blob: a78146ca48bef5fd75e796230e7cfe11ef40b9df (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
kind: Template
apiVersion: v1
metadata:
name: "registry-console"
annotations:
description: "Template for deploying registry web console. Requires cluster-admin."
tags: infrastructure
labels:
createdBy: "registry-console-template"
objects:
- kind: DeploymentConfig
apiVersion: v1
metadata:
name: "registry-console"
labels:
name: "registry-console"
spec:
triggers:
- type: ConfigChange
replicas: 1
selector:
name: "registry-console"
template:
metadata:
labels:
name: "registry-console"
spec:
containers:
- name: registry-console
image: ${IMAGE_PREFIX}kubernetes:${IMAGE_VERSION}
ports:
- containerPort: 9090
protocol: TCP
livenessProbe:
failureThreshold: 3
httpGet:
path: /ping
port: 9090
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
failureThreshold: 3
httpGet:
path: /ping
port: 9090
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
env:
- name: OPENSHIFT_OAUTH_PROVIDER_URL
value: "${OPENSHIFT_OAUTH_PROVIDER_URL}"
- name: OPENSHIFT_OAUTH_CLIENT_ID
value: "${OPENSHIFT_OAUTH_CLIENT_ID}"
- name: KUBERNETES_INSECURE
value: "false"
- name: COCKPIT_KUBE_INSECURE
value: "false"
- name: REGISTRY_ONLY
value: "true"
- name: REGISTRY_HOST
value: "${REGISTRY_HOST}"
- kind: Service
apiVersion: v1
metadata:
name: "registry-console"
labels:
name: "registry-console"
spec:
type: ClusterIP
ports:
- name: registry-console
protocol: TCP
port: 9000
targetPort: 9090
selector:
name: "registry-console"
- kind: ImageStream
apiVersion: v1
metadata:
name: registry-console
annotations:
description: Atomic Registry console
spec:
tags:
- annotations: null
from:
kind: DockerImage
name: ${IMAGE_PREFIX}kubernetes:${IMAGE_VERSION}
name: ${IMAGE_VERSION}
- kind: OAuthClient
apiVersion: v1
metadata:
name: "${OPENSHIFT_OAUTH_CLIENT_ID}"
respondWithChallenges: false
secret: "${OPENSHIFT_OAUTH_CLIENT_SECRET}"
redirectURIs:
- "${COCKPIT_KUBE_URL}"
parameters:
- description: 'Specify "registry/namespace" prefix for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", set prefix "registry.example.com/cockpit/"'
name: IMAGE_PREFIX
value: "cockpit/"
- description: 'Specify image version; e.g. for "cockpit/kubernetes:latest", set version "latest"'
name: IMAGE_VERSION
value: latest
- description: "The public URL for the Openshift OAuth Provider, e.g. https://openshift.example.com:8443"
name: OPENSHIFT_OAUTH_PROVIDER_URL
required: true
- description: "The registry console URL. This should be created beforehand using 'oc create route passthrough --service registry-console --port registry-console -n default', e.g. https://registry-console-default.example.com"
name: COCKPIT_KUBE_URL
required: true
- description: "Oauth client secret"
name: OPENSHIFT_OAUTH_CLIENT_SECRET
from: "user[a-zA-Z0-9]{64}"
generate: expression
- description: "Oauth client id"
name: OPENSHIFT_OAUTH_CLIENT_ID
value: "cockpit-oauth-client"
- description: "The integrated registry hostname exposed via route, e.g. registry.example.com"
name: REGISTRY_HOST
required: true
|