summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master/templates/master.yaml.v1.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_master/templates/master.yaml.v1.j2')
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j2173
1 files changed, 152 insertions, 21 deletions
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index bc766ec9b..a52ae578c 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -1,26 +1,71 @@
+admissionConfig:
+{% if 'admission_plugin_order' in openshift.master %}
+ pluginOrderOverride:{{ openshift.master.admission_plugin_order | to_padded_yaml(level=2) }}
+{% endif %}
+{% if 'admission_plugin_config' in openshift.master %}
+ pluginConfig:{{ openshift.master.admission_plugin_config | to_padded_yaml(level=2) }}
+{% endif %}
apiLevels:
+{% if not openshift.common.version_gte_3_1_or_1_1 | bool %}
- v1beta3
+{% endif %}
- v1
apiVersion: v1
assetConfig:
- logoutURL: ""
+ logoutURL: "{{ openshift.master.logout_url | default('') }}"
masterPublicURL: {{ openshift.master.public_api_url }}
publicURL: {{ openshift.master.public_console_url }}/
+{% if 'logging_public_url' in openshift.master %}
+ loggingPublicURL: {{ openshift.master.logging_public_url }}
+{% endif %}
+{% if 'metrics_public_url' in openshift.master %}
+ metricsPublicURL: {{ openshift.master.metrics_public_url }}
+{% endif %}
+{% if 'extension_scripts' in openshift.master %}
+ extensionScripts: {{ openshift.master.extension_scripts | to_padded_yaml(1, 2) }}
+{% endif %}
+{% if 'extension_stylesheets' in openshift.master %}
+ extensionStylesheets: {{ openshift.master.extension_stylesheets | to_padded_yaml(1, 2) }}
+{% endif %}
+{% if 'extensions' in openshift.master %}
+ extensions: {{ openshift.master.extensions | to_padded_yaml(1, 2) }}
+{% endif %}
servingInfo:
bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.console_port }}
+ bindNetwork: tcp4
certFile: master.server.crt
clientCA: ""
keyFile: master.server.key
maxRequestsInFlight: 0
requestTimeoutSeconds: 0
+{% if openshift_master_ha | bool %}
+{% if openshift.master.audit_config | default(none) is not none and openshift.common.version_gte_3_2_or_1_2 | bool %}
+auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }}
+{% endif %}
+controllerLeaseTTL: {{ openshift.master.controller_lease_ttl | default('30') }}
+{% endif %}
+{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
+controllerConfig:
+ serviceServingCert:
+ signer:
+ certFile: service-signer.crt
+ keyFile: service-signer.key
+{% endif %}
+controllers: '*'
corsAllowedOrigins:
-{# TODO: add support for user specified corsAllowedOrigins #}
-{% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] %}
+{% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %}
- {{ origin }}
{% endfor %}
+{% for custom_origin in openshift.master.custom_cors_origins | default("") %}
+ - {{ custom_origin }}
+{% endfor %}
+{% if 'disabled_features' in openshift.master %}
+disabledFeatures: {{ openshift.master.disabled_features | to_json }}
+{% endif %}
{% if openshift.master.embedded_dns | bool %}
dnsConfig:
bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }}
+ bindNetwork: tcp4
{% endif %}
etcdClientInfo:
ca: {{ "ca.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }}
@@ -44,7 +89,7 @@ etcdConfig:
certFile: etcd.server.crt
clientCA: ca.crt
keyFile: etcd.server.key
- storageDirectory: {{ openshift_data_dir }}/openshift.local.etcd
+ storageDirectory: {{ openshift.common.data_dir }}/openshift.local.etcd
{% endif %}
etcdStorageConfig:
kubernetesStoragePrefix: kubernetes.io
@@ -54,6 +99,9 @@ etcdStorageConfig:
imageConfig:
format: {{ openshift.master.registry_url }}
latest: false
+{% if 'image_policy_config' in openshift.master %}
+imagePolicyConfig:{{ openshift.master.image_policy_config | to_padded_yaml(level=1) }}
+{% endif %}
kind: MasterConfig
kubeletClientInfo:
{# TODO: allow user specified kubelet port #}
@@ -63,57 +111,140 @@ kubeletClientInfo:
port: 10250
{% if openshift.master.embedded_kube | bool %}
kubernetesMasterConfig:
+{% if not openshift.common.version_gte_3_1_or_1_1 | bool %}
apiLevels:
- v1beta3
- v1
- apiServerArguments: null
- controllerArguments: null
-{# TODO: support overriding masterCount #}
- masterCount: 1
- masterIP: ""
- podEvictionTimeout: ""
+{% endif %}
+ admissionConfig:
+{% if 'kube_admission_plugin_order' in openshift.master %}
+ pluginOrderOverride:{{ openshift.master.kube_admission_plugin_order | to_padded_yaml(level=3) }}
+{% endif %}
+{% if 'kube_admission_plugin_config' in openshift.master %}
+ pluginConfig:{{ openshift.master.kube_admission_plugin_config | to_padded_yaml(level=3) }}
+{% endif %}
+ apiServerArguments: {{ openshift.master.api_server_args | default(None) | to_padded_yaml( level=2 ) }}
+ controllerArguments: {{ openshift.master.controller_args | default(None) | to_padded_yaml( level=2 ) }}
+ masterCount: {{ openshift.master.master_count if openshift.master.cluster_method | default(None) == 'native' else 1 }}
+ masterIP: {{ openshift.common.ip }}
+ podEvictionTimeout: {{ openshift.master.pod_eviction_timeout | default("") }}
+ proxyClientInfo:
+ certFile: master.proxy-client.crt
+ keyFile: master.proxy-client.key
+ schedulerArguments: {{ openshift_master_scheduler_args | default(None) | to_padded_yaml( level=3 ) }}
