Master-config.yml: Difference between revisions
(Created page with "=Internal= * OpenShift Configuration =Location= <pre> /etc/origin/master/master-config.yaml </pre>") |
|||
(71 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=External= | |||
* https://docs.openshift.com/container-platform/latest/install_config/master_node_configuration.html#master-configuration-files | |||
=Internal= | =Internal= | ||
* [[OpenShift Configuration#Configuration_Files|OpenShift Configuration]] | * [[OpenShift Configuration#Configuration_Files|OpenShift Configuration]] | ||
=Overview= | |||
If the configuration file is changed after the master(s) start, they need to be restarted to make it effective. The restart procedure is described here: {{Internal|OpenShift_Runtime#OpenShift_Master_and_Node_Process_Operations|Master Operations}} | |||
=Location= | =Location= | ||
Found only on master nodes. | |||
<pre> | <pre> | ||
/etc/origin/master/master-config.yaml | /etc/origin/master/master-config.yaml | ||
</pre> | </pre> | ||
=Reference= | |||
==admissionConfig== | |||
===pluginConfig=== | |||
{{Internal|OpenShift_Concepts#Admission_Control|Admission Control}} | |||
Defaults in OpenShift 3.5: | |||
<syntaxhighlight lang='yaml'> | |||
admissionConfig: | |||
pluginConfig: | |||
BuildDefaults: | |||
configuration: | |||
apiVersion: v1 | |||
env: [] | |||
kind: BuildDefaultsConfig | |||
resources: | |||
limits: {} | |||
requests: {} | |||
BuildOverrides: | |||
configuration: | |||
apiVersion: v1 | |||
kind: BuildOverridesConfig | |||
openshift.io/ImagePolicy: | |||
configuration: | |||
apiVersion: v1 | |||
executionRules: | |||
- matchImageAnnotations: | |||
- key: images.openshift.io/deny-execution | |||
value: 'true' | |||
name: execution-denied | |||
onResources: | |||
- resource: pods | |||
- resource: builds | |||
reject: true | |||
skipOnResolutionFailure: true | |||
kind: ImagePolicyConfig | |||
</syntaxhighlight> | |||
==assetConfig== | |||
===masterPublicURL=== | |||
===publicURL=== | |||
The public URL of the console. | |||
===loggingPublicURL=== | |||
The public URL of the logging aggregation server. See [[Kibana and OpenShift#Configuration|Kibana and OpenShift]]. | |||
===metricsPublicURL=== | |||
The OpenShift web console uses the data coming from the Hawkular Metrics service to display its graphs. The URL for accessing the Hawkular Metrics service must be configured with 'metricsPublicURL' option. This URL corresponds to the route created with the 'openshift_metrics_hawkular_hostname' inventory variable used during the [[OpenShift_3.5_Installation#Configure_Ansible_Inventory_File|installation]]. | |||
===servingInfo=== | |||
====bindAddress==== | |||
====certFile==== | |||
The path of the [[OpenShift_Security_Concepts#Master_.28API_Server.29_Certificate|master certificate]] file relative to the configuration directory. | |||
assetConfig: | |||
servingInfo: | |||
certFile: master.server.crt | |||
==kubernetesMasterConfig== | |||
===apiServerArguments=== | |||
====deserialization-cache-size==== | |||
The number of OpenShift metadata entries cached in memory on the master, to avoid interaction with etcd and CPU consumption required by serialization. The default cache size is 50,000 entries, which, depending on the size of resources, can grow to occupy 1 to 2 GB of memory. For more details see [[OpenShift_Concepts#etcd_and_Master_Caching|etcd and Master Caching]]. | |||
<pre> | |||
kubernetesMasterConfig: | |||
apiServerArguments: | |||
deserialization-cache-size: | |||
- "1000" | |||
</pre> | |||
===schedulerConfigFile=== | |||
Specifies the path to the [[OpenShift_Concepts#Scheduler_Policy|scheduler policy]] definition file. The default value is "/etc/origin/master/scheduler.json" and the default content of the scheduler.json file is [[/etc/origin/master/scheduler.json|scheduler.json]]. | |||
===servicesSubnet=== | |||
The address of the [[OpenShift_Concepts#The_Services_Subnet|SDN Services Subnet]]. | |||
