|
|
@@ -95,6 +95,19 @@ spec:
|
|
|
name: "kibana-proxy"
|
|
|
image: "{{ openshift_logging_kibana_proxy_image }}"
|
|
|
imagePullPolicy: IfNotPresent
|
|
|
+ args:
|
|
|
+ - --upstream-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
|
+ - --https-address=:3000
|
|
|
+ - -provider=openshift
|
|
|
+ - -client-id=kibana-proxy
|
|
|
+ - -client-secret-file=/secret/oauth-secret
|
|
|
+ - -cookie-secret-file=/secret/session-secret
|
|
|
+ - -upstream=http://localhost:5601
|
|
|
+ - "-scope=user:info user:check-access user:list-projects"
|
|
|
+ - --tls-cert=/secret/server-cert
|
|
|
+ - --tls-key=/secret/server-key
|
|
|
+ - -pass-access-token
|
|
|
+ - -skip-provider-button
|
|
|
{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "") or (kibana_proxy_cpu_request is defined and kibana_proxy_cpu_request is not none and kibana_proxy_cpu_request != "") %}
|
|
|
resources:
|
|
|
{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "") %}
|
|
|
@@ -122,48 +135,9 @@ spec:
|
|
|
containerPort: 3000
|
|
|
env:
|
|
|
-
|
|
|
- name: "OAP_BACKEND_URL"
|
|
|
- value: "http://localhost:5601"
|
|
|
- -
|
|
|
- name: "OAP_AUTH_MODE"
|
|
|
- value: "oauth2"
|
|
|
- -
|
|
|
- name: "OAP_TRANSFORM"
|
|
|
- value: "user_header,token_header"
|
|
|
- -
|
|
|
- name: "OAP_OAUTH_ID"
|
|
|
- value: kibana-proxy
|
|
|
- -
|
|
|
- name: "OAP_MASTER_URL"
|
|
|
- value: {{ openshift_logging_kibana_master_url }}
|
|
|
- -
|
|
|
- name: "OAP_PUBLIC_MASTER_URL"
|
|
|
- value: {{ openshift_logging_kibana_master_public_url }}
|
|
|
- -
|
|
|
- name: "OAP_LOGOUT_REDIRECT"
|
|
|
- value: {{ openshift_logging_kibana_master_public_url }}/console/logout
|
|
|
- -
|
|
|
- name: "OAP_MASTER_CA_FILE"
|
|
|
- value: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
|
|
|
- -
|
|
|
name: "OAP_DEBUG"
|
|
|
value: "{{ openshift_logging_kibana_proxy_debug }}"
|
|
|
-
|
|
|
- name: "OAP_OAUTH_SECRET_FILE"
|
|
|
- value: "/secret/oauth-secret"
|
|
|
- -
|
|
|
- name: "OAP_SERVER_CERT_FILE"
|
|
|
- value: "/secret/server-cert"
|
|
|
- -
|
|
|
- name: "OAP_SERVER_KEY_FILE"
|
|
|
- value: "/secret/server-key"
|
|
|
- -
|
|
|
- name: "OAP_SERVER_TLS_FILE"
|
|
|
- value: "/secret/server-tls.json"
|
|
|
- -
|
|
|
- name: "OAP_SESSION_SECRET_FILE"
|
|
|
- value: "/secret/session-secret"
|
|
|
- -
|
|
|
name: "OCP_AUTH_PROXY_MEMORY_LIMIT"
|
|
|
valueFrom:
|
|
|
resourceFieldRef:
|
Jeff Cantrill