14 | horizon-test: runtime/default 15 | ... 16 | -------------------------------------------------------------------------------- /values_overrides/openstack/horizon/victoria-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | horizon: 3 | images: 4 | tags: 5 | db_init: docker.io/openstackhelm/heat:victoria-ubuntu_focal 6 | db_drop: docker.io/openstackhelm/heat:victoria-ubuntu_focal 7 | horizon_db_sync: docker.io/openstackhelm/horizon:victoria-ubuntu_focal 8 | horizon: docker.io/openstackhelm/horizon:victoria-ubuntu_focal 9 | ... 10 | -------------------------------------------------------------------------------- /values_overrides/openstack/horizon/wallaby-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | horizon: 3 | images: 4 | tags: 5 | db_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal 6 | db_drop: docker.io/openstackhelm/heat:wallaby-ubuntu_focal 7 | horizon_db_sync: docker.io/openstackhelm/horizon:wallaby-ubuntu_focal 8 | horizon: docker.io/openstackhelm/horizon:wallaby-ubuntu_focal 9 | ... 10 | -------------------------------------------------------------------------------- /values_overrides/openstack/horizon/xena-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | horizon: 3 | images: 4 | tags: 5 | db_init: docker.io/openstackhelm/heat:xena-ubuntu_focal 6 | db_drop: docker.io/openstackhelm/heat:xena-ubuntu_focal 7 | horizon_db_sync: docker.io/openstackhelm/horizon:xena-ubuntu_focal 8 | horizon: docker.io/openstackhelm/horizon:xena-ubuntu_focal 9 | ... 10 | -------------------------------------------------------------------------------- /values_overrides/openstack/horizon/yoga-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | horizon: 3 | images: 4 | tags: 5 | db_init: docker.io/openstackhelm/heat:yoga-ubuntu_focal 6 | db_drop: docker.io/openstackhelm/heat:yoga-ubuntu_focal 7 | horizon_db_sync: docker.io/openstackhelm/horizon:yoga-ubuntu_focal 8 | horizon: docker.io/openstackhelm/horizon:yoga-ubuntu_focal 9 | ... 10 | -------------------------------------------------------------------------------- /values_overrides/openstack/horizon/zed-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | horizon: 3 | images: 4 | tags: 5 | db_init: docker.io/openstackhelm/heat:zed-ubuntu_focal 6 | db_drop: docker.io/openstackhelm/heat:zed-ubuntu_focal 7 | horizon_db_sync: docker.io/openstackhelm/horizon:zed-ubuntu_focal 8 | horizon: docker.io/openstackhelm/horizon:zed-ubuntu_focal 9 | ... 10 | -------------------------------------------------------------------------------- /values_overrides/openstack/horizon/zed-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | horizon: 3 | images: 4 | tags: 5 | db_init: docker.io/openstackhelm/heat:zed-ubuntu_jammy 6 | db_drop: docker.io/openstackhelm/heat:zed-ubuntu_jammy 7 | horizon_db_sync: docker.io/openstackhelm/horizon:zed-ubuntu_jammy 8 | horizon: docker.io/openstackhelm/horizon:zed-ubuntu_jammy 9 | ... 10 | -------------------------------------------------------------------------------- /values_overrides/openstack/libvirt/2023.1-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | libvirt: 3 | images: 4 | tags: 5 | libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal 6 | ... 7 | -------------------------------------------------------------------------------- /values_overrides/openstack/libvirt/2023.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | libvirt: 3 | images: 4 | tags: 5 | libvirt: docker.io/openstackhelm/libvirt:2023.1-ubuntu_jammy 6 | ... 7 | -------------------------------------------------------------------------------- /values_overrides/openstack/libvirt/2023.2-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | libvirt: 3 | images: 4 | tags: 5 | libvirt: docker.io/openstackhelm/libvirt:2023.2-ubuntu_jammy 6 | ... 7 | -------------------------------------------------------------------------------- /values_overrides/openstack/libvirt/2024.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | libvirt: 3 | images: 4 | tags: 5 | libvirt: docker.io/openstackhelm/libvirt:2024.1-ubuntu_jammy 6 | ... 7 | -------------------------------------------------------------------------------- /values_overrides/openstack/libvirt/2024.2-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | libvirt: 3 | images: 4 | tags: 5 | libvirt: docker.io/openstackhelm/libvirt:2024.2-ubuntu_jammy 6 | ... 