Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 651b90486057b9322cce0362a7a036521289deef / . / roles / magnum / vars / main.yml
blob: eeee43164c56b9c38d10585a1aaa3630a2104fb6 [file] [log] [blame]
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]1# Copyright (c) 2023 VEXXHOST, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Mohammed Naser2145fc32023-01-29 23:23:03 +0000[diff] [blame]15_magnum_helm_values:
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]16 endpoints: "{{ openstack_helm_endpoints }}"
17 images:
Michiel Piscaer60d09f92023-01-20 18:58:55 +0100[diff] [blame]18 tags: "{{ atmosphere_images | vexxhost.atmosphere.openstack_helm_image_tags('magnum') }}"
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]19 conf:
20 magnum:
21 DEFAULT:
22 log_config_append: null
Mohammed Naser200bb662023-10-04 21:31:45 -0400[diff] [blame]23 api:
24 workers: 4
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]25 barbican_client:
26 endpoint_type: internalURL
27 region_name: "{{ openstack_helm_endpoints_barbican_region_name }}"
28 cinder_client:
29 endpoint_type: internalURL
30 region_name: "{{ openstack_helm_endpoints_cinder_region_name }}"
31 cluster_template:
32 kubernetes_allowed_network_drivers: calico
33 kubernetes_default_network_driver: calico
34 conductor:
35 workers: 4
Mohammed Naserc6e431b2024-03-15 01:21:44 -0400[diff] [blame]36 database:
37 connection_recycle_time: 10
38 max_pool_size: 1
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]39 drivers:
40 verify_ca: false
41 glance_client:
42 endpoint_type: internalURL
43 region_name: "{{ openstack_helm_endpoints_glance_region_name }}"
44 heat_client:
45 endpoint_type: internalURL
46 region_name: "{{ openstack_helm_endpoints_heat_region_name }}"
47 keystone_auth:
48 auth_url: http://keystone-api.openstack.svc.cluster.local:5000/v3
49 user_domain_name: service
50 username: "magnum-{{ openstack_helm_endpoints_magnum_region_name }}"
51 password: "{{ openstack_helm_endpoints_magnum_keystone_password }}"
52 # NOTE(mnaser): Magnum does not allow changing the interface to internal
53 # so we workaround with this for now.
54 insecure: true
55 keystone_authtoken:
56 # NOTE(mnaser): Magnum does not allow changing the interface to internal
57 # so we workaround with this for now.
58 insecure: true
59 magnum_client:
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]60 region_name: "{{ openstack_helm_endpoints_magnum_region_name }}"
okozachenko120365556a02023-06-02 02:32:46 +1000[diff] [blame]61 manila_client:
62 endpoint_type: internalURL
63 region_name: "{{ openstack_helm_endpoints_manila_region_name }}"
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]64 neutron_client:
65 endpoint_type: internalURL
66 region_name: "{{ openstack_helm_endpoints_neutron_region_name }}"
67 nova_client:
68 endpoint_type: internalURL
69 region_name: "{{ openstack_helm_endpoints_nova_region_name }}"
70 octavia_client:
71 endpoint_type: internalURL
72 region_name: "{{ openstack_helm_endpoints_octavia_region_name }}"
73 pod:
74 replicas:
75 api: 3
76 conductor: 3
77 manifests:
78 ingress_api: false
79 service_ingress_api: false
Mohammed Naser756b7172023-02-03 04:01:53 +0000[diff] [blame]80
81_magnum_registry_ingress_annotations:
82 # NOTE(mnaser): We only want to allow GET/HEAD requests to the registry
83 # to make sure it's read-only.
84 nginx.ingress.kubernetes.io/configuration-snippet: |
85 if ($request_method !~* "^(GET|HEAD)$") {
86 return 403;
87 }