diff options
| author | Thomas Wiest <twiest@users.noreply.github.com> | 2015-12-09 15:49:48 -0500 |
|---|---|---|
| committer | Thomas Wiest <twiest@users.noreply.github.com> | 2015-12-09 15:49:48 -0500 |
| commit | eeb164fae0e6721100c4fcc1717d92bb85b9652c (patch) | |
| tree | 70eee046db8012061c178ab4e686650048265564 /roles/openshift_master/templates | |
| parent | 898290cb3aabbc9d98883181877ac857a2fe1faf (diff) | |
| parent | 14c69ad397be8ee101ef5b4edfa223d703e67ad0 (diff) | |
| download | openshift-eeb164fae0e6721100c4fcc1717d92bb85b9652c.tar.gz openshift-eeb164fae0e6721100c4fcc1717d92bb85b9652c.tar.bz2 openshift-eeb164fae0e6721100c4fcc1717d92bb85b9652c.tar.xz openshift-eeb164fae0e6721100c4fcc1717d92bb85b9652c.zip | |
Merge pull request #1048 from twiest/prod
Sync master -> Prod
Diffstat (limited to 'roles/openshift_master/templates')
| -rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 28 | ||||
| -rw-r--r-- | roles/openshift_master/templates/v1_partials/oauthConfig.j2 | 93 |
2 files changed, 21 insertions, 100 deletions
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index bb12a0a0f..cadb02fa3 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -27,9 +27,6 @@ corsAllowedOrigins: {% for custom_origin in openshift.master.custom_cors_origins | default("") %} - {{ custom_origin }} {% endfor %} -{% for name in (named_certificates | map(attribute='names')) | list | oo_flatten %} - - {{ name }} -{% endfor %} {% if 'disabled_features' in openshift.master %} disabledFeatures: {{ openshift.master.disabled_features | to_json }} {% endif %} @@ -86,7 +83,7 @@ kubernetesMasterConfig: {% endif %} apiServerArguments: {{ api_server_args if api_server_args is defined else 'null' }} controllerArguments: {{ controller_args if controller_args is defined else 'null' }} - masterCount: {{ openshift.master.master_count }} + masterCount: {{ openshift.master.master_count if openshift.master.cluster_method | default(None) == 'native' else 1 }} masterIP: {{ openshift.common.ip }} podEvictionTimeout: "" proxyClientInfo: @@ -110,7 +107,24 @@ networkConfig: {% endif %} # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet serviceNetworkCIDR: {{ openshift.master.portal_net }} -{% include 'v1_partials/oauthConfig.j2' %} +oauthConfig: + assetPublicURL: {{ openshift.master.public_console_url }}/ + grantConfig: + method: {{ openshift.master.oauth_grant_method }} + identityProviders: +{% for line in translated_identity_providers.splitlines() %} + {{ line }} +{% endfor %} + masterCA: ca.crt + masterPublicURL: {{ openshift.master.public_api_url }} + masterURL: {{ openshift.master.api_url }} + sessionConfig: + sessionMaxAgeSeconds: {{ openshift.master.session_max_seconds }} + sessionName: {{ openshift.master.session_name }} + sessionSecretsFile: {{ openshift.master.session_secrets_file }} + tokenConfig: + accessTokenMaxAgeSeconds: {{ openshift.master.access_token_max_seconds }} + authorizeTokenMaxAgeSeconds: {{ openshift.master.auth_token_max_seconds }} pauseControllers: false policyConfig: bootstrapPolicyFile: {{ openshift_master_policy }} @@ -144,9 +158,9 @@ servingInfo: keyFile: master.server.key maxRequestsInFlight: 500 requestTimeoutSeconds: 3600 -{% if named_certificates %} +{% if openshift.master.named_certificates %} namedCertificates: -{% for named_certificate in named_certificates %} +{% for named_certificate in openshift.master.named_certificates %} - certFile: {{ named_certificate['certfile'] }} keyFile: {{ named_certificate['keyfile'] }} names: diff --git a/roles/openshift_master/templates/v1_partials/oauthConfig.j2 b/roles/openshift_master/templates/v1_partials/oauthConfig.j2 deleted file mode 100644 index 8a4f5a746..000000000 --- a/roles/openshift_master/templates/v1_partials/oauthConfig.j2 +++ /dev/null @@ -1,93 +0,0 @@ -{% macro identity_provider_config(identity_provider) %} - apiVersion: v1 - kind: {{ identity_provider.kind }} -{% if identity_provider.kind == 'HTPasswdPasswordIdentityProvider' %} - file: {{ identity_provider.filename }} -{% elif identity_provider.kind == 'BasicAuthPasswordIdentityProvider' %} - url: {{ identity_provider.url }} -{% for key in ('ca', 'certFile', 'keyFile') %} -{% if key in identity_provider %} - {{ key }}: "{{ identity_provider[key] }}" -{% endif %} -{% endfor %} -{% elif identity_provider.kind == 'LDAPPasswordIdentityProvider' %} - attributes: -{% for attribute_key in identity_provider.attributes %} - {{ attribute_key }}: -{% for attribute_value in identity_provider.attributes[attribute_key] %} - - {{ attribute_value }} -{% endfor %} -{% endfor %} -{% for key in ('bindDN', 'bindPassword', 'ca') %} - {{ key }}: "{{ identity_provider[key] }}" -{% endfor %} -{% for key in ('insecure', 'url') %} - {{ key }}: {{ identity_provider[key] }} -{% endfor %} -{% elif identity_provider.kind == 'RequestHeaderIdentityProvider' %} - headers: {{ identity_provider.headers }} -{% if 'clientCA' in identity_provider %} - clientCA: {{ identity_provider.clientCA }} -{% endif %} -{% elif identity_provider.kind == 'GitHubIdentityProvider' %} - clientID: {{ identity_provider.clientID }} - clientSecret: {{ identity_provider.clientSecret }} -{% elif identity_provider.kind == 'GoogleIdentityProvider' %} - clientID: {{ identity_provider.clientID }} - clientSecret: {{ identity_provider.clientSecret }} -{% if 'hostedDomain' in identity_provider %} - hostedDomain: {{ identity_provider.hostedDomain }} -{% endif %} -{% elif identity_provider.kind == 'OpenIDIdentityProvider' %} - clientID: {{ identity_provider.clientID }} - clientSecret: {{ identity_provider.clientSecret }} - claims: - id: identity_provider.claims.id -{% for claim_key in ('preferredUsername', 'name', 'email') %} -{% if claim_key in identity_provider.claims %} - {{ claim_key }}: {{ identity_provider.claims[claim_key] }} -{% endif %} -{% endfor %} - urls: - authorize: {{ identity_provider.urls.authorize }} - token: {{ identity_provider.urls.token }} -{% if 'userInfo' in identity_provider.urls %} - userInfo: {{ identity_provider.userInfo }} -{% endif %} -{% if 'extraScopes' in identity_provider %} - extraScopes: -{% for scope in identity_provider.extraScopes %} - - {{ scope }} -{% endfor %} -{% endif %} -{% if 'extraAuthorizeParameters' in identity_provider %} - extraAuthorizeParameters: -{% for param_key, param_value in identity_provider.extraAuthorizeParameters.iteritems() %} - {{ param_key }}: {{ param_value }} -{% endfor %} -{% endif %} -{% endif %} -{% endmacro %} -oauthConfig: - assetPublicURL: {{ openshift.master.public_console_url }}/ - grantConfig: - method: {{ openshift.master.oauth_grant_method }} - identityProviders: -{% for identity_provider in openshift.master.identity_providers %} - - name: {{ identity_provider.name }} - challenge: {{ identity_provider.challenge }} - login: {{ identity_provider.login }} - provider: -{{ identity_provider_config(identity_provider) }} -{%- endfor %} - masterCA: ca.crt - masterPublicURL: {{ openshift.master.public_api_url }} - masterURL: {{ openshift.master.api_url }} - sessionConfig: - sessionMaxAgeSeconds: {{ openshift.master.session_max_seconds }} - sessionName: {{ openshift.master.session_name }} - sessionSecretsFile: {{ openshift.master.session_secrets_file }} - tokenConfig: - accessTokenMaxAgeSeconds: {{ openshift.master.access_token_max_seconds }} - authorizeTokenMaxAgeSeconds: {{ openshift.master.auth_token_max_seconds }} -{# Comment to preserve newline after authorizeTokenMaxAgeSeconds #} |