diff options
Diffstat (limited to 'roles/openshift_master/templates')
6 files changed, 95 insertions, 4 deletions
diff --git a/roles/openshift_master/templates/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/atomic-openshift-master-api.j2 new file mode 100644 index 000000000..205934248 --- /dev/null +++ b/roles/openshift_master/templates/atomic-openshift-master-api.j2 @@ -0,0 +1,9 @@ +OPTIONS= +CONFIG_FILE={{ openshift_master_config_dir }}/master-config.yaml + +# Proxy configuration +# Origin uses standard HTTP_PROXY environment variables. Be sure to set +# NO_PROXY for your master +#NO_PROXY=master.example.com +#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT +#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/roles/openshift_master/templates/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-api.service.j2 new file mode 100644 index 000000000..ba19fb348 --- /dev/null +++ b/roles/openshift_master/templates/atomic-openshift-master-api.service.j2 @@ -0,0 +1,21 @@ +[Unit] +Description=Atomic OpenShift Master API +Documentation=https://github.com/openshift/origin +After=network.target +After=etcd.service +Before={{ openshift.common.service_type }}-node.service +Requires=network.target + +[Service] +Type=notify +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api +Environment=GOTRACEBACK=crash +ExecStart=/usr/bin/openshift start master api --config=${CONFIG_FILE} $OPTIONS +LimitNOFILE=131072 +LimitCORE=infinity +WorkingDirectory={{ openshift.common.data_dir }} +SyslogIdentifier=atomic-openshift-master-api + +[Install] +WantedBy=multi-user.target +WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/templates/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/atomic-openshift-master-controllers.j2 new file mode 100644 index 000000000..205934248 --- /dev/null +++ b/roles/openshift_master/templates/atomic-openshift-master-controllers.j2 @@ -0,0 +1,9 @@ +OPTIONS= +CONFIG_FILE={{ openshift_master_config_dir }}/master-config.yaml + +# Proxy configuration +# Origin uses standard HTTP_PROXY environment variables. Be sure to set +# NO_PROXY for your master +#NO_PROXY=master.example.com +#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT +#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 new file mode 100644 index 000000000..8952c86ef --- /dev/null +++ b/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 @@ -0,0 +1,22 @@ +[Unit] +Description=Atomic OpenShift Master Controllers +Documentation=https://github.com/openshift/origin +After=network.target +After={{ openshift.common.service_type }}-master-api.service +Before={{ openshift.common.service_type }}-node.service +Requires=network.target + +[Service] +Type=notify +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers +Environment=GOTRACEBACK=crash +ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS +LimitNOFILE=131072 +LimitCORE=infinity +WorkingDirectory={{ openshift.common.data_dir }} +SyslogIdentifier={{ openshift.common.service_type }}-master-controllers +Restart=on-failure + +[Install] +WantedBy=multi-user.target +WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 73a0bc6cc..d4a6590ea 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -10,24 +10,34 @@ assetConfig: publicURL: {{ openshift.master.public_console_url }}/ servingInfo: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.console_port }} + bindNetwork: tcp4 certFile: master.server.crt clientCA: "" keyFile: master.server.key maxRequestsInFlight: 0 requestTimeoutSeconds: 0 +{% if openshift_master_ha | bool %} +controllerLeaseTTL: {{ openshift.master.controller_lease_ttl | default('30') }} +{% endif %} +controllers: '*' corsAllowedOrigins: -{% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] %} +{% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %} - {{ origin }} {% endfor %} {% for custom_origin in openshift.master.custom_cors_origins | default("") %} - {{ custom_origin }} {% endfor %} +{% for name in (named_certificates | map(attribute='names')) | list | oo_flatten %} + - {{ name }} +{% endfor %} {% if 'disabled_features' in openshift.master %} disabledFeatures: {{ openshift.master.disabled_features | to_json }} {% endif %} {% if openshift.master.embedded_dns | bool %} +disabledFeatures: null dnsConfig: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }} + bindNetwork: tcp4 {% endif %} etcdClientInfo: ca: {{ "ca.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }} @@ -77,9 +87,8 @@ kubernetesMasterConfig: - v1 apiServerArguments: {{ api_server_args if api_server_args is defined else 'null' }} controllerArguments: {{ controller_args if controller_args is defined else 'null' }} -{# TODO: support overriding masterCount #} - masterCount: 1 - masterIP: "" + masterCount: {{ openshift.master.master_count }} + masterIP: {{ openshift.common.ip }} podEvictionTimeout: "" proxyClientInfo: certFile: master.proxy-client.crt @@ -103,6 +112,7 @@ networkConfig: # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet serviceNetworkCIDR: {{ openshift.master.portal_net }} {% include 'v1_partials/oauthConfig.j2' %} +pauseControllers: false policyConfig: bootstrapPolicyFile: {{ openshift_master_policy }} openshiftInfrastructureNamespace: openshift-infra @@ -118,6 +128,7 @@ projectConfig: routingConfig: subdomain: "{{ openshift.master.default_subdomain | default("") }}" serviceAccountConfig: + limitSecretReferences: false managedNames: - default - builder @@ -128,8 +139,20 @@ serviceAccountConfig: - serviceaccounts.public.key servingInfo: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} + bindNetwork: tcp4 certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key maxRequestsInFlight: 500 requestTimeoutSeconds: 3600 +{% if named_certificates %} + namedCertificates: +{% for named_certificate in named_certificates %} + - certFile: {{ named_certificate['certfile'] }} + keyFile: {{ named_certificate['keyfile'] }} + names: +{% for name in named_certificate['names'] %} + - "{{ name }}" +{% endfor %} +{% endfor %} +{% endif %} diff --git a/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 b/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 new file mode 100644 index 000000000..d12d9db90 --- /dev/null +++ b/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: SessionSecrets +secrets: +{% for secret in openshift_master_session_auth_secrets %} +- authentication: "{{ openshift_master_session_auth_secrets[loop.index0] }}" + encryption: "{{ openshift_master_session_encryption_secrets[loop.index0] }}" +{% endfor %} |