From 9293059f5d331e26fc86c9fc841e2a57fcba8ae6 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Fri, 7 Oct 2016 16:58:36 -0400 Subject: Move infrastructure templates into openshift_hosted_templates role. --- roles/openshift_hosted_templates/defaults/main.yml | 10 + .../files/v1.0/enterprise/logging-deployer.yaml | 151 ++++++++++ .../files/v1.0/enterprise/metrics-deployer.yaml | 116 ++++++++ .../files/v1.0/origin/logging-deployer.yaml | 151 ++++++++++ .../files/v1.0/origin/metrics-deployer.yaml | 116 ++++++++ .../files/v1.1/enterprise/logging-deployer.yaml | 151 ++++++++++ .../files/v1.1/enterprise/metrics-deployer.yaml | 114 ++++++++ .../files/v1.1/origin/logging-deployer.yaml | 156 ++++++++++ .../files/v1.1/origin/metrics-deployer.yaml | 114 ++++++++ .../files/v1.2/enterprise/logging-deployer.yaml | 156 ++++++++++ .../files/v1.2/enterprise/metrics-deployer.yaml | 126 ++++++++ .../files/v1.2/origin/logging-deployer.yaml | 325 +++++++++++++++++++++ .../files/v1.2/origin/metrics-deployer.yaml | 156 ++++++++++ .../files/v1.3/enterprise/logging-deployer.yaml | 325 +++++++++++++++++++++ .../files/v1.3/enterprise/metrics-deployer.yaml | 156 ++++++++++ .../files/v1.3/enterprise/registry-console.yaml | 124 ++++++++ .../files/v1.3/origin/logging-deployer.yaml | 325 +++++++++++++++++++++ .../files/v1.3/origin/metrics-deployer.yaml | 162 ++++++++++ .../files/v1.3/origin/registry-console.yaml | 124 ++++++++ .../files/v1.4/enterprise/logging-deployer.yaml | 325 +++++++++++++++++++++ .../files/v1.4/enterprise/metrics-deployer.yaml | 156 ++++++++++ .../files/v1.4/enterprise/registry-console.yaml | 124 ++++++++ .../files/v1.4/origin/logging-deployer.yaml | 325 +++++++++++++++++++++ .../files/v1.4/origin/metrics-deployer.yaml | 162 ++++++++++ .../files/v1.4/origin/registry-console.yaml | 124 ++++++++ roles/openshift_hosted_templates/meta/main.yml | 15 + roles/openshift_hosted_templates/tasks/main.yml | 65 +++++ 27 files changed, 4354 insertions(+) create mode 100644 roles/openshift_hosted_templates/defaults/main.yml create mode 100644 roles/openshift_hosted_templates/files/v1.0/enterprise/logging-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.0/enterprise/metrics-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.0/origin/logging-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.0/origin/metrics-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.1/enterprise/logging-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.1/enterprise/metrics-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.1/origin/logging-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.1/origin/metrics-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.2/enterprise/logging-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.2/enterprise/metrics-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.2/origin/logging-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.2/origin/metrics-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.3/enterprise/logging-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.3/enterprise/metrics-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.3/enterprise/registry-console.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.3/origin/logging-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.3/origin/metrics-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.3/origin/registry-console.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.4/enterprise/registry-console.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.4/origin/logging-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml create mode 100644 roles/openshift_hosted_templates/files/v1.4/origin/registry-console.yaml create mode 100644 roles/openshift_hosted_templates/meta/main.yml create mode 100644 roles/openshift_hosted_templates/tasks/main.yml (limited to 'roles/openshift_hosted_templates') diff --git a/roles/openshift_hosted_templates/defaults/main.yml b/roles/openshift_hosted_templates/defaults/main.yml new file mode 100644 index 000000000..f4fd15089 --- /dev/null +++ b/roles/openshift_hosted_templates/defaults/main.yml @@ -0,0 +1,10 @@ +--- +hosted_base: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/hosted" +hosted_deployment_type: "{{ 'origin' if openshift_deployment_type == 'origin' else 'enterprise' }}" + +content_version: "{{ openshift.common.examples_content_version }}" + +registry_url: "" +registry_host: "{{ registry_url.split('/')[0] if '.' in registry_url.split('/')[0] else '' }}" + +openshift_hosted_templates_import_command: 'create' diff --git a/roles/openshift_hosted_templates/files/v1.0/enterprise/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.0/enterprise/logging-deployer.yaml new file mode 100644 index 000000000..b3b60bf9b --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.0/enterprise/logging-deployer.yaml @@ -0,0 +1,151 @@ +apiVersion: "v1" +kind: "Template" +metadata: + name: logging-deployer-template + annotations: + description: "Template for deploying everything needed for aggregated logging. Requires cluster-admin 'logging-deployer' service account and 'logging-deployer' secret." + tags: "infrastructure" +labels: + logging-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: logging-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}logging-deployment:${IMAGE_VERSION} + imagePullPolicy: Always + name: deployer + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: ENABLE_OPS_CLUSTER + value: ${ENABLE_OPS_CLUSTER} + - name: KIBANA_HOSTNAME + value: ${KIBANA_HOSTNAME} + - name: KIBANA_OPS_HOSTNAME + value: ${KIBANA_OPS_HOSTNAME} + - name: PUBLIC_MASTER_URL + value: ${PUBLIC_MASTER_URL} + - name: MASTER_URL + value: ${MASTER_URL} + - name: ES_INSTANCE_RAM + value: ${ES_INSTANCE_RAM} + - name: ES_CLUSTER_SIZE + value: ${ES_CLUSTER_SIZE} + - name: ES_NODE_QUORUM + value: ${ES_NODE_QUORUM} + - name: ES_RECOVER_AFTER_NODES + value: ${ES_RECOVER_AFTER_NODES} + - name: ES_RECOVER_EXPECTED_NODES + value: ${ES_RECOVER_EXPECTED_NODES} + - name: ES_RECOVER_AFTER_TIME + value: ${ES_RECOVER_AFTER_TIME} + - name: ES_OPS_INSTANCE_RAM + value: ${ES_OPS_INSTANCE_RAM} + - name: ES_OPS_CLUSTER_SIZE + value: ${ES_OPS_CLUSTER_SIZE} + - name: ES_OPS_NODE_QUORUM + value: ${ES_OPS_NODE_QUORUM} + - name: ES_OPS_RECOVER_AFTER_NODES + value: ${ES_OPS_RECOVER_AFTER_NODES} + - name: ES_OPS_RECOVER_EXPECTED_NODES + value: ${ES_OPS_RECOVER_EXPECTED_NODES} + - name: ES_OPS_RECOVER_AFTER_TIME + value: ${ES_OPS_RECOVER_AFTER_TIME} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: logging-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: logging-deployer +parameters: +- + description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "registry.access.redhat.com/openshift3/" +- + description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' + name: IMAGE_VERSION + value: "3.1.0" +- + description: "If true, set up to use a second ES cluster for ops logs." + name: ENABLE_OPS_CLUSTER + value: "false" +- + description: "External hostname where clients will reach kibana" + name: KIBANA_HOSTNAME + required: true +- + description: "External hostname at which admins will visit the ops Kibana." + name: KIBANA_OPS_HOSTNAME + value: kibana-ops.example.com +- + description: "External URL for the master, for OAuth purposes" + name: PUBLIC_MASTER_URL + required: true +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc.cluster.local" +- + description: "Amount of RAM to reserve per ElasticSearch instance." + name: ES_INSTANCE_RAM + value: "8G" +- + description: "How many instances of ElasticSearch to deploy." + name: ES_CLUSTER_SIZE + required: true +- + description: "Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_NODE_QUORUM +- + description: "Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." + name: ES_RECOVER_AFTER_NODES +- + description: "Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." + name: ES_RECOVER_EXPECTED_NODES +- + description: "Timeout for *expected* nodes to be present when cluster is recovering from a full restart." + name: ES_RECOVER_AFTER_TIME + value: "5m" +- + description: "Amount of RAM to reserve per ops ElasticSearch instance." + name: ES_OPS_INSTANCE_RAM + value: "8G" +- + description: "How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." + name: ES_OPS_CLUSTER_SIZE +- + description: "Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_OPS_NODE_QUORUM +- + description: "Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_AFTER_NODES +- + description: "Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_EXPECTED_NODES +- + description: "Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." + name: ES_OPS_RECOVER_AFTER_TIME + value: "5m" + diff --git a/roles/openshift_hosted_templates/files/v1.0/enterprise/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.0/enterprise/metrics-deployer.yaml new file mode 100644 index 000000000..ddd9f2f75 --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.0/enterprise/metrics-deployer.yaml @@ -0,0 +1,116 @@ +#!/bin/bash +# +# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: "v1" +kind: "Template" +metadata: + name: metrics-deployer-template + annotations: + description: "Template for deploying the required Metrics integration. Requires cluster-admin 'metrics-deployer' service account and 'metrics-deployer' secret." + tags: "infrastructure" +labels: + metrics-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: metrics-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} + name: deployer + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: PUBLIC_MASTER_URL + value: ${PUBLIC_MASTER_URL} + - name: MASTER_URL + value: ${MASTER_URL} + - name: REDEPLOY + value: ${REDEPLOY} + - name: USE_PERSISTENT_STORAGE + value: ${USE_PERSISTENT_STORAGE} + - name: HAWKULAR_METRICS_HOSTNAME + value: ${HAWKULAR_METRICS_HOSTNAME} + - name: CASSANDRA_NODES + value: ${CASSANDRA_NODES} + - name: CASSANDRA_PV_SIZE + value: ${CASSANDRA_PV_SIZE} + - name: METRIC_DURATION + value: ${METRIC_DURATION} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: metrics-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: metrics-deployer +parameters: +- + description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:v1.1", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "registry.access.redhat.com/openshift3/" +- + description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:v1.1", set version "v1.1"' + name: IMAGE_VERSION + value: "3.1.0" +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc:443" +- + description: "External hostname where clients will reach Hawkular Metrics" + name: HAWKULAR_METRICS_HOSTNAME + required: true +- + description: "If set to true the deployer will try and delete all the existing components before trying to redeploy." + name: REDEPLOY + value: "false" +- + description: "Set to true for persistent storage, set to false to use non persistent storage" + name: USE_PERSISTENT_STORAGE + value: "true" +- + description: "The number of Cassandra Nodes to deploy for the initial cluster" + name: CASSANDRA_NODES + value: "1" +- + description: "The persistent volume size for each of the Cassandra nodes" + name: CASSANDRA_PV_SIZE + value: "1Gi" +- + description: "How many days metrics should be stored for." + name: METRIC_DURATION + value: "7" diff --git a/roles/openshift_hosted_templates/files/v1.0/origin/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.0/origin/logging-deployer.yaml new file mode 100644 index 000000000..4c798e148 --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.0/origin/logging-deployer.yaml @@ -0,0 +1,151 @@ +apiVersion: "v1" +kind: "Template" +metadata: + name: logging-deployer-template + annotations: + description: "Template for deploying everything needed for aggregated logging. Requires cluster-admin 'logging-deployer' service account and 'logging-deployer' secret." + tags: "infrastructure" +labels: + logging-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: logging-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}logging-deployment:${IMAGE_VERSION} + imagePullPolicy: Always + name: deployer + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: ENABLE_OPS_CLUSTER + value: ${ENABLE_OPS_CLUSTER} + - name: KIBANA_HOSTNAME + value: ${KIBANA_HOSTNAME} + - name: KIBANA_OPS_HOSTNAME + value: ${KIBANA_OPS_HOSTNAME} + - name: PUBLIC_MASTER_URL + value: ${PUBLIC_MASTER_URL} + - name: MASTER_URL + value: ${MASTER_URL} + - name: ES_INSTANCE_RAM + value: ${ES_INSTANCE_RAM} + - name: ES_CLUSTER_SIZE + value: ${ES_CLUSTER_SIZE} + - name: ES_NODE_QUORUM + value: ${ES_NODE_QUORUM} + - name: ES_RECOVER_AFTER_NODES + value: ${ES_RECOVER_AFTER_NODES} + - name: ES_RECOVER_EXPECTED_NODES + value: ${ES_RECOVER_EXPECTED_NODES} + - name: ES_RECOVER_AFTER_TIME + value: ${ES_RECOVER_AFTER_TIME} + - name: ES_OPS_INSTANCE_RAM + value: ${ES_OPS_INSTANCE_RAM} + - name: ES_OPS_CLUSTER_SIZE + value: ${ES_OPS_CLUSTER_SIZE} + - name: ES_OPS_NODE_QUORUM + value: ${ES_OPS_NODE_QUORUM} + - name: ES_OPS_RECOVER_AFTER_NODES + value: ${ES_OPS_RECOVER_AFTER_NODES} + - name: ES_OPS_RECOVER_EXPECTED_NODES + value: ${ES_OPS_RECOVER_EXPECTED_NODES} + - name: ES_OPS_RECOVER_AFTER_TIME + value: ${ES_OPS_RECOVER_AFTER_TIME} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: logging-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: logging-deployer +parameters: +- + description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "docker.io/openshift/origin-" +- + description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' + name: IMAGE_VERSION + value: "latest" +- + description: "If true, set up to use a second ES cluster for ops logs." + name: ENABLE_OPS_CLUSTER + value: "false" +- + description: "External hostname where clients will reach kibana" + name: KIBANA_HOSTNAME + required: true +- + description: "External hostname at which admins will visit the ops Kibana." + name: KIBANA_OPS_HOSTNAME + value: kibana-ops.example.com +- + description: "External URL for the master, for OAuth purposes" + name: PUBLIC_MASTER_URL + required: true +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc.cluster.local" +- + description: "Amount of RAM to reserve per ElasticSearch instance." + name: ES_INSTANCE_RAM + value: "8G" +- + description: "How many instances of ElasticSearch to deploy." + name: ES_CLUSTER_SIZE + required: true +- + description: "Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_NODE_QUORUM +- + description: "Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." + name: ES_RECOVER_AFTER_NODES +- + description: "Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." + name: ES_RECOVER_EXPECTED_NODES +- + description: "Timeout for *expected* nodes to be present when cluster is recovering from a full restart." + name: ES_RECOVER_AFTER_TIME + value: "5m" +- + description: "Amount of RAM to reserve per ops ElasticSearch instance." + name: ES_OPS_INSTANCE_RAM + value: "8G" +- + description: "How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." + name: ES_OPS_CLUSTER_SIZE +- + description: "Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_OPS_NODE_QUORUM +- + description: "Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_AFTER_NODES +- + description: "Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_EXPECTED_NODES +- + description: "Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." + name: ES_OPS_RECOVER_AFTER_TIME + value: "5m" + diff --git a/roles/openshift_hosted_templates/files/v1.0/origin/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.0/origin/metrics-deployer.yaml new file mode 100644 index 000000000..3e9bcde5b --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.0/origin/metrics-deployer.yaml @@ -0,0 +1,116 @@ +#!