Configuring Global Build Defaults and Overrides

The settings from these plug-ins are used only during the build process but are not set in the build configurations or builds themselves. Configuring the settings through the plug-ins allows administrators to change the global configuration at any time, and any builds that are re-run from existing build configurations or builds are assigned the new settings.

The admission control plug-in allows administrators to set global defaults for settings such as the Git HTTP and HTTPS proxy, as well as default environment variables. These defaults do not overwrite values that have been configured for a specific build. However, if those values are not present on the build definition, they are set to the default value.
The BuildOverrides admission control plug-in allows administrators to override a setting in a build, regardless of the value stored in the build.

The plug-in currently supports overriding the forcePull flag on a build strategy to force refreshing the local image from the registry during a build. This means that an access check is performed on an image every time a build starts, ensuring that users can build only with images they are allowed to pull. A forced refresh provides multitenancy for your build. However, you can no longer rely on the local cache of the image stored on the build node; you must always have access to the registry.

The plug-in can also be configured to apply a set of image labels to every built image.

For information on configuring the BuildOverrides admission control plug-in and the values you can override, see .

The default node selectors and the BuildDefaults or BuildOverrides admission plug-ins work together as follows:

The default project node selector, defined in the projectConfig.defaultNodeSelector field in the master configuration file, is applied to the pods created in all projects without a specified nodeSelector value. These settings are applied to builds with nodeSelector="null" on clusters where the BuildDefaults or BuildOverrides nodeselector is not set.
The cluster-wide default build node selector, admissionConfig.pluginConfig.BuildDefaults.configuration.nodeSelector, is applied only if the nodeSelector="null" parameter is set in the build configuration. nodeSelector=null is the default setting.
With a default project or cluster-wide node selector, the default setting is added as an AND to the build node selector, which is set by the BuildDefaults or BuildOverrides admission plug-ins. These settings mean that the build will be scheduled only to nodes that satisfy the BuildOverrides node selector AND the project default node selector.

You can set global build defaults two ways:

using Ansible

During cluster installations, the BuildDefaults plug-in can be configured using the following parameters, which are configurable in the inventory file:

openshift_builddefaults_https_proxy
openshift_builddefaults_no_proxy
openshift_builddefaults_git_http_proxy
openshift_builddefaults_git_https_proxy
openshift_builddefaults_git_no_proxy
openshift_builddefaults_image_labels
openshift_builddefaults_nodeselectors
openshift_builddefaults_annotations
openshift_builddefaults_resources_requests_cpu
openshift_builddefaults_resources_requests_memory
openshift_builddefaults_resources_limits_cpu
openshift_builddefaults_resources_limits_memory

Example 1. Example Build Defaults Configuration with Ansible

To configure the BuildDefaults plug-in:

Add a configuration for it in the /etc/origin/master/master-config.yaml file on the master nodes:


    BuildDefaults:
      configuration:
        apiVersion: v1
        kind: BuildDefaultsConfig
        gitHTTPProxy: http://my.proxy:8080 (1)
        gitHTTPSProxy: https://my.proxy:8443 (2)
        gitNoProxy: somedomain.com, otherdomain.com (3)
        env:
        - name: HTTP_PROXY (4)
          value: http://my.proxy:8080
        - name: HTTPS_PROXY (5)
          value: https://my.proxy:8443
        - name: BUILD_LOGLEVEL (6)
          value: 4
        - name: CUSTOM_VAR (7)
          value: custom_value
        imageLabels:
        - name: url (8)
          value: https://containers.example.org
        - name: vendor
          value: ExampleCorp Ltd.
        nodeSelector: (9)
          key1: value1
          key2: value2
        annotations: (10)
          key1: value1
          key2: value2
          requests:
            cpu: "100m"
            memory: "256Mi"
          limits:
            memory: "256Mi"

You can set global build overrides two ways:

manually by modifying the master-config.yaml file

During cluster installations, the BuildOverrides plug-in can be configured using the following parameters, which are configurable in the inventory file:

openshift_buildoverrides_force_pull
openshift_buildoverrides_image_labels
openshift_buildoverrides_nodeselectors
openshift_buildoverrides_annotations
openshift_buildoverrides_tolerations

Example 2. Example Build Overrides Configuration with Ansible

# These options configure the BuildOverrides admission controller which injects
# configuration into Builds.
openshift_buildoverrides_force_pull=true
openshift_buildoverrides_image_labels=[{'name':'imagelabelname1','value':'imagelabelvalue1'}]
openshift_buildoverrides_nodeselectors={'nodelabel1':'nodelabelvalue1'}
openshift_buildoverrides_annotations={'annotationkey1':'annotationvalue1'}
openshift_buildoverrides_tolerations=[{'key':'mykey1','value':'myvalue1','effect':'NoSchedule','operator':'Equal'}]
# Or you may optionally define your own build overrides configuration serialized as json
#openshift_buildoverrides_json='{"BuildOverrides":{"configuration":{"apiVersion":"v1","kind":"BuildOverridesConfig","forcePull":"true","tolerations":[{'key':'mykey1','value':'myvalue1','effect':'NoSchedule','operator':'Equal'}]}}}'

To configure the BuildOverrides plug-in:

Add a configuration for it in the /etc/origin/master/master-config.yaml file on masters:
Restart the master services for the changes to take effect:
```
# master-restart api
# master-restart controllers
```