spec:
keepNamespace: true
sandboxRole: edit
The OpenShift Ansible Broker is deprecated in OpenShift Container Platform 4. Equivalent and better functionality is present in the Operator Framework and Operator Lifecycle Manager (OLM). |
The following procedure customizes the settings for your OpenShift Ansible Broker.
You have installed and started the OpenShift Ansible Broker.
This procedure assumes that you used ansible-service-broker
both as the OpenShift Ansible Broker name and the project that it was installed into.
Navigate in the web console to Operators → Installed Operators and select the ansible-service-broker
project.
Select the OpenShift Ansible Service Broker Operator.
On the Automation Broker tab, select ansible-service-broker
.
On the YAML tab, add or update any OpenShift Ansible Broker configuration options under the spec
field.
For example:
spec:
keepNamespace: true
sandboxRole: edit
Click Save to apply these changes.
You can set the following options for your OpenShift Ansible Broker.
YAML key | Description | Default value |
---|---|---|
|
The name used to identify the broker instance. |
|
|
The namespace where the broker resides. |
|
|
The fully qualified image used for the broker. |
|
|
The pull policy used for the broker image itself. |
|
|
The node selector string used for the broker’s deployment. |
|
|
Expressed as a yaml list of broker registry configs, allowing the user to configure the image registries the broker will discover and source its APBs from. |
See the default registries array. |
|
The log level used for the broker’s logs. |
|
|
The pull policy used for APB Pods. |
|
|
The role granted to the service account used to execute APBs. |
|
|
Whether the transient namespace created to run the APB is deleted after the conclusion of the APB, regardless of the result. |
|
|
Whether the transient namespace created to run the APB is deleted after the conclusion of the APB, only in the event of an error result. |
|
|
Whether or not the broker should run its bootstrap routine on startup. |
|
|
The interval of time between broker bootstraps, refreshing its inventory of APBs. |
|
|
Experimental: Toggles the broker executing APBs on bind operations. |
|
|
Whether the broker should escalate the permissions of a user while running the APB. This should typically remain |
|
|
Whether to output the low level HTTP requests that the broker receives. |
|
registries
- type: rhcc
name: rhcc
url: https://registry.redhat.io
white_list:
- ".*-apb$"
auth_type: secret
auth_name: asb-registry-auth
In order for prometheus to monitor the OpenShift Ansible Broker, you must create the following resources to grant prometheus permission to access the namespace where the OpenShift Ansible Broker was installed.
The OpenShift Ansible Broker is installed.
This procedure assumes that you installed the OpenShift Ansible Broker into the |
Create the role.
Navigate to Administration → Roles and click Create Role.
Replace the YAML in the editor with the following:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: prometheus-k8s
namespace: openshift-ansible-service-broker
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- pods
verbs:
- get
- list
- watch
Click Create.
Create the role binding.
Navigate to Administration → Role Bindings and click Create Binding.
For the Binding Type, select Namespace Role Binding (RoleBinding).
For the Role Binding, enter prometheus-k8s
in the Name field and openshift-ansible-service-broker
in the Namespace field.
For the Role, select prometheus-k8s.
For the Subject, choose the Service Account option, select the
openshift-monitoring
namespace, and enter prometheus-k8s
in the
Subject Name field.
Click Create.
prometheus will now have access to OpenShift Ansible Broker metrics.