Merge "Drive apache proxy configuration via values templates"

2018-07-30 16:27:25 +00:00 · 2018-07-30 16:27:25 +00:00 · 2dd762cd8b
commit 2dd762cd8b
parent a911bb0a3f 4f78e1f6fc
18 changed files with 303 additions and 748 deletions
--- a/elasticsearch/templates/bin/_apache.sh.tpl
+++ b/elasticsearch/templates/bin/_apache.sh.tpl
@ -30,9 +30,9 @@ function start () {
  rm -f /etc/httpd/logs/httpd.pid
  if [ -f /usr/local/apache2/conf/.htpasswd ]; then
-    htpasswd -b /usr/local/apache2/conf/.htpasswd $ELASTICSEARCH_USERNAME $ELASTICSEARCH_PASSWORD
+    htpasswd -b /usr/local/apache2/conf/.htpasswd "$ELASTICSEARCH_USERNAME" "$ELASTICSEARCH_PASSWORD"
  else
-    htpasswd -cb /usr/local/apache2/conf/.htpasswd $ELASTICSEARCH_USERNAME $ELASTICSEARCH_PASSWORD
+    htpasswd -cb /usr/local/apache2/conf/.htpasswd "$ELASTICSEARCH_USERNAME" "$ELASTICSEARCH_PASSWORD"
  fi
  #Launch Apache on Foreground
--- a/elasticsearch/templates/configmap-etc.yaml
+++ b/elasticsearch/templates/configmap-etc.yaml
@ -27,10 +27,6 @@ kind: ConfigMap
 metadata:
  name: elasticsearch-etc
 data:
  httpd.conf: |
 {{- tuple .Values.conf.apache.httpd "etc/_httpd.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
  elasticsearch-host.conf: |
 {{- tuple .Values.conf.apache.host "etc/_elasticsearch-host.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
  elasticsearch.yml: |
 {{ toYaml .Values.conf.elasticsearch.config | indent 4 }}
  log4j2.properties: |
@ -39,4 +35,6 @@ data:
 {{ toYaml .Values.conf.curator.action_file | indent 4 }}
  config.yml: |
 {{ toYaml .Values.conf.curator.config | indent 4 }}
 #NOTE(portdirect): this must be last, to work round helm ~2.7 bug.
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.httpd "key" "httpd.conf") | indent 2 }}
 {{- end }}
--- a/elasticsearch/templates/deployment-client.yaml
+++ b/elasticsearch/templates/deployment-client.yaml
@ -128,8 +128,6 @@ spec:
            initialDelaySeconds: 20
            periodSeconds: 10
          env:
            - name: ELASTICSEARCH_PORT
              value: {{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
            - name: ELASTICSEARCH_USERNAME
              valueFrom:
                secretKeyRef:
@ -140,18 +138,6 @@ spec:
                secretKeyRef:
                  name: {{ $esUserSecret }}
                  key: ELASTICSEARCH_PASSWORD
            - name: LDAP_URL
              value: {{ tuple "ldap" "default" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
            - name: BIND_DN
              valueFrom:
                secretKeyRef:
                  name: {{ $esUserSecret }}
                  key: BIND_DN
            - name: BIND_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ $esUserSecret }}
                  key: BIND_PASSWORD
          volumeMounts:
            - name: elasticsearch-bin
              mountPath: /tmp/apache.sh
@ -161,12 +147,6 @@ spec:
              mountPath: /usr/local/apache2/conf/httpd.conf
              subPath: httpd.conf
              readOnly: true
            - name: pod-etc-apache
              mountPath: /usr/local/apache2/conf/sites-enabled
            - name: elasticsearch-etc
              mountPath: /usr/local/apache2/conf/sites-enabled/elasticsearch-host.conf
              subPath: elasticsearch-host.conf
              readOnly: true
        - name: elasticsearch-client
 {{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.client | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
--- a/elasticsearch/templates/etc/_elasticsearch-host.conf.tpl
+++ b/elasticsearch/templates/etc/_elasticsearch-host.conf.tpl
@ -1,34 +0,0 @@
 {{/*
 Copyright 2017 The Openstack-Helm Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
   http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 <VirtualHost *:80>
  ProxyRequests On
  ProxyPreserveHost On
  <Location />
      ProxyPass http://localhost:${ELASTICSEARCH_PORT}/
      ProxyPassReverse http://localhost:${ELASTICSEARCH_PORT}/
  </Location>
  <Proxy *>
      AuthName "Elasticsearch"
