openstack/openstack-helm
Code Issues Proposed changes
157cfe621c
openstack-helm/placement/values_overrides/tls.yaml
ricolin 30c22e2286 Placement: Support uWSGI for API server 
Currently Placement API server still using eventlet-based HTTP servers,
it is generally considered more performant and flexible to run them
using a generic HTTP server that supports WSGI.

Change-Id: I7c0d57a210f1a2d02d989cd8c0d25798bfabfa35
2024-06-05 03:55:13 -05:00

74 lines
2.4 KiB
YAML
Raw Blame History

---
network:
api:
ingress:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
conf:
software:
apache2:
binary: apache2
start_parameters: -DFOREGROUND
site_dir: /etc/apache2/sites-enabled
conf_dir: /etc/apache2/conf-enabled
mods_dir: /etc/apache2/mods-available
a2enmod:
- ssl
a2dismod: null
placement:
keystone_authtoken:
cafile: /etc/placement/certs/ca.crt
wsgi_placement: |
{{- $portInt := tuple "placement" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Listen {{ $portInt }}
<VirtualHost *:{{ $portInt }}>
ServerName {{ printf "%s.%s.svc.%s" "placement-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
WSGIDaemonProcess placement-api processes=1 threads=1 user=placement group=placement display-name=%{GROUP}
WSGIProcessGroup placement-api
WSGIScriptAlias / /var/www/cgi-bin/placement/placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
ErrorLog /dev/stdout
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
SSLEngine on
SSLCertificateFile /etc/placement/certs/tls.crt
SSLCertificateKeyFile /etc/placement/certs/tls.key
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
</VirtualHost>
endpoints:
identity:
auth:
admin:
cacert: /etc/ssl/certs/openstack-helm.crt
placement:
cacert: /etc/ssl/certs/openstack-helm.crt
scheme:
default: https
port:
api:
default: 443
placement:
host_fqdn_override:
default:
tls:
secretName: placement-tls-api
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
service: https
port:
api:
public: 443
manifests:
certificates: true
...
View Git Blame Copy Permalink