gistfile1.txt

apiVersion: v1
kind: DeploymentConfig
metadata:
  creationTimestamp: '2017-09-26T17:43:12Z'
  generation: 33
  labels:
    component: es
    deployment: logging-es-data-master-7bqbidg1
    logging-infra: elasticsearch
    provider: openshift
  name: logging-es-data-master-7bqbidg1
  namespace: logging
  resourceVersion: '5523'
  selfLink: >-
    /oapi/v1/namespaces/logging/deploymentconfigs/logging-es-data-master-7bqbidg1
  uid: 2ae53fb7-a2e2-11e7-b6bc-54e1ad07d3bf
spec:
  replicas: 1
  selector:
    component: es
    deployment: logging-es-data-master-7bqbidg1
    logging-infra: elasticsearch
    provider: openshift
  strategy:
    activeDeadlineSeconds: 21600
    recreateParams:
      timeoutSeconds: 600
    resources: {}
    type: Recreate
  template:
    metadata:
      creationTimestamp: null
      labels:
        component: es
        deployment: logging-es-data-master-7bqbidg1
        logging-infra: elasticsearch
        provider: openshift
      name: logging-es-data-master-7bqbidg1
    spec:
      containers:
        - env:
            - name: DC_NAME
              value: logging-es-data-master-7bqbidg1
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.namespace
            - name: KUBERNETES_TRUST_CERT
              value: 'true'
            - name: SERVICE_DNS
              value: logging-es-cluster
            - name: CLUSTER_NAME
              value: logging-es
            - name: INSTANCE_RAM
              value: 8Gi
            - name: HEAP_DUMP_LOCATION
              value: /elasticsearch/persistent/heapdump.hprof
            - name: NODE_QUORUM
              value: '1'
            - name: RECOVER_EXPECTED_NODES
              value: '1'
            - name: RECOVER_AFTER_TIME
              value: 5m
            - name: IS_MASTER
              value: 'true'
            - name: HAS_DATA
              value: 'true'
          image: 'openshift/origin-logging-elasticsearch:v3.6.0'
          imagePullPolicy: Always
          name: elasticsearch
          ports:
            - containerPort: 9200
              name: restapi
              protocol: TCP
            - containerPort: 9300
              name: cluster
              protocol: TCP
          resources:
            limits:
              cpu: '1'
              memory: 8Gi
            requests:
              memory: 512Mi
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
            - mountPath: /etc/elasticsearch/secret
              name: elasticsearch
              readOnly: true
            - mountPath: /usr/share/java/elasticsearch/config
              name: elasticsearch-config
              readOnly: true
            - mountPath: /elasticsearch/persistent
              name: elasticsearch-storage
        - args:
            - >-
              cat /etc/elasticsearch/secret/admin-ca >>
              /etc/pki/tls/certs/ca-bundle.crt && /bin/oauth-proxy
              --https-address=:4443 -provider=openshift
              -client-id=system:serviceaccount:logging:aggregated-logging-elasticsearch
              -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
              -cookie-secret=d4bc23207523aed802d9a3ef592fb4d9
              -upstream=https://localhost:9200 -openshift-sar='{"namespace":
              "logging", "verb": "get", "resource": "services"}'
              -openshift-delegate-urls='{"/": {"resource": "services", "verb":
              "get", "namespace": "logging"}}'
              --tls-cert=/etc/tls/private/tls.crt
              --tls-key=/etc/tls/private/tls.key -pass-access-token
              -pass-user-headers
              -redeem-url=https://192.168.1.101:8443/oauth/token
          command:
            - /bin/sh
            - '-c'
          env:
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.namespace
          image: 'openshift/oauth-proxy:v1.0.0'
          imagePullPolicy: Always
          name: oauth-proxy
          ports:
            - containerPort: 4443
              name: oauth-proxy
              protocol: TCP
          resources:
            limits:
              memory: 128Mi
          securityContext:
            runAsUser: 0
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
            - mountPath: /etc/tls/private
              name: proxy-tls
              readOnly: true
            - mountPath: /etc/elasticsearch/secret
              name: elasticsearch
              readOnly: true
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext:
        supplementalGroups:
          - 65534
      serviceAccount: aggregated-logging-elasticsearch
      serviceAccountName: aggregated-logging-elasticsearch
      terminationGracePeriodSeconds: 30
      volumes:
        - name: elasticsearch
          secret:
            defaultMode: 420
            secretName: logging-elasticsearch
        - configMap:
            defaultMode: 420
            name: logging-elasticsearch
          name: elasticsearch-config
        - emptyDir: {}
          name: elasticsearch-storage
        - name: proxy-tls
          secret:
            defaultMode: 420
            secretName: proxy-tls
  test: false
  triggers:
    - type: ConfigChange
status:
  availableReplicas: 1
  conditions:
    - lastTransitionTime: '2017-09-26T20:30:37Z'
      lastUpdateTime: '2017-09-26T20:30:37Z'
      message: Deployment config has minimum availability.
      status: 'True'
      type: Available
    - lastTransitionTime: '2017-09-26T20:30:38Z'
      lastUpdateTime: '2017-09-26T20:30:38Z'
      message: >-
        replication controller "logging-es-data-master-7bqbidg1-17" successfully
        rolled out
      reason: NewReplicationControllerAvailable
      status: 'True'
      type: Progressing
  details:
    causes:
      - type: ConfigChange
    message: config change
  latestVersion: 17
  observedGeneration: 33
  readyReplicas: 1
  replicas: 1
  unavailableReplicas: 0
  updatedReplicas: 1

apiVersion: v1
kind: Route
metadata:
  name: proxy
  namespace: logging
spec:
  host: proxy-logging.127.0.0.1.nip.io
  port:
    targetPort: proxy
  tls: 
    insecureEdgeTerminationPolicy: Redirect
    termination: reencrypt
  to:
    kind: Service
    name: proxy
    weight: 100
  wildcardPolicy: None

$ cat service.yaml 
apiVersion: v1
kind: Service
metadata:
  name: proxy
  annotations:
    service.alpha.openshift.io/serving-cert-secret-name: proxy-tls
spec:
  ports:
  - name: proxy
    port: 443
    targetPort: 8443
  selector:
    component: es
    provider: openshift