Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / b45baa37c70e2ede08cdaef331203684b9ae98e9 / . / roles / magnum / vars / main.yml
blob: ab8620c6fdef18c6663d7a701f58e476993f7841 [file] [log] [blame]
# Copyright (c) 2023 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
_magnum_helm_values:
endpoints: "{{ openstack_helm_endpoints }}"
images:
tags: "{{ atmosphere_images | vexxhost.atmosphere.openstack_helm_image_tags('magnum') }}"
conf:
magnum:
DEFAULT:
log_config_append: null
api:
workers: 4
barbican_client:
endpoint_type: internalURL
region_name: "{{ openstack_helm_endpoints_barbican_region_name }}"
capi_client:
ca_file: /etc/ssl/certs/ca-certificates.crt
cinder_client:
endpoint_type: internalURL
region_name: "{{ openstack_helm_endpoints_cinder_region_name }}"
cluster_template:
kubernetes_allowed_network_drivers: calico
kubernetes_default_network_driver: calico
conductor:
workers: 4
database:
connection_recycle_time: 600
max_overflow: 50
max_pool_size: 5
pool_timeout: 30
drivers:
verify_ca: false
glance_client:
endpoint_type: internalURL
region_name: "{{ openstack_helm_endpoints_glance_region_name }}"
heat_client:
endpoint_type: internalURL
region_name: "{{ openstack_helm_endpoints_heat_region_name }}"
keystone_auth:
auth_url: http://keystone-api.openstack.svc.cluster.local:5000/v3
user_domain_name: service
username: "magnum-{{ openstack_helm_endpoints_magnum_region_name }}"
password: "{{ openstack_helm_endpoints_magnum_keystone_password }}"
# NOTE(mnaser): Magnum does not allow changing the interface to internal
# so we workaround with this for now.
insecure: true
keystone_authtoken:
# NOTE(mnaser): Magnum does not allow changing the interface to internal
# so we workaround with this for now.
insecure: true
magnum_client:
region_name: "{{ openstack_helm_endpoints_magnum_region_name }}"
manila_client:
endpoint_type: internalURL
region_name: "{{ openstack_helm_endpoints_manila_region_name }}"
neutron_client:
endpoint_type: internalURL
region_name: "{{ openstack_helm_endpoints_neutron_region_name }}"
nova_client:
api_version: 2.15
endpoint_type: internalURL
region_name: "{{ openstack_helm_endpoints_nova_region_name }}"
octavia_client:
endpoint_type: internalURL
region_name: "{{ openstack_helm_endpoints_octavia_region_name }}"
pod:
replicas:
api: 3
conductor: 3
mounts:
magnum_conductor:
magnum_conductor:
volumeMounts:
- name: ca-certificates
mountPath: /etc/ssl/certs/ca-certificates.crt
readOnly: true
volumes:
- name: ca-certificates
hostPath:
path: "{{ defaults_ca_certificates_path }}"
manifests:
ingress_api: false
service_ingress_api: false
_magnum_registry_ingress_annotations:
# NOTE(mnaser): We only want to allow GET/HEAD requests to the registry
# to make sure it's read-only.
nginx.ingress.kubernetes.io/configuration-snippet: |
if ($request_method !~* "^(GET|HEAD)$") {
return 403;
}
_magnum_images:
- name: ubuntu-2204-kube-v1.29.6
url: https://static.atmosphere.dev/artifacts/magnum-cluster-api/ubuntu-jammy-kubernetes-1-29-6-1720107687.qcow2
distro: ubuntu
- name: ubuntu-2204-kube-v1.30.2
url: https://static.atmosphere.dev/artifacts/magnum-cluster-api/ubuntu-jammy-kubernetes-1-30-2-1720107688.qcow2
distro: ubuntu
- name: ubuntu-2204-kube-v1.31.1
url: https://static.atmosphere.dev/artifacts/magnum-cluster-api/ubuntu-jammy-kubernetes-1-31-1-1728920853.qcow2
distro: ubuntu