schedulerConfigFile: {{ openshift_master_scheduler_conf }}
servicesNodePortRange: ""
- servicesSubnet: {{ openshift.master.portal_net }}
+ servicesSubnet: {{ openshift.common.portal_net }}
staticNodeNames: {{ openshift_node_ips | default([], true) }}
{% endif %}
masterClients:
{# TODO: allow user to set externalKubernetesKubeConfig #}
+{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
+ externalKubernetesClientConnectionOverrides:
+ acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
+ contentType: application/vnd.kubernetes.protobuf
+ burst: 400
+ qps: 200
+{% endif %}
externalKubernetesKubeConfig: ""
+{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
+ openshiftLoopbackClientConnectionOverrides:
+ acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
+ contentType: application/vnd.kubernetes.protobuf
+ burst: 600
+ qps: 300
+{% endif %}
openshiftLoopbackKubeConfig: openshift-master.kubeconfig
masterPublicURL: {{ openshift.master.public_api_url }}
networkConfig:
clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }}
hostSubnetLength: {{ openshift.master.sdn_host_subnet_length }}
+{% if openshift.common.use_openshift_sdn or openshift.common.use_nuage or openshift.common.sdn_network_plugin_name == 'cni' %}
networkPluginName: {{ openshift.common.sdn_network_plugin_name }}
-{% include 'v1_partials/oauthConfig.j2' %}
+{% endif %}
+# serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet
+ serviceNetworkCIDR: {{ openshift.common.portal_net }}
+ externalIPNetworkCIDRs: {{ openshift_master_external_ip_network_cidrs | default(["0.0.0.0/0"]) | to_padded_yaml(1,2) }}
+{% if openshift_master_ingress_ip_network_cidr is defined %}
+ ingressIPNetworkCIDR: {{ openshift_master_ingress_ip_network_cidr }}
+{% endif %}
+oauthConfig:
+{% if 'oauth_always_show_provider_selection' in openshift.master %}
+ alwaysShowProviderSelection: {{ openshift.master.oauth_always_show_provider_selection }}
+{% endif %}
+{% if 'oauth_templates' in openshift.master %}
+ templates:{{ openshift.master.oauth_templates | to_padded_yaml(level=2) }}
+{% endif %}
+ assetPublicURL: {{ openshift.master.public_console_url }}/
+ grantConfig:
+ method: {{ openshift.master.oauth_grant_method }}
+ identityProviders:
+{% for line in translated_identity_providers.splitlines() %}
+ {{ line }}
+{% endfor %}
+{% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ masterCA: ca-bundle.crt
+{% else %}
+ masterCA: ca.crt
+{% endif %}
+ masterPublicURL: {{ openshift.master.public_api_url }}
+ masterURL: {{ openshift.master.api_url }}
+ sessionConfig:
+ sessionMaxAgeSeconds: {{ openshift.master.session_max_seconds }}
+ sessionName: {{ openshift.master.session_name }}
+{% if openshift.master.session_auth_secrets is defined and openshift.master.session_encryption_secrets is defined %}
+ sessionSecretsFile: {{ openshift.master.session_secrets_file }}
+{% endif %}
+ tokenConfig:
+ accessTokenMaxAgeSeconds: {{ openshift.master.access_token_max_seconds }}
+ authorizeTokenMaxAgeSeconds: {{ openshift.master.auth_token_max_seconds }}
+pauseControllers: false
policyConfig:
bootstrapPolicyFile: {{ openshift_master_policy }}
openshiftInfrastructureNamespace: openshift-infra
openshiftSharedResourcesNamespace: openshift
-{# TODO: Allow users to override projectConfig items #}
projectConfig:
- defaultNodeSelector: ""
- projectRequestMessage: ""
- projectRequestTemplate: ""
+ defaultNodeSelector: "{{ openshift.master.default_node_selector }}"
+ projectRequestMessage: "{{ openshift.master.project_request_message }}"
+ projectRequestTemplate: "{{ openshift.master.project_request_template }}"
securityAllocator:
- mcsAllocatorRange: s0:/2
- mcsLabelsPerProject: 5
- uidAllocatorRange: 1000000000-1999999999/10000
+ mcsAllocatorRange: "{{ openshift.master.mcs_allocator_range }}"
+ mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }}
+ uidAllocatorRange: "{{ openshift.master.uid_allocator_range }}"
routingConfig:
- subdomain: router.default.local
+ subdomain: "{{ openshift.master.default_subdomain | default("") }}"
serviceAccountConfig:
+ limitSecretReferences: false
managedNames:
- default
- builder
- deployer
+{% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ masterCA: ca-bundle.crt
+{% else %}
+ masterCA: ca.crt
+{% endif %}
privateKeyFile: serviceaccounts.private.key
publicKeyFiles:
- serviceaccounts.public.key
servingInfo:
bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.api_port }}
+ bindNetwork: tcp4
certFile: master.server.crt
clientCA: ca.crt
keyFile: master.server.key
- maxRequestsInFlight: 500
+ maxRequestsInFlight: {{ openshift.master.max_requests_inflight }}
requestTimeoutSeconds: 3600
+{% if openshift.master.named_certificates | default([]) | length > 0 %}
+ namedCertificates:
+{% for named_certificate in openshift.master.named_certificates %}
+ - certFile: {{ named_certificate['certfile'] }}
+ keyFile: {{ named_certificate['keyfile'] }}
+ names:
+{% for name in named_certificate['names'] %}
+ - "{{ name }}"
+{% endfor %}
+{% endfor %}
+{% endif %}
+volumeConfig:
+ dynamicProvisioningEnabled: {{ openshift.master.dynamic_provisioning_enabled }}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-01 05:42:00 +0000