      AuthType Basic
      AuthBasicProvider file ldap
      AuthUserFile /usr/local/apache2/conf/.htpasswd
      AuthLDAPBindDN ${BIND_DN}
      AuthLDAPBindPassword ${BIND_PASSWORD}
      AuthLDAPURL ${LDAP_URL}
      Require valid-user
  </Proxy>
 </VirtualHost>
--- a/elasticsearch/templates/etc/_httpd.conf.tpl
+++ b/elasticsearch/templates/etc/_httpd.conf.tpl
@ -1,189 +0,0 @@
 #
 # This is the main Apache HTTP server configuration file.  It contains the
 # configuration directives that give the server its instructions.
 # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
 # In particular, see
 # <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
 # for a discussion of each configuration directive.
 #
 # Do NOT simply read the instructions in here without understanding
 # what they do.  They're here only as hints or reminders.  If you are unsure
 # consult the online docs. You have been warned.
 #
 # Configuration and logfile names: If the filenames you specify for many
 # of the server's control files begin with "/" (or "drive:/" for Win32), the
 # server will use that explicit path.  If the filenames do *not* begin
 # with "/", the value of ServerRoot is prepended -- so "logs/access_log"
 # with ServerRoot set to "/usr/local/apache2" will be interpreted by the
 # server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
 # will be interpreted as '/logs/access_log'.
 ServerRoot "/usr/local/apache2"
 #
 # Listen: Allows you to bind Apache to specific IP addresses and/or
 # ports, instead of the default. See also the <VirtualHost>
 # directive.
 #
 # Change this to Listen on specific IP addresses as shown below to
 # prevent Apache from glomming onto all bound IP addresses.
 #
 #Listen 12.34.56.78:80
 Listen 80
 #
 # Dynamic Shared Object (DSO) Support
 #
 # To be able to use the functionality of a module which was built as a DSO you
 # have to place corresponding `LoadModule' lines at this location so the
 # directives contained in it are actually available _before_ they are used.
 # Statically compiled modules (those listed by `httpd -l') do not need
 # to be loaded here.
 #
 # Example:
 # LoadModule foo_module modules/mod_foo.so
 #
 LoadModule mpm_event_module modules/mod_mpm_event.so
 LoadModule authn_file_module modules/mod_authn_file.so
 LoadModule authn_core_module modules/mod_authn_core.so
 LoadModule authz_host_module modules/mod_authz_host.so
 LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
 LoadModule authz_user_module modules/mod_authz_user.so
 LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule access_compat_module modules/mod_access_compat.so
