summaryrefslogtreecommitdiffstats
path: root/files/origin-components
diff options
context:
space:
mode:
Diffstat (limited to 'files/origin-components')
-rw-r--r--files/origin-components/apiserver-config.yaml4
-rw-r--r--files/origin-components/apiserver-template.yaml125
-rw-r--r--files/origin-components/console-config.yaml23
-rw-r--r--files/origin-components/console-rbac-template.yaml38
-rw-r--r--files/origin-components/console-template.yaml121
-rw-r--r--files/origin-components/rbac-template.yaml92
-rw-r--r--files/origin-components/template-service-broker-registration.yaml25
7 files changed, 0 insertions, 428 deletions
diff --git a/files/origin-components/apiserver-config.yaml b/files/origin-components/apiserver-config.yaml
deleted file mode 100644
index e4048d1da..000000000
--- a/files/origin-components/apiserver-config.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-kind: TemplateServiceBrokerConfig
-apiVersion: config.templateservicebroker.openshift.io/v1
-templateNamespaces:
-- openshift
diff --git a/files/origin-components/apiserver-template.yaml b/files/origin-components/apiserver-template.yaml
deleted file mode 100644
index 4dd9395d0..000000000
--- a/files/origin-components/apiserver-template.yaml
+++ /dev/null
@@ -1,125 +0,0 @@
-apiVersion: template.openshift.io/v1
-kind: Template
-metadata:
- name: template-service-broker-apiserver
-parameters:
-- name: IMAGE
- value: openshift/origin-template-service-broker:latest
-- name: NAMESPACE
- value: openshift-template-service-broker
-- name: LOGLEVEL
- value: "0"
-- name: API_SERVER_CONFIG
- value: |
- kind: TemplateServiceBrokerConfig
- apiVersion: config.templateservicebroker.openshift.io/v1
- templateNamespaces:
- - openshift
-- name: NODE_SELECTOR
- value: "{}"
-objects:
-
-# to create the tsb server
-- apiVersion: extensions/v1beta1
- kind: DaemonSet
- metadata:
- namespace: ${NAMESPACE}
- name: apiserver
- labels:
- apiserver: "true"
- spec:
- template:
- metadata:
- name: apiserver
- labels:
- apiserver: "true"
- spec:
- serviceAccountName: apiserver
- containers:
- - name: c
- image: ${IMAGE}
- imagePullPolicy: IfNotPresent
- command:
- - "/usr/bin/template-service-broker"
- - "start"
- - "template-service-broker"
- - "--secure-port=8443"
- - "--audit-log-path=-"
- - "--tls-cert-file=/var/serving-cert/tls.crt"
- - "--tls-private-key-file=/var/serving-cert/tls.key"
- - "--v=${LOGLEVEL}"
- - "--config=/var/apiserver-config/apiserver-config.yaml"
- ports:
- - containerPort: 8443
- volumeMounts:
- - mountPath: /var/serving-cert
- name: serving-cert
- - mountPath: /var/apiserver-config
- name: apiserver-config
- readinessProbe:
- httpGet:
- path: /healthz
- port: 8443
- scheme: HTTPS
- nodeSelector: "${{NODE_SELECTOR}}"
- volumes:
- - name: serving-cert
- secret:
- defaultMode: 420
- secretName: apiserver-serving-cert
- - name: apiserver-config
- configMap:
- defaultMode: 420
- name: apiserver-config
-
-# to create the config for the TSB
-- apiVersion: v1
- kind: ConfigMap
- metadata:
- namespace: ${NAMESPACE}
- name: apiserver-config
- data:
- apiserver-config.yaml: ${API_SERVER_CONFIG}
-
-# to be able to assign powers to the process
-- apiVersion: v1
- kind: ServiceAccount
- metadata:
- namespace: ${NAMESPACE}
- name: apiserver
-
-# to be able to expose TSB inside the cluster
-- apiVersion: v1
- kind: Service
- metadata:
- namespace: ${NAMESPACE}
- name: apiserver
- annotations:
- service.alpha.openshift.io/serving-cert-secret-name: apiserver-serving-cert
- spec:
- selector:
- apiserver: "true"
- ports:
- - port: 443
- targetPort: 8443
-
-# This service account will be granted permission to call the TSB.
-# The token for this SA will be provided to the service catalog for
-# use when calling the TSB.
-- apiVersion: v1
- kind: ServiceAccount
- metadata:
- namespace: ${NAMESPACE}
- name: templateservicebroker-client
-
-# This secret will be populated with a copy of the templateservicebroker-client SA's
-# auth token. Since this secret has a static name, it can be referenced more
-# easily than the auto-generated secret for the service account.
