diff options
Diffstat (limited to 'roles/openshift_hosted')
-rw-r--r-- | roles/openshift_hosted/README.md | 1 | ||||
-rw-r--r-- | roles/openshift_hosted/defaults/main.yml | 1 | ||||
-rw-r--r-- | roles/openshift_hosted/tasks/registry.yml | 1 | ||||
-rw-r--r-- | roles/openshift_hosted/tasks/router.yml | 9 |
4 files changed, 9 insertions, 3 deletions
diff --git a/roles/openshift_hosted/README.md b/roles/openshift_hosted/README.md index 29ae58556..d6f6e3e09 100644 --- a/roles/openshift_hosted/README.md +++ b/roles/openshift_hosted/README.md @@ -27,6 +27,7 @@ From this role: | openshift_hosted_registry_replicas | Number of nodes matching selector | The number of replicas to configure. | | openshift_hosted_registry_selector | region=infra | Node selector used when creating registry. The OpenShift registry will only be deployed to nodes matching this selector. | | openshift_hosted_registry_cert_expire_days | `730` (2 years) | Validity of the certificates in days. Works only with OpenShift version 1.5 (3.5) and later. | +| openshift_hosted_registry_clusterip | None | Cluster IP for registry service | If you specify `openshift_hosted_registry_kind=glusterfs`, the following variables also control configuration behavior: diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml index 589ad3f51..2af42fba4 100644 --- a/roles/openshift_hosted/defaults/main.yml +++ b/roles/openshift_hosted/defaults/main.yml @@ -80,6 +80,7 @@ r_openshift_hosted_registry_os_firewall_allow: openshift_hosted_registry_serviceaccount: registry openshift_hosted_registry_volumes: [] openshift_hosted_registry_env_vars: {} +openshift_hosted_registry_clusterip: null # These edits are being specified only to prevent 'changed' on rerun openshift_hosted_registry_edits: diff --git a/roles/openshift_hosted/tasks/registry.yml b/roles/openshift_hosted/tasks/registry.yml index f1aa9c5a8..eaaac9da2 100644 --- a/roles/openshift_hosted/tasks/registry.yml +++ b/roles/openshift_hosted/tasks/registry.yml @@ -89,6 +89,7 @@ docker-registry: default session_affinity: ClientIP service_type: ClusterIP + clusterip: '{{ openshift_hosted_registry_clusterip | default(omit) }}' - include: secure.yml static: no diff --git a/roles/openshift_hosted/tasks/router.yml b/roles/openshift_hosted/tasks/router.yml index 2aceef9e4..dd7053656 100644 --- a/roles/openshift_hosted/tasks/router.yml +++ b/roles/openshift_hosted/tasks/router.yml @@ -29,7 +29,9 @@ src: "{{ item }}" with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}" - when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {} + when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {} or + ( openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile'])|length > 0 ) + # This is for when we desire a cluster signed cert # The certificate is generated and placed in master_config_dir/ @@ -42,8 +44,8 @@ hostnames: - "{{ openshift_master_default_subdomain | default('router.default.svc.cluster.local') }}" - "*.{{ openshift_master_default_subdomain | default('router.default.svc.cluster.local') }}" - cert: "{{ ('/etc/origin/master/' ~ (item.certificate.certfile | basename)) if 'certfile' in item.certificate else ((openshift_master_config_dir) ~ '/openshift-router.crt') }}" - key: "{{ ('/etc/origin/master/' ~ (item.certificate.keyfile | basename)) if 'keyfile' in item.certificate else ((openshift_master_config_dir) ~ '/openshift-router.key') }}" + cert: "{{ openshift_master_config_dir ~ '/openshift-router.crt' }}" + key: "{{ openshift_master_config_dir ~ '/openshift-router.key' }}" with_items: "{{ openshift_hosted_routers }}" - name: set the openshift_hosted_router_certificate @@ -55,6 +57,7 @@ when: - openshift_hosted_router_create_certificate | bool - openshift_hosted_router_certificate == {} + - openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile'])|length == 0 - name: Create the router service account(s) oc_serviceaccount: |