7 | -------------------------------------------------------------------------------- /values_overrides/openstack/libvirt/2025.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | libvirt: 3 | images: 4 | tags: 5 | libvirt: docker.io/openstackhelm/libvirt:2025.1-ubuntu_jammy 6 | ... 7 | -------------------------------------------------------------------------------- /values_overrides/openstack/libvirt/2025.1-ubuntu_noble.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | libvirt: 3 | images: 4 | tags: 5 | libvirt: docker.io/openstackhelm/libvirt:2025.1-ubuntu_noble 6 | ... 7 | -------------------------------------------------------------------------------- /values_overrides/openstack/libvirt/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | libvirt: 3 | pod: 4 | mandatory_access_control: 5 | type: apparmor 6 | libvirt-libvirt-default: 7 | libvirt: runtime/default 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/openstack/libvirt/netpol.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | libvirt: 3 | manifests: 4 | network_policy: true 5 | ... 6 | -------------------------------------------------------------------------------- /values_overrides/openstack/libvirt/ssl.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | libvirt: 3 | conf: 4 | libvirt: 5 | listen_tcp: "0" 6 | listen_tls: "1" 7 | listen_addr: 0.0.0.0 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/openstack/libvirt/victoria-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | libvirt: 3 | images: 4 | tags: 5 | libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal 6 | ... 7 | -------------------------------------------------------------------------------- /values_overrides/openstack/libvirt/wallaby-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | libvirt: 3 | images: 4 | tags: 5 | libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal 6 | ... 7 | -------------------------------------------------------------------------------- /values_overrides/openstack/libvirt/zed-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | libvirt: 3 | images: 4 | tags: 5 | libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal 6 | ... 7 | -------------------------------------------------------------------------------- /values_overrides/openstack/libvirt/zed-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | libvirt: 3 | images: 4 | tags: 5 | libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_jammy 6 | ... 7 | -------------------------------------------------------------------------------- /values_overrides/openstack/mariadb/local-storage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | mariadb: 3 | pod: 4 | replicas: 5 | server: 1 6 | volume: 7 | size: 1Gi 8 | class_name: local-storage 9 | monitoring: 10 | prometheus: 11 | enabled: false 12 | ... 13 | -------------------------------------------------------------------------------- /values_overrides/openstack/mariadb/tls.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | mariadb: 3 | pod: 4 | security_context: 5 | server: 6 | container: 7 | perms: 8 | readOnlyRootFilesystem: false 9 | mariadb: 10 | runAsUser: 0 11 | allowPrivilegeEscalation: true 12 | readOnlyRootFilesystem: false 13 | endpoints: 14 | oslo_db: 15 | host_fqdn_override: 16 | default: 17 | tls: 18 | secretName: mariadb-tls-direct 19 | issuerRef: 20 | name: ca-issuer 21 | kind: ClusterIssuer 22 | manifests: 23 | certificates: true 24 | ... 25 | -------------------------------------------------------------------------------- /values_overrides/openstack/memcached/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | memcached: 3 | pod: 4 | mandatory_access_control: 5 | type: apparmor 6 | prometheus_memcached_exporter: 7 | init: runtime/default 8 | memcached-exporter: runtime/default 9 | memcached: 10 | init: runtime/default 11 | memcached: runtime/default 12 | 13 | monitoring: 14 | prometheus: 15 | enabled: false 16 | ... 17 | -------------------------------------------------------------------------------- /values_overrides/openstack/neutron/gate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | neutron: 3 | network: 4 | interface: 5 | tunnel: docker0 6 | conf: 7 | neutron: 8 | DEFAULT: 9 | l3_ha: False 10 | max_l3_agents_per_router: 1 11 | l3_ha_network_type: vxlan 12 | dhcp_agents_per_network: 1 13 | plugins: 14 | ml2_conf: 15 | ml2_type_flat: 16 | flat_networks: public 17 | openvswitch_agent: 18 | agent: 19 | tunnel_types: vxlan 20 | ovs: 21 | bridge_mappings: public:br-ex 22 | linuxbridge_agent: 23 | linux_bridge: 24 | bridge_mappings: public:br-ex 25 | ... 