Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Add support for templating master admissionConfig.

Adds four new inventory variables for setting sections in "admissionConfig" and
"kubernetesMasterConfig.admissionConfig".

openshift_master_admission_plugin_order allows configuring the list of origin
admission controller plugins to enable and what order to run them in. This must
be a JSON formatted list of strings:

openshift_master_admission_plugin_order=["RunOnceDuration", "NamespaceLifecycle", "OriginPodNodeEnvironment", "ClusterResourceOverride", "LimitRanger", "ServiceAccount", "SecurityContextConstraint", "ResourceQuota", "SCCExecRestrictions"]

openshift_master_kube_admission_plugin_order is identical but for the
kubernetes admission controller plugins which appear beneath
kubernetesMasterConfig.

openshift_master_admission_plugin_config allows setting free-form configuration
stanzas that match up with enabled admission controller plugins. This must be a
JSON formatted hash:

openshift_master_admission_plugin_config={"RunOnceDuration":{"configuration":{"apiVersion":"v1","kind":"RunOnceDurationConfig","activeDeadlineSecondsOverride":3600}},"ClusterResourceOverride":{"configuration":{"apiVersion":"v1","kind":"ClusterResourceOverrideConfig","limitCPUToMemoryPercent":200,"cpuRequestToLimitPercent":6,"memoryRequestToLimitPercent":60}}}

openshift_master_kube_admission_plugin_config is the equivalent for kubernetes
admission controller plugins.

Contains a change to merge_facts to fix issues with modifying inventory
variables that contain JSON dicts. If you modified a previously set variable,
the result would be a merge of old and new, which is completely wrong in this
case. Addded new overwrite_facts to shortcut to just taking the new values.
This differs from the pre-existing concept of "protected" in that we're not
protecting an old value, we're trashing it and taking the new.
Devan Goodwin 9 years ago
parent
c8f5f05df6
commit
89db887bd5
3 changed files with 28 additions and 1 deletions
Split View Show Diff Stats
  1. 10 1
      roles/openshift_facts/library/openshift_facts.py
  2. 14 0
      roles/openshift_master/templates/master.yaml.v1.j2
  3. 4 0
      roles/openshift_master_facts/tasks/main.yml

+ 10 - 1
roles/openshift_facts/library/openshift_facts.py
View File 

@@ -1118,12 +1118,21 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw
 
     """
 
     additive_facts = ['named_certificates']
 
     protected_facts = ['ha', 'master_count']
 
+
 
+    # Facts we do not ever want to merge. These originate in inventory variables
 
+    # and typically contain JSON dicts. We don't ever want to trigger a merge
 
+    # here, just completely overwrite with the new if they are present there.
 
+    overwrite_facts = ['admission_plugin_config',
 
+                       'kube_admission_plugin_config']
 
+
 
     facts = dict()
 
     for key, value in orig.iteritems():
 
         # Key exists in both old and new facts.
 
         if key in new:
 
+            if key in overwrite_facts:
 
+                facts[key] = copy.deepcopy(new[key])
 
             # Continue to recurse if old and new fact is a dictionary.
 
-            if isinstance(value, dict) and isinstance(new[key], dict):
 
+            elif isinstance(value, dict) and isinstance(new[key], dict):
 
                 # Collect the subset of additive facts to overwrite if
 
                 # key matches. These will be passed to the subsequent
 
                 # merge_facts call.

+ 14 - 0
roles/openshift_master/templates/master.yaml.v1.j2
View File 

@@ -1,3 +1,10 @@
 
+admissionConfig:
 
+{% if 'admission_plugin_order' in openshift.master %}
 
+  pluginOrderOverride:{{ openshift.master.admission_plugin_order | to_padded_yaml(level=2) }}
 
+{% endif %}
 
+{% if 'admission_plugin_config' in openshift.master %}
 
+  pluginConfig:{{ openshift.master.admission_plugin_config | to_padded_yaml(level=2) }}
 
+{% endif %}
 
 apiLevels:
 
 {% if not openshift.common.version_gte_3_1_or_1_1 | bool %}
 
 - v1beta3
 
@@ -96,6 +103,13 @@ kubernetesMasterConfig:
 
   - v1beta3
 
   - v1
 
 {% endif %}
 
+  admissionConfig:
 
+{% if 'kube_admission_plugin_order' in openshift.master %}
 
+    pluginOrderOverride:{{ openshift.master.kube_admission_plugin_order | to_padded_yaml(level=3) }}
 
+{% endif %}
 
+{% if 'kube_admission_plugin_config' in openshift.master %}
 
+    pluginConfig:{{ openshift.master.kube_admission_plugin_config | to_padded_yaml(level=3) }}
 
+{% endif %}
 
   apiServerArguments: {{ openshift.master.api_server_args | default(None) | to_padded_yaml( level=2 ) }}
 
   controllerArguments: {{ openshift.master.controller_args | default(None) | to_padded_yaml( level=2 ) }}
 
   masterCount: {{ openshift.master.master_count if openshift.master.cluster_method | default(None) == 'native' else 1 }}

+ 4 - 0
roles/openshift_master_facts/tasks/main.yml
View File 

@@ -65,3 +65,7 @@
 
       master_image: "{{ osm_image | default(None) }}"
 
       scheduler_predicates: "{{ openshift_master_scheduler_predicates | default(None) }}"
 
       scheduler_priorities: "{{ openshift_master_scheduler_priorities | default(None) }}"
 
+      admission_plugin_order: "{{openshift_master_admission_plugin_order | default(None) }}"
 
+      admission_plugin_config: "{{openshift_master_admission_plugin_config | default(None) }}"
 
+      kube_admission_plugin_order: "{{openshift_master_kube_admission_plugin_order | default(None) }}"
 
+      kube_admission_plugin_config: "{{openshift_master_kube_admission_plugin_config | default(None) }}"