Created
September 26, 2017 20:34
-
-
Save pweil-/910a65465a14f95931124046e3902bf4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: DeploymentConfig | |
metadata: | |
creationTimestamp: '2017-09-26T17:43:12Z' | |
generation: 33 | |
labels: | |
component: es | |
deployment: logging-es-data-master-7bqbidg1 | |
logging-infra: elasticsearch | |
provider: openshift | |
name: logging-es-data-master-7bqbidg1 | |
namespace: logging | |
resourceVersion: '5523' | |
selfLink: >- | |
/oapi/v1/namespaces/logging/deploymentconfigs/logging-es-data-master-7bqbidg1 | |
uid: 2ae53fb7-a2e2-11e7-b6bc-54e1ad07d3bf | |
spec: | |
replicas: 1 | |
selector: | |
component: es | |
deployment: logging-es-data-master-7bqbidg1 | |
logging-infra: elasticsearch | |
provider: openshift | |
strategy: | |
activeDeadlineSeconds: 21600 | |
recreateParams: | |
timeoutSeconds: 600 | |
resources: {} | |
type: Recreate | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
component: es | |
deployment: logging-es-data-master-7bqbidg1 | |
logging-infra: elasticsearch | |
provider: openshift | |
name: logging-es-data-master-7bqbidg1 | |
spec: | |
containers: | |
- env: | |
- name: DC_NAME | |
value: logging-es-data-master-7bqbidg1 | |
- name: NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: KUBERNETES_TRUST_CERT | |
value: 'true' | |
- name: SERVICE_DNS | |
value: logging-es-cluster | |
- name: CLUSTER_NAME | |
value: logging-es | |
- name: INSTANCE_RAM | |
value: 8Gi | |
- name: HEAP_DUMP_LOCATION | |
value: /elasticsearch/persistent/heapdump.hprof | |
- name: NODE_QUORUM | |
value: '1' | |
- name: RECOVER_EXPECTED_NODES | |
value: '1' | |
- name: RECOVER_AFTER_TIME | |
value: 5m | |
- name: IS_MASTER | |
value: 'true' | |
- name: HAS_DATA | |
value: 'true' | |
image: 'openshift/origin-logging-elasticsearch:v3.6.0' | |
imagePullPolicy: Always | |
name: elasticsearch | |
ports: | |
- containerPort: 9200 | |
name: restapi | |
protocol: TCP | |
- containerPort: 9300 | |
name: cluster | |
protocol: TCP | |
resources: | |
limits: | |
cpu: '1' | |
memory: 8Gi | |
requests: | |
memory: 512Mi | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /etc/elasticsearch/secret | |
name: elasticsearch | |
readOnly: true | |
- mountPath: /usr/share/java/elasticsearch/config | |
name: elasticsearch-config | |
readOnly: true | |
- mountPath: /elasticsearch/persistent | |
name: elasticsearch-storage | |
- args: | |
- >- | |
cat /etc/elasticsearch/secret/admin-ca >> | |
/etc/pki/tls/certs/ca-bundle.crt && /bin/oauth-proxy | |
--https-address=:4443 -provider=openshift | |
-client-id=system:serviceaccount:logging:aggregated-logging-elasticsearch | |
-client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token | |
-cookie-secret=d4bc23207523aed802d9a3ef592fb4d9 | |
-upstream=https://localhost:9200 -openshift-sar='{"namespace": | |
"logging", "verb": "get", "resource": "services"}' | |
-openshift-delegate-urls='{"/": {"resource": "services", "verb": | |
"get", "namespace": "logging"}}' | |
--tls-cert=/etc/tls/private/tls.crt | |
--tls-key=/etc/tls/private/tls.key -pass-access-token | |
-pass-user-headers | |
-redeem-url=https://192.168.1.101:8443/oauth/token | |
command: | |
- /bin/sh | |
- '-c' | |
env: | |
- name: NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
image: 'openshift/oauth-proxy:v1.0.0' | |
imagePullPolicy: Always | |
name: oauth-proxy | |
ports: | |
- containerPort: 4443 | |
name: oauth-proxy | |
protocol: TCP | |
resources: | |
limits: | |
memory: 128Mi | |
securityContext: | |
runAsUser: 0 | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /etc/tls/private | |
name: proxy-tls | |
readOnly: true | |
- mountPath: /etc/elasticsearch/secret | |
name: elasticsearch | |
readOnly: true | |
dnsPolicy: ClusterFirst | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
securityContext: | |
supplementalGroups: | |
- 65534 | |
serviceAccount: aggregated-logging-elasticsearch | |
serviceAccountName: aggregated-logging-elasticsearch | |
terminationGracePeriodSeconds: 30 | |
volumes: | |
- name: elasticsearch | |
secret: | |
defaultMode: 420 | |
secretName: logging-elasticsearch | |
- configMap: | |
defaultMode: 420 | |
name: logging-elasticsearch | |
name: elasticsearch-config | |
- emptyDir: {} | |
name: elasticsearch-storage | |
- name: proxy-tls | |
secret: | |
defaultMode: 420 | |
secretName: proxy-tls | |
test: false | |
triggers: | |
- type: ConfigChange | |
status: | |
availableReplicas: 1 | |
conditions: | |
- lastTransitionTime: '2017-09-26T20:30:37Z' | |
lastUpdateTime: '2017-09-26T20:30:37Z' | |
message: Deployment config has minimum availability. | |
status: 'True' | |
type: Available | |
- lastTransitionTime: '2017-09-26T20:30:38Z' | |
lastUpdateTime: '2017-09-26T20:30:38Z' | |
message: >- | |
replication controller "logging-es-data-master-7bqbidg1-17" successfully | |
rolled out | |
reason: NewReplicationControllerAvailable | |
status: 'True' | |
type: Progressing | |
details: | |
causes: | |
- type: ConfigChange | |
message: config change | |
latestVersion: 17 | |
observedGeneration: 33 | |
readyReplicas: 1 | |
replicas: 1 | |
unavailableReplicas: 0 | |
updatedReplicas: 1 |
Author
pweil-
commented
Sep 27, 2017
$ cat service.yaml
apiVersion: v1
kind: Service
metadata:
name: proxy
annotations:
service.alpha.openshift.io/serving-cert-secret-name: proxy-tls
spec:
ports:
- name: proxy
port: 443
targetPort: 8443
selector:
component: es
provider: openshift
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment