├── .gitignore
├── .kitchen.yml
├── .rubocop.yml
├── Berksfile
├── CHANGELOG.md
├── CONTRIBUTING.md
├── LICENSE
├── README.md
├── attributes
├── adhoc.rb
├── admission_override.rb
├── cloud_provider.rb
├── custom_assets.rb
├── default.rb
├── identity_provider.rb
├── logging.rb
├── metrics.rb
├── update.rb
└── web_console.rb
├── chefignore
├── docs
├── certificates-process.md
└── upgrade-process.md
├── files
└── default
│ ├── 99-origin-dns.sh
│ ├── etcdctl.sh
│ ├── generate-jks.sh
│ ├── hawkular_metrics_role.yaml
│ ├── import_jks_certs.sh
│ ├── logging
│ ├── curator.yml
│ ├── fluent.conf
│ ├── fluentd-throttle-config.yaml
│ ├── secure-forward.conf
│ └── server-tls.json
│ ├── openshift_control_plane
│ ├── autoapprover
│ │ ├── images.yaml
│ │ ├── openshift-bootstrap-controller-policy.yaml
│ │ ├── openshift-bootstrap-controller-role.yaml
│ │ ├── openshift-bootstrap-controller-serviceaccount.yaml
│ │ └── openshift-bootstrap-controller.yaml
│ ├── docker
│ │ ├── master-exec
│ │ ├── master-logs
│ │ └── master-restart
│ ├── examples
│ │ └── v3.10
│ │ │ ├── db-templates
│ │ │ ├── OWNERS
│ │ │ ├── README.md
│ │ │ ├── mariadb-ephemeral-template.json
│ │ │ ├── mariadb-persistent-template.json
│ │ │ ├── mongodb-ephemeral-template.json
│ │ │ ├── mongodb-persistent-template.json
│ │ │ ├── mysql-ephemeral-template.json
│ │ │ ├── mysql-persistent-template.json
│ │ │ ├── postgresql-ephemeral-template.json
│ │ │ ├── postgresql-persistent-template.json
│ │ │ ├── redis-ephemeral-template.json
│ │ │ └── redis-persistent-template.json
│ │ │ ├── image-streams
│ │ │ ├── OWNERS
│ │ │ ├── README.md
│ │ │ ├── dotnet_imagestreams.json
│ │ │ ├── dotnet_imagestreams_centos.json
│ │ │ ├── image-streams-centos7.json
│ │ │ └── image-streams-rhel7.json
│ │ │ ├── quickstart-templates
│ │ │ ├── OWNERS
│ │ │ ├── README.md
│ │ │ ├── amp.yml
│ │ │ ├── apicast-gateway-template.yml
│ │ │ ├── apicast.yml
│ │ │ ├── cakephp-mysql-persistent.json
│ │ │ ├── cakephp-mysql.json
│ │ │ ├── dancer-mysql-persistent.json
│ │ │ ├── dancer-mysql.json
│ │ │ ├── django-postgresql-persistent.json
│ │ │ ├── django-postgresql.json
│ │ │ ├── dotnet-example.json
│ │ │ ├── dotnet-pgsql-persistent.json
│ │ │ ├── dotnet-runtime-example.json
│ │ │ ├── dotnet.json
│ │ │ ├── httpd.json
│ │ │ ├── jenkins-ephemeral-template.json
│ │ │ ├── jenkins-persistent-template.json
│ │ │ ├── nginx.json
│ │ │ ├── nodejs-mongodb-persistent.json
│ │ │ ├── nodejs-mongodb.json
│ │ │ ├── pvc.yml
│ │ │ ├── rails-postgresql-persistent.json
│ │ │ ├── rails-postgresql.json
│ │ │ └── wildcard.yml
│ │ │ ├── xpaas-streams
│ │ │ ├── amq62-image-stream.json
│ │ │ ├── amq63-image-stream.json
│ │ │ ├── datagrid65-image-stream.json
│ │ │ ├── datagrid71-image-stream.json
│ │ │ ├── datagrid72-image-stream.json
│ │ │ ├── datavirt63-image-stream.json
│ │ │ ├── decisionserver62-image-stream.json
│ │ │ ├── decisionserver63-image-stream.json
│ │ │ ├── decisionserver64-image-stream.json
│ │ │ ├── eap64-image-stream.json
│ │ │ ├── eap70-image-stream.json
│ │ │ ├── eap71-image-stream.json
│ │ │ ├── eap72-image-stream.json
│ │ │ ├── fis-image-streams.json
│ │ │ ├── jws30-tomcat7-image-stream.json
│ │ │ ├── jws30-tomcat8-image-stream.json
│ │ │ ├── jws31-tomcat7-image-stream.json
│ │ │ ├── jws31-tomcat8-image-stream.json
│ │ │ ├── openjdk18-image-stream.json
│ │ │ ├── processserver63-image-stream.json
│ │ │ ├── processserver64-image-stream.json
│ │ │ ├── rhdm70-image-streams.yaml
│ │ │ ├── rhpam70-image-streams.yaml
│ │ │ ├── sso70-image-stream.json
│ │ │ ├── sso71-image-stream.json
│ │ │ └── sso72-image-stream.json
│ │ │ └── xpaas-templates
│ │ │ ├── amq62-basic.json
│ │ │ ├── amq62-persistent-ssl.json
│ │ │ ├── amq62-persistent.json
│ │ │ ├── amq62-ssl.json
│ │ │ ├── amq63-basic.json
│ │ │ ├── amq63-persistent-ssl.json
│ │ │ ├── amq63-persistent.json
│ │ │ ├── amq63-ssl.json
│ │ │ ├── datagrid65-basic.json
│ │ │ ├── datagrid65-https.json
│ │ │ ├── datagrid65-mysql-persistent.json
│ │ │ ├── datagrid65-mysql.json
│ │ │ ├── datagrid65-postgresql-persistent.json
│ │ │ ├── datagrid65-postgresql.json
│ │ │ ├── datagrid71-basic.json
│ │ │ ├── datagrid71-https.json
│ │ │ ├── datagrid71-mysql-persistent.json
│ │ │ ├── datagrid71-mysql.json
│ │ │ ├── datagrid71-partition.json
│ │ │ ├── datagrid71-postgresql-persistent.json
│ │ │ ├── datagrid71-postgresql.json
│ │ │ ├── datagrid72-basic.json
│ │ │ ├── datagrid72-https.json
│ │ │ ├── datagrid72-mysql-persistent.json
│ │ │ ├── datagrid72-mysql.json
│ │ │ ├── datagrid72-partition.json
│ │ │ ├── datagrid72-postgresql-persistent.json
│ │ │ ├── datagrid72-postgresql.json
│ │ │ ├── datavirt63-basic-s2i.json
│ │ │ ├── datavirt63-extensions-support-s2i.json
│ │ │ ├── datavirt63-secure-s2i.json
│ │ │ ├── decisionserver64-amq-s2i.json
│ │ │ ├── decisionserver64-basic-s2i.json
│ │ │ ├── decisionserver64-https-s2i.json
│ │ │ ├── eap-camel-amq-template.json
│ │ │ ├── eap-camel-cdi-template.json
│ │ │ ├── eap-camel-cxf-jaxrs-template.json
│ │ │ ├── eap-camel-cxf-jaxws-template.json
│ │ │ ├── eap-camel-jpa-template.json
│ │ │ ├── eap64-amq-persistent-s2i.json
│ │ │ ├── eap64-amq-s2i.json
│ │ │ ├── eap64-basic-s2i.json
│ │ │ ├── eap64-https-s2i.json
│ │ │ ├── eap64-mongodb-persistent-s2i.json
│ │ │ ├── eap64-mongodb-s2i.json
│ │ │ ├── eap64-mysql-persistent-s2i.json
│ │ │ ├── eap64-mysql-s2i.json
│ │ │ ├── eap64-postgresql-persistent-s2i.json
│ │ │ ├── eap64-postgresql-s2i.json
│ │ │ ├── eap64-sso-s2i.json
│ │ │ ├── eap64-third-party-db-s2i.json
│ │ │ ├── eap64-tx-recovery-s2i.json
│ │ │ ├── eap70-amq-persistent-s2i.json
│ │ │ ├── eap70-amq-s2i.json
│ │ │ ├── eap70-basic-s2i.json
│ │ │ ├── eap70-https-s2i.json
│ │ │ ├── eap70-mongodb-persistent-s2i.json
│ │ │ ├── eap70-mongodb-s2i.json
│ │ │ ├── eap70-mysql-persistent-s2i.json
│ │ │ ├── eap70-mysql-s2i.json
│ │ │ ├── eap70-postgresql-persistent-s2i.json
│ │ │ ├── eap70-postgresql-s2i.json
│ │ │ ├── eap70-sso-s2i.json
│ │ │ ├── eap70-third-party-db-s2i.json
│ │ │ ├── eap70-tx-recovery-s2i.json
│ │ │ ├── eap71-amq-persistent-s2i.json
│ │ │ ├── eap71-amq-s2i.json
│ │ │ ├── eap71-basic-s2i.json
│ │ │ ├── eap71-https-s2i.json
│ │ │ ├── eap71-mongodb-persistent-s2i.json
│ │ │ ├── eap71-mongodb-s2i.json
│ │ │ ├── eap71-mysql-persistent-s2i.json
│ │ │ ├── eap71-mysql-s2i.json
│ │ │ ├── eap71-postgresql-persistent-s2i.json
│ │ │ ├── eap71-postgresql-s2i.json
│ │ │ ├── eap71-sso-s2i.json
│ │ │ ├── eap71-third-party-db-s2i.json
│ │ │ ├── eap71-tx-recovery-s2i.json
│ │ │ ├── eap72-basic-s2i.json
│ │ │ ├── eap72-https-s2i.json
│ │ │ ├── eap72-mongodb-persistent-s2i.json
│ │ │ ├── eap72-mongodb-s2i.json
│ │ │ ├── eap72-mysql-persistent-s2i.json
│ │ │ ├── eap72-mysql-s2i.json
│ │ │ ├── eap72-postgresql-persistent-s2i.json
│ │ │ ├── eap72-postgresql-s2i.json
│ │ │ ├── eap72-sso-s2i.json
│ │ │ ├── eap72-starter-s2i.json
│ │ │ ├── eap72-third-party-db-s2i.json
│ │ │ ├── fis-console-cluster-template.json
│ │ │ ├── fis-console-namespace-template.json
│ │ │ ├── jws31-tomcat7-basic-s2i.json
│ │ │ ├── jws31-tomcat7-https-s2i.json
│ │ │ ├── jws31-tomcat7-mongodb-persistent-s2i.json
│ │ │ ├── jws31-tomcat7-mongodb-s2i.json
│ │ │ ├── jws31-tomcat7-mysql-persistent-s2i.json
│ │ │ ├── jws31-tomcat7-mysql-s2i.json
│ │ │ ├── jws31-tomcat7-postgresql-persistent-s2i.json
│ │ │ ├── jws31-tomcat7-postgresql-s2i.json
│ │ │ ├── jws31-tomcat8-basic-s2i.json
│ │ │ ├── jws31-tomcat8-https-s2i.json
│ │ │ ├── jws31-tomcat8-mongodb-persistent-s2i.json
│ │ │ ├── jws31-tomcat8-mongodb-s2i.json
│ │ │ ├── jws31-tomcat8-mysql-persistent-s2i.json
│ │ │ ├── jws31-tomcat8-mysql-s2i.json
│ │ │ ├── jws31-tomcat8-postgresql-persistent-s2i.json
│ │ │ ├── jws31-tomcat8-postgresql-s2i.json
│ │ │ ├── karaf-camel-amq-template.json
│ │ │ ├── karaf-camel-log-template.json
│ │ │ ├── karaf-camel-rest-sql-template.json
│ │ │ ├── karaf-cxf-rest-template.json
│ │ │ ├── openjdk18-web-basic-s2i.json
│ │ │ ├── processserver64-amq-mysql-persistent-s2i.json
│ │ │ ├── processserver64-amq-mysql-s2i.json
│ │ │ ├── processserver64-amq-postgresql-persistent-s2i.json
│ │ │ ├── processserver64-amq-postgresql-s2i.json
│ │ │ ├── processserver64-basic-s2i.json
│ │ │ ├── processserver64-mysql-persistent-s2i.json
│ │ │ ├── processserver64-mysql-s2i.json
│ │ │ ├── processserver64-postgresql-persistent-s2i.json
│ │ │ ├── processserver64-postgresql-s2i.json
│ │ │ ├── rhdm70-full.yaml
│ │ │ ├── rhdm70-kieserver-basic-s2i.yaml
│ │ │ ├── rhdm70-kieserver-https-s2i.yaml
│ │ │ ├── rhdm70-kieserver.yaml
│ │ │ ├── rhpam70-authoring-ha.yaml
│ │ │ ├── rhpam70-authoring.yaml
│ │ │ ├── rhpam70-kieserver-externaldb.yaml
│ │ │ ├── rhpam70-kieserver-mysql.yaml
│ │ │ ├── rhpam70-kieserver-postgresql.yaml
│ │ │ ├── rhpam70-prod-immutable-kieserver.yaml
│ │ │ ├── rhpam70-prod-immutable-monitor.yaml
│ │ │ ├── rhpam70-prod.yaml
│ │ │ ├── rhpam70-sit.yaml
│ │ │ ├── rhpam70-trial-ephemeral.yaml
│ │ │ ├── spring-boot-camel-amq-template.json
│ │ │ ├── spring-boot-camel-config-template.json
│ │ │ ├── spring-boot-camel-drools-template.json
│ │ │ ├── spring-boot-camel-infinispan-template.json
│ │ │ ├── spring-boot-camel-teiid-template.json
│ │ │ ├── spring-boot-camel-template.json
│ │ │ ├── spring-boot-camel-xml-template.json
│ │ │ ├── spring-boot-cxf-jaxrs-template.json
│ │ │ ├── spring-boot-cxf-jaxws-template.json
│ │ │ ├── sso72-https.json
│ │ │ ├── sso72-mysql-persistent.json
│ │ │ ├── sso72-mysql.json
│ │ │ ├── sso72-postgresql-persistent.json
│ │ │ ├── sso72-postgresql.json
│ │ │ ├── sso72-x509-https.json
│ │ │ ├── sso72-x509-mysql-persistent.json
│ │ │ └── sso72-x509-postgresql-persistent.json
│ ├── sdn
│ │ ├── images.yaml
│ │ ├── sdn-ovs.yaml
│ │ ├── sdn-policy.yaml
│ │ └── sdn.yaml
│ ├── service_catalog
│ │ ├── apiserver-service.yaml
│ │ ├── controller-service.yaml
│ │ ├── kube-system-service-catalog-role-bindings
│ │ ├── openshift_catalog_clusterroles.yml
│ │ ├── service-catalog-role-bindings
│ │ ├── service_catalog_api_route.yml
│ │ └── servicecatalog.k8s.yaml
│ ├── sync
│ │ ├── images.yaml
│ │ ├── sync-policy.yaml
│ │ └── sync.yaml
│ └── template_service_broker
│ │ ├── apiserver-config.yaml
│ │ ├── apiserver-template.yaml
│ │ ├── rbac-template.yaml
│ │ └── template-service-broker-registration.yaml
│ ├── openshift_examples
│ ├── v1.3
│ │ ├── db-templates
│ │ │ ├── README.md
│ │ │ ├── mariadb-ephemeral-template.json
│ │ │ ├── mariadb-persistent-template.json
│ │ │ ├── mongodb-ephemeral-template.json
│ │ │ ├── mongodb-persistent-template.json
│ │ │ ├── mysql-ephemeral-template.json
│ │ │ ├── mysql-persistent-template.json
│ │ │ ├── postgresql-ephemeral-template.json
│ │ │ └── postgresql-persistent-template.json
│ │ ├── image-streams
│ │ │ ├── dotnet_imagestreams.json
│ │ │ ├── image-streams-centos7.json
│ │ │ └── image-streams-rhel7.json
│ │ ├── quickstart-templates
│ │ │ ├── README.md
│ │ │ ├── apicast-gateway-template.yml
│ │ │ ├── cakephp-mysql.json
│ │ │ ├── dancer-mysql.json
│ │ │ ├── django-postgresql.json
│ │ │ ├── jenkins-ephemeral-template.json
│ │ │ ├── jenkins-persistent-template.json
│ │ │ ├── nodejs-mongodb.json
│ │ │ └── rails-postgresql.json
│ │ ├── xpaas-streams
│ │ │ ├── fis-image-streams.json
│ │ │ └── jboss-image-streams.json
│ │ └── xpaas-templates
│ │ │ ├── amq62-basic.json
│ │ │ ├── amq62-persistent-ssl.json
│ │ │ ├── amq62-persistent.json
│ │ │ ├── amq62-ssl.json
│ │ │ ├── datagrid65-basic.json
│ │ │ ├── datagrid65-https.json
│ │ │ ├── datagrid65-mysql-persistent.json
│ │ │ ├── datagrid65-mysql.json
│ │ │ ├── datagrid65-postgresql-persistent.json
│ │ │ ├── datagrid65-postgresql.json
│ │ │ ├── datavirt63-basic-s2i.json
│ │ │ ├── datavirt63-extensions-support-s2i.json
│ │ │ ├── datavirt63-secure-s2i.json
│ │ │ ├── decisionserver62-amq-s2i.json
│ │ │ ├── decisionserver62-basic-s2i.json
│ │ │ ├── decisionserver62-https-s2i.json
│ │ │ ├── decisionserver63-amq-s2i.json
│ │ │ ├── decisionserver63-basic-s2i.json
│ │ │ ├── decisionserver63-https-s2i.json
│ │ │ ├── eap64-amq-persistent-s2i.json
│ │ │ ├── eap64-amq-s2i.json
│ │ │ ├── eap64-basic-s2i.json
│ │ │ ├── eap64-https-s2i.json
│ │ │ ├── eap64-mongodb-persistent-s2i.json
│ │ │ ├── eap64-mongodb-s2i.json
│ │ │ ├── eap64-mysql-persistent-s2i.json
│ │ │ ├── eap64-mysql-s2i.json
│ │ │ ├── eap64-postgresql-persistent-s2i.json
│ │ │ ├── eap64-postgresql-s2i.json
│ │ │ ├── eap64-sso-s2i.json
│ │ │ ├── eap70-amq-persistent-s2i.json
│ │ │ ├── eap70-amq-s2i.json
│ │ │ ├── eap70-basic-s2i.json
│ │ │ ├── eap70-https-s2i.json
│ │ │ ├── eap70-mongodb-persistent-s2i.json
│ │ │ ├── eap70-mongodb-s2i.json
│ │ │ ├── eap70-mysql-persistent-s2i.json
│ │ │ ├── eap70-mysql-s2i.json
│ │ │ ├── eap70-postgresql-persistent-s2i.json
│ │ │ ├── eap70-postgresql-s2i.json
│ │ │ ├── eap70-sso-s2i.json
│ │ │ ├── jws30-tomcat7-basic-s2i.json
│ │ │ ├── jws30-tomcat7-https-s2i.json
│ │ │ ├── jws30-tomcat7-mongodb-persistent-s2i.json
│ │ │ ├── jws30-tomcat7-mongodb-s2i.json
│ │ │ ├── jws30-tomcat7-mysql-persistent-s2i.json
│ │ │ ├── jws30-tomcat7-mysql-s2i.json
│ │ │ ├── jws30-tomcat7-postgresql-persistent-s2i.json
│ │ │ ├── jws30-tomcat7-postgresql-s2i.json
│ │ │ ├── jws30-tomcat8-basic-s2i.json
│ │ │ ├── jws30-tomcat8-https-s2i.json
│ │ │ ├── jws30-tomcat8-mongodb-persistent-s2i.json
│ │ │ ├── jws30-tomcat8-mongodb-s2i.json
│ │ │ ├── jws30-tomcat8-mysql-persistent-s2i.json
│ │ │ ├── jws30-tomcat8-mysql-s2i.json
│ │ │ ├── jws30-tomcat8-postgresql-persistent-s2i.json
│ │ │ ├── jws30-tomcat8-postgresql-s2i.json
│ │ │ ├── karaf2-camel-amq-template.json
│ │ │ ├── karaf2-camel-log-template.json
│ │ │ ├── karaf2-camel-rest-sql-template.json
│ │ │ ├── karaf2-cxf-rest-template.json
│ │ │ ├── openjdk18-web-basic-s2i.json
│ │ │ ├── processserver63-amq-mysql-persistent-s2i.json
│ │ │ ├── processserver63-amq-mysql-s2i.json
│ │ │ ├── processserver63-amq-postgresql-persistent-s2i.json
│ │ │ ├── processserver63-amq-postgresql-s2i.json
│ │ │ ├── processserver63-basic-s2i.json
│ │ │ ├── processserver63-mysql-persistent-s2i.json
│ │ │ ├── processserver63-mysql-s2i.json
│ │ │ ├── processserver63-postgresql-persistent-s2i.json
│ │ │ ├── processserver63-postgresql-s2i.json
│ │ │ ├── spring-boot-camel-amq-template.json
│ │ │ ├── spring-boot-camel-config-template.json
│ │ │ ├── spring-boot-camel-drools-template.json
│ │ │ ├── spring-boot-camel-infinispan-template.json
│ │ │ ├── spring-boot-camel-rest-sql-template.json
│ │ │ ├── spring-boot-camel-teiid-template.json
│ │ │ ├── spring-boot-camel-template.json
│ │ │ ├── spring-boot-camel-xml-template.json
│ │ │ ├── spring-boot-cxf-jaxrs-template.json
│ │ │ ├── spring-boot-cxf-jaxws-template.json
│ │ │ ├── sso70-https.json
│ │ │ ├── sso70-mysql-persistent.json
│ │ │ ├── sso70-mysql.json
│ │ │ ├── sso70-postgresql-persistent.json
│ │ │ └── sso70-postgresql.json
│ ├── v1.4
│ │ ├── cfme-templates
│ │ │ ├── cfme-pv-app-example.yaml
│ │ │ ├── cfme-pv-example.yaml
│ │ │ ├── cfme-template.yaml
│ │ │ ├── jboss-middleware-manager-pv-example.yaml
│ │ │ └── jboss-middleware-manager-template.yaml
│ │ ├── db-templates
│ │ │ ├── README.md
│ │ │ ├── mariadb-ephemeral-template.json
│ │ │ ├── mariadb-persistent-template.json
│ │ │ ├── mongodb-ephemeral-template.json
│ │ │ ├── mongodb-persistent-template.json
│ │ │ ├── mysql-ephemeral-template.json
│ │ │ ├── mysql-persistent-template.json
│ │ │ ├── postgresql-ephemeral-template.json
│ │ │ ├── postgresql-persistent-template.json
│ │ │ ├── redis-ephemeral-template.json
│ │ │ └── redis-persistent-template.json
│ │ ├── image-streams
│ │ │ ├── dotnet_imagestreams.json
│ │ │ ├── image-streams-centos7.json
│ │ │ └── image-streams-rhel7.json
│ │ ├── quickstart-templates
│ │ │ ├── README.md
│ │ │ ├── amp.yml
│ │ │ ├── apicast-gateway-template.yml
│ │ │ ├── apicast.yml
│ │ │ ├── cakephp-mysql-persistent.json
│ │ │ ├── cakephp-mysql.json
│ │ │ ├── dancer-mysql-persistent.json
│ │ │ ├── dancer-mysql.json
│ │ │ ├── django-postgresql-persistent.json
│ │ │ ├── django-postgresql.json
│ │ │ ├── dotnet-example.json
│ │ │ ├── dotnet-pgsql-persistent.json
│ │ │ ├── httpd.json
│ │ │ ├── jenkins-ephemeral-template.json
│ │ │ ├── jenkins-persistent-template.json
│ │ │ ├── nodejs-mongodb-persistent.json
│ │ │ ├── nodejs-mongodb.json
│ │ │ ├── pvc.yml
│ │ │ ├── rails-postgresql-persistent.json
│ │ │ ├── rails-postgresql.json
│ │ │ └── wildcard.yml
│ │ ├── xpaas-streams
│ │ │ ├── fis-image-streams.json
│ │ │ └── jboss-image-streams.json
│ │ └── xpaas-templates
│ │ │ ├── amq62-basic.json
│ │ │ ├── amq62-persistent-ssl.json
│ │ │ ├── amq62-persistent.json
│ │ │ ├── amq62-ssl.json
│ │ │ ├── amq63-basic.json
│ │ │ ├── amq63-persistent-ssl.json
│ │ │ ├── amq63-persistent.json
│ │ │ ├── amq63-ssl.json
│ │ │ ├── datagrid65-basic.json
│ │ │ ├── datagrid65-https.json
│ │ │ ├── datagrid65-mysql-persistent.json
│ │ │ ├── datagrid65-mysql.json
│ │ │ ├── datagrid65-postgresql-persistent.json
│ │ │ ├── datagrid65-postgresql.json
│ │ │ ├── datavirt63-basic-s2i.json
│ │ │ ├── datavirt63-extensions-support-s2i.json
│ │ │ ├── datavirt63-secure-s2i.json
│ │ │ ├── decisionserver62-amq-s2i.json
│ │ │ ├── decisionserver62-basic-s2i.json
│ │ │ ├── decisionserver62-https-s2i.json
│ │ │ ├── decisionserver63-amq-s2i.json
│ │ │ ├── decisionserver63-basic-s2i.json
│ │ │ ├── decisionserver63-https-s2i.json
│ │ │ ├── decisionserver64-amq-s2i.json
│ │ │ ├── decisionserver64-basic-s2i.json
│ │ │ ├── decisionserver64-https-s2i.json
│ │ │ ├── eap64-amq-persistent-s2i.json
│ │ │ ├── eap64-amq-s2i.json
│ │ │ ├── eap64-basic-s2i.json
│ │ │ ├── eap64-https-s2i.json
│ │ │ ├── eap64-mongodb-persistent-s2i.json
│ │ │ ├── eap64-mongodb-s2i.json
│ │ │ ├── eap64-mysql-persistent-s2i.json
│ │ │ ├── eap64-mysql-s2i.json
│ │ │ ├── eap64-postgresql-persistent-s2i.json
│ │ │ ├── eap64-postgresql-s2i.json
│ │ │ ├── eap64-sso-s2i.json
│ │ │ ├── eap64-third-party-db-s2i.json
│ │ │ ├── eap70-amq-persistent-s2i.json
│ │ │ ├── eap70-amq-s2i.json
│ │ │ ├── eap70-basic-s2i.json
│ │ │ ├── eap70-https-s2i.json
│ │ │ ├── eap70-mongodb-persistent-s2i.json
│ │ │ ├── eap70-mongodb-s2i.json
│ │ │ ├── eap70-mysql-persistent-s2i.json
│ │ │ ├── eap70-mysql-s2i.json
│ │ │ ├── eap70-postgresql-persistent-s2i.json
│ │ │ ├── eap70-postgresql-s2i.json
│ │ │ ├── eap70-sso-s2i.json
│ │ │ ├── eap70-third-party-db-s2i.json
│ │ │ ├── jws30-tomcat7-basic-s2i.json
│ │ │ ├── jws30-tomcat7-https-s2i.json
│ │ │ ├── jws30-tomcat7-mongodb-persistent-s2i.json
│ │ │ ├── jws30-tomcat7-mongodb-s2i.json
│ │ │ ├── jws30-tomcat7-mysql-persistent-s2i.json
│ │ │ ├── jws30-tomcat7-mysql-s2i.json
│ │ │ ├── jws30-tomcat7-postgresql-persistent-s2i.json
│ │ │ ├── jws30-tomcat7-postgresql-s2i.json
│ │ │ ├── jws30-tomcat8-basic-s2i.json
│ │ │ ├── jws30-tomcat8-https-s2i.json
│ │ │ ├── jws30-tomcat8-mongodb-persistent-s2i.json
│ │ │ ├── jws30-tomcat8-mongodb-s2i.json
│ │ │ ├── jws30-tomcat8-mysql-persistent-s2i.json
│ │ │ ├── jws30-tomcat8-mysql-s2i.json
│ │ │ ├── jws30-tomcat8-postgresql-persistent-s2i.json
│ │ │ ├── jws30-tomcat8-postgresql-s2i.json
│ │ │ ├── jws31-tomcat7-basic-s2i.json
│ │ │ ├── jws31-tomcat7-https-s2i.json
│ │ │ ├── jws31-tomcat7-mongodb-persistent-s2i.json
│ │ │ ├── jws31-tomcat7-mongodb-s2i.json
│ │ │ ├── jws31-tomcat7-mysql-persistent-s2i.json
│ │ │ ├── jws31-tomcat7-mysql-s2i.json
│ │ │ ├── jws31-tomcat7-postgresql-persistent-s2i.json
│ │ │ ├── jws31-tomcat7-postgresql-s2i.json
│ │ │ ├── jws31-tomcat8-basic-s2i.json
│ │ │ ├── jws31-tomcat8-https-s2i.json
│ │ │ ├── jws31-tomcat8-mongodb-persistent-s2i.json
│ │ │ ├── jws31-tomcat8-mongodb-s2i.json
│ │ │ ├── jws31-tomcat8-mysql-persistent-s2i.json
│ │ │ ├── jws31-tomcat8-mysql-s2i.json
│ │ │ ├── jws31-tomcat8-postgresql-persistent-s2i.json
│ │ │ ├── jws31-tomcat8-postgresql-s2i.json
│ │ │ ├── karaf2-camel-amq-template.json
│ │ │ ├── karaf2-camel-log-template.json
│ │ │ ├── karaf2-camel-rest-sql-template.json
│ │ │ ├── karaf2-cxf-rest-template.json
│ │ │ ├── openjdk18-web-basic-s2i.json
│ │ │ ├── processserver63-amq-mysql-persistent-s2i.json
│ │ │ ├── processserver63-amq-mysql-s2i.json
│ │ │ ├── processserver63-amq-postgresql-persistent-s2i.json
│ │ │ ├── processserver63-amq-postgresql-s2i.json
│ │ │ ├── processserver63-basic-s2i.json
│ │ │ ├── processserver63-mysql-persistent-s2i.json
│ │ │ ├── processserver63-mysql-s2i.json
│ │ │ ├── processserver63-postgresql-persistent-s2i.json
│ │ │ ├── processserver63-postgresql-s2i.json
│ │ │ ├── processserver64-amq-mysql-persistent-s2i.json
│ │ │ ├── processserver64-amq-mysql-s2i.json
│ │ │ ├── processserver64-amq-postgresql-persistent-s2i.json
│ │ │ ├── processserver64-amq-postgresql-s2i.json
│ │ │ ├── processserver64-basic-s2i.json
│ │ │ ├── processserver64-mysql-persistent-s2i.json
│ │ │ ├── processserver64-mysql-s2i.json
│ │ │ ├── processserver64-postgresql-persistent-s2i.json
│ │ │ ├── processserver64-postgresql-s2i.json
│ │ │ ├── spring-boot-camel-amq-template.json
│ │ │ ├── spring-boot-camel-config-template.json
│ │ │ ├── spring-boot-camel-drools-template.json
│ │ │ ├── spring-boot-camel-infinispan-template.json
│ │ │ ├── spring-boot-camel-rest-sql-template.json
│ │ │ ├── spring-boot-camel-teiid-template.json
│ │ │ ├── spring-boot-camel-template.json
│ │ │ ├── spring-boot-camel-xml-template.json
│ │ │ ├── spring-boot-cxf-jaxrs-template.json
│ │ │ ├── spring-boot-cxf-jaxws-template.json
│ │ │ ├── sso70-https.json
│ │ │ ├── sso70-mysql-persistent.json
│ │ │ ├── sso70-mysql.json
│ │ │ ├── sso70-postgresql-persistent.json
│ │ │ ├── sso70-postgresql.json
│ │ │ ├── sso71-https.json
│ │ │ ├── sso71-mysql-persistent.json
│ │ │ ├── sso71-mysql.json
│ │ │ ├── sso71-postgresql-persistent.json
│ │ │ └── sso71-postgresql.json
│ ├── v1.5
│ │ ├── cfme-templates
│ │ │ ├── cfme-pv-db-example.yaml
│ │ │ ├── cfme-pv-region-example.yaml
│ │ │ ├── cfme-pv-server-example.yaml
│ │ │ ├── cfme-template.yaml
│ │ │ ├── jboss-middleware-manager-pv-example.yaml
│ │ │ └── jboss-middleware-manager-template.yaml
│ │ ├── db-templates
│ │ │ ├── README.md
│ │ │ ├── mariadb-ephemeral-template.json
│ │ │ ├── mariadb-persistent-template.json
│ │ │ ├── mongodb-ephemeral-template.json
│ │ │ ├── mongodb-persistent-template.json
│ │ │ ├── mysql-ephemeral-template.json
│ │ │ ├── mysql-persistent-template.json
│ │ │ ├── postgresql-ephemeral-template.json
│ │ │ ├── postgresql-persistent-template.json
│ │ │ ├── redis-ephemeral-template.json
│ │ │ └── redis-persistent-template.json
│ │ ├── image-streams
│ │ │ ├── dotnet_imagestreams.json
│ │ │ ├── dotnet_imagestreams_centos.json
│ │ │ ├── image-streams-centos7.json
│ │ │ └── image-streams-rhel7.json
│ │ ├── quickstart-templates
│ │ │ ├── README.md
│ │ │ ├── amp.yml
│ │ │ ├── apicast.yml
│ │ │ ├── cakephp-mysql-persistent.json
│ │ │ ├── cakephp-mysql.json
│ │ │ ├── dancer-mysql-persistent.json
│ │ │ ├── dancer-mysql.json
│ │ │ ├── django-postgresql-persistent.json
│ │ │ ├── django-postgresql.json
│ │ │ ├── dotnet-example.json
│ │ │ ├── dotnet-pgsql-persistent.json
│ │ │ ├── httpd.json
│ │ │ ├── jenkins-ephemeral-template.json
│ │ │ ├── jenkins-persistent-template.json
│ │ │ ├── nodejs-mongodb-persistent.json
│ │ │ ├── nodejs-mongodb.json
│ │ │ ├── pvc.yml
│ │ │ ├── rails-postgresql-persistent.json
│ │ │ ├── rails-postgresql.json
│ │ │ └── wildcard.yml
│ │ ├── xpaas-streams
│ │ │ ├── fis-image-streams.json
│ │ │ └── jboss-image-streams.json
│ │ └── xpaas-templates
│ │ │ ├── amq62-basic.json
│ │ │ ├── amq62-persistent-ssl.json
│ │ │ ├── amq62-persistent.json
│ │ │ ├── amq62-ssl.json
│ │ │ ├── amq63-basic.json
│ │ │ ├── amq63-persistent-ssl.json
│ │ │ ├── amq63-persistent.json
│ │ │ ├── amq63-ssl.json
│ │ │ ├── datagrid65-basic.json
│ │ │ ├── datagrid65-https.json
│ │ │ ├── datagrid65-mysql-persistent.json
│ │ │ ├── datagrid65-mysql.json
│ │ │ ├── datagrid65-postgresql-persistent.json
│ │ │ ├── datagrid65-postgresql.json
│ │ │ ├── datavirt63-basic-s2i.json
│ │ │ ├── datavirt63-extensions-support-s2i.json
│ │ │ ├── datavirt63-secure-s2i.json
│ │ │ ├── decisionserver62-amq-s2i.json
│ │ │ ├── decisionserver62-basic-s2i.json
│ │ │ ├── decisionserver62-https-s2i.json
│ │ │ ├── decisionserver63-amq-s2i.json
│ │ │ ├── decisionserver63-basic-s2i.json
│ │ │ ├── decisionserver63-https-s2i.json
│ │ │ ├── decisionserver64-amq-s2i.json
│ │ │ ├── decisionserver64-basic-s2i.json
│ │ │ ├── decisionserver64-https-s2i.json
│ │ │ ├── eap64-amq-persistent-s2i.json
│ │ │ ├── eap64-amq-s2i.json
│ │ │ ├── eap64-basic-s2i.json
│ │ │ ├── eap64-https-s2i.json
│ │ │ ├── eap64-mongodb-persistent-s2i.json
│ │ │ ├── eap64-mongodb-s2i.json
│ │ │ ├── eap64-mysql-persistent-s2i.json
│ │ │ ├── eap64-mysql-s2i.json
│ │ │ ├── eap64-postgresql-persistent-s2i.json
│ │ │ ├── eap64-postgresql-s2i.json
│ │ │ ├── eap64-sso-s2i.json
│ │ │ ├── eap64-third-party-db-s2i.json
│ │ │ ├── eap70-amq-persistent-s2i.json
│ │ │ ├── eap70-amq-s2i.json
│ │ │ ├── eap70-basic-s2i.json
│ │ │ ├── eap70-https-s2i.json
│ │ │ ├── eap70-mongodb-persistent-s2i.json
│ │ │ ├── eap70-mongodb-s2i.json
│ │ │ ├── eap70-mysql-persistent-s2i.json
│ │ │ ├── eap70-mysql-s2i.json
│ │ │ ├── eap70-postgresql-persistent-s2i.json
│ │ │ ├── eap70-postgresql-s2i.json
│ │ │ ├── eap70-sso-s2i.json
│ │ │ ├── eap70-third-party-db-s2i.json
│ │ │ ├── jws30-tomcat7-basic-s2i.json
│ │ │ ├── jws30-tomcat7-https-s2i.json
│ │ │ ├── jws30-tomcat7-mongodb-persistent-s2i.json
│ │ │ ├── jws30-tomcat7-mongodb-s2i.json
│ │ │ ├── jws30-tomcat7-mysql-persistent-s2i.json
│ │ │ ├── jws30-tomcat7-mysql-s2i.json
│ │ │ ├── jws30-tomcat7-postgresql-persistent-s2i.json
│ │ │ ├── jws30-tomcat7-postgresql-s2i.json
│ │ │ ├── jws30-tomcat8-basic-s2i.json
│ │ │ ├── jws30-tomcat8-https-s2i.json
│ │ │ ├── jws30-tomcat8-mongodb-persistent-s2i.json
│ │ │ ├── jws30-tomcat8-mongodb-s2i.json
│ │ │ ├── jws30-tomcat8-mysql-persistent-s2i.json
│ │ │ ├── jws30-tomcat8-mysql-s2i.json
│ │ │ ├── jws30-tomcat8-postgresql-persistent-s2i.json
│ │ │ ├── jws30-tomcat8-postgresql-s2i.json
│ │ │ ├── jws31-tomcat7-basic-s2i.json
│ │ │ ├── jws31-tomcat7-https-s2i.json
│ │ │ ├── jws31-tomcat7-mongodb-persistent-s2i.json
│ │ │ ├── jws31-tomcat7-mongodb-s2i.json
│ │ │ ├── jws31-tomcat7-mysql-persistent-s2i.json
│ │ │ ├── jws31-tomcat7-mysql-s2i.json
│ │ │ ├── jws31-tomcat7-postgresql-persistent-s2i.json
│ │ │ ├── jws31-tomcat7-postgresql-s2i.json
│ │ │ ├── jws31-tomcat8-basic-s2i.json
│ │ │ ├── jws31-tomcat8-https-s2i.json
│ │ │ ├── jws31-tomcat8-mongodb-persistent-s2i.json
│ │ │ ├── jws31-tomcat8-mongodb-s2i.json
│ │ │ ├── jws31-tomcat8-mysql-persistent-s2i.json
│ │ │ ├── jws31-tomcat8-mysql-s2i.json
│ │ │ ├── jws31-tomcat8-postgresql-persistent-s2i.json
│ │ │ ├── jws31-tomcat8-postgresql-s2i.json
│ │ │ ├── karaf2-camel-amq-template.json
│ │ │ ├── karaf2-camel-log-template.json
│ │ │ ├── karaf2-camel-rest-sql-template.json
│ │ │ ├── karaf2-cxf-rest-template.json
│ │ │ ├── openjdk18-web-basic-s2i.json
│ │ │ ├── processserver63-amq-mysql-persistent-s2i.json
│ │ │ ├── processserver63-amq-mysql-s2i.json
│ │ │ ├── processserver63-amq-postgresql-persistent-s2i.json
│ │ │ ├── processserver63-amq-postgresql-s2i.json
│ │ │ ├── processserver63-basic-s2i.json
│ │ │ ├── processserver63-mysql-persistent-s2i.json
│ │ │ ├── processserver63-mysql-s2i.json
│ │ │ ├── processserver63-postgresql-persistent-s2i.json
│ │ │ ├── processserver63-postgresql-s2i.json
│ │ │ ├── processserver64-amq-mysql-persistent-s2i.json
│ │ │ ├── processserver64-amq-mysql-s2i.json
│ │ │ ├── processserver64-amq-postgresql-persistent-s2i.json
│ │ │ ├── processserver64-amq-postgresql-s2i.json
│ │ │ ├── processserver64-basic-s2i.json
│ │ │ ├── processserver64-mysql-persistent-s2i.json
│ │ │ ├── processserver64-mysql-s2i.json
│ │ │ ├── processserver64-postgresql-persistent-s2i.json
│ │ │ ├── processserver64-postgresql-s2i.json
│ │ │ ├── spring-boot-camel-amq-template.json
│ │ │ ├── spring-boot-camel-config-template.json
│ │ │ ├── spring-boot-camel-drools-template.json
│ │ │ ├── spring-boot-camel-infinispan-template.json
│ │ │ ├── spring-boot-camel-rest-sql-template.json
│ │ │ ├── spring-boot-camel-teiid-template.json
│ │ │ ├── spring-boot-camel-template.json
│ │ │ ├── spring-boot-camel-xml-template.json
│ │ │ ├── spring-boot-cxf-jaxrs-template.json
│ │ │ ├── spring-boot-cxf-jaxws-template.json
│ │ │ ├── sso70-https.json
│ │ │ ├── sso70-mysql-persistent.json
│ │ │ ├── sso70-mysql.json
│ │ │ ├── sso70-postgresql-persistent.json
│ │ │ ├── sso70-postgresql.json
│ │ │ ├── sso71-https.json
│ │ │ ├── sso71-mysql-persistent.json
│ │ │ ├── sso71-mysql.json
│ │ │ ├── sso71-postgresql-persistent.json
│ │ │ └── sso71-postgresql.json
│ ├── v1.6
│ │ ├── cfme-templates
│ │ │ ├── cfme-pv-db-example.yaml
│ │ │ ├── cfme-pv-region-example.yaml
│ │ │ ├── cfme-pv-server-example.yaml
│ │ │ ├── cfme-template.yaml
│ │ │ ├── jboss-middleware-manager-pv-example.yaml
│ │ │ └── jboss-middleware-manager-template.yaml
│ │ ├── db-templates
│ │ │ ├── OWNERS
│ │ │ ├── README.md
│ │ │ ├── mariadb-ephemeral-template.json
│ │ │ ├── mariadb-persistent-template.json
│ │ │ ├── mongodb-ephemeral-template.json
│ │ │ ├── mongodb-persistent-template.json
│ │ │ ├── mysql-ephemeral-template.json
│ │ │ ├── mysql-persistent-template.json
│ │ │ ├── postgresql-ephemeral-template.json
│ │ │ ├── postgresql-persistent-template.json
│ │ │ ├── redis-ephemeral-template.json
│ │ │ └── redis-persistent-template.json
│ │ ├── image-streams
│ │ │ ├── OWNERS
│ │ │ ├── dotnet_imagestreams.json
│ │ │ ├── dotnet_imagestreams_centos.json
│ │ │ ├── image-streams-centos7.json
│ │ │ └── image-streams-rhel7.json
│ │ ├── quickstart-templates
│ │ │ ├── OWNERS
│ │ │ ├── README.md
│ │ │ ├── amp.yml
│ │ │ ├── apicast-gateway-template.yml
│ │ │ ├── apicast.yml
│ │ │ ├── cakephp-mysql-persistent.json
│ │ │ ├── cakephp-mysql.json
│ │ │ ├── dancer-mysql-persistent.json
│ │ │ ├── dancer-mysql.json
│ │ │ ├── django-postgresql-persistent.json