-- apiVersion: v1
- kind: Secret
- metadata:
- namespace: ${NAMESPACE}
- name: templateservicebroker-client
- annotations:
- kubernetes.io/service-account.name: templateservicebroker-client
- type: kubernetes.io/service-account-token
diff --git a/files/origin-components/console-config.yaml b/files/origin-components/console-config.yaml
deleted file mode 100644
index 32a28775f..000000000
--- a/files/origin-components/console-config.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: webconsole.config.openshift.io/v1
-kind: WebConsoleConfiguration
-clusterInfo:
- consolePublicURL: https://127.0.0.1:8443/console/
- loggingPublicURL: ""
- logoutPublicURL: ""
- masterPublicURL: https://127.0.0.1:8443
- metricsPublicURL: ""
-extensions:
- scriptURLs: []
- stylesheetURLs: []
- properties: null
-features:
- inactivityTimeoutMinutes: 0
-servingInfo:
- bindAddress: 0.0.0.0:8443
- bindNetwork: tcp4
- certFile: /var/serving-cert/tls.crt
- clientCA: ""
- keyFile: /var/serving-cert/tls.key
- maxRequestsInFlight: 0
- namedCertificates: null
- requestTimeoutSeconds: 0
diff --git a/files/origin-components/console-rbac-template.yaml b/files/origin-components/console-rbac-template.yaml
deleted file mode 100644
index 9ee117199..000000000
--- a/files/origin-components/console-rbac-template.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-apiVersion: template.openshift.io/v1
-kind: Template
-metadata:
- name: web-console-server-rbac
-parameters:
-- name: NAMESPACE
- # This namespace cannot be changed. Only `openshift-web-console` is supported.
- value: openshift-web-console
-objects:
-
-
-# allow grant powers to the webconsole server for cluster inspection
-- apiVersion: rbac.authorization.k8s.io/v1beta1
- kind: ClusterRole
- metadata:
- name: system:openshift:web-console-server
- rules:
- - apiGroups:
- - "servicecatalog.k8s.io"
- resources:
- - clusterservicebrokers
- verbs:
- - get
- - list
- - watch
-
-# Grant the service account for the web console
-- apiVersion: rbac.authorization.k8s.io/v1beta1
- kind: ClusterRoleBinding
- metadata:
- name: system:openshift:web-console-server
- roleRef:
- kind: ClusterRole
- name: system:openshift:web-console-server
- subjects:
- - kind: ServiceAccount
- namespace: ${NAMESPACE}
- name: webconsole
diff --git a/files/origin-components/console-template.yaml b/files/origin-components/console-template.yaml
deleted file mode 100644
index 7bf2d0cf4..000000000
--- a/files/origin-components/console-template.yaml
+++ /dev/null
@@ -1,121 +0,0 @@
-apiVersion: template.openshift.io/v1
-kind: Template
-metadata:
- name: openshift-web-console
- annotations:
- openshift.io/display-name: OpenShift Web Console
- description: The server for the OpenShift web console.
- iconClass: icon-openshift
- tags: openshift,infra
- openshift.io/documentation-url: https://github.com/openshift/origin-web-console-server
- openshift.io/support-url: https://access.redhat.com
- openshift.io/provider-display-name: Red Hat, Inc.
-parameters:
-- name: IMAGE
- value: openshift/origin-web-console:latest
-- name: NAMESPACE
- # This namespace cannot be changed. Only `openshift-web-console` is supported.
- value: openshift-web-console
-- name: LOGLEVEL
- value: "0"
-- name: API_SERVER_CONFIG
-- name: NODE_SELECTOR
- value: "{}"
-- name: REPLICA_COUNT
- value: "1"
-objects:
-
-# to create the web console server
-- apiVersion: apps/v1beta1
- kind: Deployment
- metadata:
- namespace: ${NAMESPACE}
- name: webconsole
- labels:
- app: openshift-web-console
- webconsole: "true"
- spec:
- replicas: "${{REPLICA_COUNT}}"
- strategy:
- type: Recreate
- template:
- metadata:
- name: webconsole
- labels:
- webconsole: "true"
- spec:
- serviceAccountName: webconsole
- containers:
- - name: webconsole
- image: ${IMAGE}
- imagePullPolicy: IfNotPresent
- command:
- - "/usr/bin/origin-web-console"
- - "--audit-log-path=-"
- - "-v=${LOGLEVEL}"
- - "--config=/var/webconsole-config/webconsole-config.yaml"
- ports:
- - containerPort: 8443
- volumeMounts:
- - mountPath: /var/serving-cert
- name: serving-cert
- - mountPath: /var/webconsole-config
- name: webconsole-config
- readinessProbe:
- httpGet:
- path: /healthz
- port: 8443
- scheme: HTTPS
- livenessProbe:
- httpGet:
- path: /
- port: 8443
- scheme: HTTPS
- nodeSelector: "${{NODE_SELECTOR}}"
- volumes:
- - name: serving-cert
- secret:
- defaultMode: 400
- secretName: webconsole-serving-cert
- - name: webconsole-config
- configMap:
