69 lines
2.5 KiB
YAML
69 lines
2.5 KiB
YAML
options:
|
|
loadbalancer-topology:
|
|
type: string
|
|
default: SINGLE
|
|
description: |
|
|
Load balancer topology configuration.
|
|
.
|
|
Supported values are 'SINGLE' and 'ACTIVE_STANDBY'.
|
|
lb-mgmt-issuing-cacert:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Certificate Authority Certificate used to issue new certificates stored
|
|
on the ``Amphora`` load balancer instances. The ``Amphorae`` use them to
|
|
authenticate themselves to the ``Octavia`` controller services.
|
|
.
|
|
Note due to security concerns it is important not use the same CA
|
|
certificate for both ``lb-mgmt-issuing-cacert`` and
|
|
``lb-mgmt-controller-cacert`` configuration options. Failing to keep
|
|
them separate may lead to abuse of certificate data to gain access to
|
|
other ``Amphora`` instances in the event one of them is compromised.
|
|
.
|
|
Note that these certificates are not used for any load balancer payload
|
|
data.
|
|
lb-mgmt-issuing-ca-private-key:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Private key for the Certificate Authority set in ``lb-mgmt-issuing-ca``.
|
|
.
|
|
Note that these certificates are not used for any load balancer payload
|
|
data.
|
|
lb-mgmt-issuing-ca-key-passphrase:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Passphrase for the key set in ``lb-mgmt-ca-private-key``.
|
|
.
|
|
NOTE: As of this writing Octavia requires the private key to be protected
|
|
with a passphrase.
|
|
.
|
|
Note that these certificates are not used for any load balancer payload
|
|
data.
|
|
lb-mgmt-controller-cacert:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Certificate Authority Certificate installed on ``Amphorae`` with the
|
|
purpose of the ``Amphora`` agent using it to authenticate connections
|
|
from ``Octavia`` controller services.
|
|
.
|
|
Note due to security concerns it is important not use the same CA
|
|
certificate for both ``lb-mgmt-issuing-cacert`` and
|
|
``lb-mgmt-controller-cacert`` configuration options. Failing to keep
|
|
them separate may lead to abuse of certificate data to gain access to
|
|
other ``Amphora`` instances in the event one of them is compromised.
|
|
.
|
|
Note that these certificates are not used for any load balancer payload
|
|
data.
|
|
lb-mgmt-controller-cert:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Certificate used by the ``Octavia`` controller to authenticate itself to
|
|
its ``Amphorae``.
|
|
.
|
|
Note that these certificates are not used for any load balancer payload
|
|
data.
|