 LoadModule auth_basic_module modules/mod_auth_basic.so
 LoadModule ldap_module modules/mod_ldap.so
 LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
 LoadModule reqtimeout_module modules/mod_reqtimeout.so
 LoadModule filter_module modules/mod_filter.so
 LoadModule proxy_html_module modules/mod_proxy_html.so
 LoadModule log_config_module modules/mod_log_config.so
 LoadModule env_module modules/mod_env.so
 LoadModule headers_module modules/mod_headers.so
 LoadModule setenvif_module modules/mod_setenvif.so
 LoadModule version_module modules/mod_version.so
 LoadModule proxy_module modules/mod_proxy.so
 LoadModule proxy_connect_module modules/mod_proxy_connect.so
 LoadModule proxy_http_module modules/mod_proxy_http.so
 LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
 LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
 LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
 LoadModule unixd_module modules/mod_unixd.so
 LoadModule status_module modules/mod_status.so
 LoadModule autoindex_module modules/mod_autoindex.so
 <IfModule unixd_module>
 #
 # If you wish httpd to run as a different user or group, you must run
 # httpd as root initially and it will switch.
 #
 # User/Group: The name (or #number) of the user/group to run httpd as.
 # It is usually good practice to create a dedicated user and group for
 # running httpd, as with most system services.
 #
 User daemon
 Group daemon
 </IfModule>
 # 'Main' server configuration
 #
 # The directives in this section set up the values used by the 'main'
 # server, which responds to any requests that aren't handled by a
 # <VirtualHost> definition.  These values also provide defaults for
 # any <VirtualHost> containers you may define later in the file.
 #
 # All of these directives may appear inside <VirtualHost> containers,
 # in which case these default settings will be overridden for the
 # virtual host being defined.
 #
 #
 # Deny access to the entirety of your server's filesystem. You must
 # explicitly permit access to web content directories in other
 # <Directory> blocks below.
 #
 <Directory />
    AllowOverride none
    Require all denied
 </Directory>
 #
 # The following lines prevent .htaccess and .htpasswd files from being
 # viewed by Web clients.
 #
 <Files ".ht*">
    Require all denied
 </Files>
 #
 # ErrorLog: The location of the error log file.
 # If you do not specify an ErrorLog directive within a <VirtualHost>
 # container, error messages relating to that virtual host will be
 # logged here.  If you *do* define an error logfile for a <VirtualHost>
 # container, that host's errors will be logged there and not here.
 #
 ErrorLog /dev/stderr
 #
 # LogLevel: Control the number of messages logged to the error_log.
 # Possible values include: debug, info, notice, warn, error, crit,
 # alert, emerg.
 #
 LogLevel warn
 <IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog /dev/stdout common
    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    CustomLog /dev/stdout combined
 </IfModule>
 #
 # "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased
 # CGI directory exists, if you have that configured.
 #
 <Directory "/usr/local/apache2/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
 </Directory>
 <IfModule headers_module>
    #
    # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
    # backend servers which have lingering "httpoxy" defects.
    # 'Proxy' request header is undefined by the IETF, not listed by IANA
    #
    RequestHeader unset Proxy early
 </IfModule>
 # Virtual hosts
 Include conf/sites-enabled/*.conf
 # Configure mod_proxy_html to understand HTML4/XHTML1
 <IfModule proxy_html_module>
 Include conf/extra/proxy-html.conf
 </IfModule>
--- a/elasticsearch/values.yaml
+++ b/elasticsearch/values.yaml
@ -176,9 +176,101 @@ secrets:
    user: elasticsearch-admin-creds
 conf:
-  apache:
+  httpd: |
-    httpd: null
+    ServerRoot "/usr/local/apache2"
-    elasticsearch_host: null
+
    Listen 80
    LoadModule mpm_event_module modules/mod_mpm_event.so
    LoadModule authn_file_module modules/mod_authn_file.so
    LoadModule authn_core_module modules/mod_authn_core.so
    LoadModule authz_host_module modules/mod_authz_host.so
    LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
    LoadModule authz_user_module modules/mod_authz_user.so
    LoadModule authz_core_module modules/mod_authz_core.so
    LoadModule access_compat_module modules/mod_access_compat.so
    LoadModule auth_basic_module modules/mod_auth_basic.so
    LoadModule ldap_module modules/mod_ldap.so
    LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
    LoadModule reqtimeout_module modules/mod_reqtimeout.so
    LoadModule filter_module modules/mod_filter.so
    LoadModule proxy_html_module modules/mod_proxy_html.so
    LoadModule log_config_module modules/mod_log_config.so
    LoadModule env_module modules/mod_env.so
    LoadModule headers_module modules/mod_headers.so
    LoadModule setenvif_module modules/mod_setenvif.so
    LoadModule version_module modules/mod_version.so
    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_connect_module modules/mod_proxy_connect.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
    LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
    LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
    LoadModule unixd_module modules/mod_unixd.so
    LoadModule status_module modules/mod_status.so
    LoadModule autoindex_module modules/mod_autoindex.so
    <IfModule unixd_module>
    User daemon
    Group daemon
    </IfModule>
    <Directory />
        AllowOverride none
        Require all denied
    </Directory>
    <Files ".ht*">
        Require all denied
    </Files>
    ErrorLog /dev/stderr
    LogLevel warn
    <IfModule log_config_module>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%h %l %u %t \"%r\" %>s %b" common
        <IfModule logio_module>
          LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
        </IfModule>
        CustomLog /dev/stdout common
        CustomLog /dev/stdout combined
    </IfModule>
    <Directory "/usr/local/apache2/cgi-bin">
        AllowOverride None
        Options None
        Require all granted
    </Directory>
    <IfModule headers_module>
        RequestHeader unset Proxy early
    </IfModule>
    <IfModule proxy_html_module>
    Include conf/extra/proxy-html.conf
    </IfModule>
    <VirtualHost *:80>
      <Location />
          ProxyPass http://localhost:{{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
          ProxyPassReverse http://localhost:{{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
      </Location>
      <Proxy *>
          AuthName "Elasticsearch"
          AuthType Basic
          AuthBasicProvider file ldap
          AuthUserFile /usr/local/apache2/conf/.htpasswd
          AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
          AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
          AuthLDAPURL {{ tuple "ldap" "default" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
          Require valid-user
      </Proxy>
    </VirtualHost>
  init:
    max_map_count: 262144
  curator:
--- a/kibana/templates/bin/_apache.sh.tpl
+++ b/kibana/templates/bin/_apache.sh.tpl
@ -29,6 +29,12 @@ function start () {
  # Apache gets grumpy about PID files pre-existing
  rm -f /etc/httpd/logs/httpd.pid
  if [ -f /usr/local/apache2/conf/.htpasswd ]; then
    htpasswd -b /usr/local/apache2/conf/.htpasswd "$ELASTICSEARCH_USERNAME" "$ELASTICSEARCH_PASSWORD"
  else
    htpasswd -cb /usr/local/apache2/conf/.htpasswd "$ELASTICSEARCH_USERNAME" "$ELASTICSEARCH_PASSWORD"
  fi
  #Launch Apache on Foreground
  exec httpd -DFOREGROUND
 }
--- a/kibana/templates/configmap-etc.yaml
+++ b/kibana/templates/configmap-etc.yaml
@ -22,10 +22,8 @@ kind: ConfigMap
 metadata:
  name: kibana-etc
 data:
  httpd.conf: |
 {{- tuple .Values.conf.apache.httpd "etc/_httpd.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
  kibana-host.conf: |
 {{- tuple .Values.conf.apache.host "etc/_kibana-host.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
  kibana.yml: |
 {{ toYaml .Values.conf.kibana | indent 4 }}
 #NOTE(portdirect): this must be last, to work round helm ~2.7 bug.