26 | -------------------------------------------------------------------------------- /values_overrides/openstack/neutron/netpol.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | neutron: 3 | manifests: 4 | network_policy: true 5 | network_policy: 6 | neutron: 7 | egress: 8 | - to: 9 | - ipBlock: 10 | cidr: %%%REPLACE_API_ADDR%%%/32 11 | ports: 12 | - protocol: TCP 13 | port: %%%REPLACE_API_PORT%%% 14 | ... 15 | -------------------------------------------------------------------------------- /values_overrides/openstack/nova/netpol.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nova: 3 | manifests: 4 | network_policy: true 5 | network_policy: 6 | nova: 7 | egress: 8 | - to: 9 | - podSelector: 10 | matchLabels: 11 | application: nova 12 | - to: 13 | - ipBlock: 14 | cidr: %%%REPLACE_API_ADDR%%%/32 15 | ports: 16 | - protocol: TCP 17 | port: %%%REPLACE_API_PORT%%% 18 | ... 19 | -------------------------------------------------------------------------------- /values_overrides/openstack/nova/tls-offloading.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nova: 3 | endpoints: 4 | identity: 5 | auth: 6 | admin: 7 | cacert: /etc/ssl/certs/openstack-helm.crt 8 | nova: 9 | cacert: /etc/ssl/certs/openstack-helm.crt 10 | test: 11 | cacert: /etc/ssl/certs/openstack-helm.crt 12 | 13 | tls: 14 | identity: true 15 | ... 16 | -------------------------------------------------------------------------------- /values_overrides/openstack/nova/wallaby.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nova: 3 | conf: 4 | rally_tests: 5 | tests: 6 | NovaAgents.list_agents: [] 7 | ... 8 | -------------------------------------------------------------------------------- /values_overrides/openstack/openvswitch/apparmor.yaml: -------------------------------------------------------------------------------- 1 | # NOTE: Enable this with the correct policy 2 | --- 3 | openvswitch: 4 | pod: 5 | mandatory_access_control: 6 | type: apparmor 7 | openvswitch-vswitchd: 8 | openvswitch-vswitchd: runtime/default 9 | openvswitch-vswitchd-modules: runtime/default 10 | init: runtime/default 11 | openvswitch-db: 12 | openvswitch-db: runtime/default 13 | openvswitch-db-perms: runtime/default 14 | init: runtime/default 15 | ... 16 | -------------------------------------------------------------------------------- /values_overrides/openstack/openvswitch/netpol.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | openvswitch: 3 | manifests: 4 | network_policy: true 5 | ... 6 | -------------------------------------------------------------------------------- /values_overrides/openstack/openvswitch/vswitchd-probes.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | openvswitch: 3 | pod: 4 | probes: 5 | ovs_vswitch: 6 | ovs_vswitch: 7 | liveness: 8 | exec: 9 | - /bin/bash 10 | - -c 11 | - '/usr/bin/ovs-appctl bond/list; C1=$?; ovs-vsctl --column statistics list interface dpdk_b0s0 | grep -q -E "rx_|tx_"; C2=$?; ovs-vsctl --column statistics list interface dpdk_b0s1 | grep -q -E "rx_|tx_"; C3=$?; exit $(($C1+$C2+$C3))' 12 | ... 13 | -------------------------------------------------------------------------------- /values_overrides/openstack/placement/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | placement: 3 | pod: 4 | mandatory_access_control: 5 | type: apparmor 6 | placement-api: 7 | placement-api: runtime/default 8 | init: runtime/default 9 | placement-db-migrate: 10 | init: runtime/default 11 | placement-mysql-migration: runtime/default 12 | 13 | manifests: 14 | job_db_migrate: true 15 | ... 16 | -------------------------------------------------------------------------------- /values_overrides/openstack/placement/netpol.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | placement: 3 | manifests: 4 | network_policy: true 5 | network_policy: 6 | placement: 7 | egress: 8 | - {} 9 | ingress: 10 | - from: 11 | - podSelector: 12 | matchLabels: 13 | application: nova 14 | ports: 15 | - protocol: TCP 16 | port: 8778 17 | - protocol: TCP 18 | port: 80 19 | - protocol: TCP 20 | port: 8080 21 | ... 