/bin/bash +# +# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: "v1" +kind: "Template" +metadata: + name: metrics-deployer-template + annotations: + description: "Template for deploying the required Metrics integration. Requires cluster-admin 'metrics-deployer' service account and 'metrics-deployer' secret." + tags: "infrastructure" +labels: + metrics-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: metrics-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} + name: deployer + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: PUBLIC_MASTER_URL + value: ${PUBLIC_MASTER_URL} + - name: MASTER_URL + value: ${MASTER_URL} + - name: REDEPLOY + value: ${REDEPLOY} + - name: USE_PERSISTENT_STORAGE + value: ${USE_PERSISTENT_STORAGE} + - name: HAWKULAR_METRICS_HOSTNAME + value: ${HAWKULAR_METRICS_HOSTNAME} + - name: CASSANDRA_NODES + value: ${CASSANDRA_NODES} + - name: CASSANDRA_PV_SIZE + value: ${CASSANDRA_PV_SIZE} + - name: METRIC_DURATION + value: ${METRIC_DURATION} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: metrics-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: metrics-deployer +parameters: +- + description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:v1.1", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "docker.io/openshift/origin-" +- + description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:v1.1", set version "v1.1"' + name: IMAGE_VERSION + value: "latest" +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc:443" +- + description: "External hostname where clients will reach Hawkular Metrics" + name: HAWKULAR_METRICS_HOSTNAME + required: true +- + description: "If set to true the deployer will try and delete all the existing components before trying to redeploy." + name: REDEPLOY + value: "false" +- + description: "Set to true for persistent storage, set to false to use non persistent storage" + name: USE_PERSISTENT_STORAGE + value: "true" +- + description: "The number of Cassandra Nodes to deploy for the initial cluster" + name: CASSANDRA_NODES + value: "1" +- + description: "The persistent volume size for each of the Cassandra nodes" + name: CASSANDRA_PV_SIZE + value: "1Gi" +- + description: "How many days metrics should be stored for." + name: METRIC_DURATION + value: "7" diff --git a/roles/openshift_hosted_templates/files/v1.1/enterprise/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.1/enterprise/logging-deployer.yaml new file mode 100644 index 000000000..9c8f1071a --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.1/enterprise/logging-deployer.yaml @@ -0,0 +1,151 @@ +apiVersion: "v1" +kind: "Template" +metadata: + name: logging-deployer-template + annotations: + description: "Template for deploying everything needed for aggregated logging. Requires cluster-admin 'logging-deployer' service account and 'logging-deployer' secret." + tags: "infrastructure" +labels: + logging-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: logging-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}logging-deployment:${IMAGE_VERSION} + imagePullPolicy: Always + name: deployer + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: ENABLE_OPS_CLUSTER + value: ${ENABLE_OPS_CLUSTER} + - name: KIBANA_HOSTNAME + value: ${KIBANA_HOSTNAME} + - name: KIBANA_OPS_HOSTNAME + value: ${KIBANA_OPS_HOSTNAME} + - name: PUBLIC_MASTER_URL + value: ${PUBLIC_MASTER_URL} + - name: MASTER_URL + value: ${MASTER_URL} + - name: ES_INSTANCE_RAM + value: ${ES_INSTANCE_RAM} + - name: ES_CLUSTER_SIZE + value: ${ES_CLUSTER_SIZE} + - name: ES_NODE_QUORUM + value: ${ES_NODE_QUORUM} + - name: ES_RECOVER_AFTER_NODES + value: ${ES_RECOVER_AFTER_NODES} + - name: ES_RECOVER_EXPECTED_NODES + value: ${ES_RECOVER_EXPECTED_NODES} + - name: ES_RECOVER_AFTER_TIME + value: ${ES_RECOVER_AFTER_TIME} + - name: ES_OPS_INSTANCE_RAM + value: ${ES_OPS_INSTANCE_RAM} + - name: ES_OPS_CLUSTER_SIZE + value: ${ES_OPS_CLUSTER_SIZE} + - name: ES_OPS_NODE_QUORUM + value: ${ES_OPS_NODE_QUORUM} + - name: ES_OPS_RECOVER_AFTER_NODES + value: ${ES_OPS_RECOVER_AFTER_NODES} + - name: ES_OPS_RECOVER_EXPECTED_NODES + value: ${ES_OPS_RECOVER_EXPECTED_NODES} + - name: ES_OPS_RECOVER_AFTER_TIME + value: ${ES_OPS_RECOVER_AFTER_TIME} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: logging-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: logging-deployer +parameters: +- + description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "registry.access.redhat.com/openshift3/" +- + description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' + name: IMAGE_VERSION + value: "3.1.1" +- + description: "If true, set up to use a second ES cluster for ops logs." + name: ENABLE_OPS_CLUSTER + value: "false" +- + description: "External hostname where clients will reach kibana" + name: KIBANA_HOSTNAME + required: true +- + description: "External hostname at which admins will visit the ops Kibana." + name: KIBANA_OPS_HOSTNAME + value: kibana-ops.example.com +- + description: "External URL for the master, for OAuth purposes" + name: PUBLIC_MASTER_URL + required: true +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc.cluster.local" +- + description: "Amount of RAM to reserve per ElasticSearch instance." + name: ES_INSTANCE_RAM + value: "8G" +- + description: "How many instances of ElasticSearch to deploy." + name: ES_CLUSTER_SIZE + required: true +- + description: "Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_NODE_QUORUM +- + description: "Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." + name: ES_RECOVER_AFTER_NODES +- + description: "Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." + name: ES_RECOVER_EXPECTED_NODES +- + description: "Timeout for *expected* nodes to be present when cluster is recovering from a full restart." + name: ES_RECOVER_AFTER_TIME + value: "5m" +- + description: "Amount of RAM to reserve per ops ElasticSearch instance." + name: ES_OPS_INSTANCE_RAM + value: "8G" +- + description: "How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." + name: ES_OPS_CLUSTER_SIZE +- + description: "Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_OPS_NODE_QUORUM +- + description: "Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_AFTER_NODES +- + description: "Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_EXPECTED_NODES +- + description: "Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." + name: ES_OPS_RECOVER_AFTER_TIME + value: "5m" + diff --git a/roles/openshift_hosted_templates/files/v1.1/enterprise/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.1/enterprise/metrics-deployer.yaml new file mode 100644 index 000000000..99f2df4fa --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.1/enterprise/metrics-deployer.yaml @@ -0,0 +1,114 @@ +#!/bin/bash +# +# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: "v1" +kind: "Template" +metadata: + name: metrics-deployer-template + annotations: + description: "Template for deploying the required Metrics integration. Requires cluster-admin 'metrics-deployer' service account and 'metrics-deployer' secret." + tags: "infrastructure" +labels: + metrics-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: metrics-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} + name: deployer + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: MASTER_URL + value: ${MASTER_URL} + - name: REDEPLOY + value: ${REDEPLOY} + - name: USE_PERSISTENT_STORAGE + value: ${USE_PERSISTENT_STORAGE} + - name: HAWKULAR_METRICS_HOSTNAME + value: ${HAWKULAR_METRICS_HOSTNAME} + - name: CASSANDRA_NODES + value: ${CASSANDRA_NODES} + - name: CASSANDRA_PV_SIZE + value: ${CASSANDRA_PV_SIZE} + - name: METRIC_DURATION + value: ${METRIC_DURATION} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: metrics-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: metrics-deployer +parameters: +- + description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "registry.access.redhat.com/openshift3/" +- + description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' + name: IMAGE_VERSION + value: "3.1.1" +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc:443" +- + description: "External hostname where clients will reach Hawkular Metrics" + name: HAWKULAR_METRICS_HOSTNAME + required: true +- + description: "If set to true the deployer will try and delete all the existing components before trying to redeploy." + name: REDEPLOY + value: "false" +- + description: "Set to true for persistent storage, set to false to use non persistent storage" + name: USE_PERSISTENT_STORAGE + value: "true" +- + description: "The number of Cassandra Nodes to deploy for the initial cluster" + name: CASSANDRA_NODES + value: "1" +- + description: "The persistent volume size for each of the Cassandra nodes" + name: CASSANDRA_PV_SIZE + value: "10Gi" +- + description: "How many days metrics should be stored for." + name: METRIC_DURATION + value: "7" diff --git a/roles/openshift_hosted_templates/files/v1.1/origin/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.1/origin/logging-deployer.yaml new file mode 100644 index 000000000..9257b1f28 --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.1/origin/logging-deployer.yaml @@ -0,0 +1,156 @@ +apiVersion: "v1" +kind: "Template" +metadata: + name: logging-deployer-template + annotations: + description: "Template for deploying everything needed for aggregated logging. Requires cluster-admin 'logging-deployer' service account and 'logging-deployer' secret." + tags: "infrastructure" +labels: + logging-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: logging-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}logging-deployment:${IMAGE_VERSION} + imagePullPolicy: Always + name: deployer + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: ENABLE_OPS_CLUSTER + value: ${ENABLE_OPS_CLUSTER} + - name: KIBANA_HOSTNAME + value: ${KIBANA_HOSTNAME} + - name: KIBANA_OPS_HOSTNAME + value: ${KIBANA_OPS_HOSTNAME} + - name: PUBLIC_MASTER_URL + value: ${PUBLIC_MASTER_URL} + - name: MASTER_URL + value: ${MASTER_URL} + - name: ES_INSTANCE_RAM + value: ${ES_INSTANCE_RAM} + - name: ES_CLUSTER_SIZE + value: ${ES_CLUSTER_SIZE} + - name: ES_NODE_QUORUM + value: ${ES_NODE_QUORUM} + - name: ES_RECOVER_AFTER_NODES + value: ${ES_RECOVER_AFTER_NODES} + - name: ES_RECOVER_EXPECTED_NODES + value: ${ES_RECOVER_EXPECTED_NODES} + - name: ES_RECOVER_AFTER_TIME + value: ${ES_RECOVER_AFTER_TIME} + - name: ES_OPS_INSTANCE_RAM + value: ${ES_OPS_INSTANCE_RAM} + - name: ES_OPS_CLUSTER_SIZE + value: ${ES_OPS_CLUSTER_SIZE} + - name: ES_OPS_NODE_QUORUM + value: ${ES_OPS_NODE_QUORUM} + - name: ES_OPS_RECOVER_AFTER_NODES + value: ${ES_OPS_RECOVER_AFTER_NODES} + - name: ES_OPS_RECOVER_EXPECTED_NODES + value: ${ES_OPS_RECOVER_EXPECTED_NODES} + - name: ES_OPS_RECOVER_AFTER_TIME + value: ${ES_OPS_RECOVER_AFTER_TIME} + - name: FLUENTD_NODESELECTOR + value: ${FLUENTD_NODESELECTOR} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: logging-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: logging-deployer +parameters: +- + description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "docker.io/openshift/origin-" +- + description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' + name: IMAGE_VERSION + value: "latest" +- + description: "If true, set up to use a second ES cluster for ops logs." + name: ENABLE_OPS_CLUSTER + value: "false" +- + description: "External hostname where clients will reach kibana" + name: KIBANA_HOSTNAME + required: true +- + description: "External hostname at which admins will visit the ops Kibana." + name: KIBANA_OPS_HOSTNAME + value: kibana-ops.example.com +- + description: "External URL for the master, for OAuth purposes" + name: PUBLIC_MASTER_URL + required: true +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc.cluster.local" +- + description: "Amount of RAM to reserve per ElasticSearch instance." + name: ES_INSTANCE_RAM + value: "8G" +- + description: "How many instances of ElasticSearch to deploy." + name: ES_CLUSTER_SIZE + required: true +- + description: "Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_NODE_QUORUM +- + description: "Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." + name: ES_RECOVER_AFTER_NODES +- + description: "Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." + name: ES_RECOVER_EXPECTED_NODES +- + description: "Timeout for *expected* nodes to be present when cluster is recovering from a full restart." + name: ES_RECOVER_AFTER_TIME + value: "5m" +- + description: "Amount of RAM to reserve per ops ElasticSearch instance." + name: ES_OPS_INSTANCE_RAM + value: "8G" +- + description: "How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." + name: ES_OPS_CLUSTER_SIZE +- + description: "Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_OPS_NODE_QUORUM +- + description: "Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_AFTER_NODES +- + description: "Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_EXPECTED_NODES +- + description: "Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." + name: ES_OPS_RECOVER_AFTER_TIME + value: "5m" +- + description: "The nodeSelector used for the Fluentd DaemonSet." + name: FLUENTD_NODESELECTOR + value: "logging-infra-fluentd=true" diff --git a/roles/openshift_hosted_templates/files/v1.1/origin/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.1/origin/metrics-deployer.yaml new file mode 100644 index 000000000..30d79acee --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.1/origin/metrics-deployer.yaml @@ -0,0 +1,114 @@ +#!