Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 9ac939330bc923396c4f780094f3253c4ecaaffa / . / roles / magnum / vars / main.yml
blob: 0bf74cae243983bf056c28a9d2a45282d837440f [file] [log] [blame]
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]1# Copyright (c) 2023 VEXXHOST, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Mohammed Naser2145fc32023-01-29 23:23:03 +0000[diff] [blame]15_magnum_helm_values:
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]16 endpoints: "{{ openstack_helm_endpoints }}"
17 images:
Michiel Piscaer60d09f92023-01-20 18:58:55 +0100[diff] [blame]18 tags: "{{ atmosphere_images | vexxhost.atmosphere.openstack_helm_image_tags('magnum') }}"
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]19 conf:
20 magnum:
21 DEFAULT:
22 log_config_append: null
23 barbican_client:
24 endpoint_type: internalURL
25 region_name: "{{ openstack_helm_endpoints_barbican_region_name }}"
26 cinder_client:
27 endpoint_type: internalURL
28 region_name: "{{ openstack_helm_endpoints_cinder_region_name }}"
29 cluster_template:
30 kubernetes_allowed_network_drivers: calico
31 kubernetes_default_network_driver: calico
32 conductor:
33 workers: 4
34 drivers:
35 verify_ca: false
36 glance_client:
37 endpoint_type: internalURL
38 region_name: "{{ openstack_helm_endpoints_glance_region_name }}"
39 heat_client:
40 endpoint_type: internalURL
41 region_name: "{{ openstack_helm_endpoints_heat_region_name }}"
42 keystone_auth:
43 auth_url: http://keystone-api.openstack.svc.cluster.local:5000/v3
44 user_domain_name: service
45 username: "magnum-{{ openstack_helm_endpoints_magnum_region_name }}"
46 password: "{{ openstack_helm_endpoints_magnum_keystone_password }}"
47 # NOTE(mnaser): Magnum does not allow changing the interface to internal
48 # so we workaround with this for now.
49 insecure: true
50 keystone_authtoken:
51 # NOTE(mnaser): Magnum does not allow changing the interface to internal
52 # so we workaround with this for now.
53 insecure: true
Oleksandr Kozachenko72f64dc2023-05-12 16:54:10 +0200[diff] [blame]54 # NOTE(okozachenko1203): We can remove it once the following is merged:
55 # https://review.opendev.org/883066
56 service_type: container-infra
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]57 magnum_client:
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]58 region_name: "{{ openstack_helm_endpoints_magnum_region_name }}"
okozachenko120365556a02023-06-02 02:32:46 +1000[diff] [blame]59 manila_client:
60 endpoint_type: internalURL
61 region_name: "{{ openstack_helm_endpoints_manila_region_name }}"
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]62 neutron_client:
63 endpoint_type: internalURL
64 region_name: "{{ openstack_helm_endpoints_neutron_region_name }}"
65 nova_client:
66 endpoint_type: internalURL
67 region_name: "{{ openstack_helm_endpoints_nova_region_name }}"
68 octavia_client:
69 endpoint_type: internalURL
70 region_name: "{{ openstack_helm_endpoints_octavia_region_name }}"
71 pod:
72 replicas:
73 api: 3
74 conductor: 3
75 manifests:
76 ingress_api: false
77 service_ingress_api: false
Mohammed Naser756b7172023-02-03 04:01:53 +0000[diff] [blame]78
79_magnum_registry_ingress_annotations:
80 # NOTE(mnaser): We only want to allow GET/HEAD requests to the registry
81 # to make sure it's read-only.
82 nginx.ingress.kubernetes.io/configuration-snippet: |
83 if ($request_method !~* "^(GET|HEAD)$") {
84 return 403;
85 }