roles/horizon/vars/main.yml - atmosphere - Gitiles

 # Copyright (c) 2022 VEXXHOST, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.

 _horizon_helm_values:
   endpoints: "{{ openstack_helm_endpoints }}"
   images:
     tags: "{{ atmosphere_images | vexxhost.atmosphere.openstack_helm_image_tags('horizon') }}"
   pod:
     security_context:
       horizon:
         pod:
           fsGroup: 42424
       db_sync:
         pod:
           fsGroup: 42424
       tests:
         pod:
           fsGroup: 42424
     replicas:
       server: 3
   conf:
     horizon:
       local_settings:
         config:
           disallow_iframe_embed: "True"
           allowed_hosts:
             - "{{ openstack_helm_endpoints_horizon_api_host }}"
           secure_proxy_ssl_header: "True"
           horizon_images_upload_mode: direct
           openstack_enable_password_retrieve: "True"
           auth:
             sso:
               enabled: true
               initial_choice: "{{ (keystone_domains is defined) | ternary(keystone_domains[0].name, 'atmosphere') }}"
             idp_mapping: "{{ keystone_domains | default([{'name': (keystone_keycloak_realm | default('atmosphere')), 'label': (keystone_keycloak_realm_name | default('Atmosphere'))}]) | vexxhost.atmosphere.keystone_domains_to_idp_mappings }}" # noqa: yaml[line-length]
           raw:
             OPENSTACK_SSL_NO_VERIFY: "{{ ((cluster_issuer_type | default('self-signed')) == 'self-signed') | ternary('True', 'False') | string }}"
             WEBSSO_KEYSTONE_URL: https://{{ openstack_helm_endpoints['identity']['host_fqdn_override']['public']['host'] }}/v3
             # yamllint disable-line rule:line-length
             LOGOUT_URL: https://{{ openstack_helm_endpoints['identity']['host_fqdn_override']['public']['host'] }}/v3/auth/OS-FEDERATION/identity_providers/redirect?logout=https://{{ openstack_helm_endpoints_horizon_api_host }}/auth/logout/
           openstack_cinder_features:
             enable_backup: "{{ cinder_helm_values.manifests.deployment_backup | default(True) | ternary('True', 'False') | string }}"
       extra_panels:
         - designatedashboard
         - heat_dashboard
         - ironic_ui
         - magnum_ui
         - manila_ui
         - monitoring
         - neutron_vpnaas_dashboard
         - octavia_dashboard
   manifests:
     ingress_api: false
     service_ingress_api: false

 _horizon_ingress_annotations:
   nginx.ingress.kubernetes.io/proxy-body-size: "5000m"
   nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
   nginx.ingress.kubernetes.io/enable-cors: "true"
   nginx.ingress.kubernetes.io/cors-allow-origin: "{{ openstack_helm_endpoints_horizon_api_host }}"
	# Copyright (c) 2022 VEXXHOST, Inc.
	#
	# Licensed under the Apache License, Version 2.0 (the "License"); you may
	# not use this file except in compliance with the License. You may obtain
	# a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	# License for the specific language governing permissions and limitations
	# under the License.

	_horizon_helm_values:
	endpoints: "{{ openstack_helm_endpoints }}"
	images:
	tags: "{{ atmosphere_images \| vexxhost.atmosphere.openstack_helm_image_tags('horizon') }}"
	pod:
	security_context:
	horizon:
	pod:
	fsGroup: 42424
	db_sync:
	pod:
	fsGroup: 42424
	tests:
	pod:
	fsGroup: 42424
	replicas:
	server: 3
	conf:
	horizon:
	local_settings:
	config:
	disallow_iframe_embed: "True"
	allowed_hosts:
	- "{{ openstack_helm_endpoints_horizon_api_host }}"
	secure_proxy_ssl_header: "True"
	horizon_images_upload_mode: direct
	openstack_enable_password_retrieve: "True"
	auth:
	sso:
	enabled: true
	initial_choice: "{{ (keystone_domains is defined) \| ternary(keystone_domains[0].name, 'atmosphere') }}"
	idp_mapping: "{{ keystone_domains \| default([{'name': (keystone_keycloak_realm \| default('atmosphere')), 'label': (keystone_keycloak_realm_name \| default('Atmosphere'))}]) \| vexxhost.atmosphere.keystone_domains_to_idp_mappings }}" # noqa: yaml[line-length]
	raw:
	OPENSTACK_SSL_NO_VERIFY: "{{ ((cluster_issuer_type \| default('self-signed')) == 'self-signed') \| ternary('True', 'False') \| string }}"
	WEBSSO_KEYSTONE_URL: https://{{ openstack_helm_endpoints['identity']['host_fqdn_override']['public']['host'] }}/v3
	# yamllint disable-line rule:line-length
	LOGOUT_URL: https://{{ openstack_helm_endpoints['identity']['host_fqdn_override']['public']['host'] }}/v3/auth/OS-FEDERATION/identity_providers/redirect?logout=https://{{ openstack_helm_endpoints_horizon_api_host }}/auth/logout/
	openstack_cinder_features:
	enable_backup: "{{ cinder_helm_values.manifests.deployment_backup \| default(True) \| ternary('True', 'False') \| string }}"
	extra_panels:
	- designatedashboard
	- heat_dashboard
	- ironic_ui
	- magnum_ui
	- manila_ui
	- monitoring
	- neutron_vpnaas_dashboard
	- octavia_dashboard
	manifests:
	ingress_api: false
	service_ingress_api: false

	_horizon_ingress_annotations:
	nginx.ingress.kubernetes.io/proxy-body-size: "5000m"
	nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
	nginx.ingress.kubernetes.io/enable-cors: "true"
	nginx.ingress.kubernetes.io/cors-allow-origin: "{{ openstack_helm_endpoints_horizon_api_host }}"