summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master/templates/master.yaml.v1.j2
Commit message (Collapse)AuthorAgeFilesLines
* add new clusterNetworks fields to new installsJacob Tanenbaum2017-10-271-0/+5
| | | | | add clusterNetworks field to the networkConfig so that the new fields appear in new installs when openshift version is greater then 3.7
* Initial Kuryr supportMichał Dulko2017-10-201-1/+1
| | | | | | | | This commit enables deploying Kuryr networking on top of OpenShift in containers. kuryr-controller is a Deployment and kuryr-cni is deployed as DaemonSet (container will drop all CNI configuration files). Co-Authored-By: Antoni Segura Puimedon <celebdor@gmail.com>
* Merge pull request #5687 from jim-minter/tsb_configOpenShift Merge Robot2017-10-171-7/+0
|\ | | | | | | | | | | | | | | Automatic merge from submit-queue. Rewire openshift_template_service_broker_namespaces configurable @ewolinetz @bparees
| * Rewire openshift_template_service_broker_namespaces configurableJim Minter2017-10-131-7/+0
| |
* | Add ability to set node and master imageConfig to latestMichael Gugino2017-10-121-1/+1
|/ | | | | | | | | Currently, imageConfig.latest is hard-coded to false. This commit adds an appropriate boolean to enable setting to true. Fixes: https://github.com/openshift/openshift-ansible/issues/1422
* Ensure servingInfo.clientCA is set as ca.crt rather than ca-bundle.crt.Andrew Butcher2017-10-091-4/+0
|
* Remove openshift-commonMichael Gugino2017-09-061-3/+3
| | | | | | | | | Most of this role's purpose was to set facts. The vast majority of these facts were simply redefining user-supplied variables. This commit also removes various artifacts leftover from previous versions, as well as variables that seem to be entirely unused.
* Use the new election mode (client based) instead of direct etcd accessClayton Coleman2017-08-081-3/+2
|
* Add rate limit configurabilityScott Dodson2017-07-061-4/+4
|
* Adding option for serviceAccountConfig.limitSecretReferencesKenny Woodson2017-06-201-1/+1
|
* Preserve etcd3 storage if it's already in useScott Dodson2017-06-181-0/+6
| | | | | This would be the case if for instance they'd upgraded and then migrated.
* Merge pull request #3982 from jim-minter/trello131-broker-configurationOpenShift Bot2017-05-221-0/+7
|\ | | | | Merged by openshift-bot
| * add template service broker configurableJim Minter2017-04-241-0/+7
| |
* | Fix auditConfig for non-HA environmentsRussell Teague2017-05-181-1/+1
|/ | | | Bug 1447019
* Allow overriding minTLSVersion and cipherSuitesMartin Eggen2017-03-091-0/+18
| | | | | Add parameters to allow overriding minTLSVersion and cipherSuites in master and node servingInfo config stanzas.
* Combined (squashed) commit for all changes related to adding Contiv support ↵Sanjeev Rampal2017-02-271-1/+1
| | | | into Openshift Ansible. This is the first (beta) release of Contiv with Openshift and is only supported for Openshift Origin + Bare metal deployments at the time of this commit. Please refer to the Openshift and Contiv official documentation for details of the level of support for different features and modes of operation.
* Ensure embedded etcd config uses CA bundle.Andrew Butcher2017-02-091-0/+12
|
* Restructure certificate redeploy playbooksAndrew Butcher2017-02-021-0/+8
|
* Set metrics url even if metrics_deploy is falseAlberto Peon2017-01-201-2/+2
|
* Support openshift_node_port_range for configuring service NodePortsClayton Coleman2017-01-101-1/+1
| | | | | | | | | Sets the appropriate config field if openshift_node_port_range is set and also configures filewalls on each node. firewalld already supports port ranges like "30000-32000", while iptables needs that value converted to the correct "30000:32000" form for use with `--dport`. If not set, no node ports are opened.
