diff options
Diffstat (limited to 'roles/openshift_service_catalog/templates')
6 files changed, 192 insertions, 0 deletions
diff --git a/roles/openshift_service_catalog/templates/api_server.j2 b/roles/openshift_service_catalog/templates/api_server.j2 new file mode 100644 index 000000000..c09834fd4 --- /dev/null +++ b/roles/openshift_service_catalog/templates/api_server.j2 @@ -0,0 +1,79 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + labels: + app: apiserver + name: apiserver +spec: + selector: + matchLabels: + app: apiserver + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: apiserver + spec: + serviceAccountName: service-catalog-apiserver + nodeSelector: +{% for key, value in node_selector.iteritems() %} + {{key}}: "{{value}}" +{% endfor %} + containers: + - args: + - --storage-type + - etcd + - --secure-port + - "6443" + - --etcd-servers + - {{ etcd_servers }} + - --etcd-cafile + - {{ etcd_cafile }} + - --etcd-certfile + - /etc/origin/master/master.etcd-client.crt + - --etcd-keyfile + - /etc/origin/master/master.etcd-client.key + - -v + - "10" + - --cors-allowed-origins + - {{ cors_allowed_origin }} + - --admission-control + - "KubernetesNamespaceLifecycle" + image: {{ openshift_service_catalog_image_prefix }}service-catalog:{{ openshift_service_catalog_image_version }} + command: ["/usr/bin/apiserver"] + imagePullPolicy: Always + name: apiserver + ports: + - containerPort: 6443 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + volumeMounts: + - mountPath: /var/run/kubernetes-service-catalog + name: apiserver-ssl + readOnly: true + - mountPath: /etc/origin/master + name: etcd-host-cert + readOnly: true + dnsPolicy: ClusterFirst + restartPolicy: Always + securityContext: {} + terminationGracePeriodSeconds: 30 + volumes: + - name: apiserver-ssl + secret: + defaultMode: 420 + secretName: apiserver-ssl + items: + - key: tls.crt + path: apiserver.crt + - key: tls.key + path: apiserver.key + - hostPath: + path: /etc/origin/master + name: etcd-host-cert + - emptyDir: {} + name: data-dir diff --git a/roles/openshift_service_catalog/templates/api_server_route.j2 b/roles/openshift_service_catalog/templates/api_server_route.j2 new file mode 100644 index 000000000..3c3da254d --- /dev/null +++ b/roles/openshift_service_catalog/templates/api_server_route.j2 @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Route +metadata: + name: apiserver +spec: + port: + targetPort: secure + tls: + termination: passthrough + to: + kind: Service + name: apiserver + weight: 100 + wildcardPolicy: None diff --git a/roles/openshift_service_catalog/templates/api_server_service.j2 b/roles/openshift_service_catalog/templates/api_server_service.j2 new file mode 100644 index 000000000..bae337201 --- /dev/null +++ b/roles/openshift_service_catalog/templates/api_server_service.j2 @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: apiserver +spec: + ports: + - name: secure + port: 443 + protocol: TCP + targetPort: 6443 + selector: + app: apiserver + sessionAffinity: None diff --git a/roles/openshift_service_catalog/templates/controller_manager.j2 b/roles/openshift_service_catalog/templates/controller_manager.j2 new file mode 100644 index 000000000..1bbc0fa2c --- /dev/null +++ b/roles/openshift_service_catalog/templates/controller_manager.j2 @@ -0,0 +1,47 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + labels: + app: controller-manager + name: controller-manager +spec: + selector: + matchLabels: + app: controller-manager + strategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: controller-manager + spec: + serviceAccountName: service-catalog-controller + nodeSelector: +{% for key, value in node_selector.iteritems() %} + {{key}}: "{{value}}" +{% endfor %} + containers: + - env: + - name: K8S_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: + - -v + - "5" + - "--leader-election-namespace=$(K8S_NAMESPACE)" + image: {{ openshift_service_catalog_image_prefix }}service-catalog:{{ openshift_service_catalog_image_version }} + command: ["/usr/bin/controller-manager"] + imagePullPolicy: Always + name: controller-manager + ports: + - containerPort: 8080 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + dnsPolicy: ClusterFirst + restartPolicy: Always + securityContext: {} + terminationGracePeriodSeconds: 30 diff --git a/roles/openshift_service_catalog/templates/controller_manager_service.j2 b/roles/openshift_service_catalog/templates/controller_manager_service.j2 new file mode 100644 index 000000000..2bac645fc --- /dev/null +++ b/roles/openshift_service_catalog/templates/controller_manager_service.j2 @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: controller-manager +spec: + ports: + - port: 6443 + protocol: TCP + targetPort: 6443 + selector: + app: controller-manager + sessionAffinity: None + type: ClusterIP diff --git a/roles/openshift_service_catalog/templates/sc_role_patching.j2 b/roles/openshift_service_catalog/templates/sc_role_patching.j2 new file mode 100644 index 000000000..69b062b3f --- /dev/null +++ b/roles/openshift_service_catalog/templates/sc_role_patching.j2 @@ -0,0 +1,26 @@ +{{ original_content }} +- apiGroups: + - "servicecatalog.k8s.io" + attributeRestrictions: null + resources: + - instances + - bindings + verbs: + - create + - update + - delete + - get + - list + - watch +- apiGroups: + - "settings.k8s.io" + attributeRestrictions: null + resources: + - podpresets + verbs: + - create + - update + - delete + - get + - list + - watch |