- defaultMode: 440
- name: webconsole-config
-
-# to create the config for the web console
-- apiVersion: v1
- kind: ConfigMap
- metadata:
- namespace: ${NAMESPACE}
- name: webconsole-config
- labels:
- app: openshift-web-console
- data:
- webconsole-config.yaml: ${API_SERVER_CONFIG}
-
-# to be able to assign powers to the process
-- apiVersion: v1
- kind: ServiceAccount
- metadata:
- namespace: ${NAMESPACE}
- name: webconsole
- labels:
- app: openshift-web-console
-
-# to be able to expose web console inside the cluster
-- apiVersion: v1
- kind: Service
- metadata:
- namespace: ${NAMESPACE}
- name: webconsole
- labels:
- app: openshift-web-console
- annotations:
- service.alpha.openshift.io/serving-cert-secret-name: webconsole-serving-cert
- spec:
- selector:
- webconsole: "true"
- ports:
- - name: https
- port: 443
- targetPort: 8443
diff --git a/files/origin-components/rbac-template.yaml b/files/origin-components/rbac-template.yaml
deleted file mode 100644
index 0937a9065..000000000
--- a/files/origin-components/rbac-template.yaml
+++ /dev/null
@@ -1,92 +0,0 @@
-apiVersion: template.openshift.io/v1
-kind: Template
-metadata:
- name: template-service-broker-rbac
-parameters:
-- name: NAMESPACE
- value: openshift-template-service-broker
-- name: KUBE_SYSTEM
- value: kube-system
-objects:
-
-# Grant the service account permission to call the TSB
-- apiVersion: rbac.authorization.k8s.io/v1beta1
- kind: ClusterRoleBinding
- metadata:
- name: templateservicebroker-client
- roleRef:
- kind: ClusterRole
- name: system:openshift:templateservicebroker-client
- subjects:
- - kind: ServiceAccount
- namespace: ${NAMESPACE}
- name: templateservicebroker-client
-
-# to delegate authentication and authorization
-- apiVersion: rbac.authorization.k8s.io/v1beta1
- kind: ClusterRoleBinding
- metadata:
- name: auth-delegator-${NAMESPACE}
- roleRef:
- kind: ClusterRole
- name: system:auth-delegator
- subjects:
- - kind: ServiceAccount
- namespace: ${NAMESPACE}
- name: apiserver
-
-# to have the template service broker powers
-- apiVersion: rbac.authorization.k8s.io/v1beta1
- kind: ClusterRoleBinding
- metadata:
- name: tsb-${NAMESPACE}
- roleRef:
- kind: ClusterRole
- name: system:openshift:controller:template-service-broker
- subjects:
- - kind: ServiceAccount
- namespace: ${NAMESPACE}
- name: apiserver
-
-# to read the config for terminating authentication
-- apiVersion: rbac.authorization.k8s.io/v1beta1
- kind: RoleBinding
- metadata:
- namespace: ${KUBE_SYSTEM}
- name: extension-apiserver-authentication-reader-${NAMESPACE}
- roleRef:
- kind: Role
- name: extension-apiserver-authentication-reader
- subjects:
- - kind: ServiceAccount
- namespace: ${NAMESPACE}
- name: apiserver
-
-# allow the kube service catalog's SA to read the static secret defined
-# above, which will contain the token for the SA that can call the TSB.
-- apiVersion: rbac.authorization.k8s.io/v1beta1
- kind: Role
- metadata:
- name: templateservicebroker-auth-reader
- namespace: ${NAMESPACE}
- rules:
- - apiGroups:
- - ""
- resourceNames:
- - templateservicebroker-client
- resources:
- - secrets
- verbs:
- - get
-- apiVersion: rbac.authorization.k8s.io/v1beta1
- kind: RoleBinding
- metadata:
- namespace: ${NAMESPACE}
- name: templateservicebroker-auth-reader
- roleRef:
- kind: Role
- name: templateservicebroker-auth-reader
- subjects:
- - kind: ServiceAccount
- namespace: kube-service-catalog
- name: service-catalog-controller
diff --git a/files/origin-components/template-service-broker-registration.yaml b/files/origin-components/template-service-broker-registration.yaml
deleted file mode 100644
index 95fb72924..000000000
--- a/files/origin-components/template-service-broker-registration.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-apiVersion: template.openshift.io/v1
-kind: Template
-metadata:
- name: template-service-broker-registration
-parameters:
-- name: TSB_NAMESPACE
- value: openshift-template-service-broker
-- name: CA_BUNDLE
- required: true
-objects:
-# register the tsb with the service catalog
-- apiVersion: servicecatalog.k8s.io/v1beta1
- kind: ClusterServiceBroker
- metadata:
- name: template-service-broker
- spec:
- url: https://apiserver.${TSB_NAMESPACE}.svc:443/brokers/template.openshift.io
- insecureSkipTLSVerify: false
- caBundle: ${CA_BUNDLE}
- authInfo:
- bearer:
- secretRef:
- kind: Secret
- name: templateservicebroker-client
- namespace: ${TSB_NAMESPACE}