diff options
author | Devan Goodwin <dgoodwin@redhat.com> | 2016-03-23 16:16:47 -0300 |
---|---|---|
committer | Devan Goodwin <dgoodwin@redhat.com> | 2016-04-01 13:26:24 -0300 |
commit | 89db887bd536156421fbc701c5d1b46656070347 (patch) | |
tree | e327d53004131bda6a2f766cd8c784bea58ea8bd /roles/openshift_facts | |
parent | c8f5f05df668eaa6502b17fed9dc8099e7fab258 (diff) | |
download | openshift-89db887bd536156421fbc701c5d1b46656070347.tar.gz openshift-89db887bd536156421fbc701c5d1b46656070347.tar.bz2 openshift-89db887bd536156421fbc701c5d1b46656070347.tar.xz openshift-89db887bd536156421fbc701c5d1b46656070347.zip |
Add support for templating master admissionConfig.
Adds four new inventory variables for setting sections in "admissionConfig" and
"kubernetesMasterConfig.admissionConfig".
openshift_master_admission_plugin_order allows configuring the list of origin
admission controller plugins to enable and what order to run them in. This must
be a JSON formatted list of strings:
openshift_master_admission_plugin_order=["RunOnceDuration", "NamespaceLifecycle", "OriginPodNodeEnvironment", "ClusterResourceOverride", "LimitRanger", "ServiceAccount", "SecurityContextConstraint", "ResourceQuota", "SCCExecRestrictions"]
openshift_master_kube_admission_plugin_order is identical but for the
kubernetes admission controller plugins which appear beneath
kubernetesMasterConfig.
openshift_master_admission_plugin_config allows setting free-form configuration
stanzas that match up with enabled admission controller plugins. This must be a
JSON formatted hash:
openshift_master_admission_plugin_config={"RunOnceDuration":{"configuration":{"apiVersion":"v1","kind":"RunOnceDurationConfig","activeDeadlineSecondsOverride":3600}},"ClusterResourceOverride":{"configuration":{"apiVersion":"v1","kind":"ClusterResourceOverrideConfig","limitCPUToMemoryPercent":200,"cpuRequestToLimitPercent":6,"memoryRequestToLimitPercent":60}}}
openshift_master_kube_admission_plugin_config is the equivalent for kubernetes
admission controller plugins.
Contains a change to merge_facts to fix issues with modifying inventory
variables that contain JSON dicts. If you modified a previously set variable,
the result would be a merge of old and new, which is completely wrong in this
case. Addded new overwrite_facts to shortcut to just taking the new values.
This differs from the pre-existing concept of "protected" in that we're not
protecting an old value, we're trashing it and taking the new.
Diffstat (limited to 'roles/openshift_facts')
-rwxr-xr-x | roles/openshift_facts/library/openshift_facts.py | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 0d31d4ddf..9054e0bd4 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1118,12 +1118,21 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw """ additive_facts = ['named_certificates'] protected_facts = ['ha', 'master_count'] + + # Facts we do not ever want to merge. These originate in inventory variables + # and typically contain JSON dicts. We don't ever want to trigger a merge + # here, just completely overwrite with the new if they are present there. + overwrite_facts = ['admission_plugin_config', + 'kube_admission_plugin_config'] + facts = dict() for key, value in orig.iteritems(): # Key exists in both old and new facts. if key in new: + if key in overwrite_facts: + facts[key] = copy.deepcopy(new[key]) # Continue to recurse if old and new fact is a dictionary. - if isinstance(value, dict) and isinstance(new[key], dict): + elif isinstance(value, dict) and isinstance(new[key], dict): # Collect the subset of additive facts to overwrite if # key matches. These will be passed to the subsequent # merge_facts call. |