│ │ │ ├── django-postgresql.json
│ │ │ ├── dotnet-example.json
│ │ │ ├── dotnet-pgsql-persistent.json
│ │ │ ├── dotnet-runtime-example.json
│ │ │ ├── httpd.json
│ │ │ ├── jenkins-ephemeral-template.json
│ │ │ ├── jenkins-persistent-template.json
│ │ │ ├── nodejs-mongodb-persistent.json
│ │ │ ├── nodejs-mongodb.json
│ │ │ ├── pvc.yml
│ │ │ ├── rails-postgresql-persistent.json
│ │ │ ├── rails-postgresql.json
│ │ │ └── wildcard.yml
│ │ ├── xpaas-streams
│ │ │ ├── fis-image-streams.json
│ │ │ └── jboss-image-streams.json
│ │ └── xpaas-templates
│ │ │ ├── amq62-basic.json
│ │ │ ├── amq62-persistent-ssl.json
│ │ │ ├── amq62-persistent.json
│ │ │ ├── amq62-ssl.json
│ │ │ ├── amq63-basic.json
│ │ │ ├── amq63-persistent-ssl.json
│ │ │ ├── amq63-persistent.json
│ │ │ ├── amq63-ssl.json
│ │ │ ├── datagrid65-basic.json
│ │ │ ├── datagrid65-https.json
│ │ │ ├── datagrid65-mysql-persistent.json
│ │ │ ├── datagrid65-mysql.json
│ │ │ ├── datagrid65-postgresql-persistent.json
│ │ │ ├── datagrid65-postgresql.json
│ │ │ ├── datavirt63-basic-s2i.json
│ │ │ ├── datavirt63-extensions-support-s2i.json
│ │ │ ├── datavirt63-secure-s2i.json
│ │ │ ├── decisionserver62-amq-s2i.json
│ │ │ ├── decisionserver62-basic-s2i.json
│ │ │ ├── decisionserver62-https-s2i.json
│ │ │ ├── decisionserver63-amq-s2i.json
│ │ │ ├── decisionserver63-basic-s2i.json
│ │ │ ├── decisionserver63-https-s2i.json
│ │ │ ├── decisionserver64-amq-s2i.json
│ │ │ ├── decisionserver64-basic-s2i.json
│ │ │ ├── decisionserver64-https-s2i.json
│ │ │ ├── eap64-amq-persistent-s2i.json
│ │ │ ├── eap64-amq-s2i.json
│ │ │ ├── eap64-basic-s2i.json
│ │ │ ├── eap64-https-s2i.json
│ │ │ ├── eap64-mongodb-persistent-s2i.json
│ │ │ ├── eap64-mongodb-s2i.json
│ │ │ ├── eap64-mysql-persistent-s2i.json
│ │ │ ├── eap64-mysql-s2i.json
│ │ │ ├── eap64-postgresql-persistent-s2i.json
│ │ │ ├── eap64-postgresql-s2i.json
│ │ │ ├── eap64-sso-s2i.json
│ │ │ ├── eap64-third-party-db-s2i.json
│ │ │ ├── eap70-amq-persistent-s2i.json
│ │ │ ├── eap70-amq-s2i.json
│ │ │ ├── eap70-basic-s2i.json
│ │ │ ├── eap70-https-s2i.json
│ │ │ ├── eap70-mongodb-persistent-s2i.json
│ │ │ ├── eap70-mongodb-s2i.json
│ │ │ ├── eap70-mysql-persistent-s2i.json
│ │ │ ├── eap70-mysql-s2i.json
│ │ │ ├── eap70-postgresql-persistent-s2i.json
│ │ │ ├── eap70-postgresql-s2i.json
│ │ │ ├── eap70-sso-s2i.json
│ │ │ ├── eap70-third-party-db-s2i.json
│ │ │ ├── jws30-tomcat7-basic-s2i.json
│ │ │ ├── jws30-tomcat7-https-s2i.json
│ │ │ ├── jws30-tomcat7-mongodb-persistent-s2i.json
│ │ │ ├── jws30-tomcat7-mongodb-s2i.json
│ │ │ ├── jws30-tomcat7-mysql-persistent-s2i.json
│ │ │ ├── jws30-tomcat7-mysql-s2i.json
│ │ │ ├── jws30-tomcat7-postgresql-persistent-s2i.json
│ │ │ ├── jws30-tomcat7-postgresql-s2i.json
│ │ │ ├── jws30-tomcat8-basic-s2i.json
│ │ │ ├── jws30-tomcat8-https-s2i.json
│ │ │ ├── jws30-tomcat8-mongodb-persistent-s2i.json
│ │ │ ├── jws30-tomcat8-mongodb-s2i.json
│ │ │ ├── jws30-tomcat8-mysql-persistent-s2i.json
│ │ │ ├── jws30-tomcat8-mysql-s2i.json
│ │ │ ├── jws30-tomcat8-postgresql-persistent-s2i.json
│ │ │ ├── jws30-tomcat8-postgresql-s2i.json
│ │ │ ├── jws31-tomcat7-basic-s2i.json
│ │ │ ├── jws31-tomcat7-https-s2i.json
│ │ │ ├── jws31-tomcat7-mongodb-persistent-s2i.json
│ │ │ ├── jws31-tomcat7-mongodb-s2i.json
│ │ │ ├── jws31-tomcat7-mysql-persistent-s2i.json
│ │ │ ├── jws31-tomcat7-mysql-s2i.json
│ │ │ ├── jws31-tomcat7-postgresql-persistent-s2i.json
│ │ │ ├── jws31-tomcat7-postgresql-s2i.json
│ │ │ ├── jws31-tomcat8-basic-s2i.json
│ │ │ ├── jws31-tomcat8-https-s2i.json
│ │ │ ├── jws31-tomcat8-mongodb-persistent-s2i.json
│ │ │ ├── jws31-tomcat8-mongodb-s2i.json
│ │ │ ├── jws31-tomcat8-mysql-persistent-s2i.json
│ │ │ ├── jws31-tomcat8-mysql-s2i.json
│ │ │ ├── jws31-tomcat8-postgresql-persistent-s2i.json
│ │ │ ├── jws31-tomcat8-postgresql-s2i.json
│ │ │ ├── karaf2-camel-amq-template.json
│ │ │ ├── karaf2-camel-log-template.json
│ │ │ ├── karaf2-camel-rest-sql-template.json
│ │ │ ├── karaf2-cxf-rest-template.json
│ │ │ ├── openjdk18-web-basic-s2i.json
│ │ │ ├── processserver63-amq-mysql-persistent-s2i.json
│ │ │ ├── processserver63-amq-mysql-s2i.json
│ │ │ ├── processserver63-amq-postgresql-persistent-s2i.json
│ │ │ ├── processserver63-amq-postgresql-s2i.json
│ │ │ ├── processserver63-basic-s2i.json
│ │ │ ├── processserver63-mysql-persistent-s2i.json
│ │ │ ├── processserver63-mysql-s2i.json
│ │ │ ├── processserver63-postgresql-persistent-s2i.json
│ │ │ ├── processserver63-postgresql-s2i.json
│ │ │ ├── processserver64-amq-mysql-persistent-s2i.json
│ │ │ ├── processserver64-amq-mysql-s2i.json
│ │ │ ├── processserver64-amq-postgresql-persistent-s2i.json
│ │ │ ├── processserver64-amq-postgresql-s2i.json
│ │ │ ├── processserver64-basic-s2i.json
│ │ │ ├── processserver64-mysql-persistent-s2i.json
│ │ │ ├── processserver64-mysql-s2i.json
│ │ │ ├── processserver64-postgresql-persistent-s2i.json
│ │ │ ├── processserver64-postgresql-s2i.json
│ │ │ ├── spring-boot-camel-amq-template.json
│ │ │ ├── spring-boot-camel-config-template.json
│ │ │ ├── spring-boot-camel-drools-template.json
│ │ │ ├── spring-boot-camel-infinispan-template.json
│ │ │ ├── spring-boot-camel-rest-sql-template.json
│ │ │ ├── spring-boot-camel-teiid-template.json
│ │ │ ├── spring-boot-camel-template.json
│ │ │ ├── spring-boot-camel-xml-template.json
│ │ │ ├── spring-boot-cxf-jaxrs-template.json
│ │ │ ├── spring-boot-cxf-jaxws-template.json
│ │ │ ├── sso70-https.json
│ │ │ ├── sso70-mysql-persistent.json
│ │ │ ├── sso70-mysql.json
│ │ │ ├── sso70-postgresql-persistent.json
│ │ │ ├── sso70-postgresql.json
│ │ │ ├── sso71-https.json
│ │ │ ├── sso71-mysql-persistent.json
│ │ │ ├── sso71-mysql.json
│ │ │ ├── sso71-postgresql-persistent.json
│ │ │ └── sso71-postgresql.json
│ ├── v1.7
│ │ ├── cfme-templates
│ │ │ ├── cfme-backup-job.yaml
│ │ │ ├── cfme-backup-pvc.yaml
│ │ │ ├── cfme-pv-backup-example.yaml
│ │ │ ├── cfme-pv-db-example.yaml
│ │ │ ├── cfme-pv-region-example.yaml
│ │ │ ├── cfme-pv-server-example.yaml
│ │ │ ├── cfme-restore-job.yaml
│ │ │ ├── cfme-scc-sysadmin.yaml
│ │ │ ├── cfme-template-ext-db.yaml
│ │ │ ├── cfme-template.yaml
│ │ │ ├── jboss-middleware-manager-pv-example.yaml
│ │ │ └── jboss-middleware-manager-template.yaml
│ │ ├── db-templates
│ │ │ ├── OWNERS
│ │ │ ├── README.md
│ │ │ ├── mariadb-ephemeral-template.json
│ │ │ ├── mariadb-persistent-template.json
│ │ │ ├── mongodb-ephemeral-template.json
│ │ │ ├── mongodb-persistent-template.json
│ │ │ ├── mysql-ephemeral-template.json
│ │ │ ├── mysql-persistent-template.json
│ │ │ ├── postgresql-ephemeral-template.json
│ │ │ ├── postgresql-persistent-template.json
│ │ │ ├── redis-ephemeral-template.json
│ │ │ └── redis-persistent-template.json
│ │ ├── image-streams
│ │ │ ├── OWNERS
│ │ │ ├── dotnet_imagestreams.json
│ │ │ ├── dotnet_imagestreams_centos.json
│ │ │ ├── image-streams-centos7.json
│ │ │ └── image-streams-rhel7.json
│ │ ├── quickstart-templates
│ │ │ ├── OWNERS
│ │ │ ├── README.md
│ │ │ ├── amp.yml
│ │ │ ├── apicast-gateway-template.yml
│ │ │ ├── apicast.yml
│ │ │ ├── cakephp-mysql-persistent.json
│ │ │ ├── cakephp-mysql.json
│ │ │ ├── dancer-mysql-persistent.json
│ │ │ ├── dancer-mysql.json
│ │ │ ├── django-postgresql-persistent.json
│ │ │ ├── django-postgresql.json
│ │ │ ├── dotnet-example.json
│ │ │ ├── dotnet-pgsql-persistent.json
│ │ │ ├── dotnet-runtime-example.json
│ │ │ ├── httpd.json
│ │ │ ├── jenkins-ephemeral-template.json
│ │ │ ├── jenkins-persistent-template.json
│ │ │ ├── nodejs-mongodb-persistent.json
│ │ │ ├── nodejs-mongodb.json
│ │ │ ├── pvc.yml
│ │ │ ├── rails-postgresql-persistent.json
│ │ │ ├── rails-postgresql.json
│ │ │ └── wildcard.yml
│ │ ├── xpaas-streams
│ │ │ ├── fis-image-streams.json
│ │ │ └── jboss-image-streams.json
│ │ └── xpaas-templates
│ │ │ ├── amq62-basic.json
│ │ │ ├── amq62-persistent-ssl.json
│ │ │ ├── amq62-persistent.json
│ │ │ ├── amq62-ssl.json
│ │ │ ├── amq63-basic.json
│ │ │ ├── amq63-persistent-ssl.json
│ │ │ ├── amq63-persistent.json
│ │ │ ├── amq63-ssl.json
│ │ │ ├── datagrid65-basic.json
│ │ │ ├── datagrid65-https.json
│ │ │ ├── datagrid65-mysql-persistent.json
│ │ │ ├── datagrid65-mysql.json
│ │ │ ├── datagrid65-postgresql-persistent.json
│ │ │ ├── datagrid65-postgresql.json
│ │ │ ├── datagrid71-basic.json
│ │ │ ├── datagrid71-https.json
│ │ │ ├── datagrid71-mysql-persistent.json
│ │ │ ├── datagrid71-mysql.json
│ │ │ ├── datagrid71-partition.json
│ │ │ ├── datagrid71-postgresql-persistent.json
│ │ │ ├── datagrid71-postgresql.json
│ │ │ ├── datavirt63-basic-s2i.json
│ │ │ ├── datavirt63-extensions-support-s2i.json
│ │ │ ├── datavirt63-secure-s2i.json
│ │ │ ├── decisionserver64-amq-s2i.json
│ │ │ ├── decisionserver64-basic-s2i.json
│ │ │ ├── decisionserver64-https-s2i.json
│ │ │ ├── eap64-amq-persistent-s2i.json
│ │ │ ├── eap64-amq-s2i.json
│ │ │ ├── eap64-basic-s2i.json
│ │ │ ├── eap64-https-s2i.json
│ │ │ ├── eap64-mongodb-persistent-s2i.json
│ │ │ ├── eap64-mongodb-s2i.json
│ │ │ ├── eap64-mysql-persistent-s2i.json
│ │ │ ├── eap64-mysql-s2i.json
│ │ │ ├── eap64-postgresql-persistent-s2i.json
│ │ │ ├── eap64-postgresql-s2i.json
│ │ │ ├── eap64-sso-s2i.json
│ │ │ ├── eap64-third-party-db-s2i.json
│ │ │ ├── eap64-tx-recovery-s2i.json
│ │ │ ├── eap70-amq-persistent-s2i.json
│ │ │ ├── eap70-amq-s2i.json
│ │ │ ├── eap70-basic-s2i.json
│ │ │ ├── eap70-https-s2i.json
│ │ │ ├── eap70-mongodb-persistent-s2i.json
│ │ │ ├── eap70-mongodb-s2i.json
│ │ │ ├── eap70-mysql-persistent-s2i.json
│ │ │ ├── eap70-mysql-s2i.json
│ │ │ ├── eap70-postgresql-persistent-s2i.json
│ │ │ ├── eap70-postgresql-s2i.json
│ │ │ ├── eap70-sso-s2i.json
│ │ │ ├── eap70-third-party-db-s2i.json
│ │ │ ├── eap70-tx-recovery-s2i.json
│ │ │ ├── eap71-amq-persistent-s2i.json
│ │ │ ├── eap71-amq-s2i.json
│ │ │ ├── eap71-basic-s2i.json
│ │ │ ├── eap71-https-s2i.json
│ │ │ ├── eap71-mongodb-persistent-s2i.json
│ │ │ ├── eap71-mongodb-s2i.json
│ │ │ ├── eap71-mysql-persistent-s2i.json
│ │ │ ├── eap71-mysql-s2i.json
│ │ │ ├── eap71-postgresql-persistent-s2i.json
│ │ │ ├── eap71-postgresql-s2i.json
│ │ │ ├── eap71-sso-s2i.json
│ │ │ ├── eap71-third-party-db-s2i.json
│ │ │ ├── eap71-tx-recovery-s2i.json
│ │ │ ├── jws31-tomcat7-basic-s2i.json
│ │ │ ├── jws31-tomcat7-https-s2i.json
│ │ │ ├── jws31-tomcat7-mongodb-persistent-s2i.json
│ │ │ ├── jws31-tomcat7-mongodb-s2i.json
│ │ │ ├── jws31-tomcat7-mysql-persistent-s2i.json
│ │ │ ├── jws31-tomcat7-mysql-s2i.json
│ │ │ ├── jws31-tomcat7-postgresql-persistent-s2i.json
│ │ │ ├── jws31-tomcat7-postgresql-s2i.json
│ │ │ ├── jws31-tomcat8-basic-s2i.json
│ │ │ ├── jws31-tomcat8-https-s2i.json
│ │ │ ├── jws31-tomcat8-mongodb-persistent-s2i.json
│ │ │ ├── jws31-tomcat8-mongodb-s2i.json
│ │ │ ├── jws31-tomcat8-mysql-persistent-s2i.json
│ │ │ ├── jws31-tomcat8-mysql-s2i.json
│ │ │ ├── jws31-tomcat8-postgresql-persistent-s2i.json
│ │ │ ├── jws31-tomcat8-postgresql-s2i.json
│ │ │ ├── karaf2-camel-amq-template.json
│ │ │ ├── karaf2-camel-log-template.json
│ │ │ ├── karaf2-camel-rest-sql-template.json
│ │ │ ├── karaf2-cxf-rest-template.json
│ │ │ ├── openjdk18-web-basic-s2i.json
│ │ │ ├── processserver64-amq-mysql-persistent-s2i.json
│ │ │ ├── processserver64-amq-mysql-s2i.json
│ │ │ ├── processserver64-amq-postgresql-persistent-s2i.json
│ │ │ ├── processserver64-amq-postgresql-s2i.json
│ │ │ ├── processserver64-basic-s2i.json
│ │ │ ├── processserver64-mysql-persistent-s2i.json
│ │ │ ├── processserver64-mysql-s2i.json
│ │ │ ├── processserver64-postgresql-persistent-s2i.json
│ │ │ ├── processserver64-postgresql-s2i.json
│ │ │ ├── spring-boot-camel-amq-template.json
│ │ │ ├── spring-boot-camel-config-template.json
│ │ │ ├── spring-boot-camel-drools-template.json
│ │ │ ├── spring-boot-camel-infinispan-template.json
│ │ │ ├── spring-boot-camel-rest-sql-template.json
│ │ │ ├── spring-boot-camel-teiid-template.json
│ │ │ ├── spring-boot-camel-template.json
│ │ │ ├── spring-boot-camel-xml-template.json
│ │ │ ├── spring-boot-cxf-jaxrs-template.json
│ │ │ ├── spring-boot-cxf-jaxws-template.json
│ │ │ ├── sso71-https.json
│ │ │ ├── sso71-mysql-persistent.json
│ │ │ ├── sso71-mysql.json
│ │ │ ├── sso71-postgresql-persistent.json
│ │ │ └── sso71-postgresql.json
│ └── v1.9
│ │ ├── cfme-templates
│ │ ├── cfme-backup-job.yaml
│ │ ├── cfme-backup-pvc.yaml
│ │ ├── cfme-pv-backup-example.yaml
│ │ ├── cfme-pv-db-example.yaml
│ │ ├── cfme-pv-server-example.yaml
│ │ ├── cfme-restore-job.yaml
│ │ ├── cfme-scc-sysadmin.yaml
│ │ ├── cfme-template-ext-db.yaml
│ │ ├── cfme-template.yaml
│ │ ├── jboss-middleware-manager-pv-example.yaml
│ │ └── jboss-middleware-manager-template.yaml
│ │ ├── db-templates
│ │ ├── OWNERS
│ │ ├── README.md
│ │ ├── mariadb-ephemeral-template.json
│ │ ├── mariadb-persistent-template.json
│ │ ├── mongodb-ephemeral-template.json
│ │ ├── mongodb-persistent-template.json
│ │ ├── mysql-ephemeral-template.json
│ │ ├── mysql-persistent-template.json
│ │ ├── postgresql-ephemeral-template.json
│ │ ├── postgresql-persistent-template.json
│ │ ├── redis-ephemeral-template.json
│ │ └── redis-persistent-template.json
│ │ ├── image-streams
│ │ ├── OWNERS
│ │ ├── dotnet_imagestreams.json
│ │ ├── dotnet_imagestreams_centos.json
│ │ ├── image-streams-centos7.json
│ │ └── image-streams-rhel7.json
│ │ ├── quickstart-templates
│ │ ├── OWNERS
│ │ ├── README.md
│ │ ├── amp.yml
│ │ ├── apicast-gateway-template.yml
│ │ ├── apicast.yml
│ │ ├── cakephp-mysql-persistent.json
│ │ ├── cakephp-mysql.json
│ │ ├── dancer-mysql-persistent.json
│ │ ├── dancer-mysql.json
│ │ ├── django-postgresql-persistent.json
│ │ ├── django-postgresql.json
│ │ ├── dotnet-example.json
│ │ ├── dotnet-pgsql-persistent.json
│ │ ├── dotnet-runtime-example.json
│ │ ├── httpd.json
│ │ ├── jenkins-ephemeral-template.json
│ │ ├── jenkins-persistent-template.json
│ │ ├── nginx.json
│ │ ├── nodejs-mongodb-persistent.json
│ │ ├── nodejs-mongodb.json
│ │ ├── pvc.yml
│ │ ├── rails-postgresql-persistent.json
│ │ ├── rails-postgresql.json
│ │ └── wildcard.yml
│ │ ├── xpaas-streams
│ │ ├── amq62-image-stream.json
│ │ ├── amq63-image-stream.json
│ │ ├── datagrid65-image-stream.json
│ │ ├── datagrid71-image-stream.json
│ │ ├── datavirt63-image-stream.json
│ │ ├── decisionserver62-image-stream.json
│ │ ├── decisionserver63-image-stream.json
│ │ ├── decisionserver64-image-stream.json
│ │ ├── eap-cd-image-stream.json
│ │ ├── eap64-image-stream.json
│ │ ├── eap70-image-stream.json
│ │ ├── eap71-image-stream.json
│ │ ├── fis-image-streams.json
│ │ ├── jws30-tomcat7-image-stream.json
│ │ ├── jws30-tomcat8-image-stream.json
│ │ ├── jws31-tomcat7-image-stream.json
│ │ ├── jws31-tomcat8-image-stream.json
│ │ ├── openjdk18-image-stream.json
│ │ ├── processserver63-image-stream.json
│ │ ├── processserver64-image-stream.json
│ │ ├── sso70-image-stream.json
│ │ ├── sso71-image-stream.json
│ │ └── sso72-image-stream.json
│ │ └── xpaas-templates
│ │ ├── amq62-basic.json
│ │ ├── amq62-persistent-ssl.json
│ │ ├── amq62-persistent.json
│ │ ├── amq62-ssl.json
│ │ ├── amq63-basic.json
│ │ ├── amq63-persistent-ssl.json
│ │ ├── amq63-persistent.json
│ │ ├── amq63-ssl.json
│ │ ├── datagrid65-basic.json
│ │ ├── datagrid65-https.json
│ │ ├── datagrid65-mysql-persistent.json
│ │ ├── datagrid65-mysql.json
│ │ ├── datagrid65-postgresql-persistent.json
│ │ ├── datagrid65-postgresql.json
│ │ ├── datagrid71-basic.json
│ │ ├── datagrid71-https.json
│ │ ├── datagrid71-mysql-persistent.json
│ │ ├── datagrid71-mysql.json
│ │ ├── datagrid71-partition.json
│ │ ├── datagrid71-postgresql-persistent.json
│ │ ├── datagrid71-postgresql.json
│ │ ├── datavirt63-basic-s2i.json
│ │ ├── datavirt63-extensions-support-s2i.json
│ │ ├── datavirt63-secure-s2i.json
│ │ ├── decisionserver64-amq-s2i.json
│ │ ├── decisionserver64-basic-s2i.json
│ │ ├── decisionserver64-https-s2i.json
│ │ ├── eap-cd-amq-persistent-s2i.json
│ │ ├── eap-cd-amq-s2i.json
│ │ ├── eap-cd-basic-s2i.json
│ │ ├── eap-cd-https-s2i.json
│ │ ├── eap-cd-mongodb-persistent-s2i.json
│ │ ├── eap-cd-mongodb-s2i.json
│ │ ├── eap-cd-mysql-persistent-s2i.json
│ │ ├── eap-cd-mysql-s2i.json
│ │ ├── eap-cd-postgresql-persistent-s2i.json
│ │ ├── eap-cd-postgresql-s2i.json
│ │ ├── eap-cd-sso-s2i.json
│ │ ├── eap-cd-third-party-db-s2i.json
│ │ ├── eap-cd-tx-recovery-s2i.json
│ │ ├── eap64-amq-persistent-s2i.json
│ │ ├── eap64-amq-s2i.json
│ │ ├── eap64-basic-s2i.json
│ │ ├── eap64-https-s2i.json
│ │ ├── eap64-mongodb-persistent-s2i.json
│ │ ├── eap64-mongodb-s2i.json
│ │ ├── eap64-mysql-persistent-s2i.json
│ │ ├── eap64-mysql-s2i.json
│ │ ├── eap64-postgresql-persistent-s2i.json
│ │ ├── eap64-postgresql-s2i.json
│ │ ├── eap64-sso-s2i.json
│ │ ├── eap64-third-party-db-s2i.json
│ │ ├── eap64-tx-recovery-s2i.json
│ │ ├── eap70-amq-persistent-s2i.json
│ │ ├── eap70-amq-s2i.json
│ │ ├── eap70-basic-s2i.json
│ │ ├── eap70-https-s2i.json
│ │ ├── eap70-mongodb-persistent-s2i.json
│ │ ├── eap70-mongodb-s2i.json
│ │ ├── eap70-mysql-persistent-s2i.json
│ │ ├── eap70-mysql-s2i.json
│ │ ├── eap70-postgresql-persistent-s2i.json
│ │ ├── eap70-postgresql-s2i.json
│ │ ├── eap70-sso-s2i.json
│ │ ├── eap70-third-party-db-s2i.json
│ │ ├── eap70-tx-recovery-s2i.json
│ │ ├── eap71-amq-persistent-s2i.json
│ │ ├── eap71-amq-s2i.json
│ │ ├── eap71-basic-s2i.json
│ │ ├── eap71-https-s2i.json
│ │ ├── eap71-mongodb-persistent-s2i.json
│ │ ├── eap71-mongodb-s2i.json
│ │ ├── eap71-mysql-persistent-s2i.json
│ │ ├── eap71-mysql-s2i.json
│ │ ├── eap71-postgresql-persistent-s2i.json
│ │ ├── eap71-postgresql-s2i.json
│ │ ├── eap71-sso-s2i.json
│ │ ├── eap71-third-party-db-s2i.json
│ │ ├── eap71-tx-recovery-s2i.json
│ │ ├── jws31-tomcat7-basic-s2i.json
│ │ ├── jws31-tomcat7-https-s2i.json
│ │ ├── jws31-tomcat7-mongodb-persistent-s2i.json
│ │ ├── jws31-tomcat7-mongodb-s2i.json
│ │ ├── jws31-tomcat7-mysql-persistent-s2i.json
│ │ ├── jws31-tomcat7-mysql-s2i.json
│ │ ├── jws31-tomcat7-postgresql-persistent-s2i.json
│ │ ├── jws31-tomcat7-postgresql-s2i.json
│ │ ├── jws31-tomcat8-basic-s2i.json
│ │ ├── jws31-tomcat8-https-s2i.json
│ │ ├── jws31-tomcat8-mongodb-persistent-s2i.json
│ │ ├── jws31-tomcat8-mongodb-s2i.json
│ │ ├── jws31-tomcat8-mysql-persistent-s2i.json
│ │ ├── jws31-tomcat8-mysql-s2i.json
│ │ ├── jws31-tomcat8-postgresql-persistent-s2i.json
│ │ ├── jws31-tomcat8-postgresql-s2i.json
│ │ ├── karaf2-camel-amq-template.json
│ │ ├── karaf2-camel-log-template.json
│ │ ├── karaf2-camel-rest-sql-template.json
│ │ ├── karaf2-cxf-rest-template.json
│ │ ├── openjdk18-web-basic-s2i.json
│ │ ├── processserver64-amq-mysql-persistent-s2i.json
│ │ ├── processserver64-amq-mysql-s2i.json
│ │ ├── processserver64-amq-postgresql-persistent-s2i.json
│ │ ├── processserver64-amq-postgresql-s2i.json
│ │ ├── processserver64-basic-s2i.json
│ │ ├── processserver64-mysql-persistent-s2i.json
│ │ ├── processserver64-mysql-s2i.json
│ │ ├── processserver64-postgresql-persistent-s2i.json
│ │ ├── processserver64-postgresql-s2i.json
│ │ ├── spring-boot-camel-amq-template.json
│ │ ├── spring-boot-camel-config-template.json
│ │ ├── spring-boot-camel-drools-template.json
│ │ ├── spring-boot-camel-infinispan-template.json
│ │ ├── spring-boot-camel-rest-sql-template.json
│ │ ├── spring-boot-camel-teiid-template.json
│ │ ├── spring-boot-camel-template.json
│ │ ├── spring-boot-camel-xml-template.json
│ │ ├── spring-boot-cxf-jaxrs-template.json
│ │ ├── spring-boot-cxf-jaxws-template.json
│ │ ├── sso72-https.json
│ │ ├── sso72-mysql-persistent.json
│ │ ├── sso72-mysql.json
│ │ ├── sso72-postgresql-persistent.json
│ │ ├── sso72-postgresql.json
│ │ ├── sso72-x509-https.json
│ │ ├── sso72-x509-mysql-persistent.json
│ │ └── sso72-x509-postgresql-persistent.json
│ ├── openshift_hosted_templates
│ ├── v1.3
│ │ ├── enterprise
│ │ │ ├── logging-deployer.yaml
│ │ │ ├── metrics-deployer.yaml
│ │ │ └── registry-console.yaml
│ │ └── origin
│ │ │ ├── logging-deployer.yaml
│ │ │ ├── metrics-deployer.yaml
│ │ │ └── registry-console.yaml
│ ├── v1.4
│ │ ├── enterprise
│ │ │ ├── logging-deployer.yaml
│ │ │ ├── metrics-deployer.yaml
│ │ │ └── registry-console.yaml
│ │ └── origin
│ │ │ ├── logging-deployer.yaml
│ │ │ ├── metrics-deployer.yaml
│ │ │ └── registry-console.yaml
│ ├── v1.5
│ │ ├── enterprise
│ │ │ └── registry-console.yaml
│ │ └── origin
│ │ │ └── registry-console.yaml
│ ├── v1.6
│ │ ├── enterprise
│ │ │ └── registry-console.yaml
│ │ └── origin
│ │ │ └── registry-console.yaml
│ ├── v1.7
│ │ ├── enterprise
│ │ │ └── registry-console.yaml
│ │ └── origin
│ │ │ └── registry-console.yaml
│ └── v1.9
│ │ ├── enterprise
│ │ └── registry-console.yaml
│ │ └── origin
│ │ └── registry-console.yaml
│ ├── openshift_node
│ ├── 99-origin-dns.sh
│ ├── openshift-node
│ └── override.conf
│ └── web_console
│ └── console-template.yaml
├── jenkinsfiles
├── Jenkinsfile.1.4
├── Jenkinsfile.1.5
├── Jenkinsfile.3.5
├── Jenkinsfile.3.6
├── Jenkinsfile.3.7
├── Jenkinsfile.3.9
├── Jenkinsfile.34_36_upgrades
├── Jenkinsfile.36_up_upgrades
├── Jenkinsfile.full
├── Jenkinsfile.kitchen
├── Jenkinsfile.quick
├── Jenkinsfile.rubocop
└── Jenkinsfile.tiny
├── libraries
└── openshift_helper.rb
├── metadata.rb
├── providers
├── openshift_create_master.rb
├── openshift_create_pv.rb
├── openshift_delete_host.rb
├── openshift_deploy_logging.rb
├── openshift_deploy_metrics.rb
├── openshift_deploy_registry.rb
├── openshift_deploy_router.rb
└── openshift_reset_host.rb
├── recipes
├── adhoc_migrate_etcd.rb
├── adhoc_redeploy_certificates.rb
├── adhoc_redeploy_cluster_ca.rb
├── adhoc_redeploy_cluster_hosted.rb
├── adhoc_redeploy_etcd_ca.rb
├── adhoc_reset.rb
├── adhoc_uninstall.rb
├── ca_bundle_fix.rb
├── certificate_server.rb
├── cloud_provider.rb
├── common.rb
├── commons.rb
├── default.rb
├── disable_excluder.rb
├── docker.rb
├── etcd_certificates.rb
├── etcd_cluster.rb
├── etcd_packages.rb
├── etcd_recovery.rb
├── etcd_removal.rb
├── etcd_scaleup.rb
├── excluder.rb
├── helper_migrate_certificate_server_cluster.rb
├── helper_migrate_certificate_server_etcd.rb
├── master.rb
├── master_cluster.rb
├── master_cluster_ca.rb
├── master_cluster_certificates.rb
├── master_config_post.rb
├── master_standalone.rb
├── ng_certificate_server.rb
├── ng_commons.rb
├── ng_docker.rb
├── ng_etcd_cluster.rb
├── ng_etcd_packages.rb
├── ng_master.rb
├── ng_master_cluster_ca.rb
├── ng_master_cluster_certificates.rb
├── ng_node.rb
├── ng_node_join.rb
├── ng_nodes_certificates.rb
├── ng_services.rb
├── node.rb
├── nodes_certificates.rb
├── packages.rb
├── services.rb
├── upgrade_certificate_server.rb
├── upgrade_control_plane15.rb
├── upgrade_control_plane36.rb
├── upgrade_control_plane37.rb
├── upgrade_control_plane37_part1.rb
├── upgrade_control_plane37_part2.rb
├── upgrade_control_plane38_part1.rb
├── upgrade_control_plane39.rb
├── upgrade_control_plane39_part1.rb
├── upgrade_managed_hosted.rb
├── upgrade_node15.rb
├── upgrade_node36.rb
├── upgrade_node37.rb
├── upgrade_node39.rb
├── upgrade_pre_check.rb
├── validate.rb
├── web_console.rb
├── wire_aggregator.rb
└── wire_aggregator_certificates.rb
├── resources
├── oc_project.rb
├── oc_serviceaccount.rb
├── openshift_create_master.rb
├── openshift_create_node_config.rb
├── openshift_create_pv.rb
├── openshift_delete_host.rb
├── openshift_deploy_logging.rb
├── openshift_deploy_metrics.rb
├── openshift_deploy_registry.rb
├── openshift_deploy_router.rb
├── openshift_master_pkg.rb
├── openshift_reset_host.rb
└── openshift_upgrade.rb
├── scripts
├── README.md
├── build_and_run.yml
├── origin_delete.sh
└── origin_deploy.sh
├── spec
├── spec_helper.rb
└── unit
│ └── recipes
│ ├── common_spec.rb
│ ├── default_spec.rb
│ ├── etcd_cluster_spec.rb
│ ├── master_cluster_spec.rb
│ ├── master_config_post_spec.rb
│ ├── master_spec.rb
│ ├── master_standalone_spec.rb
│ ├── node_config_post_spec.rb
│ ├── node_spec.rb
│ ├── nodes_certificates_spec.rb
│ └── setup_cluster_spec.rb
├── templates
└── default
│ ├── BuildDefaultsConfig.erb
│ ├── BuildOverridesConfig.erb
│ ├── ClusterResourceOverrideConfig.erb
│ ├── access-htaccess.erb
│ ├── cloud_provider.conf.erb
│ ├── custom_assetConfig.erb
│ ├── docker-storage.erb
│ ├── etcd-override.conf.erb
│ ├── etcd.conf.erb
│ ├── etcd
│ ├── etcd.conf.erb
│ ├── etcd.yaml.erb
│ └── etcdctl.sh.erb
│ ├── etcdctl.sh.erb
│ ├── firewall_certificate.erb
│ ├── firewall_etcd.erb
│ ├── firewall_jump_rule.erb
│ ├── firewall_lb.erb
│ ├── firewall_master.erb
│ ├── firewall_master_cluster.erb
│ ├── firewall_node.erb
│ ├── haproxy.conf.erb
│ ├── haproxy.service.erb
│ ├── htpasswd.erb
│ ├── iptables_input_os_firewall_allow.erb
│ ├── logging_310
│ ├── curator.erb
│ ├── elasticsearch-logging.yml.erb
│ ├── elasticsearch.yml.erb
│ ├── es.erb
│ ├── fluent.conf.erb
│ ├── fluentd.erb
│ ├── kibana.erb
│ └── oauth-client.erb
│ ├── logging_36
│ ├── curator.erb
│ ├── elasticsearch-logging.yml.erb
│ ├── elasticsearch.yml.erb
│ ├── es.erb
│ ├── fluent.conf.erb
│ ├── fluentd.erb
│ ├── kibana.erb
│ └── oauth-client.erb
│ ├── logging_37
│ ├── curator.erb
│ ├── elasticsearch-logging.yml.erb
│ ├── elasticsearch.yml.erb
│ ├── es.erb
│ ├── fluent.conf.erb
│ ├── fluentd.erb
│ ├── kibana.erb
│ └── oauth-client.erb
│ ├── logging_39
│ ├── curator.erb
│ ├── elasticsearch-logging.yml.erb
│ ├── elasticsearch.yml.erb
│ ├── es.erb
│ ├── fluent.conf.erb
│ ├── fluentd.erb
│ ├── kibana.erb
│ └── oauth-client.erb
│ ├── logging_legacy
│ ├── curator.erb
│ ├── elasticsearch-logging.yml.erb
│ ├── elasticsearch.yml.erb
│ ├── es.erb
│ ├── fluentd.erb
│ ├── kibana.erb
│ └── oauth-client.erb
│ ├── master.yaml.erb
│ ├── metrics_310
│ ├── hawkular_cassandra_rc.yaml.erb
│ ├── hawkular_metrics_rc.yaml.erb
│ ├── hawkular_metrics_schema_job.erb
│ └── heapster.yaml.erb
│ ├── metrics_36
│ ├── hawkular_cassandra_rc.yaml.erb
│ ├── hawkular_metrics_rc.yaml.erb
│ └── heapster.yaml.erb
│ ├── metrics_37
│ ├── hawkular_cassandra_rc.yaml.erb
│ ├── hawkular_metrics_rc.yaml.erb
│ └── heapster.yaml.erb
│ ├── metrics_39
│ ├── hawkular_cassandra_rc.yaml.erb
│ ├── hawkular_metrics_rc.yaml.erb
│ └── heapster.yaml.erb
│ ├── metrics_legacy
│ ├── hawkular_cassandra_rc.yaml.erb
│ ├── hawkular_metrics_rc.yaml.erb
│ └── heapster.yaml.erb
│ ├── node-dnsmasq.conf.erb
│ ├── node.yaml.erb
│ ├── oauthConfig.erb
│ ├── openshift_cli.erb
│ ├── openshift_control_plane
│ ├── apiserver.yaml.erb
│ ├── controller.yaml.erb
│ ├── master.env.erb
│ ├── master.yaml.v1.erb
│ ├── scheduler.json.erb
│ └── service_catalog
│ │ ├── api_server.erb
│ │ └── controller_manager.erb
│ ├── openshift_node
│ ├── node-config.yaml.erb
│ ├── node.service.erb
│ ├── node.yaml.v1.erb
│ └── origin-dns.conf.erb
│ ├── openssl.cnf.erb
│ ├── origin-dns.conf.erb
│ ├── patch-registry.json.erb
│ ├── patch-router.json.erb
│ ├── pv_template.yaml.erb
│ ├── pvc.yaml.erb
│ ├── pvc_template.yaml.erb
│ ├── rolebinding.yaml.erb
│ ├── route.yaml.erb
│ ├── scheduler.json.erb
│ ├── secret.yaml.erb
│ ├── service.yaml.erb
│ ├── service_docker-network.sysconfig.erb
│ ├── service_docker.sysconfig.erb
│ ├── service_etcd-containerized.service.erb
│ ├── service_master-api-containerized.service.erb
│ ├── service_master-api.service.erb
│ ├── service_master-api.sysconfig.erb
│ ├── service_master-containerized.service.erb
│ ├── service_master-controllers-containerized.service.erb
│ ├── service_master-controllers.service.erb
│ ├── service_master-controllers.sysconfig.erb
│ ├── service_master.sysconfig.erb
│ ├── service_node-containerized.service.erb
│ ├── service_node-deps-containerized.service.erb
│ ├── service_node.service.erb
│ ├── service_node.sysconfig.erb
│ ├── service_openvswitch-containerized.service.erb
│ ├── service_openvswitch.sysconfig.erb
│ ├── serviceaccount.yaml.erb
│ ├── session-secrets.yaml.erb
│ ├── signing.conf.erb
│ └── web_console
│ └── console-config.yaml.erb
├── test
├── inspec
│ ├── cluster-native
│ │ └── services_test.rb
│ ├── shared
│ │ ├── 00_docker_test.rb
│ │ ├── 10_installation_test.rb
│ │ ├── 11_functioning_openshift_test.rb
│ │ ├── 12_directory_permissions_test.rb
│ │ ├── 20_feature_attribute_labels_test.rb
│ │ ├── 21_feature_persistent_storage_test.rb
│ │ ├── 22_feature_hosted_router_test.rb
│ │ ├── 23_feature_hosted_registry_test.rb
│ │ ├── 24_feature_hosted_metrics_test.rb
│ │ ├── 25_feature_hosted_logging_test.rb
│ │ └── 26_dnsmasq_test.rb
│ └── standalone
│ │ └── services_test.rb
└── roles
│ ├── openshift3-base-ose15.json
│ ├── openshift3-base-ose36.json
│ ├── openshift3-base-ose37.json
│ └── openshift3-base-ose39.json
└── utils
└── atomic
/.gitignore:
--------------------------------------------------------------------------------
1 | .vagrant
2 | Berksfile.lock
3 | *~
4 | *#
5 | .#*
6 | \#*#
7 | .*.sw[a-z]
8 | *.un~
9 |
10 | # Bundler
11 | Gemfile.lock
12 | bin/*
13 | .bundle/*
14 |
15 | .kitchen/
16 | .kitchen.local.yml
17 |
--------------------------------------------------------------------------------
/.rubocop.yml:
--------------------------------------------------------------------------------
1 | Layout/EndOfLine:
2 | EnforcedStyle: lf
3 |
4 | Metrics/ClassLength:
5 | Enabled: false
6 |
7 | Metrics/LineLength:
8 | Enabled: false
9 |
10 | Metrics/BlockLength:
11 | Enabled: false
12 |
13 | Metrics/MethodLength:
14 | Enabled: false
15 |
16 | Metrics/AbcSize:
17 | Enabled: false
18 |
19 | Style/FormatStringToken:
20 | EnforcedStyle: template
21 |
22 | Lint/AmbiguousBlockAssociation:
23 | Enabled: false
24 |
--------------------------------------------------------------------------------
/Berksfile:
--------------------------------------------------------------------------------
1 | source 'https://supermarket.chef.io'
2 |
3 | metadata
4 |
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | If you would like to contribute, please do one of the following:
2 |
3 | 1) For simple changes, please use pull requests.