/bin/bash +# +# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: "v1" +kind: "Template" +metadata: + name: metrics-deployer-template + annotations: + description: "Template for deploying the required Metrics integration. Requires cluster-admin 'metrics-deployer' service account and 'metrics-deployer' secret." + tags: "infrastructure" +labels: + metrics-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: metrics-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} + name: deployer + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: MASTER_URL + value: ${MASTER_URL} + - name: REDEPLOY + value: ${REDEPLOY} + - name: USE_PERSISTENT_STORAGE + value: ${USE_PERSISTENT_STORAGE} + - name: HAWKULAR_METRICS_HOSTNAME + value: ${HAWKULAR_METRICS_HOSTNAME} + - name: CASSANDRA_NODES + value: ${CASSANDRA_NODES} + - name: CASSANDRA_PV_SIZE + value: ${CASSANDRA_PV_SIZE} + - name: METRIC_DURATION + value: ${METRIC_DURATION} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: metrics-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: metrics-deployer +parameters: +- + description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "openshift/origin-" +- + description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' + name: IMAGE_VERSION + value: "latest" +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc:443" +- + description: "External hostname where clients will reach Hawkular Metrics" + name: HAWKULAR_METRICS_HOSTNAME + required: true +- + description: "If set to true the deployer will try and delete all the existing components before trying to redeploy." + name: REDEPLOY + value: "false" +- + description: "Set to true for persistent storage, set to false to use non persistent storage" + name: USE_PERSISTENT_STORAGE + value: "true" +- + description: "The number of Cassandra Nodes to deploy for the initial cluster" + name: CASSANDRA_NODES + value: "1" +- + description: "The persistent volume size for each of the Cassandra nodes" + name: CASSANDRA_PV_SIZE + value: "10Gi" +- + description: "How many days metrics should be stored for." + name: METRIC_DURATION + value: "7" diff --git a/roles/openshift_hosted_templates/files/v1.2/enterprise/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.2/enterprise/logging-deployer.yaml new file mode 100644 index 000000000..b6975eead --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.2/enterprise/logging-deployer.yaml @@ -0,0 +1,156 @@ +apiVersion: "v1" +kind: "Template" +metadata: + name: logging-deployer-template + annotations: + description: "Template for deploying everything needed for aggregated logging. Requires cluster-admin 'logging-deployer' service account and 'logging-deployer' secret." + tags: "infrastructure" +labels: + logging-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: logging-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}logging-deployment:${IMAGE_VERSION} + imagePullPolicy: Always + name: deployer + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: ENABLE_OPS_CLUSTER + value: ${ENABLE_OPS_CLUSTER} + - name: KIBANA_HOSTNAME + value: ${KIBANA_HOSTNAME} + - name: KIBANA_OPS_HOSTNAME + value: ${KIBANA_OPS_HOSTNAME} + - name: PUBLIC_MASTER_URL + value: ${PUBLIC_MASTER_URL} + - name: MASTER_URL + value: ${MASTER_URL} + - name: ES_INSTANCE_RAM + value: ${ES_INSTANCE_RAM} + - name: ES_CLUSTER_SIZE + value: ${ES_CLUSTER_SIZE} + - name: ES_NODE_QUORUM + value: ${ES_NODE_QUORUM} + - name: ES_RECOVER_AFTER_NODES + value: ${ES_RECOVER_AFTER_NODES} + - name: ES_RECOVER_EXPECTED_NODES + value: ${ES_RECOVER_EXPECTED_NODES} + - name: ES_RECOVER_AFTER_TIME + value: ${ES_RECOVER_AFTER_TIME} + - name: ES_OPS_INSTANCE_RAM + value: ${ES_OPS_INSTANCE_RAM} + - name: ES_OPS_CLUSTER_SIZE + value: ${ES_OPS_CLUSTER_SIZE} + - name: ES_OPS_NODE_QUORUM + value: ${ES_OPS_NODE_QUORUM} + - name: ES_OPS_RECOVER_AFTER_NODES + value: ${ES_OPS_RECOVER_AFTER_NODES} + - name: ES_OPS_RECOVER_EXPECTED_NODES + value: ${ES_OPS_RECOVER_EXPECTED_NODES} + - name: ES_OPS_RECOVER_AFTER_TIME + value: ${ES_OPS_RECOVER_AFTER_TIME} + - name: MODE + value: ${MODE} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: logging-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: logging-deployer +parameters: +- + description: 'Specify image prefix for logging components; e.g. for "registry.access.redhat.com/openshift3/logging-deployment:3.2.1", set prefix "registry.access.redhat.com/openshift3/"' + name: IMAGE_PREFIX + value: registry.access.redhat.com/openshift3/ +- + description: 'Specify version for logging components; e.g. for "registry.access.redhat.com/openshift3/logging-deployment:3.2.1", set version "3.2.1"' + name: IMAGE_VERSION + value: "3.2.1" +- + description: "If true, set up to use a second ES cluster for ops logs." + name: ENABLE_OPS_CLUSTER + value: "false" +- + description: "External hostname where clients will reach kibana" + name: KIBANA_HOSTNAME + required: true +- + description: "External hostname at which admins will visit the ops Kibana." + name: KIBANA_OPS_HOSTNAME + value: kibana-ops.example.com +- + description: "External URL for the master, for OAuth purposes" + name: PUBLIC_MASTER_URL + required: true +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc.cluster.local" +- + description: "Amount of RAM to reserve per ElasticSearch instance." + name: ES_INSTANCE_RAM + value: "8G" +- + description: "How many instances of ElasticSearch to deploy." + name: ES_CLUSTER_SIZE + required: true +- + description: "Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_NODE_QUORUM +- + description: "Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." + name: ES_RECOVER_AFTER_NODES +- + description: "Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." + name: ES_RECOVER_EXPECTED_NODES +- + description: "Timeout for *expected* nodes to be present when cluster is recovering from a full restart." + name: ES_RECOVER_AFTER_TIME + value: "5m" +- + description: "Amount of RAM to reserve per ops ElasticSearch instance." + name: ES_OPS_INSTANCE_RAM + value: "8G" +- + description: "How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." + name: ES_OPS_CLUSTER_SIZE +- + description: "Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_OPS_NODE_QUORUM +- + description: "Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_AFTER_NODES +- + description: "Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_EXPECTED_NODES +- + description: "Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." + name: ES_OPS_RECOVER_AFTER_TIME + value: "5m" +- + description: "The mode that the deployer runs in." + name: MODE + value: "install" diff --git a/roles/openshift_hosted_templates/files/v1.2/enterprise/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.2/enterprise/metrics-deployer.yaml new file mode 100644 index 000000000..032f94a18 --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.2/enterprise/metrics-deployer.yaml @@ -0,0 +1,126 @@ +#!/bin/bash +# +# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: "v1" +kind: "Template" +metadata: + name: metrics-deployer-template + annotations: + description: "Template for deploying the required Metrics integration. Requires cluster-admin 'metrics-deployer' service account and 'metrics-deployer' secret." + tags: "infrastructure" +labels: + metrics-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: metrics-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} + name: deployer + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: MASTER_URL + value: ${MASTER_URL} + - name: MODE + value: ${MODE} + - name: REDEPLOY + value: ${REDEPLOY} + - name: USE_PERSISTENT_STORAGE + value: ${USE_PERSISTENT_STORAGE} + - name: HAWKULAR_METRICS_HOSTNAME + value: ${HAWKULAR_METRICS_HOSTNAME} + - name: CASSANDRA_NODES + value: ${CASSANDRA_NODES} + - name: CASSANDRA_PV_SIZE + value: ${CASSANDRA_PV_SIZE} + - name: METRIC_DURATION + value: ${METRIC_DURATION} + - name: METRIC_RESOLUTION + value: ${METRIC_RESOLUTION} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: metrics-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: metrics-deployer +parameters: +- + description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "registry.access.redhat.com/openshift3/" +- + description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' + name: IMAGE_VERSION + value: "3.2.1" +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc:443" +- + description: "External hostname where clients will reach Hawkular Metrics" + name: HAWKULAR_METRICS_HOSTNAME + required: true +- + description: "Can be set to: 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process)" + name: MODE + value: "deploy" +- + description: "(Deprecated) Turns 'deploy' mode into 'redeploy' mode, deleting and redeploying everything (losing all data in the process)" + name: REDEPLOY + value: "false" +- + description: "Set to true for persistent storage, set to false to use non persistent storage" + name: USE_PERSISTENT_STORAGE + value: "true" +- + description: "The number of Cassandra Nodes to deploy for the initial cluster" + name: CASSANDRA_NODES + value: "1" +- + description: "The persistent volume size for each of the Cassandra nodes" + name: CASSANDRA_PV_SIZE + value: "10Gi" +- + description: "How many days metrics should be stored for." + name: METRIC_DURATION + value: "7" +- + description: "How often metrics should be gathered. Defaults value of '10s' for 10 seconds" + name: METRIC_RESOLUTION + value: "10s" diff --git a/roles/openshift_hosted_templates/files/v1.2/origin/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.2/origin/logging-deployer.yaml new file mode 100644 index 000000000..8b28f872f --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.2/origin/logging-deployer.yaml @@ -0,0 +1,325 @@ +apiVersion: "v1" +kind: "List" +items: +- + apiVersion: "v1" + kind: "Template" + metadata: + name: logging-deployer-account-template + annotations: + description: "Template for creating the deployer account and roles needed for the aggregated logging deployer. Create as cluster-admin." + tags: "infrastructure" + objects: + - + apiVersion: v1 + kind: ServiceAccount + name: logging-deployer + metadata: + name: logging-deployer + labels: + logging-infra: deployer + provider: openshift + component: deployer + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-kibana + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-elasticsearch + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-fluentd + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-curator + - apiVersion: v1 + kind: ClusterRole + metadata: + name: oauth-editor + rules: + - resources: + - oauthclients + verbs: + - create + - delete + - apiVersion: v1 + kind: ClusterRole + metadata: + name: daemonset-admin + rules: + - resources: + - daemonsets + apiGroups: + - extensions + verbs: + - create + - get + - list + - watch + - delete + - update + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-edit-role + roleRef: + kind: ClusterRole + name: edit + subjects: + - kind: ServiceAccount + name: logging-deployer + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-dsadmin-role + roleRef: + kind: ClusterRole + name: daemonset-admin + subjects: + - kind: ServiceAccount + name: logging-deployer +- + apiVersion: "v1" + kind: "Template" + metadata: + name: logging-deployer-template + annotations: + description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account." + tags: "infrastructure" + labels: + logging-infra: deployer + provider: openshift + objects: + - + apiVersion: v1 + kind: Pod + metadata: + generateName: logging-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}logging-deployment:${IMAGE_VERSION} + imagePullPolicy: Always + name: deployer + volumeMounts: + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: IMAGE_PULL_SECRET + value: ${IMAGE_PULL_SECRET} + - name: INSECURE_REGISTRY + value: ${INSECURE_REGISTRY} + - name: ENABLE_OPS_CLUSTER + value: ${ENABLE_OPS_CLUSTER} + - name: KIBANA_HOSTNAME + value: ${KIBANA_HOSTNAME} + - name: KIBANA_OPS_HOSTNAME + value: ${KIBANA_OPS_HOSTNAME} + - name: PUBLIC_MASTER_URL + value: ${PUBLIC_MASTER_URL} + - name: MASTER_URL + value: ${MASTER_URL} + - name: ES_INSTANCE_RAM + value: ${ES_INSTANCE_RAM} + - name: ES_PVC_SIZE + value: ${ES_PVC_SIZE} + - name: ES_PVC_PREFIX + value: ${ES_PVC_PREFIX} + - name: ES_PVC_DYNAMIC + value: ${ES_PVC_DYNAMIC} + - name: ES_CLUSTER_SIZE + value: ${ES_CLUSTER_SIZE} + - name: ES_NODE_QUORUM + value: ${ES_NODE_QUORUM} + - name: ES_RECOVER_AFTER_NODES + value: ${ES_RECOVER_AFTER_NODES} + - name: ES_RECOVER_EXPECTED_NODES + value: ${ES_RECOVER_EXPECTED_NODES} + - name: ES_RECOVER_AFTER_TIME + value: ${ES_RECOVER_AFTER_TIME} + - name: ES_OPS_INSTANCE_RAM + value: ${ES_OPS_INSTANCE_RAM} + - name: ES_OPS_PVC_SIZE + value: ${ES_OPS_PVC_SIZE} + - name: ES_OPS_PVC_PREFIX + value: ${ES_OPS_PVC_PREFIX} + - name: ES_OPS_PVC_DYNAMIC + value: ${ES_OPS_PVC_DYNAMIC} + - name: ES_OPS_CLUSTER_SIZE + value: ${ES_OPS_CLUSTER_SIZE} + - name: ES_OPS_NODE_QUORUM + value: ${ES_OPS_NODE_QUORUM} + - name: ES_OPS_RECOVER_AFTER_NODES + value: ${ES_OPS_RECOVER_AFTER_NODES} + - name: ES_OPS_RECOVER_EXPECTED_NODES + value: ${ES_OPS_RECOVER_EXPECTED_NODES} + - name: ES_OPS_RECOVER_AFTER_TIME + value: ${ES_OPS_RECOVER_AFTER_TIME} + - name: FLUENTD_NODESELECTOR + value: ${FLUENTD_NODESELECTOR} + - name: ES_NODESELECTOR + value: ${ES_NODESELECTOR} + - name: ES_OPS_NODESELECTOR + value: ${ES_OPS_NODESELECTOR} + - name: KIBANA_NODESELECTOR + value: ${KIBANA_NODESELECTOR} + - name: KIBANA_OPS_NODESELECTOR + value: ${KIBANA_OPS_NODESELECTOR} + - name: CURATOR_NODESELECTOR + value: ${CURATOR_NODESELECTOR} + - name: CURATOR_OPS_NODESELECTOR + value: ${CURATOR_OPS_NODESELECTOR} + - name: MODE + value: ${MODE} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: logging-deployer + volumes: + - name: empty + emptyDir: {} + parameters: + - + description: "The mode that the deployer runs in." + name: MODE + value: "install" + - + description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "docker.io/openshift/origin-" + - + description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' + name: IMAGE_VERSION + value: "latest" + - + description: "(Deprecated) Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry." + name: