diff options
| -rw-r--r-- | inventory/byo/hosts.aep.example | 4 | ||||
| -rw-r--r-- | inventory/byo/hosts.origin.example | 4 | ||||
| -rw-r--r-- | inventory/byo/hosts.ose.example | 4 | ||||
| -rwxr-xr-x | roles/openshift_facts/library/openshift_facts.py | 16 | ||||
| -rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 3 | ||||
| -rw-r--r-- | roles/openshift_master_facts/tasks/main.yml | 1 |
6 files changed, 27 insertions, 5 deletions
diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index 43b646c93..bedaffbdc 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -58,6 +58,10 @@ deployment_type=atomic-enterprise # See: https://docs.openshift.com/enterprise/latest/install_config/aggregate_logging.html #openshift_master_logging_public_url=https://kibana.example.com +# Configure imagePolicyConfig in the master config +# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig +#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true} + # Docker Configuration # Add additional, insecure, and blocked registries to global docker configuration # For enterprise deployment types we ensure that registry.access.redhat.com is diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 8b8dbade0..3ecf898fb 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -59,6 +59,10 @@ deployment_type=origin # See: https://docs.openshift.org/latest/install_config/aggregate_logging.html #openshift_master_logging_public_url=https://kibana.example.com +# Configure imagePolicyConfig in the master config +# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig +#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true} + # Docker Configuration # Add additional, insecure, and blocked registries to global docker configuration # For enterprise deployment types we ensure that registry.access.redhat.com is diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 4c6aae0bd..126d44487 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -57,6 +57,10 @@ deployment_type=openshift-enterprise # Configure loggingPublicURL in the master config for aggregate logging # See: https://docs.openshift.com/enterprise/latest/install_config/aggregate_logging.html #openshift_master_logging_public_url=https://kibana.example.com +# +# Configure imagePolicyConfig in the master config +# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig +#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true} # Docker Configuration # Add additional, insecure, and blocked registries to global docker configuration diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 32e608e86..4313790bf 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1142,17 +1142,23 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw protected_facts = ['ha', 'master_count'] # Facts we do not ever want to merge. These originate in inventory variables - # and typically contain JSON dicts. We don't ever want to trigger a merge + # and contain JSON dicts. We don't ever want to trigger a merge # here, just completely overwrite with the new if they are present there. - overwrite_facts = ['admission_plugin_config', - 'kube_admission_plugin_config'] + inventory_json_facts = ['admission_plugin_config', + 'kube_admission_plugin_config', + 'image_policy_config'] facts = dict() for key, value in orig.iteritems(): # Key exists in both old and new facts. if key in new: - if key in overwrite_facts: - facts[key] = copy.deepcopy(new[key]) + if key in inventory_json_facts: + # Watchout for JSON facts that sometimes load as strings. + # (can happen if the JSON contains a boolean) + if isinstance(new[key], str): + facts[key] = yaml.safe_load(new[key]) + else: + facts[key] = copy.deepcopy(new[key]) # Continue to recurse if old and new fact is a dictionary. elif isinstance(value, dict) and isinstance(new[key], dict): # Collect the subset of additive facts to overwrite if diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index e89fdc0ce..1009aa318 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -89,6 +89,9 @@ etcdStorageConfig: imageConfig: format: {{ openshift.master.registry_url }} latest: false +{% if 'image_policy_config' in openshift.master %} +imagePolicyConfig:{{ openshift.master.image_policy_config | to_padded_yaml(level=1) }} +{% endif %} kind: MasterConfig kubeletClientInfo: {# TODO: allow user specified kubelet port #} diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index f43b8c59d..4d7c04065 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -72,3 +72,4 @@ oauth_template: "{{ openshift_master_oauth_template | default(None) }}" # deprecated in origin 1.2 / OSE 3.2 oauth_templates: "{{ openshift_master_oauth_templates | default(None) }}" oauth_always_show_provider_selection: "{{ openshift_master_oauth_always_show_provider_selection | default(None) }}" + image_policy_config: "{{ openshift_master_image_policy_config | default(None) }}" |