Keystone

There are various customizations you can do to tailor the deployment of OpenStack Keystone. You can find those below.

General Parameters

  • bootstrap.enabled

    • Type: bool

    • Description:

    • true

  • bootstrap.ks_user

    • Type: string

    • Description:

    • “admin”

  • bootstrap.script

    • Type: string

    • Description:

    • # admin needs the admin role for the default domain
      openstack role add \\
            --user=\"${OS_USERNAME}\" \\
            --domain=\"${OS_DEFAULT_DOMAIN}\" \\
            \"admin\"
      
  • conf.access_rules

    • Type: object

    • Description:

    • {}

  • conf.keystone.DEFAULT.log_config_append

    • Type: string

    • Description:

    • “/etc/keystone/logging.conf”

  • conf.keystone.DEFAULT.max_token_size

    • Type: int

    • Description:

    • 255

  • conf.keystone.cache.backend

    • Type: string

    • Description:

    • “dogpile.cache.memcached”

  • conf.keystone.cache.enabled

    • Type: bool

    • Description:

    • true

  • conf.keystone.credential.key_repository

    • Type: string

    • Description:

    • “/etc/keystone/credential-keys/”

  • conf.keystone.database.max_retries

    • Type: int

    • Description:

    • -1

  • conf.keystone.fernet_tokens.key_repository

    • Type: string

    • Description:

    • “/etc/keystone/fernet-keys/”

  • conf.keystone.identity.domain_config_dir

    • Type: string

    • Description:

    • “/etc/keystone/domains”

  • conf.keystone.identity.domain_specific_drivers_enabled

    • Type: bool

    • Description:

    • true

  • conf.keystone.oslo_messaging_notifications.driver

    • Type: string

    • Description:

    • “messagingv2”

  • conf.keystone.oslo_messaging_rabbit.rabbit_ha_queues

    • Type: bool

    • Description:

    • true

  • conf.keystone.oslo_middleware.enable_proxy_headers_parsing

    • Type: bool

    • Description:

    • true

  • conf.keystone.oslo_policy.policy_file

    • Type: string

    • Description:

    • “/etc/keystone/policy.yaml”

  • conf.keystone.security_compliance.lockout_duration

    • Type: int

    • Description:

    • 1800

  • conf.keystone.security_compliance.lockout_failure_attempts

    • Type: int

    • Description:

    • 5

  • conf.keystone.token.expiration

    • Type: int

    • Description:

    • 43200

  • conf.keystone.token.provider

    • Type: string

    • Description:

    • “fernet”

  • conf.logging.formatter_context.class

    • Type: string

    • Description:

    • “oslo_log.formatters.ContextFormatter”

  • conf.logging.formatter_context.datefmt

    • Type: string

    • Description:

    • “%Y-%m-%d %H:%M:%S”

  • conf.logging.formatter_default.datefmt

    • Type: string

    • Description:

    • “%Y-%m-%d %H:%M:%S”

  • conf.logging.formatter_default.format

    • Type: string

    • Description:

    • “%(message)s”

  • conf.logging.formatters.keys[0]

    • Type: string

    • Description:

    • “context”

  • conf.logging.formatters.keys[1]

    • Type: string

    • Description:

    • “default”

  • conf.logging.handler_null.args

    • Type: string

    • Description:

    • “()”

  • conf.logging.handler_null.class

    • Type: string

    • Description:

    • “logging.NullHandler”

  • conf.logging.handler_null.formatter

    • Type: string

    • Description:

    • “default”

  • conf.logging.handler_stderr.args

    • Type: string

    • Description:

    • “(sys.stderr,)”

  • conf.logging.handler_stderr.class

    • Type: string

    • Description:

    • “StreamHandler”

  • conf.logging.handler_stderr.formatter

    • Type: string

    • Description:

    • “context”

  • conf.logging.handler_stdout.args

    • Type: string

    • Description:

    • “(sys.stdout,)”

  • conf.logging.handler_stdout.class

    • Type: string

    • Description:

    • “StreamHandler”

  • conf.logging.handler_stdout.formatter

    • Type: string

    • Description:

    • “context”

  • conf.logging.handlers.keys[0]

    • Type: string

    • Description:

    • “stdout”

  • conf.logging.handlers.keys[1]

    • Type: string

    • Description:

    • “stderr”

  • conf.logging.handlers.keys[2]

    • Type: string

    • Description:

    • “null”

  • conf.logging.logger_amqp.handlers

    • Type: string

    • Description:

    • “stderr”

  • conf.logging.logger_amqp.level

    • Type: string

    • Description:

    • “WARNING”

  • conf.logging.logger_amqp.qualname

    • Type: string

    • Description:

    • “amqp”

  • conf.logging.logger_amqplib.handlers

    • Type: string

    • Description:

    • “stderr”

  • conf.logging.logger_amqplib.level

    • Type: string

    • Description:

    • “WARNING”

  • conf.logging.logger_amqplib.qualname

    • Type: string

    • Description:

    • “amqplib”

  • conf.logging.logger_boto.handlers

    • Type: string

    • Description:

    • “stderr”

  • conf.logging.logger_boto.level

    • Type: string

    • Description:

    • “WARNING”

  • conf.logging.logger_boto.qualname

    • Type: string

    • Description:

    • “boto”

  • conf.logging.logger_eventletwsgi.handlers

    • Type: string

    • Description:

    • “stderr”

  • conf.logging.logger_eventletwsgi.level

    • Type: string

    • Description:

    • “WARNING”

  • conf.logging.logger_eventletwsgi.qualname

    • Type: string

    • Description:

    • “eventlet.wsgi.server”

  • conf.logging.logger_keystone.handlers[0]

    • Type: string

    • Description:

    • “stdout”

  • conf.logging.logger_keystone.level

    • Type: string

    • Description:

    • “INFO”

  • conf.logging.logger_keystone.qualname

    • Type: string

    • Description:

    • “keystone”

  • conf.logging.logger_root.handlers

    • Type: string

    • Description:

    • “null”

  • conf.logging.logger_root.level

    • Type: string

    • Description:

    • “WARNING”

  • conf.logging.logger_sqlalchemy.handlers

    • Type: string

    • Description:

    • “stderr”

  • conf.logging.logger_sqlalchemy.level

    • Type: string

    • Description:

    • “WARNING”

  • conf.logging.logger_sqlalchemy.qualname

    • Type: string

    • Description:

    • “sqlalchemy”

  • conf.logging.loggers.keys[0]

    • Type: string

    • Description:

    • “root”

  • conf.logging.loggers.keys[1]

    • Type: string

    • Description:

    • “keystone”

  • conf.mpm_event

    • Type: string

    • Description:

    • <IfModule mpm_event_module>
        ServerLimit         1024
        StartServers        32
        MinSpareThreads     32
        MaxSpareThreads     256
        ThreadsPerChild     25
        MaxRequestsPerChild 128
        ThreadLimit         720
      </IfModule>
      
  • conf.policy

    • Type: object

    • Description:

    • {}

  • conf.rabbitmq.policies[0].apply-to

    • Type: string

    • Description:

    • “all”

  • conf.rabbitmq.policies[0].definition.ha-mode

    • Type: string

    • Description:

    • “all”

  • conf.rabbitmq.policies[0].definition.ha-sync-mode

    • Type: string

    • Description:

    • “automatic”

  • conf.rabbitmq.policies[0].definition.message-ttl

    • Type: int

    • Description:

    • 70000

  • conf.rabbitmq.policies[0].name

    • Type: string

    • Description:

    • “ha_ttl_keystone”

  • conf.rabbitmq.policies[0].pattern

    • Type: string

    • Description:

    • “^(?!(amq\.|reply_)).*”

  • conf.rabbitmq.policies[0].priority

    • Type: int

    • Description:

    • 0

  • conf.rabbitmq.policies[0].vhost

    • Type: string

    • Description:

    • “keystone”

  • conf.rally_tests.run_tempest

    • Type: bool

    • Description:

    • false

  • conf.rally_tests.tests.”KeystoneBasic.add_and_remove_user_role”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.add_and_remove_user_role”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.add_and_remove_user_role”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.add_and_remove_user_role”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.authenticate_user_and_validate_token”[0].args

    • Type: object

    • Description:

    • {}

  • conf.rally_tests.tests.”KeystoneBasic.authenticate_user_and_validate_token”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.authenticate_user_and_validate_token”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.authenticate_user_and_validate_token”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.authenticate_user_and_validate_token”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_add_and_list_user_roles”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_add_and_list_user_roles”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_add_and_list_user_roles”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_add_and_list_user_roles”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_and_delete_ec2credential”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_and_delete_ec2credential”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_and_delete_ec2credential”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_and_delete_ec2credential”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_and_delete_role”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_and_delete_role”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_and_delete_role”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_and_delete_role”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_and_delete_service”[0].args.description

    • Type: string

    • Description:

    • “test_description”

  • conf.rally_tests.tests.”KeystoneBasic.create_and_delete_service”[0].args.service_type

    • Type: string

    • Description:

    • “Rally_test_type”

  • conf.rally_tests.tests.”KeystoneBasic.create_and_delete_service”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_and_delete_service”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_and_delete_service”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_and_delete_service”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_and_get_role”[0].args

    • Type: object

    • Description:

    • {}

  • conf.rally_tests.tests.”KeystoneBasic.create_and_get_role”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_and_get_role”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_and_get_role”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_and_get_role”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_ec2credentials”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_ec2credentials”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_ec2credentials”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_ec2credentials”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_services”[0].args.description

    • Type: string

    • Description:

    • “test_description”

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_services”[0].args.service_type

    • Type: string

    • Description:

    • “Rally_test_type”

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_services”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_services”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_services”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_services”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_tenants”[0].args

    • Type: object

    • Description:

    • {}

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_tenants”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_tenants”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_tenants”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_tenants”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_users”[0].args

    • Type: object

    • Description:

    • {}

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_users”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_users”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_users”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_and_list_users”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_delete_user”[0].args

    • Type: object

    • Description:

    • {}

  • conf.rally_tests.tests.”KeystoneBasic.create_delete_user”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_delete_user”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_delete_user”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_delete_user”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_tenant”[0].args

    • Type: object

    • Description:

    • {}

  • conf.rally_tests.tests.”KeystoneBasic.create_tenant”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_tenant”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_tenant”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_tenant”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_tenant_with_users”[0].args.users_per_tenant

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_tenant_with_users”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_tenant_with_users”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_tenant_with_users”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_tenant_with_users”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_update_and_delete_tenant”[0].args

    • Type: object

    • Description:

    • {}

  • conf.rally_tests.tests.”KeystoneBasic.create_update_and_delete_tenant”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_update_and_delete_tenant”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_update_and_delete_tenant”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_update_and_delete_tenant”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_user”[0].args

    • Type: object

    • Description:

    • {}

  • conf.rally_tests.tests.”KeystoneBasic.create_user”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_user”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_user”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_user”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_user_set_enabled_and_delete”[0].args.enabled

    • Type: bool

    • Description:

    • true

  • conf.rally_tests.tests.”KeystoneBasic.create_user_set_enabled_and_delete”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_user_set_enabled_and_delete”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_user_set_enabled_and_delete”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_user_set_enabled_and_delete”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_user_set_enabled_and_delete”[1].args.enabled

    • Type: bool

    • Description:

    • false

  • conf.rally_tests.tests.”KeystoneBasic.create_user_set_enabled_and_delete”[1].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_user_set_enabled_and_delete”[1].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_user_set_enabled_and_delete”[1].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_user_set_enabled_and_delete”[1].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.create_user_update_password”[0].args

    • Type: object

    • Description:

    • {}

  • conf.rally_tests.tests.”KeystoneBasic.create_user_update_password”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_user_update_password”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.create_user_update_password”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.create_user_update_password”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.rally_tests.tests.”KeystoneBasic.get_entities”[0].runner.concurrency

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.get_entities”[0].runner.times

    • Type: int

    • Description:

    • 1

  • conf.rally_tests.tests.”KeystoneBasic.get_entities”[0].runner.type

    • Type: string

    • Description:

    • “constant”

  • conf.rally_tests.tests.”KeystoneBasic.get_entities”[0].sla.failure_rate.max

    • Type: int

    • Description:

    • 0

  • conf.security

    • Type: string

    • Description:

    • #
      # Disable access to the entire file system except for the directories that
      # are explicitly allowed later.
      #
      # This currently breaks the configurations that come with some web application
      # Debian packages.
      #
      #<Directory />
      #   AllowOverride None
      #   Require all denied
      #</Directory>
      
      # Changing the following options will not really affect the security of the
      # server, but might make attacks slightly more difficult in some cases.
      
