shixiong
/
okd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188
							apiVersion: "v1"
kind: "DeploymentConfig"
metadata:
  name: "{{ deploy_name }}"
  labels:
    provider: openshift
    component: "{{ component }}"
    logging-infra: "{{ logging_component }}"
spec:
  replicas: {{ kibana_replicas | default(1) }}
  selector:
    provider: openshift
    component: "{{ component }}"
    logging-infra: "{{ logging_component }}"
  strategy:
    rollingParams:
      intervalSeconds: 1
      timeoutSeconds: 600
      updatePeriodSeconds: 1
    type: Rolling
  template:
    metadata:
      name: "{{ deploy_name }}"
      labels:
        logging-infra: "{{ logging_component }}"
        provider: openshift
        component: "{{ component }}"
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: logging-infra
                  operator: In
                  values:
                  - kibana
              topologyKey: kubernetes.io/hostname
      serviceAccountName: aggregated-logging-kibana
{% if kibana_node_selector is iterable and kibana_node_selector | length > 0 %}
      nodeSelector:
{% for key, value in kibana_node_selector.items() %}
        {{ key }}: "{{ value }}"
{% endfor %}
{% endif %}
      containers:
        -
          name: "kibana"
          image: "{{ openshift_logging_kibana_image }}"
          imagePullPolicy: IfNotPresent
{% if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_limit is defined and kibana_cpu_limit is not none and kibana_cpu_limit != "") or (kibana_cpu_request is defined and kibana_cpu_request is not none and kibana_cpu_request != "") %}
          resources:
{%   if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_limit is defined and kibana_cpu_limit is not none and kibana_cpu_limit != "") %}
            limits:
{%     if kibana_cpu_limit is not none and kibana_cpu_limit != "" %}
              cpu: "{{ kibana_cpu_limit }}"
{%     endif %}
{%     if kibana_memory_limit is not none and kibana_memory_limit != "" %}
              memory: "{{ kibana_memory_limit }}"
{%     endif %}
{%   endif %}
{%   if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_request is defined and kibana_cpu_request is not none and kibana_cpu_request != "") %}
            requests:
{%     if kibana_cpu_request is not none and kibana_cpu_request != "" %}
              cpu: "{{ kibana_cpu_request }}"
{%     endif %}
{%     if kibana_memory_limit is not none and kibana_memory_limit != "" %}
              memory: "{{ kibana_memory_limit }}"
{%     endif %}
{%   endif %}
{% endif %}
          env:
            - name: "ES_HOST"
              value: "{{ es_host }}"
            - name: "ES_PORT"
              value: "{{ es_port }}"
            -
              name: "KIBANA_MEMORY_LIMIT"
              valueFrom:
                resourceFieldRef:
                  containerName: kibana
                  resource: limits.memory
{% for key, value in kibana_env_vars.items() %}
            - name: "{{ key }}"
              value: "{{ value }}"
{% endfor %}
          volumeMounts:
            - name: kibana
              mountPath: /etc/kibana/keys
              readOnly: true
          readinessProbe:
            exec:
              command:
              - "/usr/share/kibana/probe/readiness.sh"
            initialDelaySeconds: 5
            timeoutSeconds: 4
            periodSeconds: 5
        -
          name: "kibana-proxy"
          image: "{{ openshift_logging_kibana_proxy_image }}"
          imagePullPolicy: IfNotPresent
{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "") or (kibana_proxy_cpu_request is defined and kibana_proxy_cpu_request is not none and kibana_proxy_cpu_request != "") %}
          resources:
{%   if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "") %}
            limits:
{%     if kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "" %}
              cpu: "{{ kibana_proxy_cpu_limit }}"
{%     endif %}
{%     if kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "" %}
              memory: "{{ kibana_proxy_memory_limit }}"
{%     endif %}
{%   endif %}
{%   if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_request is defined and kibana_proxy_cpu_request is not none and kibana_proxy_cpu_request != "") %}
            requests:
{%     if kibana_proxy_cpu_request is not none and kibana_proxy_cpu_request != "" %}
              cpu: "{{ kibana_proxy_cpu_request }}"
{%     endif %}
{%     if kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "" %}
              memory: "{{ kibana_proxy_memory_limit }}"
{%     endif %}
{%   endif %}
{% endif %}
          ports:
            -
              name: "oaproxy"
              containerPort: 3000
          env:
            -
             name: "OAP_BACKEND_URL"
             value: "http://localhost:5601"
            -
             name: "OAP_AUTH_MODE"
             value: "oauth2"
            -
             name: "OAP_TRANSFORM"
             value: "user_header,token_header"
            -
             name: "OAP_OAUTH_ID"
             value: kibana-proxy
            -
             name: "OAP_MASTER_URL"
             value: {{ openshift_logging_kibana_master_url }}
            -
             name: "OAP_PUBLIC_MASTER_URL"
             value: {{ openshift_logging_kibana_master_public_url }}
            -
             name: "OAP_LOGOUT_REDIRECT"
             value: {{ openshift_logging_kibana_master_public_url }}/console/logout
            -
             name: "OAP_MASTER_CA_FILE"
             value: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
            -
             name: "OAP_DEBUG"
             value: "{{ openshift_logging_kibana_proxy_debug }}"
            -
             name: "OAP_OAUTH_SECRET_FILE"
             value: "/secret/oauth-secret"
            -
             name: "OAP_SERVER_CERT_FILE"
             value: "/secret/server-cert"
            -
             name: "OAP_SERVER_KEY_FILE"
             value: "/secret/server-key"
            -
             name: "OAP_SERVER_TLS_FILE"
             value: "/secret/server-tls.json"
            -
             name: "OAP_SESSION_SECRET_FILE"
             value: "/secret/session-secret"
            -
             name: "OCP_AUTH_PROXY_MEMORY_LIMIT"
             valueFrom:
               resourceFieldRef:
                 containerName: kibana-proxy
                 resource: limits.memory
          volumeMounts:
            - name: kibana-proxy
              mountPath: /secret
              readOnly: true
      volumes:
        - name: kibana
          secret:
            secretName: logging-kibana
        - name: kibana-proxy
          secret:
            secretName: logging-kibana-proxy