summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master/templates
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_master/templates')
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j298
-rw-r--r--roles/openshift_master/templates/scheduler.json.j212
-rw-r--r--roles/openshift_master/templates/v1_partials/oauthConfig.j278
3 files changed, 188 insertions, 0 deletions
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
new file mode 100644
index 000000000..1c2d37b63
--- /dev/null
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -0,0 +1,98 @@
+apiVersion: v1
+assetConfig:
+ logoutURL: ""
+ masterPublicURL: {{ openshift.master.public_api_url }}
+ publicURL: {{ openshift.master.public_console_url }}/
+ servingInfo:
+ bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.console_port }}
+ certFile: master.server.crt
+ clientCA: ""
+ keyFile: master.server.key
+corsAllowedOrigins:
+{# TODO: add support for user specified corsAllowedOrigins #}
+{% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] %}
+ - {{ origin }}
+{% endfor %}
+{% if openshift.master.embedded_dns %}
+dnsConfig:
+ bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }}
+{% endif %}
+etcdClientInfo:
+ ca: ca.crt
+ certFile: master.etcd-client.crt
+ keyFile: master.etcd-client.key
+ urls:
+{% for etcd_url in openshift.master.etcd_urls %}
+ - {{ etcd_url }}
+{% endfor %}
+{% if openshift.master.embedded_etcd %}
+etcdConfig:
+ address: {{ openshift.common.hostname }}:{{ openshift.master.etcd_port }}
+ peerAddress: {{ openshift.common.hostname }}:7001
+ peerServingInfo:
+ bindAddress: {{ openshift.master.bind_addr }}:7001
+ certFile: etcd.server.crt
+ clientCA: ca.crt
+ keyFile: etcd.server.key
+ servingInfo:
+ bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.etcd_port }}
+ certFile: etcd.server.crt
+ clientCA: ca.crt
+ keyFile: etcd.server.key
+ storageDirectory: {{ openshift_data_dir }}/openshift.local.etcd
+{% endif %}
+etcdStorageConfig:
+ kubernetesStoragePrefix: kubernetes.io
+ kubernetesStorageVersion: v1beta3
+ kubernetesStoragePrefix: kubernetes.io
+ openShiftStorageVersion: v1beta3
+imageConfig:
+ format: {{ openshift.master.registry_url }}
+ latest: false
+kind: MasterConfig
+kubeletClientInfo:
+{# TODO: allow user specified kubelet port #}
+ ca: ca.crt
+ certFile: master.kubelet-client.crt
+ keyFile: master.kubelet-client.key
+ port: 10250
+{% if openshift.master.embedded_kube %}
+kubernetesMasterConfig:
+{# TODO: support overriding masterCount #}
+ masterCount: 1
+ masterIP: ""
+ schedulerConfigFile: {{ openshift_master_scheduler_conf }}
+ servicesSubnet: {{ openshift.master.portal_net }}
+ staticNodeNames: {{ openshift_node_ips | default([], true) }}
+{% endif %}
+masterClients:
+{# TODO: allow user to set externalKubernetesKubeConfig #}
+ deployerKubeConfig: openshift-deployer.kubeconfig
+ externalKubernetesKubeConfig: ""
+ openshiftLoopbackKubeConfig: openshift-client.kubeconfig
+masterPublicURL: {{ openshift.master.public_api_url }}
+networkConfig:
+ clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }}
+ hostSubnetLength: {{ openshift.master.sdn_host_subnet_length }}
+ networkPluginName: {{ openshift.common.sdn_network_plugin_name }}
+{% include 'v1_partials/oauthConfig.j2' %}
+policyConfig:
+ bootstrapPolicyFile: {{ openshift_master_policy }}
+ openshiftSharedResourcesNamespace: openshift
+{# TODO: Allow users to override projectConfig items #}
+projectConfig:
+ defaultNodeSelector: ""
+ projectRequestMessage: ""
+ projectRequestTemplate: ""
+serviceAccountConfig:
+ managedNames:
+ - default
+ - builder
+ privateKeyFile: serviceaccounts.private.key
+ publicKeyFiles:
+ - serviceaccounts.public.key
+servingInfo:
+ bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.api_port }}
+ certFile: master.server.crt
+ clientCA: ca.crt
+ keyFile: master.server.key
diff --git a/roles/openshift_master/templates/scheduler.json.j2 b/roles/openshift_master/templates/scheduler.json.j2
