summaryrefslogtreecommitdiffstats
path: root/roles/openshift_web_console
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2018-01-26 17:38:26 -0800
committerGitHub <noreply@github.com>2018-01-26 17:38:26 -0800
commit65d69eca7dc6ac71c25a6a5c9a3936e2bb49a5d8 (patch)
tree03ce2701a4550fb4a996fc4edfae94c363fdc271 /roles/openshift_web_console
parentef8e18254cd96b7b68a5e01ee0b2ae6b3a10d3c6 (diff)
parent7dceb6260a333e29c922dad8613ae6a0946fa07b (diff)
downloadopenshift-65d69eca7dc6ac71c25a6a5c9a3936e2bb49a5d8.tar.gz
openshift-65d69eca7dc6ac71c25a6a5c9a3936e2bb49a5d8.tar.bz2
openshift-65d69eca7dc6ac71c25a6a5c9a3936e2bb49a5d8.tar.xz
openshift-65d69eca7dc6ac71c25a6a5c9a3936e2bb49a5d8.zip
Merge pull request #6840 from yocum137/rm_origin-components
Automatic merge from submit-queue. moving files to their correct <role>/files location The openshift_web_console and template_service_broker roles are putting 'files' outside the openshift-ansible roles they belong to.
Diffstat (limited to 'roles/openshift_web_console')
-rw-r--r--roles/openshift_web_console/files/console-config.yaml24
-rw-r--r--roles/openshift_web_console/files/console-rbac-template.yaml38
-rw-r--r--roles/openshift_web_console/files/console-template.yaml127
-rw-r--r--roles/openshift_web_console/tasks/install.yml2
-rw-r--r--roles/openshift_web_console/vars/main.yml2
5 files changed, 190 insertions, 3 deletions
diff --git a/roles/openshift_web_console/files/console-config.yaml b/roles/openshift_web_console/files/console-config.yaml
new file mode 100644
index 000000000..55c650fbe
--- /dev/null
+++ b/roles/openshift_web_console/files/console-config.yaml
@@ -0,0 +1,24 @@
+apiVersion: webconsole.config.openshift.io/v1
+kind: WebConsoleConfiguration
+clusterInfo:
+ consolePublicURL: https://127.0.0.1:8443/console/
+ loggingPublicURL: ""
+ logoutPublicURL: ""
+ masterPublicURL: https://127.0.0.1:8443
+ metricsPublicURL: ""
+extensions:
+ scriptURLs: []
+ stylesheetURLs: []
+ properties: null
+features:
+ inactivityTimeoutMinutes: 0
+ clusterResourceOverridesEnabled: false
+servingInfo:
+ bindAddress: 0.0.0.0:8443
+ bindNetwork: tcp4
+ certFile: /var/serving-cert/tls.crt
+ clientCA: ""
+ keyFile: /var/serving-cert/tls.key
+ maxRequestsInFlight: 0
+ namedCertificates: null
+ requestTimeoutSeconds: 0
diff --git a/roles/openshift_web_console/files/console-rbac-template.yaml b/roles/openshift_web_console/files/console-rbac-template.yaml
new file mode 100644
index 000000000..9ee117199
--- /dev/null
+++ b/roles/openshift_web_console/files/console-rbac-template.yaml
@@ -0,0 +1,38 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+ name: web-console-server-rbac
+parameters:
+- name: NAMESPACE
+ # This namespace cannot be changed. Only `openshift-web-console` is supported.
+ value: openshift-web-console
+objects:
+
+
+# allow grant powers to the webconsole server for cluster inspection
+- apiVersion: rbac.authorization.k8s.io/v1beta1
+ kind: ClusterRole
+ metadata:
+ name: system:openshift:web-console-server
+ rules:
+ - apiGroups:
+ - "servicecatalog.k8s.io"
+ resources:
+ - clusterservicebrokers
+ verbs:
+ - get
+ - list
+ - watch
+
+# Grant the service account for the web console
+- apiVersion: rbac.authorization.k8s.io/v1beta1
+ kind: ClusterRoleBinding
+ metadata:
+ name: system:openshift:web-console-server
+ roleRef:
+ kind: ClusterRole
+ name: system:openshift:web-console-server
+ subjects:
+ - kind: ServiceAccount
+ namespace: ${NAMESPACE}
+ name: webconsole
diff --git a/roles/openshift_web_console/files/console-template.yaml b/roles/openshift_web_console/files/console-template.yaml
new file mode 100644
index 000000000..547e7a265
--- /dev/null
+++ b/roles/openshift_web_console/files/console-template.yaml
@@ -0,0 +1,127 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+ name: openshift-web-console
+ annotations:
+ openshift.io/display-name: OpenShift Web Console
+ description: The server for the OpenShift web console.