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.httpd "key" "httpd.conf") | indent 2 }}
 {{- end }}
--- a/kibana/templates/deployment.yaml
+++ b/kibana/templates/deployment.yaml
@ -65,30 +65,16 @@ spec:
            initialDelaySeconds: 20
            periodSeconds: 10
          env:
-            - name: KIBANA_PORT
+            - name: ELASTICSEARCH_USERNAME
              value: {{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
            - name: KIBANA_USERNAME
              valueFrom:
                secretKeyRef:
                  name: {{ $esUserSecret }}
                  key: ELASTICSEARCH_USERNAME
-            - name: KIBANA_PASSWORD
+            - name: ELASTICSEARCH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ $esUserSecret }}
                  key: ELASTICSEARCH_PASSWORD
            - name: LDAP_URL
              value: {{ tuple "ldap" "default" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
            - name: BIND_DN
              valueFrom:
                secretKeyRef:
                  name: {{ $esUserSecret }}
                  key: BIND_DN
            - name: BIND_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ $esUserSecret }}
                  key: BIND_PASSWORD
          volumeMounts:
            - name: kibana-bin
              mountPath: /tmp/apache.sh
@ -98,12 +84,6 @@ spec:
              mountPath: /usr/local/apache2/conf/httpd.conf
              subPath: httpd.conf
              readOnly: true
            - name: pod-etc-apache
              mountPath: /usr/local/apache2/conf/sites-enabled
            - name: kibana-etc
              mountPath: /usr/local/apache2/conf/sites-enabled/kibana-host.conf
              subPath: kibana-host.conf
              readOnly: true
        - name: kibana
 {{ tuple $envAll "kibana" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.kibana | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
--- a/kibana/templates/etc/_httpd.conf.tpl
+++ b/kibana/templates/etc/_httpd.conf.tpl
@ -1,189 +0,0 @@
 #
 # This is the main Apache HTTP server configuration file.  It contains the
 # configuration directives that give the server its instructions.
 # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
 # In particular, see
 # <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
 # for a discussion of each configuration directive.
 #
 # Do NOT simply read the instructions in here without understanding
 # what they do.  They're here only as hints or reminders.  If you are unsure
 # consult the online docs. You have been warned.
 #
 # Configuration and logfile names: If the filenames you specify for many
 # of the server's control files begin with "/" (or "drive:/" for Win32), the
 # server will use that explicit path.  If the filenames do *not* begin
 # with "/", the value of ServerRoot is prepended -- so "logs/access_log"
 # with ServerRoot set to "/usr/local/apache2" will be interpreted by the
 # server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
 # will be interpreted as '/logs/access_log'.
 ServerRoot "/usr/local/apache2"
 #
 # Listen: Allows you to bind Apache to specific IP addresses and/or
 # ports, instead of the default. See also the <VirtualHost>
 # directive.
 #
 # Change this to Listen on specific IP addresses as shown below to
 # prevent Apache from glomming onto all bound IP addresses.
 #
 #Listen 12.34.56.78:80
 Listen 80
 #
 # Dynamic Shared Object (DSO) Support
 #
 # To be able to use the functionality of a module which was built as a DSO you
 # have to place corresponding `LoadModule' lines at this location so the
 # directives contained in it are actually available _before_ they are used.
 # Statically compiled modules (those listed by `httpd -l') do not need
 # to be loaded here.
 #
 # Example:
 # LoadModule foo_module modules/mod_foo.so
 #
 LoadModule mpm_event_module modules/mod_mpm_event.so
 LoadModule authn_file_module modules/mod_authn_file.so
 LoadModule authn_core_module modules/mod_authn_core.so
 LoadModule authz_host_module modules/mod_authz_host.so
 LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
 LoadModule authz_user_module modules/mod_authz_user.so
 LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule access_compat_module modules/mod_access_compat.so