IMAGE_PULL_SECRET + - + description: "(Deprecated) Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)" + name: INSECURE_REGISTRY + value: "false" + - + description: "(Deprecated) If true, set up to use a second ES cluster for ops logs." + name: ENABLE_OPS_CLUSTER + value: "false" + - + description: "(Deprecated) External hostname where clients will reach kibana" + name: KIBANA_HOSTNAME + value: "kibana.example.com" + - + description: "(Deprecated) External hostname at which admins will visit the ops Kibana." + name: KIBANA_OPS_HOSTNAME + value: kibana-ops.example.com + - + description: "(Deprecated) External URL for the master, for OAuth purposes" + name: PUBLIC_MASTER_URL + value: "https://localhost:8443" + - + description: "(Deprecated) Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc.cluster.local" + - + description: "(Deprecated) How many instances of ElasticSearch to deploy." + name: ES_CLUSTER_SIZE + value: "1" + - + description: "(Deprecated) Amount of RAM to reserve per ElasticSearch instance." + name: ES_INSTANCE_RAM + value: "8G" + - + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + name: ES_PVC_SIZE + - + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." + name: ES_PVC_PREFIX + value: "logging-es-" + - + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES PVC. ' + name: ES_PVC_DYNAMIC + - + description: "(Deprecated) Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_NODE_QUORUM + - + description: "(Deprecated) Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." + name: ES_RECOVER_AFTER_NODES + - + description: "(Deprecated) Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." + name: ES_RECOVER_EXPECTED_NODES + - + description: "(Deprecated) Timeout for *expected* nodes to be present when cluster is recovering from a full restart." + name: ES_RECOVER_AFTER_TIME + value: "5m" + - + description: "(Deprecated) How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." + name: ES_OPS_CLUSTER_SIZE + - + description: "(Deprecated) Amount of RAM to reserve per ops ElasticSearch instance." + name: ES_OPS_INSTANCE_RAM + value: "8G" + - + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + name: ES_OPS_PVC_SIZE + - + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." + name: ES_OPS_PVC_PREFIX + value: "logging-es-ops-" + - + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES ops PVC. ' + name: ES_OPS_PVC_DYNAMIC + - + description: "(Deprecated) Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_OPS_NODE_QUORUM + - + description: "(Deprecated) Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_AFTER_NODES + - + description: "(Deprecated) Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_EXPECTED_NODES + - + description: "(Deprecated) Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." + name: ES_OPS_RECOVER_AFTER_TIME + value: "5m" + - + description: "(Deprecated) The nodeSelector used for the Fluentd DaemonSet." + name: FLUENTD_NODESELECTOR + value: "logging-infra-fluentd=true" + - + description: "(Deprecated) Node selector Elasticsearch cluster (label=value)." + name: ES_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Elasticsearch operations cluster (label=value)." + name: ES_OPS_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Kibana cluster (label=value)." + name: KIBANA_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Kibana operations cluster (label=value)." + name: KIBANA_OPS_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Curator (label=value)." + name: CURATOR_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector operations Curator (label=value)." + name: CURATOR_OPS_NODESELECTOR + value: "" diff --git a/roles/openshift_hosted_templates/files/v1.2/origin/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.2/origin/metrics-deployer.yaml new file mode 100644 index 000000000..ab62ae76f --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.2/origin/metrics-deployer.yaml @@ -0,0 +1,156 @@ +#!/bin/bash +# +# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: "v1" +kind: "Template" +metadata: + name: metrics-deployer-template + annotations: + description: "Template for deploying the required Metrics integration. Requires cluster-admin 'metrics-deployer' service account and 'metrics-deployer' secret." + tags: "infrastructure" +labels: + metrics-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: metrics-deployer- + spec: + securityContext: {} + containers: + - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} + name: deployer + securityContext: {} + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: MASTER_URL + value: ${MASTER_URL} + - name: MODE + value: ${MODE} + - name: REDEPLOY + value: ${REDEPLOY} + - name: IGNORE_PREFLIGHT + value: ${IGNORE_PREFLIGHT} + - name: USE_PERSISTENT_STORAGE + value: ${USE_PERSISTENT_STORAGE} + - name: DYNAMICALLY_PROVISION_STORAGE + value: ${DYNAMICALLY_PROVISION_STORAGE} + - name: HAWKULAR_METRICS_HOSTNAME + value: ${HAWKULAR_METRICS_HOSTNAME} + - name: CASSANDRA_NODES + value: ${CASSANDRA_NODES} + - name: CASSANDRA_PV_SIZE + value: ${CASSANDRA_PV_SIZE} + - name: METRIC_DURATION + value: ${METRIC_DURATION} + - name: USER_WRITE_ACCESS + value: ${USER_WRITE_ACCESS} + - name: HEAPSTER_NODE_ID + value: ${HEAPSTER_NODE_ID} + - name: METRIC_RESOLUTION + value: ${METRIC_RESOLUTION} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: metrics-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: metrics-deployer +parameters: +- + description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "openshift/origin-" +- + description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' + name: IMAGE_VERSION + value: "latest" +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc:443" +- + description: "External hostname where clients will reach Hawkular Metrics" + name: HAWKULAR_METRICS_HOSTNAME + required: true +- + description: "Can be set to: 'preflight' to perform validation before a deployment; 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process); 'validate' to re-run validations after a deployment" + name: MODE + value: "deploy" +- + description: "(Deprecated) Turns 'deploy' mode into 'redeploy' mode, deleting and redeploying everything (losing all data in the process)" + name: REDEPLOY + value: "false" +- + description: "If preflight validation is blocking deployment and you're sure you don't care about it, this will ignore the results and proceed to deploy." + name: IGNORE_PREFLIGHT + value: "false" +- + description: "Set to true for persistent storage, set to false to use non persistent storage" + name: USE_PERSISTENT_STORAGE + value: "true" +- + description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" + name: DYNAMICALLY_PROVISION_STORAGE + value: "false" +- + description: "The number of Cassandra Nodes to deploy for the initial cluster" + name: CASSANDRA_NODES + value: "1" +- + description: "The persistent volume size for each of the Cassandra nodes" + name: CASSANDRA_PV_SIZE + value: "10Gi" +- + description: "How many days metrics should be stored for." + name: METRIC_DURATION + value: "7" +- + description: "If a user accounts should be allowed to write metrics." + name: USER_WRITE_ACCESS + value: "false" +- + description: "The identifier used when generating metric ids in Hawkular" + name: HEAPSTER_NODE_ID + value: "nodename" +- + description: "How often metrics should be gathered. Defaults value of '10s' for 10 seconds" + name: METRIC_RESOLUTION + value: "10s" diff --git a/roles/openshift_hosted_templates/files/v1.3/enterprise/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.3/enterprise/logging-deployer.yaml new file mode 100644 index 000000000..a8d4b1cbb --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.3/enterprise/logging-deployer.yaml @@ -0,0 +1,325 @@ +apiVersion: "v1" +kind: "List" +items: +- + apiVersion: "v1" + kind: "Template" + metadata: + name: logging-deployer-account-template + annotations: + description: "Template for creating the deployer account and roles needed for the aggregated logging deployer. Create as cluster-admin." + tags: "infrastructure" + objects: + - + apiVersion: v1 + kind: ServiceAccount + name: logging-deployer + metadata: + name: logging-deployer + labels: + logging-infra: deployer + provider: openshift + component: deployer + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-kibana + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-elasticsearch + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-fluentd + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-curator + - apiVersion: v1 + kind: ClusterRole + metadata: + name: oauth-editor + rules: + - resources: + - oauthclients + verbs: + - create + - delete + - apiVersion: v1 + kind: ClusterRole + metadata: + name: daemonset-admin + rules: + - resources: + - daemonsets + apiGroups: + - extensions + verbs: + - create + - get + - list + - watch + - delete + - update + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-edit-role + roleRef: + kind: ClusterRole + name: edit + subjects: + - kind: ServiceAccount + name: logging-deployer + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-dsadmin-role + roleRef: + kind: ClusterRole + name: daemonset-admin + subjects: + - kind: ServiceAccount + name: logging-deployer +- + apiVersion: "v1" + kind: "Template" + metadata: + name: logging-deployer-template + annotations: + description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account." + tags: "infrastructure" + labels: + logging-infra: deployer + provider: openshift + objects: + - + apiVersion: v1 + kind: Pod + metadata: + generateName: logging-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}logging-deployer:${IMAGE_VERSION} + imagePullPolicy: Always + name: deployer + volumeMounts: + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: IMAGE_PULL_SECRET + value: ${IMAGE_PULL_SECRET} + - name: INSECURE_REGISTRY + value: ${INSECURE_REGISTRY} + - name: ENABLE_OPS_CLUSTER + value: ${ENABLE_OPS_CLUSTER} + - name: KIBANA_HOSTNAME + value: ${KIBANA_HOSTNAME} + - name: KIBANA_OPS_HOSTNAME + value: ${KIBANA_OPS_HOSTNAME} + - name: PUBLIC_MASTER_URL + value: ${PUBLIC_MASTER_URL} + - name: MASTER_URL + value: ${MASTER_URL} + - name: ES_INSTANCE_RAM + value: ${ES_INSTANCE_RAM} + - name: ES_PVC_SIZE + value: ${ES_PVC_SIZE} + - name: ES_PVC_PREFIX + value: ${ES_PVC_PREFIX} + - name: ES_PVC_DYNAMIC + value: ${ES_PVC_DYNAMIC} + - name: ES_CLUSTER_SIZE + value: ${ES_CLUSTER_SIZE} + - name: ES_NODE_QUORUM + value: ${ES_NODE_QUORUM} + - name: ES_RECOVER_AFTER_NODES + value: ${ES_RECOVER_AFTER_NODES} + - name: ES_RECOVER_EXPECTED_NODES + value: ${ES_RECOVER_EXPECTED_NODES} + - name: ES_RECOVER_AFTER_TIME + value: ${ES_RECOVER_AFTER_TIME} + - name: ES_OPS_INSTANCE_RAM + value: ${ES_OPS_INSTANCE_RAM} + - name: ES_OPS_PVC_SIZE + value: ${ES_OPS_PVC_SIZE} + - name: ES_OPS_PVC_PREFIX + value: ${ES_OPS_PVC_PREFIX} + - name: ES_OPS_PVC_DYNAMIC + value: ${ES_OPS_PVC_DYNAMIC} + - name: ES_OPS_CLUSTER_SIZE + value: ${ES_OPS_CLUSTER_SIZE} + - name: ES_OPS_NODE_QUORUM + value: ${ES_OPS_NODE_QUORUM} + - name: ES_OPS_RECOVER_AFTER_NODES + value: ${ES_OPS_RECOVER_AFTER_NODES} + - name: ES_OPS_RECOVER_EXPECTED_NODES + value: ${ES_OPS_RECOVER_EXPECTED_NODES} + - name: ES_OPS_RECOVER_AFTER_TIME + value: ${ES_OPS_RECOVER_AFTER_TIME} + - name: FLUENTD_NODESELECTOR + value: ${FLUENTD_NODESELECTOR} + - name: ES_NODESELECTOR + value: ${ES_NODESELECTOR} + - name: ES_OPS_NODESELECTOR + value: ${ES_OPS_NODESELECTOR} + - name: KIBANA_NODESELECTOR + value: ${KIBANA_NODESELECTOR} + - name: KIBANA_OPS_NODESELECTOR + value: ${KIBANA_OPS_NODESELECTOR} + - name: CURATOR_NODESELECTOR + value: ${CURATOR_NODESELECTOR} + - name: CURATOR_OPS_NODESELECTOR + value: ${CURATOR_OPS_NODESELECTOR} + - name: MODE + value: ${MODE} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: logging-deployer + volumes: + - name: empty + emptyDir: {} + parameters: + - + description: "The mode that the deployer runs in." + name: MODE + value: "install" + - + description: 'Specify prefix for logging components; e.g. for "registry.access.redhat.com/openshift3/logging-deployer:3.3.0", set prefix "registry.access.redhat.com/openshift3/"' + name: IMAGE_PREFIX + value: "registry.access.redhat.com/openshift3/" + - + description: 'Specify version for logging components; e.g. for "registry.access.redhat.com/openshift3/logging-deployer:3.3.0", set version "3.3.0"' + name: IMAGE_VERSION + value: "3.3.0" + - + description: "(Deprecated) Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry." + name: IMAGE_PULL_SECRET + - + description: "(Deprecated) Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)" + name: INSECURE_REGISTRY + value: "false" + - + description: "(Deprecated) If true, set up to use a second ES cluster for ops logs." + name: ENABLE_OPS_CLUSTER + value: "false" + - + description: "(Deprecated) External hostname where clients will reach kibana" + name: KIBANA_HOSTNAME + value: "kibana.example.com" + - + description: "(Deprecated) External hostname at which admins will visit the ops Kibana." + name: KIBANA_OPS_HOSTNAME + value: kibana-ops.example.com + - + description: "(Deprecated) External URL for the master, for OAuth purposes" + name: PUBLIC_MASTER_URL + value: "https://localhost:8443" + - + description: "(Deprecated) Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc.cluster.local" + - + description: "(Deprecated) How many instances of ElasticSearch to deploy." + name: ES_CLUSTER_SIZE + value: "1" + - + description: "(Deprecated) Amount of RAM to reserve per ElasticSearch instance." + name: ES_INSTANCE_RAM + value: "8G" + - + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + name: ES_PVC_SIZE + - + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." + name: ES_PVC_PREFIX + value: "logging-es-" + - + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES PVC. ' + name: ES_PVC_DYNAMIC + - + description: "(Deprecated) Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_NODE_QUORUM + - + description: "(Deprecated) Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." + name: ES_RECOVER_AFTER_NODES + - + description: "(Deprecated) Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." + name: ES_RECOVER_EXPECTED_NODES + - + description: "(Deprecated) Timeout for *expected* nodes to be present when cluster is recovering from a full restart." + name: ES_RECOVER_AFTER_TIME + value: "5m" + - + description: "(Deprecated) How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." + name: ES_OPS_CLUSTER_SIZE + - + description: "(Deprecated) Amount of RAM to reserve per ops ElasticSearch instance." + name: ES_OPS_INSTANCE_RAM + value: "8G" + - + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + name: ES_OPS_PVC_SIZE + - + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." + name: ES_OPS_PVC_PREFIX + value: "logging-es-ops-" + - + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES ops PVC. ' + name: ES_OPS_PVC_DYNAMIC + - + description: "(Deprecated) Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_OPS_NODE_QUORUM + - + description: "(Deprecated) Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_AFTER_NODES + - + description: "(Deprecated) Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_EXPECTED_NODES + - + description: "(Deprecated) Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." + name: ES_OPS_RECOVER_AFTER_TIME + value: "5m" + - + description: "(Deprecated) The nodeSelector used for the Fluentd DaemonSet." + name: FLUENTD_NODESELECTOR + value: "logging-infra-fluentd=true" + - + description: "(Deprecated) Node selector Elasticsearch cluster (label=value)." + name: ES_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Elasticsearch operations cluster (label=value)." + name: ES_OPS_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Kibana cluster (label=value)." + name: KIBANA_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Kibana operations cluster (label=value)." + name: KIBANA_OPS_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Curator (label=value)." + name: CURATOR_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector operations Curator (label=value)." + name: CURATOR_OPS_NODESELECTOR + value: "" diff --git a/roles/openshift_hosted_templates/files/v1.3/enterprise/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.3/enterprise/metrics-deployer.yaml new file mode 100644 index 000000000..afd47ec7c --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.3/enterprise/metrics-deployer.yaml @@ -0,0 +1,156 @@ +#!