4 |
5 | 2) Use branches for more complex changes, longer topics, and so on. In general, if the changes are within a single topic, using a pull request is just fine.
6 |
7 | 3) Run kitchen tests for all variants listed in `kitchen list`.
8 |
9 | 4) Once you are ready to publish your changes:
10 | Update the metadata.rb and push your changes.
11 | Create a tag "New release x.x.x" for release cycle.
12 | Share/Upload the new cookbook version at Chef supermarket
13 |
14 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (C) 2014 OpenBet Limited
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
6 |
7 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
8 |
9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
10 |
--------------------------------------------------------------------------------
/attributes/adhoc.rb:
--------------------------------------------------------------------------------
1 | default['cookbook-openshift3']['openshift_adhoc_reboot_node'] = false
2 |
3 | default['cookbook-openshift3']['adhoc_redeploy_certificates'] = false
4 | default['cookbook-openshift3']['adhoc_redeploy_etcd_ca'] = false
5 | default['cookbook-openshift3']['adhoc_redeploy_cluster_ca'] = false
6 | default['cookbook-openshift3']['adhoc_migrate_etcd_flag'] = '/to_be_migrated_etcd'
7 |
8 | default['cookbook-openshift3']['redeploy_etcd_ca_control_flag'] = '/to_be_replaced_ca_etcd'
9 | default['cookbook-openshift3']['redeploy_etcd_certs_control_flag'] = '/to_be_replaced_certs'
10 |
11 | default['cookbook-openshift3']['redeploy_cluster_ca_certserver_control_flag'] = '/to_be_replaced_ca_cluster'
12 | default['cookbook-openshift3']['redeploy_cluster_ca_masters_control_flag'] = '/to_be_replaced_masters'
13 | default['cookbook-openshift3']['redeploy_cluster_ca_nodes_control_flag'] = '/to_be_replaced_nodes'
14 | default['cookbook-openshift3']['redeploy_cluster_hosted_certserver_control_flag'] = '/to_be_replaced_hosted_cluster'
15 |
16 | default['cookbook-openshift3']['adhoc_reset_control_flag'] = '/to_be_reset_node'
17 |
18 | default['cookbook-openshift3']['adhoc_turn_off_openshift3_cookbook'] = '/to_be_replaced_turn_off_openshift3_cookbook'
19 | default['cookbook-openshift3']['adhoc_uninstall_openshift3_cookbook'] = '/to_be_replaced_uninstall_openshift3_cookbook'
20 |
21 | default['cookbook-openshift3']['adhoc_redeploy_registry_certificates_flag'] = '/to_be_replaced_registry_certificates'
22 |
23 | default['cookbook-openshift3']['adhoc_recovery_etcd_certificate_server'] = '/to_be_recovered_etcd_certificate_server'
24 | default['cookbook-openshift3']['adhoc_recovery_etcd_member'] = '/to_be_recovered_etcd_member'
25 | default['cookbook-openshift3']['adhoc_recovery_etcd_emergency'] = '/to_be_recovered_etcd_emergency'
26 | default['cookbook-openshift3']['adhoc_clean_etcd_flag'] = '/to_be_clean_etcd'
27 |
--------------------------------------------------------------------------------
/attributes/admission_override.rb:
--------------------------------------------------------------------------------
1 | default['cookbook-openshift3']['openshift_builddefaults_env'] = %w[]
2 | default['cookbook-openshift3']['openshift_builddefaults_git_http_proxy'] = ''
3 | default['cookbook-openshift3']['openshift_builddefaults_git_https_proxy'] = ''
4 | default['cookbook-openshift3']['openshift_builddefaults_git_no_proxy'] = ''
5 | default['cookbook-openshift3']['openshift_builddefaults_image_labels'] = %w[]
6 | default['cookbook-openshift3']['openshift_builddefaults_nodeselectors'] = {}
7 | default['cookbook-openshift3']['openshift_builddefaults_annotations'] = {}
8 | default['cookbook-openshift3']['openshift_builddefaults_resources'] = false
9 | default['cookbook-openshift3']['openshift_builddefaults_resources_requests_cpu'] = ''
10 | default['cookbook-openshift3']['openshift_builddefaults_resources_requests_memory'] = ''
11 | default['cookbook-openshift3']['openshift_builddefaults_resources_limits_cpu'] = ''
12 | default['cookbook-openshift3']['openshift_builddefaults_resources_limits_memory'] = ''
13 | default['cookbook-openshift3']['openshift_buildoverrides_force_pull'] = ''
14 | default['cookbook-openshift3']['openshift_buildoverrides_image_labels'] = %w[]
15 | default['cookbook-openshift3']['openshift_buildoverrides_nodeselectors'] = {}
16 | default['cookbook-openshift3']['openshift_buildoverrides_annotations'] = {}
17 | default['cookbook-openshift3']['openshift_buildoverrides_tolerations'] = %w[]
18 | default['cookbook-openshift3']['openshift_clusterresourceoverrides_memorylimit_percent'] = ''
19 | default['cookbook-openshift3']['openshift_clusterresourceoverrides_cpulimit_percent'] = ''
20 | default['cookbook-openshift3']['openshift_clusterresourceoverrides_limitcputomem_percent'] = ''
21 |
--------------------------------------------------------------------------------
/attributes/cloud_provider.rb:
--------------------------------------------------------------------------------
1 | default['cookbook-openshift3']['openshift_cloud_provider'] = nil
2 | default['cookbook-openshift3']['openshift_cloud_providers']['aws'] = { 'data_bag_name' => nil, 'data_bag_item_name' => nil, 'secret_file' => nil }
3 |
--------------------------------------------------------------------------------
/attributes/custom_assets.rb:
--------------------------------------------------------------------------------
1 | default['cookbook-openshift3']['openshift_master_asset_config'] = nil
2 |
--------------------------------------------------------------------------------
/attributes/web_console.rb:
--------------------------------------------------------------------------------
1 | default['cookbook-openshift3']['openshift_web_console_metrics_public_url'] = node['cookbook-openshift3']['openshift_hosted_cluster_metrics'] && node['cookbook-openshift3']['openshift_metrics_install_metrics'] ? node['cookbook-openshift3']['openshift_metrics_url'] : '""'
2 | default['cookbook-openshift3']['openshift_web_console_logging_public_url'] = node['cookbook-openshift3']['openshift_hosted_cluster_logging'] && node['cookbook-openshift3']['openshift_logging_install_logging'] ? node['cookbook-openshift3']['openshift_logging_kibana_url'] : '""'
3 | default['cookbook-openshift3']['openshift_web_console_logout_url'] = node['cookbook-openshift3']['openshift_master_logout_url'] || '""'
4 | default['cookbook-openshift3']['openshift_web_console_extension_script_urls'] = []
5 | default['cookbook-openshift3']['openshift_web_console_extension_stylesheet_urls'] = []
6 | default['cookbook-openshift3']['openshift_web_console_properties'] = {}
7 | default['cookbook-openshift3']['openshift_web_console_inactivity_timeout_minutes'] = 0
8 | default['cookbook-openshift3']['openshift_web_console_cluster_resource_overrides_enabled'] = false
9 | default['cookbook-openshift3']['openshift_web_console_image'] = node['cookbook-openshift3']['openshift_deployment_type'] =~ /enterprise/ ? 'registry.access.redhat.com/openshift3/ose-web-console' : 'docker.io/openshift/origin-web-console'
10 |
--------------------------------------------------------------------------------
/chefignore:
--------------------------------------------------------------------------------
1 | # Put files/directories that should be ignored in this file when uploading
2 | # or sharing to the community site.
3 | # Lines that start with '# ' are comments.
4 |
5 | # OS generated files #
6 | ######################
7 | .DS_Store
8 | Icon?
9 | nohup.out
10 | ehthumbs.db
11 | Thumbs.db
12 |
13 | # SASS #
14 | ########
15 | .sass-cache
16 |
17 | # EDITORS #
18 | ###########
19 | \#*
20 | .#*
21 | *~
22 | *.sw[a-z]
23 | *.bak
24 | REVISION
25 | TAGS*
26 | tmtags
27 | *_flymake.*
28 | *_flymake
29 | *.tmproj
30 | .project
31 | .settings
32 | mkmf.log
33 |
34 | ## COMPILED ##
35 | ##############
36 | a.out
37 | *.o
38 | *.pyc
39 | *.so
40 | *.com
41 | *.class
42 | *.dll
43 | *.exe
44 | */rdoc/
45 |
46 | # Testing #
47 | ###########
48 | .watchr
49 | .rspec
50 | spec/*
51 | spec/fixtures/*
52 | test/*
53 | features/*
54 | Guardfile
55 | Procfile
56 |
57 | # SCM #
58 | #######
59 | .git
60 | */.git
61 | .gitignore
62 | .gitmodules
63 | .gitconfig
64 | .gitattributes
65 | .svn
66 | */.bzr/*
67 | */.hg/*
68 | */.svn/*
69 |
70 | # Berkshelf #
71 | #############
72 | Berksfile
73 | Berksfile.lock
74 | cookbooks/*
75 | tmp
76 |
77 | # Cookbooks #
78 | #############
79 | CONTRIBUTING
80 |
81 | # Strainer #
82 | ############
83 | Colanderfile
84 | Strainerfile
85 | .colander
86 | .strainer
87 |
88 | # Vagrant #
89 | ###########
90 | .vagrant
91 | Vagrantfile
92 |
93 | # Travis #
94 | ##########
95 | .travis.yml
96 |
--------------------------------------------------------------------------------
/files/default/etcdctl.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Sets up handy aliases for etcd, need etcdctl2 and etcdctl3 because
3 | # command flags are different between the two. Should work on stand
4 | # alone etcd hosts and master + etcd hosts too because we use the peer keys.
5 | etcdctl2() {
6 | /usr/bin/etcdctl --cert-file /etc/etcd/peer.crt --key-file /etc/etcd/peer.key --ca-file /etc/etcd/ca.crt --endpoints https://`hostname -i`:2379 ${@}
7 | }
8 |
9 | etcdctl3() {
10 | ETCDCTL_API=3 /usr/bin/etcdctl --cert /etc/etcd/peer.crt --key /etc/etcd/peer.key --cacert /etc/etcd/ca.crt --endpoints https://`hostname -i`:2379 ${@}
11 | }
12 |
--------------------------------------------------------------------------------
/files/default/hawkular_metrics_role.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ClusterRole
3 | metadata:
4 | name: hawkular-metrics
5 | labels:
6 | metrics-infra: hawkular-metrics
7 | rules:
8 | - apiGroups:
9 | - ""
10 | resources:
11 | - namespaces
12 | verbs:
13 | - list
14 | - get
15 | - watch
16 |
--------------------------------------------------------------------------------
/files/default/logging/curator.yml:
--------------------------------------------------------------------------------
1 | # Logging example curator config file
2 |
3 | # uncomment and use this to override the defaults from env vars
4 | #.defaults:
5 | # delete:
6 | # days: 30
7 | # runhour: 0
8 | # runminute: 0
9 |
10 | # to keep ops logs for a different duration:
11 | #.operations:
12 | # delete:
13 | # weeks: 8
14 |
15 | # example for a normal project
16 | #myapp:
17 | # delete:
18 | # weeks: 1
19 |
--------------------------------------------------------------------------------
/files/default/logging/fluent.conf:
--------------------------------------------------------------------------------
1 | # This file is the fluentd configuration entrypoint. Edit with care.
2 |
3 | @include configs.d/openshift/system.conf
4 |
5 | # In each section below, pre- and post- includes don't include anything initially;
6 | # they exist to enable future additions to openshift conf as needed.
7 |
8 | ## sources
9 | ## ordered so that syslog always runs last...
10 | @include configs.d/openshift/input-pre-*.conf
11 | @include configs.d/dynamic/input-docker-*.conf
12 | @include configs.d/dynamic/input-syslog-*.conf
13 | @include configs.d/openshift/input-post-*.conf
14 | ##
15 |
16 |
36 |
--------------------------------------------------------------------------------
/files/default/logging/fluentd-throttle-config.yaml:
--------------------------------------------------------------------------------
1 | # Logging example fluentd throttling config file
2 |
3 | #example-project:
4 | # read_lines_limit: 10
5 | #
6 | #.operations:
7 | # read_lines_limit: 100
8 |
--------------------------------------------------------------------------------
/files/default/logging/secure-forward.conf:
--------------------------------------------------------------------------------
1 | #
2 | # @type secure_forward
3 |
4 | # self_hostname ${hostname}
5 | # shared_key
6 |
7 | # secure yes
8 | # enable_strict_verification yes
9 |
10 | # ca_cert_path /etc/fluent/keys/your_ca_cert
11 | # ca_private_key_path /etc/fluent/keys/your_private_key
12 | # for private CA secret key
13 | # ca_private_key_passphrase passphrase
14 |
15 | #
16 | # or IP
17 | # host server.fqdn.example.com
18 | # port 24284
19 | #
20 | #
21 | # ip address to connect
22 | # host 203.0.113.8
23 | # specify hostlabel for FQDN verification if ipaddress is used for host
24 | # hostlabel server.fqdn.example.com
25 | #
26 | #
27 |
--------------------------------------------------------------------------------
/files/default/logging/server-tls.json:
--------------------------------------------------------------------------------
1 | // See for available options: https://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener
2 | tls_options = {
3 | ciphers: 'kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!RC4:!DES:!EXP:!SEED:!IDEA:+3DES',
4 | honorCipherOrder: true
5 | }
6 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/autoapprover/images.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: image.openshift.io/v1
2 | kind: ImageStreamTag
3 | metadata:
4 | name: node:v3.10
5 | namespace: openshift-infra
6 | tag:
7 | reference: true
8 | from:
9 | kind: DockerImage
10 | name: openshift/node:v3.10.0
11 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/autoapprover/openshift-bootstrap-controller-policy.yaml:
--------------------------------------------------------------------------------
1 | kind: ClusterRoleBinding
2 | apiVersion: rbac.authorization.k8s.io/v1beta1
3 | metadata:
4 | name: bootstrap-autoapprover
5 | roleRef:
6 | kind: ClusterRole
7 | name: system:node-bootstrap-autoapprover
8 | subjects:
9 | - kind: User
10 | name: system:serviceaccount:openshift-infra:bootstrap-autoapprover
11 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/autoapprover/openshift-bootstrap-controller-role.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1beta1
2 | kind: ClusterRole
3 | metadata:
4 | name: system:node-bootstrap-autoapprover
5 | rules:
6 | - apiGroups:
7 | - certificates.k8s.io
8 | resources:
9 | - certificatesigningrequests
10 | verbs:
11 | - delete
12 | - get
13 | - list
14 | - watch
15 | - apiGroups:
16 | - certificates.k8s.io
17 | resources:
18 | - certificatesigningrequests/approval
19 | verbs:
20 | - create
21 | - update
22 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/autoapprover/openshift-bootstrap-controller-serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | kind: ServiceAccount
2 | apiVersion: v1
3 | metadata:
4 | name: bootstrap-autoapprover
5 | namespace: openshift-infra
6 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/docker/master-exec:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -euo pipefail
3 |
4 | # Exec a file in the named component by component name and container name.
5 | # Remaining arguments are passed to the command. If no static pods have been
6 | # created yet this will execute on the host.
7 | if [[ -z "${1-}" || -z "${2-}" ]]; then
8 | echo "A component name like 'api', 'etcd', or 'controllers' must be specified along with the container name within that component." 1>&2
9 | exit 1
10 | fi
11 |
12 | # We haven't started using static pods yet, assume this command is to be direct executed
13 | if [[ ! -d /etc/origin/node/pods || -z "$( ls -A /etc/origin/node/pods )" ]]; then
14 | exec "${@:3}"
15 | fi
16 |
17 | # TODO: move to cri-ctl
18 | # TODO: short term hack for cri-o
19 |
20 | uid=$(docker ps -l -a --filter "label=openshift.io/component=${1}" --filter "label=io.kubernetes.container.name=POD" --format '{{ .Label "io.kubernetes.pod.uid" }}')
21 | if [[ -z "${uid}" ]]; then
22 | echo "Component ${1} is stopped or not running" 1>&2
23 | exit 0
24 | fi
25 | container=$(docker ps -l -a -q --filter "label=io.kubernetes.pod.uid=${uid}" --filter "label=io.kubernetes.container.name=${2}")
26 | exec docker exec "${container}" "${@:3}"
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/docker/master-logs:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -euo pipefail
3 |
4 | # Return the logs for a given static pod by component name and container name. Remaining arguments are passed to the
5 | # current container runtime.
6 | if [[ -z "${1-}" || -z "${2-}" ]]; then
7 | echo "A component name like 'api', 'etcd', or 'controllers' must be specified along with the container name within that component." 1>&2
8 | exit 1
9 | fi
10 |
11 | # container name is ignored for services
12 | types=( "atomic-openshift" "origin" )
13 | for type in "${types[@]}"; do
14 | if systemctl cat "${type}-master-${1}.service" &>/dev/null; then
15 | journalctl -u "${type}-master-${1}.service" "${@:3}"
16 | exit 0
17 | fi
18 | done
19 |
20 | # TODO: move to cri-ctl
21 | # TODO: short term hack for cri-o
22 |
23 | uid=$(docker ps -l -a --filter "label=openshift.io/component=${1}" --filter "label=io.kubernetes.container.name=POD" --format '{{ .Label "io.kubernetes.pod.uid" }}')
24 | if [[ -z "${uid}" ]]; then
25 | echo "Component ${1} is stopped or not running" 1>&2
26 | exit 0
27 | fi
28 | container=$(docker ps -l -a -q --filter "label=io.kubernetes.pod.uid=${uid}" --filter "label=io.kubernetes.container.name=${2}")
29 | exec docker logs "${@:3}" "${container}"
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/docker/master-restart:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -euo pipefail
3 |
4 | # Restart the named component by stopping its base container.
5 | if [[ -z "${1-}" ]]; then
6 | echo "A component name like 'api', 'etcd', or 'controllers' must be specified." 1>&2
7 | exit 1
8 | fi
9 |
10 | types=( "atomic-openshift" "origin" )
11 | for type in "${types[@]}"; do
12 | if systemctl cat "${type}-master-${1}.service" &>/dev/null; then
13 | systemctl restart "${type}-master-${1}.service"
14 | exit 0
15 | fi
16 | done
17 |
18 | # TODO: move to cri-ctl
19 | # TODO: short term hack for cri-o
20 |
21 | # Get a child container name to wait for it to stop
22 | child_container=$(docker ps -l -q --filter "label=io.kubernetes.container.name=${1}")
23 |
24 | container=$(docker ps -l -q --filter "label=openshift.io/component=${1}" --filter "label=io.kubernetes.container.name=POD")
25 | if [[ -z "${container}" ]]; then
26 | echo "Component ${1} is already stopped" 1>&2
27 | exit 0
28 | fi
29 | # Stop the pod
30 | docker stop "${container}" --time 30 >/dev/null
31 |
32 | # Wait for child container to change state
33 | if [[ -z "${child_container}" ]]; then
34 | echo "Component ${1} is already stopped" 1>&2
35 | exit 0
36 | fi
37 | exec timeout 60 docker wait $child_container
38 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/examples/v3.10/db-templates/OWNERS:
--------------------------------------------------------------------------------
1 | reviewers:
2 | - bparees
3 | - gabemontero
4 | - mfojtik
5 | - dinhxuanvu
6 | - jim-minter
7 | - spadgett
8 | approvers:
9 | - bparees
10 | - mfojtik
11 | - spadgett
12 | - jupierce
13 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/examples/v3.10/image-streams/OWNERS:
--------------------------------------------------------------------------------
1 | reviewers:
2 | - bparees
3 | - sspeiche
4 | - mfojtik
5 | - liggitt
6 | - jcantrill
7 | - hhorak
8 | - csrwng
9 | approvers:
10 | - bparees
11 | - mfojtik
12 | - liggitt
13 | - jcantrill
14 | - csrwng
15 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/examples/v3.10/quickstart-templates/OWNERS:
--------------------------------------------------------------------------------
1 | reviewers:
2 | - bparees
3 | - gabemontero
4 | - coreydaley
5 | - dinhxuanvu
6 | - sspeiche
7 | - mfojtik
8 | - jupierce
9 | approvers:
10 | - bparees
11 | - mfojtik
12 | - jupierce
13 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/examples/v3.10/quickstart-templates/apicast-gateway-template.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IshentRas/cookbook-openshift3/e3790bde5e0740a132fcd88f44a3db4c50cb48a3/files/default/openshift_control_plane/examples/v3.10/quickstart-templates/apicast-gateway-template.yml
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/examples/v3.10/quickstart-templates/pvc.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: "amp-pvc"
5 | objects:
6 |
7 | - apiVersion: "v1"
8 | kind: "PersistentVolumeClaim"
9 | metadata:
10 | name: "system-storage"
11 | spec:
12 | accessModes:
13 | - "ReadWriteMany"
14 | resources:
15 | requests:
16 | storage: "100Mi"
17 |
18 | - apiVersion: "v1"
19 | kind: "PersistentVolumeClaim"
20 | metadata:
21 | name: "mysql-storage"
22 | spec:
23 | accessModes:
24 | - "ReadWriteOnce"
25 | resources:
26 | requests:
27 | storage: "1Gi"
28 |
29 | - apiVersion: "v1"
30 | kind: "PersistentVolumeClaim"
31 | metadata:
32 | name: "system-redis-storage"
33 | spec:
34 | accessModes:
35 | - "ReadWriteOnce"
36 | resources:
37 | requests:
38 | storage: "1Gi"
39 |
40 | - apiVersion: "v1"
41 | kind: "PersistentVolumeClaim"
42 | metadata:
43 | name: "backend-redis-storage"
44 | spec:
45 | accessModes:
46 | - "ReadWriteOnce"
47 | resources:
48 | requests:
49 | storage: "1Gi"
50 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/examples/v3.10/xpaas-streams/datagrid72-image-stream.json:
--------------------------------------------------------------------------------
1 | {
2 | "kind": "List",
3 | "apiVersion": "v1",
4 | "metadata": {
5 | "name": "datagrid72-image-streams",
6 | "annotations": {
7 | "description": "ImageStream definitions for Red Hat JBoss Data Grid 7.2.",
8 | "openshift.io/provider-display-name": "Red Hat, Inc."
9 | }
10 | },
11 | "items": [
12 | {
13 | "kind": "ImageStream",
14 | "apiVersion": "v1",
15 | "metadata": {
16 | "name": "jboss-datagrid72-openshift",
17 | "annotations": {
18 | "openshift.io/display-name": "Red Hat JBoss Data Grid 7.2",
19 | "openshift.io/provider-display-name": "Red Hat, Inc."
20 | }
21 | },
22 | "spec": {
23 | "tags": [
24 | {
25 | "name": "1.0",
26 | "annotations": {
27 | "description": "Red Hat JBoss Data Grid 7.2 S2I images.",
28 | "iconClass": "icon-datagrid",
29 | "tags": "datagrid,jboss,hidden",
30 | "supports": "datagrid:7.2",
31 | "version": "1.0",
32 | "openshift.io/display-name": "Red Hat JBoss Data Grid 7.2"
33 | },
34 | "from": {
35 | "kind": "DockerImage",
36 | "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid72-openshift:1.0"
37 | }
38 | }
39 | ]
40 | }
41 | }
42 | ]
43 | }
44 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/examples/v3.10/xpaas-streams/decisionserver62-image-stream.json:
--------------------------------------------------------------------------------
1 | {
2 | "kind": "List",
3 | "apiVersion": "v1",
4 | "metadata": {
5 | "name": "decisionserver62-image-stream",
6 | "annotations": {
7 | "description": "ImageStream definition for Red Hat JBoss BRMS 6.2 decision server.",
8 | "openshift.io/provider-display-name": "Red Hat, Inc."
9 | }
10 | },
11 | "items": [
12 | {
13 | "kind": "ImageStream",
14 | "apiVersion": "v1",
15 | "metadata": {
16 | "name": "jboss-decisionserver62-openshift",
17 | "annotations": {
18 | "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server",
19 | "version": "1.4.14"
20 | }
21 | },
22 | "labels": {
23 | "xpaas": "1.4.14"
24 | },
25 | "spec": {
26 | "tags": [
27 | {
28 | "name": "1.2",
29 | "annotations": {
30 | "description": "Red Hat JBoss BRMS 6.2 decision server S2I images.",
31 | "iconClass": "icon-decisionserver",
32 | "tags": "builder,decisionserver,hidden",
33 | "supports": "decisionserver:6.2",
34 | "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
35 | "sampleContextDir": "decisionserver/hellorules",
36 | "sampleRef": "1.2",
37 | "version": "1.2",
38 | "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server"
39 | },
40 | "from": {
41 | "kind": "DockerImage",
42 | "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver62-openshift:1.2"
43 | }
44 | }
45 | ]
46 | }
47 | }
48 | ]
49 | }
50 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/examples/v3.10/xpaas-streams/rhdm70-image-streams.yaml:
--------------------------------------------------------------------------------
1 | kind: List
2 | apiVersion: v1
3 | metadata:
4 | name: rhdm70-image-streams
5 | annotations:
6 | description: ImageStream definitions for Red Hat Decision Manager 7.0
7 | openshift.io/provider-display-name: Red Hat, Inc.
8 | items:
9 | - kind: ImageStream
10 | apiVersion: v1
11 | metadata:
12 | name: rhdm70-decisioncentral-openshift
13 | annotations:
14 | openshift.io/display-name: Red Hat Decision Manager Central 7.0
15 | openshift.io/provider-display-name: Red Hat, Inc.
16 | version: 1.4.8
17 | labels:
18 | xpaas: 1.4.8
19 | spec:
20 | tags:
21 | - name: '1.0'
22 | annotations:
23 | description: Red Hat Decision Manager 7.0 - Decision Central image.
24 | iconClass: icon-decisionserver
25 | tags: rhdm,xpaas
26 | supports: rhdm:7.0,xpaas:1.4
27 | version: '1.0'
28 | from:
29 | kind: DockerImage
30 | name: registry.access.redhat.com/rhdm-7/rhdm70-decisioncentral-openshift:1.0
31 |
32 | - kind: ImageStream
33 | apiVersion: v1
34 | metadata:
35 | name: rhdm70-kieserver-openshift
36 | annotations:
37 | openshift.io/display-name: Red Hat Decision Manager KIE Server 7.0
38 | openshift.io/provider-display-name: Red Hat, Inc.
39 | version: 1.4.8
40 | labels:
41 | xpaas: 1.4.8
42 | spec:
43 | tags:
44 | - name: '1.0'
45 | annotations:
46 | description: Red Hat Decision Manager 7.0 - KIE Server image.
47 | iconClass: icon-decisionserver
48 | tags: rhdm,xpaas
49 | supports: rhdm:7.0,xpaas:1.4
50 | version: '1.0'
51 | from:
52 | kind: DockerImage
53 | name: registry.access.redhat.com/rhdm-7/rhdm70-kieserver-openshift:1.0
54 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/sdn/images.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: image.openshift.io/v1
2 | kind: ImageStreamTag
3 | metadata:
4 | name: node:v3.10
5 | namespace: openshift-sdn
6 | tag:
7 | reference: true
8 | from:
9 | kind: DockerImage
10 | name: openshift/node:v3.10.0
11 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/sdn/sdn-policy.yaml:
--------------------------------------------------------------------------------
1 | kind: List
2 | apiVersion: v1
3 | items:
4 | - kind: ServiceAccount
5 | apiVersion: v1
6 | metadata:
7 | name: sdn
8 | namespace: openshift-sdn
9 | - apiVersion: authorization.openshift.io/v1
10 | kind: ClusterRoleBinding
11 | metadata:
12 | name: sdn-cluster-reader
13 | roleRef:
14 | name: cluster-reader
15 | subjects:
16 | - kind: ServiceAccount
17 | name: sdn
18 | namespace: openshift-sdn
19 | - apiVersion: authorization.openshift.io/v1
20 | kind: ClusterRoleBinding
21 | metadata:
22 | name: sdn-reader
23 | roleRef:
24 | name: system:sdn-reader
25 | subjects:
26 | - kind: ServiceAccount
27 | name: sdn
28 | namespace: openshift-sdn
29 | # TODO: PSP binding
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/service_catalog/apiserver-service.yaml:
--------------------------------------------------------------------------------
1 | kind: Service
2 | apiVersion: v1
3 | metadata:
4 | name: apiserver
5 | spec:
6 | ports:
7 | - name: secure
8 | port: 443
9 | protocol: TCP
10 | targetPort: 6443
11 | selector:
12 | app: apiserver
13 | sessionAffinity: None
14 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/service_catalog/controller-service.yaml:
--------------------------------------------------------------------------------
1 | kind: Service
2 | apiVersion: v1
3 | metadata:
4 | annotations:
5 | prometheus.io/scheme: https
6 | prometheus.io/scrape: "true"
7 | service.alpha.openshift.io/serving-cert-secret-name: controllermanager-ssl
8 | name: controller-manager
9 | spec:
10 | ports:
11 | - name: secure
12 | port: 443
13 | protocol: TCP
14 | targetPort: 6443
15 | selector:
16 | app: controller-manager
17 | sessionAffinity: None
18 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/service_catalog/kube-system-service-catalog-role-bindings:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: kube-system-service-catalog-role-bindings
5 | objects:
6 |
7 | - apiVersion: rbac.authorization.k8s.io/v1
8 | kind: Role
9 | metadata:
10 | name: extension-apiserver-authentication-reader
11 | namespace: ${KUBE_SYSTEM_NAMESPACE}
12 | rules:
13 | - apiGroups:
14 | - ""
15 | resourceNames:
16 | - extension-apiserver-authentication
17 | resources:
18 | - configmaps
19 | verbs:
20 | - get
21 |
22 | - apiVersion: rbac.authorization.k8s.io/v1
23 | kind: RoleBinding
24 | metadata:
25 | name: extension-apiserver-authentication-reader-binding
26 | namespace: ${KUBE_SYSTEM_NAMESPACE}
27 | roleRef:
28 | kind: Role
29 | name: extension-apiserver-authentication-reader
30 | subjects:
31 | - kind: ServiceAccount
32 | name: service-catalog-apiserver
33 | namespace: kube-service-catalog
34 |
35 | parameters:
36 | - description: Do not change this value.
