--- /dev/null
+# Copyright 2020 Canonical Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+options:
+ image:
+ type: string
+ default: opensourcemano/keystone:latest
+ description: The docker image to install.
+ image_username:
+ type: string
+ description: |
+ The username for accessing the registry specified in image.
+ default: ""
+ image_password:
+ type: string
+ description: |
+ The password associated with image_username for accessing
+ the registry specified in image.
+ default: ""
+ max_file_size:
+ type: int
+ description: |
+ The maximum file size, in megabytes.
+
+ If there is a reverse proxy in front of Keystone, it may
+ need to be configured to handle the requested size.
+ default: 5
+ ingress_whitelist_source_range:
+ type: string
+ description: |
+ A comma-separated list of CIDRs to store in the
+ ingress.kubernetes.io/whitelist-source-range annotation.
+
+ This can be used to lock down access to
+ Keystone based on source IP address.
+ default: ""
+ tls_secret_name:
+ type: string
+ description: TLS Secret name
+ default: ""
+ site_url:
+ type: string
+ description: Ingress URL
+ default: ""
+ ldap_enabled:
+ type: boolean
+ description: Boolean to enable/disable LDAP authentication
+ default: false
+ region_id:
+ type: string
+ description: Region ID to be created when starting the service
+ default: RegionOne
+ keystone_db_password:
+ type: string
+ description: Keystone DB Password
+ default: admin
+ admin_username:
+ type: string
+ description: Admin username to be created when starting the service
+ default: admin
+ admin_password:
+ type: string
+ description: Admin password to be created when starting the service
+ default: admin
+ admin_project:
+ type: string
+ description: Admin project to be created when starting the service
+ default: admin
+ service_username:
+ type: string
+ description: Service Username to be created when starting the service
+ default: nbi
+ service_password:
+ type: string
+ description: Service Password to be created when starting the service
+ default: nbi
+ service_project:
+ type: string
+ description: Service Project to be created when starting the service
+ default: service
+ user_domain_name:
+ type: string
+ description: User domain name (Hardcoded in the container start.sh script)
+ default: default
+ project_domain_name:
+ type: string
+ description: |
+ Project domain name (Hardcoded in the container start.sh script)
+ default: default
+
+ # ENV LDAP_AUTHENTICATION_DOMAIN_NAME no default
+ # ENV LDAP_URL ldap://localhost
+ # ENV LDAP_BIND_USER no defauslt
+ # ENV LDAP_BIND_PASSWORD no default
+ # ENV LDAP_USER_TREE_DN no default
+ # ENV LDAP_USER_OBJECTCLASS inetOrgPerson
+ # ENV LDAP_USER_ID_ATTRIBUTE cn
+ # ENV LDAP_USER_NAME_ATTRIBUTE sn
+ # ENV LDAP_USER_PASS_ATTRIBUTE userPassword
+ # ENV LDAP_USER_FILTER no default
+ # ENV LDAP_USER_ENABLED_ATTRIBUTE enabled
+ # ENV LDAP_USER_ENABLED_MASK 0
+ # ENV LDAP_USER_ENABLED_DEFAULT true
+ # ENV LDAP_USER_ENABLED_INVERT false
+ # ENV LDAP_USE_STARTTLS false
+ # ENV LDAP_TLS_CACERT_BASE64 no default
+ # ENV LDAP_TLS_REQ_CERT demand