      #
      # ServerTokens
      # This directive configures what you return as the Server HTTP response
      # Header. The default is 'Full' which sends information about the OS-Type
      # and compiled in modules.
      # Set to one of:  Full | OS | Minimal | Minor | Major | Prod
      # where Full conveys the most information, and Prod the least.
      ServerTokens Prod
      
      #
      # Optionally add a line containing the server version and virtual host
      # name to server-generated pages (internal error documents, FTP directory
      # listings, mod_status and mod_info output etc., but not CGI generated
      # documents or custom error documents).
      # Set to \"EMail\" to also include a mailto: link to the ServerAdmin.
      # Set to one of:  On | Off | EMail
      ServerSignature Off
      
      #
      # Allow TRACE method
      #
      # Set to \"extended\" to also reflect the request body (only for testing and
      # diagnostic purposes).
      #
      # Set to one of:  On | Off | extended
      TraceEnable Off
      
      #
      # Forbid access to version control directories
      #
      # If you use version control systems in your document root, you should
      # probably deny access to their directories. For example, for subversion:
      #
      #<DirectoryMatch \"/\\.svn\">
      #   Require all denied
      #</DirectoryMatch>
      
      #
      # Setting this header will prevent MSIE from interpreting files as something
      # else than declared by the content type in the HTTP headers.
      # Requires mod_headers to be enabled.
      #
      #Header set X-Content-Type-Options: \"nosniff\"
      
      #
      # Setting this header will prevent other sites from embedding pages from this
      # site as frames. This defends against clickjacking attacks.
      # Requires mod_headers to be enabled.
      #
      #Header set X-Frame-Options: \"sameorigin\"
      
  • conf.software.apache2.a2dismod

    • Type: string

    • Description:

    • nil

  • conf.software.apache2.a2enmod

    • Type: string

    • Description:

    • nil

  • conf.software.apache2.binary

    • Type: string

    • Description:

    • “apache2”

  • conf.software.apache2.conf_dir

    • Type: string

    • Description:

    • “/etc/apache2/conf-enabled”

  • conf.software.apache2.mods_dir

    • Type: string

    • Description:

    • “/etc/apache2/mods-available”

  • conf.software.apache2.site_dir

    • Type: string

    • Description:

    • “/etc/apache2/sites-enable”

  • conf.software.apache2.start_parameters

    • Type: string

    • Description:

    • “-DFOREGROUND”

  • conf.sso_callback_template

    • Type: string

    • Description:

    • <!DOCTYPE html>
      <html xmlns=\"http://www.w3.org/1999/xhtml\">
        <head>
          <title>Keystone WebSSO redirect</title>
        </head>
        <body>
           <form id=\"sso\" name=\"sso\" action=\"$host\" method=\"post\">
             Please wait...
             <br/>
             <input type=\"hidden\" name=\"token\" id=\"token\" value=\"$token\"/>
             <noscript>
               <input type=\"submit\" name=\"submit_no_javascript\" id=\"submit_no_javascript\"
                  value=\"If your JavaScript is disabled, please click to continue\"/>
             </noscript>
           </form>
           <script type=\"text/javascript\">
             window.onload = function() {
               document.forms['sso'].submit();
             }
           </script>
        </body>
      </html>
      
  • conf.wsgi_keystone

    • Type: string

    • Description:

    • {{- $portInt := tuple \"identity\" \"service\" \"api\" $ | include \"helm-toolkit.endpoints.endpoint_port_lookup\" }}
      
      Listen 0.0.0.0:{{ $portInt }}
      
      LogFormat \"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined
      LogFormat \"%{X-Forwarded-For}i %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" proxy
      
      SetEnvIf X-Forwarded-For \"^.*\\..*\\..*\\..*\" forwarded
      CustomLog /dev/stdout combined env=!forwarded
      CustomLog /dev/stdout proxy env=forwarded
      
      <VirtualHost *:{{ $portInt }}>
          WSGIDaemonProcess keystone-public processes=1 threads=1 user=keystone group=keystone display-name=%{GROUP}
          WSGIProcessGroup keystone-public
          WSGIScriptAlias / /var/www/cgi-bin/keystone/keystone-wsgi-public
          WSGIApplicationGroup %{GLOBAL}
          WSGIPassAuthorization On
          <IfVersion >= 2.4>
            ErrorLogFormat \"%{cu}t %M\"
          </IfVersion>
          ErrorLog /dev/stdout
      
          SetEnvIf X-Forwarded-For \"^.*\\..*\\..*\\..*\" forwarded
          CustomLog /dev/stdout combined env=!forwarded
          CustomLog /dev/stdout proxy env=forwarded
      </VirtualHost>
      
  • dependencies.dynamic.common.local_image_registry.jobs[0]

    • Type: string

    • Description:

    • “keystone-image-repo-sync”

  • dependencies.dynamic.common.local_image_registry.services[0].endpoint

    • Type: string

    • Description:

    • “node”

  • dependencies.dynamic.common.local_image_registry.services[0].service

    • Type: string

    • Description:

    • “local_image_registry”

  • dependencies.dynamic.rabbit_init.services[0].endpoint

    • Type: string

    • Description:

    • “internal”

  • dependencies.dynamic.rabbit_init.services[0].service

    • Type: string

    • Description:

    • “oslo_messaging”

  • dependencies.static.api.jobs[0]

    • Type: string

    • Description:

    • “keystone-db-sync”

  • dependencies.static.api.jobs[1]

    • Type: string

    • Description:

    • “keystone-credential-setup”

  • dependencies.static.api.jobs[2]

    • Type: string

    • Description:

    • “keystone-fernet-setup”

  • dependencies.static.api.services[0].endpoint

    • Type: string

    • Description:

    • “internal”

  • dependencies.static.api.services[0].service

    • Type: string

    • Description:

    • “oslo_cache”

  • dependencies.static.api.services[1].endpoint

    • Type: string

    • Description:

    • “internal”

  • dependencies.static.api.services[1].service

    • Type: string

    • Description:

    • “oslo_db”

  • dependencies.static.bootstrap.jobs[0]

    • Type: string

    • Description:

    • “keystone-domain-manage”

  • dependencies.static.bootstrap.services[0].endpoint

    • Type: string

    • Description:

    • “internal”

  • dependencies.static.bootstrap.services[0].service

    • Type: string

    • Description:

    • “identity”

  • dependencies.static.credential_cleanup.services[0].endpoint

    • Type: string

    • Description:

    • “internal”

  • dependencies.static.credential_cleanup.services[0].service

    • Type: string

    • Description:

    • “oslo_db”

  • dependencies.static.credential_rotate.jobs[0]

    • Type: string

    • Description:

    • “keystone-credential-setup”

  • dependencies.static.credential_setup

    • Type: string

    • Description:

    • nil

  • dependencies.static.db_drop.services[0].endpoint

    • Type: string

    • Description:

    • “internal”

  • dependencies.static.db_drop.services[0].service

    • Type: string

    • Description:

    • “oslo_db”

  • dependencies.static.db_init.services[0].endpoint

    • Type: string

    • Description:

    • “internal”

  • dependencies.static.db_init.services[0].service

    • Type: string

    • Description:

    • “oslo_db”

  • dependencies.static.db_sync.jobs[0]

    • Type: string

    • Description:

    • “keystone-db-init”

  • dependencies.static.db_sync.jobs[1]

    • Type: string

    • Description:

    • “keystone-credential-setup”

