Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

managed-cluster-config repository

This repo contains static configuration specific to a "managed" OpenShift Dedicated (OSD) cluster.

How to use this repo

To add a new SelectorSyncSet, add your yaml manifest to the deploy dir, then run the make command.

Alternatively you can enable GitHub Actions on your fork and make will be ran automatically. Additionally, the action will create a new commit with the generated files.



  • oyaml: pip install oyaml


All resources in deploy/ are bundled into a template that is used by config management to apply to target "hive" clusters. The configuration for this supports two options for deployment. They can be deployed in the template so they are:

  1. deployed directly to the "hive" cluster
  2. deployed to the "hive" cluster inside a SelectorSyncSet

Direct deployment (#1) supports resources that are not synced down to OSD clusters. SelectorSyncSet deployment (#2) supports resoures that are synced down to OSD clusters. Each are explained in detail here. The general configuration is managed in a config.yaml file in each deploy directory. Key things of note:

  • This file is optional! If not present it's assumed deploymentMode is "SelectorSyncSet" with no additional configuration.
  • Configuration is not inherited by sub-directories! Every (EVERY) directory in the deploy/ hierarchy must define a config.yaml file.

You must specify a deploymentMode property in config.yaml.

  • deploymentMode (optional, default = "SelectorSyncSet") - either "Direct" or "SelectorSyncSet".

Direct Deployment

You must specify the environments where the resource is deployed. There is no default set of environments. It is a child of the top level direct property.

  • environments (required, no default) - manages what environments the resources are deployed into. Valid values are any of "integration", "stage", and "production".

Example to deploy only to all environments:

deploymentMode: "Direct"
    environments: ["integration", "stage", "production"]

Example to deploy only to integration and stage:

deploymentMode: "Direct"
    environments: ["integration", "stage"]

SelectorSyncSet Deployment

In the config.yaml file you define a top level property selectorSyncSet. Within this configuration is supported for matchLaels, matchExpressions, matchLabelsApplyMode, resourceApplyMode, and applyBehavior.

  • matchLabels (optional, default: {}) - adds additional matchLabels conditions to the SelectorSyncSet's clusterDeploymentSelector
  • matchExpressions (optional, default: []) - adds matchExpressions conditions to the SelectoSyncSet's clusterDeploymentSelector
  • resourceApplyMode (optional, default: "Sync") - sets the SelectorSyncSet's resourceApplyMode
  • matchLabelsApplyMode (optional, default: "AND") - When set as "OR" generates a separate SSS per matchLabels conditions. Default behavior creates a single SSS with all matchLabels conditions. This is to tackle a situation where we want to apply configuration for one of many label conditions.
  • applyBehavior (optional, default: None, see hive default) - sets the SelectorSyncSet's applyBehavior

Example to apply a directory for any of a set of label conditions using Upsert:

deploymentMode: "SelectorSyncSet"
        myAwesomeLabel: "some value"
        someOtherLabel: "something else"
    resourceApplyMode: "Upsert"
    matchLabelsApplyMode: "OR"

Selector Sync Sets included in this repo


A set of rules and alerts that SRE requires to ensure a cluster is functioning. There are two categories of rules and alerts found here:

  1. SRE specific, will never be part of OCP
  2. Temporary addition until made part of OCP

Prometheus and Alertmanager persistent storage

Persistent storage is configured using the configmap cluster-monitoring-config, which is read by the cluster-monitoring-operator to generate PersistentVolumeClaims and attach them to the Prometheus and Alertmanager pods.

Curated Operators

Initially OSD will support a subset of operators only. These are managed by patching the OCP shipped OperatorSource CRs. See deploy/osd-curated-operators.

NOTE that ClusterVersion is being patched to add overrides. If other overrides are needed we'll have to tune how we do this patching. It must be done along with the OperatorSource patching to ensure CVO doesn't revert the OperatorSource patching.

Console Branding

In OSD, managed-cluster-config sets a key named branding to dedicated in the Console operator. This value is in turn read by code that applies the logo and other branding elements predefined for that value.

OAuth Templates

Docs TBA.

Resource Quotas

Refer to deploy/resource/quotas/

Image Pruning

Docs TBA.


Prepares the cluster for elasticsearch and logging operator installation and pre-configures curator to retain 2 days of indexes (1 day for operations).

To opt-in to logging, the customer must:

  1. install the logging operator
  2. install the elasticsearch operator
  3. create ClusterLogging CR in openshift-logging



Additional Scripts

There are additional scripts in this repo as a holding place for a better place or a better solution / process.


Static deployable artifacts for managed OSD clusters




No releases published


No packages published