Skip to content

Commit 9aa6958

Browse files
committed
install service catalog w/ oc cluster up
1 parent 1fe913d commit 9aa6958

File tree

9 files changed

+1160
-59
lines changed

9 files changed

+1160
-59
lines changed
Lines changed: 367 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,367 @@
1+
apiVersion: v1
2+
kind: Template
3+
metadata:
4+
name: service-catalog
5+
objects:
6+
7+
- kind: ClusterRoleBinding
8+
apiVersion: v1
9+
metadata:
10+
name: template-broker-caller-binding
11+
roleRef:
12+
name: system:openshift:templateservicebroker-client
13+
groupNames:
14+
- system:unauthenticated
15+
- system:authenticated
16+
- system:anonymous
17+
18+
- kind: ClusterRole
19+
apiVersion: v1
20+
metadata:
21+
name: servicecatalog-serviceclass-viewer
22+
rules:
23+
- apiGroups:
24+
- servicecatalog.k8s.io
25+
resources:
26+
- serviceclasses
27+
verbs:
28+
- list
29+
- watch
30+
- get
31+
- kind: ClusterRoleBinding
32+
apiVersion: v1
33+
metadata:
34+
name: servicecatalog-serviceclass-viewer-binding
35+
roleRef:
36+
name: servicecatalog-serviceclass-viewer
37+
groupNames:
38+
- system:authenticated
39+
40+
- kind: ServiceAccount
41+
apiVersion: v1
42+
metadata:
43+
name: service-catalog-controller
44+
45+
- kind: ServiceAccount
46+
apiVersion: v1
47+
metadata:
48+
name: service-catalog-apiserver
49+
50+
- kind: ClusterRole
51+
apiVersion: v1
52+
metadata:
53+
name: namespace-viewer
54+
rules:
55+
- apiGroups:
56+
- ""
57+
resources:
58+
- namespaces
59+
verbs:
60+
- list
61+
- watch
62+
- get
63+
- kind: ClusterRoleBinding
64+
apiVersion: v1
65+
metadata:
66+
name: service-catalog-namespace-viewer-binding
67+
roleRef:
68+
name: namespace-viewer
69+
userNames:
70+
- system:serviceaccount:service-catalog:service-catalog-apiserver
71+
- kind: ClusterRoleBinding
72+
apiVersion: v1
73+
metadata:
74+
name: service-catalog-controller-namespace-viewer-binding
75+
roleRef:
76+
name: namespace-viewer
77+
userNames:
78+
- system:serviceaccount:service-catalog:service-catalog-controller
79+
80+
- kind: ClusterRole
81+
apiVersion: v1
82+
metadata:
83+
name: service-catalog-controller
84+
rules:
85+
- apiGroups:
86+
- ""
87+
resources:
88+
- secrets
89+
- podpresets
90+
verbs:
91+
- create
92+
- update
93+
- delete
94+
- get
95+
- list
96+
- watch
97+
- apiGroups:
98+
- servicecatalog.k8s.io
99+
resources:
100+
- brokers/status
101+
- instances/status
102+
- bindings/status
103+
verbs:
104+
- update
105+
- kind: ClusterRoleBinding
106+
apiVersion: v1
107+
metadata:
108+
name: service-catalog-controller-binding
109+
roleRef:
110+
name: service-catalog-controller
111+
userNames:
112+
- system:serviceaccount:service-catalog:service-catalog-controller
113+
114+
- kind: Role
115+
apiVersion: v1
116+
metadata:
117+
name: endpoint-accessor
118+
rules:
119+
- apiGroups:
120+
- ""
121+
resources:
122+
- endpoints
123+
verbs:
124+
- list
125+
- watch
126+
- get
127+
- create
128+
- update
129+
- kind: RoleBinding
130+
apiVersion: v1
131+
metadata:
132+
name: endpointer-accessor-binding
133+
roleRef:
134+
name: endpoint-accessor
135+
namespace: service-catalog
136+
userNames:
137+
- system:serviceaccount:service-catalog:service-catalog-controller