  • dependencies.static.db_sync.jobs[2]

    • Type: string

    • Description:

    • “keystone-fernet-setup”

  • dependencies.static.db_sync.services[0].endpoint

    • Type: string

    • Description:

    • “internal”

  • dependencies.static.db_sync.services[0].service

    • Type: string

    • Description:

    • “oslo_db”

  • dependencies.static.domain_manage.services[0].endpoint

    • Type: string

    • Description:

    • “internal”

  • dependencies.static.domain_manage.services[0].service

    • Type: string

    • Description:

    • “identity”

  • dependencies.static.fernet_rotate.jobs[0]

    • Type: string

    • Description:

    • “keystone-fernet-setup”

  • dependencies.static.fernet_setup

    • Type: string

    • Description:

    • nil

  • dependencies.static.image_repo_sync.services[0].endpoint

    • Type: string

    • Description:

    • “internal”

  • dependencies.static.image_repo_sync.services[0].service

    • Type: string

    • Description:

    • “local_image_registry”

  • dependencies.static.tests.services[0].endpoint

    • Type: string

    • Description:

    • “internal”

  • dependencies.static.tests.services[0].service

    • Type: string

    • Description:

    • “identity”

  • endpoints.cluster_domain_suffix

    • Type: string

    • Description:

    • “cluster.local”

  • endpoints.fluentd.host_fqdn_override.default

    • Type: string

    • Description:

    • nil

  • endpoints.fluentd.hosts.default

    • Type: string

    • Description:

    • “fluentd-logging”

  • endpoints.fluentd.name

    • Type: string

    • Description:

    • “fluentd”

  • endpoints.fluentd.namespace

    • Type: string

    • Description:

    • nil

  • endpoints.fluentd.path.default

    • Type: string

    • Description:

    • nil

  • endpoints.fluentd.port.metrics.default

    • Type: int

    • Description:

    • 24220

  • endpoints.fluentd.port.service.default

    • Type: int

    • Description:

    • 24224

  • endpoints.fluentd.scheme

    • Type: string

    • Description:

    • “http”

  • endpoints.identity.auth.admin.default_domain_id

    • Type: string

    • Description:

    • “default”

  • endpoints.identity.auth.admin.password

    • Type: string

    • Description:

    • “password”

  • endpoints.identity.auth.admin.project_domain_name

    • Type: string

    • Description:

    • “default”

  • endpoints.identity.auth.admin.project_name

    • Type: string

    • Description:

    • “admin”

  • endpoints.identity.auth.admin.region_name

    • Type: string

    • Description:

    • “RegionOne”

  • endpoints.identity.auth.admin.user_domain_name

    • Type: string

    • Description:

    • “default”

  • endpoints.identity.auth.admin.username

    • Type: string

    • Description:

    • “admin”

  • endpoints.identity.auth.test.default_domain_id

    • Type: string

    • Description:

    • “default”

  • endpoints.identity.auth.test.password

    • Type: string

    • Description:

    • “password”

  • endpoints.identity.auth.test.project_domain_name

    • Type: string

    • Description:

    • “default”

  • endpoints.identity.auth.test.project_name

    • Type: string

    • Description:

    • “test”

  • endpoints.identity.auth.test.region_name

    • Type: string

    • Description:

    • “RegionOne”

  • endpoints.identity.auth.test.role

    • Type: string

    • Description:

    • “admin”

  • endpoints.identity.auth.test.user_domain_name

    • Type: string

    • Description:

    • “default”

  • endpoints.identity.auth.test.username

    • Type: string

    • Description:

    • “keystone-test”

  • endpoints.identity.host_fqdn_override.default

    • Type: string

    • Description:

    • nil

  • endpoints.identity.hosts.default

    • Type: string

    • Description:

    • “keystone”

  • endpoints.identity.hosts.internal

    • Type: string

    • Description:

    • “keystone-api”

  • endpoints.identity.name

    • Type: string

    • Description:

    • “keystone”

  • endpoints.identity.namespace

    • Type: string

    • Description:

    • nil

  • endpoints.identity.path.default

    • Type: string

    • Description:

    • “/v3”

  • endpoints.identity.port.api.default

    • Type: int

    • Description:

    • 80

  • endpoints.identity.port.api.internal

    • Type: int

    • Description:

    • 5000

  • endpoints.identity.port.api.service

    • Type: int

    • Description:

    • 5000

  • endpoints.identity.scheme.default

    • Type: string

    • Description:

    • “http”

  • endpoints.identity.scheme.service

    • Type: string

    • Description:

    • “http”

  • endpoints.ingress.hosts.default

    • Type: string

    • Description:

    • “ingress”

  • endpoints.ingress.name

    • Type: string

    • Description:

    • “ingress”

  • endpoints.ingress.namespace

    • Type: string

    • Description:

    • nil

  • endpoints.ingress.port.ingress.default

    • Type: int

    • Description:

    • 80

  • endpoints.kube_dns.host_fqdn_override.default

    • Type: string

    • Description:

    • nil

  • endpoints.kube_dns.hosts.default

    • Type: string

    • Description:

    • “kube-dns”

  • endpoints.kube_dns.name

    • Type: string

    • Description:

    • “kubernetes-dns”

  • endpoints.kube_dns.namespace

    • Type: string

    • Description:

    • “kube-system”

  • endpoints.kube_dns.path.default

    • Type: string

    • Description:

    • nil

  • endpoints.kube_dns.port.dns.default

    • Type: int

    • Description:

    • 53

  • endpoints.kube_dns.port.dns.protocol

    • Type: string

    • Description:

    • “UDP”

  • endpoints.kube_dns.scheme

    • Type: string

    • Description:

    • “http”

  • endpoints.ldap.auth.client.tls.ca

    • Type: string

    • Description:

    • nil

  • endpoints.local_image_registry.host_fqdn_override.default

    • Type: string

    • Description:

    • nil

  • endpoints.local_image_registry.hosts.default

    • Type: string

    • Description:

    • “localhost”

  • endpoints.local_image_registry.hosts.internal

    • Type: string

    • Description:

    • “docker-registry”

  • endpoints.local_image_registry.hosts.node

    • Type: string

    • Description:

    • “localhost”

  • endpoints.local_image_registry.name

    • Type: string

    • Description:

    • “docker-registry”

  • endpoints.local_image_registry.namespace

    • Type: string

    • Description:

    • “docker-registry”

  • endpoints.local_image_registry.port.registry.node

    • Type: int

    • Description:

    • 5000

  • endpoints.oci_image_registry.auth.enabled

    • Type: bool

    • Description:

    • false

  • endpoints.oci_image_registry.auth.keystone.password

    • Type: string

    • Description:

    • “password”

  • endpoints.oci_image_registry.auth.keystone.username

    • Type: string

    • Description:

