| # Copyright 2020 Canonical Ltd. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| options: |
| image: |
| type: string |
| default: opensourcemano/keystone:latest |
| description: The docker image to install. |
| image_username: |
| type: string |
| description: | |
| The username for accessing the registry specified in image. |
| default: "" |
| image_password: |
| type: string |
| description: | |
| The password associated with image_username for accessing |
| the registry specified in image. |
| default: "" |
| max_file_size: |
| type: int |
| description: | |
| The maximum file size, in megabytes. |
| |
| If there is a reverse proxy in front of Keystone, it may |
| need to be configured to handle the requested size. |
| default: 5 |
| ingress_whitelist_source_range: |
| type: string |
| description: | |
| A comma-separated list of CIDRs to store in the |
| ingress.kubernetes.io/whitelist-source-range annotation. |
| |
| This can be used to lock down access to |
| Keystone based on source IP address. |
| default: "" |
| tls_secret_name: |
| type: string |
| description: TLS Secret name |
| default: "" |
| site_url: |
| type: string |
| description: Ingress URL |
| default: "" |
| ldap_enabled: |
| type: boolean |
| description: Boolean to enable/disable LDAP authentication |
| default: false |
| region_id: |
| type: string |
| description: Region ID to be created when starting the service |
| default: RegionOne |
| keystone_db_password: |
| type: string |
| description: Keystone DB Password |
| default: admin |
| admin_username: |
| type: string |
| description: Admin username to be created when starting the service |
| default: admin |
| admin_password: |
| type: string |
| description: Admin password to be created when starting the service |
| default: admin |
| admin_project: |
| type: string |
| description: Admin project to be created when starting the service |
| default: admin |
| service_username: |
| type: string |
| description: Service Username to be created when starting the service |
| default: nbi |
| service_password: |
| type: string |
| description: Service Password to be created when starting the service |
| default: nbi |
| service_project: |
| type: string |
| description: Service Project to be created when starting the service |
| default: service |
| user_domain_name: |
| type: string |
| description: User domain name (Hardcoded in the container start.sh script) |
| default: default |
| project_domain_name: |
| type: string |
| description: | |
| Project domain name (Hardcoded in the container start.sh script) |
| default: default |
| |
| # ENV LDAP_AUTHENTICATION_DOMAIN_NAME no default |
| # ENV LDAP_URL ldap://localhost |
| # ENV LDAP_BIND_USER no defauslt |
| # ENV LDAP_BIND_PASSWORD no default |
| # ENV LDAP_USER_TREE_DN no default |
| # ENV LDAP_USER_OBJECTCLASS inetOrgPerson |
| # ENV LDAP_USER_ID_ATTRIBUTE cn |
| # ENV LDAP_USER_NAME_ATTRIBUTE sn |
| # ENV LDAP_USER_PASS_ATTRIBUTE userPassword |
| # ENV LDAP_USER_FILTER no default |
| # ENV LDAP_USER_ENABLED_ATTRIBUTE enabled |
| # ENV LDAP_USER_ENABLED_MASK 0 |
| # ENV LDAP_USER_ENABLED_DEFAULT true |
| # ENV LDAP_USER_ENABLED_INVERT false |
| # ENV LDAP_USE_STARTTLS false |
| # ENV LDAP_TLS_CACERT_BASE64 no default |
| # ENV LDAP_TLS_REQ_CERT demand |