summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master/templates/master.yaml.v1.j2
Commit message (Collapse)AuthorAgeFilesLines
* Fix auditConfig for non-HA environmentsRussell Teague2017-05-181-1/+1
| | | | Bug 1447019
* Allow overriding minTLSVersion and cipherSuitesMartin Eggen2017-03-091-0/+18
| | | | | Add parameters to allow overriding minTLSVersion and cipherSuites in master and node servingInfo config stanzas.
* Combined (squashed) commit for all changes related to adding Contiv support ↵Sanjeev Rampal2017-02-271-1/+1
| | | | into Openshift Ansible. This is the first (beta) release of Contiv with Openshift and is only supported for Openshift Origin + Bare metal deployments at the time of this commit. Please refer to the Openshift and Contiv official documentation for details of the level of support for different features and modes of operation.
* Ensure embedded etcd config uses CA bundle.Andrew Butcher2017-02-091-0/+12
|
* Restructure certificate redeploy playbooksAndrew Butcher2017-02-021-0/+8
|
* Set metrics url even if metrics_deploy is falseAlberto Peon2017-01-201-2/+2
|
* Support openshift_node_port_range for configuring service NodePortsClayton Coleman2017-01-101-1/+1
| | | | | | | | | Sets the appropriate config field if openshift_node_port_range is set and also configures filewalls on each node. firewalld already supports port ranges like "30000-32000", while iptables needs that value converted to the correct "30000:32000" form for use with `--dport`. If not set, no node ports are opened.
* Fix metricsPublicURL only being set correctly on first master.Devan Goodwin2016-12-011-3/+3
| | | | | | | | | | | | | Problem was caused by facts not being set for that master. To fix this patch cleans up the calculation of metricsPublicURL in general. Because this value is used in openshift_master to template into the master config file, we now define these facts more clearly in openshift_master_facts, and add a dependency on this to openshift_metrics. The calculation of default sub-domain is also changed to remove it from system facts (as neither of these are facts about the system) and instead use plain variables.
* Merge kube_admission_plugin_config with admission_plugin_configSamuel Munilla2016-11-221-10/+0
| | | | | | | | Move the values in kube_admission_plugin_config up one level per the new format from 1.3: "The kubernetesMasterConfig.admissionConfig.pluginConfig should be moved and merged into admissionConfig.pluginConfig."
* Merge pull request #2636 from enlinxu/masterAndrew Butcher2016-11-161-0/+1
|\ | | | | Support 3rd party scheduler
| * support 3rd party schedulerenlinxu2016-10-201-0/+1
| |
* | Change to allow cni deployments without openshift SDNyfauser2016-11-081-1/+1
|/ | | | | | | The roles/openshift_facts main task did not pass the cni plugin variable to the later role playbooks. The master.yaml and node.yaml templates did not allow for a cni configuration without either installing openshift sdn or nuage. This change will allow to use os_sdn_network_plugin_name=cni and set openshift_use_openshift_sdn=false for deployments that use a cni plugin that doesn't need and want openshift sdn to be installed
* Check if openshift_master_ingress_ip_network_cidr is definedMathias Merscher2016-10-041-1/+1
| | | | Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
* allow networkConfig.ingressIPNetworkCIDRs to be configuredMathias Merscher2016-10-041-0/+3
| | | | Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
* Merge pull request #2358 from abutcher/service-serving-certsAndrew Butcher2016-08-251-0/+7
|\ | | | | enable service-serving-cert-signer by default
| * enable service-serving-cert-signer by defaultAndrew Butcher2016-08-241-0/+7
| |
* | Merge pull request #2100 from smunilla/BZ1337553Scott Dodson2016-08-241-0/+1
|\ \ | |/ |/| Add externalIPNetworkCIDRs to config
| * Add externalIPNetworkCIDRs to configSamuel Munilla2016-08-231-0/+1
| | | | | | | | | | Allow networkConfig.externalIPNetworkCIDRs to be set along with a default to emulate the old 3.1 behavior.
* | Correct masterCA config typo.Andrew Butcher2016-08-241-2/+2
|/
* qps typodeads2k2016-08-111-2/+2
|
* Merge pull request #2211 from dgoodwin/33-upgrade-playbookScott Dodson2016-08-081-0/+14
|\ | | | | 1.3 / 3.3 Upgrades
| * Add 3.3 protobuf config stanzas for master/node config.Devan Goodwin2016-07-281-0/+14
| |
* | Add options for specifying named ca certificates to be added to the ↵Andrew Butcher2016-08-011-3/+11
|/ | | | openshift ca bundle.
* [master] add support for setting auditConfigJason DeTiberus2016-07-131-0/+3
|
* Allow overriding servingInfo.maxRequestsInFlight via ↵Andrew Butcher2016-05-131-1/+1
| | | | openshift_master_max_requests_inflight.
* Add masterConfig.volumeConfig.dynamicProvisioningEnabledScott Dodson2016-04-261-0/+2
|
* Promote portal_net to openshift.common, add kube_svc_ipScott Dodson2016-04-191-2/+2
| | | | | Conflicts: roles/openshift_facts/library/openshift_facts.py
* Support setting imagePolicyConfig JSON in inventory.Devan Goodwin2016-04-121-0/+3
| | | | | | | | | For flexibility this is another pure JSON field to translate directly to yaml in the master config. Also updated to more safely handle JSON inventory variables as this uncovered a bug with booleans where you end up with a string containing json in your yaml.
