Master-config.yml

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

External

Internal

Overview

If the configuration file is changed after the master(s) start, they need to be restarted to make it effective. The restart procedure is described here:

Master Operations

Location

Found only on master nodes.

/etc/origin/master/master-config.yaml

Reference

admissionConfig

pluginConfig

Admission Control

Defaults in OpenShift 3.5:

admissionConfig:
  pluginConfig:
    BuildDefaults:
      configuration:
        apiVersion: v1
        env: []
        kind: BuildDefaultsConfig
        resources:
          limits: {}
          requests: {}
    BuildOverrides:
      configuration:
        apiVersion: v1
        kind: BuildOverridesConfig
    openshift.io/ImagePolicy:
      configuration:
        apiVersion: v1
        executionRules:
        - matchImageAnnotations:
          - key: images.openshift.io/deny-execution
            value: 'true'
          name: execution-denied
          onResources:
          - resource: pods
          - resource: builds
          reject: true
          skipOnResolutionFailure: true
        kind: ImagePolicyConfig

assetConfig

masterPublicURL

publicURL

The public URL of the console.

loggingPublicURL

The public URL of the logging aggregation server. See Kibana and OpenShift.

metricsPublicURL

The OpenShift web console uses the data coming from the Hawkular Metrics service to display its graphs. The URL for accessing the Hawkular Metrics service must be configured with 'metricsPublicURL' option. This URL corresponds to the route created with the 'openshift_metrics_hawkular_hostname' inventory variable used during the installation.

servingInfo

bindAddress

certFile

The path of the master certificate file relative to the configuration directory.

assetConfig:
 servingInfo:
   certFile: master.server.crt

kubernetesMasterConfig

apiServerArguments

deserialization-cache-size

The number of OpenShift metadata entries cached in memory on the master, to avoid interaction with etcd and CPU consumption required by serialization. The default cache size is 50,000 entries, which, depending on the size of resources, can grow to occupy 1 to 2 GB of memory. For more details see etcd and Master Caching.

kubernetesMasterConfig:
  apiServerArguments:
    deserialization-cache-size:
    - "1000"

schedulerConfigFile

Specifies the path to the scheduler policy definition file. The default value is "/etc/origin/master/scheduler.json" and the default content of the scheduler.json file is scheduler.json.

servicesSubnet

The address of the SDN Services Subnet.

oauthConfig

identityProviders

policyConfig

bootstrapPolicyFile

The default value is /etc/origin/master/policy.json.

openshiftInfrastructureNamespace

Default value: "openshift-infra"

openshiftSharedResourcesNamespace

Default value: "openshift"

projectConfig

defaultNodeSelector

Configured during installation by setting

osm_default_node_selector='env=app'

in the Ansible hosts file. The result is similar to:

...
projectConfig:
  defaultNodeSelector: "env=app"
  ...

projectRequestTemplate

The template to use when provisioning new projects. If not defined, the API server creates the default template that creates a project with the requested name, and assigns the requesting user to the "admin" role for that project. To specify a new project template, follow the procedure described here Template Operations - Modify the Template for New Projects

...
projectConfig:
  ...
  projectRequestTemplate: ""

Also see:

OpenShift Concepts - New Project Template

routingConfig

subdomain

routingConfig:
  subdomain: apps.openshift.novaordis.io

See Default Routing Subdomain.

serviceAccountConfig

managedNames

Contains the list of service accounts to be created when a new project is created. The default are "default", "builder", "deployer". For more details see:

Service Accounts

masterCA

privateKeyFile

publicKeyFiles

jenkinsPipelineConfig

https://docs.openshift.com/container-platform/latest/install_config/configuring_pipeline_execution.html#overview

For an explanation of how OpenShift uses 'jenkinsPipelineConfig' section configuration, see:

OpenShift CI/CD Concepts - Jenkins Service Initialization

autoProvisionEnabled

Setting 'autoProvisionEnabled' to false will disable Jenkins auto provisioning from template in all projects across the cluster. See:

OpenShift CI/CD Concepts - Jenkins Service Initialization

templateNamespace

openshift

See:

OpenShift CI/CD Concepts - Jenkins Service Initialization

templateName

jenkins-persistent

See:

OpenShift CI/CD Concepts - Jenkins Service Initialization

serviceName

The name of the service in a project to be used as Jenkins service. The default value is "jenkins". If the service exists, Jenkins auto-provisioning won't be initiated, even if autoProvisionEnabled is true. For more details see:

OpenShift CI/CD Concepts - Jenkins Service Initialization

parameters

key1: value1
key2: value2

Shared Jenkins Instance Configuration

TODO: How to configure a system-wide Jenkins instance. Update OpenShift_CI/CD_Concepts - Shared Jenkins Instance.