new file mode 100644
index 000000000..833e7f3e1
--- /dev/null
+++ b/roles/openshift_master/templates/scheduler.json.j2
@@ -0,0 +1,12 @@
+{
+ "predicates": [
+ {"name": "PodFitsResources"},
+ {"name": "PodFitsPorts"},
+ {"name": "NoDiskConflict"},
+ {"name": "Region", "argument": {"serviceAffinity" : {"labels" : ["region"]}}}
+ ],"priorities": [
+ {"name": "LeastRequestedPriority", "weight": 1},
+ {"name": "ServiceSpreadingPriority", "weight": 1},
+ {"name": "Zone", "weight" : 2, "argument": {"serviceAntiAffinity" : {"label": "zone"}}}
+ ]
+}
diff --git a/roles/openshift_master/templates/v1_partials/oauthConfig.j2 b/roles/openshift_master/templates/v1_partials/oauthConfig.j2
new file mode 100644
index 000000000..f6fd88c65
--- /dev/null
+++ b/roles/openshift_master/templates/v1_partials/oauthConfig.j2
@@ -0,0 +1,78 @@
+{% macro identity_provider_config(identity_provider) %}
+ apiVersion: v1
+ kind: {{ identity_provider.kind }}
+{% if identity_provider.kind == 'HTPasswdPasswordIdentityProvider' %}
+ file: {{ identity_provider.filename }}
+{% elif identity_provider.kind == 'BasicAuthPasswordIdentityProvider' %}
+ url: {{ identity_provider.url }}
+{% for key in ('ca', 'certFile', 'keyFile') %}
+{% if key in identity_provider %}
+ {{ key }}: {{ identity_provider[key] }}"
+{% endif %}
+{% endfor %}
+{% elif identity_provider.kind == 'RequestHeaderIdentityProvider' %}
+ headers: {{ identity_provider.headers }}
+{% if 'clientCA' in identity_provider %}
+ clientCA: {{ identity_provider.clientCA }}
+{% endif %}
+{% elif identity_provider.kind == 'GitHubIdentityProvider' %}
+ clientID: {{ identity_provider.clientID }}
+ clientSecret: {{ identity_provider.clientSecret }}
+{% elif identity_provider.kind == 'GoogleIdentityProvider' %}
+ clientID: {{ identity_provider.clientID }}
+ clientSecret: {{ identity_provider.clientSecret }}
+{% if 'hostedDomain' in identity_provider %}
+ hostedDomain: {{ identity_provider.hostedDomain }}
+{% endif %}
+{% elif identity_provider.kind == 'OpenIDIdentityProvider' %}
+ clientID: {{ identity_provider.clientID }}
+ clientSecret: {{ identity_provider.clientSecret }}
+ claims:
+ id: identity_provider.claims.id
+{% for claim_key in ('preferredUsername', 'name', 'email') %}
+{% if claim_key in identity_provider.claims %}
+ {{ claim_key }}: {{ identity_provider.claims[claim_key] }}
+{% endif %}
+{% endfor %}
+ urls:
+ authorize: {{ identity_provider.urls.authorize }}
+ token: {{ identity_provider.urls.token }}
+{% if 'userInfo' in identity_provider.urls %}
+ userInfo: {{ identity_provider.userInfo }}
+{% endif %}
+{% if 'extraScopes' in identity_provider %}
+ extraScopes:
+{% for scope in identity_provider.extraScopes %}
+ - {{ scope }}
+{% endfor %}
+{% endif %}
+{% if 'extraAuthorizeParameters' in identity_provider %}
+ extraAuthorizeParameters:
+{% for param_key, param_value in identity_provider.extraAuthorizeParameters.iteritems() %}
+ {{ param_key }}: {{ param_value }}
+{% endfor %}
+{% endif %}
+{% endif %}
+{% endmacro %}
+oauthConfig:
+ assetPublicURL: {{ openshift.master.public_console_url }}/
+ grantConfig:
+ method: {{ openshift.master.oauth_grant_method }}
+ identityProviders:
+{% for identity_provider in openshift.master.identity_providers %}
+ - name: {{ identity_provider.name }}
+ challenge: {{ identity_provider.challenge }}
+ login: {{ identity_provider.login }}
+ provider:
+{{ identity_provider_config(identity_provider) }}
+{%- endfor %}
+ masterPublicURL: {{ openshift.master.public_api_url }}
+ masterURL: {{ openshift.master.api_url }}
+ sessionConfig:
+ sessionMaxAgeSeconds: {{ openshift.master.session_max_seconds }}
+ sessionName: {{ openshift.master.session_name }}
+ sessionSecretsFile: {{ openshift.master.session_secrets_file }}
+ tokenConfig:
+ accessTokenMaxAgeSeconds: {{ openshift.master.access_token_max_seconds }}
+ authorizeTokenMaxAgeSeconds: {{ openshift.master.auth_token_max_seconds }}
+{# Comment to preserve newline after authorizeTokenMaxAgeSeconds #}