COMPUTED VALUES: bootstrap: enabled: false ks_user: barbican script: | openstack token issue conf: audit_map: DEFAULT: target_endpoint_type: key-manager custom_actions: acl/get: read path_keywords: cas: None containers: null orders: null project-quotas: null quotas: null secrets: null service_endpoints: key-manager: service/security/keymanager barbican: DEFAULT: transport_url: null barbican_api: bind_port: null database: connection_recycle_time: 600 max_overflow: 50 max_pool_size: 5 max_retries: -1 pool_timeout: 30 keystone_authtoken: auth_type: password auth_uri: http://keystone-api.openstack.svc.cluster.local:5000/ auth_url: http://keystone-api.openstack.svc.cluster.local:5000/ auth_version: v3 memcache_secret_key: Tf2TGZhIN4r1Jp9cEBeS1RuiJd0YBd1P memcache_security_strategy: ENCRYPT memcached_servers: memcached.openstack.svc.cluster.local:11211 password: 7TaWg8ujn2pPlRtR0wmkxhHlQdxSZXya project_domain_name: service project_name: service region_name: RegionOne service_type: key-manager user_domain_name: service username: barbican-RegionOne oslo_messaging_notifications: driver: noop oslo_policy: policy_file: /etc/barbican/policy.yaml simple_crypto_plugin: kek: c3F1dE1kem5ramdOU0FMUkszaGhTS1dtRzFIWklCTmM= barbican_api_uwsgi: uwsgi: add-header: 'Connection: close' buffer-size: 65535 chunked-input-limit: "4096000" die-on-term: true enable-threads: true exit-on-reload: false hook-master-start: unix_signal:15 gracefully_kill_them_all http-auto-chunked: true http-raw-body: true http-socket: 0.0.0.0:9311 lazy-apps: true log-x-forwarded-for: true master: true need-app: true processes: 1 procname-prefix-spaced: 'barbiacan-api:' route-user-agent: '^kube-probe.* donotlog:' socket-timeout: 10 thunder-lock: true worker-reload-mercy: 80 wsgi-file: /var/lib/openstack/bin/barbican-wsgi-api logging: formatter_context: class: oslo_log.formatters.ContextFormatter datefmt: '%Y-%m-%d %H:%M:%S' formatter_default: datefmt: '%Y-%m-%d %H:%M:%S' format: '%(message)s' formatters: keys: - context - default handler_null: args: () class: logging.NullHandler formatter: default handler_stderr: args: (sys.stderr,) class: StreamHandler formatter: context handler_stdout: args: (sys.stdout,) class: StreamHandler formatter: context handlers: keys: - stdout - stderr - "null" logger_amqp: handlers: stderr level: WARNING qualname: amqp logger_amqplib: handlers: stderr level: WARNING qualname: amqplib logger_barbican: handlers: - stdout level: INFO qualname: barbican logger_boto: handlers: stderr level: WARNING qualname: boto logger_eventletwsgi: handlers: stderr level: WARNING qualname: eventlet.wsgi.server logger_root: handlers: "null" level: WARNING logger_sqlalchemy: handlers: stderr level: WARNING qualname: sqlalchemy loggers: keys: - root - barbican paste: app:apiapp: paste.app_factory: barbican.api.app:create_main_app app:versionapp: paste.app_factory: barbican.api.app:create_version_app composite:main: /: barbican_version /v1: barbican-api-keystone use: egg:Paste#urlmap filter:audit: audit_map_file: /etc/barbican/api_audit_map.conf paste.filter_factory: keystonemiddleware.audit:filter_factory filter:authtoken: paste.filter_factory: keystonemiddleware.auth_token:filter_factory filter:context: paste.filter_factory: barbican.api.middleware.context:ContextMiddleware.factory filter:cors: oslo_config_project: barbican paste.filter_factory: oslo_middleware.cors:filter_factory filter:http_proxy_to_wsgi: paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory filter:profile: cachegrind_filename: cachegrind.out.myapp discard_first_request: true flush_at_shutdown: true log_filename: myapp.profile path: /__profile__ unwind: false use: egg:repoze.profile filter:simple: paste.filter_factory: barbican.api.middleware.simple:SimpleFilter.factory filter:unauthenticated-context: paste.filter_factory: barbican.api.middleware.context:UnauthenticatedContextMiddleware.factory pipeline:barbican-api-keystone: pipeline: cors http_proxy_to_wsgi authtoken context apiapp pipeline:barbican-api-keystone-audit: pipeline: http_proxy_to_wsgi authtoken context audit apiapp pipeline:barbican-profile: pipeline: cors http_proxy_to_wsgi unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions profile apiapp pipeline:barbican_api: pipeline: cors http_proxy_to_wsgi unauthenticated-context apiapp pipeline:barbican_version: pipeline: cors http_proxy_to_wsgi versionapp policy: {} rabbitmq: policies: - apply-to: all definition: message-ttl: 70000 name: ha_ttl_barbican pattern: ^(?!