    • “keystone”

  • endpoints.oci_image_registry.host_fqdn_override.default

    • Type: string

    • Description:

    • nil

  • endpoints.oci_image_registry.hosts.default

    • Type: string

    • Description:

    • “localhost”

  • endpoints.oci_image_registry.name

    • Type: string

    • Description:

    • “oci-image-registry”

  • endpoints.oci_image_registry.namespace

    • Type: string

    • Description:

    • “oci-image-registry”

  • endpoints.oci_image_registry.port.registry.default

    • Type: string

    • Description:

    • nil

  • endpoints.oslo_cache.host_fqdn_override.default

    • Type: string

    • Description:

    • nil

  • endpoints.oslo_cache.hosts.default

    • Type: string

    • Description:

    • “memcached”

  • endpoints.oslo_cache.namespace

    • Type: string

    • Description:

    • nil

  • endpoints.oslo_cache.port.memcache.default

    • Type: int

    • Description:

    • 11211

  • endpoints.oslo_db.auth.admin.password

    • Type: string

    • Description:

    • “password”

  • endpoints.oslo_db.auth.admin.secret.tls.internal

    • Type: string

    • Description:

    • “mariadb-tls-direct”

  • endpoints.oslo_db.auth.admin.username

    • Type: string

    • Description:

    • “root”

  • endpoints.oslo_db.auth.keystone.password

    • Type: string

    • Description:

    • “password”

  • endpoints.oslo_db.auth.keystone.username

    • Type: string

    • Description:

    • “keystone”

  • endpoints.oslo_db.host_fqdn_override.default

    • Type: string

    • Description:

    • nil

  • endpoints.oslo_db.hosts.default

    • Type: string

    • Description:

    • “mariadb”

  • endpoints.oslo_db.namespace

    • Type: string

    • Description:

    • nil

  • endpoints.oslo_db.path

    • Type: string

    • Description:

    • “/keystone”

  • endpoints.oslo_db.port.mysql.default

    • Type: int

    • Description:

    • 3306

  • endpoints.oslo_db.scheme

    • Type: string

    • Description:

    • “mysql+pymysql”

  • endpoints.oslo_messaging.auth.admin.password

    • Type: string

    • Description:

    • “password”

  • endpoints.oslo_messaging.auth.admin.secret.tls.internal

    • Type: string

    • Description:

    • “rabbitmq-tls-direct”

  • endpoints.oslo_messaging.auth.admin.username

    • Type: string

    • Description:

    • “rabbitmq”

  • endpoints.oslo_messaging.auth.keystone.password

    • Type: string

    • Description:

    • “password”

  • endpoints.oslo_messaging.auth.keystone.username

    • Type: string

    • Description:

    • “keystone”

  • endpoints.oslo_messaging.host_fqdn_override.default

    • Type: string

    • Description:

    • nil

  • endpoints.oslo_messaging.hosts.default

    • Type: string

    • Description:

    • “rabbitmq”

  • endpoints.oslo_messaging.namespace

    • Type: string

    • Description:

    • nil

  • endpoints.oslo_messaging.path

    • Type: string

    • Description:

    • “/keystone”

  • endpoints.oslo_messaging.port.amqp.default

    • Type: int

    • Description:

    • 5672

  • endpoints.oslo_messaging.port.http.default

    • Type: int

    • Description:

    • 15672

  • endpoints.oslo_messaging.scheme

    • Type: string

    • Description:

    • “rabbit”

  • endpoints.oslo_messaging.statefulset.name

    • Type: string

    • Description:

    • “rabbitmq-rabbitmq”

  • endpoints.oslo_messaging.statefulset.replicas

    • Type: int

    • Description:

    • 2

  • helm3_hook

    • Type: bool

    • Description:

    • true

  • images.local_registry.active

    • Type: bool

    • Description:

    • false

  • images.local_registry.exclude[0]

    • Type: string

    • Description:

    • “dep_check”

  • images.local_registry.exclude[1]

    • Type: string

    • Description:

    • “image_repo_sync”

  • images.pull_policy

    • Type: string

    • Description:

    • “IfNotPresent”

  • images.tags.bootstrap

    • Type: string

    • Description:

    • “docker.io/openstackhelm/heat:2024.1-ubuntu_jammy”

  • images.tags.db_drop

    • Type: string

    • Description:

    • “docker.io/openstackhelm/heat:2024.1-ubuntu_jammy”

  • images.tags.db_init

    • Type: string

    • Description:

    • “docker.io/openstackhelm/heat:2024.1-ubuntu_jammy”

  • images.tags.dep_check

    • Type: string

    • Description:

    • “quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal”

  • images.tags.image_repo_sync

    • Type: string

    • Description:

    • “docker.io/docker:17.07.0”

  • images.tags.keystone_api

    • Type: string

    • Description:

    • “docker.io/openstackhelm/keystone:2024.1-ubuntu_jammy”

  • images.tags.keystone_credential_cleanup

    • Type: string

    • Description:

    • “docker.io/openstackhelm/heat:2024.1-ubuntu_jammy”

  • images.tags.keystone_credential_rotate

    • Type: string

    • Description:

    • “docker.io/openstackhelm/keystone:2024.1-ubuntu_jammy”

  • images.tags.keystone_credential_setup

    • Type: string

    • Description:

    • “docker.io/openstackhelm/keystone:2024.1-ubuntu_jammy”

  • images.tags.keystone_db_sync

    • Type: string

    • Description:

    • “docker.io/openstackhelm/keystone:2024.1-ubuntu_jammy”

  • images.tags.keystone_domain_manage

    • Type: string

    • Description:

    • “docker.io/openstackhelm/keystone:2024.1-ubuntu_jammy”

  • images.tags.keystone_fernet_rotate

    • Type: string

    • Description:

    • “docker.io/openstackhelm/keystone:2024.1-ubuntu_jammy”

  • images.tags.keystone_fernet_setup

    • Type: string

    • Description:

    • “docker.io/openstackhelm/keystone:2024.1-ubuntu_jammy”

  • images.tags.ks_user

    • Type: string

    • Description:

    • “docker.io/openstackhelm/heat:2024.1-ubuntu_jammy”

  • images.tags.rabbit_init

    • Type: string

    • Description:

    • “docker.io/rabbitmq:3.13-management”

  • images.tags.test

    • Type: string

    • Description:

    • “docker.io/xrally/xrally-openstack:2.0.0”

  • jobs.credential_rotate.cron

    • Type: string

    • Description:

    • “0 0 1 * *”

  • jobs.credential_rotate.group

    • Type: string

    • Description:

    • “keystone”

  • jobs.credential_rotate.history.failed

    • Type: int

    • Description:

    • 1

  • jobs.credential_rotate.history.success

    • Type: int

    • Description:

