kind: Template apiVersion: v1 metadata: name: "registry-console" annotations: description: "Template for deploying registry web console. Requires cluster-admin." tags: infrastructure labels: createdBy: "registry-console-template" objects: - kind: DeploymentConfig apiVersion: v1 metadata: name: "registry-console" labels: name: "registry-console" spec: triggers: - type: ConfigChange replicas: 1 selector: name: "registry-console" template: metadata: labels: name: "registry-console" spec: containers: - name: registry-console image: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} ports: - containerPort: 9090 protocol: TCP livenessProbe: failureThreshold: 3 httpGet: path: /ping port: 9090 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 readinessProbe: failureThreshold: 3 httpGet: path: /ping port: 9090 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 env: - name: OPENSHIFT_OAUTH_PROVIDER_URL value: "${OPENSHIFT_OAUTH_PROVIDER_URL}" - name: OPENSHIFT_OAUTH_CLIENT_ID value: "${OPENSHIFT_OAUTH_CLIENT_ID}" - name: KUBERNETES_INSECURE value: "false" - name: COCKPIT_KUBE_INSECURE value: "false" - name: REGISTRY_ONLY value: "true" - name: REGISTRY_HOST value: "${REGISTRY_HOST}" - kind: Service apiVersion: v1 metadata: name: "registry-console" labels: name: "registry-console" spec: type: ClusterIP ports: - name: registry-console protocol: TCP port: 9000 targetPort: 9090 selector: name: "registry-console" - kind: ImageStream apiVersion: v1 metadata: name: registry-console annotations: description: Atomic Registry console spec: tags: - annotations: null from: kind: DockerImage name: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} name: ${IMAGE_VERSION} - kind: OAuthClient apiVersion: v1 metadata: name: "${OPENSHIFT_OAUTH_CLIENT_ID}" respondWithChallenges: false secret: "${OPENSHIFT_OAUTH_CLIENT_SECRET}" redirectURIs: - "${COCKPIT_KUBE_URL}" parameters: - description: 'Specify "registry/namespace" prefix for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", set prefix "registry.example.com/cockpit/"' name: IMAGE_PREFIX value: "cockpit/" - description: 'Specify component name for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", use base name "kubernetes"' name: IMAGE_BASENAME value: "kubernetes" - description: 'Specify image version; e.g. for "cockpit/kubernetes:latest", set version "latest"' name: IMAGE_VERSION value: latest - description: "The public URL for the Openshift OAuth Provider, e.g. https://openshift.example.com:8443" name: OPENSHIFT_OAUTH_PROVIDER_URL required: true - description: "The registry console URL. This should be created beforehand using 'oc create route passthrough --service registry-console --port registry-console -n default', e.g. https://registry-console-default.example.com" name: COCKPIT_KUBE_URL required: true - description: "Oauth client secret" name: OPENSHIFT_OAUTH_CLIENT_SECRET from: "user[a-zA-Z0-9]{64}" generate: expression - description: "Oauth client id" name: OPENSHIFT_OAUTH_CLIENT_ID value: "cockpit-oauth-client" - description: "The integrated registry hostname exposed via route, e.g. registry.example.com" name: REGISTRY_HOST required: true