 LoadModule auth_basic_module modules/mod_auth_basic.so
 LoadModule ldap_module modules/mod_ldap.so
 LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
 LoadModule reqtimeout_module modules/mod_reqtimeout.so
 LoadModule filter_module modules/mod_filter.so
 LoadModule proxy_html_module modules/mod_proxy_html.so
 LoadModule log_config_module modules/mod_log_config.so
 LoadModule env_module modules/mod_env.so
 LoadModule headers_module modules/mod_headers.so
 LoadModule setenvif_module modules/mod_setenvif.so
 LoadModule version_module modules/mod_version.so
 LoadModule proxy_module modules/mod_proxy.so
 LoadModule proxy_connect_module modules/mod_proxy_connect.so
 LoadModule proxy_http_module modules/mod_proxy_http.so
 LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
 LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
 LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
 LoadModule unixd_module modules/mod_unixd.so
 LoadModule status_module modules/mod_status.so
 LoadModule autoindex_module modules/mod_autoindex.so
 <IfModule unixd_module>
 #
 # If you wish httpd to run as a different user or group, you must run
 # httpd as root initially and it will switch.
 #
 # User/Group: The name (or #number) of the user/group to run httpd as.
 # It is usually good practice to create a dedicated user and group for
 # running httpd, as with most system services.
 #
 User daemon
 Group daemon
 </IfModule>
 # 'Main' server configuration
 #
 # The directives in this section set up the values used by the 'main'
 # server, which responds to any requests that aren't handled by a
 # <VirtualHost> definition.  These values also provide defaults for
 # any <VirtualHost> containers you may define later in the file.
 #
 # All of these directives may appear inside <VirtualHost> containers,
 # in which case these default settings will be overridden for the
 # virtual host being defined.
 #
 #
 # Deny access to the entirety of your server's filesystem. You must
 # explicitly permit access to web content directories in other
 # <Directory> blocks below.
 #
 <Directory />
    AllowOverride none
    Require all denied
 </Directory>
 #
 # The following lines prevent .htaccess and .htpasswd files from being
 # viewed by Web clients.
 #
 <Files ".ht*">
    Require all denied
 </Files>
 #
 # ErrorLog: The location of the error log file.
 # If you do not specify an ErrorLog directive within a <VirtualHost>
 # container, error messages relating to that virtual host will be
 # logged here.  If you *do* define an error logfile for a <VirtualHost>
 # container, that host's errors will be logged there and not here.
 #
 ErrorLog /dev/stderr
 #
 # LogLevel: Control the number of messages logged to the error_log.
 # Possible values include: debug, info, notice, warn, error, crit,
 # alert, emerg.
 #
 LogLevel warn
 <IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog /dev/stdout common
    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    CustomLog /dev/stdout combined
 </IfModule>
 #
 # "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased
 # CGI directory exists, if you have that configured.
 #
 <Directory "/usr/local/apache2/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
 </Directory>
 <IfModule headers_module>
    #
    # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
    # backend servers which have lingering "httpoxy" defects.
    # 'Proxy' request header is undefined by the IETF, not listed by IANA
    #
    RequestHeader unset Proxy early
 </IfModule>
 # Virtual hosts
 Include conf/sites-enabled/*.conf
 # Configure mod_proxy_html to understand HTML4/XHTML1
 <IfModule proxy_html_module>
 Include conf/extra/proxy-html.conf
 </IfModule>
--- a/kibana/templates/etc/_kibana-host.conf.tpl
+++ b/kibana/templates/etc/_kibana-host.conf.tpl
@ -1,31 +0,0 @@
 {{/*
 Copyright 2017 The Openstack-Helm Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
   http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 <VirtualHost *:80>
  <Location />
      ProxyPass http://localhost:${KIBANA_PORT}/
      ProxyPassReverse http://localhost:${KIBANA_PORT}/
  </Location>
  <Proxy *>
      AuthName "Kibana"
      AuthType Basic
      AuthBasicProvider ldap
      AuthLDAPBindDN ${BIND_DN}
      AuthLDAPBindPassword ${BIND_PASSWORD}
      AuthLDAPURL ${LDAP_URL}
      Require valid-user
  </Proxy>
 </VirtualHost>
--- a/kibana/values.yaml
+++ b/kibana/values.yaml
@ -103,9 +103,101 @@ dependencies:
          service: elasticsearch
 conf:
-  apache:
+  httpd: |
-    httpd: null
+    ServerRoot "/usr/local/apache2"
-    kibana_host: null
+
    Listen 80
    LoadModule mpm_event_module modules/mod_mpm_event.so
    LoadModule authn_file_module modules/mod_authn_file.so
    LoadModule authn_core_module modules/mod_authn_core.so
    LoadModule authz_host_module modules/mod_authz_host.so
    LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
    LoadModule authz_user_module modules/mod_authz_user.so
    LoadModule authz_core_module modules/mod_authz_core.so
    LoadModule access_compat_module modules/mod_access_compat.so
    LoadModule auth_basic_module modules/mod_auth_basic.so
    LoadModule ldap_module modules/mod_ldap.so
    LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
    LoadModule reqtimeout_module modules/mod_reqtimeout.so
    LoadModule filter_module modules/mod_filter.so
    LoadModule proxy_html_module modules/mod_proxy_html.so
    LoadModule log_config_module modules/mod_log_config.so
    LoadModule env_module modules/mod_env.so
