4 files changed, 82 insertions, 16 deletions

diff --git a/files/origin-components/apiserver-template.yaml b/files/origin-components/apiserver-template.yaml
index 035e4734b..4dd9395d0 100644
--- a/files/origin-components/apiserver-template.yaml
+++ b/files/origin-components/apiserver-template.yaml
@@ -4,7 +4,7 @@ metadata:
   name: template-service-broker-apiserver
 parameters:
 - name: IMAGE
-  value: openshift/origin:latest
+  value: openshift/origin-template-service-broker:latest
 - name: NAMESPACE
   value: openshift-template-service-broker
 - name: LOGLEVEL
@@ -40,14 +40,14 @@ objects:
           image: ${IMAGE}
           imagePullPolicy: IfNotPresent
           command:
-          - "/usr/bin/openshift"
+          - "/usr/bin/template-service-broker"
           - "start"
           - "template-service-broker"
           - "--secure-port=8443"
           - "--audit-log-path=-"
           - "--tls-cert-file=/var/serving-cert/tls.crt"
           - "--tls-private-key-file=/var/serving-cert/tls.key"
-          - "--loglevel=${LOGLEVEL}"
+          - "--v=${LOGLEVEL}"
           - "--config=/var/apiserver-config/apiserver-config.yaml"
           ports:
           - containerPort: 8443
diff --git a/files/origin-components/console-config.yaml b/files/origin-components/console-config.yaml
index 8f3f87c0b..901518b28 100644
--- a/files/origin-components/console-config.yaml
+++ b/files/origin-components/console-config.yaml
@@ -1,5 +1,34 @@
-kind: AssetConfig
-apiVersion: v1
+apiVersion: webconsole.config.openshift.io/v1
+kind: WebConsoleConfiguration
+clusterInfo:
+  consolePublicURL: https://127.0.0.1:8443/console/
+  loggingPublicURL: ""
+  logoutPublicURL: ""
+  masterPublicURL: https://127.0.0.1:8443
+  metricsPublicURL: ""
+# TODO: The new extensions properties cannot be set until
+# origin-web-console-server has been updated with the API changes since
+# `extensions` in the old asset config was an array.
+#extensions:
+#  scriptURLs: []
+#  stylesheetURLs: []
+#  properties: null
+features:
+  inactivityTimeoutMinutes: 0
+servingInfo:
+  bindAddress: 0.0.0.0:8443
+  bindNetwork: tcp4
+  certFile: /var/serving-cert/tls.crt
+  clientCA: ""
+  keyFile: /var/serving-cert/tls.key
+  maxRequestsInFlight: 0
+  namedCertificates: null
+  requestTimeoutSeconds: 0
+
+# START deprecated properties
+# These properties have been renamed and will be removed from the install
+# in a future pull. Keep both the old and new properties for now so that
+# the install is not broken while the origin-web-console image is updated.
 extensionDevelopment: false
 extensionProperties: null
 extensionScripts: null
@@ -10,12 +39,4 @@ logoutURL: ""
 masterPublicURL: https://127.0.0.1:8443
 metricsPublicURL: ""
 publicURL: https://127.0.0.1:8443/console/
-servingInfo:
-  bindAddress: 0.0.0.0:8443
-  bindNetwork: tcp4
-  certFile: /var/serving-cert/tls.crt
-  clientCA: ""
-  keyFile: /var/serving-cert/tls.key
-  maxRequestsInFlight: 0
-  namedCertificates: null
-  requestTimeoutSeconds: 0
\ No newline at end of file
+# END deprecated properties
diff --git a/files/origin-components/console-rbac-template.yaml b/files/origin-components/console-rbac-template.yaml
new file mode 100644
index 000000000..9ee117199
--- /dev/null
+++ b/files/origin-components/console-rbac-template.yaml
@@ -0,0 +1,38 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+  name: web-console-server-rbac
+parameters:
+- name: NAMESPACE
+  # This namespace cannot be changed. Only `openshift-web-console` is supported.
+  value: openshift-web-console
+objects:
+
+
+# allow grant powers to the webconsole server for cluster inspection
+- apiVersion: rbac.authorization.k8s.io/v1beta1
+  kind: ClusterRole
+  metadata:
+    name: system:openshift:web-console-server
+  rules:
+  - apiGroups:
+    - "servicecatalog.k8s.io"
+    resources:
+    - clusterservicebrokers
+    verbs:
+    - get
+    - list
+    - watch
+
+# Grant the service account for the web console
+- apiVersion: rbac.authorization.k8s.io/v1beta1
+  kind: ClusterRoleBinding
+  metadata:
+    name: system:openshift:web-console-server
+  roleRef:
+    kind: ClusterRole
+    name: system:openshift:web-console-server
+  subjects:
+  - kind: ServiceAccount
+    namespace: ${NAMESPACE}
+    name: webconsole
diff --git a/files/origin-components/console-template.yaml b/files/origin-components/console-template.yaml
index b2a6569fd..7bf2d0cf4 100644
--- a/files/origin-components/console-template.yaml
+++ b/files/origin-components/console-template.yaml
@@ -14,6 +14,7 @@ parameters:
 - name: IMAGE
   value: openshift/origin-web-console:latest
 - name: NAMESPACE
+  # This namespace cannot be changed. Only `openshift-web-console` is supported.
   value: openshift-web-console
 - name: LOGLEVEL
   value: "0"
@@ -51,6 +52,7 @@ objects:
           command:
           - "/usr/bin/origin-web-console"
           - "--audit-log-path=-"
+          - "-v=${LOGLEVEL}"
           - "--config=/var/webconsole-config/webconsole-config.yaml"
           ports:
           - containerPort: 8443
@@ -64,15 +66,20 @@ objects:
               path: /healthz
               port: 8443
               scheme: HTTPS
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 8443
+              scheme: HTTPS
         nodeSelector: "${{NODE_SELECTOR}}"
         volumes:
         - name: serving-cert
           secret:
-            defaultMode: 420
+            defaultMode: 400
             secretName: webconsole-serving-cert
         - name: webconsole-config
           configMap:
-            defaultMode: 420
+            defaultMode: 440
             name: webconsole-config
 
 # to create the config for the web console