* Fix metricsPublicURL only being set correctly on first master.Devan Goodwin2016-12-011-3/+3
| | | | | | | | | | | | | Problem was caused by facts not being set for that master. To fix this patch cleans up the calculation of metricsPublicURL in general. Because this value is used in openshift_master to template into the master config file, we now define these facts more clearly in openshift_master_facts, and add a dependency on this to openshift_metrics. The calculation of default sub-domain is also changed to remove it from system facts (as neither of these are facts about the system) and instead use plain variables.
* Merge kube_admission_plugin_config with admission_plugin_configSamuel Munilla2016-11-221-10/+0
| | | | | | | | Move the values in kube_admission_plugin_config up one level per the new format from 1.3: "The kubernetesMasterConfig.admissionConfig.pluginConfig should be moved and merged into admissionConfig.pluginConfig."
* Merge pull request #2636 from enlinxu/masterAndrew Butcher2016-11-161-0/+1
|\ | | | | Support 3rd party scheduler
| * support 3rd party schedulerenlinxu2016-10-201-0/+1
| |
* | Change to allow cni deployments without openshift SDNyfauser2016-11-081-1/+1
|/ | | | | | | The roles/openshift_facts main task did not pass the cni plugin variable to the later role playbooks. The master.yaml and node.yaml templates did not allow for a cni configuration without either installing openshift sdn or nuage. This change will allow to use os_sdn_network_plugin_name=cni and set openshift_use_openshift_sdn=false for deployments that use a cni plugin that doesn't need and want openshift sdn to be installed
* Check if openshift_master_ingress_ip_network_cidr is definedMathias Merscher2016-10-041-1/+1
| | | | Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
* allow networkConfig.ingressIPNetworkCIDRs to be configuredMathias Merscher2016-10-041-0/+3
| | | | Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
* Merge pull request #2358 from abutcher/service-serving-certsAndrew Butcher2016-08-251-0/+7
|\ | | | | enable service-serving-cert-signer by default
| * enable service-serving-cert-signer by defaultAndrew Butcher2016-08-241-0/+7
| |
* | Merge pull request #2100 from smunilla/BZ1337553Scott Dodson2016-08-241-0/+1
|\ \ | |/ |/| Add externalIPNetworkCIDRs to config
| * Add externalIPNetworkCIDRs to configSamuel Munilla2016-08-231-0/+1
| | | | | | | | | | Allow networkConfig.externalIPNetworkCIDRs to be set along with a default to emulate the old 3.1 behavior.
* | Correct masterCA config typo.Andrew Butcher2016-08-241-2/+2
|/
* qps typodeads2k2016-08-111-2/+2
|
* Merge pull request #2211 from dgoodwin/33-upgrade-playbookScott Dodson2016-08-081-0/+14
|\ | | | | 1.3 / 3.3 Upgrades
| * Add 3.3 protobuf config stanzas for master/node config.Devan Goodwin2016-07-281-0/+14
| |
* | Add options for specifying named ca certificates to be added to the ↵Andrew Butcher2016-08-011-3/+11
|/ | | | openshift ca bundle.
* [master] add support for setting auditConfigJason DeTiberus2016-07-131-0/+3
|
* Allow overriding servingInfo.maxRequestsInFlight via ↵Andrew Butcher2016-05-131-1/+1
| | | | openshift_master_max_requests_inflight.
* Add masterConfig.volumeConfig.dynamicProvisioningEnabledScott Dodson2016-04-261-0/+2
|
* Promote portal_net to openshift.common, add kube_svc_ipScott Dodson2016-04-191-2/+2
| | | | | Conflicts: roles/openshift_facts/library/openshift_facts.py
* Support setting imagePolicyConfig JSON in inventory.Devan Goodwin2016-04-121-0/+3
| | | | | | | | | For flexibility this is another pure JSON field to translate directly to yaml in the master config. Also updated to more safely handle JSON inventory variables as this uncovered a bug with booleans where you end up with a string containing json in your yaml.