    • 3

  • jobs.credential_rotate.migrate_wait

    • Type: int

    • Description:

    • 120

  • jobs.credential_rotate.user

    • Type: string

    • Description:

    • “keystone”

  • jobs.credential_setup.group

    • Type: string

    • Description:

    • “keystone”

  • jobs.credential_setup.user

    • Type: string

    • Description:

    • “keystone”

  • jobs.fernet_rotate.cron

    • Type: string

    • Description:

    • “0 */12 * * *”

  • jobs.fernet_rotate.group

    • Type: string

    • Description:

    • “keystone”

  • jobs.fernet_rotate.history.failed

    • Type: int

    • Description:

    • 1

  • jobs.fernet_rotate.history.success

    • Type: int

    • Description:

    • 3

  • jobs.fernet_rotate.user

    • Type: string

    • Description:

    • “keystone”

  • jobs.fernet_setup.group

    • Type: string

    • Description:

    • “keystone”

  • jobs.fernet_setup.user

    • Type: string

    • Description:

    • “keystone”

  • labels.api.node_selector_key

    • Type: string

    • Description:

    • “openstack-control-plane”

  • labels.api.node_selector_value

    • Type: string

    • Description:

    • “enabled”

  • labels.job.node_selector_key

    • Type: string

    • Description:

    • “openstack-control-plane”

  • labels.job.node_selector_value

    • Type: string

    • Description:

    • “enabled”

  • labels.test.node_selector_key

    • Type: string

    • Description:

    • “openstack-control-plane”

  • labels.test.node_selector_value

    • Type: string

    • Description:

    • “enabled”

  • manifests.certificates

    • Type: bool

    • Description:

    • false

  • manifests.configmap_bin

    • Type: bool

    • Description:

    • true

  • manifests.configmap_etc

    • Type: bool

    • Description:

    • true

  • manifests.cron_credential_rotate

    • Type: bool

    • Description:

    • true

  • manifests.cron_fernet_rotate

    • Type: bool

    • Description:

    • true

  • manifests.deployment_api

    • Type: bool

    • Description:

    • true

  • manifests.ingress_api

    • Type: bool

    • Description:

    • true

  • manifests.job_bootstrap

    • Type: bool

    • Description:

    • true

  • manifests.job_credential_cleanup

    • Type: bool

    • Description:

    • true

  • manifests.job_credential_setup

    • Type: bool

    • Description:

    • true

  • manifests.job_db_drop

    • Type: bool

    • Description:

    • false

  • manifests.job_db_init

    • Type: bool

    • Description:

    • true

  • manifests.job_db_sync

    • Type: bool

    • Description:

    • true

  • manifests.job_domain_manage

    • Type: bool

    • Description:

    • true

  • manifests.job_fernet_setup

    • Type: bool

    • Description:

    • true

  • manifests.job_image_repo_sync

    • Type: bool

    • Description:

    • true

  • manifests.job_rabbit_init

    • Type: bool

    • Description:

    • true

  • manifests.network_policy

    • Type: bool

    • Description:

    • false

  • manifests.pdb_api

    • Type: bool

    • Description:

    • true

  • manifests.pod_rally_test

    • Type: bool

    • Description:

    • true

  • manifests.secret_credential_keys

    • Type: bool

    • Description:

    • true

  • manifests.secret_db

    • Type: bool

    • Description:

    • true

  • manifests.secret_fernet_keys

    • Type: bool

    • Description:

    • true

  • manifests.secret_ingress_tls

    • Type: bool

    • Description:

    • true

  • manifests.secret_keystone

    • Type: bool

    • Description:

    • true

  • manifests.secret_rabbitmq

    • Type: bool

    • Description:

    • true

  • manifests.secret_registry

    • Type: bool

    • Description:

    • true

  • manifests.service_api

    • Type: bool

    • Description:

    • true

  • manifests.service_ingress_api

    • Type: bool

    • Description:

    • true

  • network.admin.node_port.enabled

    • Type: bool

    • Description:

    • false

  • network.admin.node_port.port

    • Type: int

    • Description:

    • 30357

  • network.api.external_policy_local

    • Type: bool

    • Description:

    • false

  • network.api.ingress.annotations.”nginx.ingress.kubernetes.io/rewrite-target”

    • Type: string

    • Description:

    • “/”

  • network.api.ingress.classes.cluster

    • Type: string

    • Description:

    • “nginx-cluster”

  • network.api.ingress.classes.namespace

    • Type: string

    • Description:

    • “nginx”

  • network.api.ingress.public

    • Type: bool

    • Description:

    • true

  • network.api.node_port.enabled

    • Type: bool

    • Description:

    • false

  • network.api.node_port.port

    • Type: int

    • Description:

    • 30500

  • network_policy.keystone.egress[0]

    • Type: object

    • Description:

    • {}

  • network_policy.keystone.ingress[0]

    • Type: object

    • Description:

    • {}

  • pod.affinity.anti.topologyKey.default

    • Type: string

    • Description:

    • “kubernetes.io/hostname”

  • pod.affinity.anti.type.default

    • Type: string

    • Description:

    • “preferredDuringSchedulingIgnoredDuringExecution”

  • pod.affinity.anti.weight.default

    • Type: int

    • Description:

    • 10

  • pod.lifecycle.disruption_budget.api.min_available

    • Type: int

    • Description:

    • 0

  • pod.lifecycle.termination_grace_period.api.timeout

    • Type: int

    • Description:

    • 30

  • pod.lifecycle.upgrades.deployments.pod_replacement_strategy

    • Type: string

    • Description:

    • “RollingUpdate”

  • pod.lifecycle.upgrades.deployments.revision_history

    • Type: int

    • Description:

    • 3

  • pod.lifecycle.upgrades.deployments.rolling_update.max_surge

    • Type: int

    • Description:

    • 3

  • pod.lifecycle.upgrades.deployments.rolling_update.max_unavailable

    • Type: int

    • Description:

    • 1

  • pod.mounts.keystone_api.init_container

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_api.keystone_api.volumeMounts

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_api.keystone_api.volumes

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_bootstrap.init_container

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_bootstrap.keystone_bootstrap.volumeMounts

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_bootstrap.keystone_bootstrap.volumes

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_credential_cleanup.init_container

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_credential_cleanup.keystone_credential_cleanup.volumeMounts

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_credential_cleanup.keystone_credential_cleanup.volumes

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_credential_rotate.init_container

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_credential_rotate.keystone_credential_rotate.volumeMounts

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_credential_rotate.keystone_credential_rotate.volumes

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_credential_setup.init_container

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_credential_setup.keystone_credential_setup.volumeMounts

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_credential_setup.keystone_credential_setup.volumes

