summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master/templates/master.yaml.v1.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_master/templates/master.yaml.v1.j2')
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j2279
1 files changed, 279 insertions, 0 deletions
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
new file mode 100644
index 000000000..7159ccc7f
--- /dev/null
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -0,0 +1,279 @@
+admissionConfig:
+{% if 'admission_plugin_config' in openshift.master %}
+ pluginConfig:{{ openshift.master.admission_plugin_config | to_padded_yaml(level=2) }}
+{% endif %}
+apiLevels:
+{% if not openshift.common.version_gte_3_1_or_1_1 | bool %}
+- v1beta3
+{% endif %}
+- v1
+apiVersion: v1
+assetConfig:
+ logoutURL: "{{ openshift.master.logout_url | default('') }}"
+ masterPublicURL: {{ openshift.master.public_api_url }}
+ publicURL: {{ openshift.master.public_console_url }}/
+{% if 'logging_public_url' in openshift.master %}
+ loggingPublicURL: {{ openshift.master.logging_public_url }}
+{% endif %}
+{% if openshift_hosted_metrics_deploy_url is defined %}
+ metricsPublicURL: {{ openshift_hosted_metrics_deploy_url }}
+{% endif %}
+{% if 'extension_scripts' in openshift.master %}
+ extensionScripts: {{ openshift.master.extension_scripts | to_padded_yaml(1, 2) }}
+{% endif %}
+{% if 'extension_stylesheets' in openshift.master %}
+ extensionStylesheets: {{ openshift.master.extension_stylesheets | to_padded_yaml(1, 2) }}
+{% endif %}
+{% if 'extensions' in openshift.master %}
+ extensions: {{ openshift.master.extensions | to_padded_yaml(1, 2) }}
+{% endif %}
+ servingInfo:
+ bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.console_port }}
+ bindNetwork: tcp4
+ certFile: master.server.crt
+ clientCA: ""
+ keyFile: master.server.key
+ maxRequestsInFlight: 0
+ requestTimeoutSeconds: 0
+{% if openshift_master_min_tls_version is defined %}
+ minTLSVersion: {{ openshift_master_min_tls_version }}
+{% endif %}
+{% if openshift_master_cipher_suites is defined %}
+ cipherSuites:
+{% for cipher_suite in openshift_master_cipher_suites %}
+ - {{ cipher_suite }}
+{% endfor %}
+{% endif %}
+{% if openshift.master.audit_config | default(none) is not none and openshift.common.version_gte_3_2_or_1_2 | bool %}
+auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }}
+{% endif %}
+{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
+controllerConfig:
+ election:
+ lockName: openshift-master-controllers
+ serviceServingCert:
+ signer:
+ certFile: service-signer.crt
+ keyFile: service-signer.key
+{% endif %}
+controllers: '*'
+corsAllowedOrigins:
+{% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %}
+ - {{ origin }}
+{% endfor %}
+{% for custom_origin in openshift.master.custom_cors_origins | default("") %}
+ - {{ custom_origin }}
+{% endfor %}
+{% if 'disabled_features' in openshift.master %}
+disabledFeatures: {{ openshift.master.disabled_features | to_json }}
+{% endif %}
+{% if openshift.master.embedded_dns | bool %}
+dnsConfig:
+ bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }}
+ bindNetwork: tcp4
+{% endif %}
+etcdClientInfo:
+{% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ ca: {{ "ca-bundle.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }}
+{% else %}
+ ca: {{ "ca.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }}
+{% endif %}
+ certFile: master.etcd-client.crt
+ keyFile: master.etcd-client.key
+ urls:
+{% for etcd_url in openshift.master.etcd_urls %}
+ - {{ etcd_url }}
+{% endfor %}
+{% if openshift.master.embedded_etcd | bool %}
+etcdConfig:
+ address: {{ openshift.common.hostname }}:{{ openshift.master.etcd_port }}
+ peerAddress: {{ openshift.common.hostname }}:7001
+ peerServingInfo:
+ bindAddress: {{ openshift.master.bind_addr }}:7001
+ certFile: etcd.server.crt
+{% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ clientCA: ca-bundle.crt
