diff options
Diffstat (limited to 'files')
-rw-r--r-- | files/origin-components/console-config.yaml | 41 | ||||
-rw-r--r-- | files/origin-components/console-rbac-template.yaml | 38 |
2 files changed, 69 insertions, 10 deletions
diff --git a/files/origin-components/console-config.yaml b/files/origin-components/console-config.yaml index e104e8028..901518b28 100644 --- a/files/origin-components/console-config.yaml +++ b/files/origin-components/console-config.yaml @@ -1,5 +1,34 @@ -kind: WebConsoleConfiguration apiVersion: webconsole.config.openshift.io/v1 +kind: WebConsoleConfiguration +clusterInfo: + consolePublicURL: https://127.0.0.1:8443/console/ + loggingPublicURL: "" + logoutPublicURL: "" + masterPublicURL: https://127.0.0.1:8443 + metricsPublicURL: "" +# TODO: The new extensions properties cannot be set until +# origin-web-console-server has been updated with the API changes since +# `extensions` in the old asset config was an array. +#extensions: +# scriptURLs: [] +# stylesheetURLs: [] +# properties: null +features: + inactivityTimeoutMinutes: 0 +servingInfo: + bindAddress: 0.0.0.0:8443 + bindNetwork: tcp4 + certFile: /var/serving-cert/tls.crt + clientCA: "" + keyFile: /var/serving-cert/tls.key + maxRequestsInFlight: 0 + namedCertificates: null + requestTimeoutSeconds: 0 + +# START deprecated properties +# These properties have been renamed and will be removed from the install +# in a future pull. Keep both the old and new properties for now so that +# the install is not broken while the origin-web-console image is updated. extensionDevelopment: false extensionProperties: null extensionScripts: null @@ -10,12 +39,4 @@ logoutURL: "" masterPublicURL: https://127.0.0.1:8443 metricsPublicURL: "" publicURL: https://127.0.0.1:8443/console/ -servingInfo: - bindAddress: 0.0.0.0:8443 - bindNetwork: tcp4 - certFile: /var/serving-cert/tls.crt - clientCA: "" - keyFile: /var/serving-cert/tls.key - maxRequestsInFlight: 0 - namedCertificates: null - requestTimeoutSeconds: 0 +# END deprecated properties diff --git a/files/origin-components/console-rbac-template.yaml b/files/origin-components/console-rbac-template.yaml new file mode 100644 index 000000000..9ee117199 --- /dev/null +++ b/files/origin-components/console-rbac-template.yaml @@ -0,0 +1,38 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + name: web-console-server-rbac +parameters: +- name: NAMESPACE + # This namespace cannot be changed. Only `openshift-web-console` is supported. + value: openshift-web-console +objects: + + +# allow grant powers to the webconsole server for cluster inspection +- apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: ClusterRole + metadata: + name: system:openshift:web-console-server + rules: + - apiGroups: + - "servicecatalog.k8s.io" + resources: + - clusterservicebrokers + verbs: + - get + - list + - watch + +# Grant the service account for the web console +- apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: ClusterRoleBinding + metadata: + name: system:openshift:web-console-server + roleRef: + kind: ClusterRole + name: system:openshift:web-console-server + subjects: + - kind: ServiceAccount + namespace: ${NAMESPACE} + name: webconsole |