    LoadModule headers_module modules/mod_headers.so
    LoadModule setenvif_module modules/mod_setenvif.so
    LoadModule version_module modules/mod_version.so
    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_connect_module modules/mod_proxy_connect.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
    LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
    LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
    LoadModule unixd_module modules/mod_unixd.so
    LoadModule status_module modules/mod_status.so
    LoadModule autoindex_module modules/mod_autoindex.so
    <IfModule unixd_module>
    User daemon
    Group daemon
    </IfModule>
    <Directory />
        AllowOverride none
        Require all denied
    </Directory>
    <Files ".ht*">
        Require all denied
    </Files>
    ErrorLog /dev/stderr
    LogLevel warn
    <IfModule log_config_module>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%h %l %u %t \"%r\" %>s %b" common
        <IfModule logio_module>
          LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
        </IfModule>
        CustomLog /dev/stdout common
        CustomLog /dev/stdout combined
    </IfModule>
    <Directory "/usr/local/apache2/cgi-bin">
        AllowOverride None
        Options None
        Require all granted
    </Directory>
    <IfModule headers_module>
        RequestHeader unset Proxy early
    </IfModule>
    <IfModule proxy_html_module>
    Include conf/extra/proxy-html.conf
    </IfModule>
    <VirtualHost *:80>
      <Location />
          ProxyPass http://localhost:{{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
          ProxyPassReverse http://localhost:{{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
      </Location>
      <Proxy *>
          AuthName "Kibana"
          AuthType Basic
          AuthBasicProvider file ldap
          AuthUserFile /usr/local/apache2/conf/.htpasswd
          AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
          AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
          AuthLDAPURL {{ tuple "ldap" "default" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
          Require valid-user
      </Proxy>
    </VirtualHost>
  kibana:
    elasticsearch:
      pingTimeout: 1500
--- a/nagios/templates/bin/_apache.sh.tpl
+++ b/nagios/templates/bin/_apache.sh.tpl
@ -30,9 +30,9 @@ function start () {
  rm -f /etc/httpd/logs/httpd.pid
  if [ -f /usr/local/apache2/conf/.htpasswd ]; then
-    htpasswd -b /usr/local/apache2/conf/.htpasswd $NAGIOSADMIN_USER $NAGIOSADMIN_PASS
+    htpasswd -b /usr/local/apache2/conf/.htpasswd "$NAGIOSADMIN_USER" "$NAGIOSADMIN_PASS"
  else
-    htpasswd -cb /usr/local/apache2/conf/.htpasswd $NAGIOSADMIN_USER $NAGIOSADMIN_PASS
+    htpasswd -cb /usr/local/apache2/conf/.htpasswd "$NAGIOSADMIN_USER" "$NAGIOSADMIN_PASS"
  fi
  #Launch Apache on Foreground
--- a/nagios/templates/configmap-etc.yaml
+++ b/nagios/templates/configmap-etc.yaml
@ -22,10 +22,6 @@ kind: ConfigMap
 metadata:
  name: nagios-etc
 data:
  httpd.conf: |
 {{- tuple .Values.conf.apache.httpd "etc/_httpd.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
  nagios-host.conf: |
 {{- tuple .Values.conf.apache.host "etc/_nagios-host.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
  cgi.cfg: |+
 {{ include "nagios.utils.to_nagios_conf" .Values.conf.nagios.cgi | indent 4 }}
  nagios.cfg: |+
@ -37,4 +33,6 @@ data:
 {{- tuple "hostgroup" .Values.conf.nagios.host_groups | include "nagios.utils.object_definition" | indent 4 }}
 {{- tuple "command" .Values.conf.nagios.commands | include "nagios.utils.object_definition" | indent 4 }}
 {{- tuple "service" .Values.conf.nagios.services | include "nagios.utils.object_definition" | indent 4 }}
 #NOTE(portdirect): this must be last, to work round helm ~2.7 bug.
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.httpd "key" "httpd.conf") | indent 2 }}
 {{- end }}
--- a/nagios/templates/deployment.yaml
+++ b/nagios/templates/deployment.yaml
@ -98,10 +98,6 @@ spec:
            initialDelaySeconds: 20
            periodSeconds: 10
          env:
            - name: NAGIOS_PORT
              value: {{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
            - name: LDAP_URL
              value: {{ tuple "ldap" "default" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
            - name: NAGIOSADMIN_USER
              valueFrom:
                secretKeyRef:
@ -112,16 +108,6 @@ spec:
                secretKeyRef:
                  name: {{ $nagiosUserSecret }}
                  key: NAGIOSADMIN_PASS
            - name: BIND_DN
              valueFrom:
                secretKeyRef:
                  name: {{ $nagiosUserSecret }}
                  key: BIND_DN
            - name: BIND_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ $nagiosUserSecret }}
                  key: BIND_PASSWORD
          volumeMounts:
            - name: nagios-bin
              mountPath: /tmp/apache.sh
@ -131,12 +117,6 @@ spec:
              mountPath: /usr/local/apache2/conf/httpd.conf
              subPath: httpd.conf
              readOnly: true
            - name: pod-etc-apache
              mountPath: /usr/local/apache2/conf/sites-enabled
            - name: nagios-etc
              mountPath: /usr/local/apache2/conf/sites-enabled/nagios-host.conf
              subPath: nagios-host.conf
              readOnly: true
        - name: nagios
 {{ tuple $envAll "nagios" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.nagios | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