37 | displayName: Name of the kube-system namespace
38 | name: KUBE_SYSTEM_NAMESPACE
39 | required: true
40 | value: kube-system
41 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/service_catalog/openshift_catalog_clusterroles.yml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: rbac.authorization.k8s.io/v1beta1
3 | kind: ClusterRole
4 | metadata:
5 | labels:
6 | rbac.authorization.k8s.io/aggregate-to-admin: "true"
7 | name: system:service-catalog:aggregate-to-admin
8 | rules:
9 | - apiGroups:
10 | - "servicecatalog.k8s.io"
11 | attributeRestrictions: null
12 | resources:
13 | - serviceinstances
14 | - servicebindings
15 | verbs:
16 | - create
17 | - update
18 | - delete
19 | - get
20 | - list
21 | - watch
22 | - patch
23 | - apiGroups:
24 | - "settings.k8s.io"
25 | attributeRestrictions: null
26 | resources:
27 | - podpresets
28 | verbs:
29 | - create
30 | - update
31 | - delete
32 | - get
33 | - list
34 | - watch
35 | ---
36 | apiVersion: rbac.authorization.k8s.io/v1beta1
37 | kind: ClusterRole
38 | metadata:
39 | labels:
40 | rbac.authorization.k8s.io/aggregate-to-edit: "true"
41 | name: system:service-catalog:aggregate-to-edit
42 | rules:
43 | - apiGroups:
44 | - "servicecatalog.k8s.io"
45 | attributeRestrictions: null
46 | resources:
47 | - serviceinstances
48 | - servicebindings
49 | verbs:
50 | - create
51 | - update
52 | - delete
53 | - get
54 | - list
55 | - watch
56 | - patch
57 | - apiGroups:
58 | - "settings.k8s.io"
59 | attributeRestrictions: null
60 | resources:
61 | - podpresets
62 | verbs:
63 | - create
64 | - update
65 | - delete
66 | - get
67 | - list
68 | - watch
69 | ---
70 | apiVersion: rbac.authorization.k8s.io/v1beta1
71 | kind: ClusterRole
72 | metadata:
73 | labels:
74 | rbac.authorization.k8s.io/aggregate-to-view: "true"
75 | name: system:service-catalog:aggregate-to-view
76 | rules:
77 | - apiGroups:
78 | - "servicecatalog.k8s.io"
79 | attributeRestrictions: null
80 | resources:
81 | - serviceinstances
82 | - servicebindings
83 | verbs:
84 | - get
85 | - list
86 | - watch
87 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/service_catalog/service_catalog_api_route.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Route
3 | metadata:
4 | name: apiserver
5 | spec:
6 | port:
7 | targetPort: secure
8 | tls:
9 | termination: passthrough
10 | to:
11 | kind: Service
12 | name: apiserver
13 | weight: 100
14 | wildcardPolicy: None
15 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/service_catalog/servicecatalog.k8s.yaml:
--------------------------------------------------------------------------------
1 | kind: APIService
2 | apiVersion: apiregistration.k8s.io/v1
3 | metadata:
4 | name: v1beta1.servicecatalog.k8s.io
5 | spec:
6 | group: servicecatalog.k8s.io
7 | groupPriorityMinimum: 20
8 | service:
9 | name: apiserver
10 | namespace: kube-service-catalog
11 | version: v1beta1
12 | versionPriority: 10
13 |
14 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/sync/images.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: image.openshift.io/v1
2 | kind: ImageStreamTag
3 | metadata:
4 | name: node:v3.10
5 | namespace: openshift-node
6 | tag:
7 | reference: true
8 | from:
9 | kind: DockerImage
10 | name: openshift/node:v3.10.0
11 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/sync/sync-policy.yaml:
--------------------------------------------------------------------------------
1 | kind: List
2 | apiVersion: v1
3 | items:
4 | - kind: ServiceAccount
5 | apiVersion: v1
6 | metadata:
7 | name: sync
8 | namespace: openshift-node
9 | - apiVersion: authorization.openshift.io/v1
10 | kind: RoleBinding
11 | metadata:
12 | name: sync-node-config-reader-binding
13 | namespace: openshift-node
14 | roleRef:
15 | name: system:node-config-reader
16 | namespace: openshift-node
17 | subjects:
18 | - kind: ServiceAccount
19 | name: sync
20 | namespace: openshift-node
21 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/template_service_broker/apiserver-config.yaml:
--------------------------------------------------------------------------------
1 | kind: TemplateServiceBrokerConfig
2 | apiVersion: config.templateservicebroker.openshift.io/v1
3 | templateNamespaces:
4 | - openshift
5 |
--------------------------------------------------------------------------------
/files/default/openshift_control_plane/template_service_broker/template-service-broker-registration.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: template.openshift.io/v1
2 | kind: Template
3 | metadata:
4 | name: template-service-broker-registration
5 | parameters:
6 | - name: TSB_NAMESPACE
7 | value: openshift-template-service-broker
8 | - name: CA_BUNDLE
9 | required: true
10 | objects:
11 | # register the tsb with the service catalog
12 | - apiVersion: servicecatalog.k8s.io/v1beta1
13 | kind: ClusterServiceBroker
14 | metadata:
15 | name: template-service-broker
16 | spec:
17 | url: https://apiserver.${TSB_NAMESPACE}.svc:443/brokers/template.openshift.io
18 | insecureSkipTLSVerify: false
19 | caBundle: ${CA_BUNDLE}
20 | authInfo:
21 | bearer:
22 | secretRef:
23 | kind: Secret
24 | name: templateservicebroker-client
25 | namespace: ${TSB_NAMESPACE}
26 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.3/quickstart-templates/README.md:
--------------------------------------------------------------------------------
1 | QuickStarts
2 | ===========
3 |
4 | QuickStarts provide the basic skeleton of an application. Generally they
5 | reference a repository containing very simple source code that implements a
6 | trivial application using a particular framework. In addition they define any
7 | components needed for the application including a Build configuration,
8 | supporting services such as Databases, etc.
9 |
10 | You can instantiate these templates as is, or fork the source repository they
11 | reference and supply your forked repository as the source-repository when
12 | instantiating them.
13 |
14 | * [CakePHP](https://raw.githubusercontent.com/openshift/cakephp-ex/master/openshift/templates/cakephp-mysql.json) - Provides a basic CakePHP application with a MySQL database. For more information see the [source repository](https://github.com/openshift/cakephp-ex).
15 | * [Dancer](https://raw.githubusercontent.com/openshift/dancer-ex/master/openshift/templates/dancer-mysql.json) - Provides a basic Dancer (Perl) application with a MySQL database. For more information see the [source repository](https://github.com/openshift/dancer-ex).
16 | * [Django](https://raw.githubusercontent.com/openshift/django-ex/master/openshift/templates/django-postgresql.json) - Provides a basic Django (Python) application with a PostgreSQL database. For more information see the [source repository](https://github.com/openshift/django-ex).
17 | * [NodeJS](https://raw.githubusercontent.com/openshift/nodejs-ex/master/openshift/templates/nodejs-mongodb.json) - Provides a basic NodeJS application with a MongoDB database. For more information see the [source repository](https://github.com/openshift/nodejs-ex).
18 | * [Rails](https://raw.githubusercontent.com/openshift/rails-ex/master/openshift/templates/rails-postgresql.json) - Provides a basic Rails (Ruby) application with a PostgreSQL database. For more information see the [source repository](https://github.com/openshift/rails-ex).
19 |
20 | Note: This file is processed by `hack/update-external-examples.sh`. New examples
21 | must follow the exact syntax of the existing entries. Files in this directory
22 | are automatically pulled down, do not modify/add files to this directory.
23 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.4/cfme-templates/cfme-pv-app-example.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: cloudforms
5 | spec:
6 | capacity:
7 | storage: 2Gi
8 | accessModes:
9 | - ReadWriteOnce
10 | nfs:
11 | path: /opt/nfs/volumes-app
12 | server: 10.19.0.216
13 | persistentVolumeReclaimPolicy: Recycle
14 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.4/cfme-templates/cfme-pv-example.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: nfs-pv01
5 | spec:
6 | capacity:
7 | storage: 2Gi
8 | accessModes:
9 | - ReadWriteOnce
10 | nfs:
11 | path: /opt/nfs/volumes
12 | server: 10.19.0.216
13 | persistentVolumeReclaimPolicy: Recycle
14 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.4/cfme-templates/jboss-middleware-manager-pv-example.yaml:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright 2016-2017 Red Hat, Inc. and/or its affiliates
3 | # and other contributors as indicated by the @author tags.
4 | #
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 |
18 | apiVersion: v1
19 | kind: Template
20 | parameters:
21 | - name: HAWKULAR_SERVICES_DATA_LIMIT
22 | description: Maximum amount data used by hawkular-services container (mostly logging)
23 | displayName: Hawkular Services Container Data Limit
24 | value: 1Gi
25 | - name: CASSANDRA_DATA_LIMIT
26 | description: Maximum amount data used by Cassandra container
27 | displayName: Cassandra Container Data Limit
28 | value: 2Gi
29 |
30 | objects:
31 | - apiVersion: v1
32 | kind: PersistentVolume
33 | metadata:
34 | name: h-services-pv
35 | labels:
36 | type: h-services
37 | spec:
38 | capacity:
39 | storage: ${HAWKULAR_SERVICES_DATA_LIMIT}
40 | accessModes:
41 | - ReadWriteOnce
42 | persistentVolumeReclaimPolicy: Retain
43 | hostPath:
44 | path: /tmp/pv-services
45 | - apiVersion: v1
46 | kind: PersistentVolume
47 | metadata:
48 | name: cassandra-pv
49 | labels:
50 | type: cassandra
51 | spec:
52 | capacity:
53 | storage: ${CASSANDRA_DATA_LIMIT}
54 | accessModes:
55 | - ReadWriteOnce
56 | persistentVolumeReclaimPolicy: Retain
57 | hostPath:
58 | path: /tmp/pv-cassandra
59 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.4/quickstart-templates/pvc.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: "amp-pvc"
5 | objects:
6 |
7 | - apiVersion: "v1"
8 | kind: "PersistentVolumeClaim"
9 | metadata:
10 | name: "system-storage"
11 | spec:
12 | accessModes:
13 | - "ReadWriteMany"
14 | resources:
15 | requests:
16 | storage: "100Mi"
17 |
18 | - apiVersion: "v1"
19 | kind: "PersistentVolumeClaim"
20 | metadata:
21 | name: "mysql-storage"
22 | spec:
23 | accessModes:
24 | - "ReadWriteOnce"
25 | resources:
26 | requests:
27 | storage: "1Gi"
28 |
29 | - apiVersion: "v1"
30 | kind: "PersistentVolumeClaim"
31 | metadata:
32 | name: "system-redis-storage"
33 | spec:
34 | accessModes:
35 | - "ReadWriteOnce"
36 | resources:
37 | requests:
38 | storage: "1Gi"
39 |
40 | - apiVersion: "v1"
41 | kind: "PersistentVolumeClaim"
42 | metadata:
43 | name: "backend-redis-storage"
44 | spec:
45 | accessModes:
46 | - "ReadWriteOnce"
47 | resources:
48 | requests:
49 | storage: "1Gi"
50 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.5/cfme-templates/cfme-pv-db-example.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: cfme-pv01
5 | spec:
6 | capacity:
7 | storage: 15Gi
8 | accessModes:
9 | - ReadWriteOnce
10 | nfs:
11 | path: /exports/cfme-pv01
12 | server:
13 | persistentVolumeReclaimPolicy: Retain
14 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.5/cfme-templates/cfme-pv-region-example.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: cfme-pv02
5 | spec:
6 | capacity:
7 | storage: 5Gi
8 | accessModes:
9 | - ReadWriteOnce
10 | nfs:
11 | path: /exports/cfme-pv02
12 | server:
13 | persistentVolumeReclaimPolicy: Retain
14 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.5/cfme-templates/cfme-pv-server-example.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: cfme-pv03
5 | spec:
6 | capacity:
7 | storage: 5Gi
8 | accessModes:
9 | - ReadWriteOnce
10 | nfs:
11 | path: /exports/cfme-pv03
12 | server:
13 | persistentVolumeReclaimPolicy: Retain
14 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.5/cfme-templates/jboss-middleware-manager-pv-example.yaml:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright 2016-2017 Red Hat, Inc. and/or its affiliates
3 | # and other contributors as indicated by the @author tags.
4 | #
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 |
18 | apiVersion: v1
19 | kind: Template
20 | parameters:
21 | - name: HAWKULAR_SERVICES_DATA_LIMIT
22 | description: Maximum amount data used by hawkular-services container (mostly logging)
23 | displayName: Hawkular Services Container Data Limit
24 | value: 1Gi
25 | - name: CASSANDRA_DATA_LIMIT
26 | description: Maximum amount data used by Cassandra container
27 | displayName: Cassandra Container Data Limit
28 | value: 2Gi
29 |
30 | objects:
31 | - apiVersion: v1
32 | kind: PersistentVolume
33 | metadata:
34 | name: h-services-pv
35 | labels:
36 | type: h-services
37 | spec:
38 | capacity:
39 | storage: ${HAWKULAR_SERVICES_DATA_LIMIT}
40 | accessModes:
41 | - ReadWriteOnce
42 | persistentVolumeReclaimPolicy: Retain
43 | hostPath:
44 | path: /tmp/pv-services
45 | - apiVersion: v1
46 | kind: PersistentVolume
47 | metadata:
48 | name: cassandra-pv
49 | labels:
50 | type: cassandra
51 | spec:
52 | capacity:
53 | storage: ${CASSANDRA_DATA_LIMIT}
54 | accessModes:
55 | - ReadWriteOnce
56 | persistentVolumeReclaimPolicy: Retain
57 | hostPath:
58 | path: /tmp/pv-cassandra
59 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.5/quickstart-templates/pvc.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: "amp-pvc"
5 | objects:
6 |
7 | - apiVersion: "v1"
8 | kind: "PersistentVolumeClaim"
9 | metadata:
10 | name: "system-storage"
11 | spec:
12 | accessModes:
13 | - "ReadWriteMany"
14 | resources:
15 | requests:
16 | storage: "100Mi"
17 |
18 | - apiVersion: "v1"
19 | kind: "PersistentVolumeClaim"
20 | metadata:
21 | name: "mysql-storage"
22 | spec:
23 | accessModes:
24 | - "ReadWriteOnce"
25 | resources:
26 | requests:
27 | storage: "1Gi"
28 |
29 | - apiVersion: "v1"
30 | kind: "PersistentVolumeClaim"
31 | metadata:
32 | name: "system-redis-storage"
33 | spec:
34 | accessModes:
35 | - "ReadWriteOnce"
36 | resources:
37 | requests:
38 | storage: "1Gi"
39 |
40 | - apiVersion: "v1"
41 | kind: "PersistentVolumeClaim"
42 | metadata:
43 | name: "backend-redis-storage"
44 | spec:
45 | accessModes:
46 | - "ReadWriteOnce"
47 | resources:
48 | requests:
49 | storage: "1Gi"
50 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.6/cfme-templates/cfme-pv-db-example.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: cfme-pv01
5 | spec:
6 | capacity:
7 | storage: 15Gi
8 | accessModes:
9 | - ReadWriteOnce
10 | nfs:
11 | path: /exports/cfme-pv01
12 | server:
13 | persistentVolumeReclaimPolicy: Retain
14 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.6/cfme-templates/cfme-pv-region-example.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: cfme-pv02
5 | spec:
6 | capacity:
7 | storage: 5Gi
8 | accessModes:
9 | - ReadWriteOnce
10 | nfs:
11 | path: /exports/cfme-pv02
12 | server:
13 | persistentVolumeReclaimPolicy: Retain
14 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.6/cfme-templates/cfme-pv-server-example.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: cfme-pv03
5 | spec:
6 | capacity:
7 | storage: 5Gi
8 | accessModes:
9 | - ReadWriteOnce
10 | nfs:
11 | path: /exports/cfme-pv03
12 | server:
13 | persistentVolumeReclaimPolicy: Retain
14 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.6/cfme-templates/jboss-middleware-manager-pv-example.yaml:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright 2016-2017 Red Hat, Inc. and/or its affiliates
3 | # and other contributors as indicated by the @author tags.
4 | #
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 |
18 | apiVersion: v1
19 | kind: Template
20 | parameters:
21 | - name: HAWKULAR_SERVICES_DATA_LIMIT
22 | description: Maximum amount data used by hawkular-services container (mostly logging)
23 | displayName: Hawkular Services Container Data Limit
24 | value: 1Gi
25 | - name: CASSANDRA_DATA_LIMIT
26 | description: Maximum amount data used by Cassandra container
27 | displayName: Cassandra Container Data Limit
28 | value: 2Gi
29 |
30 | objects:
31 | - apiVersion: v1
32 | kind: PersistentVolume
33 | metadata:
34 | name: h-services-pv
35 | labels:
36 | type: h-services
37 | spec:
38 | capacity:
39 | storage: ${HAWKULAR_SERVICES_DATA_LIMIT}
40 | accessModes:
41 | - ReadWriteOnce
42 | persistentVolumeReclaimPolicy: Retain
43 | hostPath:
44 | path: /tmp/pv-services
45 | - apiVersion: v1
46 | kind: PersistentVolume
47 | metadata:
48 | name: cassandra-pv
49 | labels:
50 | type: cassandra
51 | spec:
52 | capacity:
53 | storage: ${CASSANDRA_DATA_LIMIT}
54 | accessModes:
55 | - ReadWriteOnce
56 | persistentVolumeReclaimPolicy: Retain
57 | hostPath:
58 | path: /tmp/pv-cassandra
59 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.6/db-templates/OWNERS:
--------------------------------------------------------------------------------
1 | reviewers:
2 | - bparees
3 | - gabemontero
4 | - mfojtik
5 | - dinhxuanvu
6 | - jim-minter
7 | - spadgett
8 | approvers:
9 | - bparees
10 | - mfojtik
11 | - spadgett
12 | - jupierce
13 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.6/image-streams/OWNERS:
--------------------------------------------------------------------------------
1 | reviewers:
2 | - bparees
3 | - sspeiche
4 | - mfojtik
5 | - liggitt
6 | - jcantrill
7 | - hhorak
8 | - csrwng
9 | approvers:
10 | - bparees
11 | - mfojtik
12 | - liggitt
13 | - jcantrill
14 | - csrwng
15 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.6/quickstart-templates/OWNERS:
--------------------------------------------------------------------------------
1 | reviewers:
2 | - bparees
3 | - gabemontero
4 | - coreydaley
5 | - dinhxuanvu
6 | - sspeiche
7 | - mfojtik
8 | - jupierce
9 | approvers:
10 | - bparees
11 | - mfojtik
12 | - jupierce
13 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.6/quickstart-templates/apicast-gateway-template.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IshentRas/cookbook-openshift3/e3790bde5e0740a132fcd88f44a3db4c50cb48a3/files/default/openshift_examples/v1.6/quickstart-templates/apicast-gateway-template.yml
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.6/quickstart-templates/pvc.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: "amp-pvc"
5 | objects:
6 |
7 | - apiVersion: "v1"
8 | kind: "PersistentVolumeClaim"
9 | metadata:
10 | name: "system-storage"
11 | spec:
12 | accessModes:
13 | - "ReadWriteMany"
14 | resources:
15 | requests:
16 | storage: "100Mi"
17 |
18 | - apiVersion: "v1"
19 | kind: "PersistentVolumeClaim"
20 | metadata:
21 | name: "mysql-storage"
22 | spec:
23 | accessModes:
24 | - "ReadWriteOnce"
25 | resources:
26 | requests:
27 | storage: "1Gi"
28 |
29 | - apiVersion: "v1"
30 | kind: "PersistentVolumeClaim"
31 | metadata:
32 | name: "system-redis-storage"
33 | spec:
34 | accessModes:
35 | - "ReadWriteOnce"
36 | resources:
37 | requests:
38 | storage: "1Gi"
39 |
40 | - apiVersion: "v1"
41 | kind: "PersistentVolumeClaim"
42 | metadata:
43 | name: "backend-redis-storage"
44 | spec:
45 | accessModes:
46 | - "ReadWriteOnce"
47 | resources:
48 | requests:
49 | storage: "1Gi"
50 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.7/cfme-templates/cfme-backup-job.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: cloudforms-backup
5 | spec:
6 | template:
7 | metadata:
8 | name: cloudforms-backup
9 | spec:
10 | containers:
11 | - name: postgresql
12 | image: registry.access.redhat.com/cloudforms46/cfme-openshift-postgresql:latest
13 | command:
14 | - "/opt/rh/cfme-container-scripts/backup_db"
15 | env:
16 | - name: DATABASE_URL
17 | valueFrom:
18 | secretKeyRef:
19 | name: cloudforms-secrets
20 | key: database-url
21 | volumeMounts:
22 | - name: cfme-backup-vol
23 | mountPath: "/backups"
24 | volumes:
25 | - name: cfme-backup-vol
26 | persistentVolumeClaim:
27 | claimName: cloudforms-backup
28 | restartPolicy: Never
29 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.7/cfme-templates/cfme-backup-pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: cloudforms-backup
5 | spec:
6 | accessModes:
7 | - ReadWriteOnce
8 | resources:
9 | requests:
10 | storage: 15Gi
11 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.7/cfme-templates/cfme-pv-backup-example.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: cfme-pv03
5 | spec:
6 | capacity:
7 | storage: 15Gi
8 | accessModes:
9 | - ReadWriteOnce
10 | nfs:
11 | path: "/exports/cfme-pv03"
12 | server: ""
13 | persistentVolumeReclaimPolicy: Retain
14 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.7/cfme-templates/cfme-pv-db-example.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | labels:
4 | template: cloudforms-db-pv
5 | metadata:
6 | name: cloudforms-db-pv
7 | annotations:
8 | description: PV Template for CFME PostgreSQL DB
9 | tags: PVS, CFME
10 | objects:
11 | - apiVersion: v1
12 | kind: PersistentVolume
13 | metadata:
14 | name: cfme-db
15 | spec:
16 | capacity:
17 | storage: "${PV_SIZE}"
18 | accessModes:
19 | - ReadWriteOnce
20 | nfs:
21 | path: "${BASE_PATH}/cfme-db"
22 | server: "${NFS_HOST}"
23 | persistentVolumeReclaimPolicy: Retain
24 | parameters:
25 | - name: PV_SIZE
26 | displayName: PV Size for DB
27 | required: true
28 | description: The size of the CFME DB PV given in Gi
29 | value: 15Gi
30 | - name: BASE_PATH
31 | displayName: Exports Directory Base Path
32 | required: true
33 | description: The parent directory of your NFS exports
34 | value: "/exports"
35 | - name: NFS_HOST
36 | displayName: NFS Server Hostname
37 | required: true
38 | description: The hostname or IP address of the NFS server
39 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.7/cfme-templates/cfme-pv-region-example.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: cfme-pv02
5 | spec:
6 | capacity:
7 | storage: 5Gi
8 | accessModes:
9 | - ReadWriteOnce
10 | nfs:
11 | path: /exports/cfme-pv02
12 | server:
13 | persistentVolumeReclaimPolicy: Retain
14 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.7/cfme-templates/cfme-pv-server-example.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | labels:
4 | template: cloudforms-app-pv
5 | metadata:
6 | name: cloudforms-app-pv
7 | annotations:
8 | description: PV Template for CFME Server
9 | tags: PVS, CFME
10 | objects:
11 | - apiVersion: v1
12 | kind: PersistentVolume
13 | metadata:
14 | name: cfme-app
15 | spec:
16 | capacity:
17 | storage: "${PV_SIZE}"
18 | accessModes:
19 | - ReadWriteOnce
20 | nfs:
21 | path: "${BASE_PATH}/cfme-app"
22 | server: "${NFS_HOST}"
23 | persistentVolumeReclaimPolicy: Retain
24 | parameters:
25 | - name: PV_SIZE
26 | displayName: PV Size for App
27 | required: true
28 | description: The size of the CFME APP PV given in Gi
29 | value: 5Gi
30 | - name: BASE_PATH
31 | displayName: Exports Directory Base Path
32 | required: true
33 | description: The parent directory of your NFS exports
34 | value: "/exports"
35 | - name: NFS_HOST
36 | displayName: NFS Server Hostname
37 | required: true
38 | description: The hostname or IP address of the NFS server
39 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.7/cfme-templates/cfme-restore-job.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: cloudforms-restore
5 | spec:
6 | template:
7 | metadata:
8 | name: cloudforms-restore
9 | spec:
10 | containers:
11 | - name: postgresql
12 | image: registry.access.redhat.com/cloudforms46/cfme-openshift-postgresql:latest
13 | command:
14 | - "/opt/rh/cfme-container-scripts/restore_db"
15 | env:
16 | - name: DATABASE_URL
17 | valueFrom:
18 | secretKeyRef:
19 | name: cloudforms-secrets
20 | key: database-url
21 | - name: BACKUP_VERSION
22 | value: latest
23 | volumeMounts:
24 | - name: cfme-backup-vol
25 | mountPath: "/backups"
26 | - name: cfme-prod-vol
27 | mountPath: "/restore"
28 | volumes:
29 | - name: cfme-backup-vol
30 | persistentVolumeClaim:
31 | claimName: cloudforms-backup
32 | - name: cfme-prod-vol
33 | persistentVolumeClaim:
34 | claimName: cloudforms-postgresql
35 | restartPolicy: Never
36 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.7/cfme-templates/cfme-scc-sysadmin.yaml:
--------------------------------------------------------------------------------
1 | allowHostDirVolumePlugin: false
2 | allowHostIPC: false
3 | allowHostNetwork: false
4 | allowHostPID: false
5 | allowHostPorts: false
6 | allowPrivilegedContainer: false
7 | allowedCapabilities:
8 | apiVersion: v1
9 | defaultAddCapabilities:
10 | - SYS_ADMIN
11 | fsGroup:
12 | type: RunAsAny
13 | groups:
14 | - system:cluster-admins
15 | kind: SecurityContextConstraints
16 | metadata:
17 | annotations:
18 | kubernetes.io/description: cfme-sysadmin provides all features of the anyuid SCC but allows users to have SYS_ADMIN capabilities. This is the required scc for Pods requiring to run with systemd and the message bus.
19 | creationTimestamp:
20 | name: cfme-sysadmin
21 | priority: 10
22 | readOnlyRootFilesystem: false
23 | requiredDropCapabilities:
24 | - MKNOD
25 | - SYS_CHROOT
26 | runAsUser:
27 | type: RunAsAny
28 | seLinuxContext:
29 | type: MustRunAs
30 | supplementalGroups:
31 | type: RunAsAny
32 | users:
33 | volumes:
34 | - configMap
35 | - downwardAPI
36 | - emptyDir
37 | - persistentVolumeClaim
38 | - secret
39 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.7/cfme-templates/jboss-middleware-manager-pv-example.yaml:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright 2016-2017 Red Hat, Inc. and/or its affiliates
3 | # and other contributors as indicated by the @author tags.
4 | #
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 |
18 | apiVersion: v1
19 | kind: Template
20 | parameters:
21 | - name: HAWKULAR_SERVICES_DATA_LIMIT
22 | description: Maximum amount data used by hawkular-services container (mostly logging)
23 | displayName: Hawkular Services Container Data Limit
24 | value: 1Gi
25 | - name: CASSANDRA_DATA_LIMIT
26 | description: Maximum amount data used by Cassandra container
27 | displayName: Cassandra Container Data Limit
28 | value: 2Gi
29 |
30 | objects:
31 | - apiVersion: v1
32 | kind: PersistentVolume
33 | metadata:
34 | name: h-services-pv
35 | labels:
36 | type: h-services
37 | spec:
38 | capacity:
39 | storage: ${HAWKULAR_SERVICES_DATA_LIMIT}
40 | accessModes:
41 | - ReadWriteOnce
42 | persistentVolumeReclaimPolicy: Retain
43 | hostPath:
44 | path: /tmp/pv-services
45 | - apiVersion: v1
46 | kind: PersistentVolume
47 | metadata:
48 | name: cassandra-pv
49 | labels:
50 | type: cassandra
51 | spec:
52 | capacity:
53 | storage: ${CASSANDRA_DATA_LIMIT}
54 | accessModes:
55 | - ReadWriteOnce
56 | persistentVolumeReclaimPolicy: Retain
57 | hostPath:
58 | path: /tmp/pv-cassandra
59 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.7/db-templates/OWNERS:
--------------------------------------------------------------------------------
1 | reviewers:
2 | - bparees
3 | - gabemontero
4 | - mfojtik
5 | - dinhxuanvu
6 | - jim-minter
7 | - spadgett
8 | approvers:
9 | - bparees
10 | - mfojtik
11 | - spadgett
12 | - jupierce
13 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.7/image-streams/OWNERS:
--------------------------------------------------------------------------------
1 | reviewers:
2 | - bparees
3 | - sspeiche
4 | - mfojtik
5 | - liggitt
6 | - jcantrill
7 | - hhorak
8 | - csrwng
9 | approvers:
10 | - bparees
11 | - mfojtik
12 | - liggitt
13 | - jcantrill
14 | - csrwng
15 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.7/quickstart-templates/OWNERS:
--------------------------------------------------------------------------------
1 | reviewers:
2 | - bparees
3 | - gabemontero
4 | - coreydaley
5 | - dinhxuanvu
6 | - sspeiche
7 | - mfojtik
8 | - jupierce
9 | approvers:
10 | - bparees
11 | - mfojtik
12 | - jupierce
13 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.7/quickstart-templates/apicast-gateway-template.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IshentRas/cookbook-openshift3/e3790bde5e0740a132fcd88f44a3db4c50cb48a3/files/default/openshift_examples/v1.7/quickstart-templates/apicast-gateway-template.yml
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.7/quickstart-templates/pvc.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: "amp-pvc"
5 | objects:
6 |
7 | - apiVersion: "v1"
8 | kind: "PersistentVolumeClaim"
9 | metadata:
10 | name: "system-storage"
11 | spec:
12 | accessModes:
13 | - "ReadWriteMany"
14 | resources:
15 | requests:
16 | storage: "100Mi"
17 |
18 | - apiVersion: "v1"
19 | kind: "PersistentVolumeClaim"
20 | metadata:
21 | name: "mysql-storage"
22 | spec:
23 | accessModes:
24 | - "ReadWriteOnce"
25 | resources:
26 | requests:
27 | storage: "1Gi"
28 |
29 | - apiVersion: "v1"
30 | kind: "PersistentVolumeClaim"
31 | metadata:
32 | name: "system-redis-storage"
33 | spec:
34 | accessModes:
35 | - "ReadWriteOnce"
36 | resources:
37 | requests:
38 | storage: "1Gi"
39 |
40 | - apiVersion: "v1"
41 | kind: "PersistentVolumeClaim"
42 | metadata:
43 | name: "backend-redis-storage"
44 | spec:
45 | accessModes:
46 | - "ReadWriteOnce"
47 | resources:
48 | requests:
49 | storage: "1Gi"
50 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.9/cfme-templates/cfme-backup-job.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: cloudforms-backup
5 | spec:
6 | template:
7 | metadata:
8 | name: cloudforms-backup
9 | spec:
10 | containers:
11 | - name: postgresql
12 | image: registry.access.redhat.com/cloudforms46/cfme-openshift-postgresql:latest
13 | command:
14 | - "/opt/rh/cfme-container-scripts/backup_db"
15 | env:
16 | - name: DATABASE_URL
17 | valueFrom:
18 | secretKeyRef:
19 | name: cloudforms-secrets
20 | key: database-url
21 | volumeMounts:
22 | - name: cfme-backup-vol
23 | mountPath: "/backups"
24 | volumes:
25 | - name: cfme-backup-vol
26 | persistentVolumeClaim:
27 | claimName: cloudforms-backup
28 | restartPolicy: Never
29 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.9/cfme-templates/cfme-backup-pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: cloudforms-backup
5 | spec:
6 | accessModes:
7 | - ReadWriteOnce
8 | resources:
9 | requests:
10 | storage: 15Gi
11 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.9/cfme-templates/cfme-pv-backup-example.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: cfme-pv03
5 | spec:
6 | capacity:
7 | storage: 15Gi
8 | accessModes:
9 | - ReadWriteOnce
10 | nfs:
11 | path: "/exports/cfme-pv03"
12 | server: ""
13 | persistentVolumeReclaimPolicy: Retain
14 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.9/cfme-templates/cfme-pv-db-example.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | labels:
4 | template: cloudforms-db-pv
5 | metadata:
6 | name: cloudforms-db-pv
7 | annotations:
8 | description: PV Template for CFME PostgreSQL DB
9 | tags: PVS, CFME
10 | objects:
11 | - apiVersion: v1
12 | kind: PersistentVolume
13 | metadata:
14 | name: cfme-db
15 | spec:
16 | capacity:
17 | storage: "${PV_SIZE}"
18 | accessModes:
19 | - ReadWriteOnce
20 | nfs:
21 | path: "${BASE_PATH}/cfme-db"
22 | server: "${NFS_HOST}"
23 | persistentVolumeReclaimPolicy: Retain
24 | parameters:
25 | - name: PV_SIZE
26 | displayName: PV Size for DB
27 | required: true
28 | description: The size of the CFME DB PV given in Gi
29 | value: 15Gi
30 | - name: BASE_PATH
31 | displayName: Exports Directory Base Path
32 | required: true
33 | description: The parent directory of your NFS exports
34 | value: "/exports"
35 | - name: NFS_HOST
36 | displayName: NFS Server Hostname
37 | required: true
38 | description: The hostname or IP address of the NFS server
39 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.9/cfme-templates/cfme-pv-server-example.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | labels:
4 | template: cloudforms-app-pv
5 | metadata:
6 | name: cloudforms-app-pv
7 | annotations:
8 | description: PV Template for CFME Server
9 | tags: PVS, CFME
10 | objects:
11 | - apiVersion: v1
12 | kind: PersistentVolume
13 | metadata:
14 | name: cfme-app
15 | spec:
16 | capacity:
17 | storage: "${PV_SIZE}"
18 | accessModes:
19 | - ReadWriteOnce
20 | nfs:
21 | path: "${BASE_PATH}/cfme-app"
22 | server: "${NFS_HOST}"
23 | persistentVolumeReclaimPolicy: Retain
24 | parameters:
25 | - name: PV_SIZE
26 | displayName: PV Size for App
27 | required: true
28 | description: The size of the CFME APP PV given in Gi
29 | value: 5Gi
30 | - name: BASE_PATH
31 | displayName: Exports Directory Base Path
32 | required: true
33 | description: The parent directory of your NFS exports
34 | value: "/exports"
35 | - name: NFS_HOST
36 | displayName: NFS Server Hostname
37 | required: true
38 | description: The hostname or IP address of the NFS server
39 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.9/cfme-templates/cfme-restore-job.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: cloudforms-restore
5 | spec:
6 | template:
7 | metadata:
8 | name: cloudforms-restore
9 | spec:
10 | containers:
11 | - name: postgresql
12 | image: registry.access.redhat.com/cloudforms46/cfme-openshift-postgresql:latest
13 | command:
14 | - "/opt/rh/cfme-container-scripts/restore_db"
15 | env:
16 | - name: DATABASE_URL
17 | valueFrom:
18 | secretKeyRef:
19 | name: cloudforms-secrets
20 | key: database-url
21 | - name: BACKUP_VERSION
22 | value: latest
23 | volumeMounts:
24 | - name: cfme-backup-vol
25 | mountPath: "/backups"
26 | - name: cfme-prod-vol
27 | mountPath: "/restore"
28 | volumes:
29 | - name: cfme-backup-vol
30 | persistentVolumeClaim:
31 | claimName: cloudforms-backup
32 | - name: cfme-prod-vol
33 | persistentVolumeClaim:
34 | claimName: cloudforms-postgresql
35 | restartPolicy: Never
36 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.9/cfme-templates/cfme-scc-sysadmin.yaml:
--------------------------------------------------------------------------------
1 | allowHostDirVolumePlugin: false
2 | allowHostIPC: false
3 | allowHostNetwork: false
4 | allowHostPID: false
5 | allowHostPorts: false
6 | allowPrivilegedContainer: false
7 | allowedCapabilities:
8 | apiVersion: v1
9 | defaultAddCapabilities:
10 | - SYS_ADMIN
11 | fsGroup:
12 | type: RunAsAny
13 | groups:
14 | - system:cluster-admins
15 | kind: SecurityContextConstraints
16 | metadata:
17 | annotations:
18 | kubernetes.io/description: cfme-sysadmin provides all features of the anyuid SCC but allows users to have SYS_ADMIN capabilities. This is the required scc for Pods requiring to run with systemd and the message bus.
19 | creationTimestamp:
20 | name: cfme-sysadmin
21 | priority: 10
22 | readOnlyRootFilesystem: false
23 | requiredDropCapabilities:
24 | - MKNOD
25 | - SYS_CHROOT
26 | runAsUser:
27 | type: RunAsAny
28 | seLinuxContext:
29 | type: MustRunAs
30 | supplementalGroups:
31 | type: RunAsAny
32 | users:
33 | volumes:
34 | - configMap
35 | - downwardAPI
36 | - emptyDir
37 | - persistentVolumeClaim
38 | - secret
39 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.9/cfme-templates/jboss-middleware-manager-pv-example.yaml:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright 2016-2017 Red Hat, Inc. and/or its affiliates
3 | # and other contributors as indicated by the @author tags.