+{% else %}
+ clientCA: ca.crt
+{% endif %}
+ keyFile: etcd.server.key
+ servingInfo:
+ bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.etcd_port }}
+ certFile: etcd.server.crt
+{% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ clientCA: ca-bundle.crt
+{% else %}
+ clientCA: ca.crt
+{% endif %}
+ keyFile: etcd.server.key
+ storageDirectory: {{ r_openshift_master_data_dir }}/openshift.local.etcd
+{% endif %}
+etcdStorageConfig:
+ kubernetesStoragePrefix: kubernetes.io
+ kubernetesStorageVersion: v1
+ openShiftStoragePrefix: openshift.io
+ openShiftStorageVersion: v1
+imageConfig:
+ format: {{ openshift.master.registry_url }}
+ latest: {{ openshift_master_image_config_latest }}
+{% if 'image_policy_config' in openshift.master %}
+imagePolicyConfig:{{ openshift.master.image_policy_config | to_padded_yaml(level=1) }}
+{% endif %}
+kind: MasterConfig
+kubeletClientInfo:
+{# TODO: allow user specified kubelet port #}
+{% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ ca: ca-bundle.crt
+{% else %}
+ ca: ca.crt
+{% endif %}
+ certFile: master.kubelet-client.crt
+ keyFile: master.kubelet-client.key
+ port: 10250
+{% if openshift.master.embedded_kube | bool %}
+kubernetesMasterConfig:
+{% if not openshift.common.version_gte_3_1_or_1_1 | bool %}
+ apiLevels:
+ - v1beta3
+ - v1
+{% endif %}
+ apiServerArguments: {{ openshift.master.api_server_args | default(None) | to_padded_yaml( level=2 ) }}
+{% if r_openshift_master_etcd3_storage or ( r_openshift_master_clean_install and openshift.common.version_gte_3_6 ) %}
+ storage-backend:
+ - etcd3
+ storage-media-type:
+ - application/vnd.kubernetes.protobuf
+{% endif %}
+ controllerArguments: {{ openshift.master.controller_args | default(None) | to_padded_yaml( level=2 ) }}
+ masterCount: {{ openshift.master.master_count if openshift.master.cluster_method | default(None) == 'native' else 1 }}
+ masterIP: {{ openshift.common.ip }}
+ podEvictionTimeout: {{ openshift.master.pod_eviction_timeout | default("") }}
+ proxyClientInfo:
+ certFile: master.proxy-client.crt
+ keyFile: master.proxy-client.key
+ schedulerArguments: {{ openshift_master_scheduler_args | default(None) | to_padded_yaml( level=3 ) }}
+ schedulerConfigFile: {{ openshift_master_scheduler_conf }}
+ servicesNodePortRange: "{{ openshift_node_port_range | default("") }}"
+ servicesSubnet: {{ openshift.common.portal_net }}
+ staticNodeNames: {{ openshift_node_ips | default([], true) }}
+{% endif %}
+masterClients:
+{# TODO: allow user to set externalKubernetesKubeConfig #}
+{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
+ externalKubernetesClientConnectionOverrides:
+ acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
+ contentType: application/vnd.kubernetes.protobuf
+ burst: {{ openshift_master_external_ratelimit_burst | default(400) }}
+ qps: {{ openshift_master_external_ratelimit_qps | default(200) }}
+{% endif %}
+ externalKubernetesKubeConfig: ""
+{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
+ openshiftLoopbackClientConnectionOverrides:
+ acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
+ contentType: application/vnd.kubernetes.protobuf
+ burst: {{ openshift_master_loopback_ratelimit_burst | default(600) }}
+ qps: {{ openshift_master_loopback_ratelimit_qps | default(300) }}
+{% endif %}
+ openshiftLoopbackKubeConfig: openshift-master.kubeconfig
+masterPublicURL: {{ openshift.master.public_api_url }}
+networkConfig:
+ clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }}
+ hostSubnetLength: {{ openshift.master.sdn_host_subnet_length }}
+{% if r_openshift_master_use_openshift_sdn or r_openshift_master_use_nuage or r_openshift_master_use_contiv or r_openshift_master_sdn_network_plugin_name == 'cni' %}
+ networkPluginName: {{ r_openshift_master_sdn_network_plugin_name_default }}
+{% endif %}
+# serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet
+ serviceNetworkCIDR: {{ openshift.common.portal_net }}
+ externalIPNetworkCIDRs: {{ openshift_master_external_ip_network_cidrs | default(["0.0.0.0/0"]) | to_padded_yaml(1,2) }}
+{% if openshift_master_ingress_ip_network_cidr is defined %}
+ ingressIPNetworkCIDR: {{ openshift_master_ingress_ip_network_cidr }}
+{% endif %}
+oauthConfig:
+{% if 'oauth_always_show_provider_selection' in openshift.master %}
+ alwaysShowProviderSelection: {{ openshift.master.oauth_always_show_provider_selection }}
+{% endif %}
+{% if 'oauth_templates' in openshift.master %}
+ templates:{{ openshift.master.oauth_templates | to_padded_yaml(level=2) }}
+{% endif %}
+ assetPublicURL: {{ openshift.master.public_console_url }}/
+ grantConfig:
+ method: {{ openshift.master.oauth_grant_method }}
+ identityProviders:
+{% for line in translated_identity_providers.splitlines() %}
+ {{ line }}
+{% endfor %}
+{% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ masterCA: ca-bundle.crt
+{% else %}
+ masterCA: ca.crt
+{% endif %}
+ masterPublicURL: {{ openshift.master.public_api_url }}
+ masterURL: {{ openshift.master.api_url }}
+ sessionConfig:
+ sessionMaxAgeSeconds: {{ openshift.master.session_max_seconds }}
+ sessionName: {{ openshift.master.session_name }}
+{% if openshift.master.session_auth_secrets is defined and openshift.master.session_encryption_secrets is defined %}
+ sessionSecretsFile: {{ openshift.master.session_secrets_file }}
+{% endif %}
+ tokenConfig:
+ accessTokenMaxAgeSeconds: {{ openshift.master.access_token_max_seconds }}
+ authorizeTokenMaxAgeSeconds: {{ openshift.master.auth_token_max_seconds }}
+pauseControllers: false
+policyConfig:
+ bootstrapPolicyFile: {{ openshift_master_policy }}
+ openshiftInfrastructureNamespace: openshift-infra
+ openshiftSharedResourcesNamespace: openshift
+projectConfig:
+ defaultNodeSelector: "{{ openshift.master.default_node_selector }}"
+ projectRequestMessage: "{{ openshift.master.project_request_message }}"
+ projectRequestTemplate: "{{ openshift.master.project_request_template }}"
+ securityAllocator:
+ mcsAllocatorRange: "{{ openshift.master.mcs_allocator_range }}"
+ mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }}
+ uidAllocatorRange: "{{ openshift.master.uid_allocator_range }}"
+routingConfig:
+ subdomain: "{{ openshift_master_default_subdomain | default("") }}"
+serviceAccountConfig:
+ limitSecretReferences: {{ openshift_master_saconfig_limitsecretreferences | default(false) }}
+ managedNames:
+ - default
+ - builder
+ - deployer
+{% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ masterCA: ca-bundle.crt
+{% else %}
+ masterCA: ca.crt
+{% endif %}
+ privateKeyFile: serviceaccounts.private.key
+ publicKeyFiles:
+ - serviceaccounts.public.key
+servingInfo:
+ bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.api_port }}
+ bindNetwork: tcp4
+ certFile: master.server.crt
+ clientCA: ca.crt
+ keyFile: master.server.key
+ maxRequestsInFlight: {{ openshift.master.max_requests_inflight }}
+ requestTimeoutSeconds: 3600
+{% if openshift.master.named_certificates | default([]) | length > 0 %}
+ namedCertificates:
+{% for named_certificate in openshift.master.named_certificates %}
+ - certFile: {{ named_certificate['certfile'] }}
+ keyFile: {{ named_certificate['keyfile'] }}
+ names:
+{% for name in named_certificate['names'] %}
+ - "{{ name }}"
+{% endfor %}
+{% endfor %}
+{% endif %}
+{% if openshift_master_min_tls_version is defined %}
+ minTLSVersion: {{ openshift_master_min_tls_version }}
+{% endif %}
+{% if openshift_master_cipher_suites is defined %}
+ cipherSuites:
+{% for cipher_suite in openshift_master_cipher_suites %}
+ - {{ cipher_suite }}
+{% endfor %}
+{% endif %}
+volumeConfig:
+ dynamicProvisioningEnabled: {{ openshift.master.dynamic_provisioning_enabled }}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-04 09:17:09 +0000