138+
139+
- kind: Role
140+
apiVersion: v1
141+
metadata:
142+
name: extension-apiserver-authentication-reader
143+
namespace: ${KUBE_SYSTEM_NAMESPACE}
144+
rules:
145+
- apiGroups:
146+
- ""
147+
resourceNames:
148+
- extension-apiserver-authentication
149+
resources:
150+
- configmaps
151+
verbs:
152+
- get
153+
- kind: RoleBinding
154+
apiVersion: v1
155+
metadata:
156+
name: extension-apiserver-authentication-reader-binding
157+
namespace: ${KUBE_SYSTEM_NAMESPACE}
158+
roleRef:
159+
name: extension-apiserver-authentication-reader
160+
namespace: kube-system
161+
userNames:
162+
- system:serviceaccount:service-catalog:service-catalog-apiserver
163+
164+
- kind: ClusterRoleBinding
165+
apiVersion: v1
166+
metadata:
167+
name: system:auth-delegator-binding
168+
roleRef:
169+
name: system:auth-delegator
170+
userNames:
171+
- system:serviceaccount:service-catalog:service-catalog-apiserver
172+
173+
174+
- kind: Deployment
175+
apiVersion: extensions/v1beta1
176+
metadata:
177+
labels:
178+
app: apiserver
179+
name: apiserver
180+
spec:
181+
replicas: 1
182+
selector:
183+
matchLabels:
184+
app: apiserver
185+
strategy:
186+
rollingUpdate:
187+
maxSurge: 1
188+
maxUnavailable: 1
189+
type: RollingUpdate
190+
template:
191+
metadata:
192+
labels:
193+
app: apiserver
194+
spec:
195+
serviceAccountName: service-catalog-apiserver
196+
containers:
197+
- args:
198+
- --admission-control
199+
- KubernetesNamespaceLifecycle
200+
- --storage-type
201+
- etcd
202+
- --secure-port
203+
- "6443"
204+
- --insecure-bind-address
205+
- 0.0.0.0
206+
- --insecure-port
207+
- "8081"
208+
- --etcd-servers
209+
- http://localhost:2379
210+
- -v
211+
- "10"
212+
- --cors-allowed-origins
213+
- ${CORS_ALLOWED_ORIGIN}
214+
image: quay.io/kubernetes-service-catalog/apiserver:${SERVICE_CATALOG_TAG}
215+
imagePullPolicy: IfNotPresent
216+
name: apiserver
217+
ports:
218+
- containerPort: 6443
219+
protocol: TCP
220+
- containerPort: 8081
221+
protocol: TCP
222+
resources: {}
223+
terminationMessagePath: /dev/termination-log
224+
volumeMounts:
225+
- mountPath: /var/run/kubernetes-service-catalog
226+
name: apiserver-ssl
227+
readOnly: true
228+
- env:
229+
- name: ETCD_DATA_DIR
230+
value: /data-dir
231+
image: quay.io/coreos/etcd
232+
imagePullPolicy: IfNotPresent
233+
name: etcd
234+
resources: {}
235+
terminationMessagePath: /dev/termination-log
236+
volumeMounts:
237+
- mountPath: /data-dir
238+
name: data-dir
239+
dnsPolicy: ClusterFirst
240+
restartPolicy: Always
241+
securityContext: {}
242+
terminationGracePeriodSeconds: 30
243+
volumes:
244+
- name: apiserver-ssl
245+
secret:
246+
defaultMode: 420
247+
secretName: apiserver-ssl
248+
items:
249+
- key: tls.crt
250+
path: apiserver.crt
251+
- key: tls.key
252+
path: apiserver.key
253+
- emptyDir: {}
254+
name: data-dir
255+
256+
- kind: Service
257+
apiVersion: v1
258+
metadata:
259+
name: apiserver
260+
annotations:
261+
service.alpha.openshift.io/serving-cert-secret-name: 'apiserver-ssl'
262+
spec:
263+
type: ClusterIP
264+
clusterIP: ${SERVICE_CATALOG_SERVICE_IP}
265+
ports:
266+
- name: insecure
267+
port: 80
268+
protocol: TCP
269+
targetPort: 8081
270+
- name: secure
271+
port: 443
272+
