From 296ee5ee346c843eb69786e1ab997e72870839ff Mon Sep 17 00:00:00 2001 From: Samuel Padgett Date: Wed, 15 Nov 2017 13:12:12 -0500 Subject: Install web console server --- files/origin-components/console-config.yaml | 21 +++++ files/origin-components/console-template.yaml | 114 ++++++++++++++++++++++++++ 2 files changed, 135 insertions(+) create mode 100644 files/origin-components/console-config.yaml create mode 100644 files/origin-components/console-template.yaml (limited to 'files/origin-components') diff --git a/files/origin-components/console-config.yaml b/files/origin-components/console-config.yaml new file mode 100644 index 000000000..8f3f87c0b --- /dev/null +++ b/files/origin-components/console-config.yaml @@ -0,0 +1,21 @@ +kind: AssetConfig +apiVersion: v1 +extensionDevelopment: false +extensionProperties: null +extensionScripts: null +extensionStylesheets: null +extensions: null +loggingPublicURL: "" +logoutURL: "" +masterPublicURL: https://127.0.0.1:8443 +metricsPublicURL: "" +publicURL: https://127.0.0.1:8443/console/ +servingInfo: + bindAddress: 0.0.0.0:8443 + bindNetwork: tcp4 + certFile: /var/serving-cert/tls.crt + clientCA: "" + keyFile: /var/serving-cert/tls.key + maxRequestsInFlight: 0 + namedCertificates: null + requestTimeoutSeconds: 0 \ No newline at end of file diff --git a/files/origin-components/console-template.yaml b/files/origin-components/console-template.yaml new file mode 100644 index 000000000..b2a6569fd --- /dev/null +++ b/files/origin-components/console-template.yaml @@ -0,0 +1,114 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + name: openshift-web-console + annotations: + openshift.io/display-name: OpenShift Web Console + description: The server for the OpenShift web console. + iconClass: icon-openshift + tags: openshift,infra + openshift.io/documentation-url: https://github.com/openshift/origin-web-console-server + openshift.io/support-url: https://access.redhat.com + openshift.io/provider-display-name: Red Hat, Inc. +parameters: +- name: IMAGE + value: openshift/origin-web-console:latest +- name: NAMESPACE + value: openshift-web-console +- name: LOGLEVEL + value: "0" +- name: API_SERVER_CONFIG +- name: NODE_SELECTOR + value: "{}" +- name: REPLICA_COUNT + value: "1" +objects: + +# to create the web console server +- apiVersion: apps/v1beta1 + kind: Deployment + metadata: + namespace: ${NAMESPACE} + name: webconsole + labels: + app: openshift-web-console + webconsole: "true" + spec: + replicas: "${{REPLICA_COUNT}}" + strategy: + type: Recreate + template: + metadata: + name: webconsole + labels: + webconsole: "true" + spec: + serviceAccountName: webconsole + containers: + - name: webconsole + image: ${IMAGE} + imagePullPolicy: IfNotPresent + command: + - "/usr/bin/origin-web-console" + - "--audit-log-path=-" + - "--config=/var/webconsole-config/webconsole-config.yaml" + ports: + - containerPort: 8443 + volumeMounts: + - mountPath: /var/serving-cert + name: serving-cert + - mountPath: /var/webconsole-config + name: webconsole-config + readinessProbe: + httpGet: + path: /healthz + port: 8443 + scheme: HTTPS + nodeSelector: "${{NODE_SELECTOR}}" + volumes: + - name: serving-cert + secret: + defaultMode: 420 + secretName: webconsole-serving-cert + - name: webconsole-config + configMap: + defaultMode: 420 + name: webconsole-config + +# to create the config for the web console +- apiVersion: v1 + kind: ConfigMap + metadata: + namespace: ${NAMESPACE} + name: webconsole-config + labels: + app: openshift-web-console + data: + webconsole-config.yaml: ${API_SERVER_CONFIG} + +# to be able to assign powers to the process +- apiVersion: v1 + kind: ServiceAccount + metadata: + namespace: ${NAMESPACE} + name: webconsole + labels: + app: openshift-web-console + +# to be able to expose web console inside the cluster +- apiVersion: v1 + kind: Service + metadata: + namespace: ${NAMESPACE} + name: webconsole + labels: + app: openshift-web-console + annotations: + service.alpha.openshift.io/serving-cert-secret-name: webconsole-serving-cert + spec: + selector: + webconsole: "true" + ports: + - name: https + port: 443 + targetPort: 8443 -- cgit v1.2.3 From 75f245f01bd3f1d96c87f0d8a2ebe8a13f86c7ec Mon Sep 17 00:00:00 2001 From: Samuel Padgett Date: Tue, 9 Jan 2018 08:41:51 -0500 Subject: Update web console template Update the web console template based on changes in https://github.com/openshift/origin/pull/17575 --- files/origin-components/console-template.yaml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'files/origin-components') diff --git a/files/origin-components/console-template.yaml b/files/origin-components/console-template.yaml index b2a6569fd..7bf2d0cf4 100644 --- a/files/origin-components/console-template.yaml +++ b/files/origin-components/console-template.yaml @@ -14,6 +14,7 @@ parameters: - name: IMAGE value: openshift/origin-web-console:latest - name: NAMESPACE + # This namespace cannot be changed. Only `openshift-web-console` is supported. value: openshift-web-console - name: LOGLEVEL value: "0" @@ -51,6 +52,7 @@ objects: command: - "/usr/bin/origin-web-console" - "--audit-log-path=-" + - "-v=${LOGLEVEL}" - "--config=/var/webconsole-config/webconsole-config.yaml" ports: - containerPort: 8443 @@ -64,15 +66,20 @@ objects: path: /healthz port: 8443 scheme: HTTPS + livenessProbe: + httpGet: + path: / + port: 8443 + scheme: HTTPS nodeSelector: "${{NODE_SELECTOR}}" volumes: - name: serving-cert secret: - defaultMode: 420 + defaultMode: 400 secretName: webconsole-serving-cert - name: webconsole-config configMap: - defaultMode: 420 + defaultMode: 440 name: webconsole-config # to create the config for the web console -- cgit v1.2.3 From c6e5d479976a306d38446c60d648150ed56c7211 Mon Sep 17 00:00:00 2001 From: Eric Wolinetz Date: Wed, 11 Oct 2017 09:08:50 -0500 Subject: Updating tsb image names and template --- files/origin-components/apiserver-template.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'files/origin-components') diff --git a/files/origin-components/apiserver-template.yaml b/files/origin-components/apiserver-template.yaml index 035e4734b..4dd9395d0 100644 --- a/files/origin-components/apiserver-template.yaml +++ b/files/origin-components/apiserver-template.yaml @@ -4,7 +4,7 @@ metadata: name: template-service-broker-apiserver parameters: - name: IMAGE - value: openshift/origin:latest + value: openshift/origin-template-service-broker:latest - name: NAMESPACE value: openshift-template-service-broker - name: LOGLEVEL @@ -40,14 +40,14 @@ objects: image: ${IMAGE} imagePullPolicy: IfNotPresent command: - - "/usr/bin/openshift" + - "/usr/bin/template-service-broker" - "start" - "template-service-broker" - "--secure-port=8443" - "--audit-log-path=-" - "--tls-cert-file=/var/serving-cert/tls.crt" - "--tls-private-key-file=/var/serving-cert/tls.key" - - "--loglevel=${LOGLEVEL}" + - "--v=${LOGLEVEL}" - "--config=/var/apiserver-config/apiserver-config.yaml" ports: - containerPort: 8443 -- cgit v1.2.3 From f64e26c3e753efb741f622c2a0130b979656d2f7 Mon Sep 17 00:00:00 2001 From: Samuel Padgett Date: Thu, 11 Jan 2018 09:39:54 -0500 Subject: Use webconsole.config.openshift.io/v1 API group --- files/origin-components/console-config.