+ iconClass: icon-openshift
+ tags: openshift,infra
+ openshift.io/documentation-url: https://github.com/openshift/origin-web-console-server
+ openshift.io/support-url: https://access.redhat.com
+ openshift.io/provider-display-name: Red Hat, Inc.
+parameters:
+- name: IMAGE
+ value: openshift/origin-web-console:latest
+- name: NAMESPACE
+ # This namespace cannot be changed. Only `openshift-web-console` is supported.
+ value: openshift-web-console
+- name: LOGLEVEL
+ value: "0"
+- name: API_SERVER_CONFIG
+- name: NODE_SELECTOR
+ value: "{}"
+- name: REPLICA_COUNT
+ value: "1"
+objects:
+
+# to create the web console server
+- apiVersion: apps/v1beta1
+ kind: Deployment
+ metadata:
+ namespace: ${NAMESPACE}
+ name: webconsole
+ labels:
+ app: openshift-web-console
+ webconsole: "true"
+ spec:
+ replicas: "${{REPLICA_COUNT}}"
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ name: webconsole
+ labels:
+ webconsole: "true"
+ spec:
+ serviceAccountName: webconsole
+ containers:
+ - name: webconsole
+ image: ${IMAGE}
+ imagePullPolicy: IfNotPresent
+ command:
+ - "/usr/bin/origin-web-console"
+ - "--audit-log-path=-"
+ - "-v=${LOGLEVEL}"
+ - "--config=/var/webconsole-config/webconsole-config.yaml"
+ ports:
+ - containerPort: 8443
+ volumeMounts:
+ - mountPath: /var/serving-cert
+ name: serving-cert
+ - mountPath: /var/webconsole-config
+ name: webconsole-config
+ readinessProbe:
+ httpGet:
+ path: /healthz
+ port: 8443
+ scheme: HTTPS
+ livenessProbe:
+ httpGet:
+ path: /
+ port: 8443
+ scheme: HTTPS
+ resources:
+ requests:
+ cpu: 100m
+ memory: 100Mi
+ nodeSelector: "${{NODE_SELECTOR}}"
+ volumes:
+ - name: serving-cert
+ secret:
+ defaultMode: 400
+ secretName: webconsole-serving-cert
+ - name: webconsole-config
+ configMap:
+ defaultMode: 440
+ name: webconsole-config
+
+# to create the config for the web console
+- apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ namespace: ${NAMESPACE}
+ name: webconsole-config
+ labels:
+ app: openshift-web-console
+ data:
+ webconsole-config.yaml: ${API_SERVER_CONFIG}
+
+# to be able to assign powers to the process
+- apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ namespace: ${NAMESPACE}
+ name: webconsole
+ labels:
+ app: openshift-web-console
+
+# to be able to expose web console inside the cluster
+- apiVersion: v1
+ kind: Service
+ metadata:
+ namespace: ${NAMESPACE}
+ name: webconsole
+ labels:
+ app: openshift-web-console
+ annotations:
+ service.alpha.openshift.io/serving-cert-secret-name: webconsole-serving-cert
+ prometheus.io/scrape: "true"
+ prometheus.io/scheme: https
+ spec:
+ selector:
+ webconsole: "true"
+ ports:
+ - name: https
+ port: 443
+ targetPort: 8443
diff --git a/roles/openshift_web_console/tasks/install.yml b/roles/openshift_web_console/tasks/install.yml
index cc5eef47d..ff33338a6 100644
--- a/roles/openshift_web_console/tasks/install.yml
+++ b/roles/openshift_web_console/tasks/install.yml
@@ -33,7 +33,7 @@
- name: Copy web console templates to temp directory
copy:
- src: "{{ __console_files_location }}/{{ item }}"
+ src: "{{ item }}"
dest: "{{ mktemp.stdout }}/{{ item }}"
with_items:
- "{{ __console_template_file }}"
diff --git a/roles/openshift_web_console/vars/main.yml b/roles/openshift_web_console/vars/main.yml
index e91048e38..72bff5d01 100644
--- a/roles/openshift_web_console/vars/main.yml
+++ b/roles/openshift_web_console/vars/main.yml
@@ -1,6 +1,4 @@
---
-__console_files_location: "../../../files/origin-components/"
-
__console_template_file: "console-template.yaml"
__console_rbac_file: "console-rbac-template.yaml"
__console_config_file: "console-config.yaml"