22 | -------------------------------------------------------------------------------- /values_overrides/openvswitch/apparmor.yaml: -------------------------------------------------------------------------------- 1 | # NOTE: Enable this with the correct policy 2 | --- 3 | pod: 4 | mandatory_access_control: 5 | type: apparmor 6 | openvswitch-vswitchd: 7 | openvswitch-vswitchd: runtime/default 8 | openvswitch-vswitchd-modules: runtime/default 9 | init: runtime/default 10 | openvswitch-db: 11 | openvswitch-db: runtime/default 12 | openvswitch-db-perms: runtime/default 13 | init: runtime/default 14 | ... 15 | -------------------------------------------------------------------------------- /values_overrides/openvswitch/dpdk-ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | openvswitch_db_server: docker.io/openstackhelm/openvswitch:latest-ubuntu_focal-dpdk 5 | openvswitch_vswitchd: docker.io/openstackhelm/openvswitch:latest-ubuntu_focal-dpdk 6 | pod: 7 | resources: 8 | enabled: true 9 | ovs: 10 | vswitchd: 11 | requests: 12 | memory: "2Gi" 13 | cpu: "2" 14 | limits: 15 | memory: "2Gi" 16 | cpu: "2" 17 | hugepages-2Mi: "1Gi" 18 | conf: 19 | ovs_dpdk: 20 | enabled: true 21 | hugepages_mountpath: /dev/hugepages 22 | vhostuser_socket_dir: vhostuser 23 | socket_memory: 512 24 | ... 25 | -------------------------------------------------------------------------------- /values_overrides/openvswitch/netpol.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | manifests: 3 | network_policy: true 4 | ... 5 | -------------------------------------------------------------------------------- /values_overrides/openvswitch/ovn.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | conf: 3 | openvswitch_db_server: 4 | ptcp_port: 6640 5 | ... 6 | -------------------------------------------------------------------------------- /values_overrides/openvswitch/ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | openvswitch_db_server: docker.io/openstackhelm/openvswitch:latest-ubuntu_focal 5 | openvswitch_vswitchd: docker.io/openstackhelm/openvswitch:latest-ubuntu_focal 6 | ... 7 | -------------------------------------------------------------------------------- /values_overrides/openvswitch/ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | openvswitch_db_server: docker.io/openstackhelm/openvswitch:latest-ubuntu_jammy 5 | openvswitch_vswitchd: docker.io/openstackhelm/openvswitch:latest-ubuntu_jammy 6 | ... 7 | -------------------------------------------------------------------------------- /values_overrides/openvswitch/vswitchd-probes.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | probes: 4 | ovs_vswitch: 5 | ovs_vswitch: 6 | liveness: 7 | exec: 8 | - /bin/bash 9 | - -c 10 | - '/usr/bin/ovs-appctl bond/list; C1=$?; ovs-vsctl --column statistics list interface dpdk_b0s0 | grep -q -E "rx_|tx_"; C2=$?; ovs-vsctl --column statistics list interface dpdk_b0s1 | grep -q -E "rx_|tx_"; C3=$?; exit $(($C1+$C2+$C3))' 11 | ... 12 | -------------------------------------------------------------------------------- /values_overrides/ovn/ubuntu_focal.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | ovn_ovsdb_nb: docker.io/openstackhelm/ovn:ubuntu_focal 5 | ovn_ovsdb_sb: docker.io/openstackhelm/ovn:ubuntu_focal 6 | ovn_northd: docker.io/openstackhelm/ovn:ubuntu_focal 7 | ovn_controller: docker.io/openstackhelm/ovn:ubuntu_focal 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/ovn/ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | images: 3 | tags: 4 | ovn_ovsdb_nb: docker.io/openstackhelm/ovn:ubuntu_jammy 5 | ovn_ovsdb_sb: docker.io/openstackhelm/ovn:ubuntu_jammy 6 | ovn_northd: docker.io/openstackhelm/ovn:ubuntu_jammy 7 | ovn_controller: docker.io/openstackhelm/ovn:ubuntu_jammy 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/placement/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | pod: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | placement: 8 | another.tld/foo: "bar" 9 | secret: 10 | default: 11 | custom.tld/key: "value" 12 | custom.tld/key2: "value2" 13 | identity: 14 | admin: 15 | another.tld/foo: "bar" 16 | oci_image_registry: 17 | placement: 18 | custom.tld/key: "value" 19 | tls: 20 | placement_api_public: 21 | custom.tld/key: "value" 22 | ... 23 | -------------------------------------------------------------------------------- /values_overrides/placement/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | placement-api: 6 | placement-api: runtime/default 7 | init: runtime/default 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/placement/netpol.