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'files/origin-components') diff --git a/files/origin-components/console-config.yaml b/files/origin-components/console-config.yaml index 8f3f87c0b..e104e8028 100644 --- a/files/origin-components/console-config.yaml +++ b/files/origin-components/console-config.yaml @@ -1,5 +1,5 @@ -kind: AssetConfig -apiVersion: v1 +kind: WebConsoleConfiguration +apiVersion: webconsole.config.openshift.io/v1 extensionDevelopment: false extensionProperties: null extensionScripts: null @@ -18,4 +18,4 @@ servingInfo: keyFile: /var/serving-cert/tls.key maxRequestsInFlight: 0 namedCertificates: null - requestTimeoutSeconds: 0 \ No newline at end of file + requestTimeoutSeconds: 0 -- cgit v1.2.3 From 486b746324171edd691fd1682ef1221825157e62 Mon Sep 17 00:00:00 2001 From: Samuel Padgett Date: Thu, 11 Jan 2018 15:24:37 -0500 Subject: Add console RBAC template --- files/origin-components/console-rbac-template.yaml | 38 ++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 files/origin-components/console-rbac-template.yaml (limited to 'files/origin-components') diff --git a/files/origin-components/console-rbac-template.yaml b/files/origin-components/console-rbac-template.yaml new file mode 100644 index 000000000..9ee117199 --- /dev/null +++ b/files/origin-components/console-rbac-template.yaml @@ -0,0 +1,38 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + name: web-console-server-rbac +parameters: +- name: NAMESPACE + # This namespace cannot be changed. Only `openshift-web-console` is supported. + value: openshift-web-console +objects: + + +# allow grant powers to the webconsole server for cluster inspection +- apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: ClusterRole + metadata: + name: system:openshift:web-console-server + rules: + - apiGroups: + - "servicecatalog.k8s.io" + resources: + - clusterservicebrokers + verbs: + - get + - list + - watch + +# Grant the service account for the web console +- apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: ClusterRoleBinding + metadata: + name: system:openshift:web-console-server + roleRef: + kind: ClusterRole + name: system:openshift:web-console-server + subjects: + - kind: ServiceAccount + namespace: ${NAMESPACE} + name: webconsole -- cgit v1.2.3 From b498f10bf3e0c755dba6ce45913bd163475989fb Mon Sep 17 00:00:00 2001 From: Samuel Padgett Date: Mon, 15 Jan 2018 09:06:16 -0500 Subject: Update console config for API changes --- files/origin-components/console-config.yaml | 41 ++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 10 deletions(-) (limited to 'files/origin-components') diff --git a/files/origin-components/console-config.yaml b/files/origin-components/console-config.yaml index e104e8028..901518b28 100644 --- a/files/origin-components/console-config.yaml +++ b/files/origin-components/console-config.yaml @@ -1,5 +1,34 @@ -kind: WebConsoleConfiguration apiVersion: webconsole.config.openshift.io/v1 +kind: WebConsoleConfiguration +clusterInfo: + consolePublicURL: https://127.0.0.1:8443/console/ + loggingPublicURL: "" + logoutPublicURL: "" + masterPublicURL: https://127.0.0.1:8443 + metricsPublicURL: "" +# TODO: The new extensions properties cannot be set until +# origin-web-console-server has been updated with the API changes since +# `extensions` in the old asset config was an array. +#extensions: +# scriptURLs: [] +# stylesheetURLs: [] +# properties: null +features: + inactivityTimeoutMinutes: 0 +servingInfo: + bindAddress: 0.0.0.0:8443 + bindNetwork: tcp4 + certFile: /var/serving-cert/tls.crt + clientCA: "" + keyFile: /var/serving-cert/tls.key + maxRequestsInFlight: 0 + namedCertificates: null + requestTimeoutSeconds: 0 + +# START deprecated properties +# These properties have been renamed and will be removed from the install +# in a future pull. Keep both the old and new properties for now so that +# the install is not broken while the origin-web-console image is updated. extensionDevelopment: false extensionProperties: null extensionScripts: null @@ -10,12 +39,4 @@ logoutURL: "" masterPublicURL: https://127.0.0.1:8443 metricsPublicURL: "" publicURL: https://127.0.0.1:8443/console/ -servingInfo: - bindAddress: 0.0.0.0:8443 - bindNetwork: tcp4 - certFile: /var/serving-cert/tls.crt - clientCA: "" - keyFile: /var/serving-cert/tls.key - maxRequestsInFlight: 0 - namedCertificates: null - requestTimeoutSeconds: 0 +# END deprecated properties -- cgit v1.2.3