4 | #
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 |
18 | apiVersion: v1
19 | kind: Template
20 | parameters:
21 | - name: HAWKULAR_SERVICES_DATA_LIMIT
22 | description: Maximum amount data used by hawkular-services container (mostly logging)
23 | displayName: Hawkular Services Container Data Limit
24 | value: 1Gi
25 | - name: CASSANDRA_DATA_LIMIT
26 | description: Maximum amount data used by Cassandra container
27 | displayName: Cassandra Container Data Limit
28 | value: 2Gi
29 |
30 | objects:
31 | - apiVersion: v1
32 | kind: PersistentVolume
33 | metadata:
34 | name: h-services-pv
35 | labels:
36 | type: h-services
37 | spec:
38 | capacity:
39 | storage: ${HAWKULAR_SERVICES_DATA_LIMIT}
40 | accessModes:
41 | - ReadWriteOnce
42 | persistentVolumeReclaimPolicy: Retain
43 | hostPath:
44 | path: /tmp/pv-services
45 | - apiVersion: v1
46 | kind: PersistentVolume
47 | metadata:
48 | name: cassandra-pv
49 | labels:
50 | type: cassandra
51 | spec:
52 | capacity:
53 | storage: ${CASSANDRA_DATA_LIMIT}
54 | accessModes:
55 | - ReadWriteOnce
56 | persistentVolumeReclaimPolicy: Retain
57 | hostPath:
58 | path: /tmp/pv-cassandra
59 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.9/db-templates/OWNERS:
--------------------------------------------------------------------------------
1 | reviewers:
2 | - bparees
3 | - gabemontero
4 | - mfojtik
5 | - dinhxuanvu
6 | - jim-minter
7 | - spadgett
8 | approvers:
9 | - bparees
10 | - mfojtik
11 | - spadgett
12 | - jupierce
13 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.9/image-streams/OWNERS:
--------------------------------------------------------------------------------
1 | reviewers:
2 | - bparees
3 | - sspeiche
4 | - mfojtik
5 | - liggitt
6 | - jcantrill
7 | - hhorak
8 | - csrwng
9 | approvers:
10 | - bparees
11 | - mfojtik
12 | - liggitt
13 | - jcantrill
14 | - csrwng
15 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.9/quickstart-templates/OWNERS:
--------------------------------------------------------------------------------
1 | reviewers:
2 | - bparees
3 | - gabemontero
4 | - coreydaley
5 | - dinhxuanvu
6 | - sspeiche
7 | - mfojtik
8 | - jupierce
9 | approvers:
10 | - bparees
11 | - mfojtik
12 | - jupierce
13 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.9/quickstart-templates/apicast-gateway-template.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IshentRas/cookbook-openshift3/e3790bde5e0740a132fcd88f44a3db4c50cb48a3/files/default/openshift_examples/v1.9/quickstart-templates/apicast-gateway-template.yml
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.9/quickstart-templates/pvc.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: "amp-pvc"
5 | objects:
6 |
7 | - apiVersion: "v1"
8 | kind: "PersistentVolumeClaim"
9 | metadata:
10 | name: "system-storage"
11 | spec:
12 | accessModes:
13 | - "ReadWriteMany"
14 | resources:
15 | requests:
16 | storage: "100Mi"
17 |
18 | - apiVersion: "v1"
19 | kind: "PersistentVolumeClaim"
20 | metadata:
21 | name: "mysql-storage"
22 | spec:
23 | accessModes:
24 | - "ReadWriteOnce"
25 | resources:
26 | requests:
27 | storage: "1Gi"
28 |
29 | - apiVersion: "v1"
30 | kind: "PersistentVolumeClaim"
31 | metadata:
32 | name: "system-redis-storage"
33 | spec:
34 | accessModes:
35 | - "ReadWriteOnce"
36 | resources:
37 | requests:
38 | storage: "1Gi"
39 |
40 | - apiVersion: "v1"
41 | kind: "PersistentVolumeClaim"
42 | metadata:
43 | name: "backend-redis-storage"
44 | spec:
45 | accessModes:
46 | - "ReadWriteOnce"
47 | resources:
48 | requests:
49 | storage: "1Gi"
50 |
--------------------------------------------------------------------------------
/files/default/openshift_examples/v1.9/xpaas-streams/decisionserver62-image-stream.json:
--------------------------------------------------------------------------------
1 | {
2 | "kind": "List",
3 | "apiVersion": "v1",
4 | "metadata": {
5 | "name": "decisionserver62-image-stream",
6 | "annotations": {
7 | "description": "ImageStream definition for Red Hat JBoss BRMS 6.2 decision server.",
8 | "openshift.io/provider-display-name": "Red Hat, Inc."
9 | }
10 | },
11 | "items": [
12 | {
13 | "kind": "ImageStream",
14 | "apiVersion": "v1",
15 | "metadata": {
16 | "name": "jboss-decisionserver62-openshift",
17 | "annotations": {
18 | "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server",
19 | "version": "1.4.14"
20 | }
21 | },
22 | "labels": {
23 | "xpaas": "1.4.14"
24 | },
25 | "spec": {
26 | "tags": [
27 | {
28 | "name": "1.2",
29 | "annotations": {
30 | "description": "Red Hat JBoss BRMS 6.2 decision server S2I images.",
31 | "iconClass": "icon-decisionserver",
32 | "tags": "builder,decisionserver,hidden",
33 | "supports": "decisionserver:6.2",
34 | "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
35 | "sampleContextDir": "decisionserver/hellorules",
36 | "sampleRef": "1.2",
37 | "version": "1.2",
38 | "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server"
39 | },
40 | "from": {
41 | "kind": "DockerImage",
42 | "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver62-openshift:1.2"
43 | }
44 | }
45 | ]
46 | }
47 | }
48 | ]
49 | }
50 |
--------------------------------------------------------------------------------
/files/default/openshift_node/openshift-node:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # This launches the Kubelet by converting the node configuration into kube flags.
4 |
5 | set -euo pipefail
6 |
7 | if ! [[ -f /etc/origin/node/client-ca.crt ]]; then
8 | if [[ -f /etc/origin/node/bootstrap.kubeconfig ]]; then
9 | oc config --config=/etc/origin/node/bootstrap.kubeconfig view --raw --minify -o go-template='{{ index .clusters 0 "cluster" "certificate-authority-data" }}' | base64 -d - > /etc/origin/node/client-ca.crt
10 | fi
11 | fi
12 | config=/etc/origin/node/bootstrap-node-config.yaml
13 | # TODO: remove when dynamic kubelet config is delivered
14 | if [[ -f /etc/origin/node/node-config.yaml ]]; then
15 | config=/etc/origin/node/node-config.yaml
16 | fi
17 | flags=$( /usr/bin/openshift-node-config "--config=${config}" )
18 | eval "exec /usr/bin/hyperkube kubelet --v=${DEBUG_LOGLEVEL:-2} ${flags}"
19 |
--------------------------------------------------------------------------------
/files/default/openshift_node/override.conf:
--------------------------------------------------------------------------------
1 | [Service]
2 | LimitNOFILE=65535
3 |
--------------------------------------------------------------------------------
/recipes/adhoc_redeploy_certificates.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: adhoc_redeploy_certificates
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | server_info = OpenShiftHelper::NodeHelper.new(node)
8 | is_certificate_server = server_info.on_certificate_server?
9 | is_first_master = server_info.on_first_master?
10 |
11 | include_recipe 'cookbook-openshift3::services'
12 |
13 | if is_certificate_server
14 | include_recipe 'cookbook-openshift3::adhoc_redeploy_etcd_ca' if node['cookbook-openshift3']['adhoc_redeploy_etcd_ca']
15 | include_recipe 'cookbook-openshift3::adhoc_redeploy_cluster_ca' if node['cookbook-openshift3']['adhoc_redeploy_cluster_ca']
16 | end
17 |
18 | if is_first_master
19 | include_recipe 'cookbook-openshift3::adhoc_redeploy_cluster_hosted' if node['cookbook-openshift3']['adhoc_redeploy_cluster_ca']
20 | end
21 |
--------------------------------------------------------------------------------
/recipes/adhoc_reset.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: adhoc_reset
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | server_info = OpenShiftHelper::NodeHelper.new(node)
8 | is_control_plane_server = server_info.on_control_plane_server?
9 |
10 | openshift_reset_host node['fqdn'] do
11 | not_if { is_control_plane_server }
12 | end
13 |
14 | include_recipe 'cookbook-openshift3::docker'
15 |
16 | file node['cookbook-openshift3']['adhoc_reset_control_flag'] do
17 | action :delete
18 | end
19 |
--------------------------------------------------------------------------------
/recipes/adhoc_uninstall.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: adhoc_uninstall
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | include_recipe 'iptables::default'
8 | include_recipe 'cookbook-openshift3::services'
9 | openshift_delete_host node['fqdn']
10 |
--------------------------------------------------------------------------------
/recipes/ca_bundle_fix.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: ca_bundle_fix
4 | #
5 | # If the original deployment was on <3.3/<1.3 then ca-bundle may not have been
6 | # created on the masters. This ensures it exists to avoid failures to startup
7 | # when it is not there by copying it over from ca.crt
8 | #
9 | # Copyright (c) 2015 The Authors, All Rights Reserved.
10 |
11 | server_info = OpenShiftHelper::NodeHelper.new(node)
12 | is_master_server = server_info.on_master_server?
13 |
14 | ruby_block 'Create ca-bundle if it is not there' do
15 | block do
16 | require 'fileutils'
17 | FileUtils.cp("#{node['cookbook-openshift3']['openshift_master_config_dir']}/ca.crt", "#{node['cookbook-openshift3']['openshift_master_config_dir']}/ca-bundle.crt")
18 | end
19 | only_if { is_master_server && ::File.file?("#{node['cookbook-openshift3']['openshift_master_config_dir']}/ca.crt") && !::File.file?("#{node['cookbook-openshift3']['openshift_master_config_dir']}/ca-bundle.crt") }
20 | end
21 |
--------------------------------------------------------------------------------
/recipes/certificate_server.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: certificate_server
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | server_info = OpenShiftHelper::NodeHelper.new(node)
8 | is_certificate_server = server_info.on_certificate_server?
9 | new_etcd_servers = server_info.new_etcd_servers
10 | remove_etcd_servers = server_info.remove_etcd_servers
11 | ose_major_version = node['cookbook-openshift3']['deploy_containerized'] == true ? node['cookbook-openshift3']['openshift_docker_image_version'] : node['cookbook-openshift3']['ose_major_version']
12 |
13 | if is_certificate_server
14 | node['cookbook-openshift3']['enabled_firewall_rules_certificate'].each do |rule|
15 | iptables_rule rule do
16 | action :enable
17 | notifies :restart, 'service[iptables]', :immediately
18 | end
19 | end
20 |
21 | openshift_master_pkg 'Install OpenShift Master Packages for Certificate Server' unless ::File.file?('/tmp/skip-pkgs')
22 |
23 | include_recipe 'cookbook-openshift3::etcd_packages'
24 | include_recipe 'cookbook-openshift3::etcd_certificates' if node['cookbook-openshift3']['openshift_HA']
25 | include_recipe 'cookbook-openshift3::etcd_recovery' if ::File.file?(node['cookbook-openshift3']['adhoc_recovery_etcd_certificate_server']) || ::File.file?(node['cookbook-openshift3']['adhoc_clean_etcd_flag'])
26 | include_recipe 'cookbook-openshift3::etcd_scaleup' unless new_etcd_servers.empty?
27 | include_recipe 'cookbook-openshift3::etcd_removal' unless remove_etcd_servers.empty?
28 | include_recipe 'cookbook-openshift3::master_cluster_ca'
29 | include_recipe 'cookbook-openshift3::master_cluster_certificates' if node['cookbook-openshift3']['openshift_HA']
30 | include_recipe 'cookbook-openshift3::wire_aggregator_certificates' if ose_major_version.split('.')[1].to_i >= 7
31 | include_recipe 'cookbook-openshift3::nodes_certificates'
32 | end
33 |
--------------------------------------------------------------------------------
/recipes/cloud_provider.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: cloud_provider
4 | #
5 | # Copyright (c) 2017 The Authors, All Rights Reserved.
6 |
7 | server_info = OpenShiftHelper::NodeHelper.new(node)
8 | is_master_server = server_info.on_master_server?
9 | is_node_server = server_info.on_node_server?
10 |
11 | if node['cookbook-openshift3']['openshift_cloud_provider']
12 | if is_master_server || is_node_server
13 | directory node['cookbook-openshift3']['openshift_cloud_provider_config_dir'] do
14 | recursive true
15 | end
16 |
17 | config_vars = {
18 | 'aws' => {}
19 | }
20 |
21 | case node['cookbook-openshift3']['openshift_cloud_provider']
22 | when 'aws'
23 | config_vars['aws']['zone'] = Chef::HTTP.new('http://169.254.169.254/latest/meta-data/placement/availability-zone').get('/')
24 | end
25 |
26 | config_file = "#{node['cookbook-openshift3']['openshift_cloud_provider_config_dir']}/#{node['cookbook-openshift3']['openshift_cloud_provider']}.conf"
27 |
28 | template config_file do
29 | source 'cloud_provider.conf.erb'
30 | variables(config_vars)
31 | notifies :restart, "service[#{node['cookbook-openshift3']['openshift_service_type']}-master]", :delayed if is_master_server && !node['cookbook-openshift3']['openshift_HA']
32 | notifies :restart, "service[#{node['cookbook-openshift3']['openshift_service_type']}-master-api]", :delayed if is_master_server && node['cookbook-openshift3']['openshift_HA']
33 | notifies :restart, "service[#{node['cookbook-openshift3']['openshift_service_type']}-master-controllers]", :delayed if is_master_server && node['cookbook-openshift3']['openshift_HA']
34 | notifies :restart, 'service[Restart Node]', :delayed if is_node_server
35 | end
36 | end
37 | end
38 |
--------------------------------------------------------------------------------
/recipes/commons.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: commons
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | server_info = OpenShiftHelper::NodeHelper.new(node)
8 | is_first_master = server_info.on_first_master?
9 |
10 | include_recipe 'cookbook-openshift3::common'
11 | include_recipe 'cookbook-openshift3::master'
12 | include_recipe 'cookbook-openshift3::node'
13 | include_recipe 'cookbook-openshift3::master_config_post' if is_first_master && !File.file?(node['cookbook-openshift3']['redeploy_cluster_ca_masters_control_flag'])
14 | include_recipe 'cookbook-openshift3::excluder'
15 |
--------------------------------------------------------------------------------
/recipes/disable_excluder.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: disable_excluder
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | server_info = OpenShiftHelper::NodeHelper.new(node)
8 | is_master_server = server_info.on_master_server?
9 | is_node_server = server_info.on_node_server?
10 |
11 | if is_master_server || is_node_server
12 | %w[excluder docker-excluder].each do |pkg|
13 | execute "Disable #{node['cookbook-openshift3']['openshift_service_type']}-#{pkg} (Best effort < 3.5)" do
14 | command "#{node['cookbook-openshift3']['openshift_service_type']}-#{pkg} enable"
15 | only_if "rpm -q #{node['cookbook-openshift3']['openshift_service_type']}-#{pkg}"
16 | end
17 | end
18 | end
19 |
--------------------------------------------------------------------------------
/recipes/excluder.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: excluder
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | server_info = OpenShiftHelper::NodeHelper.new(node)
8 | is_node_server = server_info.on_node_server?
9 | is_master_server = server_info.on_master_server?
10 |
11 | ose_major_version = node['cookbook-openshift3']['deploy_containerized'] == true ? node['cookbook-openshift3']['openshift_docker_image_version'] : node['cookbook-openshift3']['ose_major_version']
12 |
13 | if is_node_server || node['cookbook-openshift3']['deploy_containerized']
14 | yum_package "#{node['cookbook-openshift3']['openshift_service_type']}-docker-excluder" do
15 | action :upgrade if node['cookbook-openshift3']['upgrade']
16 | version node['cookbook-openshift3']['excluder_version'] unless node['cookbook-openshift3']['excluder_version'].nil?
17 | not_if { ose_major_version.split('.')[1].to_i < 5 && node['cookbook-openshift3']['openshift_deployment_type'] != 'enterprise' }
18 | end
19 |
20 | execute "Enable #{node['cookbook-openshift3']['openshift_service_type']}-docker-excluder" do
21 | command "#{node['cookbook-openshift3']['openshift_service_type']}-docker-excluder disable"
22 | not_if { ose_major_version.split('.')[1].to_i < 5 && node['cookbook-openshift3']['openshift_deployment_type'] != 'enterprise' }
23 | end
24 | end
25 |
26 | if is_master_server || is_node_server
27 | yum_package "#{node['cookbook-openshift3']['openshift_service_type']}-excluder" do
28 | action :upgrade if node['cookbook-openshift3']['upgrade']
29 | version node['cookbook-openshift3']['excluder_version'] unless node['cookbook-openshift3']['excluder_version'].nil?
30 | not_if { ose_major_version.split('.')[1].to_i < 5 && node['cookbook-openshift3']['openshift_deployment_type'] != 'enterprise' }
31 | end
32 |
33 | execute "Enable #{node['cookbook-openshift3']['openshift_service_type']}-excluder" do
34 | command "#{node['cookbook-openshift3']['openshift_service_type']}-excluder disable"
35 | not_if { ose_major_version.split('.')[1].to_i < 5 && node['cookbook-openshift3']['openshift_deployment_type'] != 'enterprise' }
36 | end
37 | end
38 |
--------------------------------------------------------------------------------
/recipes/helper_migrate_certificate_server_cluster.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: helper_migrate_certificate_server_cluster
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | directory node['cookbook-openshift3']['master_certs_generated_certs_dir'] do
8 | mode '0755'
9 | owner 'apache'
10 | group 'apache'
11 | recursive true
12 | end
13 |
14 | Dir.glob('/etc/origin/master/*').grep(/\.(?:crt|key|kubeconfig|txt)$/).uniq.each do |master_certificate|
15 | remote_file "#{node['cookbook-openshift3']['master_certs_generated_certs_dir']}/#{::File.basename(master_certificate)}" do
16 | source "file://#{master_certificate}"
17 | sensitive true
18 | end
19 | end
20 |
--------------------------------------------------------------------------------
/recipes/helper_migrate_certificate_server_etcd.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: helper_migrate_certificate_server_etcd
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | helper = OpenShiftHelper::NodeHelper.new(node)
8 |
9 | directory node['cookbook-openshift3']['etcd_certs_generated_certs_dir'] do
10 | mode '0755'
11 | owner 'root'
12 | group 'root'
13 | recursive true
14 | end
15 |
16 | ruby_block 'Duplicate ETCD CA directory' do
17 | block do
18 | helper.backup_dir("#{node['cookbook-openshift3']['legacy_etcd_ca_dir']}/.", node['cookbook-openshift3']['etcd_certs_generated_certs_dir'])
19 | end
20 | end
21 |
--------------------------------------------------------------------------------
/recipes/ng_certificate_server.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: ng_certificate_server
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | node['cookbook-openshift3']['enabled_firewall_rules_certificate'].each do |rule|
8 | iptables_rule rule do
9 | action :enable
10 | notifies :restart, 'service[iptables]', :immediately
11 | end
12 | end
13 |
14 | include_recipe 'cookbook-openshift3::etcd_certificates'
15 | openshift_master_pkg 'Install OpenShift Master Client for Certificate Server'
16 | include_recipe 'cookbook-openshift3::ng_master_cluster_ca'
17 | include_recipe 'cookbook-openshift3::ng_master_cluster_certificates'
18 |
--------------------------------------------------------------------------------
/recipes/ng_commons.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: ng_commons
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | server_info = OpenShiftHelper::NodeHelper.new(node)
8 | is_node_server = server_info.on_node_server?
9 | is_etcd_server = server_info.on_etcd_server?
10 | is_master_server = server_info.on_master_server?
11 | is_certificate_server = server_info.on_certificate_server?
12 |
13 | include_recipe 'cookbook-openshift3::ng_services'
14 | include_recipe 'cookbook-openshift3::packages'
15 | include_recipe 'cookbook-openshift3::ng_docker' if is_node_server
16 | include_recipe 'iptables::default'
17 | include_recipe 'selinux_policy::default'
18 |
19 | iptables_rule 'firewall_jump_rule' do
20 | action :enable
21 | end
22 |
23 | service 'firewalld' do
24 | action %i[stop disable]
25 | end
26 |
27 | package 'deltarpm' do
28 | retries 3
29 | end
30 |
31 | yum_package node['cookbook-openshift3']['core_packages']
32 |
33 | yum_package 'httpd' do
34 | notifies :run, 'ruby_block[Change HTTPD port xfer]', :immediately
35 | notifies :enable, 'service[httpd]', :immediately
36 | only_if { is_certificate_server }
37 | end
38 |
39 | include_recipe 'cookbook-openshift3::ng_certificate_server' if is_certificate_server
40 | include_recipe 'cookbook-openshift3::ng_node' if is_node_server
41 | include_recipe 'cookbook-openshift3::ng_etcd_cluster' if is_etcd_server
42 | include_recipe 'cookbook-openshift3::ng_master' if is_master_server || is_certificate_server
43 | include_recipe 'cookbook-openshift3::ng_node_join' if is_node_server
44 |
--------------------------------------------------------------------------------
/recipes/ng_docker.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: ng_docker
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | yum_package 'docker' do
8 | action :install
9 | version node['cookbook-openshift3']['upgrade'] ? (node['cookbook-openshift3']['upgrade_docker_version'] unless node['cookbook-openshift3']['upgrade_docker_version'].nil?) : (node['cookbook-openshift3']['docker_version'] unless node['cookbook-openshift3']['docker_version'].nil?)
10 | retries 3
11 | options node['cookbook-openshift3']['docker_yum_options'] unless node['cookbook-openshift3']['docker_yum_options'].nil?
12 | notifies :restart, 'service[docker]', :immediately if node['cookbook-openshift3']['upgrade']
13 | only_if do
14 | ::Mixlib::ShellOut.new('rpm -q docker').run_command.error? || node['cookbook-openshift3']['upgrade']
15 | end
16 | end
17 |
18 | template '/etc/sysconfig/docker-storage-setup' do
19 | source 'docker-storage.erb'
20 | end
21 |
22 | template '/etc/sysconfig/docker-network' do
23 | source 'service_docker-network.sysconfig.erb'
24 | notifies :restart, 'service[docker]', :immediately unless ::Mixlib::ShellOut.new('systemctl is-enabled docker').run_command.error?
25 | end
26 |
27 | template '/etc/sysconfig/docker' do
28 | source 'service_docker.sysconfig.erb'
29 | notifies :restart, 'service[docker]', :immediately
30 | notifies :enable, 'service[docker]', :immediately
31 | end
32 |
--------------------------------------------------------------------------------
/recipes/ng_etcd_packages.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: ng_etcd_packages
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | server_info = OpenShiftHelper::NodeHelper.new(node)
8 | is_etcd_server = server_info.on_etcd_server?
9 | is_new_etcd_server = server_info.on_new_etcd_server?
10 | is_certificate_server = server_info.on_certificate_server?
11 | etcd_servers = server_info.etcd_servers
12 |
13 | if is_etcd_server || is_new_etcd_server
14 | yum_package 'Install ETCD for ETCD servers' do
15 | package_name 'etcd'
16 | action :install
17 | version node['cookbook-openshift3']['upgrade'] ? (node['cookbook-openshift3']['upgrade_etcd_version'] unless node['cookbook-openshift3']['upgrade_etcd_version'].nil?) : (node['cookbook-openshift3']['etcd_version'] unless node['cookbook-openshift3']['etcd_version'].nil?)
18 | retries 3
19 | notifies :restart, 'service[etcd]', :immediately if node['cookbook-openshift3']['upgrade'] && !etcd_servers.find { |etcd| etcd['fqdn'] == node['fqdn'] }.nil?
20 | end
21 | end
22 |
23 | if is_certificate_server
24 | yum_package 'Install ETCD for certificate/master servers' do
25 | package_name 'etcd'
26 | version node['cookbook-openshift3']['upgrade'] ? (node['cookbook-openshift3']['upgrade_etcd_version'] unless node['cookbook-openshift3']['upgrade_etcd_version'].nil?) : (node['cookbook-openshift3']['etcd_version'] unless node['cookbook-openshift3']['etcd_version'].nil?)
27 | end
28 | end
29 |
--------------------------------------------------------------------------------
/recipes/ng_node_join.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: ng_node_join
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | server_info = OpenShiftHelper::NodeHelper.new(node)
8 | certificate_server = server_info.certificate_server
9 |
10 | if node['cookbook-openshift3']['encrypted_file_password']['data_bag_name'] && node['cookbook-openshift3']['encrypted_file_password']['data_bag_item_name']
11 | secret_file = node['cookbook-openshift3']['encrypted_file_password']['secret_file'] || nil
12 | encrypted_file_password = data_bag_item(node['cookbook-openshift3']['encrypted_file_password']['data_bag_name'], node['cookbook-openshift3']['encrypted_file_password']['data_bag_item_name'], secret_file)
13 | else
14 | encrypted_file_password = node['cookbook-openshift3']['encrypted_file_password']['default']
15 | end
16 |
17 | remote_file "Retrieve certificate from Master[#{certificate_server['fqdn']}]" do
18 | path "#{node['cookbook-openshift3']['openshift_node_config_dir']}/#{node['fqdn']}.tgz.enc"
19 | source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/node/generated-configs/#{node['fqdn']}.tgz.enc"
20 | action :create_if_missing
21 | notifies :run, 'execute[Un-encrypt node certificate tgz files]', :immediately
22 | notifies :run, 'execute[Extract certificate to Node folder]', :immediately
23 | notifies :enable, "service[#{node['cookbook-openshift3']['openshift_service_type']}-node]", :immediately
24 | notifies :restart, "service[#{node['cookbook-openshift3']['openshift_service_type']}-node]", :immediately
25 | retries 120
26 | retry_delay 5
27 | end
28 |
29 | execute 'Un-encrypt node certificate tgz files' do
30 | command "openssl enc -d -aes-256-cbc -in #{node['cookbook-openshift3']['openshift_node_config_dir']}/#{node['fqdn']}.tgz.enc -out #{node['cookbook-openshift3']['openshift_node_config_dir']}/#{node['fqdn']}.tgz -k '#{encrypted_file_password}'"
31 | action :nothing
32 | end
33 |
34 | execute 'Extract certificate to Node folder' do
35 | command "tar xzf #{node['fqdn']}.tgz && chown -R root:root ."
36 | cwd node['cookbook-openshift3']['openshift_node_config_dir']
37 | action :nothing
38 | end
39 |
--------------------------------------------------------------------------------
/recipes/ng_services.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: ng_services
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | server_info = OpenShiftHelper::NodeHelper.new(node)
8 | helper = OpenShiftHelper::UtilHelper
9 | etcd_servers = server_info.etcd_servers
10 | master_servers = server_info.master_servers
11 | certificate_server = server_info.certificate_server
12 |
13 | service 'httpd'
14 | service 'docker'
15 | service 'NetworkManager'
16 | service 'etcd'
17 |
18 | service "#{node['cookbook-openshift3']['openshift_service_type']}-node" do
19 | retries 5
20 | retry_delay 5
21 | end
22 |
23 | execute 'Restart API' do
24 | command '/usr/local/bin/master-restart api'
25 | action :nothing
26 | only_if "[[ $(systemctl show -p SubState #{node['cookbook-openshift3']['openshift_service_type']}-node | cut -d'=' -f2) == 'running' ]]"
27 | end
28 |
29 | execute 'Restart Controller' do
30 | command '/usr/local/bin/master-restart controllers'
31 | action :nothing
32 | only_if "[[ $(systemctl show -p SubState #{node['cookbook-openshift3']['openshift_service_type']}-node | cut -d'=' -f2) == 'running' ]]"
33 | end
34 |
35 | ruby_block 'Change HTTPD port xfer' do
36 | block do
37 | http_addresses = [etcd_servers, master_servers, [certificate_server]].each_with_object([]) do |candidate_servers, memo|
38 | this_server = candidate_servers.find { |server_candidate| server_candidate['fqdn'] == node['fqdn'] }
39 | memo << this_server['ipaddress'] if this_server
40 | end.sort.uniq
41 |
42 | openshift_settings = helper.new('/etc/httpd/conf/httpd.conf')
43 | openshift_settings.search_file_replace_line(
44 | /(^Listen.*?\n)+/m,
45 | http_addresses.map { |addr| "Listen #{addr}:#{node['cookbook-openshift3']['httpd_xfer_port']}\n" }.join
46 | )
47 | openshift_settings.write_file
48 | end
49 | action :nothing
50 | notifies :restart, 'service[httpd]', :immediately
51 | end
52 |
53 | ruby_block 'Modify the AllowOverride options' do
54 | block do
55 | openshift_settings = helper.new('/etc/httpd/conf/httpd.conf')
56 | openshift_settings.search_file_replace_line(
57 | /AllowOverride None/,
58 | 'AllowOverride All'
59 | )
60 | openshift_settings.write_file
61 | end
62 | action :nothing
63 | notifies :reload, 'service[httpd]', :immediately
64 | end
65 |
--------------------------------------------------------------------------------
/recipes/packages.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: packages
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | if node['cookbook-openshift3']['install_method'].eql? 'yum'
8 | node['cookbook-openshift3']['yum_repositories'].each do |repo|
9 | yum_repository repo['name'] do
10 | description "#{repo['name'].capitalize} aPaaS Repository"
11 | baseurl repo['baseurl']
12 | gpgcheck repo['gpgcheck'] if repo.key?(:gpgcheck) && !repo['gpgcheck'].nil?
13 | gpgkey repo['gpgkey'] if repo.key?(:gpgkey) && !repo['gpgkey'].nil?
14 | sslverify repo['sslverify'] if repo.key?(:sslverify) && !repo['sslverify'].nil?
15 | exclude repo['exclude'] if repo.key?(:exclude) && !repo['exclude'].nil?
16 | enabled repo['enabled'] if repo.key?(:enabled) && !repo['enabled'].nil?
17 | action :create
18 | end
19 | end
20 | end
21 |
--------------------------------------------------------------------------------
/recipes/upgrade_certificate_server.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: upgrade_certificate_server
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | # This must be run before any upgrade takes place.
8 | # It creates the service signer certs (and any others) if they were not in
9 | # existence previously.
10 |
11 | Chef::Log.error("Upgrade will be skipped. Could not find the flag: #{node['cookbook-openshift3']['control_upgrade_flag']}") unless ::File.file?(node['cookbook-openshift3']['control_upgrade_flag'])
12 |
13 | if ::File.file?(node['cookbook-openshift3']['control_upgrade_flag'])
14 |
15 | node.force_override['cookbook-openshift3']['upgrade'] = true # ~FC019
16 | node.force_override['cookbook-openshift3']['ose_major_version'] = node['cookbook-openshift3']['upgrade_ose_major_version'] # ~FC019
17 | node.force_override['cookbook-openshift3']['ose_version'] = node['cookbook-openshift3']['upgrade_ose_version'] # ~FC019
18 | node.force_override['cookbook-openshift3']['openshift_docker_image_version'] = node['cookbook-openshift3']['upgrade_openshift_docker_image_version'] # ~FC019
19 |
20 | if defined? node['cookbook-openshift3']['upgrade_repos']
21 | node.force_override['cookbook-openshift3']['yum_repositories'] = node['cookbook-openshift3']['upgrade_repos'] # ~FC019
22 | end
23 |
24 | log 'Upgrade for CERTIFICATE SERVER [STARTED]' do
25 | level :info
26 | end
27 |
28 | %w[excluder docker-excluder].each do |pkg|
29 | execute "Disable #{node['cookbook-openshift3']['openshift_service_type']}-#{pkg}" do
30 | command "#{node['cookbook-openshift3']['openshift_service_type']}-#{pkg} enable"
31 | only_if "rpm -q #{node['cookbook-openshift3']['openshift_service_type']}-#{pkg}"
32 | end
33 | end
34 |
35 | include_recipe 'cookbook-openshift3::packages'
36 | openshift_master_pkg 'Upgrade OpenShift Master Packages for Certificate Server'
37 | include_recipe 'cookbook-openshift3::etcd_packages'
38 | include_recipe 'cookbook-openshift3::excluder'
39 |
40 | include_recipe 'cookbook-openshift3::wire_aggregator_certificates' if node['cookbook-openshift3']['upgrade_ose_version'].split('.')[1].to_i == 7 && node['cookbook-openshift3']['upgrade']
41 |
42 | log 'Upgrade for CERTIFICATE SERVER [COMPLETED]' do
43 | level :info
44 | end
45 | end
46 |
--------------------------------------------------------------------------------
/recipes/upgrade_control_plane37.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: upgrade_control_plane37
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | # This must be run before any upgrade takes place.
8 | # It creates the service signer certs (and any others) if they were not in
9 | # existence previously.
10 |
11 | Chef::Log.error("Upgrade will be skipped. Could not find the flag: #{node['cookbook-openshift3']['control_upgrade_flag']}") unless ::File.file?(node['cookbook-openshift3']['control_upgrade_flag'])
12 |
13 | if ::File.file?(node['cookbook-openshift3']['control_upgrade_flag'])
14 |
15 | node.force_override['cookbook-openshift3']['upgrade'] = true # ~FC019
16 | node.force_override['cookbook-openshift3']['ose_major_version'] = node['cookbook-openshift3']['upgrade_ose_major_version'] # ~FC019
17 | node.force_override['cookbook-openshift3']['ose_version'] = node['cookbook-openshift3']['upgrade_ose_version'] # ~FC019
18 | node.force_override['cookbook-openshift3']['openshift_docker_image_version'] = node['cookbook-openshift3']['upgrade_openshift_docker_image_version'] # ~FC019
19 |
20 | server_info = OpenShiftHelper::NodeHelper.new(node)
21 | is_master_server = server_info.on_master_server?
22 |
23 | if is_master_server
24 | return unless server_info.check_master_upgrade?(server_info.first_etcd, node['cookbook-openshift3']['control_upgrade_version'])
25 |
26 | config_options = YAML.load_file("#{node['cookbook-openshift3']['openshift_common_master_dir']}/master/master-config.yaml")
27 | unless config_options['kubernetesMasterConfig']['apiServerArguments'].key?('storage-backend')
28 | Chef::Log.error('The cluster must be migrated to etcd v3 prior to upgrading to 3.7')
29 | node.run_state['issues_detected'] = true
30 | end
31 | end
32 |
33 | include_recipe 'cookbook-openshift3::upgrade_control_plane37_part1' unless node.run_state['issues_detected']
34 | end
35 |
--------------------------------------------------------------------------------
/recipes/upgrade_control_plane37_part1.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: upgrade_control_plane37_part1
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | # This must be run before any upgrade takes place.
8 | # It creates the service signer certs (and any others) if they were not in
9 | # existence previously.
10 |
11 | server_info = OpenShiftHelper::NodeHelper.new(node)
12 | is_etcd_server = server_info.on_etcd_server?
13 | is_master_server = server_info.on_master_server?
14 |
15 | if defined? node['cookbook-openshift3']['upgrade_repos']
16 | node.force_override['cookbook-openshift3']['yum_repositories'] = node['cookbook-openshift3']['upgrade_repos'] # ~FC019
17 | end
18 |
19 | include_recipe 'yum::default'
20 | include_recipe 'cookbook-openshift3::packages'
21 | include_recipe 'cookbook-openshift3::disable_excluder'
22 |
23 | if is_etcd_server
24 | log 'Upgrade for ETCD [STARTED]' do
25 | level :info
26 | end
27 |
28 | openshift_upgrade 'Generate etcd backup before upgrade' do
29 | action :create_backup
30 | etcd_action 'pre'
31 | target_version node['cookbook-openshift3']['control_upgrade_version']
32 | end
33 |
34 | include_recipe 'cookbook-openshift3'
35 | include_recipe 'cookbook-openshift3::etcd_cluster'
36 |
37 | openshift_upgrade 'Generate etcd backup after upgrade' do
38 | action :create_backup
39 | etcd_action 'post'
40 | target_version node['cookbook-openshift3']['control_upgrade_version']
41 | end
42 |
43 | log 'Upgrade for ETCD [COMPLETED]' do
44 | level :info
45 | end
46 |
47 | file node['cookbook-openshift3']['control_upgrade_flag'] do
48 | action :delete
49 | only_if { is_etcd_server && !is_master_server }
50 | end
51 | end
52 |
53 | include_recipe 'cookbook-openshift3::upgrade_control_plane37_part2'
54 |
--------------------------------------------------------------------------------
/recipes/upgrade_pre_check.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: upgrade_pre_check
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | server_info = OpenShiftHelper::NodeHelper.new(node)
8 | first_etcd = server_info.first_etcd
9 |
10 | # We do not want to run the upgrade again if it has already been run
11 | # Avoiding potential rolebinding synchronisations etc...