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | manifests: 3 | network_policy: true 4 | network_policy: 5 | placement: 6 | egress: 7 | - {} 8 | ingress: 9 | - from: 10 | - podSelector: 11 | matchLabels: 12 | application: nova 13 | ports: 14 | - protocol: TCP 15 | port: 8778 16 | - protocol: TCP 17 | port: 80 18 | - protocol: TCP 19 | port: 8080 20 | ... 21 | -------------------------------------------------------------------------------- /values_overrides/placement/tls-offloading.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | identity: 4 | auth: 5 | admin: 6 | cacert: /etc/ssl/certs/openstack-helm.crt 7 | placement: 8 | cacert: /etc/ssl/certs/openstack-helm.crt 9 | 10 | tls: 11 | identity: true 12 | ... 13 | -------------------------------------------------------------------------------- /values_overrides/postgresql/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | postgresql: 6 | postgresql: runtime/default 7 | set-volume-perms: runtime/default 8 | init: runtime/default 9 | prometheus-postgresql-exporter: 10 | postgresql-exporter: runtime/default 11 | init: runtime/default 12 | prometheus-postgresql-exporter-create-user: 13 | prometheus-postgresql-exporter-create-user: runtime/default 14 | init: runtime/default 15 | postgresql-backup: 16 | init: runtime/default 17 | backup-perms: runtime/default 18 | postgresql-backup: runtime/default 19 | manifests: 20 | cron_job_postgresql_backup: true 21 | ... 22 | -------------------------------------------------------------------------------- /values_overrides/postgresql/backups.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | conf: 3 | backup: 4 | enabled: true 5 | remote_backup: 6 | enabled: false 7 | volume: 8 | backup: 9 | enabled: true 10 | manifests: 11 | pvc_backup: true 12 | job_ks_user: false 13 | cron_job_postgresql_backup: true 14 | secret_backup_restore: true 15 | ... 16 | -------------------------------------------------------------------------------- /values_overrides/postgresql/netpol.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | manifests: 3 | network_policy: true 4 | network_policy: 5 | postgresql: 6 | egress: 7 | - to: 8 | - ipBlock: 9 | cidr: %%%REPLACE_API_ADDR%%%/32 10 | ports: 11 | - protocol: TCP 12 | port: %%%REPLACE_API_PORT%%% 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/postgresql/tls.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | conf: 3 | postgresql: 4 | ssl: 'on' 5 | pod: 6 | security_context: 7 | server: 8 | container: 9 | perms: 10 | readOnlyRootFilesystem: false 11 | postgresql: 12 | runAsUser: 0 13 | allowPrivilegeEscalation: true 14 | readOnlyRootFilesystem: false 15 | endpoints: 16 | postgresql: 17 | host_fqdn_override: 18 | default: 19 | tls: 20 | secretName: postgresql-tls-direct 21 | issuerRef: 22 | name: ca-issuer 23 | kind: ClusterIssuer 24 | manifests: 25 | certificates: true 26 | ... 27 | -------------------------------------------------------------------------------- /values_overrides/prometheus-alertmanager/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | prometheus-alertmanager: 6 | prometheus-alertmanager: runtime/default 7 | prometheus-alertmanager-perms: runtime/default 8 | init: runtime/default 9 | ... 10 | -------------------------------------------------------------------------------- /values_overrides/prometheus-blackbox-exporter/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | prometheus-blackbox-exporter: 6 | blackbox-exporter: runtime/default 7 | ... 8 | -------------------------------------------------------------------------------- /values_overrides/prometheus-kube-state-metrics/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | kube-state-metrics: 6 | kube-state-metrics: runtime/default 7 | init: runtime/default 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/prometheus-mysql-exporter/prometheus.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | monitoring: 3 | prometheus: 4 | enabled: true 5 | manifests: 6 | monitoring: 7 | prometheus: 8 | configmap_bin: true 9 | deployment_exporter: true 10 | job_user_create: true 11 | secret_etc: true 12 | service_exporter: true 13 | network_policy_exporter: true 14 | ... 15 | -------------------------------------------------------------------------------- /values_overrides/prometheus-mysql-exporter/tls.