roles/keystone/vars/main.yml - atmosphere - Gitiles

 # Copyright (c) 2022 VEXXHOST, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.

 _keystone_helm_values:
   endpoints: "{{ openstack_helm_endpoints }}"
   images:
     tags: "{{ atmosphere_images | vexxhost.atmosphere.openstack_helm_image_tags('keystone') }}"
   pod:
     #     mounts = {
     #       keystone_api = {
     #         keystone_api = {
     #           volumeMounts = [
     #             {
     #               name      = kubernetes_config_map.keystone_ldap_ca.metadata[0].name
     #               mountPath = "/etc/keystone/ldap"
     #             },
     #             {
     #               name      = kubernetes_config_map.keystone_openid_connect_metadata.metadata[0].name
     #               mountPath = "/var/lib/apache2/oidc"
     #             }
     #           ],
     #           volumes = [
     #             {
     #               name = kubernetes_config_map.keystone_ldap_ca.metadata[0].name
     #               configMap = {
     #                 name = kubernetes_config_map.keystone_ldap_ca.metadata[0].name
     #               }
     #             },
     #             {
     #               name = kubernetes_config_map.keystone_openid_connect_metadata.metadata[0].name
     #               configMap = {
     #                 name = kubernetes_config_map.keystone_openid_connect_metadata.metadata[0].name
     #               }
     #             }
     #           ]
     #         }
     #       }
     #     },
     replicas:
       api: 3
   conf:
     keystone:
       DEFAULT:
         log_config_append: null
       auth:
         methods: password,token,openid,application_credential
       cors:
         allowed_origins: "*"
       federation:
         assertion_prefix: OIDC-
         remote_id_attribute: OIDC-iss
         # TODO(mnaser): Lookup using openstack_helm_endpoints
         trusted_dashboard: "https://{{ openstack_helm_endpoints_horizon_api_host }}/auth/websso/"
       identity:
         domain_configurations_from_database: true
       oslo_messaging_notifications:
         driver: noop
   manifests:
     job_credential_cleanup: false
     ingress_api: false
     service_ingress_api: false
	# Copyright (c) 2022 VEXXHOST, Inc.
	#
	# Licensed under the Apache License, Version 2.0 (the "License"); you may
	# not use this file except in compliance with the License. You may obtain
	# a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	# License for the specific language governing permissions and limitations
	# under the License.

	_keystone_helm_values:
	endpoints: "{{ openstack_helm_endpoints }}"
	images:
	tags: "{{ atmosphere_images \| vexxhost.atmosphere.openstack_helm_image_tags('keystone') }}"
	pod:
	# mounts = {
	# keystone_api = {
	# keystone_api = {
	# volumeMounts = [
	# {
	# name = kubernetes_config_map.keystone_ldap_ca.metadata[0].name
	# mountPath = "/etc/keystone/ldap"
	# },
	# {
	# name = kubernetes_config_map.keystone_openid_connect_metadata.metadata[0].name
	# mountPath = "/var/lib/apache2/oidc"
	# }
	# ],
	# volumes = [
	# {
	# name = kubernetes_config_map.keystone_ldap_ca.metadata[0].name
	# configMap = {
	# name = kubernetes_config_map.keystone_ldap_ca.metadata[0].name
	# }
	# },
	# {
	# name = kubernetes_config_map.keystone_openid_connect_metadata.metadata[0].name
	# configMap = {
	# name = kubernetes_config_map.keystone_openid_connect_metadata.metadata[0].name
	# }
	# }
	# ]
	# }
	# }
	# },
	replicas:
	api: 3
	conf:
	keystone:
	DEFAULT:
	log_config_append: null
	auth:
	methods: password,token,openid,application_credential
	cors:
	allowed_origins: "*"
	federation:
	assertion_prefix: OIDC-
	remote_id_attribute: OIDC-iss
	# TODO(mnaser): Lookup using openstack_helm_endpoints
	trusted_dashboard: "https://{{ openstack_helm_endpoints_horizon_api_host }}/auth/websso/"
	identity:
	domain_configurations_from_database: true
	oslo_messaging_notifications:
	driver: noop
	manifests:
	job_credential_cleanup: false
	ingress_api: false
	service_ingress_api: false