(amq\.|reply_)).* priority: 0 vhost: barbican simple_crypto_kek_rewrap: old_kek: c3F1dE1kem5ramdOU0FMUkszaGhTS1dtRzFIWklCTmM= dependencies: dynamic: common: local_image_registry: jobs: - barbican-image-repo-sync services: - endpoint: node service: local_image_registry static: api: jobs: - barbican-db-sync - barbican-ks-user - barbican-ks-endpoints - barbican-rabbit-init services: - endpoint: internal service: oslo_db - endpoint: internal service: identity - endpoint: internal service: oslo_messaging db_drop: services: - endpoint: internal service: oslo_db db_init: services: - endpoint: internal service: oslo_db db_sync: jobs: - barbican-db-init services: - endpoint: internal service: oslo_db image_repo_sync: services: - endpoint: internal service: local_image_registry ks_endpoints: jobs: - barbican-ks-service services: - endpoint: internal service: identity ks_service: services: - endpoint: internal service: identity ks_user: services: - endpoint: internal service: identity rabbit_init: services: - endpoint: internal service: oslo_messaging endpoints: cluster_domain_suffix: cluster.local fluentd: host_fqdn_override: default: null hosts: default: fluentd-logging name: fluentd namespace: null path: default: null port: metrics: default: 24220 service: default: 24224 scheme: http identity: auth: admin: password: gg14tmd3xGNEytbmziYKmXwjd2QGnO7q project_domain_name: default project_name: admin region_name: RegionOne user_domain_name: default username: admin-RegionOne barbican: password: 7TaWg8ujn2pPlRtR0wmkxhHlQdxSZXya project_domain_name: service project_name: service region_name: RegionOne role: admin user_domain_name: service username: barbican-RegionOne host_fqdn_override: default: null public: host: identity.162-253-55-140.nip.io hosts: default: keystone-api internal: keystone-api name: keystone path: default: / port: api: default: 5000 internal: 5000 public: 443 scheme: default: http public: https ingress: hosts: default: ingress name: ingress namespace: null port: ingress: default: 80 key_manager: host_fqdn_override: default: tls: issuerRef: kind: ClusterIssuer name: ca-clusterissuer secretName: barbican-tls-internal public: host: key-manager.162-253-55-140.nip.io hosts: default: barbican-api public: barbican name: barbican path: default: / port: api: default: 9311 public: 443 service: 9311 scheme: default: http public: https service: http kube_dns: host_fqdn_override: default: null hosts: default: kube-dns name: kubernetes-dns namespace: kube-system path: default: null port: dns: default: 53 protocol: UDP scheme: http local_image_registry: host_fqdn_override: default: null hosts: default: localhost internal: docker-registry node: localhost name: docker-registry namespace: docker-registry port: registry: node: 5000 oci_image_registry: auth: barbican: password: password username: barbican enabled: false host_fqdn_override: default: null hosts: default: localhost name: oci-image-registry namespace: oci-image-registry port: registry: default: null oslo_cache: auth: memcache_secret_key: Tf2TGZhIN4r1Jp9cEBeS1RuiJd0YBd1P host_fqdn_override: default: null hosts: default: memcached port: memcache: default: 11211 oslo_db: auth: admin: password: eQ0kOrKBbbVvwY7ibBJWzFYSLq0C4uKm secret: tls: internal: mariadb-tls-direct username: root barbican: password: B2m0FlUN0L0UtrwaWqAS7xMe1pfGDorv username: barbican keystone: password: mVGigqKeYWdO2s3edy2MkMqMEr6aynug host_fqdn_override: default: null hosts: default: percona-xtradb-haproxy path: /barbican port: mysql: default: 3306 scheme: mysql+pymysql oslo_messaging: auth: admin: password: eQdEYuZ4K_pw4sbwm7niL0390WGz-Wam secret: tls: internal: rabbitmq-tls-direct username: default_user_N188w3vRIoOYKErZc9t barbican: password: password username: barbican keystone: password: phlm98Jc97BXMcHwk7CJHo8ccDL64ReX user: password: eQdEYuZ4K_pw4sbwm7niL0390WGz-Wam username: default_user_N188w3vRIoOYKErZc9t host_fqdn_override: default: null hosts: default: rabbitmq-barbican path: /barbican port: amqp: default: 5672 http: default: 15672 scheme: rabbit helm-toolkit: global: {} helm3_hook: true images: local_registry: active: false exclude: - dep_check - image_repo_sync pull_policy: IfNotPresent tags: barbican_api: harbor.atmosphere.dev/ghcr.io/vexxhost/barbican:main@sha256:3833e3b2ae05207dbfccfa651c5b73fa1c97a2616a348c485ea869854e1b8a63 barbican_db_sync: harbor.atmosphere.dev/ghcr.io/vexxhost/barbican:main@sha256:3833e3b2ae05207dbfccfa651c5b73fa1c97a2616a348c485ea869854e1b8a63 bootstrap: harbor.atmosphere.dev/ghcr.io/vexxhost/heat:main@sha256:b6b60067c35bc9051179d5ae51a0a0a0a9a0d5f747cbf1ceb300c9340a764c37 db_drop: harbor.atmosphere.dev/ghcr.io/vexxhost/heat:main@sha256:b6b60067c35bc9051179d5ae51a0a0a0a9a0d5f747cbf1ceb300c9340a764c37 db_init: harbor.atmosphere.dev/ghcr.io/vexxhost/heat:main@sha256:b6b60067c35bc9051179d5ae51a0a0a0a9a0d5f747cbf1ceb300c9340a764c37 dep_check: harbor.atmosphere.dev/ghcr.io/vexxhost/kubernetes-entrypoint:edge@sha256:8921b64b87af184a1421dd856b2703bcf3cff9f50863cd0d18371cf964a87bd3 image_repo_sync: docker.io/docker:17.07.0 ks_endpoints: harbor.atmosphere.dev/ghcr.io/vexxhost/heat:main@sha256:b6b60067c35bc9051179d5ae51a0a0a0a9a0d5f747cbf1ceb300c9340a764c37 ks_service: harbor.atmosphere.dev/ghcr.io/vexxhost/heat:main@sha256:b6b60067c35bc9051179d5ae51a0a0a0a9a0d5f747cbf1ceb300c9340a764c37 ks_user: harbor.atmosphere.dev/ghcr.io/vexxhost/heat:main@sha256:b6b60067c35bc9051179d5ae51a0a0a0a9a0d5f747cbf1ceb300c9340a764c37 rabbit_init: harbor.atmosphere.dev/docker.io/library/rabbitmq:4.1.4-management scripted_test: docker.io/openstackhelm/heat:wallaby-ubuntu_focal labels: api: node_selector_key: openstack-control-plane node_selector_value: enabled job: node_selector_key: openstack-control-plane node_selector_value: enabled test: node_selector_key: openstack-control-plane node_selector_value: enabled manifests: certificates: false configmap_bin: true configmap_etc: true deployment_api: true ingress_api: false job_bootstrap: true job_db_drop: false job_db_init: true job_db_sync: true job_image_repo_sync: true job_ks_endpoints: true job_ks_service: true job_ks_user: true job_rabbit_init: true network_policy: false pdb_api: true pod_test: true secret_db: true secret_ingress_tls: true secret_keystone: true secret_rabbitmq: true secret_registry: true service_api: true service_ingress_api: false network: api: external_policy_local: false ingress: annotations: nginx.ingress.kubernetes.io/rewrite-target: / classes: cluster: nginx-cluster namespace: nginx public: true node_port: enabled: false port: 30486 network_policy: barbican: egress: - {} ingress: - {} pod: affinity: anti: topologyKey: default: kubernetes.io/hostname type: default: preferredDuringSchedulingIgnoredDuringExecution weight: default: 10 labels: include_app_kubernetes_io: false lifecycle: disruption_budget: api: min_available: 0 upgrades: deployments: pod_replacement_strategy: RollingUpdate revision_history: 3 rolling_update: max_surge: 3 max_unavailable: 1 mounts: barbican_api: barbican_api: volumeMounts: null volumes: null init_container: null barbican_bootstrap: barbican_bootstrap: volumeMounts: null volumes: null init_container: null barbican_db_sync: barbican_db_sync: volumeMounts: null volumes: null barbican_tests: barbican_tests: volumeMounts: null volumes: null init_container: null replicas: api: 1 resources: api: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi enabled: false jobs: bootstrap: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi db_drop: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi db_init: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi db_sync: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi image_repo_sync: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi ks_endpoints: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi ks_service: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi ks_user: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi rabbit_init: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi tests: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi security_context: barbican: container: barbican_api: allowPrivilegeEscalation: false readOnlyRootFilesystem: true pod: runAsUser: 42424 test: container: barbican_test: allowPrivilegeEscalation: false readOnlyRootFilesystem: true pod: runAsUser: 42424 tolerations: barbican: enabled: false tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Exists release_group: null secrets: identity: admin: barbican-keystone-admin barbican: barbican-keystone-user oci_image_registry: barbican: barbican-oci-image-registry oslo_db: admin: barbican-db-admin barbican: barbican-db-user oslo_messaging: admin: barbican-rabbitmq-admin barbican: barbican-rabbitmq-user tls: key_manager: api: internal: barbican-tls-internal public: barbican-tls-public tls: identity: false oslo_db: false oslo_messaging: false