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | oslo_db: 4 | host_fqdn_override: 5 | default: 6 | tls: 7 | secretName: mariadb-tls-direct 8 | issuerRef: 9 | name: ca-issuer 10 | kind: ClusterIssuer 11 | manifests: 12 | certificates: true 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/prometheus-node-exporter/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | node-exporter: 6 | node-exporter: runtime/default 7 | init: runtime/default 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/prometheus-openstack-exporter/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | prometheus-openstack-exporter: 6 | openstack-metrics-exporter: runtime/default 7 | init: runtime/default 8 | prometheus-openstack-exporter-ks-user: 9 | prometheus-openstack-exporter-ks-user: runtime/default 10 | init: runtime/default 11 | ... 12 | -------------------------------------------------------------------------------- /values_overrides/prometheus-openstack-exporter/netpol.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | manifests: 3 | network_policy: true 4 | ... 5 | -------------------------------------------------------------------------------- /values_overrides/prometheus-openstack-exporter/tls.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | manifests: 3 | certificates: true 4 | ... 5 | -------------------------------------------------------------------------------- /values_overrides/prometheus-process-exporter/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | process-exporter: 6 | process-exporter: runtime/default 7 | init: runtime/default 8 | ... 9 | -------------------------------------------------------------------------------- /values_overrides/prometheus/apparmor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | mandatory_access_control: 4 | type: apparmor 5 | prometheus: 6 | prometheus: runtime/default 7 | prometheus-perms: runtime/default 8 | apache-proxy: runtime/default 9 | init: runtime/default 10 | prometheus-test: 11 | prometheus-helm-tests: runtime/default 12 | init: runtime/default 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/prometheus/local-storage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | pod: 3 | replicas: 4 | prometheus: 1 5 | storage: 6 | requests: 7 | storage: 1Gi 8 | storage_class: local-storage 9 | ... 10 | -------------------------------------------------------------------------------- /values_overrides/rabbitmq/builtin-metrics.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # This enable Rabbitmq built-in prometheus plugin 3 | conf: 4 | enabled_plugins: 5 | - rabbitmq_management 6 | - rabbitmq_peer_discovery_k8s 7 | - rabbitmq_prometheus 8 | 9 | manifests: 10 | monitoring: 11 | prometheus: 12 | configmap_bin: false 13 | deployment_exporter: false 14 | service_exporter: false 15 | network_policy_exporter: false 16 | ... 17 | -------------------------------------------------------------------------------- /values_overrides/rabbitmq/rabbitmq-exporter.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # This enable external pod for rabbitmq-exporter 3 | manifests: 4 | monitoring: 5 | prometheus: 6 | configmap_bin: true 7 | deployment_exporter: true 8 | service_exporter: true 9 | network_policy_exporter: false 10 | ... 11 | -------------------------------------------------------------------------------- /values_overrides/rally/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | secret: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | identity: 8 | admin: 9 | another.tld/foo: "bar" 10 | oci_image_registry: 11 | rally: 12 | custom.tld/key: "value" 13 | ... 14 | -------------------------------------------------------------------------------- /values_overrides/rally/tls-offloading.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | identity: 4 | auth: 5 | admin: 6 | cacert: /etc/ssl/certs/openstack-helm.crt 7 | rally: 8 | cacert: /etc/ssl/certs/openstack-helm.crt 9 | test: 10 | cacert: /etc/ssl/certs/openstack-helm.crt 11 | 12 | tls: 13 | identity: true 14 | ... 15 | -------------------------------------------------------------------------------- /values_overrides/tacker/2023.2-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | # Default values for tacker. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | --- 6 | images: 7 | tags: 8 | tacker_server: quay.io/airshipit/tacker:2023.2-ubuntu_jammy 9 | tacker_conductor: quay.io/airshipit/tacker:2023.2-ubuntu_jammy 10 | db_init: quay.io/airshipit/heat:2023.2-ubuntu_jammy 11 | db_drop: quay.io/airshipit/heat:2023.2-ubuntu_jammy 12 | tacker_db_sync: quay.io/airshipit/tacker:2023.2-ubuntu_jammy 13 | ks_endpoints: quay.io/airshipit/heat:2023.2-ubuntu_jammy 14 | ks_service: quay.io/airshipit/heat:2023.2-ubuntu_jammy 15 | ks_user: quay.io/airshipit/heat:2023.2-ubuntu_jammy 16 | ... 