12 |
13 | execute 'test' do
14 | command "/usr/bin/etcdctl --cert-file #{node['cookbook-openshift3']['openshift_master_config_dir']}/master.etcd-client.crt --key-file #{node['cookbook-openshift3']['openshift_master_config_dir']}/master.etcd-client.key --ca-file #{node['cookbook-openshift3']['openshift_master_config_dir']}/master.etcd-ca.crt -C https://#{first_etcd['ipaddress']}:2379 ls /migration/#{node['cookbook-openshift3']['control_upgrade_version']}/#{node['fqdn']}"
15 | end
16 |
17 | warn 'Not enough minerals!' do
18 | return
19 | end
20 |
--------------------------------------------------------------------------------
/recipes/web_console.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: web_console
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | server_info = OpenShiftHelper::NodeHelper.new(node)
8 | master_servers = server_info.master_servers
9 | oc_client = node['cookbook-openshift3']['ose_major_version'].split('.')[1].to_i >= 10 ? node['cookbook-openshift3']['openshift_client_binary'] : node['cookbook-openshift3']['openshift_common_client_binary']
10 |
11 | FOLDER = Chef::Config['file_cache_path'] + '/web_console'
12 |
13 | oc_project 'openshift-web-console'
14 |
15 | oc_serviceaccount 'openshift-web-console' do
16 | namespace 'openshift-web-console'
17 | end
18 |
19 | directory FOLDER.to_s do
20 | recursive true
21 | end
22 |
23 | remote_file "#{FOLDER}/admin.kubeconfig" do
24 | source "file://#{node['cookbook-openshift3']['openshift_master_config_dir']}/admin.kubeconfig"
25 | sensitive true
26 | end
27 |
28 | cookbook_file "#{FOLDER}/console-template.yaml" do
29 | source 'web_console/console-template.yaml'
30 | mode '0644'
31 | end
32 |
33 | template 'Generate the web console config to temp directory' do
34 | path "#{FOLDER}/console-config.yaml"
35 | source 'web_console/console-config.yaml.erb'
36 | mode '0644'
37 | sensitive true
38 | notifies :run, 'execute[Generate web console ConfigMap]', :immediately
39 | end
40 |
41 | execute 'Generate web console ConfigMap' do
42 | command "#{oc_client} create configmap webconsole-config --from-file=webconsole-config.yaml=#{FOLDER}/console-config.yaml --dry-run -o yaml --config=#{FOLDER}/admin.kubeconfig | #{oc_client} apply --config=#{FOLDER}/admin.kubeconfig -f - -n openshift-web-console"
43 | action :nothing
44 | notifies :run, 'execute[Generate the Deployment]', :immediately
45 | end
46 |
47 | execute 'Generate the Deployment' do
48 | command "#{oc_client} process -f #{FOLDER}/console-template.yaml --param IMAGE=#{node['cookbook-openshift3']['openshift_web_console_image']}:#{node['cookbook-openshift3']['openshift_docker_image_version']} --param REPLICA_COUNT=#{master_servers.size} --config=#{FOLDER}/admin.kubeconfig | #{oc_client} apply --config=#{FOLDER}/admin.kubeconfig -f - -n openshift-web-console"
49 | action :nothing
50 | end
51 |
--------------------------------------------------------------------------------
/recipes/wire_aggregator.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Recipe:: wire_aggregator
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | server_info = OpenShiftHelper::NodeHelper.new(node)
8 | certificate_server = server_info.certificate_server
9 |
10 | if node['cookbook-openshift3']['encrypted_file_password']['data_bag_name'] && node['cookbook-openshift3']['encrypted_file_password']['data_bag_item_name']
11 | secret_file = node['cookbook-openshift3']['encrypted_file_password']['secret_file'] || nil
12 | encrypted_file_password = data_bag_item(node['cookbook-openshift3']['encrypted_file_password']['data_bag_name'], node['cookbook-openshift3']['encrypted_file_password']['data_bag_item_name'], secret_file)
13 | else
14 | encrypted_file_password = node['cookbook-openshift3']['encrypted_file_password']['default']
15 | end
16 |
17 | remote_file 'Retrieve the aggregator certs' do
18 | path "#{node['cookbook-openshift3']['openshift_master_config_dir']}/wire_aggregator-masters.tgz.enc"
19 | source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/master/generated_certs/wire_aggregator-masters.tgz.enc"
20 | action :create_if_missing
21 | notifies :run, 'execute[Un-encrypt aggregator tgz files]', :immediately
22 | notifies :run, 'execute[Extract aggregator to Master folder]', :immediately
23 | retries 12
24 | retry_delay 5
25 | end
26 |
27 | execute 'Un-encrypt aggregator tgz files' do
28 | command "openssl enc -d -aes-256-cbc -in wire_aggregator-masters.tgz.enc -out wire_aggregator-masters.tgz -k '#{encrypted_file_password}'"
29 | cwd node['cookbook-openshift3']['openshift_master_config_dir']
30 | action :nothing
31 | end
32 |
33 | execute 'Extract aggregator to Master folder' do
34 | command 'tar -xzf wire_aggregator-masters.tgz ./front-proxy-ca* ./aggregator-front-proxy*'
35 | cwd node['cookbook-openshift3']['openshift_master_config_dir']
36 | action :nothing
37 | end
38 |
39 | file "#{node['cookbook-openshift3']['openshift_master_config_dir']}/openshift-ansible-catalog-console.js" do
40 | content 'window.OPENSHIFT_CONSTANTS.TEMPLATE_SERVICE_BROKER_ENABLED=false'
41 | mode '0644'
42 | owner 'root'
43 | group 'root'
44 | end
45 |
--------------------------------------------------------------------------------
/resources/oc_project.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Resources:: oc_project
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | provides :oc_project
8 | property :project_name, String, required: true, name_property: true
9 | property :description, String, default: '""'
10 | property :display_name, String, default: '""'
11 | property :node_selector, String, default: '""'
12 |
13 | action :create do
14 | execute "Create Project [#{new_resource.project_name}]" do
15 | command "#{node['cookbook-openshift3']['openshift_common_client_binary']} adm new-project #{new_resource.project_name} --config=#{node['cookbook-openshift3']['openshift_master_config_dir']}/admin.kubeconfig --node-selector=#{new_resource.node_selector} --description=#{new_resource.description} --display-name=#{new_resource.display_name}"
16 | sensitive true
17 | not_if "#{node['cookbook-openshift3']['openshift_common_client_binary']} get namespace/#{new_resource.project_name} --no-headers --config=#{node['cookbook-openshift3']['openshift_master_config_dir']}/admin.kubeconfig"
18 | end
19 | end
20 |
--------------------------------------------------------------------------------
/resources/oc_serviceaccount.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Resources:: oc_sa
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | provides :oc_serviceaccount
8 | property :service_accountname, String, required: true, name_property: true
9 | property :namespace, String, required: true
10 |
11 | action :create do
12 | execute "Create ServiceAccount [#{new_resource.service_accountname}]" do
13 | command "#{node['cookbook-openshift3']['openshift_common_client_binary']} create serviceaccount #{new_resource.service_accountname} -n #{new_resource.namespace} --config=#{node['cookbook-openshift3']['openshift_master_config_dir']}/admin.kubeconfig"
14 | not_if "#{node['cookbook-openshift3']['openshift_common_client_binary']} get serviceaccount/#{new_resource.service_accountname} --no-headers --config=#{node['cookbook-openshift3']['openshift_master_config_dir']}/admin.kubeconfig -n #{new_resource.namespace}"
15 | end
16 | end
17 |
--------------------------------------------------------------------------------
/resources/openshift_create_master.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Resources:: openshift_create_master
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | provides :openshift_create_master
8 | resource_name :openshift_create_master
9 |
10 | actions %i[create create_ng]
11 |
12 | default_action :create
13 |
14 | attribute :named_certificate, kind_of: Array, regex: /.*/, required: true, default: []
15 | attribute :origins, kind_of: Array, regex: /.*/, required: true, default: []
16 | attribute :standalone_registry, kind_of: [TrueClass, FalseClass], required: false, default: false
17 | attribute :master_file, kind_of: String, regex: /.*/, required: true, default: nil
18 | attribute :etcd_servers, kind_of: Array, regex: /.*/, required: false, default: []
19 | attribute :masters_size, kind_of: [String, Integer], regex: /.*/, required: false, default: nil
20 | attribute :openshift_service_type, kind_of: [String, Integer], regex: /.*/, required: true, default: nil
21 | attribute :cluster_name, kind_of: String, regex: /.*/, required: false, default: nil
22 |
--------------------------------------------------------------------------------
/resources/openshift_create_pv.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Resources:: openshift_create_pv
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | provides :openshift_create_pv
8 | resource_name :openshift_create_pv
9 |
10 | actions :create
11 |
12 | default_action :create
13 |
14 | attribute :persistent_storage, kind_of: Array, regex: /.*/, required: true
15 |
--------------------------------------------------------------------------------
/resources/openshift_delete_host.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Resources:: openshift_delete_host
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | provides :openshift_delete_host
8 | resource_name :openshift_delete_host
9 |
10 | actions :delete
11 |
12 | default_action :delete
13 |
--------------------------------------------------------------------------------
/resources/openshift_deploy_logging.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Resources:: openshift_deploy_logging
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | provides :openshift_deploy_logging
8 | resource_name :openshift_deploy_logging
9 |
10 | actions %i[create delete]
11 |
12 | default_action :create
13 |
--------------------------------------------------------------------------------
/resources/openshift_deploy_metrics.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Resources:: openshift_deploy_metrics
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | provides :openshift_deploy_metrics
8 | resource_name :openshift_deploy_metrics
9 |
10 | actions %i[create delete]
11 |
12 | default_action :create
13 |
--------------------------------------------------------------------------------
/resources/openshift_deploy_registry.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Resources:: openshift_deploy_registry
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | provides :openshift_deploy_registry
8 | resource_name :openshift_deploy_registry
9 |
10 | actions %i[create redeploy_certificate]
11 |
12 | default_action :create
13 |
14 | attribute :persistent_registry, kind_of: [TrueClass, FalseClass], required: true
15 | attribute :persistent_volume_claim_name, kind_of: [String], default: ''
16 |
--------------------------------------------------------------------------------
/resources/openshift_deploy_router.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Resources:: openshift_deploy_router
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | provides :openshift_deploy_router
8 | resource_name :openshift_deploy_router
9 |
10 | actions :create
11 |
12 | default_action :create
13 |
14 | attribute :deployer_options, kind_of: [String, Array], default: []
15 |
--------------------------------------------------------------------------------
/resources/openshift_reset_host.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Resources:: openshift_reset_host
4 | #
5 | # Copyright (c) 2015 The Authors, All Rights Reserved.
6 |
7 | provides :openshift_reset_host
8 | resource_name :openshift_reset_host
9 |
10 | actions :reset
11 |
12 | default_action :reset
13 |
--------------------------------------------------------------------------------
/scripts/README.md:
--------------------------------------------------------------------------------
1 | Test (ORIGIN)
2 | ==================
3 |
4 | There is a way to quickly test this cookbook.
5 | You will need a CentOS 7.1+ with "Minimal" installation option and at least 10GB left on the Volume group. (Later used by Docker)
6 |
7 | * Deploy ORIGIN ALL IN THE BOX Flavour (MASTER + NODE)
8 | ```
9 | bash <(curl -s https://raw.githubusercontent.com/IshentRas/cookbook-openshift3/master/scripts/origin_deploy.sh)
10 | ```
11 |
12 | * Delete ORIGIN installation
13 | ```
14 | bash <(curl -s https://raw.githubusercontent.com/IshentRas/cookbook-openshift3/master/scripts/origin_delete.sh)
15 | ```
16 |
17 | * Post installation
18 |
19 | Your installation of Origin is completed.
20 |
21 | An admin user has been created for you.
22 |
23 | Username is : admin
24 | Password is : admin
25 |
26 | Access the console via : https://console.${IP}.nip.io:8443/console
27 |
28 | (More about [nip.io](http://nip.io/))
29 |
30 | You can also login via CLI : oc login -u admin
31 |
32 | Next steps for you:
33 |
34 | 1) Read the [documentation](https://docs.openshift.org/latest/welcome/index.html)
35 |
--------------------------------------------------------------------------------
/scripts/build_and_run.yml:
--------------------------------------------------------------------------------
1 | kind: List
2 | metadata: {}
3 | apiVersion: v1
4 | items:
5 | - apiVersion: v1
6 | kind: ImageStream
7 | metadata:
8 | name: image-src
9 | spec:
10 | tags:
11 | - from:
12 | kind: DockerImage
13 | name: docker.io/openshift/hello-openshift:latest
14 | name: latest
15 | - apiVersion: v1
16 | kind: ImageStream
17 | metadata:
18 | name: hello-image
19 | - apiVersion: v1
20 | kind: BuildConfig
21 | metadata:
22 | name: hello-build
23 | spec:
24 | nodeSelector: null
25 | output:
26 | to:
27 | kind: ImageStreamTag
28 | name: hello-image:latest
29 | source:
30 | dockerfile: |-
31 | FROM docker.io/openshift/hello-openshift:latest
32 | ENV RESPONSE Build by S2I (Docker Strategy)
33 | type: Dockerfile
34 | strategy:
35 | dockerStrategy:
36 | from:
37 | kind: ImageStreamTag
38 | name: image-src:latest
39 | type: Docker
40 | triggers:
41 | - type: ConfigChange
42 | - imageChange: {}
43 | type: ImageChange
44 | - apiVersion: v1
45 | kind: DeploymentConfig
46 | metadata:
47 | name: hello-image
48 | spec:
49 | replicas: 1
50 | selector:
51 | app: hello-image
52 | deploymentconfig: hello-image
53 | template:
54 | metadata:
55 | labels:
56 | app: hello-image
57 | deploymentconfig: hello-image
58 | spec:
59 | containers:
60 | - image: ' '
61 | name: hello-image
62 | ports:
63 | - containerPort: 8080
64 | protocol: TCP
65 | triggers:
66 | - type: ConfigChange
67 | - imageChangeParams:
68 | automatic: true
69 | containerNames:
70 | - hello-image
71 | from:
72 | kind: ImageStreamTag
73 | name: hello-image:latest
74 | type: ImageChange
75 | - apiVersion: v1
76 | kind: Service
77 | metadata:
78 | name: hello-image
79 | spec:
80 | ports:
81 | - name: web
82 | port: 8080
83 | protocol: TCP
84 | targetPort: 8080
85 | selector:
86 | app: hello-image
87 | deploymentconfig: hello-image
88 | - apiVersion: v1
89 | kind: Route
90 | metadata:
91 | name: hello-from-pod
92 | spec:
93 | port:
94 | targetPort: web
95 | to:
96 | name: hello-image
97 |
--------------------------------------------------------------------------------
/scripts/origin_delete.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | clear
4 | cat << BASH
5 |
6 | ############################################################
7 | # DELETE OSE #
8 | ############################################################
9 | BASH
10 | ### Create the chef-local mode infrastructure
11 | mkdir -p ~/chef-solo-example/{backup,cache,roles,cookbooks,environments}
12 | cd ~/chef-solo-example/cookbooks
13 | ### Installing dependencies
14 | echo "Installing prerequisite packages, please wait..."
15 | yum -y install -q https://packages.chef.io/files/stable/chef/14.0.190/el/7/chef-14.0.190-1.el7.x86_64.rpm git
16 | ### Installing cookbooks
17 | [ -d ~/chef-solo-example/cookbooks/cookbook-openshift3 ] || git clone -q https://github.com/IshentRas/cookbook-openshift3.git
18 | [ -d ~/chef-solo-example/cookbooks/iptables ] || git clone -q https://github.com/chef-cookbooks/iptables.git
19 | [ -d ~/chef-solo-example/cookbooks/yum ] || git clone -q https://github.com/chef-cookbooks/yum.git
20 | [ -d ~/chef-solo-example/cookbooks/selinux_policy ] || git clone -b 'v2.0.0' -q https://github.com/BackSlasher/chef-selinuxpolicy.git selinux_policy
21 | [ -d ~/chef-solo-example/cookbooks/compat_resource ] || git clone -q https://github.com/chef-cookbooks/compat_resource.git
22 | cat << BASH > ~/chef-solo-example/solo.rb
23 | cookbook_path [
24 | '/root/chef-solo-example/cookbooks',
25 | '/root/chef-solo-example/site-cookbooks'
26 | ]
27 | environment_path '/root/chef-solo-example/environments'
28 | file_backup_path '/root/chef-solo-example/backup'
29 | file_cache_path '/root/chef-solo-example/cache'
30 | log_location STDOUT
31 | solo true
32 | BASH
33 | ### Delete OSE !!!!
34 | chef-solo --environment origin -o recipe[cookbook-openshift3::adhoc_uninstall] -c ~/chef-solo-example/solo.rb
35 | cat << BASH
36 |
37 | ##### Uninstallation DONE ######
38 | ##### ######
39 | Next steps for you :
40 |
41 | 1) Reboot this server
42 |
43 | BASH
44 |
--------------------------------------------------------------------------------
/spec/spec_helper.rb:
--------------------------------------------------------------------------------
1 | require 'chefspec'
2 | require 'chefspec/berkshelf'
3 |
--------------------------------------------------------------------------------
/spec/unit/recipes/common_spec.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Spec:: default
4 | #
5 | # Copyright (c) 2016 The Authors, All Rights Reserved.
6 |
7 | require 'spec_helper'
8 |
9 | describe 'cookbook-openshift3::common' do
10 | context 'When all attributes are default, on an unspecified platform' do
11 | let(:chef_run) do
12 | runner = ChefSpec::ServerRunner.new
13 | runner.converge(described_recipe)
14 | end
15 |
16 | it 'converges successfully' do
17 | chef_run # This should not raise an error
18 | end
19 | end
20 | end
21 |
--------------------------------------------------------------------------------
/spec/unit/recipes/default_spec.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Spec:: default
4 | #
5 | # Copyright (c) 2016 The Authors, All Rights Reserved.
6 |
7 | require 'spec_helper'
8 |
9 | describe 'cookbook-openshift3::default' do
10 | context 'When all attributes are default, on an unspecified platform' do
11 | let(:chef_run) do
12 | runner = ChefSpec::ServerRunner.new
13 | runner.converge(described_recipe)
14 | end
15 |
16 | it 'converges successfully' do
17 | chef_run # This should not raise an error
18 | end
19 | end
20 | end
21 |
--------------------------------------------------------------------------------
/spec/unit/recipes/etcd_cluster_spec.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Spec:: default
4 | #
5 | # Copyright (c) 2016 The Authors, All Rights Reserved.
6 |
7 | require 'spec_helper'
8 |
9 | describe 'cookbook-openshift3::etcd_cluster' do
10 | context 'When all attributes are default, on an unspecified platform' do
11 | let(:chef_run) do
12 | runner = ChefSpec::ServerRunner.new
13 | runner.converge(described_recipe)
14 | end
15 |
16 | it 'converges successfully' do
17 | chef_run # This should not raise an error
18 | end
19 | end
20 | end
21 |
--------------------------------------------------------------------------------
/spec/unit/recipes/master_cluster_spec.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Spec:: default
4 | #
5 | # Copyright (c) 2016 The Authors, All Rights Reserved.
6 |
7 | require 'spec_helper'
8 |
9 | describe 'cookbook-openshift3::master_cluster' do
10 | context 'When all attributes are default, on an unspecified platform' do
11 | let(:chef_run) do
12 | runner = ChefSpec::ServerRunner.new
13 | runner.converge(described_recipe)
14 | end
15 |
16 | it 'converges successfully' do
17 | chef_run # This should not raise an error
18 | end
19 | end
20 | end
21 |
--------------------------------------------------------------------------------
/spec/unit/recipes/master_config_post_spec.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Spec:: default
4 | #
5 | # Copyright (c) 2016 The Authors, All Rights Reserved.
6 |
7 | require 'spec_helper'
8 |
9 | describe 'cookbook-openshift3::master_config_post' do
10 | context 'When all attributes are default, on an unspecified platform' do
11 | let(:chef_run) do
12 | runner = ChefSpec::ServerRunner.new
13 | runner.converge(described_recipe)
14 | end
15 |
16 | it 'converges successfully' do
17 | chef_run # This should not raise an error
18 | end
19 | end
20 | end
21 |
--------------------------------------------------------------------------------
/spec/unit/recipes/master_spec.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Spec:: default
4 | #
5 | # Copyright (c) 2016 The Authors, All Rights Reserved.
6 |
7 | require 'spec_helper'
8 |
9 | describe 'cookbook-openshift3::master' do
10 | context 'When all attributes are default, on an unspecified platform' do
11 | let(:chef_run) do
12 | runner = ChefSpec::ServerRunner.new
13 | runner.converge(described_recipe)
14 | end
15 |
16 | it 'converges successfully' do
17 | chef_run # This should not raise an error
18 | end
19 | end
20 | end
21 |
--------------------------------------------------------------------------------
/spec/unit/recipes/master_standalone_spec.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Spec:: default
4 | #
5 | # Copyright (c) 2016 The Authors, All Rights Reserved.
6 |
7 | require 'spec_helper'
8 |
9 | describe 'cookbook-openshift3::master_standalone' do
10 | context 'When all attributes are default, on an unspecified platform' do
11 | let(:chef_run) do
12 | runner = ChefSpec::ServerRunner.new
13 | runner.converge(described_recipe)
14 | end
15 |
16 | it 'converges successfully' do
17 | chef_run # This should not raise an error
18 | end
19 | end
20 | end
21 |
--------------------------------------------------------------------------------
/spec/unit/recipes/node_config_post_spec.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Spec:: default
4 | #
5 | # Copyright (c) 2016 The Authors, All Rights Reserved.
6 |
7 | require 'spec_helper'
8 |
9 | describe 'cookbook-openshift3::node_config_post' do
10 | context 'When all attributes are default, on an unspecified platform' do
11 | let(:chef_run) do
12 | runner = ChefSpec::ServerRunner.new
13 | runner.converge(described_recipe)
14 | end
15 |
16 | it 'converges successfully' do
17 | chef_run # This should not raise an error
18 | end
19 | end
20 | end
21 |
--------------------------------------------------------------------------------
/spec/unit/recipes/node_spec.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Spec:: default
4 | #
5 | # Copyright (c) 2016 The Authors, All Rights Reserved.
6 |
7 | require 'spec_helper'
8 |
9 | describe 'cookbook-openshift3::node' do
10 | context 'When all attributes are default, on an unspecified platform' do
11 | let(:chef_run) do
12 | runner = ChefSpec::ServerRunner.new
13 | runner.converge(described_recipe)
14 | end
15 |
16 | it 'converges successfully' do
17 | chef_run # This should not raise an error
18 | end
19 | end
20 | end
21 |
--------------------------------------------------------------------------------
/spec/unit/recipes/nodes_certificates_spec.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Spec:: default
4 | #
5 | # Copyright (c) 2016 The Authors, All Rights Reserved.
6 |
7 | require 'spec_helper'
8 |
9 | describe 'cookbook-openshift3::nodes_certificates' do
10 | context 'When all attributes are default, on an unspecified platform' do
11 | let(:chef_run) do
12 | runner = ChefSpec::ServerRunner.new
13 | runner.converge(described_recipe)
14 | end
15 |
16 | it 'converges successfully' do
17 | chef_run # This should not raise an error
18 | end
19 | end
20 | end
21 |
--------------------------------------------------------------------------------
/spec/unit/recipes/setup_cluster_spec.rb:
--------------------------------------------------------------------------------
1 | #
2 | # Cookbook Name:: cookbook-openshift3
3 | # Spec:: default
4 | #
5 | # Copyright (c) 2016 The Authors, All Rights Reserved.
6 |
7 | require 'spec_helper'
8 |
9 | describe 'cookbook-openshift3::setup_cluster' do
10 | context 'When all attributes are default, on an unspecified platform' do
11 | let(:chef_run) do
12 | runner = ChefSpec::ServerRunner.new
13 | runner.converge(described_recipe)
14 | end
15 |
16 | it 'converges successfully' do
17 | chef_run # This should not raise an error
18 | end
19 | end
20 | end
21 |
--------------------------------------------------------------------------------
/templates/default/BuildOverridesConfig.erb:
--------------------------------------------------------------------------------
1 | BuildOverrides:
2 | configuration:
3 | apiVersion: v1
4 | kind: BuildOverridesConfig
5 | <% unless node['cookbook-openshift3']['openshift_buildoverrides_force_pull'].empty? %>
6 | forcePull: "<%= node['cookbook-openshift3']['openshift_buildoverrides_force_pull'] %>"
7 | <%- end -%>
8 | <% unless node['cookbook-openshift3']['openshift_buildoverrides_image_labels'].empty? -%>
9 | imageLabels:
10 | <% node['cookbook-openshift3']['openshift_buildoverrides_image_labels'].each do |image| %>
11 | <% image.each_pair do |k,v| %>
12 | - name: <%= k %>
13 | value: <%= v %>
14 | <%- end -%>
15 | <%- end -%>
16 | <%- end -%>
17 | <% unless node['cookbook-openshift3']['openshift_buildoverrides_nodeselectors'].empty? -%>
18 | nodeSelector:
19 | <% node['cookbook-openshift3']['openshift_buildoverrides_nodeselectors'].each_pair do |k,v| %>
20 | <%= k %>: <%= v %>
21 | <%- end -%>
22 | <%- end -%>
23 | <% unless node['cookbook-openshift3']['openshift_buildoverrides_annotations'].empty? -%>
24 | annotations:
25 | <% node['cookbook-openshift3']['openshift_buildoverrides_annotations'].each_pair do |k,v| %>
26 | <%= k %>: <%= v %>
27 | <%- end -%>
28 | <%- end -%>
29 | <% unless node['cookbook-openshift3']['openshift_buildoverrides_tolerations'].empty? && node['cookbook-openshift3']['ose_major_version'].split('.')[1].to_i < 9 -%>
30 | tolerations:
31 | <% node['cookbook-openshift3']['openshift_buildoverrides_tolerations'].each do |annotation| %>
32 | - key: <%= annotation['key'] %>
33 | value: <%= annotation['value'] %>
34 | effect: <%= annotation['effect'] %>
35 | operator: <%= annotation['operator'] %>
36 | <%- end -%>
37 | <%- end -%>
38 |
--------------------------------------------------------------------------------
/templates/default/ClusterResourceOverrideConfig.erb:
--------------------------------------------------------------------------------
1 | ClusterResourceOverride:
2 | configuration:
3 | apiVersion: v1
4 | kind: ClusterResourceOverrideConfig
5 | <% unless node['cookbook-openshift3']['openshift_clusterresourceoverrides_memorylimit_percent'].empty? %>
6 | memoryRequestToLimitPercent: <%= node['cookbook-openshift3']['openshift_clusterresourceoverrides_memorylimit_percent'] %>
7 | <%- end -%>
8 | <% unless node['cookbook-openshift3']['openshift_clusterresourceoverrides_cpulimit_percent'].empty? %>
9 | cpuRequestToLimitPercent: <%= node['cookbook-openshift3']['openshift_clusterresourceoverrides_cpulimit_percent'] %>
10 | <%- end -%>
11 | <% unless node['cookbook-openshift3']['openshift_clusterresourceoverrides_limitcputomem_percent'].empty? %>
12 | limitCPUToMemoryPercent: <%= node['cookbook-openshift3']['openshift_clusterresourceoverrides_limitcputomem_percent'] %>
13 | <%- end -%>
14 |
--------------------------------------------------------------------------------
/templates/default/access-htaccess.erb:
--------------------------------------------------------------------------------
1 |
2 | Order Deny,Allow
3 | Deny from all
4 | Allow from 127.0.0.1 <%= @servers.map{ |srv| srv['ipaddress'] }.join(' ') %>
5 |
6 |
--------------------------------------------------------------------------------
/templates/default/cloud_provider.conf.erb:
--------------------------------------------------------------------------------
1 | [Global]
2 | <% if node['cookbook-openshift3']['openshift_cloud_provider'] == 'aws' %>
3 | Zone = <%= @aws['zone'] %>
4 | <% end -%>
5 |
--------------------------------------------------------------------------------
/templates/default/custom_assetConfig.erb:
--------------------------------------------------------------------------------
1 | <% if node['cookbook-openshift3']['openshift_master_asset_config'] %>
2 | <% for key in ['extensionScripts' , 'extensionStylesheets'] %>
3 | <% if node['cookbook-openshift3']['openshift_master_asset_config'].has_key?(key) %>
4 | <%= key %>:
5 | <%- node['cookbook-openshift3']['openshift_master_asset_config'][key].each do |name| -%>
6 | - <%= name %>
7 | <% end %>
8 | <% end %>
9 | <% end %>
10 | <% if node['cookbook-openshift3']['openshift_master_asset_config'].has_key?('extensions') %>
11 | extensions:
12 | - name: images
13 | sourceDirectory: <%= node['cookbook-openshift3']['openshift_master_asset_config']['extensions'] %>
14 | <% end %>
15 | <% end %>
16 |
--------------------------------------------------------------------------------
/templates/default/docker-storage.erb:
--------------------------------------------------------------------------------
1 | # This section reads the config file (/etc/sysconfig/docker-storage-setup)
2 | # Currently supported options:
3 | #
4 | # DEVS=
5 | # A quoted, space-separated list of devices to be used. This currently
6 | # expects the devices to be unpartitioned drives. If "VG" is not specified,
7 | # then use of the root disk's extra space is implied.
8 | #
9 | # Ex. DEVS=/dev/vdb
10 | <% if node['cookbook-openshift3']['openshift_node_docker-storage'].has_key?('DEVS') -%>
11 | DEVS="<%= node['cookbook-openshift3']['openshift_node_docker-storage']['DEVS'].join(' ') %>"
12 | <% end -%>
13 | # VG=
14 | # The volume group to use for docker storage. Defaults to the
15 | # volume group where the root filesystem resides. If VG is specified and the
16 | # volume group does not exist, it will be created (which requires that "DEVS"
17 | # be nonempty, since we don't currently support putting a second partition on
18 | # the root disk).
19 | #
20 | # Ex. VG=docker-vg
21 | <% if node['cookbook-openshift3']['openshift_node_docker-storage'].has_key?('VG') -%>
22 | VG="<%= node['cookbook-openshift3']['openshift_node_docker-storage']['VG'] %>"
23 | <% end -%>
24 | #
25 | #
26 | # DATA_SIZE=
27 | # The data size can take values acceptable to "lvcreate -L" as well as some
28 | # values acceptable to to "lvcreate -l". If user intends to pass values
29 | # acceptable to "lvcreate -l", then only those values which contains "%"
30 | # in syntax are acceptable. If value does not contain "%" it is assumed
31 | # value is suitable for "lvcreate -L".
32 | #
33 | # Ex. DATA_SIZE=40%FREE
34 | <% if node['cookbook-openshift3']['openshift_node_docker-storage'].has_key?('DATA_SIZE') -%>
35 | DATA_SIZE="<%= node['cookbook-openshift3']['openshift_node_docker-storage']['DATA_SIZE'] %>"
36 | <% end -%>
37 | WIPE_SIGNATURES="true"
38 | <%
39 | node['cookbook-openshift3']['openshift_node_docker-storage'].reject do |key|
40 | %w[DEVS VG DATA_SIZE WIPE_SIGNATURES].include?(key)
41 | end.sort.each do |key, value|
42 | -%>
43 | <%= key %>="<%= Shellwords.escape(value) %>"
44 | <% end -%>
45 |
--------------------------------------------------------------------------------
/templates/default/etcd-override.conf.erb:
--------------------------------------------------------------------------------
1 | <% if node['cookbook-openshift3']['deploy_containerized'] %>
2 | [Service]
3 | ExecStart=
4 | ExecStart=/usr/bin/docker run --name <%= node['cookbook-openshift3']['etcd_service_name'] %> --rm -v /var/lib/etcd:/var/lib/etcd:z -v <%= node['cookbook-openshift3']['etcd_conf_dir'] %>:<%= node['cookbook-openshift3']['etcd_conf_dir'] %>:ro --env-file=<%= node['cookbook-openshift3']['etcd_conf_dir'] %>/etcd.conf --env-file=/etc/systemd/system/<%= node['cookbook-openshift3']['etcd_service_name'] %>.service.d/etcd-dropin --net=host --entrypoint=<%= @path_bin %> <%= node['cookbook-openshift3']['openshift_docker_etcd_image'] %>
5 | <% else -%>
6 | [Service]
7 | EnvironmentFile=-/etc/systemd/system/<%= node['cookbook-openshift3']['etcd_service_name'] %>.service.d/etcd-dropin
8 | <% end -%>
9 |
--------------------------------------------------------------------------------
/templates/default/etcd/etcd.yaml.erb:
--------------------------------------------------------------------------------
1 | kind: Pod
2 | apiVersion: v1
3 | metadata:
4 | name: master-etcd
5 | namespace: kube-system
6 | labels:
7 | openshift.io/control-plane: "true"
8 | openshift.io/component: etcd
9 | annotations:
10 | scheduler.alpha.kubernetes.io/critical-pod: ''
11 | spec:
12 | restartPolicy: Always
13 | hostNetwork: true
14 | containers:
15 | - name: etcd
16 | image: <%= @etcd_image %>
17 | workingDir: /var/lib/etcd
18 | command: ["/bin/sh", "-c"]
19 | args:
20 | - |
21 | #!/bin/sh
22 | set -o allexport
23 | source /etc/etcd/etcd.conf
24 | exec etcd
25 | securityContext:
26 | privileged: true
27 | volumeMounts:
28 | - mountPath: /etc/etcd/
29 | name: master-config
30 | readOnly: true
31 | - mountPath: /var/lib/etcd/
32 | name: master-data
33 | livenessProbe:
34 | exec:
35 | command:
36 | - etcdctl
37 | - --cert-file
38 | - /etc/etcd/peer.crt
39 | - --key-file
40 | - /etc/etcd/peer.key
41 | - --ca-file
42 | - /etc/etcd/ca.crt
43 | - -C
44 | - <%= @etcd_url %>
45 | - cluster-health
46 | initialDelaySeconds: 45
47 | volumes:
48 | - name: master-config
49 | hostPath:
50 | path: /etc/etcd/
51 | - name: master-data
52 | hostPath:
53 | path: /var/lib/etcd
54 |
--------------------------------------------------------------------------------
/templates/default/etcd/etcdctl.sh.erb:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Sets up handy aliases for etcd, need etcdctl2 and etcdctl3 because
3 | # command flags are different between the two. Should work on stand
4 | # alone etcd hosts and master + etcd hosts too because we use the peer keys.