==oauthConfig== | |||
===identityProviders=== | |||
==policyConfig== | |||
===bootstrapPolicyFile=== | |||
The default value is /etc/origin/master/policy.json. | |||
===openshiftInfrastructureNamespace=== | |||
Default value: "openshift-infra" | |||
===openshiftSharedResourcesNamespace=== | |||
Default value: "openshift" | |||
==projectConfig== | |||
===defaultNodeSelector=== | |||
Configured during installation by setting | |||
osm_default_node_selector='env=app' | |||
in the Ansible hosts file. The result is similar to: | |||
... | |||
projectConfig: | |||
defaultNodeSelector: "env=app" | |||
... | |||
===projectRequestTemplate=== | |||
The template to use when provisioning new projects. If not defined, the API server creates the default template that creates a project with the requested name, and assigns the requesting user to the "admin" role for that project. To specify a new project template, follow the procedure described here [[OpenShift_Template_Operations#Modify_the_Template_for_New_Projects|Template Operations - Modify the Template for New Projects]] | |||
... | |||
projectConfig: | |||
... | |||
projectRequestTemplate: "" | |||
Also see: {{Internal|OpenShift_Concepts#New_Project_Template|OpenShift Concepts - New Project Template}} | |||
==routingConfig== | |||
===subdomain=== | |||
routingConfig: | |||
subdomain: apps.openshift.novaordis.io | |||
See [[OpenShift_Concepts#Default_Routing_Subdomain|Default Routing Subdomain]]. | |||
==serviceAccountConfig== | |||
===managedNames=== | |||
Contains the list of service accounts to be created when a new project is created. The default are "default", "builder", "deployer". For more details see: {{Internal|OpenShift_Security_Concepts#Service_Account|Service Accounts}} | |||
===masterCA=== | |||
===privateKeyFile=== | |||
===publicKeyFiles=== | |||
==jenkinsPipelineConfig== | |||
{{External|https://docs.openshift.com/container-platform/latest/install_config/configuring_pipeline_execution.html#overview}} | |||
For an explanation of how OpenShift uses 'jenkinsPipelineConfig' section configuration, see: {{Internal|OpenShift_CI/CD_Concepts#Jenkins_Service_Initialization|OpenShift CI/CD Concepts - Jenkins Service Initialization}} | |||
===autoProvisionEnabled=== | |||
Setting 'autoProvisionEnabled' to false will disable Jenkins auto provisioning from template in all projects across the cluster. See: {{Internal|OpenShift_CI/CD_Concepts#Jenkins_Service_Initialization|OpenShift CI/CD Concepts - Jenkins Service Initialization}} | |||
===templateNamespace=== | |||
openshift | |||
See: {{Internal|OpenShift_CI/CD_Concepts#Jenkins_Service_Initialization|OpenShift CI/CD Concepts - Jenkins Service Initialization}} | |||
===templateName=== | |||
jenkins-persistent | |||
See: {{Internal|OpenShift_CI/CD_Concepts#Jenkins_Service_Initialization|OpenShift CI/CD Concepts - Jenkins Service Initialization}} | |||
===serviceName=== | |||
The name of the service in a project to be used as Jenkins service. The default value is "jenkins". If the service exists, Jenkins auto-provisioning won't be initiated, even if [[#autoProvisionEnabled| autoProvisionEnabled]] is true. For more details see: {{Internal|OpenShift_CI/CD_Concepts#Jenkins_Service_Initialization|OpenShift CI/CD Concepts - Jenkins Service Initialization}} | |||
===parameters=== | |||
key1: value1 | |||
key2: value2 | |||
===Shared Jenkins Instance Configuration=== | |||
<span id='Jenkins'></span><font color=red>TODO: How to configure a system-wide Jenkins instance. Update [[OpenShift_CI/CD_Concepts#Shared_Jenkins_Instance|OpenShift_CI/CD_Concepts - Shared Jenkins Instance]]</font>. |
Latest revision as of 22:42, 18 January 2018
External
Internal
Overview
If the configuration file is changed after the master(s) start, they need to be restarted to make it effective. The restart procedure is described here:
Location
Found only on master nodes.