17 | -------------------------------------------------------------------------------- /values_overrides/tacker/2024.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | # Default values for tacker. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | --- 6 | images: 7 | tags: 8 | tacker_server: quay.io/airshipit/tacker:2024.1-ubuntu_jammy 9 | tacker_conductor: quay.io/airshipit/tacker:2024.1-ubuntu_jammy 10 | db_init: quay.io/airshipit/heat:2024.1-ubuntu_jammy 11 | db_drop: quay.io/airshipit/heat:2024.1-ubuntu_jammy 12 | tacker_db_sync: quay.io/airshipit/tacker:2024.1-ubuntu_jammy 13 | ks_endpoints: quay.io/airshipit/heat:2024.1-ubuntu_jammy 14 | ks_service: quay.io/airshipit/heat:2024.1-ubuntu_jammy 15 | ks_user: quay.io/airshipit/heat:2024.1-ubuntu_jammy 16 | ... 17 | -------------------------------------------------------------------------------- /values_overrides/tacker/2024.2-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | # Default values for tacker. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | --- 6 | images: 7 | tags: 8 | tacker_server: quay.io/airshipit/tacker:2024.2-ubuntu_jammy 9 | tacker_conductor: quay.io/airshipit/tacker:2024.2-ubuntu_jammy 10 | db_init: quay.io/airshipit/heat:2024.2-ubuntu_jammy 11 | db_drop: quay.io/airshipit/heat:2024.2-ubuntu_jammy 12 | tacker_db_sync: quay.io/airshipit/tacker:2024.2-ubuntu_jammy 13 | ks_endpoints: quay.io/airshipit/heat:2024.2-ubuntu_jammy 14 | ks_service: quay.io/airshipit/heat:2024.2-ubuntu_jammy 15 | ks_user: quay.io/airshipit/heat:2024.2-ubuntu_jammy 16 | ... 17 | -------------------------------------------------------------------------------- /values_overrides/tacker/2025.1-ubuntu_jammy.yaml: -------------------------------------------------------------------------------- 1 | # Default values for tacker. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | --- 5 | images: 6 | tags: 7 | tacker_server: quay.io/airshipit/tacker:2025.1-ubuntu_jammy 8 | tacker_conductor: quay.io/airshipit/tacker:2025.1-ubuntu_jammy 9 | db_init: quay.io/airshipit/heat:2025.1-ubuntu_jammy 10 | db_drop: quay.io/airshipit/heat:2025.1-ubuntu_jammy 11 | tacker_db_sync: quay.io/airshipit/tacker:2025.1-ubuntu_jammy 12 | ks_endpoints: quay.io/airshipit/heat:2025.1-ubuntu_jammy 13 | ks_service: quay.io/airshipit/heat:2025.1-ubuntu_jammy 14 | ks_user: quay.io/airshipit/heat:2025.1-ubuntu_jammy 15 | ... 16 | -------------------------------------------------------------------------------- /values_overrides/tacker/2025.1-ubuntu_noble.yaml: -------------------------------------------------------------------------------- 1 | # Default values for tacker. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | --- 5 | images: 6 | tags: 7 | tacker_server: quay.io/airshipit/tacker:2025.1-ubuntu_noble 8 | tacker_conductor: quay.io/airshipit/tacker:2025.1-ubuntu_noble 9 | db_init: quay.io/airshipit/heat:2025.1-ubuntu_noble 10 | db_drop: quay.io/airshipit/heat:2025.1-ubuntu_noble 11 | tacker_db_sync: quay.io/airshipit/tacker:2025.1-ubuntu_noble 12 | ks_endpoints: quay.io/airshipit/heat:2025.1-ubuntu_noble 13 | ks_service: quay.io/airshipit/heat:2025.1-ubuntu_noble 14 | ks_user: quay.io/airshipit/heat:2025.1-ubuntu_noble 15 | ... 16 | -------------------------------------------------------------------------------- /values_overrides/tacker/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | secret: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | identity: 8 | admin: 9 | another.tld/foo: "bar" 10 | oci_image_registry: 11 | tacker: 12 | custom.tld/key: "value" 13 | tls: 14 | nfv_orchestration_api_public: 15 | custom.tld/key: "value" 16 | ... 17 | -------------------------------------------------------------------------------- /values_overrides/tempest/annotations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | secret: 4 | default: 5 | custom.tld/key: "value" 6 | custom.tld/key2: "value2" 7 | identity: 8 | admin: 9 | another.tld/foo: "bar" 10 | oci_image_registry: 11 | tempest: 12 | custom.tld/key: "value" 13 | ... 14 | --------------------------------------------------------------------------------