/bin/bash +# +# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: "v1" +kind: "Template" +metadata: + name: metrics-deployer-template + annotations: + description: "Template for deploying the required Metrics integration. Requires cluster-admin 'metrics-deployer' service account and 'metrics-deployer' secret." + tags: "infrastructure" +labels: + metrics-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: metrics-deployer- + spec: + securityContext: {} + containers: + - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} + name: deployer + securityContext: {} + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: MASTER_URL + value: ${MASTER_URL} + - name: MODE + value: ${MODE} + - name: REDEPLOY + value: ${REDEPLOY} + - name: IGNORE_PREFLIGHT + value: ${IGNORE_PREFLIGHT} + - name: USE_PERSISTENT_STORAGE + value: ${USE_PERSISTENT_STORAGE} + - name: DYNAMICALLY_PROVISION_STORAGE + value: ${DYNAMICALLY_PROVISION_STORAGE} + - name: HAWKULAR_METRICS_HOSTNAME + value: ${HAWKULAR_METRICS_HOSTNAME} + - name: CASSANDRA_NODES + value: ${CASSANDRA_NODES} + - name: CASSANDRA_PV_SIZE + value: ${CASSANDRA_PV_SIZE} + - name: METRIC_DURATION + value: ${METRIC_DURATION} + - name: USER_WRITE_ACCESS + value: ${USER_WRITE_ACCESS} + - name: HEAPSTER_NODE_ID + value: ${HEAPSTER_NODE_ID} + - name: METRIC_RESOLUTION + value: ${METRIC_RESOLUTION} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: metrics-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: metrics-deployer +parameters: +- + description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "registry.access.redhat.com/openshift3/" +- + description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' + name: IMAGE_VERSION + value: "3.3.0" +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc:443" +- + description: "External hostname where clients will reach Hawkular Metrics" + name: HAWKULAR_METRICS_HOSTNAME + required: true +- + description: "Can be set to: 'preflight' to perform validation before a deployment; 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process); 'validate' to re-run validations after a deployment" + name: MODE + value: "deploy" +- + description: "(Deprecated) Turns 'deploy' mode into 'redeploy' mode, deleting and redeploying everything (losing all data in the process)" + name: REDEPLOY + value: "false" +- + description: "If preflight validation is blocking deployment and you're sure you don't care about it, this will ignore the results and proceed to deploy." + name: IGNORE_PREFLIGHT + value: "false" +- + description: "Set to true for persistent storage, set to false to use non persistent storage" + name: USE_PERSISTENT_STORAGE + value: "true" +- + description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" + name: DYNAMICALLY_PROVISION_STORAGE + value: "false" +- + description: "The number of Cassandra Nodes to deploy for the initial cluster" + name: CASSANDRA_NODES + value: "1" +- + description: "The persistent volume size for each of the Cassandra nodes" + name: CASSANDRA_PV_SIZE + value: "10Gi" +- + description: "How many days metrics should be stored for." + name: METRIC_DURATION + value: "7" +- + description: "If a user accounts should be allowed to write metrics." + name: USER_WRITE_ACCESS + value: "false" +- + description: "The identifier used when generating metric ids in Hawkular" + name: HEAPSTER_NODE_ID + value: "nodename" +- + description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds" + name: METRIC_RESOLUTION + value: "15s" diff --git a/roles/openshift_hosted_templates/files/v1.3/enterprise/registry-console.yaml b/roles/openshift_hosted_templates/files/v1.3/enterprise/registry-console.yaml new file mode 100644 index 000000000..11478263c --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.3/enterprise/registry-console.yaml @@ -0,0 +1,124 @@ +kind: Template +apiVersion: v1 +metadata: + name: "registry-console" + annotations: + description: "Template for deploying registry web console. Requires cluster-admin." + tags: infrastructure +labels: + createdBy: "registry-console-template" +objects: + - kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "registry-console" + template: + metadata: + labels: + name: "registry-console" + spec: + containers: + - name: registry-console + image: ${IMAGE_PREFIX}registry-console:${IMAGE_VERSION} + ports: + - containerPort: 9090 + protocol: TCP + livenessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + env: + - name: OPENSHIFT_OAUTH_PROVIDER_URL + value: "${OPENSHIFT_OAUTH_PROVIDER_URL}" + - name: OPENSHIFT_OAUTH_CLIENT_ID + value: "${OPENSHIFT_OAUTH_CLIENT_ID}" + - name: KUBERNETES_INSECURE + value: "false" + - name: COCKPIT_KUBE_INSECURE + value: "false" + - name: REGISTRY_ONLY + value: "true" + - name: REGISTRY_HOST + value: "${REGISTRY_HOST}" + - kind: Service + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + type: ClusterIP + ports: + - name: registry-console + protocol: TCP + port: 9000 + targetPort: 9090 + selector: + name: "registry-console" + - kind: ImageStream + apiVersion: v1 + metadata: + name: registry-console + annotations: + description: Atomic Registry console + spec: + tags: + - annotations: null + from: + kind: DockerImage + name: ${IMAGE_PREFIX}registry-console + name: ${IMAGE_VERSION} + - kind: OAuthClient + apiVersion: v1 + metadata: + name: "${OPENSHIFT_OAUTH_CLIENT_ID}" + respondWithChallenges: false + secret: "${OPENSHIFT_OAUTH_CLIENT_SECRET}" + redirectURIs: + - "${COCKPIT_KUBE_URL}" +parameters: + - description: 'Specify "registry/repository" prefix for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", set prefix "registry.access.redhat.com/openshift3/"' + name: IMAGE_PREFIX + value: "registry.access.redhat.com/openshift3/" + - description: 'Specify image version; e.g. for "registry.access.redhat.com/openshift3/registry-console:3.3", set version "3.3"' + name: IMAGE_VERSION + value: "3.3" + - description: "The public URL for the Openshift OAuth Provider, e.g. https://openshift.example.com:8443" + name: OPENSHIFT_OAUTH_PROVIDER_URL + required: true + - description: "The registry console URL. This should be created beforehand using 'oc create route passthrough --service registry-console --port registry-console -n default', e.g. https://registry-console-default.example.com" + name: COCKPIT_KUBE_URL + required: true + - description: "Oauth client secret" + name: OPENSHIFT_OAUTH_CLIENT_SECRET + from: "user[a-zA-Z0-9]{64}" + generate: expression + - description: "Oauth client id" + name: OPENSHIFT_OAUTH_CLIENT_ID + value: "cockpit-oauth-client" + - description: "The integrated registry hostname exposed via route, e.g. registry.example.com" + name: REGISTRY_HOST + required: true diff --git a/roles/openshift_hosted_templates/files/v1.3/origin/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.3/origin/logging-deployer.yaml new file mode 100644 index 000000000..8b28f872f --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.3/origin/logging-deployer.yaml @@ -0,0 +1,325 @@ +apiVersion: "v1" +kind: "List" +items: +- + apiVersion: "v1" + kind: "Template" + metadata: + name: logging-deployer-account-template + annotations: + description: "Template for creating the deployer account and roles needed for the aggregated logging deployer. Create as cluster-admin." + tags: "infrastructure" + objects: + - + apiVersion: v1 + kind: ServiceAccount + name: logging-deployer + metadata: + name: logging-deployer + labels: + logging-infra: deployer + provider: openshift + component: deployer + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-kibana + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-elasticsearch + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-fluentd + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-curator + - apiVersion: v1 + kind: ClusterRole + metadata: + name: oauth-editor + rules: + - resources: + - oauthclients + verbs: + - create + - delete + - apiVersion: v1 + kind: ClusterRole + metadata: + name: daemonset-admin + rules: + - resources: + - daemonsets + apiGroups: + - extensions + verbs: + - create + - get + - list + - watch + - delete + - update + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-edit-role + roleRef: + kind: ClusterRole + name: edit + subjects: + - kind: ServiceAccount + name: logging-deployer + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-dsadmin-role + roleRef: + kind: ClusterRole + name: daemonset-admin + subjects: + - kind: ServiceAccount + name: logging-deployer +- + apiVersion: "v1" + kind: "Template" + metadata: + name: logging-deployer-template + annotations: + description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account." + tags: "infrastructure" + labels: + logging-infra: deployer + provider: openshift + objects: + - + apiVersion: v1 + kind: Pod + metadata: + generateName: logging-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}logging-deployment:${IMAGE_VERSION} + imagePullPolicy: Always + name: deployer + volumeMounts: + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: IMAGE_PULL_SECRET + value: ${IMAGE_PULL_SECRET} + - name: INSECURE_REGISTRY + value: ${INSECURE_REGISTRY} + - name: ENABLE_OPS_CLUSTER + value: ${ENABLE_OPS_CLUSTER} + - name: KIBANA_HOSTNAME + value: ${KIBANA_HOSTNAME} + - name: KIBANA_OPS_HOSTNAME + value: ${KIBANA_OPS_HOSTNAME} + - name: PUBLIC_MASTER_URL + value: ${PUBLIC_MASTER_URL} + - name: MASTER_URL + value: ${MASTER_URL} + - name: ES_INSTANCE_RAM + value: ${ES_INSTANCE_RAM} + - name: ES_PVC_SIZE + value: ${ES_PVC_SIZE} + - name: ES_PVC_PREFIX + value: ${ES_PVC_PREFIX} + - name: ES_PVC_DYNAMIC + value: ${ES_PVC_DYNAMIC} + - name: ES_CLUSTER_SIZE + value: ${ES_CLUSTER_SIZE} + - name: ES_NODE_QUORUM + value: ${ES_NODE_QUORUM} + - name: ES_RECOVER_AFTER_NODES + value: ${ES_RECOVER_AFTER_NODES} + - name: ES_RECOVER_EXPECTED_NODES + value: ${ES_RECOVER_EXPECTED_NODES} + - name: ES_RECOVER_AFTER_TIME + value: ${ES_RECOVER_AFTER_TIME} + - name: ES_OPS_INSTANCE_RAM + value: ${ES_OPS_INSTANCE_RAM} + - name: ES_OPS_PVC_SIZE + value: ${ES_OPS_PVC_SIZE} + - name: ES_OPS_PVC_PREFIX + value: ${ES_OPS_PVC_PREFIX} + - name: ES_OPS_PVC_DYNAMIC + value: ${ES_OPS_PVC_DYNAMIC} + - name: ES_OPS_CLUSTER_SIZE + value: ${ES_OPS_CLUSTER_SIZE} + - name: ES_OPS_NODE_QUORUM + value: ${ES_OPS_NODE_QUORUM} + - name: ES_OPS_RECOVER_AFTER_NODES + value: ${ES_OPS_RECOVER_AFTER_NODES} + - name: ES_OPS_RECOVER_EXPECTED_NODES + value: ${ES_OPS_RECOVER_EXPECTED_NODES} + - name: ES_OPS_RECOVER_AFTER_TIME + value: ${ES_OPS_RECOVER_AFTER_TIME} + - name: FLUENTD_NODESELECTOR + value: ${FLUENTD_NODESELECTOR} + - name: ES_NODESELECTOR + value: ${ES_NODESELECTOR} + - name: ES_OPS_NODESELECTOR + value: ${ES_OPS_NODESELECTOR} + - name: KIBANA_NODESELECTOR + value: ${KIBANA_NODESELECTOR} + - name: KIBANA_OPS_NODESELECTOR + value: ${KIBANA_OPS_NODESELECTOR} + - name: CURATOR_NODESELECTOR + value: ${CURATOR_NODESELECTOR} + - name: CURATOR_OPS_NODESELECTOR + value: ${CURATOR_OPS_NODESELECTOR} + - name: MODE + value: ${MODE} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: logging-deployer + volumes: + - name: empty + emptyDir: {} + parameters: + - + description: "The mode that the deployer runs in." + name: MODE + value: "install" + - + description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "docker.io/openshift/origin-" + - + description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' + name: IMAGE_VERSION + value: "latest" + - + description: "(Deprecated) Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry." + name: IMAGE_PULL_SECRET + - + description: "(Deprecated) Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)" + name: INSECURE_REGISTRY + value: "false" + - + description: "(Deprecated) If true, set up to use a second ES cluster for ops logs." + name: ENABLE_OPS_CLUSTER + value: "false" + - + description: "(Deprecated) External hostname where clients will reach kibana" + name: KIBANA_HOSTNAME + value: "kibana.example.com" + - + description: "(Deprecated) External hostname at which admins will visit the ops Kibana." + name: KIBANA_OPS_HOSTNAME + value: kibana-ops.example.com + - + description: "(Deprecated) External URL for the master, for OAuth purposes" + name: PUBLIC_MASTER_URL + value: "https://localhost:8443" + - + description: "(Deprecated) Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc.cluster.local" + - + description: "(Deprecated) How many instances of ElasticSearch to deploy." + name: