--- images: tags: nginx: docker.io/nginx:1.18.0 conf: glance: DEFAULT: bind_host: 127.0.0.1 keystone_authtoken: cafile: /etc/glance/certs/ca.crt glance_store: https_ca_certificates_file: /etc/glance/certs/ca.crt swift_store_cacert: /etc/glance/certs/ca.crt oslo_messaging_rabbit: ssl: true ssl_ca_file: /etc/rabbitmq/certs/ca.crt ssl_cert_file: /etc/rabbitmq/certs/tls.crt ssl_key_file: /etc/rabbitmq/certs/tls.key glance_registry: keystone_authtoken: cafile: /etc/glance/certs/ca.crt oslo_messaging_rabbit: ssl: true ssl_ca_file: /etc/rabbitmq/certs/ca.crt ssl_cert_file: /etc/rabbitmq/certs/tls.crt ssl_key_file: /etc/rabbitmq/certs/tls.key nginx: | worker_processes 1; daemon off; user nginx; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65s; tcp_nodelay on; log_format main '[nginx] method=$request_method path=$request_uri ' 'status=$status upstream_status=$upstream_status duration=$request_time size=$body_bytes_sent ' '"$remote_user" "$http_referer" "$http_user_agent"'; access_log /dev/stdout main; upstream websocket { server 127.0.0.1:$PORT; } server { server_name {{ printf "%s.%s.svc.%s" "${SHORTNAME}" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}; listen $POD_IP:$PORT ssl; client_max_body_size 0; ssl_certificate /etc/nginx/certs/tls.crt; ssl_certificate_key /etc/nginx/certs/tls.key; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; location / { proxy_pass_request_headers on; proxy_http_version 1.1; proxy_pass http://websocket; proxy_read_timeout 90; } } } network: api: ingress: annotations: nginx.ingress.kubernetes.io/backend-protocol: "https" registry: ingress: annotations: nginx.ingress.kubernetes.io/backend-protocol: "https" endpoints: identity: name: keystone auth: admin: cacert: /etc/ssl/certs/openstack-helm.crt glance: cacert: /etc/ssl/certs/openstack-helm.crt test: cacert: /etc/ssl/certs/openstack-helm.crt scheme: default: https port: api: default: 443 image: host_fqdn_override: default: tls: secretName: glance-tls-api issuerRef: name: ca-issuer kind: ClusterIssuer scheme: default: https public: https port: api: public: 443 image_registry: host_fqdn_override: default: tls: secretName: glance-tls-reg issuerRef: name: ca-issuer kind: ClusterIssuer scheme: default: https public: https port: api: public: 443 dashboard: scheme: default: https public: https port: web: default: 80 public: 443 oslo_messaging: port: https: default: 15680 pod: security_context: glance: pod: runAsUser: 0 resources: nginx: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" manifests: certificates: true ...