* Add support for configuring oauth templates.Devan Goodwin2016-04-011-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow users who wish to deploy configs with ansible to define templates for oauth screens, and control the alwaysShowProviderSelection setting. There are currently three supported oauth templates, and we have a pre-existing 'oauth_template' variable, but it is assumed to mean you are controlling the 'login' screen, and this is the only one you can configure. To work around this, supporting all current and future templates, introduce a pluralized variable 'oauth_templates', which contains a JSON dict allowing the admin to control any template they wish. If both new and old variables are defined, the old one is ignored. (and can be considered deprecated) Internally the old value will be converted to the new dict, so the template just references one value. Example: openshift_master_oauth_always_show_provider_selection=true openshift_master_oauth_templates={"providerSelection": "provider-selection.html", "error": "oauth-error.html"} Yeilds: oauthConfig: alwaysShowProviderSelection: true templates: error: oauth-error.html providerSelection: provider-selection.html
* Add support for templating master admissionConfig.Devan Goodwin2016-04-011-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds four new inventory variables for setting sections in "admissionConfig" and "kubernetesMasterConfig.admissionConfig". openshift_master_admission_plugin_order allows configuring the list of origin admission controller plugins to enable and what order to run them in. This must be a JSON formatted list of strings: openshift_master_admission_plugin_order=["RunOnceDuration", "NamespaceLifecycle", "OriginPodNodeEnvironment", "ClusterResourceOverride", "LimitRanger", "ServiceAccount", "SecurityContextConstraint", "ResourceQuota", "SCCExecRestrictions"] openshift_master_kube_admission_plugin_order is identical but for the kubernetes admission controller plugins which appear beneath kubernetesMasterConfig. openshift_master_admission_plugin_config allows setting free-form configuration stanzas that match up with enabled admission controller plugins. This must be a JSON formatted hash: openshift_master_admission_plugin_config={"RunOnceDuration":{"configuration":{"apiVersion":"v1","kind":"RunOnceDurationConfig","activeDeadlineSecondsOverride":3600}},"ClusterResourceOverride":{"configuration":{"apiVersion":"v1","kind":"ClusterResourceOverrideConfig","limitCPUToMemoryPercent":200,"cpuRequestToLimitPercent":6,"memoryRequestToLimitPercent":60}}} openshift_master_kube_admission_plugin_config is the equivalent for kubernetes admission controller plugins. Contains a change to merge_facts to fix issues with modifying inventory variables that contain JSON dicts. If you modified a previously set variable, the result would be a merge of old and new, which is completely wrong in this case. Addded new overwrite_facts to shortcut to just taking the new values. This differs from the pre-existing concept of "protected" in that we're not protecting an old value, we're trashing it and taking the new.
* Add gte check for 3.2, update version checks to gteJason DeTiberus2016-02-091-2/+2
|
* Merge pull request #1160 from vishpat/nuageBrenton Leanhardt2016-01-251-1/+1
|\ | | | | Nuage
| * Add Nuage support to openshift ansibleVishal Patil2016-01-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added variables Made changes for node configuration Add service restart logic to node Fixed ansible syntax errors Add cert and key info for nodes Added active and standby controller ip configuration information Uncommented the nuage sdn check Changed ca_crt -> ca_cert Added restarting of atomic openshift master Removed service account dependencies Fixes Fixed the api server url Removed redundant restart of atomic openshift master Configure nuagekubemon on all of the master nodes Restart master api and controllers as well on nuagekubemon installation Converted plugin config into template Add template for nuagekubemon Removed uplink interface from vars Able to copy cert keys Uninstall default ovs Add the kubemon template Do not install rdo sdn rpms in case of nuage Addressed latest review comments Set the networkPluginName for nuage
* | Expose console config for customizationDiego Castro2016-01-211-1/+14
| |
* | Enable kubernetes master config of podEvictionTimeout from ansibleJeremiah Stuever2016-01-201-1/+1
| |
* | - sqashed to one commitLutz Lange2016-01-121-2/+2
| |
* | Merge pull request #1018 from abutcher/secretsBrenton Leanhardt2016-01-061-0/+2
|\ \ | | | | | | Clean up idempotency issues with session secrets.
| * | Clean up idempotency issues with session secrets.Andrew Butcher2016-01-041-0/+2
| | |
* | | Fix osm_controller_args and osm_api_server_args settings.Andrew Butcher2016-01-041-2/+2
|/ /
* / add the necessary URLs for logging and metricsgit0012015-12-221-0/+6
|/ | | | | | | | | | | | | | add the necessary URLs for logging and metrics use the dict in the right way add the new variables into the hosts file add the new variables into the hosts file add the new variables into the hosts file Adopted the config text
* Configured master count should be 1 for pacemaker ha.Andrew Butcher2015-12-021-1/+1
|
* Refactor master identity provider configurationJason DeTiberus2015-11-231-1/+18
| | | | | | - Remote template in favor of a filter plugin - Add additional validation for identity provider config - Add mappingMethod attribute for identity providers, default to 'claim'
* Refactor named certificates.Andrew Butcher2015-11-161-5/+2
|
* 1279746: Fix leftover disabled features line in config template.Devan Goodwin2015-11-101-1/+0
|
* Merge pull request #830 from detiber/nov1beta3Brenton Leanhardt2015-11-061-3/+3
|\ | | | | apiLevel changes
| * apiLevel changesJason DeTiberus2015-11-061-3/+3
| | | | | | | | | | | | - remove kubernetesMasterConfig.apiLevels if >= 3.1/1.1 - change apiLevels conditional from using deployment_type to version_greater_than_3_1_or_1_1
* | Revert to defaultsAndrew Butcher2015-11-051-3/+3
| |
* | fix dueling controllers - without controllerLeaseTTL set in config, multiple ↵Jason DeTiberus2015-11-041-1/+3
| | | | | | | | controllers will attempt to start
* | additional ha related updatesJason DeTiberus2015-11-041-5/+13
| |
* | additional native ha changesAndrew Butcher2015-11-041-2/+1
|/
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 19:24:16 +0000