Parameters

The parent key for all the following parameters is openshift4_config.

`globalPullSecret`

type	string
default	absent

This parameter is deprecated. Please migrate your additional pull secrets to parameter globalPullSecrets.

A Vault reference pointing to the Vault secret containing the docker configuration file in JSON format. If the parameter is null, the component doesn’t manage the cluster’s global pull secret.

The component writes the value of this parameter into the field .dockerconfigjson of the secret pull-secret in namespace openshift-config.

See the OpenShift documentation for more details on managing the cluster’s global pull secret.

You need to make sure that the existing pull secrets present on a cluster (deployed by the OpenShift installer) are included in the configuration deployed by this component. Otherwise, OpenShift cluster services may stop working because their respective container images can’t be downloaded anymore.

`globalPullSecrets`

type

dict

default

{}

example

docker.io:
  email: dockerhub@example.com (1)
  auth: ?{vaultkv:${cluster:tenant}/${cluster:name}/openshift4-config/docker.io-pull-secret} (2)

1	Some registries require an email address to be present for authenticated pulls.
2	We strongly recommend that you store the `auth` value for the registry in Vault.

This parameter allows customizing the OpenShift cluster pull-secret without having to replicate the complete secret contents in Vault. The component expects entries in the dict to be valid entries for the .dockerconfigjson auths field. The component allows users to remove existing entries (also entries originally created by the OpenShift installer) by setting the value for a registry host to null.

The component doesn’t base64-encode the value provided for auth. Please make sure that you store the auth value as base64 in Vault.

`caBundle`

type

string

default

null

example

caBundle: | (1)
  -----BEGIN CERTIFICATE-----
  MY AWESOME CA
  -----END CERTIFICATE-----

1	Custom CA deployed as ConfigMap `syn-ca-bundle`.

This parameter allows to deploy a ConfigMap in the openshift-config namespace. The ConfigMap contains the configured CA in the key ca-bundle.crt, to be used by other components.

This ConfigMap isn’t used by OpenShift components. OpenShift uses a separate config map called user-ca-bundle in namespace openshift-config to extend the system wide trusted CA bundle. See parameter trustedCA in component openshift4-proxy for details on how to deploy additional trusted CA certificates for the system-wide trusted CA bundle.

`motd`

type	dictionary

Configure OpenShift’s message of the day which is displayed in the terminal when using oc login.

`motd.messages`

type	dictionary
default	`{}`

A dictionary of messages to be displayed in the message of the day. Entries with null values are skipped. This allows users to remove notifications which were configured higher up in the hierarchy.

`motd.include_console_notifications`

type	boolean
default	`false`

Whether to include the console notifications from component-openshift4-console in the message of the day.

The component will include each console notification’s spec.text and spec.link contents in the following form:

<spec.text>
<spec.link.text>: <spec.link.href>

For console notifications which don’t provide spec.link, the second line will be omitted.

`etcdCustomziation`

type	dictionary

This parameter allows customizing the cluster’s etcd. The implementation uses Espejote to reconcile our customizations for the etcd.operator.openshift.io/cluster resource.

`etcdCustomization.enabled`

type	boolean
default	`false`

Whether to deploy the Espejote managed resource on the cluster. If this parameter is set to false, changing the contents of etcd.spec has no effect.

`etcdCustomization.spec`

type	dictionary
default	See `class/defaults.yml`

A partial spec for the OpenShift 4 Etcd custom resource. See the upstream API documentation for available fields.