protocol: TCP
273+
targetPort: 6443
274+
selector:
275+
app: apiserver
276+
sessionAffinity: None
277+
278+
- kind: Deployment
279+
apiVersion: extensions/v1beta1
280+
metadata:
281+
labels:
282+
app: controller-manager
283+
name: controller-manager
284+
spec:
285+
replicas: 1
286+
selector:
287+
matchLabels:
288+
app: controller-manager
289+
strategy:
290+
rollingUpdate:
291+
maxSurge: 1
292+
maxUnavailable: 1
293+
type: RollingUpdate
294+
template:
295+
metadata:
296+
labels:
297+
app: controller-manager
298+
spec:
299+
serviceAccountName: service-catalog-controller
300+
containers:
301+
- args:
302+
- -v
303+
- "5"
304+
- --service-catalog-api-server-url
305+
- http://$(APISERVER_SERVICE_HOST):$(APISERVER_SERVICE_PORT)
306+
- --leader-election-namespace
307+
- service-catalog
308+
image: quay.io/kubernetes-service-catalog/controller-manager:${SERVICE_CATALOG_TAG}
309+
imagePullPolicy: IfNotPresent
310+
name: controller-manager
311+
ports:
312+
- containerPort: 8080
313+
protocol: TCP
314+
resources: {}
315+
terminationMessagePath: /dev/termination-log
316+
volumeMounts:
317+
- mountPath: /etc/service-catalog-ssl
318+
name: service-catalog-ssl
319+
readOnly: true
320+
dnsPolicy: ClusterFirst
321+
restartPolicy: Always
322+
securityContext: {}
323+
terminationGracePeriodSeconds: 30
324+
volumes:
325+
- name: service-catalog-ssl
326+
secret:
327+
defaultMode: 420
328+
items:
329+
- key: tls.crt
330+
path: apiserver.crt
331+
secretName: apiserver-ssl
332+
- kind: Service
333+
apiVersion: v1
334+
metadata:
335+
name: controller-manager
336+
spec:
337+
ports:
338+
- port: 6443
339+
protocol: TCP
340+
targetPort: 6443
341+
selector:
342+
app: controller-manager
343+
sessionAffinity: None
344+
type: ClusterIP
345+
346+
parameters:
347+
- description: CORS allowed origin for the API server, if you need to specify multiple modify the Deployment after creation
348+
displayName: CORS Allowed Origin
349+
name: CORS_ALLOWED_ORIGIN
350+
required: true
351+
value: 10.192.213.116
352+
- description: Tag of the service catalog images to use for apiserver and controller-manager
353+
displayName: Service catalog image tag
354+
name: SERVICE_CATALOG_TAG
355+
required: true
356+
value: canary
357+
- description: Cluster ip address for the service catalog service
358+
displayName: Service Catalog Service IP
359+
name: SERVICE_CATALOG_SERVICE_IP
360+
required: true
361+
value: 172.30.1.2
362+
- description: Do not change this value.
363+
displayName: Name of the kube-system namespace
364+
name: KUBE_SYSTEM_NAMESPACE
365+
required: true
366+
value: kube-system
367+

hack/update-generated-bindata.sh

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,9 +28,10 @@ pushd "${OS_ROOT}" > /dev/null
2828
${EXAMPLES}/jenkins \
2929
${EXAMPLES}/jenkins/pipeline \
3030
${EXAMPLES}/quickstarts/... \
31-
${EXAMPLES}/logging/... \
32-
${EXAMPLES}/heapster/... \
33-
${EXAMPLES}/prometheus/... \
31+
${EXAMPLES}/logging/... \
32+
${EXAMPLES}/heapster/... \
33+
${EXAMPLES}/prometheus/... \
34+
${EXAMPLES}/service-catalog/... \
3435
pkg/image/admission/imagepolicy/api/v1/...
3536

3637
"$(os::util::find::gopath_binary go-bindata)" \

0 commit comments

Comments
 (0)