Cert-Rotation

There are various customizations you can do to tailor the deployment of OpenStack Cert-Rotation. You can find those below.

General Parameters

• dependencies.static.cert_rotate

  • Type: string

  • Description:

  • nil

• endpoints.cluster_domain_suffix

  • Type: string

  • Description:

  • “cluster.local”

• endpoints.oci_image_registry.auth.cert-rotation.password

  • Type: string

  • Description:

  • “password”

• endpoints.oci_image_registry.auth.cert-rotation.username

  • Type: string

  • Description:

  • “cert-rotation”

• endpoints.oci_image_registry.auth.enabled

  • Type: bool

  • Description:

  • false

• endpoints.oci_image_registry.host_fqdn_override.default

  • Type: string

  • Description:

  • nil

• endpoints.oci_image_registry.hosts.default

  • Type: string

  • Description:

  • “localhost”

• endpoints.oci_image_registry.name

  • Type: string

  • Description:

  • “oci-image-registry”

• endpoints.oci_image_registry.namespace

  • Type: string

  • Description:

  • “oci-image-registry”

• endpoints.oci_image_registry.port.registry.default

  • Type: string

  • Description:

  • nil

• images.local_registry.active

  • Type: bool

  • Description:

  • false

• images.tags.cert_rotation

  • Type: string

  • Description:

  • “docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy”

• images.tags.dep_check

  • Type: string

  • Description:

  • “quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal”

• jobs.rotate.cron

  • Type: string

  • Description:

  • “0 1 1 * *”

• jobs.rotate.history.failed

  • Type: int

  • Description:

  • 1

• jobs.rotate.history.success

  • Type: int

  • Description:

  • 3

• jobs.rotate.max_days_to_expiry

  • Type: int

  • Description:

  • 45

• jobs.rotate.starting_deadline

  • Type: int

  • Description:

  • 600

• jobs.rotate.suspend

  • Type: bool

  • Description:

  • false

• labels.job.node_selector_key

  • Type: string

  • Description:

  • “openstack-control-plane”

• labels.job.node_selector_value

  • Type: string

  • Description:

  • “enabled”

• manifests.configmap_bin

  • Type: bool

  • Description:

  • true

• manifests.cron_job_cert_rotate

  • Type: bool

  • Description:

  • false

• manifests.job_cert_rotate

  • Type: bool

  • Description:

  • false

• manifests.secret_registry

  • Type: bool

  • Description:

  • true

• pod.resources.enabled

  • Type: bool

  • Description:

  • false

• pod.resources.jobs.cert_rotate.limits.cpu

  • Type: string

  • Description:

  • “2000m”

• pod.resources.jobs.cert_rotate.limits.memory

  • Type: string

  • Description:

  • “1024Mi”

• pod.resources.jobs.cert_rotate.requests.cpu

  • Type: string

  • Description:

  • “100m”

• pod.resources.jobs.cert_rotate.requests.memory

  • Type: string

  • Description:

  • “128Mi”

• pod.security_context.cert_rotate.container.cert_rotate.allowPrivilegeEscalation

  • Type: bool

  • Description:

  • false

• pod.security_context.cert_rotate.container.cert_rotate.readOnlyRootFilesystem

  • Type: bool

  • Description:

  • true

• pod.security_context.cert_rotate.pod.runAsUser

  • Type: int

  • Description:

  • 42424

• secrets.oci_image_registry.cert-rotation

  • Type: string

  • Description:

  • “cert-rotation-oci-image-registry-key”