| Mohammed Naser | fef6942 | 2023-01-18 02:38:06 +0000 | [diff] [blame] | 1 | # Copyright (c) 2023 VEXXHOST, Inc. |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 4 | # not use this file except in compliance with the License. You may obtain |
| 5 | # a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 12 | # License for the specific language governing permissions and limitations |
| 13 | # under the License. |
| 14 | |
| Mohammed Naser | 2145fc3 | 2023-01-29 23:23:03 +0000 | [diff] [blame] | 15 | _magnum_helm_values: |
| Mohammed Naser | fef6942 | 2023-01-18 02:38:06 +0000 | [diff] [blame] | 16 | endpoints: "{{ openstack_helm_endpoints }}" |
| 17 | images: |
| Michiel Piscaer | 60d09f9 | 2023-01-20 18:58:55 +0100 | [diff] [blame] | 18 | tags: "{{ atmosphere_images | vexxhost.atmosphere.openstack_helm_image_tags('magnum') }}" |
| Mohammed Naser | fef6942 | 2023-01-18 02:38:06 +0000 | [diff] [blame] | 19 | conf: |
| 20 | magnum: |
| 21 | DEFAULT: |
| 22 | log_config_append: null |
| 23 | barbican_client: |
| 24 | endpoint_type: internalURL |
| 25 | region_name: "{{ openstack_helm_endpoints_barbican_region_name }}" |
| 26 | cinder_client: |
| 27 | endpoint_type: internalURL |
| 28 | region_name: "{{ openstack_helm_endpoints_cinder_region_name }}" |
| 29 | cluster_template: |
| 30 | kubernetes_allowed_network_drivers: calico |
| 31 | kubernetes_default_network_driver: calico |
| 32 | conductor: |
| 33 | workers: 4 |
| 34 | drivers: |
| 35 | verify_ca: false |
| 36 | glance_client: |
| 37 | endpoint_type: internalURL |
| 38 | region_name: "{{ openstack_helm_endpoints_glance_region_name }}" |
| 39 | heat_client: |
| 40 | endpoint_type: internalURL |
| 41 | region_name: "{{ openstack_helm_endpoints_heat_region_name }}" |
| 42 | keystone_auth: |
| 43 | auth_url: http://keystone-api.openstack.svc.cluster.local:5000/v3 |
| 44 | user_domain_name: service |
| 45 | username: "magnum-{{ openstack_helm_endpoints_magnum_region_name }}" |
| 46 | password: "{{ openstack_helm_endpoints_magnum_keystone_password }}" |
| 47 | # NOTE(mnaser): Magnum does not allow changing the interface to internal |
| 48 | # so we workaround with this for now. |
| 49 | insecure: true |
| 50 | keystone_authtoken: |
| 51 | # NOTE(mnaser): Magnum does not allow changing the interface to internal |
| 52 | # so we workaround with this for now. |
| 53 | insecure: true |
| 54 | magnum_client: |
| 55 | endpoint_type: internalURL |
| 56 | region_name: "{{ openstack_helm_endpoints_magnum_region_name }}" |
| 57 | neutron_client: |
| 58 | endpoint_type: internalURL |
| 59 | region_name: "{{ openstack_helm_endpoints_neutron_region_name }}" |
| 60 | nova_client: |
| 61 | endpoint_type: internalURL |
| 62 | region_name: "{{ openstack_helm_endpoints_nova_region_name }}" |
| 63 | octavia_client: |
| 64 | endpoint_type: internalURL |
| 65 | region_name: "{{ openstack_helm_endpoints_octavia_region_name }}" |
| 66 | pod: |
| 67 | replicas: |
| 68 | api: 3 |
| 69 | conductor: 3 |
| 70 | manifests: |
| 71 | ingress_api: false |
| 72 | service_ingress_api: false |
| Mohammed Naser | 756b717 | 2023-02-03 04:01:53 +0000 | [diff] [blame] | 73 | |
| 74 | _magnum_registry_ingress_annotations: |
| 75 | # NOTE(mnaser): We only want to allow GET/HEAD requests to the registry |
| 76 | # to make sure it's read-only. |
| 77 | nginx.ingress.kubernetes.io/configuration-snippet: | |
| 78 | if ($request_method !~* "^(GET|HEAD)$") { |
| 79 | return 403; |
| 80 | } |