Blame - charts/placement/values_overrides/tls.yaml - atmosphere

blob: 514b66091e31119da7f24b95d6ecffcd3a339901 [file] [log] [blame]

Mohammed Naser	55ff445	2023-11-28 22:34:47 -0500	[diff] [blame]	1	---
				2	network:
				3	api:
				4	ingress:
				5	annotations:
				6	nginx.ingress.kubernetes.io/backend-protocol: "https"
				7	conf:
				8	software:
				9	apache2:
				10	a2enmod:
				11	- ssl
				12	placement:
				13	keystone_authtoken:
				14	cafile: /etc/placement/certs/ca.crt
				15	wsgi_placement: \|
				16	Listen 0.0.0.0:{{ tuple "placement" "service" "api" . \| include "helm-toolkit.endpoints.endpoint_port_lookup" }}
				17	LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
				18	LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
				19	SetEnvIf X-Forwarded-For "^.\..\..\.." forwarded
				20	CustomLog /dev/stdout combined env=!forwarded
				21	CustomLog /dev/stdout proxy env=forwarded
				22	<VirtualHost *:{{ tuple "placement" "service" "api" . \| include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
				23	ServerName {{ printf "%s.%s.svc.%s" "placement-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
				24	WSGIDaemonProcess placement-api processes=4 threads=1 user=placement group=placement display-name=%{GROUP}
				25	WSGIProcessGroup placement-api
				26	WSGIScriptAlias / /var/www/cgi-bin/placement/placement-api
				27	WSGIApplicationGroup %{GLOBAL}
				28	WSGIPassAuthorization On
				29	<IfVersion >= 2.4>
				30	ErrorLogFormat "%{cu}t %M"
				31	</IfVersion>
				32	ErrorLog /dev/stdout
				33	SetEnvIf X-Forwarded-For "^.\..\..\.." forwarded
				34	CustomLog /dev/stdout combined env=!forwarded
				35	CustomLog /dev/stdout proxy env=forwarded
				36
				37	SSLEngine on
				38	SSLCertificateFile /etc/placement/certs/tls.crt
				39	SSLCertificateKeyFile /etc/placement/certs/tls.key
				40	SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
				41	SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
				42	SSLHonorCipherOrder on
				43	</VirtualHost>
				44	Alias /placement /var/www/cgi-bin/placement/placement-api
				45	<Location /placement>
				46	SetHandler wsgi-script
				47	Options +ExecCGI
				48	WSGIProcessGroup placement-api
				49	WSGIApplicationGroup %{GLOBAL}
				50	WSGIPassAuthorization On
				51	</Location>
				52	endpoints:
				53	identity:
				54	auth:
				55	admin:
				56	cacert: /etc/ssl/certs/openstack-helm.crt
				57	placement:
				58	cacert: /etc/ssl/certs/openstack-helm.crt
				59	scheme:
				60	default: https
				61	port:
				62	api:
				63	default: 443
				64	placement:
				65	host_fqdn_override:
				66	default:
				67	tls:
				68	secretName: placement-tls-api
				69	issuerRef:
				70	name: ca-issuer
				71	kind: ClusterIssuer
				72	scheme:
				73	default: https
				74	service: https
				75	port:
				76	api:
				77	public: 443
				78	manifests:
				79	certificates: true
				80	...