apiserver-template.yaml 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127
  1. apiVersion: template.openshift.io/v1
  2. kind: Template
  3. metadata:
  4. name: template-service-broker-apiserver
  5. parameters:
  6. - name: IMAGE
  7. value: docker.io/openshift/origin-template-service-broker:latest
  8. - name: NAMESPACE
  9. value: openshift-template-service-broker
  10. - name: LOGLEVEL
  11. value: "0"
  12. - name: API_SERVER_CONFIG
  13. value: |
  14. kind: TemplateServiceBrokerConfig
  15. apiVersion: config.templateservicebroker.openshift.io/v1
  16. templateNamespaces:
  17. - openshift
  18. - name: NODE_SELECTOR
  19. value: "{}"
  20. objects:
  21. # to create the tsb server
  22. - apiVersion: extensions/v1beta1
  23. kind: DaemonSet
  24. metadata:
  25. namespace: ${NAMESPACE}
  26. name: apiserver
  27. labels:
  28. apiserver: "true"
  29. spec:
  30. template:
  31. metadata:
  32. name: apiserver
  33. labels:
  34. apiserver: "true"
  35. spec:
  36. serviceAccountName: apiserver
  37. containers:
  38. - name: c
  39. image: ${IMAGE}
  40. imagePullPolicy: IfNotPresent
  41. command:
  42. - "/usr/bin/template-service-broker"
  43. - "start"
  44. - "template-service-broker"
  45. - "--secure-port=8443"
  46. - "--audit-log-path=-"
  47. - "--tls-cert-file=/var/serving-cert/tls.crt"
  48. - "--tls-private-key-file=/var/serving-cert/tls.key"
  49. - "--v=${LOGLEVEL}"
  50. - "--config=/var/apiserver-config/apiserver-config.yaml"
  51. ports:
  52. - containerPort: 8443
  53. volumeMounts:
  54. - mountPath: /var/serving-cert
  55. name: serving-cert
  56. - mountPath: /var/apiserver-config
  57. name: apiserver-config
  58. readinessProbe:
  59. httpGet:
  60. path: /healthz
  61. port: 8443
  62. scheme: HTTPS
  63. nodeSelector: "${{NODE_SELECTOR}}"
  64. volumes:
  65. - name: serving-cert
  66. secret:
  67. defaultMode: 420
  68. secretName: apiserver-serving-cert
  69. - name: apiserver-config
  70. configMap:
  71. defaultMode: 420
  72. name: apiserver-config
  73. updateStrategy:
  74. type: RollingUpdate
  75. # to create the config for the TSB
  76. - apiVersion: v1
  77. kind: ConfigMap
  78. metadata:
  79. namespace: ${NAMESPACE}
  80. name: apiserver-config
  81. data:
  82. apiserver-config.yaml: ${API_SERVER_CONFIG}
  83. # to be able to assign powers to the process
  84. - apiVersion: v1
  85. kind: ServiceAccount
  86. metadata:
  87. namespace: ${NAMESPACE}
  88. name: apiserver
  89. # to be able to expose TSB inside the cluster
  90. - apiVersion: v1
  91. kind: Service
  92. metadata:
  93. namespace: ${NAMESPACE}
  94. name: apiserver
  95. annotations:
  96. service.alpha.openshift.io/serving-cert-secret-name: apiserver-serving-cert
  97. spec:
  98. selector:
  99. apiserver: "true"
  100. ports:
  101. - port: 443
  102. targetPort: 8443
  103. # This service account will be granted permission to call the TSB.
  104. # The token for this SA will be provided to the service catalog for
  105. # use when calling the TSB.
  106. - apiVersion: v1
  107. kind: ServiceAccount
  108. metadata:
  109. namespace: ${NAMESPACE}
  110. name: templateservicebroker-client
  111. # This secret will be populated with a copy of the templateservicebroker-client SA's
  112. # auth token. Since this secret has a static name, it can be referenced more
  113. # easily than the auto-generated secret for the service account.
  114. - apiVersion: v1
  115. kind: Secret
  116. metadata:
  117. namespace: ${NAMESPACE}
  118. name: templateservicebroker-client
  119. annotations:
  120. kubernetes.io/service-account.name: templateservicebroker-client
  121. type: kubernetes.io/service-account-token