Skip to content

Instantly share code, notes, and snippets.

@pweil-
Created September 26, 2017 20:34
Show Gist options
  • Save pweil-/910a65465a14f95931124046e3902bf4 to your computer and use it in GitHub Desktop.
Save pweil-/910a65465a14f95931124046e3902bf4 to your computer and use it in GitHub Desktop.
apiVersion: v1
kind: DeploymentConfig
metadata:
creationTimestamp: '2017-09-26T17:43:12Z'
generation: 33
labels:
component: es
deployment: logging-es-data-master-7bqbidg1
logging-infra: elasticsearch
provider: openshift
name: logging-es-data-master-7bqbidg1
namespace: logging
resourceVersion: '5523'
selfLink: >-
/oapi/v1/namespaces/logging/deploymentconfigs/logging-es-data-master-7bqbidg1
uid: 2ae53fb7-a2e2-11e7-b6bc-54e1ad07d3bf
spec:
replicas: 1
selector:
component: es
deployment: logging-es-data-master-7bqbidg1
logging-infra: elasticsearch
provider: openshift
strategy:
activeDeadlineSeconds: 21600
recreateParams:
timeoutSeconds: 600
resources: {}
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
component: es
deployment: logging-es-data-master-7bqbidg1
logging-infra: elasticsearch
provider: openshift
name: logging-es-data-master-7bqbidg1
spec:
containers:
- env:
- name: DC_NAME
value: logging-es-data-master-7bqbidg1
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: KUBERNETES_TRUST_CERT
value: 'true'
- name: SERVICE_DNS
value: logging-es-cluster
- name: CLUSTER_NAME
value: logging-es
- name: INSTANCE_RAM
value: 8Gi
- name: HEAP_DUMP_LOCATION
value: /elasticsearch/persistent/heapdump.hprof
- name: NODE_QUORUM
value: '1'
- name: RECOVER_EXPECTED_NODES
value: '1'
- name: RECOVER_AFTER_TIME
value: 5m
- name: IS_MASTER
value: 'true'
- name: HAS_DATA
value: 'true'
image: 'openshift/origin-logging-elasticsearch:v3.6.0'
imagePullPolicy: Always
name: elasticsearch
ports:
- containerPort: 9200
name: restapi
protocol: TCP
- containerPort: 9300
name: cluster
protocol: TCP
resources:
limits:
cpu: '1'
memory: 8Gi
requests:
memory: 512Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/elasticsearch/secret
name: elasticsearch
readOnly: true
- mountPath: /usr/share/java/elasticsearch/config
name: elasticsearch-config
readOnly: true
- mountPath: /elasticsearch/persistent
name: elasticsearch-storage
- args:
- >-
cat /etc/elasticsearch/secret/admin-ca >>
/etc/pki/tls/certs/ca-bundle.crt && /bin/oauth-proxy
--https-address=:4443 -provider=openshift
-client-id=system:serviceaccount:logging:aggregated-logging-elasticsearch
-client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
-cookie-secret=d4bc23207523aed802d9a3ef592fb4d9
-upstream=https://localhost:9200 -openshift-sar='{"namespace":
"logging", "verb": "get", "resource": "services"}'
-openshift-delegate-urls='{"/": {"resource": "services", "verb":
"get", "namespace": "logging"}}'
--tls-cert=/etc/tls/private/tls.crt
--tls-key=/etc/tls/private/tls.key -pass-access-token
-pass-user-headers
-redeem-url=https://192.168.1.101:8443/oauth/token
command:
- /bin/sh
- '-c'
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: 'openshift/oauth-proxy:v1.0.0'
imagePullPolicy: Always
name: oauth-proxy
ports:
- containerPort: 4443
name: oauth-proxy
protocol: TCP
resources:
limits:
memory: 128Mi
securityContext:
runAsUser: 0
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/tls/private
name: proxy-tls
readOnly: true
- mountPath: /etc/elasticsearch/secret
name: elasticsearch
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
supplementalGroups:
- 65534
serviceAccount: aggregated-logging-elasticsearch
serviceAccountName: aggregated-logging-elasticsearch
terminationGracePeriodSeconds: 30
volumes:
- name: elasticsearch
secret:
defaultMode: 420
secretName: logging-elasticsearch
- configMap:
defaultMode: 420
name: logging-elasticsearch
name: elasticsearch-config
- emptyDir: {}
name: elasticsearch-storage
- name: proxy-tls
secret:
defaultMode: 420
secretName: proxy-tls
test: false
triggers:
- type: ConfigChange
status:
availableReplicas: 1
conditions:
- lastTransitionTime: '2017-09-26T20:30:37Z'
lastUpdateTime: '2017-09-26T20:30:37Z'
message: Deployment config has minimum availability.
status: 'True'
type: Available
- lastTransitionTime: '2017-09-26T20:30:38Z'
lastUpdateTime: '2017-09-26T20:30:38Z'
message: >-
replication controller "logging-es-data-master-7bqbidg1-17" successfully
rolled out
reason: NewReplicationControllerAvailable
status: 'True'
type: Progressing
details:
causes:
- type: ConfigChange
message: config change
latestVersion: 17
observedGeneration: 33
readyReplicas: 1
replicas: 1
unavailableReplicas: 0
updatedReplicas: 1
@pweil-
Copy link
Author

pweil- commented Sep 27, 2017

apiVersion: v1
kind: Route
metadata:
  name: proxy
  namespace: logging
spec:
  host: proxy-logging.127.0.0.1.nip.io
  port:
    targetPort: proxy
  tls: 
    insecureEdgeTerminationPolicy: Redirect
    termination: reencrypt
  to:
    kind: Service
    name: proxy
    weight: 100
  wildcardPolicy: None

@pweil-
Copy link
Author

pweil- commented Sep 27, 2017

$ cat service.yaml 
apiVersion: v1
kind: Service
metadata:
  name: proxy
  annotations:
    service.alpha.openshift.io/serving-cert-secret-name: proxy-tls
spec:
  ports:
  - name: proxy
    port: 443
    targetPort: 8443
  selector:
    component: es
    provider: openshift

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment