ca47e3c974
This reverts commit 2ec17153c6
.
Reason for revert: resolved bug with cluster issuer versioning
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/772814
Co-authored-by: Sangeet Gupta <sg774j@att.com>
Change-Id: If7ebef1cebbe5b1d97ac530dd7136e3fc9232b21
133 lines
2.9 KiB
YAML
133 lines
2.9 KiB
YAML
---
|
|
images:
|
|
tags:
|
|
nginx: docker.io/nginx:1.18.0
|
|
network:
|
|
server:
|
|
ingress:
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/backend-protocol: "https"
|
|
pod:
|
|
security_context:
|
|
neutron_server:
|
|
pod:
|
|
runAsUser: 0
|
|
container:
|
|
neutron_server:
|
|
readOnlyRootFilesystem: false
|
|
resources:
|
|
nginx:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
conf:
|
|
nginx: |
|
|
worker_processes 1;
|
|
daemon off;
|
|
user nginx;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
sendfile on;
|
|
keepalive_timeout 65s;
|
|
tcp_nodelay on;
|
|
|
|
log_format main '[nginx] method=$request_method path=$request_uri '
|
|
'status=$status upstream_status=$upstream_status duration=$request_time size=$body_bytes_sent '
|
|
'"$remote_user" "$http_referer" "$http_user_agent"';
|
|
|
|
access_log /dev/stdout main;
|
|
|
|
upstream websocket {
|
|
server 127.0.0.1:$PORT;
|
|
}
|
|
|
|
server {
|
|
server_name {{ printf "%s.%s.svc.%s" "${SHORTNAME}" .Release.Namespace .Values.endpoints.cluster_domain_suffix }};
|
|
listen $POD_IP:$PORT ssl;
|
|
|
|
client_max_body_size 0;
|
|
|
|
ssl_certificate /etc/nginx/certs/tls.crt;
|
|
ssl_certificate_key /etc/nginx/certs/tls.key;
|
|
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
|
|
|
|
location / {
|
|
proxy_pass_request_headers on;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_pass http://websocket;
|
|
proxy_read_timeout 90;
|
|
}
|
|
}
|
|
}
|
|
neutron:
|
|
DEFAULT:
|
|
bind_host: 127.0.0.1
|
|
nova:
|
|
cafile: /etc/neutron/certs/ca.crt
|
|
keystone_authtoken:
|
|
cafile: /etc/neutron/certs/ca.crt
|
|
metadata_agent:
|
|
DEFAULT:
|
|
auth_ca_cert: /etc/ssl/certs/openstack-helm.crt
|
|
nova_metadata_port: 443
|
|
nova_metadata_protocol: https
|
|
endpoints:
|
|
compute:
|
|
scheme:
|
|
default: https
|
|
port:
|
|
api:
|
|
public: 443
|
|
compute_metadata:
|
|
scheme:
|
|
default: https
|
|
port:
|
|
metadata:
|
|
public: 443
|
|
identity:
|
|
auth:
|
|
admin:
|
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
|
neutron:
|
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
|
nova:
|
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
|
test:
|
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
|
scheme:
|
|
default: https
|
|
port:
|
|
api:
|
|
default: 443
|
|
network:
|
|
host_fqdn_override:
|
|
default:
|
|
tls:
|
|
secretName: neutron-tls-server
|
|
issuerRef:
|
|
name: ca-issuer
|
|
kind: ClusterIssuer
|
|
scheme:
|
|
default: https
|
|
port:
|
|
api:
|
|
public: 443
|
|
ingress:
|
|
port:
|
|
ingress:
|
|
default: 443
|
|
manifests:
|
|
certificates: true
|
|
...
|