--- a/nagios/templates/etc/_httpd.conf.tpl
+++ b/nagios/templates/etc/_httpd.conf.tpl
@ -1,189 +0,0 @@
 #
 # This is the main Apache HTTP server configuration file.  It contains the
 # configuration directives that give the server its instructions.
 # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
 # In particular, see
 # <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
 # for a discussion of each configuration directive.
 #
 # Do NOT simply read the instructions in here without understanding
 # what they do.  They're here only as hints or reminders.  If you are unsure
 # consult the online docs. You have been warned.
 #
 # Configuration and logfile names: If the filenames you specify for many
 # of the server's control files begin with "/" (or "drive:/" for Win32), the
 # server will use that explicit path.  If the filenames do *not* begin
 # with "/", the value of ServerRoot is prepended -- so "logs/access_log"
 # with ServerRoot set to "/usr/local/apache2" will be interpreted by the
 # server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
 # will be interpreted as '/logs/access_log'.
 ServerRoot "/usr/local/apache2"
 #
 # Listen: Allows you to bind Apache to specific IP addresses and/or
 # ports, instead of the default. See also the <VirtualHost>
 # directive.
 #
 # Change this to Listen on specific IP addresses as shown below to
 # prevent Apache from glomming onto all bound IP addresses.
 #
 #Listen 12.34.56.78:80
 Listen 80
 #
 # Dynamic Shared Object (DSO) Support
 #
 # To be able to use the functionality of a module which was built as a DSO you
 # have to place corresponding `LoadModule' lines at this location so the
 # directives contained in it are actually available _before_ they are used.
 # Statically compiled modules (those listed by `httpd -l') do not need
 # to be loaded here.
 #
 # Example:
 # LoadModule foo_module modules/mod_foo.so
 #
 LoadModule mpm_event_module modules/mod_mpm_event.so
 LoadModule authn_file_module modules/mod_authn_file.so
 LoadModule authn_core_module modules/mod_authn_core.so
 LoadModule authz_host_module modules/mod_authz_host.so
 LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
 LoadModule authz_user_module modules/mod_authz_user.so
 LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule access_compat_module modules/mod_access_compat.so