* Add support for configuring oauth templates.Devan Goodwin2016-04-011-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow users who wish to deploy configs with ansible to define templates for oauth screens, and control the alwaysShowProviderSelection setting. There are currently three supported oauth templates, and we have a pre-existing 'oauth_template' variable, but it is assumed to mean you are controlling the 'login' screen, and this is the only one you can configure. To work around this, supporting all current and future templates, introduce a pluralized variable 'oauth_templates', which contains a JSON dict allowing the admin to control any template they wish. If both new and old variables are defined, the old one is ignored. (and can be considered deprecated) Internally the old value will be converted to the new dict, so the template just references one value. Example: openshift_master_oauth_always_show_provider_selection=true openshift_master_oauth_templates={"providerSelection": "provider-selection.html", "error": "oauth-error.html"} Yeilds: oauthConfig: alwaysShowProviderSelection: true templates: error: oauth-error.html providerSelection: provider-selection.html
* Add support for templating master admissionConfig.Devan Goodwin2016-04-011-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds four new inventory variables for setting sections in "admissionConfig" and "kubernetesMasterConfig.admissionConfig". openshift_master_admission_plugin_order allows configuring the list of origin admission controller plugins to enable and what order to run them in. This must be a JSON formatted list of strings: openshift_master_admission_plugin_order=["RunOnceDuration", "NamespaceLifecycle", "OriginPodNodeEnvironment", "ClusterResourceOverride", "LimitRanger", "ServiceAccount", "SecurityContextConstraint", "ResourceQuota", "SCCExecRestrictions"] openshift_master_kube_admission_plugin_order is identical but for the kubernetes admission controller plugins which appear beneath kubernetesMasterConfig. openshift_master_admission_plugin_config allows setting free-form configuration stanzas that match up with enabled admission controller plugins. This must be a JSON formatted hash: openshift_master_admission_plugin_config={"RunOnceDuration":{"configuration":{"apiVersion":"v1","kind":"RunOnceDurationConfig","activeDeadlineSecondsOverride":3600}},"ClusterResourceOverride":{"configuration":{"apiVersion":"v1","kind":"ClusterResourceOverrideConfig","limitCPUToMemoryPercent":200,"cpuRequestToLimitPercent":6,"memoryRequestToLimitPercent":60}}} openshift_master_kube_admission_plugin_config is the equivalent for kubernetes admission controller plugins. Contains a change to merge_facts to fix issues with modifying inventory variables that contain JSON dicts. If you modified a previously set variable, the result would be a merge of old and new, which is completely wrong in this case. Addded new overwrite_facts to shortcut to just taking the new values. This differs from the pre-existing concept of "protected" in that we're not protecting an old value, we're trashing it and taking the new.
* Add gte check for 3.2, update version checks to gteJason DeTiberus2016-02-091-2/+2
|
* Merge pull request #1160 from vishpat/nuageBrenton Leanhardt2016-01-251-1/+1
|\ | | | | Nuage
| * Add Nuage support to openshift ansibleVishal Patil2016-01-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added variables Made changes for node configuration Add service restart logic to node Fixed ansible syntax errors Add cert and key info for nodes Added active and standby controller ip configuration information Uncommented the nuage sdn check Changed ca_crt -> ca_cert Added restarting of atomic openshift master Removed service account dependencies Fixes Fixed the api server url Removed redundant restart of atomic openshift master Configure nuagekubemon on all of the master nodes Restart master api and controllers as well on nuagekubemon installation Converted plugin config into template Add template for nuagekubemon Removed uplink interface from vars Able to copy cert keys Uninstall default ovs Add the kubemon template Do not install rdo sdn rpms in case of nuage Addressed latest review comments Set the networkPluginName for nuage
* | Expose console config for customizationDiego Castro2016-01-211-1/+14
| |
* | Enable kubernetes master config of podEvictionTimeout from ansibleJeremiah Stuever2016-01-201-1/+1
| |
* | - sqashed to one commitLutz Lange2016-01-121-2/+2
| |
* | Merge pull request #1018 from abutcher/secretsBrenton Leanhardt2016-01-061-0/+2
|\ \ | | | | | | Clean up idempotency issues with session secrets.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 00:15:48 +0000