/etc/origin/master/master-config.yaml
Reference
admissionConfig
pluginConfig
Defaults in OpenShift 3.5:
admissionConfig:
pluginConfig:
BuildDefaults:
configuration:
apiVersion: v1
env: []
kind: BuildDefaultsConfig
resources:
limits: {}
requests: {}
BuildOverrides:
configuration:
apiVersion: v1
kind: BuildOverridesConfig
openshift.io/ImagePolicy:
configuration:
apiVersion: v1
executionRules:
- matchImageAnnotations:
- key: images.openshift.io/deny-execution
value: 'true'
name: execution-denied
onResources:
- resource: pods
- resource: builds
reject: true
skipOnResolutionFailure: true
kind: ImagePolicyConfig
assetConfig
masterPublicURL
publicURL
The public URL of the console.
loggingPublicURL
The public URL of the logging aggregation server. See Kibana and OpenShift.
metricsPublicURL
The OpenShift web console uses the data coming from the Hawkular Metrics service to display its graphs. The URL for accessing the Hawkular Metrics service must be configured with 'metricsPublicURL' option. This URL corresponds to the route created with the 'openshift_metrics_hawkular_hostname' inventory variable used during the installation.
servingInfo
bindAddress
certFile
The path of the master certificate file relative to the configuration directory.
assetConfig: servingInfo: certFile: master.server.crt
kubernetesMasterConfig
apiServerArguments
deserialization-cache-size
The number of OpenShift metadata entries cached in memory on the master, to avoid interaction with etcd and CPU consumption required by serialization. The default cache size is 50,000 entries, which, depending on the size of resources, can grow to occupy 1 to 2 GB of memory. For more details see etcd and Master Caching.
kubernetesMasterConfig: apiServerArguments: deserialization-cache-size: - "1000"
schedulerConfigFile
Specifies the path to the scheduler policy definition file. The default value is "/etc/origin/master/scheduler.json" and the default content of the scheduler.json file is scheduler.json.
servicesSubnet
The address of the SDN Services Subnet.
oauthConfig
identityProviders
policyConfig
bootstrapPolicyFile
The default value is /etc/origin/master/policy.json.
openshiftInfrastructureNamespace
Default value: "openshift-infra"
Default value: "openshift"
projectConfig
defaultNodeSelector
Configured during installation by setting
osm_default_node_selector='env=app'
in the Ansible hosts file. The result is similar to:
... projectConfig: defaultNodeSelector: "env=app" ...
projectRequestTemplate
The template to use when provisioning new projects. If not defined, the API server creates the default template that creates a project with the requested name, and assigns the requesting user to the "admin" role for that project. To specify a new project template, follow the procedure described here Template Operations - Modify the Template for New Projects
... projectConfig: ... projectRequestTemplate: ""
Also see:
routingConfig
subdomain
routingConfig: subdomain: apps.openshift.novaordis.io
See Default Routing Subdomain.
serviceAccountConfig
managedNames
Contains the list of service accounts to be created when a new project is created. The default are "default", "builder", "deployer". For more details see:
masterCA
privateKeyFile
publicKeyFiles
jenkinsPipelineConfig
For an explanation of how OpenShift uses 'jenkinsPipelineConfig' section configuration, see:
autoProvisionEnabled
Setting 'autoProvisionEnabled' to false will disable Jenkins auto provisioning from template in all projects across the cluster. See:
templateNamespace
openshift
See:
templateName
jenkins-persistent
See:
serviceName
The name of the service in a project to be used as Jenkins service. The default value is "jenkins". If the service exists, Jenkins auto-provisioning won't be initiated, even if autoProvisionEnabled is true. For more details see:
parameters
key1: value1 key2: value2
TODO: How to configure a system-wide Jenkins instance. Update OpenShift_CI/CD_Concepts - Shared Jenkins Instance.