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_db_init.init_container

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_db_init.keystone_db_init.volumeMounts

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_db_init.keystone_db_init.volumes

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_db_sync.init_container

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_db_sync.keystone_db_sync.volumeMounts

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_db_sync.keystone_db_sync.volumes

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_domain_manage.init_container

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_domain_manage.keystone_domain_manage.volumeMounts

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_domain_manage.keystone_domain_manage.volumes

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_fernet_rotate.init_container

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_fernet_rotate.keystone_fernet_rotate.volumeMounts

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_fernet_rotate.keystone_fernet_rotate.volumes

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_fernet_setup.init_container

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_fernet_setup.keystone_fernet_setup.volumeMounts

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_fernet_setup.keystone_fernet_setup.volumes

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_tests.init_container

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_tests.keystone_tests.volumeMounts

    • Type: string

    • Description:

    • nil

  • pod.mounts.keystone_tests.keystone_tests.volumes

    • Type: string

    • Description:

    • nil

  • pod.probes.api.api.liveness.enabled

    • Type: bool

    • Description:

    • true

  • pod.probes.api.api.liveness.params.initialDelaySeconds

    • Type: int

    • Description:

    • 50

  • pod.probes.api.api.liveness.params.periodSeconds

    • Type: int

    • Description:

    • 60

  • pod.probes.api.api.liveness.params.timeoutSeconds

    • Type: int

    • Description:

    • 15

  • pod.probes.api.api.readiness.enabled

    • Type: bool

    • Description:

    • true

  • pod.probes.api.api.readiness.params.initialDelaySeconds

    • Type: int

    • Description:

    • 15

  • pod.probes.api.api.readiness.params.periodSeconds

    • Type: int

    • Description:

    • 60

  • pod.probes.api.api.readiness.params.timeoutSeconds

    • Type: int

    • Description:

    • 15

  • pod.replicas.api

    • Type: int

    • Description:

    • 1

  • pod.resources.api.limits.cpu

    • Type: string

    • Description:

    • “2000m”

  • pod.resources.api.limits.memory

    • Type: string

    • Description:

    • “1024Mi”

  • pod.resources.api.requests.cpu

    • Type: string

    • Description:

    • “100m”

  • pod.resources.api.requests.memory

    • Type: string

    • Description:

    • “128Mi”

  • pod.resources.enabled

    • Type: bool

    • Description:

    • false

  • pod.resources.jobs.bootstrap.limits.cpu

    • Type: string

    • Description:

    • “2000m”

  • pod.resources.jobs.bootstrap.limits.memory

    • Type: string

    • Description:

    • “1024Mi”

  • pod.resources.jobs.bootstrap.requests.cpu

    • Type: string

    • Description:

    • “100m”

  • pod.resources.jobs.bootstrap.requests.memory

    • Type: string

    • Description:

    • “128Mi”

  • pod.resources.jobs.credential_cleanup.limits.cpu

    • Type: string

    • Description:

    • “2000m”

  • pod.resources.jobs.credential_cleanup.limits.memory

    • Type: string

    • Description:

    • “1024Mi”

  • pod.resources.jobs.credential_cleanup.requests.cpu

    • Type: string

    • Description:

    • “100m”

  • pod.resources.jobs.credential_cleanup.requests.memory

    • Type: string

    • Description:

    • “128Mi”

  • pod.resources.jobs.credential_rotate.limits.cpu

    • Type: string

    • Description:

    • “2000m”

  • pod.resources.jobs.credential_rotate.limits.memory

    • Type: string

    • Description:

    • “1024Mi”

  • pod.resources.jobs.credential_rotate.requests.cpu

    • Type: string

    • Description:

    • “100m”

  • pod.resources.jobs.credential_rotate.requests.memory

    • Type: string

    • Description:

    • “128Mi”

  • pod.resources.jobs.credential_setup.limits.cpu

    • Type: string

    • Description:

    • “2000m”

  • pod.resources.jobs.credential_setup.limits.memory

    • Type: string

    • Description:

    • “1024Mi”

  • pod.resources.jobs.credential_setup.requests.cpu

    • Type: string

    • Description:

    • “100m”

  • pod.resources.jobs.credential_setup.requests.memory

    • Type: string

    • Description:

    • “128Mi”

  • pod.resources.jobs.db_drop.limits.cpu

    • Type: string

    • Description:

    • “2000m”

  • pod.resources.jobs.db_drop.limits.memory

    • Type: string

    • Description:

    • “1024Mi”

  • pod.resources.jobs.db_drop.requests.cpu

    • Type: string

    • Description:

    • “100m”

  • pod.resources.jobs.db_drop.requests.memory

    • Type: string

    • Description:

    • “128Mi”

  • pod.resources.jobs.db_init.limits.cpu

    • Type: string

    • Description:

    • “2000m”

  • pod.resources.jobs.db_init.limits.memory

    • Type: string

    • Description:

    • “1024Mi”

  • pod.resources.jobs.db_init.requests.cpu

    • Type: string

    • Description:

    • “100m”

  • pod.resources.jobs.db_init.requests.memory

    • Type: string

    • Description:

    • “128Mi”

  • pod.resources.jobs.db_sync.limits.cpu

    • Type: string

    • Description:

    • “2000m”

  • pod.resources.jobs.db_sync.limits.memory

    • Type: string

    • Description:

    • “1024Mi”

  • pod.resources.jobs.db_sync.requests.cpu

    • Type: string

    • Description:

    • “100m”

  • pod.resources.jobs.db_sync.requests.memory

    • Type: string

    • Description:

    • “128Mi”

  • pod.resources.jobs.domain_manage.limits.cpu

    • Type: string

    • Description:

    • “2000m”

  • pod.resources.jobs.domain_manage.limits.memory

    • Type: string

    • Description:

    • “1024Mi”

  • pod.resources.jobs.domain_manage.requests.cpu

    • Type: string

    • Description:

    • “100m”

  • pod.resources.jobs.domain_manage.requests.memory

    • Type: string

    • Description:

    • “128Mi”

  • pod.resources.jobs.fernet_rotate.limits.cpu

    • Type: string

    • Description:

    • “2000m”

  • pod.resources.jobs.fernet_rotate.limits.memory

    • Type: string

    • Description:

    • “1024Mi”

  • pod.resources.jobs.fernet_rotate.requests.cpu

    • Type: string

    • Description:

    • “100m”

  • pod.resources.jobs.fernet_rotate.requests.memory

    • Type: string

    • Description:

    • “128Mi”

  • pod.resources.jobs.fernet_setup.limits.cpu

    • Type: string

    • Description:

    • “2000m”

  • pod.resources.jobs.fernet_setup.limits.memory

    • Type: string

    • Description:

    • “1024Mi”

  • pod.resources.jobs.fernet_setup.requests.cpu

    • Type: string

    • Description:

