Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / bab75aa204d9b09fb52039fd96e61b30ed413332 / . / roles / magnum / vars / main.yml
blob: 8bc7fa30e022c8df39718ca7852529531faf595a [file] [log] [blame]
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]1# Copyright (c) 2023 VEXXHOST, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Mohammed Naser2145fc32023-01-29 23:23:03 +0000[diff] [blame]15_magnum_helm_values:
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]16 endpoints: "{{ openstack_helm_endpoints }}"
17 images:
Michiel Piscaer60d09f92023-01-20 18:58:55 +0100[diff] [blame]18 tags: "{{ atmosphere_images | vexxhost.atmosphere.openstack_helm_image_tags('magnum') }}"
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]19 conf:
20 magnum:
21 DEFAULT:
22 log_config_append: null
Mohammed Naser200bb662023-10-04 21:31:45 -0400[diff] [blame]23 api:
24 workers: 4
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]25 barbican_client:
26 endpoint_type: internalURL
27 region_name: "{{ openstack_helm_endpoints_barbican_region_name }}"
28 cinder_client:
29 endpoint_type: internalURL
30 region_name: "{{ openstack_helm_endpoints_cinder_region_name }}"
31 cluster_template:
32 kubernetes_allowed_network_drivers: calico
33 kubernetes_default_network_driver: calico
34 conductor:
35 workers: 4
36 drivers:
37 verify_ca: false
38 glance_client:
39 endpoint_type: internalURL
40 region_name: "{{ openstack_helm_endpoints_glance_region_name }}"
41 heat_client:
42 endpoint_type: internalURL
43 region_name: "{{ openstack_helm_endpoints_heat_region_name }}"
44 keystone_auth:
45 auth_url: http://keystone-api.openstack.svc.cluster.local:5000/v3
46 user_domain_name: service
47 username: "magnum-{{ openstack_helm_endpoints_magnum_region_name }}"
48 password: "{{ openstack_helm_endpoints_magnum_keystone_password }}"
49 # NOTE(mnaser): Magnum does not allow changing the interface to internal
50 # so we workaround with this for now.
51 insecure: true
52 keystone_authtoken:
53 # NOTE(mnaser): Magnum does not allow changing the interface to internal
54 # so we workaround with this for now.
55 insecure: true
56 magnum_client:
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]57 region_name: "{{ openstack_helm_endpoints_magnum_region_name }}"
okozachenko120365556a02023-06-02 02:32:46 +1000[diff] [blame]58 manila_client:
59 endpoint_type: internalURL
60 region_name: "{{ openstack_helm_endpoints_manila_region_name }}"
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]61 neutron_client:
62 endpoint_type: internalURL
63 region_name: "{{ openstack_helm_endpoints_neutron_region_name }}"
64 nova_client:
65 endpoint_type: internalURL
66 region_name: "{{ openstack_helm_endpoints_nova_region_name }}"
67 octavia_client:
68 endpoint_type: internalURL
69 region_name: "{{ openstack_helm_endpoints_octavia_region_name }}"
70 pod:
71 replicas:
72 api: 3
73 conductor: 3
74 manifests:
75 ingress_api: false
76 service_ingress_api: false
Mohammed Naser756b7172023-02-03 04:01:53 +0000[diff] [blame]77
78_magnum_registry_ingress_annotations:
79 # NOTE(mnaser): We only want to allow GET/HEAD requests to the registry
80 # to make sure it's read-only.
81 nginx.ingress.kubernetes.io/configuration-snippet: |
82 if ($request_method !~* "^(GET|HEAD)$") {
83 return 403;
84 }