ES_CLUSTER_SIZE + value: "1" + - + description: "(Deprecated) Amount of RAM to reserve per ElasticSearch instance." + name: ES_INSTANCE_RAM + value: "8G" + - + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + name: ES_PVC_SIZE + - + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." + name: ES_PVC_PREFIX + value: "logging-es-" + - + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES PVC. ' + name: ES_PVC_DYNAMIC + - + description: "(Deprecated) Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_NODE_QUORUM + - + description: "(Deprecated) Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." + name: ES_RECOVER_AFTER_NODES + - + description: "(Deprecated) Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." + name: ES_RECOVER_EXPECTED_NODES + - + description: "(Deprecated) Timeout for *expected* nodes to be present when cluster is recovering from a full restart." + name: ES_RECOVER_AFTER_TIME + value: "5m" + - + description: "(Deprecated) How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." + name: ES_OPS_CLUSTER_SIZE + - + description: "(Deprecated) Amount of RAM to reserve per ops ElasticSearch instance." + name: ES_OPS_INSTANCE_RAM + value: "8G" + - + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + name: ES_OPS_PVC_SIZE + - + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." + name: ES_OPS_PVC_PREFIX + value: "logging-es-ops-" + - + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES ops PVC. ' + name: ES_OPS_PVC_DYNAMIC + - + description: "(Deprecated) Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_OPS_NODE_QUORUM + - + description: "(Deprecated) Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_AFTER_NODES + - + description: "(Deprecated) Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_EXPECTED_NODES + - + description: "(Deprecated) Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." + name: ES_OPS_RECOVER_AFTER_TIME + value: "5m" + - + description: "(Deprecated) The nodeSelector used for the Fluentd DaemonSet." + name: FLUENTD_NODESELECTOR + value: "logging-infra-fluentd=true" + - + description: "(Deprecated) Node selector Elasticsearch cluster (label=value)." + name: ES_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Elasticsearch operations cluster (label=value)." + name: ES_OPS_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Kibana cluster (label=value)." + name: KIBANA_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Kibana operations cluster (label=value)." + name: KIBANA_OPS_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Curator (label=value)." + name: CURATOR_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector operations Curator (label=value)." + name: CURATOR_OPS_NODESELECTOR + value: "" diff --git a/roles/openshift_hosted_templates/files/v1.3/origin/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.3/origin/metrics-deployer.yaml new file mode 100644 index 000000000..5f2290419 --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.3/origin/metrics-deployer.yaml @@ -0,0 +1,162 @@ +#!/bin/bash +# +# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: "v1" +kind: "Template" +metadata: + name: metrics-deployer-template + annotations: + description: "Template for deploying the required Metrics integration. Requires cluster-admin 'metrics-deployer' service account and 'metrics-deployer' secret." + tags: "infrastructure" +labels: + metrics-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: metrics-deployer- + spec: + securityContext: {} + containers: + - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} + name: deployer + securityContext: {} + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: MASTER_URL + value: ${MASTER_URL} + - name: MODE + value: ${MODE} + - name: CONTINUE_ON_ERROR + value: ${CONTINUE_ON_ERROR} + - name: REDEPLOY + value: ${REDEPLOY} + - name: IGNORE_PREFLIGHT + value: ${IGNORE_PREFLIGHT} + - name: USE_PERSISTENT_STORAGE + value: ${USE_PERSISTENT_STORAGE} + - name: DYNAMICALLY_PROVISION_STORAGE + value: ${DYNAMICALLY_PROVISION_STORAGE} + - name: HAWKULAR_METRICS_HOSTNAME + value: ${HAWKULAR_METRICS_HOSTNAME} + - name: CASSANDRA_NODES + value: ${CASSANDRA_NODES} + - name: CASSANDRA_PV_SIZE + value: ${CASSANDRA_PV_SIZE} + - name: METRIC_DURATION + value: ${METRIC_DURATION} + - name: USER_WRITE_ACCESS + value: ${USER_WRITE_ACCESS} + - name: HEAPSTER_NODE_ID + value: ${HEAPSTER_NODE_ID} + - name: METRIC_RESOLUTION + value: ${METRIC_RESOLUTION} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: metrics-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: metrics-deployer +parameters: +- + description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "openshift/origin-" +- + description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' + name: IMAGE_VERSION + value: "latest" +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc:443" +- + description: "External hostname where clients will reach Hawkular Metrics" + name: HAWKULAR_METRICS_HOSTNAME + required: true +- + description: "Can be set to: 'preflight' to perform validation before a deployment; 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process); 'validate' to re-run validations after a deployment" + name: MODE + value: "deploy" +- + description: "Set to true to continue even if the deployer runs into an error." + name: CONTINUE_ON_ERROR + value: "false" +- + description: "(Deprecated) Turns 'deploy' mode into 'redeploy' mode, deleting and redeploying everything (losing all data in the process)" + name: REDEPLOY + value: "false" +- + description: "If preflight validation is blocking deployment and you're sure you don't care about it, this will ignore the results and proceed to deploy." + name: IGNORE_PREFLIGHT + value: "false" +- + description: "Set to true for persistent storage, set to false to use non persistent storage" + name: USE_PERSISTENT_STORAGE + value: "true" +- + description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" + name: DYNAMICALLY_PROVISION_STORAGE + value: "false" +- + description: "The number of Cassandra Nodes to deploy for the initial cluster" + name: CASSANDRA_NODES + value: "1" +- + description: "The persistent volume size for each of the Cassandra nodes" + name: CASSANDRA_PV_SIZE + value: "10Gi" +- + description: "How many days metrics should be stored for." + name: METRIC_DURATION + value: "7" +- + description: "If a user accounts should be allowed to write metrics." + name: USER_WRITE_ACCESS + value: "false" +- + description: "The identifier used when generating metric ids in Hawkular" + name: HEAPSTER_NODE_ID + value: "nodename" +- + description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds" + name: METRIC_RESOLUTION + value: "15s" diff --git a/roles/openshift_hosted_templates/files/v1.3/origin/registry-console.yaml b/roles/openshift_hosted_templates/files/v1.3/origin/registry-console.yaml new file mode 100644 index 000000000..80cc4233b --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.3/origin/registry-console.yaml @@ -0,0 +1,124 @@ +kind: Template +apiVersion: v1 +metadata: + name: "registry-console" + annotations: + description: "Template for deploying registry web console. Requires cluster-admin." + tags: infrastructure +labels: + createdBy: "registry-console-template" +objects: + - kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "registry-console" + template: + metadata: + labels: + name: "registry-console" + spec: + containers: + - name: registry-console + image: ${IMAGE_NAME}:${IMAGE_VERSION} + ports: + - containerPort: 9090 + protocol: TCP + livenessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + env: + - name: OPENSHIFT_OAUTH_PROVIDER_URL + value: "${OPENSHIFT_OAUTH_PROVIDER_URL}" + - name: OPENSHIFT_OAUTH_CLIENT_ID + value: "${OPENSHIFT_OAUTH_CLIENT_ID}" + - name: KUBERNETES_INSECURE + value: "false" + - name: COCKPIT_KUBE_INSECURE + value: "false" + - name: REGISTRY_ONLY + value: "true" + - name: REGISTRY_HOST + value: "${REGISTRY_HOST}" + - kind: Service + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + type: ClusterIP + ports: + - name: registry-console + protocol: TCP + port: 9000 + targetPort: 9090 + selector: + name: "registry-console" + - kind: ImageStream + apiVersion: v1 + metadata: + name: registry-console + annotations: + description: Atomic Registry console + spec: + tags: + - annotations: null + from: + kind: DockerImage + name: ${IMAGE_NAME} + name: ${IMAGE_VERSION} + - kind: OAuthClient + apiVersion: v1 + metadata: + name: "${OPENSHIFT_OAUTH_CLIENT_ID}" + respondWithChallenges: false + secret: "${OPENSHIFT_OAUTH_CLIENT_SECRET}" + redirectURIs: + - "${COCKPIT_KUBE_URL}" +parameters: + - description: "Container image name" + name: IMAGE_NAME + value: "cockpit/kubernetes" + - description: 'Specify image version; e.g. for "cockpit/kubernetes:latest", set version "latest"' + name: IMAGE_VERSION + value: latest + - description: "The public URL for the Openshift OAuth Provider, e.g. https://openshift.example.com:8443" + name: OPENSHIFT_OAUTH_PROVIDER_URL + required: true + - description: "The registry console URL. This should be created beforehand using 'oc create route passthrough --service registry-console --port registry-console -n default', e.g. https://registry-console-default.example.com" + name: COCKPIT_KUBE_URL + required: true + - description: "Oauth client secret" + name: OPENSHIFT_OAUTH_CLIENT_SECRET + from: "user[a-zA-Z0-9]{64}" + generate: expression + - description: "Oauth client id" + name: OPENSHIFT_OAUTH_CLIENT_ID + value: "cockpit-oauth-client" + - description: "The integrated registry hostname exposed via route, e.g. registry.example.com" + name: REGISTRY_HOST + required: true diff --git a/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml new file mode 100644 index 000000000..a8d4b1cbb --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml @@ -0,0 +1,325 @@ +apiVersion: "v1" +kind: "List" +items: +- + apiVersion: "v1" + kind: "Template" + metadata: + name: logging-deployer-account-template + annotations: + description: "Template for creating the deployer account and roles needed for the aggregated logging deployer. Create as cluster-admin." + tags: "infrastructure" + objects: + - + apiVersion: v1 + kind: ServiceAccount + name: logging-deployer + metadata: + name: logging-deployer + labels: + logging-infra: deployer + provider: openshift + component: deployer + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-kibana + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-elasticsearch + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-fluentd + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-curator + - apiVersion: v1 + kind: ClusterRole + metadata: + name: oauth-editor + rules: + - resources: + - oauthclients + verbs: + - create + - delete + - apiVersion: v1 + kind: ClusterRole + metadata: + name: daemonset-admin + rules: + - resources: + - daemonsets + apiGroups: + - extensions + verbs: + - create + - get + - list + - watch + - delete + - update + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-edit-role + roleRef: + kind: ClusterRole + name: edit + subjects: + - kind: ServiceAccount + name: logging-deployer + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-dsadmin-role + roleRef: + kind: ClusterRole + name: daemonset-admin + subjects: + - kind: ServiceAccount + name: logging-deployer +- + apiVersion: "v1" + kind: "Template" + metadata: + name: logging-deployer-template + annotations: + description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account." + tags: "infrastructure" + labels: + logging-infra: deployer + provider: openshift + objects: + - + apiVersion: v1 + kind: Pod + metadata: + generateName: logging-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}logging-deployer:${IMAGE_VERSION} + imagePullPolicy: Always + name: deployer + volumeMounts: + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: IMAGE_PULL_SECRET + value: ${IMAGE_PULL_SECRET} + - name: INSECURE_REGISTRY + value: ${INSECURE_REGISTRY} + - name: ENABLE_OPS_CLUSTER + value: ${ENABLE_OPS_CLUSTER} + - name: KIBANA_HOSTNAME + value: ${KIBANA_HOSTNAME} + - name: KIBANA_OPS_HOSTNAME + value: ${KIBANA_OPS_HOSTNAME} + - name: PUBLIC_MASTER_URL + value: ${PUBLIC_MASTER_URL} + - name: MASTER_URL + value: ${MASTER_URL} + - name: ES_INSTANCE_RAM + value: ${ES_INSTANCE_RAM} + - name: ES_PVC_SIZE + value: ${ES_PVC_SIZE} + - name: ES_PVC_PREFIX + value: ${ES_PVC_PREFIX} + - name: ES_PVC_DYNAMIC + value: ${ES_PVC_DYNAMIC} + - name: ES_CLUSTER_SIZE + value: ${ES_CLUSTER_SIZE} + - name: ES_NODE_QUORUM + value: ${ES_NODE_QUORUM} + - name: ES_RECOVER_AFTER_NODES + value: ${ES_RECOVER_AFTER_NODES} + - name: ES_RECOVER_EXPECTED_NODES + value: ${ES_RECOVER_EXPECTED_NODES} + - name: ES_RECOVER_AFTER_TIME + value: ${ES_RECOVER_AFTER_TIME} + - name: ES_OPS_INSTANCE_RAM + value: ${ES_OPS_INSTANCE_RAM} + - name: ES_OPS_PVC_SIZE + value: ${ES_OPS_PVC_SIZE} + - name: ES_OPS_PVC_PREFIX + value: ${ES_OPS_PVC_PREFIX} + - name: ES_OPS_PVC_DYNAMIC + value: ${ES_OPS_PVC_DYNAMIC} + - name: ES_OPS_CLUSTER_SIZE + value: ${ES_OPS_CLUSTER_SIZE} + - name: ES_OPS_NODE_QUORUM + value: ${ES_OPS_NODE_QUORUM} + - name: ES_OPS_RECOVER_AFTER_NODES + value: ${ES_OPS_RECOVER_AFTER_NODES} + - name: ES_OPS_RECOVER_EXPECTED_NODES + value: ${ES_OPS_RECOVER_EXPECTED_NODES} + - name: ES_OPS_RECOVER_AFTER_TIME + value: ${ES_OPS_RECOVER_AFTER_TIME} + - name: FLUENTD_NODESELECTOR + value: ${FLUENTD_NODESELECTOR} + - name: ES_NODESELECTOR + value: ${ES_NODESELECTOR} + - name: ES_OPS_NODESELECTOR + value: ${ES_OPS_NODESELECTOR} + - name: KIBANA_NODESELECTOR + value: ${KIBANA_NODESELECTOR} + - name: KIBANA_OPS_NODESELECTOR + value: ${KIBANA_OPS_NODESELECTOR} + - name: CURATOR_NODESELECTOR + value: ${CURATOR_NODESELECTOR} + - name: CURATOR_OPS_NODESELECTOR + value: ${CURATOR_OPS_NODESELECTOR} + - name: MODE + value: ${MODE} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: logging-deployer + volumes: + - name: empty + emptyDir: {} + parameters: + - + description: "The mode that the deployer runs in." + name: MODE + value: "install" + - + description: 'Specify prefix for logging components; e.g. for "registry.access.redhat.com/openshift3/logging-deployer:3.3.0", set prefix "registry.access.redhat.com/openshift3/"' + name: IMAGE_PREFIX + value: "registry.access.redhat.com/openshift3/" + - + description: 'Specify version for logging components; e.g. for "registry.access.redhat.com/openshift3/logging-deployer:3.3.0", set version "3.3.0"' + name: IMAGE_VERSION + value: "3.3.0" + - + description: "(Deprecated) Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry." + name: IMAGE_PULL_SECRET + - + description: "(Deprecated) Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)" + name: INSECURE_REGISTRY + value: "false" + - + description: "(Deprecated) If true, set up to use a second ES cluster for ops logs." + name: ENABLE_OPS_CLUSTER + value: "false" + - + description: "(Deprecated) External hostname where clients will reach kibana" + name: KIBANA_HOSTNAME + value: "kibana.example.com" + - + description: "(Deprecated) External hostname at which admins will visit the ops Kibana." + name: KIBANA_OPS_HOSTNAME + value: kibana-ops.example.com + - + description: "(Deprecated) External URL for the master, for OAuth purposes" + name: PUBLIC_MASTER_URL + value: "https://localhost:8443" + - + description: "(Deprecated) Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc.cluster.local" + - + description: "(Deprecated) How many instances of ElasticSearch to deploy." + name: ES_CLUSTER_SIZE + value: "1" + - + description: "(Deprecated) Amount of RAM to reserve per ElasticSearch instance." + name: ES_INSTANCE_RAM + value: "8G" + - + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + name: ES_PVC_SIZE + - + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." + name: ES_PVC_PREFIX + value: "logging-es-" + - + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES PVC. ' + name: ES_PVC_DYNAMIC + - + description: "(Deprecated) Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_NODE_QUORUM + - + description: "(Deprecated) Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." + name: ES_RECOVER_AFTER_NODES + - + description: "(Deprecated) Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." + name: ES_RECOVER_EXPECTED_NODES + - + description: "(Deprecated) Timeout for *expected* nodes to be present when cluster is recovering from a full restart." + name: ES_RECOVER_AFTER_TIME + value: "5m" + - + description: "(Deprecated) How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." + name: ES_OPS_CLUSTER_SIZE + - + description: "(Deprecated) Amount of RAM to reserve per ops ElasticSearch instance." + name: ES_OPS_INSTANCE_RAM + value: "8G" + - + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + name: ES_OPS_PVC_SIZE + - + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." + name: ES_OPS_PVC_PREFIX + value: "logging-es-ops-" + - + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES ops PVC. ' + name: ES_OPS_PVC_DYNAMIC + - + description: "(Deprecated) Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_OPS_NODE_QUORUM + - + description: "(Deprecated) Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_AFTER_NODES + - + description: "(Deprecated) Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_EXPECTED_NODES + - + description: "(Deprecated) Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." + name: ES_OPS_RECOVER_AFTER_TIME + value: "5m" + - + description: "(Deprecated) The nodeSelector used for the Fluentd DaemonSet." + name: FLUENTD_NODESELECTOR + value: "logging-infra-fluentd=true" + - + description: "(Deprecated) Node selector Elasticsearch cluster (label=value)." + name: ES_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Elasticsearch operations cluster (label=value)." + name: ES_OPS_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Kibana cluster (label=value)." + name: KIBANA_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Kibana operations cluster (label=value)." + name: KIBANA_OPS_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Curator (label=value)." + name: CURATOR_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector operations Curator (label=value)." + name: CURATOR_OPS_NODESELECTOR + value: "" diff --git a/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml new file mode 100644 index 000000000..afd47ec7c --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml @@ -0,0 +1,156 @@ +#!/bin/bash +# +# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: "v1" +kind: "Template" +metadata: + name: metrics-deployer-template + annotations: + description: "Template for deploying the required Metrics integration. Requires cluster-admin 'metrics-deployer' service account and 'metrics-deployer' secret." + tags: "infrastructure" +labels: + metrics-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: metrics-deployer- + spec: + securityContext: {} + containers: + - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} + name: deployer + securityContext: {} + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: MASTER_URL + value: ${MASTER_URL} + - name: MODE + value: ${MODE} + - name: REDEPLOY + value: ${REDEPLOY} + - name: IGNORE_PREFLIGHT + value: ${IGNORE_PREFLIGHT} + - name: USE_PERSISTENT_STORAGE + value: ${USE_PERSISTENT_STORAGE} + - name: DYNAMICALLY_PROVISION_STORAGE + value: ${DYNAMICALLY_PROVISION_STORAGE} + - name: HAWKULAR_METRICS_HOSTNAME + value: ${HAWKULAR_METRICS_HOSTNAME} + - name: CASSANDRA_NODES + value: ${CASSANDRA_NODES} + - name: CASSANDRA_PV_SIZE + value: ${CASSANDRA_PV_SIZE} + - name: METRIC_DURATION + value: ${METRIC_DURATION} + - name: USER_WRITE_ACCESS + value: ${USER_WRITE_ACCESS} + - name: HEAPSTER_NODE_ID + value: ${HEAPSTER_NODE_ID} + - name: METRIC_RESOLUTION + value: ${METRIC_RESOLUTION} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: metrics-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: metrics-deployer +parameters: +- + description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "registry.access.redhat.com/openshift3/" +- + description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' + name: IMAGE_VERSION + value: "3.3.0" +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc:443" +- + description: "External hostname where clients will reach Hawkular Metrics" + name: HAWKULAR_METRICS_HOSTNAME + required: true +- + description: "Can be set to: 'preflight' to perform validation before a deployment; 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process); 'validate' to re-run validations after a deployment" + name: MODE + value: "deploy" +- + description: "(Deprecated) Turns 'deploy' mode into 'redeploy' mode, deleting and redeploying everything (losing all data in the process)" + name: REDEPLOY + value: "false" +- + description: "If preflight validation is blocking deployment and you're sure you don't care about it, this will ignore the results and proceed to deploy." + name: IGNORE_PREFLIGHT + value: "false" +- + description: "Set to true for persistent storage, set to false to use non persistent storage" + name: USE_PERSISTENT_STORAGE + value: "true" +- + description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" + name: DYNAMICALLY_PROVISION_STORAGE + value: "false" +- + description: "The number of Cassandra Nodes to deploy for the initial cluster" + name: CASSANDRA_NODES + value: "1" +- + description: "The persistent volume size for each of the Cassandra nodes" + name: CASSANDRA_PV_SIZE + value: "10Gi" +- + description: "How many days metrics should be stored for." + name: METRIC_DURATION + value: "7" +- + description: "If a user accounts should be allowed to write metrics." + name: USER_WRITE_ACCESS + value: "false" +- + description: "The identifier used when generating metric ids in Hawkular" + name: HEAPSTER_NODE_ID + value: "nodename" +- + description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds" + name: METRIC_RESOLUTION + value: "15s" diff --git a/roles/openshift_hosted_templates/files/v1.4/enterprise/registry-console.yaml b/roles/openshift_hosted_templates/files/v1.4/enterprise/registry-console.yaml new file mode 100644 index 000000000..11478263c --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.4/enterprise/registry-console.yaml @@ -0,0 +1,124 @@ +kind: Template +apiVersion: v1 +metadata: + name: "registry-console" + annotations: + description: "Template for deploying registry web console. Requires cluster-admin." + tags: infrastructure +labels: + createdBy: "registry-console-template" +objects: + - kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "registry-console" + template: + metadata: + labels: + name: "registry-console" + spec: + containers: + - name: registry-console + image: ${IMAGE_PREFIX}registry-console:${IMAGE_VERSION} + ports: + - containerPort: 9090 + protocol: TCP + livenessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + env: + - name: OPENSHIFT_OAUTH_PROVIDER_URL + value: "${OPENSHIFT_OAUTH_PROVIDER_URL}" + - name: OPENSHIFT_OAUTH_CLIENT_ID + value: "${OPENSHIFT_OAUTH_CLIENT_ID}" + - name: KUBERNETES_INSECURE + value: "false" + - name: COCKPIT_KUBE_INSECURE + value: "false" + - name: REGISTRY_ONLY + value: "true" + - name: REGISTRY_HOST + value: "${REGISTRY_HOST}" + - kind: Service + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + type: ClusterIP + ports: + - name: registry-console + protocol: TCP + port: 9000 + targetPort: 9090 + selector: + name: "registry-console" + - kind: ImageStream + apiVersion: v1 + metadata: + name: registry-console + annotations: + description: Atomic Registry console + spec: + tags: + - annotations: null + from: + kind: DockerImage + name: ${IMAGE_PREFIX}registry-console + name: ${IMAGE_VERSION} + - kind: OAuthClient + apiVersion: v1 + metadata: + name: "${OPENSHIFT_OAUTH_CLIENT_ID}" + respondWithChallenges: false + secret: "${OPENSHIFT_OAUTH_CLIENT_SECRET}" + redirectURIs: + - "${COCKPIT_KUBE_URL}" +parameters: + - description: 'Specify "registry/repository" prefix for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", set prefix "registry.access.redhat.com/openshift3/"' + name: IMAGE_PREFIX + value: "registry.access.redhat.com/openshift3/" + - description: 'Specify image version; e.g. for "registry.access.redhat.com/openshift3/registry-console:3.3", set version "3.3"' + name: IMAGE_VERSION + value: "3.3" + - description: "The public URL for the Openshift OAuth Provider, e.g. https://openshift.example.com:8443" + name: OPENSHIFT_OAUTH_PROVIDER_URL + required: true + - description: "The registry console URL. This should be created beforehand using 'oc create route passthrough --service registry-console --port registry-console -n default', e.g. https://registry-console-default.example.com" + name: COCKPIT_KUBE_URL + required: true + - description: "Oauth client secret" + name: OPENSHIFT_OAUTH_CLIENT_SECRET + from: "user[a-zA-Z0-9]{64}" + generate: expression + - description: "Oauth client id" + name: OPENSHIFT_OAUTH_CLIENT_ID + value: "cockpit-oauth-client" + - description: "The integrated registry hostname exposed via route, e.g. registry.example.com" + name: REGISTRY_HOST + required: true diff --git a/roles/openshift_hosted_templates/files/v1.4/origin/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.4/origin/logging-deployer.yaml new file mode 100644 index 000000000..8b28f872f --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.4/origin/logging-deployer.yaml @@ -0,0 +1,325 @@ +apiVersion: "v1" +kind: "List" +items: +- + apiVersion: "v1" + kind: "Template" + metadata: + name: logging-deployer-account-template + annotations: + description: "Template for creating the deployer account and roles needed for the aggregated logging deployer. Create as cluster-admin." + tags: "infrastructure" + objects: + - + apiVersion: v1 + kind: ServiceAccount + name: logging-deployer + metadata: + name: logging-deployer + labels: + logging-infra: deployer + provider: openshift + component: deployer + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-kibana + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-elasticsearch + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-fluentd + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-curator + - apiVersion: v1 + kind: ClusterRole + metadata: + name: oauth-editor + rules: + - resources: + - oauthclients + verbs: + - create + - delete + - apiVersion: v1 + kind: ClusterRole + metadata: + name: daemonset-admin + rules: + - resources: + - daemonsets + apiGroups: + - extensions + verbs: + - create + - get + - list + - watch + - delete + - update + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-edit-role + roleRef: + kind: ClusterRole + name: edit + subjects: + - kind: ServiceAccount + name: logging-deployer + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-dsadmin-role + roleRef: + kind: ClusterRole + name: daemonset-admin + subjects: + - kind: ServiceAccount + name: logging-deployer +- + apiVersion: "v1" + kind: "Template" + metadata: + name: logging-deployer-template + annotations: + description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account." + tags: "infrastructure" + labels: + logging-infra: deployer + provider: openshift + objects: + - + apiVersion: v1 + kind: Pod + metadata: + generateName: logging-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}logging-deployment:${IMAGE_VERSION} + imagePullPolicy: Always + name: deployer + volumeMounts: + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: IMAGE_PULL_SECRET + value: ${IMAGE_PULL_SECRET} + - name: INSECURE_REGISTRY + value: ${INSECURE_REGISTRY} + - name: ENABLE_OPS_CLUSTER + value: ${ENABLE_OPS_CLUSTER} + - name: KIBANA_HOSTNAME + value: ${KIBANA_HOSTNAME} + - name: KIBANA_OPS_HOSTNAME + value: ${KIBANA_OPS_HOSTNAME} + - name: PUBLIC_MASTER_URL + value: ${PUBLIC_MASTER_URL} + - name: MASTER_URL + value: ${MASTER_URL} + - name: ES_INSTANCE_RAM + value: ${ES_INSTANCE_RAM} + - name: ES_PVC_SIZE + value: ${ES_PVC_SIZE} + - name: ES_PVC_PREFIX + value: ${ES_PVC_PREFIX} + - name: ES_PVC_DYNAMIC + value: ${ES_PVC_DYNAMIC} + - name: ES_CLUSTER_SIZE + value: ${ES_CLUSTER_SIZE} + - name: ES_NODE_QUORUM + value: ${ES_NODE_QUORUM} + - name: ES_RECOVER_AFTER_NODES + value: ${ES_RECOVER_AFTER_NODES} + - name: ES_RECOVER_EXPECTED_NODES + value: ${ES_RECOVER_EXPECTED_NODES} + - name: ES_RECOVER_AFTER_TIME + value: ${ES_RECOVER_AFTER_TIME} + - name: ES_OPS_INSTANCE_RAM + value: ${ES_OPS_INSTANCE_RAM} + - name: ES_OPS_PVC_SIZE + value: ${ES_OPS_PVC_SIZE} + - name: ES_OPS_PVC_PREFIX + value: ${ES_OPS_PVC_PREFIX} + - name: ES_OPS_PVC_DYNAMIC + value: ${ES_OPS_PVC_DYNAMIC} + - name: ES_OPS_CLUSTER_SIZE + value: ${ES_OPS_CLUSTER_SIZE} + - name: ES_OPS_NODE_QUORUM + value: ${ES_OPS_NODE_QUORUM} + - name: ES_OPS_RECOVER_AFTER_NODES + value: ${ES_OPS_RECOVER_AFTER_NODES} + - name: ES_OPS_RECOVER_EXPECTED_NODES + value: ${ES_OPS_RECOVER_EXPECTED_NODES} + - name: ES_OPS_RECOVER_AFTER_TIME + value: ${ES_OPS_RECOVER_AFTER_TIME} + - name: FLUENTD_NODESELECTOR + value: ${FLUENTD_NODESELECTOR} + - name: ES_NODESELECTOR + value: ${ES_NODESELECTOR} + - name: ES_OPS_NODESELECTOR + value: ${ES_OPS_NODESELECTOR} + - name: KIBANA_NODESELECTOR + value: ${KIBANA_NODESELECTOR} + - name: KIBANA_OPS_NODESELECTOR + value: ${KIBANA_OPS_NODESELECTOR} + - name: CURATOR_NODESELECTOR + value: ${CURATOR_NODESELECTOR} + - name: CURATOR_OPS_NODESELECTOR + value: ${CURATOR_OPS_NODESELECTOR} + - name: MODE + value: ${MODE} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: logging-deployer + volumes: + - name: empty + emptyDir: {} + parameters: + - + description: "The mode that the deployer runs in." + name: MODE + value: "install" + - + description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "docker.io/openshift/origin-" + - + description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' + name: IMAGE_VERSION + value: "latest" + - + description: "(Deprecated) Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry." + name: IMAGE_PULL_SECRET + - + description: "(Deprecated) Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)" + name: INSECURE_REGISTRY + value: "false" + - + description: "(Deprecated) If true, set up to use a second ES cluster for ops logs." + name: ENABLE_OPS_CLUSTER + value: "false" + - + description: "(Deprecated) External hostname where clients will reach kibana" + name: KIBANA_HOSTNAME + value: "kibana.example.com" + - + description: "(Deprecated) External hostname at which admins will visit the ops Kibana." + name: KIBANA_OPS_HOSTNAME + value: kibana-ops.example.com + - + description: "(Deprecated) External URL for the master, for OAuth purposes" + name: PUBLIC_MASTER_URL + value: "https://localhost:8443" + - + description: "(Deprecated) Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc.cluster.local" + - + description: "(Deprecated) How many instances of ElasticSearch to deploy." + name: ES_CLUSTER_SIZE + value: "1" + - + description: "(Deprecated) Amount of RAM to reserve per ElasticSearch instance." + name: ES_INSTANCE_RAM + value: "8G" + - + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + name: ES_PVC_SIZE + - + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." + name: ES_PVC_PREFIX + value: "logging-es-" + - + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES PVC. ' + name: ES_PVC_DYNAMIC + - + description: "(Deprecated) Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_NODE_QUORUM + - + description: "(Deprecated) Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." + name: ES_RECOVER_AFTER_NODES + - + description: "(Deprecated) Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." + name: ES_RECOVER_EXPECTED_NODES + - + description: "(Deprecated) Timeout for *expected* nodes to be present when cluster is recovering from a full restart." + name: ES_RECOVER_AFTER_TIME + value: "5m" + - + description: "(Deprecated) How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." + name: ES_OPS_CLUSTER_SIZE + - + description: "(Deprecated) Amount of RAM to reserve per ops ElasticSearch instance." + name: ES_OPS_INSTANCE_RAM + value: "8G" + - + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + name: ES_OPS_PVC_SIZE + - + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." + name: ES_OPS_PVC_PREFIX + value: "logging-es-ops-" + - + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES ops PVC. ' + name: ES_OPS_PVC_DYNAMIC + - + description: "(Deprecated) Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_OPS_NODE_QUORUM + - + description: "(Deprecated) Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_AFTER_NODES + - + description: "(Deprecated) Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_EXPECTED_NODES + - + description: "(Deprecated) Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." + name: ES_OPS_RECOVER_AFTER_TIME + value: "5m" + - + description: "(Deprecated) The nodeSelector used for the Fluentd DaemonSet." + name: FLUENTD_NODESELECTOR + value: "logging-infra-fluentd=true" + - + description: "(Deprecated) Node selector Elasticsearch cluster (label=value)." + name: ES_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Elasticsearch operations cluster (label=value)." + name: ES_OPS_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Kibana cluster (label=value)." + name: KIBANA_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Kibana operations cluster (label=value)." + name: KIBANA_OPS_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Curator (label=value)." + name: CURATOR_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector operations Curator (label=value)." + name: CURATOR_OPS_NODESELECTOR + value: "" diff --git a/roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml new file mode 100644 index 000000000..5f2290419 --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml @@ -0,0 +1,162 @@ +#!/bin/bash +# +# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: "v1" +kind: "Template" +metadata: + name: metrics-deployer-template + annotations: + description: "Template for deploying the required Metrics integration. Requires cluster-admin 'metrics-deployer' service account and 'metrics-deployer' secret." + tags: "infrastructure" +labels: + metrics-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: metrics-deployer- + spec: + securityContext: {} + containers: + - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} + name: deployer + securityContext: {} + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: MASTER_URL + value: ${MASTER_URL} + - name: MODE + value: ${MODE} + - name: CONTINUE_ON_ERROR + value: ${CONTINUE_ON_ERROR} + - name: REDEPLOY + value: ${REDEPLOY} + - name: IGNORE_PREFLIGHT + value: ${IGNORE_PREFLIGHT} + - name: USE_PERSISTENT_STORAGE + value: ${USE_PERSISTENT_STORAGE} + - name: DYNAMICALLY_PROVISION_STORAGE + value: ${DYNAMICALLY_PROVISION_STORAGE} + - name: HAWKULAR_METRICS_HOSTNAME + value: ${HAWKULAR_METRICS_HOSTNAME} + - name: CASSANDRA_NODES + value: ${CASSANDRA_NODES} + - name: CASSANDRA_PV_SIZE + value: ${CASSANDRA_PV_SIZE} + - name: METRIC_DURATION + value: ${METRIC_DURATION} + - name: USER_WRITE_ACCESS + value: ${USER_WRITE_ACCESS} + - name: HEAPSTER_NODE_ID + value: ${HEAPSTER_NODE_ID} + - name: METRIC_RESOLUTION + value: ${METRIC_RESOLUTION} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: metrics-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: metrics-deployer +parameters: +- + description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "openshift/origin-" +- + description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' + name: IMAGE_VERSION + value: "latest" +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc:443" +- + description: "External hostname where clients will reach Hawkular Metrics" + name: HAWKULAR_METRICS_HOSTNAME + required: true +- + description: "Can be set to: 'preflight' to perform validation before a deployment; 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process); 'validate' to re-run validations after a deployment" + name: MODE + value: "deploy" +- + description: "Set to true to continue even if the deployer runs into an error." + name: CONTINUE_ON_ERROR + value: "false" +- + description: "(Deprecated) Turns 'deploy' mode into 'redeploy' mode, deleting and redeploying everything (losing all data in the process)" + name: REDEPLOY + value: "false" +- + description: "If preflight validation is blocking deployment and you're sure you don't care about it, this will ignore the results and proceed to deploy." + name: IGNORE_PREFLIGHT + value: "false" +- + description: "Set to true for persistent storage, set to false to use non persistent storage" + name: USE_PERSISTENT_STORAGE + value: "true" +- + description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" + name: DYNAMICALLY_PROVISION_STORAGE + value: "false" +- + description: "The number of Cassandra Nodes to deploy for the initial cluster" + name: CASSANDRA_NODES + value: "1" +- + description: "The persistent volume size for each of the Cassandra nodes" + name: CASSANDRA_PV_SIZE + value: "10Gi" +- + description: "How many days metrics should be stored for." + name: METRIC_DURATION + value: "7" +- + description: "If a user accounts should be allowed to write metrics." + name: USER_WRITE_ACCESS + value: "false" +- + description: "The identifier used when generating metric ids in Hawkular" + name: HEAPSTER_NODE_ID + value: "nodename" +- + description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds" + name: METRIC_RESOLUTION + value: "15s" diff --git a/roles/openshift_hosted_templates/files/v1.4/origin/registry-console.yaml b/roles/openshift_hosted_templates/files/v1.4/origin/registry-console.yaml new file mode 100644 index 000000000..80cc4233b --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.4/origin/registry-console.yaml @@ -0,0 +1,124 @@ +kind: Template +apiVersion: v1 +metadata: + name: "registry-console" + annotations: + description: "Template for deploying registry web console. Requires cluster-admin." + tags: infrastructure +labels: + createdBy: "registry-console-template" +objects: + - kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "registry-console" + template: + metadata: + labels: + name: "registry-console" + spec: + containers: + - name: registry-console + image: ${IMAGE_NAME}:${IMAGE_VERSION} + ports: + - containerPort: 9090 + protocol: TCP + livenessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + env: + - name: OPENSHIFT_OAUTH_PROVIDER_URL + value: "${OPENSHIFT_OAUTH_PROVIDER_URL}" + - name: OPENSHIFT_OAUTH_CLIENT_ID + value: "${OPENSHIFT_OAUTH_CLIENT_ID}" + - name: KUBERNETES_INSECURE + value: "false" + - name: COCKPIT_KUBE_INSECURE + value: "false" + - name: REGISTRY_ONLY + value: "true" + - name: REGISTRY_HOST + value: "${REGISTRY_HOST}" + - kind: Service + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + type: ClusterIP + ports: + - name: registry-console + protocol: TCP + port: 9000 + targetPort: 9090 + selector: + name: "registry-console" + - kind: ImageStream + apiVersion: v1 + metadata: + name: registry-console + annotations: + description: Atomic Registry console + spec: + tags: + - annotations: null + from: + kind: DockerImage + name: ${IMAGE_NAME} + name: ${IMAGE_VERSION} + - kind: OAuthClient + apiVersion: v1 + metadata: + name: "${OPENSHIFT_OAUTH_CLIENT_ID}" + respondWithChallenges: false + secret: "${OPENSHIFT_OAUTH_CLIENT_SECRET}" + redirectURIs: + - "${COCKPIT_KUBE_URL}" +parameters: + - description: "Container image name" + name: IMAGE_NAME + value: "cockpit/kubernetes" + - description: 'Specify image version; e.g. for "cockpit/kubernetes:latest", set version "latest"' + name: IMAGE_VERSION + value: latest + - description: "The public URL for the Openshift OAuth Provider, e.g. https://openshift.example.com:8443" + name: OPENSHIFT_OAUTH_PROVIDER_URL + required: true + - description: "The registry console URL. This should be created beforehand using 'oc create route passthrough --service registry-console --port registry-console -n default', e.g. https://registry-console-default.example.com" + name: COCKPIT_KUBE_URL + required: true + - description: "Oauth client secret" + name: OPENSHIFT_OAUTH_CLIENT_SECRET + from: "user[a-zA-Z0-9]{64}" + generate: expression + - description: "Oauth client id" + name: OPENSHIFT_OAUTH_CLIENT_ID + value: "cockpit-oauth-client" + - description: "The integrated registry hostname exposed via route, e.g. registry.example.com" + name: REGISTRY_HOST + required: true diff --git a/roles/openshift_hosted_templates/meta/main.yml b/roles/openshift_hosted_templates/meta/main.yml new file mode 100644 index 000000000..9c12865bf --- /dev/null +++ b/roles/openshift_hosted_templates/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Andrew Butcher + description: OpenShift Hosted Templates + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.1 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: openshift_common diff --git a/roles/openshift_hosted_templates/tasks/main.yml b/roles/openshift_hosted_templates/tasks/main.yml new file mode 100644 index 000000000..45b35da92 --- /dev/null +++ b/roles/openshift_hosted_templates/tasks/main.yml @@ -0,0 +1,65 @@ +--- +- name: Create local temp dir for OpenShift hosted templates copy + local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX + become: False + register: copy_hosted_templates_mktemp + run_once: True + +- name: Create tar of OpenShift examples + local_action: command tar -C "{{ role_path }}/files/{{ content_version }}/{{ hosted_deployment_type }}" -cvf "{{ copy_hosted_templates_mktemp.stdout }}/openshift-hosted-templates.tar" . + args: + # Disables the following warning: + # Consider using unarchive module rather than running tar + warn: no + become: False + register: copy_hosted_templates_tar + +- name: Create remote OpenShift hosted templates directory + file: + dest: "{{ hosted_base }}" + state: directory + mode: 0755 + +- name: Unarchive the OpenShift hosted templates on the remote + unarchive: + src: "{{ copy_hosted_templates_mktemp.stdout }}/openshift-hosted-templates.tar" + dest: "{{ hosted_base }}/" + +- name: Cleanup the OpenShift hosted templates temp dir + become: False + local_action: file dest="{{ copy_hosted_templates_mktemp.stdout }}" state=absent + +- name: Modify registry paths if registry_url is not registry.access.redhat.com + shell: > + find {{ hosted_base }} -type f | xargs -n 1 sed -i 's|registry.access.redhat.com|{{ registry_host | quote }}|g' + when: registry_host != '' and openshift_hosted_modify_imagestreams | default(False) | bool + +- name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False + +- name: Record kubeconfig tmp dir + set_fact: + openshift_hosted_templates_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + +- name: Copy the admin client config(s) + command: > + cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{ openshift_hosted_templates_kubeconfig }} + changed_when: False + +- name: Create or update hosted templates + command: > + {{ openshift.common.client_binary }} {{ openshift_hosted_templates_import_command }} + -f {{ hosted_base }} + --config={{ openshift_hosted_templates_kubeconfig }} + -n openshift + register: oht_import_templates + failed_when: "'already exists' not in oht_import_templates.stderr and oht_import_templates.rc != 0" + changed_when: "'created' in oht_import_templates.stdout" + +- name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False -- cgit v1.2.1