    • “100m”

  • pod.resources.jobs.fernet_setup.requests.memory

    • Type: string

    • Description:

    • “128Mi”

  • pod.resources.jobs.image_repo_sync.limits.cpu

    • Type: string

    • Description:

    • “2000m”

  • pod.resources.jobs.image_repo_sync.limits.memory

    • Type: string

    • Description:

    • “1024Mi”

  • pod.resources.jobs.image_repo_sync.requests.cpu

    • Type: string

    • Description:

    • “100m”

  • pod.resources.jobs.image_repo_sync.requests.memory

    • Type: string

    • Description:

    • “128Mi”

  • pod.resources.jobs.rabbit_init.limits.cpu

    • Type: string

    • Description:

    • “2000m”

  • pod.resources.jobs.rabbit_init.limits.memory

    • Type: string

    • Description:

    • “1024Mi”

  • pod.resources.jobs.rabbit_init.requests.cpu

    • Type: string

    • Description:

    • “100m”

  • pod.resources.jobs.rabbit_init.requests.memory

    • Type: string

    • Description:

    • “128Mi”

  • pod.resources.jobs.tests.limits.cpu

    • Type: string

    • Description:

    • “2000m”

  • pod.resources.jobs.tests.limits.memory

    • Type: string

    • Description:

    • “1024Mi”

  • pod.resources.jobs.tests.requests.cpu

    • Type: string

    • Description:

    • “100m”

  • pod.resources.jobs.tests.requests.memory

    • Type: string

    • Description:

    • “128Mi”

  • pod.security_context.credential_setup.container.keystone_credential_setup.allowPrivilegeEscalation

    • Type: bool

    • Description:

    • false

  • pod.security_context.credential_setup.container.keystone_credential_setup.readOnlyRootFilesystem

    • Type: bool

    • Description:

    • true

  • pod.security_context.credential_setup.pod.runAsUser

    • Type: int

    • Description:

    • 42424

  • pod.security_context.domain_manage.container.keystone_domain_manage.allowPrivilegeEscalation

    • Type: bool

    • Description:

    • false

  • pod.security_context.domain_manage.container.keystone_domain_manage.readOnlyRootFilesystem

    • Type: bool

    • Description:

    • true

  • pod.security_context.domain_manage.container.keystone_domain_manage_init.allowPrivilegeEscalation

    • Type: bool

    • Description:

    • false

  • pod.security_context.domain_manage.container.keystone_domain_manage_init.readOnlyRootFilesystem

    • Type: bool

    • Description:

    • true

  • pod.security_context.domain_manage.pod.runAsUser

    • Type: int

    • Description:

    • 42424

  • pod.security_context.fernet_rotate.container.keystone_fernet_rotate.allowPrivilegeEscalation

    • Type: bool

    • Description:

    • false

  • pod.security_context.fernet_rotate.container.keystone_fernet_rotate.readOnlyRootFilesystem

    • Type: bool

    • Description:

    • true

  • pod.security_context.fernet_rotate.pod.runAsUser

    • Type: int

    • Description:

    • 42424

  • pod.security_context.fernet_setup.container.keystone_fernet_setup.allowPrivilegeEscalation

    • Type: bool

    • Description:

    • false

  • pod.security_context.fernet_setup.container.keystone_fernet_setup.readOnlyRootFilesystem

    • Type: bool

    • Description:

    • true

  • pod.security_context.fernet_setup.pod.runAsUser

    • Type: int

    • Description:

    • 42424

  • pod.security_context.keystone.container.keystone_api.allowPrivilegeEscalation

    • Type: bool

    • Description:

    • false

  • pod.security_context.keystone.container.keystone_api.readOnlyRootFilesystem

    • Type: bool

    • Description:

    • true

  • pod.security_context.keystone.pod.runAsUser

    • Type: int

    • Description:

    • 42424

  • pod.security_context.test.container.keystone_test.allowPrivilegeEscalation

    • Type: bool

    • Description:

    • false

  • pod.security_context.test.container.keystone_test.readOnlyRootFilesystem

    • Type: bool

    • Description:

    • true

  • pod.security_context.test.container.keystone_test.runAsUser

    • Type: int

    • Description:

    • 65500

  • pod.security_context.test.container.keystone_test_ks_user.allowPrivilegeEscalation

    • Type: bool

    • Description:

    • false

  • pod.security_context.test.container.keystone_test_ks_user.readOnlyRootFilesystem

    • Type: bool

    • Description:

    • true

  • pod.security_context.test.pod.runAsUser

    • Type: int

    • Description:

    • 42424

  • pod.tolerations.keystone.enabled

    • Type: bool

    • Description:

    • false

  • pod.tolerations.keystone.tolerations[0].effect

    • Type: string

    • Description:

    • “NoSchedule”

  • pod.tolerations.keystone.tolerations[0].key

    • Type: string

    • Description:

    • “node-role.kubernetes.io/master”

  • pod.tolerations.keystone.tolerations[0].operator

    • Type: string

    • Description:

    • “Exists”

  • pod.tolerations.keystone.tolerations[1].effect

    • Type: string

    • Description:

    • “NoSchedule”

  • pod.tolerations.keystone.tolerations[1].key

    • Type: string

    • Description:

    • “node-role.kubernetes.io/control-plane”

  • pod.tolerations.keystone.tolerations[1].operator

    • Type: string

    • Description:

    • “Exists”

  • release_group

    • Type: string

    • Description:

    • nil

  • secrets.identity.admin

    • Type: string

    • Description:

    • “keystone-keystone-admin”

  • secrets.identity.test

    • Type: string

    • Description:

    • “keystone-keystone-test”

  • secrets.ldap.tls

    • Type: string

    • Description:

    • “keystone-ldap-tls”

  • secrets.oci_image_registry.keystone

    • Type: string

    • Description:

    • “keystone-oci-image-registry”

  • secrets.oslo_db.admin

    • Type: string

    • Description:

    • “keystone-db-admin”

  • secrets.oslo_db.keystone

    • Type: string

    • Description:

    • “keystone-db-user”

  • secrets.oslo_messaging.admin

    • Type: string

    • Description:

    • “keystone-rabbitmq-admin”

  • secrets.oslo_messaging.keystone

    • Type: string

    • Description:

    • “keystone-rabbitmq-user”

  • secrets.tls.identity.api.internal

    • Type: string

    • Description:

    • “keystone-tls-api”

  • secrets.tls.identity.api.public

    • Type: string

    • Description:

    • “keystone-tls-public”

  • tls.identity

    • Type: bool

    • Description:

    • false

  • tls.oslo_db

    • Type: bool

    • Description:

    • false

  • tls.oslo_messaging

    • Type: bool

    • Description:

    • false