nicolas
/
OpenShift-Implementation-at-ITIX
mirror of https://github.com/nmasse-itix/OpenShift-Implementation-at-ITIX.git
1
0
Fork 0
Code Issues Releases Wiki Activity
OpenShift Origin Implementation at ITIX (mostly Ansible Playbooks)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
64 Commits
1 Branch
0 Tags
102 KiB
 
Tree: 2870c713a7
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2870c713a7'
${ noResults }
OpenShift-Implementation-at.../prod.hosts

97 lines
3.2 KiB
Raw Blame History

#
# Variables used by Integr8ly
#
[master:children]
masters
#
# Variables used by the ITIX playbook
#
[itix:vars]
itix_dns_suffix=itix.fr
itix_openshift_version=3.11
[itix:children]
masters
#
# Shared variables used by both openshift-ansible and the ITIX playbook
#
[all:vars]
# Default route suffix
openshift_master_default_subdomain=app.itix.fr
[masters]
openshift.itix.fr
[etcd]
openshift.itix.fr
[nodes]
openshift.itix.fr openshift_node_group_name='node-config-all-in-one'
#
# The rest is used only by the OpenShift installer playbook
#
[OSEv3:children]
masters
nodes
etcd
[OSEv3:vars]
# Yes, we need to use sudo
ansible_become=yes
# what to install
deployment_type=openshift-enterprise
# Clustering method
openshift_master_cluster_method=native
# Make sure NTP is enabled
openshift_clock_enabled=true
# Do not create the default project "my-project"
openshift_additional_projects={}
# Enable the "flat network" SDN
os_sdn_network_plugin_name='redhat/openshift-ovs-subnet'
# Do not use CRI-O
openshift_use_crio=false
# Use Firewalld
os_firewall_use_firewalld=yes
# Let's encrypt Certificates
openshift_master_overwrite_named_certificates=true
openshift_master_named_certificates=[{ "certfile": "{{ lookup('env','HOME') }}/.lego/certificates/openshift.itix.fr.crt", "keyfile": "{{ lookup('env','HOME') }}/.lego/certificates/openshift.itix.fr.key", "cafile": "{{ lookup('env','HOME') }}/.lego/certificates/openshift.itix.fr.issuer.crt", "names": [ "openshift.itix.fr" ] }]
openshift_hosted_router_certificate={ "certfile": "{{ lookup('env','HOME') }}/.lego/certificates/openshift.itix.fr.crt", "keyfile": "{{ lookup('env','HOME') }}/.lego/certificates/openshift.itix.fr.key", "cafile": "{{ lookup('env','HOME') }}/.lego/certificates/openshift.itix.fr.issuer.crt" }
openshift_master_openid_ca_file="{{ lookup('env','HOME') }}/.lego/certificates/openshift.itix.fr.issuer.crt"
# Since we are using Let's Encrypt, generate a warning about expiration only
# during the last 30 days
openshift_certificate_expiry_warning_days=30
# Since we have a public certificate for the master console, we need two different hostnames
openshift_master_cluster_hostname=openshift-internal.itix.fr
openshift_master_cluster_public_hostname=openshift.itix.fr
# Skip docker images check since it fails no matter what
openshift_disable_check=docker_image_availability
# Inject the MAVEN_MIRROR_URL in all builds
openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"MAVEN_MIRROR_URL","value":"http://nexus.factory.svc.cluster.local:8081/repository/maven-all-public/"}],"kind":"BuildDefaultsConfig"}}}'
# Set the NodePort range for Bittorrent use
openshift_node_port_range="6881-6999"
# Integr8ly webapp in dev mode
osm_custom_cors_origins=['http://localhost:3006']
# See #2: Raise the pods-per-core limit
openshift_node_groups=[ {"name": "node-config-all-in-one", "labels": [ "node-role.kubernetes.io/master=true", "node-role.kubernetes.io/infra=true", "node-role.kubernetes.io/compute=true" ], "edits": [ { "key": "kubeletArguments.pods-per-core", "value": [ "40" ] }, { "key": "kubeletArguments.max-pods", "value": [ "250" ] } ] } ]
# Do not fail when certificates are about to expire on the platform
openshift_certificate_expiry_fail_on_warn=no