5 | etcdctl2() {
6 |
7 | cmd="ETCDCTL_API=2 etcdctl --cert-file <%= node['cookbook-openshift3']['etcd_peer_file'] %> --key-file <%= node['cookbook-openshift3']['etcd_peer_key'] %> --ca-file <%= node['cookbook-openshift3']['etcd_ca_cert'] %> -C https://`hostname`:2379 ${@}"
8 | if [[ -f /usr/local/bin/master-exec ]]; then
9 | /usr/local/bin/master-exec etcd etcd /bin/sh -c "$cmd"
10 | else
11 | /bin/sh -c "$cmd"
12 | fi
13 | }
14 |
15 | etcdctl3() {
16 | cmd="ETCDCTL_API=3 etcdctl --cert <%= node['cookbook-openshift3']['etcd_peer_file'] %> --key <%= node['cookbook-openshift3']['etcd_peer_key'] %> --cacert <%= node['cookbook-openshift3']['etcd_ca_cert'] %> --endpoints https://`hostname`:2379 ${@}"
17 | if [[ -f /usr/local/bin/master-exec ]]; then
18 | /usr/local/bin/master-exec etcd etcd /bin/sh -c "$cmd"
19 | else
20 | /bin/sh -c "$cmd"
21 | fi
22 | }
23 |
--------------------------------------------------------------------------------
/templates/default/etcdctl.sh.erb:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | <% if @ose_major_version.split('.')[1].to_i <= 6 %>
3 | echo -e "Checking Member list"
4 | /usr/bin/etcdctl --cert-file <%= @etcd_crt %> --key-file <%= @etcd_key %> --ca-file <%= @etcd_ca %> --endpoints <%= @etcd_endpoint %> member list
5 | echo -e "\nChecking Cluster Health"
6 | /usr/bin/etcdctl --cert-file <%= @etcd_crt %> --key-file <%= @etcd_key %> --ca-file <%= @etcd_ca %> --endpoints <%= @etcd_endpoint %> cluster-health
7 | <% else %>
8 | echo -e "Checking Member list"
9 | ETCDCTL_API=3 /usr/bin/etcdctl --cert <%= @etcd_crt %> --key <%= @etcd_key %> --cacert <%= @etcd_ca %> --endpoints <%= @etcd_endpoint %> endpoint status
10 | echo -e "\nChecking Cluster Health"
11 | ETCDCTL_API=3 /usr/bin/etcdctl --cert <%= @etcd_crt %> --key <%= @etcd_key %> --cacert <%= @etcd_ca %> --endpoints <%= @etcd_endpoint %> endpoint health
12 | <% end %>
13 |
--------------------------------------------------------------------------------
/templates/default/firewall_certificate.erb:
--------------------------------------------------------------------------------
1 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "OpenShift HTTPD" -m tcp -p tcp --dport <%= node['cookbook-openshift3']['httpd_xfer_port'] %> -j ACCEPT
2 |
--------------------------------------------------------------------------------
/templates/default/firewall_etcd.erb:
--------------------------------------------------------------------------------
1 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "etcd" -m tcp -p tcp --dport 2379 -j ACCEPT
2 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "etcd peering" -m tcp -p tcp --dport 2380 -j ACCEPT
3 |
--------------------------------------------------------------------------------
/templates/default/firewall_jump_rule.erb:
--------------------------------------------------------------------------------
1 | -A INPUT -j OS_FIREWALL_ALLOW
2 |
--------------------------------------------------------------------------------
/templates/default/firewall_lb.erb:
--------------------------------------------------------------------------------
1 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "haproxy stats" -m tcp -p tcp --dport 9000 -j ACCEPT
2 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "haproxy balance" -m tcp -p tcp --dport <%= node['cookbook-openshift3']['openshift_lb_port'] %> -j ACCEPT
3 |
4 |
--------------------------------------------------------------------------------
/templates/default/firewall_master.erb:
--------------------------------------------------------------------------------
1 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "etcd embedded" -m tcp -p tcp --dport 4001 -j ACCEPT
2 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "OpenShift api https" -m tcp -p tcp --dport <%= node['cookbook-openshift3']['openshift_master_api_port'] %> -j ACCEPT
3 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "OpenShift dns tcp" -m tcp -p tcp --dport 8053 -j ACCEPT
4 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "OpenShift dns udp" -m udp -p udp --dport 8053 -j ACCEPT
5 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "OpenShift dns tcp" -m tcp -p tcp --dport 53 -j ACCEPT
6 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "OpenShift dns udp" -m udp -p udp --dport 53 -j ACCEPT
7 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "Fluentd td-agent tcp" -m tcp -p tcp --dport 24224 -j ACCEPT
8 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "Fluentd td-agent udp" -m udp -p udp --dport 24224 -j ACCEPT
9 | <% unless node['cookbook-openshift3']['enabled_firewall_additional_rules_master'].empty? -%>
10 | <%= render "/usr/local/etc/.firewall_master_additional.txt", :local => true %>
11 | <% end %>
12 |
--------------------------------------------------------------------------------
/templates/default/firewall_master_cluster.erb:
--------------------------------------------------------------------------------
1 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "api server https" -m tcp -p tcp --dport <%= node['cookbook-openshift3']['openshift_master_api_port'] %> -j ACCEPT
2 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "api controllers https" -m tcp -p tcp --dport <%= node['cookbook-openshift3']['openshift_master_controllers_port'] %> -j ACCEPT
3 |
--------------------------------------------------------------------------------
/templates/default/firewall_node.erb:
--------------------------------------------------------------------------------
1 | -A OS_FIREWALL_ALLOW -m comment --comment "OpenShift vxlan" -m udp -p udp --dport 4789 -j ACCEPT
2 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "OpenShift kubelet" -m tcp -p tcp --dport 10250 -j ACCEPT
3 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "Kubernetes kube-proxy health check for service load balancers" -m tcp -p tcp --dport 10256 -j ACCEPT
4 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "OpenShift kubelet ReadOnlyPort" -m tcp -p tcp --dport 10255 -j ACCEPT
5 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "OpenShift kubelet ReadOnlyPort udp" -m udp -p udp --dport 10255 -j ACCEPT
6 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "https" -m tcp -p tcp --dport 443 -j ACCEPT
7 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "http" -m tcp -p tcp --dport 80 -j ACCEPT
8 | <% unless node['cookbook-openshift3']['openshift_node_port_range'].empty? -%>
9 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "Kubernetes service NodePort TCP" -m tcp -p tcp --dport <%= node['cookbook-openshift3']['openshift_node_port_range'].tr("-", ":") %> -j ACCEPT
10 | -A OS_FIREWALL_ALLOW -m state --state NEW,ESTABLISHED -m comment --comment "Kubernetes service NodePort UDP" -m udp -p udp --dport <%= node['cookbook-openshift3']['openshift_node_port_range'].tr("-", ":") %> -j ACCEPT
11 | <% end -%>
12 | <% unless node['cookbook-openshift3']['enabled_firewall_additional_rules_node'].empty? -%>
13 | <%= render "/usr/local/etc/.firewall_node_additional.txt", :local => true %>
14 | <% end %>
15 |
--------------------------------------------------------------------------------
/templates/default/haproxy.conf.erb:
--------------------------------------------------------------------------------
1 | # Global settings
2 | #---------------------------------------------------------------------
3 | global
4 | maxconn <%= @maxconn %>
5 | log /dev/log local0 info
6 | chroot /var/lib/haproxy
7 | pidfile /var/run/haproxy.pid
8 | user haproxy
9 | group haproxy
10 | daemon
11 |
12 | # turn on stats unix socket
13 | stats socket /var/lib/haproxy/stats
14 |
15 | #---------------------------------------------------------------------
16 | # common defaults that all the 'listen' and 'backend' sections will
17 | # use if not designated in their block
18 | #---------------------------------------------------------------------
19 | defaults
20 | mode http
21 | log global
22 | option httplog
23 | option dontlognull
24 | # option http-server-close
25 | option forwardfor except 127.0.0.0/8
26 | option redispatch
27 | retries 3
28 | timeout http-request 10s
29 | timeout queue 1m
30 | timeout connect 10s
31 | timeout client 300s
32 | timeout server 300s
33 | timeout http-keep-alive 10s
34 | timeout check 10s
35 | maxconn <%= @maxconn %>
36 |
37 | listen stats :9000
38 | mode http
39 | stats enable
40 | stats uri /
41 |
42 | frontend atomic-openshift-api
43 | bind *:<%= node['cookbook-openshift3']['openshift_lb_port'] %>
44 | default_backend atomic-openshift-api
45 | mode tcp
46 | option tcplog
47 |
48 | backend atomic-openshift-api
49 | balance source
50 | mode tcp
51 | <% @master_servers.each_with_index do |master, index| %>
52 | server master<%= index %> <%= master['ipaddress'] %>:<%= node['cookbook-openshift3']['openshift_master_api_port'] %> check
53 | <% end %>
54 |
--------------------------------------------------------------------------------
/templates/default/haproxy.service.erb:
--------------------------------------------------------------------------------
1 | [Service]
2 | LimitNOFILE=<%= @nofile %>
3 |
--------------------------------------------------------------------------------
/templates/default/htpasswd.erb:
--------------------------------------------------------------------------------
1 | <% unless node['cookbook-openshift3']['openshift_master_htpasswd_users'].empty? %>
2 | <% node['cookbook-openshift3']['openshift_master_htpasswd_users'].each do |credential| %>
3 | <% credential.each_pair do |name, password| %>
4 | <%= name %>:<%= password %>
5 | <% end -%>
6 | <% end -%>
7 | <% end -%>
8 |
--------------------------------------------------------------------------------
/templates/default/iptables_input_os_firewall_allow.erb:
--------------------------------------------------------------------------------
1 | -A INPUT -j OS_FIREWALL_ALLOW
2 |
--------------------------------------------------------------------------------
/templates/default/logging_310/oauth-client.erb:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: OAuthClient
3 | metadata:
4 | name: kibana-proxy
5 | labels:
6 | logging-infra: support
7 | secret: <%= @secret %>
8 | redirectURIs:
9 | - https://<%= node['cookbook-openshift3']['openshift_logging_kibana_hostname'] %>
10 | - https://<%= node['cookbook-openshift3']['openshift_logging_kibana_hostname'] %>
11 | scopeRestrictions:
12 | - literals:
13 | - user:info
14 | - user:check-access
15 | - user:list-projects
16 |
--------------------------------------------------------------------------------
/templates/default/logging_36/oauth-client.erb:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: OAuthClient
3 | metadata:
4 | name: kibana-proxy
5 | labels:
6 | logging-infra: support
7 | secret: <%= @secret %>
8 | redirectURIs:
9 | - https://<%= node['cookbook-openshift3']['openshift_logging_kibana_hostname'] %>
10 | - https://<%= node['cookbook-openshift3']['openshift_logging_kibana_hostname'] %>
11 | scopeRestrictions:
12 | - literals:
13 | - user:info
14 | - user:check-access
15 | - user:list-projects
16 |
--------------------------------------------------------------------------------
/templates/default/logging_37/oauth-client.erb:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: OAuthClient
3 | metadata:
4 | name: kibana-proxy
5 | labels:
6 | logging-infra: support
7 | secret: <%= @secret %>
8 | redirectURIs:
9 | - https://<%= node['cookbook-openshift3']['openshift_logging_kibana_hostname'] %>
10 | - https://<%= node['cookbook-openshift3']['openshift_logging_kibana_hostname'] %>
11 | scopeRestrictions:
12 | - literals:
13 | - user:info
14 | - user:check-access
15 | - user:list-projects
16 |
--------------------------------------------------------------------------------
/templates/default/logging_39/oauth-client.erb:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: OAuthClient
3 | metadata:
4 | name: kibana-proxy
5 | labels:
6 | logging-infra: support
7 | secret: <%= @secret %>
8 | redirectURIs:
9 | - https://<%= node['cookbook-openshift3']['openshift_logging_kibana_hostname'] %>
10 | - https://<%= node['cookbook-openshift3']['openshift_logging_kibana_hostname'] %>
11 | scopeRestrictions:
12 | - literals:
13 | - user:info
14 | - user:check-access
15 | - user:list-projects
16 |
--------------------------------------------------------------------------------
/templates/default/logging_legacy/oauth-client.erb:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: OAuthClient
3 | metadata:
4 | name: kibana-proxy
5 | labels:
6 | logging-infra: support
7 | secret: <%= @secret %>
8 | redirectURIs:
9 | - https://<%= node['cookbook-openshift3']['openshift_logging_kibana_hostname'] %>
10 | - https://<%= node['cookbook-openshift3']['openshift_logging_kibana_hostname'] %>
11 | scopeRestrictions:
12 | - literals:
13 | - user:info
14 | - user:check-access
15 | - user:list-projects
16 |
--------------------------------------------------------------------------------
/templates/default/metrics_310/hawkular_metrics_schema_job.erb:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: hawkular-metrics-schema
5 | labels:
6 | metrics-infra: hawkular-metrics
7 | name: hawkular-metrics-schema
8 | spec:
9 | template:
10 | spec:
11 | version: v1
12 | metadata:
13 | labels:
14 | metrics-infra: hawkular-metrics
15 | #name: hawkular-metrics
16 | containers:
17 | - name: hawkular-metrics-schema
18 | image: "<%= node['cookbook-openshift3']['openshift_metrics_schema_installer_image'] %>:<%= node['cookbook-openshift3']['openshift_metrics_image_version']%>"
19 | imagePullPolicy: IfNotPresent
20 | env:
21 | - name: TRUSTSTORE_AUTHORITIES
22 | value: "/hawkular-metrics-certs/tls.truststore.crt"
23 | volumeMounts:
24 | - mountPath: /hawkular-metrics-certs
25 | name: hawkular-metrics-certs
26 | - mountPath: /hawkular-account
27 | name: hawkular-metrics-account
28 | volumes:
29 | - name: hawkular-metrics-certs
30 | secret:
31 | secretName: hawkular-metrics-certs
32 | - name: hawkular-metrics-account
33 | secret:
34 | secretName: hawkular-metrics-account
35 | restartPolicy: OnFailure
36 |
--------------------------------------------------------------------------------
/templates/default/node-dnsmasq.conf.erb:
--------------------------------------------------------------------------------
1 | server=/in-addr.arpa/127.0.0.1
2 | server=/<%= node['cookbook-openshift3']['osn_cluster_dns_domain'] %>/127.0.0.1
3 |
4 |
--------------------------------------------------------------------------------
/templates/default/openshift_cli.erb:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | if [ ! -d ~/.kube ]; then
3 | mkdir -m 0700 ~/.kube
4 | fi
5 | cmd=`basename $0`
6 | user=`id -u`
7 | group=`id -g`
8 | image_tag=<%= node['cookbook-openshift3']['openshift_docker_image_version'] %>
9 |
10 | >&2 echo """
11 | ================================================================================
12 | ATTENTION: You are running ${cmd} via a wrapper around 'docker run <%= node['cookbook-openshift3']['openshift_docker_master_image'] %>:${image_tag}'.
13 | This wrapper is intended only to be used to bootstrap an environment. Please
14 | install client tools on another host once you have granted cluster-admin
15 | privileges to a user.
16 | <% if node['cookbook-openshift3']['openshift_deployment_type'] == 'enterprise' %>
17 | See https://docs.openshift.com/enterprise/latest/cli_reference/get_started_cli.html
18 | <%- else -%>
19 | See https://docs.openshift.org/latest/cli_reference/get_started_cli.html
20 | <%- end -%>
21 | =================================================================================
22 | """
23 |
24 | docker run -i --privileged --net=host --user=${user}:${group} -v ~/.kube:/root/.kube -v /tmp:/tmp -v <%= node['cookbook-openshift3']['openshift_common_base_dir'] %>:<%= node['cookbook-openshift3']['openshift_common_base_dir'] %> -e KUBECONFIG=/root/.kube/config -w /tmp --entrypoint ${cmd} --rm <%= node['cookbook-openshift3']['openshift_docker_cli_image'] %>:${image_tag} "${@}"
25 |
--------------------------------------------------------------------------------
/templates/default/openshift_control_plane/apiserver.yaml.erb:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | annotations:
5 | scheduler.alpha.kubernetes.io/critical-pod: ''
6 | labels:
7 | openshift.io/component: api
8 | openshift.io/control-plane: 'true'
9 | name: master-api
10 | namespace: kube-system
11 | spec:
12 | containers:
13 | - args:
14 | - "#!/bin/bash\nset -euo pipefail\nif [[ -f /etc/origin/master/master.env ]];\
15 | \ then\n set -o allexport\n source /etc/origin/master/master.env\nfi\nexec\
16 | \ openshift start master api --config=/etc/origin/master/master-config.yaml\
17 | \ --loglevel=${DEBUG_LOGLEVEL:-2}\n"
18 | command:
19 | - /bin/bash
20 | - -c
21 | image: <%= @api_image %>
22 | livenessProbe:
23 | httpGet:
24 | path: healthz
25 | port: 8443
26 | scheme: HTTPS
27 | initialDelaySeconds: 45
28 | timeoutSeconds: 10
29 | name: api
30 | readinessProbe:
31 | httpGet:
32 | path: healthz/ready
33 | port: 8443
34 | scheme: HTTPS
35 | initialDelaySeconds: 10
36 | timeoutSeconds: 10
37 | securityContext:
38 | privileged: true
39 | volumeMounts:
40 | - mountPath: /etc/origin/master/
41 | name: master-config
42 | - mountPath: /etc/origin/cloudprovider/
43 | name: master-cloud-provider
44 | - mountPath: /var/lib/origin/
45 | name: master-data
46 | hostNetwork: true
47 | restartPolicy: Always
48 | volumes:
49 | - hostPath:
50 | path: /etc/origin/master/
51 | name: master-config
52 | - hostPath:
53 | path: /etc/origin/cloudprovider
54 | name: master-cloud-provider
55 | - hostPath:
56 | path: /var/lib/origin
57 | name: master-data
58 |
--------------------------------------------------------------------------------
/templates/default/openshift_control_plane/controller.yaml.erb:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | annotations:
5 | scheduler.alpha.kubernetes.io/critical-pod: ''
6 | labels:
7 | openshift.io/component: controllers
8 | openshift.io/control-plane: 'true'
9 | name: master-controllers
10 | namespace: kube-system
11 | spec:
12 | containers:
13 | - args:
14 | - "#!/bin/bash\nset -euo pipefail\nif [[ -f /etc/origin/master/master.env ]];\
15 | \ then\n set -o allexport\n source /etc/origin/master/master.env\nfi\nexec\
16 | \ openshift start master controllers --config=/etc/origin/master/master-config.yaml\
17 | \ --listen=https://0.0.0.0:8444 --loglevel=${DEBUG_LOGLEVEL:-2}\n"
18 | command:
19 | - /bin/bash
20 | - -c
21 | image: <%= @controller_image %>
22 | livenessProbe:
23 | httpGet:
24 | path: healthz
25 | port: 8444
26 | scheme: HTTPS
27 | name: controllers
28 | securityContext:
29 | privileged: true
30 | volumeMounts:
31 | - mountPath: /etc/origin/master/
32 | name: master-config
33 | - mountPath: /etc/origin/cloudprovider/
34 | name: master-cloud-provider
35 | - mountPath: /etc/containers/registries.d/
36 | name: signature-import
37 | - mountPath: /usr/libexec/kubernetes/kubelet-plugins
38 | mountPropagation: HostToContainer
39 | name: kubelet-plugins
40 | hostNetwork: true
41 | restartPolicy: Always
42 | volumes:
43 | - hostPath:
44 | path: /etc/origin/master/
45 | name: master-config
46 | - hostPath:
47 | path: /etc/origin/cloudprovider
48 | name: master-cloud-provider
49 | - hostPath:
50 | path: /etc/containers/registries.d
51 | name: signature-import
52 | - hostPath:
53 | path: /usr/libexec/kubernetes/kubelet-plugins
54 | name: kubelet-plugins
55 |
--------------------------------------------------------------------------------
/templates/default/openshift_control_plane/master.env.erb:
--------------------------------------------------------------------------------
1 | # Proxy configuration
2 | # Origin uses standard HTTP_PROXY environment variables. Be sure to set
3 | # NO_PROXY for your master
4 | <% if node['cookbook-openshift3']['openshift_no_proxy'].empty? -%>
5 | #NO_PROXY=master.example.com
6 | <% else -%>
7 | NO_PROXY=<%= [
8 | node['cookbook-openshift3']['openshift_no_proxy'].split(','),
9 | node['cookbook-openshift3']['openshift_common_api_hostname'],
10 | node['cookbook-openshift3']['master_servers'].map { |server| server['fqdn'] },
11 | node['cookbook-openshift3']['node_servers'].map { |server| server['fqdn'] },
12 | ".#{node['cookbook-openshift3']['osn_cluster_dns_domain']}",
13 | node['cookbook-openshift3']['openshift_common_portal_net'],
14 | node['cookbook-openshift3']['openshift_master_sdn_cluster_network_cidr']
15 | ].flatten.uniq.join(',') %>
16 | <% end %>
17 | <% if node['cookbook-openshift3']['openshift_http_proxy'].empty? -%>
18 | #HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
19 | <% else -%>
20 | HTTP_PROXY=<%= node['cookbook-openshift3']['openshift_http_proxy'] %>
21 | <% end %>
22 | <% if node['cookbook-openshift3']['openshift_https_proxy'].empty? -%>
23 | #HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
24 | <% else -%>
25 | HTTPS_PROXY=<%= node['cookbook-openshift3']['openshift_https_proxy'] %>
26 | <% end %>
27 |
28 | DEBUG_LOGLEVEL=<%= node['cookbook-openshift3']['openshift_master_debug_level'] %>
29 |
--------------------------------------------------------------------------------
/templates/default/openshift_control_plane/scheduler.json.erb:
--------------------------------------------------------------------------------
1 | {
2 | "kind": "Policy",
3 | "apiVersion": "v1",
4 | "predicates": [
5 | <% case node['cookbook-openshift3']['ose_major_version'].split('.')[1].to_i %>
6 | <% when 10 %>
7 | {"name": "NoVolumeZoneConflict"},
8 | {"name": "MaxEBSVolumeCount"},
9 | {"name": "MaxGCEPDVolumeCount"},
10 | {"name": "MaxAzureDiskVolumeCount"},
11 | {"name": "MatchInterPodAffinity"},
12 | {"name": "NoDiskConflict"},
13 | {"name": "GeneralPredicates"},
14 | {"name": "PodToleratesNodeTaints"},
15 | {"name": "CheckNodeMemoryPressure"},
16 | {"name": "CheckNodeDiskPressure"},
17 | {"name": "CheckVolumeBinding"},
18 | <%- end -%>
19 | {
20 | "argument": {
21 | "serviceAffinity": {
22 | "labels": [
23 | "region"
24 | ]
25 | }
26 | },
27 | "name": "Region"
28 | }
29 | ],
30 | "priorities": [
31 | <% case node['cookbook-openshift3']['ose_major_version'].split('.')[1].to_i %>
32 | <% when 10 %>
33 | {"name": "SelectorSpreadPriority", "weight": 1},
34 | {"name": "InterPodAffinityPriority", "weight": 1},
35 | {"name": "LeastRequestedPriority", "weight": 1},
36 | {"name": "BalancedResourceAllocation", "weight": 1},
37 | {"name": "NodePreferAvoidPodsPriority", "weight": 10000},
38 | {"name": "NodeAffinityPriority", "weight": 1},
39 | {"name": "TaintTolerationPriority", "weight": 1},
40 | <%- end -%>
41 | {
42 | "argument": {
43 | "serviceAntiAffinity": {
44 | "label": "zone"
45 | }
46 | },
47 | "name": "Zone",
48 | "weight": 2
49 | }
50 | ]
51 | }
52 |
--------------------------------------------------------------------------------
/templates/default/openshift_node/node-config.yaml.erb:
--------------------------------------------------------------------------------
1 | kind: NodeConfig
2 | apiVersion: v1
3 | authConfig:
4 | authenticationCacheSize: 1000
5 | authenticationCacheTTL: 5m
6 | authorizationCacheSize: 1000
7 | authorizationCacheTTL: 5m
8 | dnsBindAddress: "127.0.0.1:53"
9 | dnsDomain: cluster.local
10 | dnsIP: 0.0.0.0
11 | dnsNameservers: null
12 | dnsRecursiveResolvConf: /etc/origin/node/resolv.conf
13 | dockerConfig:
14 | dockerShimRootDirectory: /var/lib/dockershim
15 | dockerShimSocket: /var/run/dockershim.sock
16 | execHandlerName: native
17 | enableUnidling: true
18 | imageConfig:
19 | format: <%= node['cookbook-openshift3']['openshift_common_registry_url'] %>
20 | latest: <%= node['cookbook-openshift3']['openshift_node_image_config_latest'] %>
21 | iptablesSyncPeriod: "<%= node['cookbook-openshift3']['openshift_node_iptables_sync_period'] %>"
22 | kubeletArguments:
23 | pod-manifest-path:
24 | - /etc/origin/node/pods
25 | bootstrap-kubeconfig:
26 | - /etc/origin/node/bootstrap.kubeconfig
27 | feature-gates:
28 | - RotateKubeletClientCertificate=true,RotateKubeletServerCertificate=true
29 | rotate-certificates:
30 | - "true"
31 | cert-dir:
32 | - /etc/origin/node/certificates
33 | node-labels:
34 | <% @node_labels.each do |label| %>
35 | - <%= label %>
36 | <%- end -%>
37 | enable-controller-attach-detach:
38 | - 'true'
39 | masterClientConnectionOverrides:
40 | acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
41 | burst: 40
42 | contentType: application/vnd.kubernetes.protobuf
43 | qps: 20
44 | masterKubeConfig: node.kubeconfig
45 | networkConfig:
46 | mtu: <%= node['cookbook-openshift3']['openshift_node_sdn_mtu_sdn'] %>
47 | networkPluginName: <%= node['cookbook-openshift3']['openshift_common_sdn_network_plugin_name'] %>
48 | servingInfo:
49 | bindAddress: 0.0.0.0:10250
50 | bindNetwork: tcp4
51 | clientCA: client-ca.crt
52 | volumeConfig:
53 | localQuota:
54 | perFSGroup: null
55 | volumeDirectory: <%= node['cookbook-openshift3']['openshift_data_dir'] %>/openshift.local.volumes
56 |
--------------------------------------------------------------------------------
/templates/default/openshift_node/node.service.erb:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=OpenShift Node
3 | After=docker.service
4 | After=chronyd.service
5 | After=ntpd.service
6 | Wants=docker.service
7 | Documentation=https://github.com/openshift/origin
8 | Wants=dnsmasq.service
9 | After=dnsmasq.service
10 | {% if openshift_use_crio | bool %}Wants=cri-o.service{% endif %}
11 |
12 | [Service]
13 | Type=notify
14 | EnvironmentFile=/etc/sysconfig/<%= node['cookbook-openshift3']['openshift_service_type'] %>-node
15 | ExecStart=/usr/local/bin/openshift-node
16 | LimitNOFILE=65536
17 | LimitCORE=infinity
18 | WorkingDirectory=/var/lib/origin/
19 | SyslogIdentifier=<%= node['cookbook-openshift3']['openshift_service_type'] %>-node
20 | Restart=always
21 | RestartSec=5s
22 | TimeoutStartSec=300
23 | OOMScoreAdjust=-999
24 |
25 | [Install]
26 | WantedBy=multi-user.target
27 |
--------------------------------------------------------------------------------
/templates/default/openshift_node/node.yaml.v1.erb:
--------------------------------------------------------------------------------
1 | allowDisabledDocker: false
2 | apiVersion: v1
3 | dnsBindAddress: 127.0.0.1:53
4 | dnsRecursiveResolvConf: /etc/origin/node/resolv.conf
5 | dnsDomain: <%=node['cookbook-openshift3']['osn_cluster_dns_domain'] %>
6 | dnsIP: 0.0.0.0
7 | dockerConfig:
8 | execHandlerName: ""
9 | iptablesSyncPeriod: "<%= node['cookbook-openshift3']['openshift_node_iptables_sync_period'] %>"
10 | imageConfig:
11 | format: <%= node['cookbook-openshift3']['openshift_common_registry_url'] %>
12 | latest: <%= node['cookbook-openshift3']['openshift_node_image_config_latest'] %>
13 | kind: NodeConfig
14 | kubeletArguments:
15 | node-labels:
16 | - <%= node['cookbook-openshift3']['openshift_node_groups'] %>
17 | masterClientConnectionOverrides:
18 | acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
19 | contentType: application/vnd.kubernetes.protobuf
20 | burst: 200
21 | qps: 100
22 | masterKubeConfig: system:node:<%= node['fqdn'].downcase %>.kubeconfig
23 | networkConfig:
24 | mtu: <%= node['cookbook-openshift3']['openshift_node_sdn_mtu_sdn'] %>
25 | networkPluginName: <%= node['cookbook-openshift3']['openshift_common_sdn_network_plugin_name'] %>
26 | <% if node['cookbook-openshift3']['openshift_set_node_ip'] -%>
27 | nodeIP: <%= node['cookbook-openshift3']['openshift_common_ip'] %>
28 | <%- end -%>
29 | nodeName: <%= node['fqdn'] %>
30 | podManifestConfig:
31 | servingInfo:
32 | bindAddress: 0.0.0.0:10250
33 | certFile: server.crt
34 | clientCA: ca.crt
35 | keyFile: server.key
36 | <% if (defined?(node['cookbook-openshift3']['openshift_node_min_tls_version'])).nil? %>
37 | minTLSVersion: <%= node['cookbook-openshift3']['openshift_node_min_tls_version'] %>
38 | <%- end -%>
39 | <% if (defined?(node['cookbook-openshift3']['openshift_node_cipher_suites'])).nil? %>
40 | cipherSuites:
41 | <% node['cookbook-openshift3']['openshift_node_cipher_suites'].each do |cipher_suite| %>
42 | - <%= cipher_suite %>
43 | <%- end -%>
44 | <%- end -%>
45 | volumeDirectory: <%= node['cookbook-openshift3']['openshift_data_dir'] %>/openshift.local.volumes
46 | proxyArguments:
47 | proxy-mode:
48 | - iptables
49 | volumeConfig:
50 | localQuota:
51 | perFSGroup: <%= node['cookbook-openshift3']['openshift_node_local_quota_per_fsgroup'] %>
52 |
--------------------------------------------------------------------------------
/templates/default/openshift_node/origin-dns.conf.erb:
--------------------------------------------------------------------------------
1 | no-resolv
2 | domain-needed
3 | no-negcache
4 | max-cache-ttl=1
5 | enable-dbus
6 | dns-forward-max=10000
7 | cache-size=10000
8 | bind-dynamic
9 | min-port=1024
10 | except-interface=lo
11 |
--------------------------------------------------------------------------------
/templates/default/openssl.cnf.erb:
--------------------------------------------------------------------------------
1 | <%= render "/etc/pki/tls/openssl.cnf" , :local => true -%>
2 |
3 | [ etcd_v3_req ]
4 | basicConstraints = critical,CA:FALSE
5 | keyUsage = digitalSignature,keyEncipherment
6 | subjectAltName = ${ENV::SAN}
7 |
8 | [ etcd_ca ]
9 | dir = <%= node['cookbook-openshift3']['etcd_ca_dir'] %>
10 | crl_dir = $dir/crl
11 | database = $dir/index.txt
12 | new_certs_dir = $dir/certs
13 | certificate = $dir/ca.crt
14 | serial = $dir/serial
15 | private_key = $dir/ca.key
16 | crl_number = $dir/crlnumber
17 | x509_extensions = etcd_v3_ca_client
18 | default_days = 1825
19 | default_md = sha256
20 | preserve = no
21 | name_opt = ca_default
22 | cert_opt = ca_default
23 | policy = policy_anything
24 | unique_subject = no
25 | copy_extensions = copy
26 |
27 | [ etcd_v3_ca_self ]
28 | authorityKeyIdentifier = keyid,issuer
29 | basicConstraints = critical,CA:TRUE,pathlen:0
30 | keyUsage = critical,digitalSignature,keyEncipherment,keyCertSign
31 | subjectKeyIdentifier = hash
32 |
33 | [ etcd_v3_ca_peer ]
34 | authorityKeyIdentifier = keyid,issuer:always
35 | basicConstraints = critical,CA:FALSE
36 | extendedKeyUsage = clientAuth,serverAuth
37 | keyUsage = digitalSignature,keyEncipherment
38 | subjectKeyIdentifier = hash
39 |
40 | [ etcd_v3_ca_server ]
41 | authorityKeyIdentifier = keyid,issuer:always
42 | basicConstraints = critical,CA:FALSE
43 | extendedKeyUsage = serverAuth,clientAuth
44 | keyUsage = digitalSignature,keyEncipherment
45 | subjectKeyIdentifier = hash
46 |
47 | [ etcd_v3_ca_client ]
48 | authorityKeyIdentifier = keyid,issuer:always
49 | basicConstraints = critical,CA:FALSE
50 | extendedKeyUsage = clientAuth
51 | keyUsage = digitalSignature,keyEncipherment
52 | subjectKeyIdentifier = hash
53 |
--------------------------------------------------------------------------------
/templates/default/origin-dns.conf.erb:
--------------------------------------------------------------------------------
1 | no-resolv
2 | domain-needed
3 | no-negcache
4 | <% if @openshift_node_dnsmasq_interface %>
5 | interface=<%= @openshift_node_dnsmasq_bind_interface %>
6 | <%- end %>
7 | bind-interfaces
8 | <% if @openshift_node_dnsmasq_log_queries %>
9 | log-queries
10 | <%- end %>
11 | dns-forward-max=10000
12 | cache-size=10000
13 | max-cache-ttl=<%= @openshift_node_dnsmasq_maxcachettl %>
14 | <% if @ose_major_version.split('.')[1].to_i >= 6 %>
15 | enable-dbus
16 | except-interface=lo
17 | <%- else -%>
18 | server=/cluster.local/<%= node['cookbook-openshift3']['openshift_common_first_svc_ip'] %>
19 | server=/<%= node['cookbook-openshift3']['openshift_common_first_svc_ip'].split('.')[1] + "." + node['cookbook-openshift3']['openshift_common_first_svc_ip'].split('.')[0] %>.in-addr.arpa/<%= node['cookbook-openshift3']['openshift_common_first_svc_ip'] %>
20 | <%- end %>
21 |
--------------------------------------------------------------------------------
/templates/default/patch-registry.json.erb:
--------------------------------------------------------------------------------
1 | {
2 | "spec":{
3 | "template":{
4 | "spec":{
5 | "containers":[
6 | {
7 | "name":"registry",
8 | "image":"<%= @registry_image %>"
9 | }
10 | ]
11 | }
12 | }
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/templates/default/patch-router.json.erb:
--------------------------------------------------------------------------------
1 | {
2 | "spec":{
3 | "template":{
4 | "spec":{
5 | "containers":[
6 | {
7 | "name":"router",
8 | "image":"<%= @router_image %>",
9 | "livenessProbe":{
10 | "tcpSocket":null,
11 | "httpGet":{
12 | "path":"/healthz",
13 | "port":1936,
14 | "host":"localhost",
15 | "scheme":"HTTP"
16 | },
17 | "initialDelaySeconds":10,
18 | "timeoutSeconds":1
19 | }
20 | }
21 | ]
22 | }
23 | }
24 | }
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/templates/default/pv_template.yaml.erb:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolume
4 | metadata:
5 | name:
6 | spec:
7 | capacity:
8 | storage:
9 | accessModes:
10 | nfs:
11 | path:
12 | server:
13 | persistentVolumeReclaimPolicy:
14 |
--------------------------------------------------------------------------------
/templates/default/pvc.yaml.erb:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: <%= @pvc['name'] %>
5 | <% if @pvc.has_key?('labels') %>
6 | labels:
7 | <% @pvc['labels'].each_pair do |k, v| %>
8 | <%= k %>: <%= v %>
9 | <%- end -%>
10 | <%- end -%>
11 | <% if @pvc.has_key?('annotations') %>
12 | annotations:
13 | <% @pvc['annotations'].each_pair do |k, v| %>
14 | <%= k %>: <%= v %>
15 | <%- end -%>
16 | <%- end -%>
17 | spec:
18 | accessModes:
19 | <% @pvc['access_modes'].each do |mode| %>
20 | -
21 | <%= mode %>
22 | <%- end -%>
23 | resources:
24 | requests:
25 | storage: <%= node['cookbook-openshift3']['openshift_metrics_cassandra_pvc_size'] %>
26 |
--------------------------------------------------------------------------------
/templates/default/pvc_template.yaml.erb:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name:
5 | namespace:
6 | spec:
7 | accessModes:
8 | resources:
9 | requests:
10 | storage:
11 | volumeName:
12 |
--------------------------------------------------------------------------------
/templates/default/rolebinding.yaml.erb:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | <% if @role.has_key?('cluster') %>
3 | kind: ClusterRoleBinding
4 | <%- else -%>
5 | kind: RoleBinding
6 | <%- end -%>
7 | metadata:
8 | name: <%= @role['name'] %>
9 | <% if @role.has_key?('labels') %>
10 | labels:
11 | <% @role['labels'].each_pair do |k, v| %>
12 | <%= k %>: <%= v %>
13 | <%- end -%>
14 | <%- end -%>
15 | roleRef:
16 | <% @role['rolerefs'].each_pair do |k, v| %>
17 | <%= k %>: <%= v %>
18 | <%- end -%>
19 | subjects:
20 | <% @role['subjects'].each do |sub| %>
21 | -
22 | <% sub.each_pair do |k,v| %>
23 | <%= k %>: <%= v %>
24 | <%- end -%>
25 | <%- end -%>
26 |
--------------------------------------------------------------------------------
/templates/default/route.yaml.erb:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Route
3 | metadata:
4 | name: <%= @route['name'] %>
5 | <% if @route.has_key?('labels') %>
6 | labels:
7 | <% @route['labels'].each_pair do |k, v| %>
8 | <%= k %>: <%= v %>
9 | <%- end -%>
10 | <%- end -%>
11 | <% unless @annotations.empty? %>
12 | annotations:
13 | <%- @annotations.each do |annotation| %>
14 | <%= annotation %>
15 | <%- end -%>
16 | <%- end -%>
17 | spec:
18 | host: <% @route['host'] %>
19 | to:
20 | <% @route['to'].each_pair do |k, v| %>
21 | <%= k %>: <%= v %>
22 | <%- end -%>
23 | <% if @route.has_key?('tls') %>
24 | tls:
25 | termination: <%= @route['tls_termination'] %>
26 | <% unless @tls_ca_certificate.empty? %>
27 | caCertificate: |
28 | <%- @tls_ca_certificate.split("\n").each do |ca| %>
29 | <%= ca %>
30 | <%- end -%>
31 | <%- end -%>
32 | <% unless @tls_key.empty? %>
33 | key: |
34 | <%- @tls_key.split("\n").each do |key| %>
35 | <%= key %>
36 | <%- end -%>
37 | <%- end -%>
38 | <% unless @tls_certificate.empty? %>
39 | certificate: |
40 | <%- @tls_certificate.split("\n").each do |cert| %>
41 | <%= cert %>
42 | <%- end -%>
43 | <%- end -%>
44 | <% if @route['tls_termination'] == 'reencrypt' %>
45 | destinationCACertificate: |
46 | <%- @tls_destination_ca_certificate.split("\n").each do |destCA| %>
47 | <%= destCA %>
48 | <%- end -%>
49 | <%- end -%>
50 | <%- end -%>
51 |
--------------------------------------------------------------------------------
/templates/default/secret.yaml.erb:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | metadata:
4 | name: <%= @name %>
5 | labels:
6 | <% @labels.each_pair do |k, v| %>
7 | <%= k %>: <%= v %>
8 | <%- end -%>
9 | <% if defined?(@annotations) %>
10 | annotations:
11 | <%- @annotations.each do |annotation| %>
12 | <%= annotation %>
13 | <%- end -%>
14 | <%- end -%>
15 | data:
16 | <% @data.each_pair do |k, v| %>
17 | <%= k %>: <%= v %>
18 | <%- end -%>
19 |
--------------------------------------------------------------------------------
/templates/default/service.yaml.erb:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: <%= @svc['name'] %>
5 | <% if @svc.has_key?('labels') %>
6 | labels:
7 | <% @svc['labels'].each_pair do |k, v| %>
8 | <%= k %>: <%= v %>
9 | <%- end -%>
10 | <%- end -%>
11 | <% if @svc.has_key?('annotations') %>
12 | annotations:
13 | <%- @svc['annotations'].each do |annotation| %>
14 | <%= annotation %>
15 | <%- end -%>
16 | <%- end -%>
17 | spec:
18 | <% if @svc.has_key?('headless') %>
19 | portalIP: None
20 | clusterIP: None
21 | <%- end -%>
22 | ports:
23 | <% @svc['ports'].each do |port| %>
24 | -
25 | <% port.each_pair do |k,v| %>
26 | <%= k %>: <%= v %>
27 | <%- end -%>
28 | <%- end -%>
29 | selector:
30 | <% @svc['selector'].each_pair do |k, v| %>
31 | <%= k %>: <%= v %>
32 | <%- end -%>
33 |
--------------------------------------------------------------------------------
/templates/default/service_docker-network.sysconfig.erb:
--------------------------------------------------------------------------------
1 | # /etc/sysconfig/docker-network
2 | <%- if node['cookbook-openshift3']['openshift_docker_network_options'].empty? -%>
3 | DOCKER_NETWORK_OPTIONS=
4 | <%- else -%>
5 | DOCKER_NETWORK_OPTIONS='<%= node['cookbook-openshift3']['openshift_docker_network_options'] %>'
6 | <%- end -%>
7 |
--------------------------------------------------------------------------------
/templates/default/service_etcd-containerized.service.erb:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=The Etcd Server container
3 | After=docker.service
4 | Requires=docker.service
5 | PartOf=docker.service
6 |
7 | [Service]
8 | EnvironmentFile=<%= node['cookbook-openshift3']['etcd_conf_dir'] %>/etcd.conf
9 | ExecStartPre=-/usr/bin/docker rm -f <%= node['cookbook-openshift3']['etcd_service_name'] %>