 LoadModule auth_basic_module modules/mod_auth_basic.so
 LoadModule ldap_module modules/mod_ldap.so
 LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
 LoadModule reqtimeout_module modules/mod_reqtimeout.so
 LoadModule filter_module modules/mod_filter.so
 LoadModule proxy_html_module modules/mod_proxy_html.so
 LoadModule log_config_module modules/mod_log_config.so
 LoadModule env_module modules/mod_env.so
 LoadModule headers_module modules/mod_headers.so
 LoadModule setenvif_module modules/mod_setenvif.so
 LoadModule version_module modules/mod_version.so
 LoadModule proxy_module modules/mod_proxy.so
 LoadModule proxy_connect_module modules/mod_proxy_connect.so
 LoadModule proxy_http_module modules/mod_proxy_http.so
 LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
 LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
 LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
 LoadModule unixd_module modules/mod_unixd.so
 LoadModule status_module modules/mod_status.so
 LoadModule autoindex_module modules/mod_autoindex.so
 <IfModule unixd_module>
 #
 # If you wish httpd to run as a different user or group, you must run
 # httpd as root initially and it will switch.
 #
 # User/Group: The name (or #number) of the user/group to run httpd as.
 # It is usually good practice to create a dedicated user and group for
 # running httpd, as with most system services.
 #
 User daemon
 Group daemon
 </IfModule>
 # 'Main' server configuration
 #
 # The directives in this section set up the values used by the 'main'
 # server, which responds to any requests that aren't handled by a
 # <VirtualHost> definition.  These values also provide defaults for
 # any <VirtualHost> containers you may define later in the file.
 #
 # All of these directives may appear inside <VirtualHost> containers,
 # in which case these default settings will be overridden for the
 # virtual host being defined.
 #
 #
 # Deny access to the entirety of your server's filesystem. You must
 # explicitly permit access to web content directories in other
 # <Directory> blocks below.
 #
 <Directory />
    AllowOverride none
    Require all denied
 </Directory>
 #
 # The following lines prevent .htaccess and .htpasswd files from being
 # viewed by Web clients.
 #
 <Files ".ht*">
    Require all denied
 </Files>
 #
 # ErrorLog: The location of the error log file.
 # If you do not specify an ErrorLog directive within a <VirtualHost>
 # container, error messages relating to that virtual host will be
 # logged here.  If you *do* define an error logfile for a <VirtualHost>
 # container, that host's errors will be logged there and not here.
 #
 ErrorLog /dev/stderr
 #
 # LogLevel: Control the number of messages logged to the error_log.
 # Possible values include: debug, info, notice, warn, error, crit,
 # alert, emerg.
 #
 LogLevel warn
 <IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog /dev/stdout common
    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    CustomLog /dev/stdout combined
 </IfModule>
 #
 # "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased
 # CGI directory exists, if you have that configured.
 #
 <Directory "/usr/local/apache2/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
 </Directory>
 <IfModule headers_module>
    #
    # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
    # backend servers which have lingering "httpoxy" defects.
    # 'Proxy' request header is undefined by the IETF, not listed by IANA
    #
    RequestHeader unset Proxy early
 </IfModule>
 # Virtual hosts
 Include conf/sites-enabled/*.conf
 # Configure mod_proxy_html to understand HTML4/XHTML1
 <IfModule proxy_html_module>
 Include conf/extra/proxy-html.conf
 </IfModule>
--- a/nagios/templates/etc/_nagios-host.conf.tpl
+++ b/nagios/templates/etc/_nagios-host.conf.tpl
@ -1,29 +0,0 @@
 {{/*
 Copyright 2017 The Openstack-Helm Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
   http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 <VirtualHost *:80>
  <Location />
      ProxyPass http://localhost:${NAGIOS_PORT}/
      ProxyPassReverse http://localhost:${NAGIOS_PORT}/
  </Location>
  <Proxy *>
    AuthName "Nagios"
    AuthType Basic
    AuthBasicProvider file ldap
    AuthUserFile /usr/local/apache2/conf/.htpasswd
    AuthLDAPBindDN ${BIND_DN}
    AuthLDAPBindPassword ${BIND_PASSWORD}
    AuthLDAPURL ${LDAP_URL}
    Require valid-user
  </Proxy>
 </VirtualHost>
--- a/nagios/values.yaml
+++ b/nagios/values.yaml
@ -198,9 +198,101 @@ manifests:
  service_ingress: true
 conf:
-  apache:
+  httpd: |
-    httpd: null
+    ServerRoot "/usr/local/apache2"
-    elasticsearch_host: null
+
    Listen 80
    LoadModule mpm_event_module modules/mod_mpm_event.so
    LoadModule authn_file_module modules/mod_authn_file.so
    LoadModule authn_core_module modules/mod_authn_core.so
    LoadModule authz_host_module modules/mod_authz_host.so
    LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
    LoadModule authz_user_module modules/mod_authz_user.so
    LoadModule authz_core_module modules/mod_authz_core.so
    LoadModule access_compat_module modules/mod_access_compat.so
    LoadModule auth_basic_module modules/mod_auth_basic.so
    LoadModule ldap_module modules/mod_ldap.so
    LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
    LoadModule reqtimeout_module modules/mod_reqtimeout.so
    LoadModule filter_module modules/mod_filter.so
    LoadModule proxy_html_module modules/mod_proxy_html.so
    LoadModule log_config_module modules/mod_log_config.so
    LoadModule env_module modules/mod_env.so
    LoadModule headers_module modules/mod_headers.so
    LoadModule setenvif_module modules/mod_setenvif.so
    LoadModule version_module modules/mod_version.so
    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_connect_module modules/mod_proxy_connect.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
    LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
    LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
    LoadModule unixd_module modules/mod_unixd.so
    LoadModule status_module modules/mod_status.so
    LoadModule autoindex_module modules/mod_autoindex.so
    <IfModule unixd_module>
    User daemon
    Group daemon
    </IfModule>
    <Directory />
        AllowOverride none
        Require all denied
    </Directory>
    <Files ".ht*">
        Require all denied
    </Files>
    ErrorLog /dev/stderr
    LogLevel warn
    <IfModule log_config_module>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%h %l %u %t \"%r\" %>s %b" common
        <IfModule logio_module>
          LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
        </IfModule>
        CustomLog /dev/stdout common
        CustomLog /dev/stdout combined
    </IfModule>
    <Directory "/usr/local/apache2/cgi-bin">
        AllowOverride None
        Options None
        Require all granted
    </Directory>
    <IfModule headers_module>
        RequestHeader unset Proxy early
    </IfModule>
    <IfModule proxy_html_module>
    Include conf/extra/proxy-html.conf
    </IfModule>
    <VirtualHost *:80>
      <Location />
          ProxyPass http://localhost:{{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
          ProxyPassReverse http://localhost:{{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
      </Location>
      <Proxy *>
          AuthName "Nagios"
          AuthType Basic
          AuthBasicProvider file ldap
          AuthUserFile /usr/local/apache2/conf/.htpasswd
          AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
          AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
          AuthLDAPURL {{ tuple "ldap" "default" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
          Require valid-user
      </Proxy>
    </VirtualHost>
  nagios:
    contacts:
      - notifying_contact: