--- images: tags: nginx: docker.io/nginx:1.18.0 network: server: ingress: annotations: nginx.ingress.kubernetes.io/backend-protocol: "https" pod: security_context: neutron_server: pod: runAsUser: 0 container: neutron_server: readOnlyRootFilesystem: false resources: nginx: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" conf: nginx: | worker_processes 1; daemon off; user nginx; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65s; tcp_nodelay on; log_format main '[nginx] method=$request_method path=$request_uri ' 'status=$status upstream_status=$upstream_status duration=$request_time size=$body_bytes_sent ' '"$remote_user" "$http_referer" "$http_user_agent"'; access_log /dev/stdout main; upstream websocket { server 127.0.0.1:$PORT; } server { server_name {{ printf "%s.%s.svc.%s" "${SHORTNAME}" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}; listen $POD_IP:$PORT ssl; client_max_body_size 0; ssl_certificate /etc/nginx/certs/tls.crt; ssl_certificate_key /etc/nginx/certs/tls.key; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; location / { proxy_pass_request_headers on; proxy_http_version 1.1; proxy_pass http://websocket; proxy_read_timeout 90; } } } neutron: DEFAULT: bind_host: 127.0.0.1 nova: cafile: /etc/neutron/certs/ca.crt keystone_authtoken: cafile: /etc/neutron/certs/ca.crt metadata_agent: DEFAULT: auth_ca_cert: /etc/ssl/certs/openstack-helm.crt nova_metadata_port: 443 nova_metadata_protocol: https endpoints: compute: scheme: default: https port: api: public: 443 compute_metadata: scheme: default: https port: metadata: public: 443 identity: auth: admin: cacert: /etc/ssl/certs/openstack-helm.crt neutron: cacert: /etc/ssl/certs/openstack-helm.crt nova: cacert: /etc/ssl/certs/openstack-helm.crt test: cacert: /etc/ssl/certs/openstack-helm.crt scheme: default: https port: api: default: 443 network: host_fqdn_override: default: tls: secretName: neutron-tls-server issuerRef: name: ca-issuer kind: ClusterIssuer scheme: default: https port: api: public: 443 ingress: port: ingress: default: 443 manifests: certificates: true ...