10 | ExecStart=/usr/bin/docker run --name <%= node['cookbook-openshift3']['etcd_service_name'] %> --rm -v /var/lib/etcd:/var/lib/etcd:z -v <%= node['cookbook-openshift3']['etcd_conf_dir'] %>:<%= node['cookbook-openshift3']['etcd_conf_dir'] %>:ro --env-file=<%= node['cookbook-openshift3']['etcd_conf_dir'] %>/etcd.conf --net=host --entrypoint=<%= @path_bin %> <%= node['cookbook-openshift3']['openshift_docker_etcd_image'] %>:<%= node['cookbook-openshift3']['openshift_docker_etcd_version'] %>
11 | ExecStop=/usr/bin/docker stop <%= node['cookbook-openshift3']['etcd_service_name'] %>
12 | SyslogIdentifier=<%= node['cookbook-openshift3']['etcd_service_name'] %>
13 | Restart=always
14 | RestartSec=5s
15 |
16 | [Install]
17 | WantedBy=docker.service
18 |
19 |
--------------------------------------------------------------------------------
/templates/default/service_master-api-containerized.service.erb:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Atomic OpenShift Master API
3 | Documentation=https://github.com/openshift/origin
4 | After=etcd_container.service
5 | Wants=etcd_container.service
6 | Before=<%= node['cookbook-openshift3']['openshift_service_type'] %>-node.service
7 | After=docker.service
8 | PartOf=docker.service
9 | Requires=docker.service
10 |
11 | [Service]
12 | EnvironmentFile=/etc/sysconfig/<%= node['cookbook-openshift3']['openshift_service_type'] %>-master-api
13 | Environment=GOTRACEBACK=crash
14 | ExecStartPre=-/usr/bin/docker rm -f <%= node['cookbook-openshift3']['openshift_service_type'] %>-master-api
15 | ExecStart=/usr/bin/docker run --rm --privileged --net=host --name <%= node['cookbook-openshift3']['openshift_service_type'] %>-master-api --env-file=/etc/sysconfig/<%= node['cookbook-openshift3']['openshift_service_type'] %>-master-api -v <%= node['cookbook-openshift3']['openshift_data_dir'] %>:<%= node['cookbook-openshift3']['openshift_data_dir'] %> -v /var/log:/var/log -v /var/run/docker.sock:/var/run/docker.sock -v <%= node['cookbook-openshift3']['openshift_common_base_dir'] %>:<%= node['cookbook-openshift3']['openshift_common_base_dir'] %> -v /etc/pki:/etc/pki:ro <%= node['cookbook-openshift3']['openshift_docker_master_image'] %>:${IMAGE_VERSION} start master api --config=${CONFIG_FILE} $OPTIONS
16 | ExecStartPost=/usr/bin/sleep 10
17 | ExecStop=/usr/bin/docker stop <%= node['cookbook-openshift3']['openshift_service_type'] %>-master-api
18 | LimitNOFILE=131072
19 | LimitCORE=infinity
20 | WorkingDirectory=<%= node['cookbook-openshift3']['openshift_data_dir'] %>
21 | SyslogIdentifier=<%= node['cookbook-openshift3']['openshift_service_type'] %>-master-api
22 | Restart=always
23 | RestartSec=5s
24 |
25 | [Install]
26 | WantedBy=docker.service
27 | WantedBy=<%= node['cookbook-openshift3']['openshift_service_type'] %>-node.service
28 |
--------------------------------------------------------------------------------
/templates/default/service_master-api.service.erb:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Atomic OpenShift Master API
3 | Documentation=https://github.com/openshift/origin
4 | After=network-online.target
5 | After=etcd.service
6 | Before=<%= node['cookbook-openshift3']['openshift_service_type'] %>-node.service
7 | Requires=network-online.target
8 |
9 | [Service]
10 | Type=notify
11 | EnvironmentFile=/etc/sysconfig/<%= node['cookbook-openshift3']['openshift_service_type'] %>-master-api
12 | Environment=GOTRACEBACK=crash
13 | ExecStart=/usr/bin/openshift start master api --config=${CONFIG_FILE} $OPTIONS
14 | LimitNOFILE=131072
15 | LimitCORE=infinity
16 | WorkingDirectory=<%= node['cookbook-openshift3']['openshift_data_dir'] %>
17 | SyslogIdentifier=<%= node['cookbook-openshift3']['openshift_service_type'] %>-master-api
18 | Restart=always
19 | RestartSec=5s
20 |
21 | [Install]
22 | WantedBy=multi-user.target
23 | WantedBy=<%= node['cookbook-openshift3']['openshift_service_type'] %>-node.service
24 |
--------------------------------------------------------------------------------
/templates/default/service_master-api.sysconfig.erb:
--------------------------------------------------------------------------------
1 | OPTIONS=--loglevel=<%= node['cookbook-openshift3']['openshift_master_debug_level'] %> --listen=https://<%= node['cookbook-openshift3']['openshift_master_bind_addr'] %>:<%= node['cookbook-openshift3']['openshift_master_api_port'] %> --master=<%= node['cookbook-openshift3']['openshift_master_loopback_api_url'] %>
2 | CONFIG_FILE=<%= node['cookbook-openshift3']['openshift_master_config_file'] %>
3 | <% if node['cookbook-openshift3']['openshift_push_via_dns'] %>
4 | OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000
5 | <% end -%>
6 | <% if node['cookbook-openshift3']['deploy_containerized'] %>
7 | IMAGE_VERSION=<%= node['cookbook-openshift3']['openshift_docker_image_version'] %>
8 | <% end -%>
9 | <% if defined?(@aws_access_key_id) && defined?(@aws_secret_access_key) %>
10 |
11 | AWS_ACCESS_KEY_ID=<%= @aws_access_key_id %>
12 | AWS_SECRET_ACCESS_KEY=<%= @aws_secret_access_key %>
13 | <% end -%>
14 |
15 | # Proxy configuration
16 | # Origin uses standard HTTP_PROXY environment variables. Be sure to set
17 | # NO_PROXY for your master
18 | <% if node['cookbook-openshift3']['openshift_no_proxy'].empty? -%>
19 | #NO_PROXY=master.example.com
20 | <% else -%>
21 | NO_PROXY=<%= [
22 | node['cookbook-openshift3']['openshift_no_proxy'].split(','),
23 | node['cookbook-openshift3']['openshift_common_api_hostname'],
24 | node['cookbook-openshift3']['master_servers'].map { |server| server['fqdn'] },
25 | node['cookbook-openshift3']['node_servers'].map { |server| server['fqdn'] },
26 | ".#{node['cookbook-openshift3']['osn_cluster_dns_domain']}",
27 | node['cookbook-openshift3']['openshift_common_portal_net'],
28 | node['cookbook-openshift3']['openshift_master_sdn_cluster_network_cidr']
29 | ].flatten.uniq.join(',') %>
30 | <% end %>
31 | <% if node['cookbook-openshift3']['openshift_http_proxy'].empty? -%>
32 | #HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
33 | <% else -%>
34 | HTTP_PROXY=<%= node['cookbook-openshift3']['openshift_http_proxy'] %>
35 | <% end %>
36 | <% if node['cookbook-openshift3']['openshift_https_proxy'].empty? -%>
37 | #HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
38 | <% else -%>
39 | HTTPS_PROXY=<%= node['cookbook-openshift3']['openshift_https_proxy'] %>
40 | <% end %>
41 |
--------------------------------------------------------------------------------
/templates/default/service_master-containerized.service.erb:
--------------------------------------------------------------------------------
1 | [Unit]
2 | After=docker.service
3 | Requires=docker.service
4 | PartOf=docker.service
5 | After=etcd_container.service
6 | Wants=etcd_container.service
7 |
8 | [Service]
9 | EnvironmentFile=/etc/sysconfig/<%= node['cookbook-openshift3']['openshift_service_type'] %>-master
10 | ExecStartPre=-/usr/bin/docker rm -f <%= node['cookbook-openshift3']['openshift_service_type'] %>-master
11 | ExecStart=/usr/bin/docker run --rm --privileged --net=host --name <%= node['cookbook-openshift3']['openshift_service_type'] %>-master --env-file=/etc/sysconfig/<%= node['cookbook-openshift3']['openshift_service_type'] %>-master -v <%= node['cookbook-openshift3']['openshift_data_dir'] %>:<%= node['cookbook-openshift3']['openshift_data_dir'] %> -v /var/run/docker.sock:/var/run/docker.sock -v <%= node['cookbook-openshift3']['openshift_common_base_dir'] %>:<%= node['cookbook-openshift3']['openshift_common_base_dir'] %> <%= node['cookbook-openshift3']['openshift_docker_master_image'] %>:${IMAGE_VERSION} start master --config=${CONFIG_FILE} $OPTIONS
12 | ExecStartPost=/usr/bin/sleep 10
13 | ExecStop=/usr/bin/docker stop <%= node['cookbook-openshift3']['openshift_service_type'] %>-master
14 | Restart=always
15 | RestartSec=5s
16 |
17 | [Install]
18 | WantedBy=docker.service
19 |
20 |
--------------------------------------------------------------------------------
/templates/default/service_master-controllers-containerized.service.erb:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Atomic OpenShift Master Controllers
3 | Documentation=https://github.com/openshift/origin
4 | Wants=<%= node['cookbook-openshift3']['openshift_service_type'] %>-master-api.service
5 | After=<%= node['cookbook-openshift3']['openshift_service_type'] %>-master-api.service
6 | After=docker.service
7 | Requires=docker.service
8 | PartOf=docker.service
9 |
10 | [Service]
11 | EnvironmentFile=/etc/sysconfig/<%= node['cookbook-openshift3']['openshift_service_type'] %>-master-controllers
12 | Environment=GOTRACEBACK=crash
13 | ExecStartPre=-/usr/bin/docker rm -f <%= node['cookbook-openshift3']['openshift_service_type'] %>-master-controllers
14 | ExecStart=/usr/bin/docker run --rm --privileged --net=host --name <%= node['cookbook-openshift3']['openshift_service_type'] %>-master-controllers --env-file=/etc/sysconfig/<%= node['cookbook-openshift3']['openshift_service_type'] %>-master-controllers -v <%= node['cookbook-openshift3']['openshift_data_dir'] %>:<%= node['cookbook-openshift3']['openshift_data_dir'] %> -v /var/run/docker.sock:/var/run/docker.sock -v <%= node['cookbook-openshift3']['openshift_common_base_dir'] %>:<%= node['cookbook-openshift3']['openshift_common_base_dir'] %> -v /etc/pki:/etc/pki:ro <%= node['cookbook-openshift3']['openshift_docker_master_image'] %>:${IMAGE_VERSION} start master controllers --config=${CONFIG_FILE} $OPTIONS
15 | ExecStartPost=/usr/bin/sleep 10
16 | ExecStop=/usr/bin/docker stop <%= node['cookbook-openshift3']['openshift_service_type'] %>-master-controllers
17 | LimitNOFILE=131072
18 | LimitCORE=infinity
19 | WorkingDirectory=<%= node['cookbook-openshift3']['openshift_data_dir'] %>
20 | SyslogIdentifier=<%= node['cookbook-openshift3']['openshift_service_type'] %>-master-controllers
21 | Restart=always
22 | RestartSec=5s
23 |
24 | [Install]
25 | WantedBy=docker.service
26 |
27 |
--------------------------------------------------------------------------------
/templates/default/service_master-controllers.service.erb:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Atomic OpenShift Master Controllers
3 | Documentation=https://github.com/openshift/origin
4 | After=network-online.target
5 | After=<%= node['cookbook-openshift3']['openshift_service_type'] %>-master-api.service
6 | Wants=<%= node['cookbook-openshift3']['openshift_service_type'] %>-master-api.service
7 | Requires=network-online.target
8 |
9 | [Service]
10 | Type=notify
11 | EnvironmentFile=/etc/sysconfig/<%= node['cookbook-openshift3']['openshift_service_type'] %>-master-controllers
12 | Environment=GOTRACEBACK=crash
13 | ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS
14 | LimitNOFILE=131072
15 | LimitCORE=infinity
16 | WorkingDirectory=<%= node['cookbook-openshift3']['openshift_data_dir'] %>
17 | SyslogIdentifier=<%= node['cookbook-openshift3']['openshift_service_type'] %>-master-controllers
18 | Restart=always
19 | RestartSec=5s
20 |
21 | [Install]
22 | WantedBy=multi-user.target
23 |
--------------------------------------------------------------------------------
/templates/default/service_master-controllers.sysconfig.erb:
--------------------------------------------------------------------------------
1 | OPTIONS=--loglevel=<%= node['cookbook-openshift3']['openshift_master_debug_level'] %> --listen=https://<%= node['cookbook-openshift3']['openshift_master_bind_addr'] %>:<%= node['cookbook-openshift3']['openshift_master_controllers_port'] %>
2 | CONFIG_FILE=<%= node['cookbook-openshift3']['openshift_master_config_file'] %>
3 | <% if node['cookbook-openshift3']['openshift_push_via_dns'] %>
4 | OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000
5 | <% end -%>
6 | <% if node['cookbook-openshift3']['deploy_containerized'] %>
7 | IMAGE_VERSION=<%= node['cookbook-openshift3']['openshift_docker_image_version'] %>
8 | <% end -%>
9 | <% if defined?(@aws_access_key_id) && defined?(@aws_secret_access_key) %>
10 |
11 | AWS_ACCESS_KEY_ID=<%= @aws_access_key_id %>
12 | AWS_SECRET_ACCESS_KEY=<%= @aws_secret_access_key %>
13 | <% end -%>
14 |
15 | # Proxy configuration
16 | # Origin uses standard HTTP_PROXY environment variables. Be sure to set
17 | # NO_PROXY for your master
18 | <% if node['cookbook-openshift3']['openshift_no_proxy'].empty? -%>
19 | #NO_PROXY=master.example.com
20 | <% else -%>
21 | NO_PROXY=<%= [
22 | node['cookbook-openshift3']['openshift_no_proxy'].split(','),
23 | node['cookbook-openshift3']['openshift_common_api_hostname'],
24 | node['cookbook-openshift3']['master_servers'].map { |server| server['fqdn'] },
25 | node['cookbook-openshift3']['node_servers'].map { |server| server['fqdn'] },
26 | ".#{node['cookbook-openshift3']['osn_cluster_dns_domain']}",
27 | node['cookbook-openshift3']['openshift_common_portal_net'],
28 | node['cookbook-openshift3']['openshift_master_sdn_cluster_network_cidr']
29 | ].flatten.uniq.join(',') %>
30 | <% end %>
31 | <% if node['cookbook-openshift3']['openshift_http_proxy'].empty? -%>
32 | #HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
33 | <% else -%>
34 | HTTP_PROXY=<%= node['cookbook-openshift3']['openshift_http_proxy'] %>
35 | <% end %>
36 | <% if node['cookbook-openshift3']['openshift_https_proxy'].empty? -%>
37 | #HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
38 | <% else -%>
39 | HTTPS_PROXY=<%= node['cookbook-openshift3']['openshift_https_proxy'] %>
40 | <% end %>
41 |
--------------------------------------------------------------------------------
/templates/default/service_master.sysconfig.erb:
--------------------------------------------------------------------------------
1 | OPTIONS=--loglevel=<%= node['cookbook-openshift3']['openshift_master_debug_level'] %>
2 | CONFIG_FILE=<%= node['cookbook-openshift3']['openshift_master_config_file'] %>
3 | <% if node['cookbook-openshift3']['openshift_push_via_dns'] %>
4 | OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000
5 | <% end -%>
6 | <% if node['cookbook-openshift3']['deploy_containerized'] %>
7 | IMAGE_VERSION=<%= node['cookbook-openshift3']['openshift_docker_image_version'] %>
8 | <% end -%>
9 | <% if defined?(@aws_access_key_id) && defined?(@aws_secret_access_key) %>
10 |
11 | AWS_ACCESS_KEY_ID=<%= @aws_access_key_id %>
12 | AWS_SECRET_ACCESS_KEY=<%= @aws_secret_access_key %>
13 | <% end -%>
14 |
15 | # Proxy configuration
16 | # Origin uses standard HTTP_PROXY environment variables. Be sure to set
17 | # NO_PROXY for your master
18 | <% if node['cookbook-openshift3']['openshift_no_proxy'].empty? -%>
19 | #NO_PROXY=master.example.com
20 | <% else -%>
21 | NO_PROXY=<%= [
22 | node['cookbook-openshift3']['openshift_no_proxy'].split(','),
23 | node['cookbook-openshift3']['openshift_common_api_hostname'],
24 | node['cookbook-openshift3']['master_servers'].map { |server| server['fqdn'] },
25 | node['cookbook-openshift3']['node_servers'].map { |server| server['fqdn'] },
26 | ".#{node['cookbook-openshift3']['osn_cluster_dns_domain']}",
27 | node['cookbook-openshift3']['openshift_common_portal_net'],
28 | node['cookbook-openshift3']['openshift_master_sdn_cluster_network_cidr']
29 | ].flatten.uniq.join(',') %>
30 | <% end %>
31 | <% if node['cookbook-openshift3']['openshift_http_proxy'].empty? -%>
32 | #HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
33 | <% else -%>
34 | HTTP_PROXY=<%= node['cookbook-openshift3']['openshift_http_proxy'] %>
35 | <% end %>
36 | <% if node['cookbook-openshift3']['openshift_https_proxy'].empty? -%>
37 | #HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
38 | <% else -%>
39 | HTTPS_PROXY=<%= node['cookbook-openshift3']['openshift_https_proxy'] %>
40 | <% end %>
41 |
--------------------------------------------------------------------------------
/templates/default/service_node-deps-containerized.service.erb:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Requires=docker.service
3 | After=docker.service
4 | PartOf=<%= node['cookbook-openshift3']['openshift_service_type'] %>-node.service
5 | Before=<%= node['cookbook-openshift3']['openshift_service_type'] %>-node.service
6 |
7 |
8 | [Service]
9 | ExecStart=/bin/bash -c 'if [[ -f /usr/bin/docker-current ]]; \
10 | then echo DOCKER_ADDTL_BIND_MOUNTS=\"--volume=/usr/bin/docker-current:/usr/bin/docker-current:ro \
11 | --volume=/etc/sysconfig/docker:/etc/sysconfig/docker:ro \
12 | --volume=/etc/containers/registries:/etc/containers/registries:ro \" > \
13 | /etc/sysconfig/<%= node['cookbook-openshift3']['openshift_service_type'] %>-node-dep; \
14 | else echo "#DOCKER_ADDTL_BIND_MOUNTS=" > /etc/sysconfig/<%= node['cookbook-openshift3']['openshift_service_type'] %>-node-dep; fi'
15 | ExecStop=
16 | SyslogIdentifier=<%= node['cookbook-openshift3']['openshift_service_type'] %>-node-dep
17 |
18 |
--------------------------------------------------------------------------------
/templates/default/service_node.service.erb:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=OpenShift Node
3 | After=docker.service
4 | Wants=openvswitch.service
5 | After=ovsdb-server.service
6 | After=ovs-vswitchd.service
7 | Wants=docker.service
8 | Documentation=https://github.com/openshift/origin
9 | After=dnsmasq.service
10 |
11 | [Service]
12 | Type=notify
13 | EnvironmentFile=/etc/sysconfig/<%= node['cookbook-openshift3']['openshift_service_type'] %>-node
14 | Environment=GOTRACEBACK=crash
15 | ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
16 | ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/<%= node['cookbook-openshift3']['osn_cluster_dns_domain'] %>/127.0.0.1
17 | ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf
18 | ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:
19 | ExecStart=/usr/bin/openshift start node --config=${CONFIG_FILE} $OPTIONS
20 | LimitNOFILE=65536
21 | LimitCORE=infinity
22 | WorkingDirectory=/var/lib/origin/
23 | SyslogIdentifier=<%= node['cookbook-openshift3']['openshift_service_type'] %>-node
24 | Restart=always
25 | RestartSec=5s
26 | TimeoutStartSec=300
27 | OOMScoreAdjust=-999
28 |
29 | [Install]
30 | WantedBy=multi-user.target
31 |
--------------------------------------------------------------------------------
/templates/default/service_openvswitch-containerized.service.erb:
--------------------------------------------------------------------------------
1 | [Unit]
2 | After=docker.service
3 | Requires=docker.service
4 | PartOf=docker.service
5 |
6 | [Service]
7 | EnvironmentFile=/etc/sysconfig/openvswitch
8 | ExecStartPre=-/usr/bin/docker rm -f openvswitch
9 | ExecStart=/usr/bin/docker run --name openvswitch --rm --privileged --net=host --pid=host -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:ro -v <%= node['cookbook-openshift3']['openshift_common_base_dir'] %>/openvswitch:/etc/openvswitch <%= node['cookbook-openshift3']['openshift_docker_ovs_image'] %>:${IMAGE_VERSION}
10 | ExecStartPost=/usr/bin/sleep 5
11 | ExecStop=/usr/bin/docker stop openvswitch
12 | SyslogIdentifier=openvswitch
13 | Restart=always
14 | RestartSec=5s
15 |
16 | [Install]
17 | WantedBy=docker.service
18 |
--------------------------------------------------------------------------------
/templates/default/service_openvswitch.sysconfig.erb:
--------------------------------------------------------------------------------
1 | IMAGE_VERSION=<%= node['cookbook-openshift3']['openshift_docker_image_version'] %>
2 |
--------------------------------------------------------------------------------
/templates/default/serviceaccount.yaml.erb:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: <%= @sa['name'] %>
5 | <% if @sa.has_key?('labels') %>
6 | labels:
7 | <% @sa['labels'].each_pair do |k, v| %>
8 | <%= k %>: <%= v %>
9 | <%- end -%>
10 | <%- end -%>
11 | <% if @sa.has_key?('secrets') %>
12 | secrets:
13 | <% @sa['secrets'].each do |secret| %>
14 | - name: <%= secret %>
15 | <%- end -%>
16 | <%- end -%>
17 |
--------------------------------------------------------------------------------
/templates/default/session-secrets.yaml.erb:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: SessionSecrets
3 | secrets:
4 | - authentication: "<%= @secret_authentication -%>"
5 | encryption: "<%= @secret_encryption -%>"
6 |
7 |
--------------------------------------------------------------------------------
/templates/default/web_console/console-config.yaml.erb:
--------------------------------------------------------------------------------
1 | apiVersion: webconsole.config.openshift.io/v1
2 | kind: WebConsoleConfiguration
3 | clusterInfo:
4 | consolePublicURL: <%= node['cookbook-openshift3']['openshift_master_console_url'] %>/
5 | loggingPublicURL: <%= node['cookbook-openshift3']['openshift_web_console_logging_public_url'] %>
6 | logoutPublicURL: <%= node['cookbook-openshift3']['openshift_web_console_logout_url'] %>
7 | masterPublicURL: <%= node['cookbook-openshift3']['openshift_master_public_api_url'] %>
8 | metricsPublicURL: <%= node['cookbook-openshift3']['openshift_web_console_metrics_public_url'] %>
9 | extensions:
10 | scriptURLs:
11 | <% node['cookbook-openshift3']['openshift_web_console_extension_script_urls'].each do |url| %>
12 | - <%= url %>
13 | <%- end -%>
14 | stylesheetURLs:
15 | <% node['cookbook-openshift3']['openshift_web_console_extension_stylesheet_urls'].each do |url| %>
16 | - <%= url %>
17 | <%- end -%>
18 | properties:
19 | <% node['cookbook-openshift3']['openshift_web_console_properties'].each_pair do |k,v| %>
20 | <%= k %>: <%= v %>
21 | <%- end -%>
22 | features:
23 | inactivityTimeoutMinutes: <%= node['cookbook-openshift3']['openshift_web_console_inactivity_timeout_minutes'] %>
24 | clusterResourceOverridesEnabled: <%= node['cookbook-openshift3']['openshift_web_console_cluster_resource_overrides_enabled'] %>
25 | servingInfo:
26 | bindAddress: 0.0.0.0:8443
27 | bindNetwork: tcp4
28 | certFile: /var/serving-cert/tls.crt
29 | clientCA: ""
30 | keyFile: /var/serving-cert/tls.key
31 | maxRequestsInFlight: 0
32 | namedCertificates: null
33 | requestTimeoutSeconds: 0
34 |
--------------------------------------------------------------------------------
/test/inspec/cluster-native/services_test.rb:
--------------------------------------------------------------------------------
1 | describe service('etcd') do
2 | it { should be_installed }
3 | it { should be_enabled }
4 | it { should be_running }
5 | end
6 |
7 | describe service('origin-master-api') do
8 | it { should be_installed }
9 | it { should be_enabled }
10 | it { should be_running }
11 | end
12 |
13 | describe service('origin-master-controllers') do
14 | it { should be_installed }
15 | it { should be_enabled }
16 | it { should be_running }
17 | end
18 |
19 | describe service('origin-master') do
20 | it { should_not be_installed }
21 | end
22 |
23 | describe service('origin-node') do
24 | it { should be_installed }
25 | it { should be_enabled }
26 | it { should be_running }
27 | end
28 |
29 | describe service('dnsmasq') do
30 | it { should be_installed }
31 | it { should be_enabled }
32 | it { should be_running }
33 | end
34 |
--------------------------------------------------------------------------------
/test/inspec/shared/00_docker_test.rb:
--------------------------------------------------------------------------------
1 | describe service('docker') do
2 | it { should be_installed }
3 | it { should be_enabled }
4 | it { should be_running }
5 | end
6 |
7 | # It configures docker to use journald logging driver
8 | describe command('ps aux | grep docker | grep -v grep') do
9 | its('exit_status') { should eq 0 }
10 | its('stdout') { should match(/log-driver=journald/) }
11 | end
12 |
--------------------------------------------------------------------------------
/test/inspec/shared/10_installation_test.rb:
--------------------------------------------------------------------------------
1 | # It installs `oc` command
2 | describe command('oc') do
3 | it { should exist }
4 | end
5 |
6 | # It installs `oadm` command
7 | describe command('oadm') do
8 | it { should exist }
9 | end
10 |
--------------------------------------------------------------------------------
/test/inspec/shared/12_directory_permissions_test.rb:
--------------------------------------------------------------------------------
1 | describe directory('/etc/origin') do
2 | its('owner') { should eq 'root' }
3 | its('group') { should eq 'root' }
4 | its('mode') { should cmp '0750' }
5 | end
6 |
7 | describe directory('/etc/origin/master') do
8 | its('owner') { should eq 'root' }
9 | its('group') { should eq 'root' }
10 | its('mode') { should cmp '0700' }
11 | end
12 |
13 | describe directory('/etc/origin/node') do
14 | its('owner') { should eq 'root' }
15 | its('group') { should eq 'root' }
16 | its('mode') { should cmp '0755' }
17 | end
18 |
19 | describe directory('/etc/origin/node/ca.crt') do
20 | its('owner') { should eq 'root' }
21 | its('group') { should eq 'root' }
22 | its('mode') { should cmp '0640' }
23 | end
24 |
--------------------------------------------------------------------------------
/test/inspec/shared/20_feature_attribute_labels_test.rb:
--------------------------------------------------------------------------------
1 | # node should have all labels configured in attributes
2 | describe command('oc get node/$HOSTNAME --template="{{.metadata.labels}}"') do
3 | its('exit_status') { should eq 0 }
4 | its('stdout') { should match(/region:infra/) }
5 | its('stdout') { should match(/custom:label/) }
6 | end
7 |
--------------------------------------------------------------------------------
/test/inspec/shared/21_feature_persistent_storage_test.rb:
--------------------------------------------------------------------------------
1 | # persistent volume for testpv should exist and be bound
2 | describe command("oc get pv/testpv-volume --template '{{.status.phase}}'") do
3 | its('exit_status') { should eq 0 }
4 | its('stdout') { should match(/Bound/) }
5 | end
6 |
7 | # persistent volume claim for testpv should also exist and be bound
8 | describe command("oc get pvc/testpv-claim -n default --template '{{.status.phase}}'") do
9 | its('exit_status') { should eq 0 }
10 | its('stdout') { should match(/Bound/) }
11 | end
12 |
--------------------------------------------------------------------------------
/test/inspec/shared/22_feature_hosted_router_test.rb:
--------------------------------------------------------------------------------
1 | # should create a 'router' dc in default namespace
2 | describe command("oc get dc/router -n default --template '{{.metadata.name}}'") do
3 | its('exit_status') { should eq 0 }
4 | its('stdout') { should match(/^router$/) }
5 | end
6 |
7 | # dc should have 1 instance (the number of nodes with region=infra label)
8 | describe command('oc get dc/router -n default --template {{.spec.replicas}}') do
9 | its('exit_status') { should eq 0 }
10 | its('stdout') { should match(/^1$/) }
11 | end
12 |
13 | # dc should have region=infra nodeSelector
14 | describe command("oc get dc/router -n default --template '{{.spec.template.spec.nodeSelector}}'") do
15 | its('exit_status') { should eq 0 }
16 | its('stdout') { should match(/region:infra/) }
17 | end
18 |
19 | # oc adm router was passed the custom option, resulting in a custom password being set in the DC
20 | describe command(%[oc get dc/router -n default -o jsonpath='{ .spec.template.spec.containers[*].env[?(@.name=="STATS_PASSWORD")].value }']) do
21 | its('exit_status') { should eq 0 }
22 | its('stdout') { should match(/xyzzy/) }
23 | end
24 |
--------------------------------------------------------------------------------
/test/inspec/shared/23_feature_hosted_registry_test.rb:
--------------------------------------------------------------------------------
1 | # should create a 'docker-registry' dc in default namespace
2 | describe command("oc get dc/docker-registry -n default --template '{{.metadata.name}}'") do
3 | its('exit_status') { should eq 0 }
4 | its('stdout') { should match(/^docker-registry/) }
5 | end
6 |
7 | # dc should have 1 instance (the number of nodes with region=infra label)
8 | describe command('oc get dc/docker-registry -n default --template {{.spec.replicas}}') do
9 | its('exit_status') { should eq 0 }
10 | its('stdout') { should match(/^1$/) }
11 | end
12 |
13 | # dc should have region=infra nodeSelector
14 | describe command("oc get dc/docker-registry -n default --template '{{.spec.template.spec.nodeSelector}}'") do
15 | its('exit_status') { should eq 0 }
16 | its('stdout') { should match(/region:infra/) }
17 | end
18 |
19 | # persistent volume for registry should exist and be bound
20 | describe command("oc get pv/registry-storage-volume -n default --template '{{.status.phase}}'") do
21 | its('exit_status') { should eq 0 }
22 | its('stdout') { should match(/Bound/) }
23 | end
24 |
25 | # persistent volume claim for registry should also exist and be bound
26 | describe command("oc get pvc/registry-storage-claim -n default --template '{{.status.phase}}'") do
27 | its('exit_status') { should eq 0 }
28 | its('stdout') { should match(/Bound/) }
29 | end
30 |
--------------------------------------------------------------------------------
/test/inspec/shared/24_feature_hosted_metrics_test.rb:
--------------------------------------------------------------------------------
1 | # should create a replicationcontroller for hawkular-cassandra-1
2 | describe command("oc get rc hawkular-cassandra-1 -n openshift-infra --template '{{.metadata.name}}'") do
3 | its('exit_status') { should eq 0 }
4 | its('stdout') { should match(/hawkular-cassandra-1/) }
5 | end
6 |
7 | # should create a replicationcontroller for hawkular-metrics
8 | describe command("oc get rc hawkular-metrics -n openshift-infra --template '{{.metadata.name}}'") do
9 | its('exit_status') { should eq 0 }
10 | its('stdout') { should match(/hawkular-metrics/) }
11 | end
12 |
13 | # should create a replicationcontroller for heapster
14 | describe command("oc get rc heapster -n openshift-infra --template '{{.metadata.name}}'") do
15 | its('exit_status') { should eq 0 }
16 | its('stdout') { should match(/heapster/) }
17 | end
18 |
19 | # should create rolebinding for hawkular service account
20 | describe command('oc get rolebinding -n openshift-infra --no-headers | grep -q hawkular-view') do
21 | its('exit_status') { should eq 0 }
22 | end
23 |
24 | # should create some 'metrics-*' pods (which probably won't have time to complete)
25 | # at start the pod is metrics-deployer-ID then should be metrics-hawkular etc.
26 | describe command("oc get pods -n openshift-infra --no-headers --selector=metrics-infra | egrep -q '^(hawkular-metrics|heapster|hawkular-cassandra)'") do
27 | its('exit_status') { should eq 0 }
28 | end
29 |
--------------------------------------------------------------------------------
/test/inspec/shared/25_feature_hosted_logging_test.rb:
--------------------------------------------------------------------------------
1 | # should create a DC for curator
2 | describe command("oc get dc -l component=curator,logging-infra=curator -n logging -o jsonpath='{ .items[*].metadata.name }'") do
3 | its('exit_status') { should eq 0 }
4 | its('stdout') { should match(/logging-curator/) }
5 | end
6 |
7 | # should create a DC for elasticsearch
8 | describe command("oc get dc -l component=es,logging-infra=elasticsearch -n logging -o jsonpath='{ .items[*].metadata.name }'") do
9 | its('exit_status') { should eq 0 }
10 | its('stdout') { should match(/logging-es-\w+/) }
11 | end
12 |
13 | # should create a DC for kibana
14 | describe command("oc get dc -l component=kibana,logging-infra=kibana -n logging -o jsonpath='{ .items[*].metadata.name }'") do
15 | its('exit_status') { should eq 0 }
16 | its('stdout') { should match(/logging-kibana/) }
17 | end
18 |
19 | # should create a DS for fluentd
20 | describe command("oc get ds -l component=fluentd,logging-infra=fluentd -n logging -o jsonpath='{ .items[*].metadata.name }'") do
21 | its('exit_status') { should eq 0 }
22 | its('stdout') { should match(/logging-fluentd/) }
23 | end
24 |
25 | # should label all nodes with logging-infra-fluentd=true
26 | describe command('oc get nodes -l logging-infra-fluentd!=true 2>/dev/null | wc -l') do
27 | its('exit_status') { should eq 0 }
28 | its('stdout') { should match(/^0$/) }
29 | end
30 |
--------------------------------------------------------------------------------
/test/inspec/shared/26_dnsmasq_test.rb:
--------------------------------------------------------------------------------
1 | describe service('dnsmasq') do
2 | it { should be_installed }
3 | it { should be_enabled }
4 | it { should be_running }
5 | end
6 |
--------------------------------------------------------------------------------
/test/inspec/standalone/services_test.rb:
--------------------------------------------------------------------------------
1 | describe service('etcd') do
2 | it { should_not be_running }
3 | end
4 |
5 | describe service('origin-master') do
6 | it { should be_installed }
7 | it { should be_enabled }
8 | it { should be_running }
9 | end
10 |
11 | describe service('origin-master-api') do
12 | it { should_not be_installed }
13 | end
14 |
15 | describe service('origin-master-controllers') do
16 | it { should_not be_installed }
17 | end
18 |
19 | describe service('origin-node') do
20 | it { should be_installed }
21 | it { should be_enabled }
22 | it { should be_running }
23 | end
24 |
25 | describe service('dnsmasq') do
26 | it { should be_installed }
27 | it { should be_enabled }
28 | it { should be_running }
29 | end
30 |
--------------------------------------------------------------------------------
/test/roles/openshift3-base-ose15.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "openshift3-base",
3 | "description": "Openshift3 Common Base Role",
4 | "json_class": "Chef::Role",
5 | "default_attributes": {
6 |
7 | },
8 | "override_attributes": {
9 | "cookbook-openshift3": {
10 | "openshift_deployment_type": "origin",
11 | "ose_major_version": "1.5",
12 | "ose_version": "1.5.1-1.el7",
13 | "openshift_common_portal_net": "172.30.0.0/16",
14 | "openshift_master_sdn_cluster_network_cidr": "10.128.0.0/14",
15 | "openshift_master_sdn_host_subnet_length": 9,
16 | "openshift_hosted_manage_router": true,
17 | "openshift_hosted_manage_registry": true,
18 | "openshift_hosted_cluster_metrics": true,
19 | "openshift_hosted_cluster_logging": true,
20 | "deploy_example": false,
21 | "openshift_metrics_image_version": "v1.5.1",
22 | "openshift_logging_image_version": "v1.5.1"
23 | }
24 | },
25 | "chef_type": "role",
26 | "run_list": [
27 | "recipe[cookbook-openshift3::default]"
28 | ]
29 | }
30 |
--------------------------------------------------------------------------------
/test/roles/openshift3-base-ose36.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "openshift3-base",
3 | "description": "Openshift3 Common Base Role",
4 | "json_class": "Chef::Role",
5 | "default_attributes": {
6 |
7 | },
8 | "override_attributes": {
9 | "cookbook-openshift3": {
10 | "openshift_deployment_type": "origin",
11 | "ose_major_version": "3.6",
12 | "ose_version": "3.6.1-1.0.008f2d5",
13 | "openshift_common_portal_net": "172.30.0.0/16",
14 | "openshift_master_sdn_cluster_network_cidr": "10.128.0.0/14",
15 | "openshift_master_sdn_host_subnet_length": 9,
16 | "openshift_hosted_manage_router": true,
17 | "openshift_hosted_manage_registry": true,
18 | "openshift_hosted_cluster_metrics": true,
19 | "openshift_hosted_cluster_logging": true,
20 | "deploy_example": false,
21 | "openshift_metrics_image_version": "v3.6.1",
22 | "openshift_logging_image_version": "v3.6.1"
23 | }
24 | },
25 | "chef_type": "role",
26 | "run_list": [
27 | "recipe[cookbook-openshift3::default]"
28 | ]
29 | }
30 |
--------------------------------------------------------------------------------
/test/roles/openshift3-base-ose37.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "openshift3-base",
3 | "description": "Openshift3 Common Base Role",
4 | "json_class": "Chef::Role",
5 | "default_attributes": {
6 |
7 | },
8 | "override_attributes": {
9 | "cookbook-openshift3": {
10 | "openshift_deployment_type": "origin",
11 | "ose_major_version": "3.7",
12 | "ose_version": "3.7.2-1.el7.git.0.cd74924",
13 | "openshift_common_portal_net": "172.30.0.0/16",
14 | "openshift_master_sdn_cluster_network_cidr": "10.128.0.0/14",
15 | "openshift_master_sdn_host_subnet_length": 9,
16 | "openshift_hosted_manage_router": true,
17 | "openshift_hosted_manage_registry": true,
18 | "openshift_hosted_cluster_metrics": true,
19 | "openshift_hosted_cluster_logging": true,
20 | "deploy_example": false,
21 | "openshift_metrics_image_version": "v3.7",
22 | "openshift_logging_image_version": "v3.7"
23 | }
24 | },
25 | "chef_type": "role",
26 | "run_list": [
27 | "recipe[cookbook-openshift3::default]"
28 | ]
29 | }
30 |
--------------------------------------------------------------------------------
/test/roles/openshift3-base-ose39.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "openshift3-base",
3 | "description": "Openshift3 Common Base Role",
4 | "json_class": "Chef::Role",
5 | "default_attributes": {
6 |
7 | },
8 | "override_attributes": {
9 | "cookbook-openshift3": {
10 | "openshift_deployment_type": "origin",
11 | "ose_major_version": "3.9",
12 | "ose_version": "3.9.0-1.el7.git.0.ba7faec",
13 | "openshift_common_portal_net": "172.30.0.0/16",
14 | "openshift_master_sdn_cluster_network_cidr": "10.128.0.0/14",
15 | "openshift_master_sdn_host_subnet_length": 9,
16 | "openshift_hosted_manage_router": true,
17 | "openshift_hosted_manage_registry": true,
18 | "openshift_hosted_cluster_metrics": true,
19 | "openshift_hosted_cluster_logging": true,
20 | "deploy_example": false,
21 | "openshift_metrics_image_version": "v3.9",
22 | "openshift_logging_image_version": "v3.9"
23 | }
24 | },
25 | "chef_type": "role",
26 | "run_list": [
27 | "recipe[cookbook-openshift3::default]"
28 | ]
29 | }
30 |
--------------------------------------------------------------------------------
/utils/atomic:
--------------------------------------------------------------------------------
1 | grep -r "#{node\['cookbook-openshift3'\]\['openshift_service_type'\]}" attributes providers recipes -l | xargs sed -i "s/#{node\['cookbook-openshift3'\]\['openshift_service_type'\]}/atomic-openshift/g"
2 | grep -r "\ node\['cookbook-openshift3'\]\['openshift_service_type'\]" attributes providers recipes -l | xargs sed -i "s/\ node\['cookbook-openshift3'\]\['openshift_service_type'\]/\ 'atomic-openshift'/g"
3 | grep -r "<%= node\['cookbook-openshift3'\]\['openshift_service_type'\] %>" templates -l | xargs sed -i "s/<%= node\['cookbook-openshift3'\]\['openshift_service_type'\] %>/atomic-openshift/g"
4 | grep cookbook-openshift3 -R -l | grep -v '^\.' | xargs sed 's/cookbook-openshift3/is_apaas_openshift_cookbook/g' -i
5 | docker run -t --rm --volume "$PWD:/app:Z" --workdir /app chef/chefdk:2.5.3 rubocop -a
6 |
--------------------------------------------------------------------------------