From 90221f0471f418f13f53445b9e77533f7a8f35af Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Sat, 11 May 2019 10:38:51 +0200 Subject: [PATCH] fas: Add yubikey dc bc and svc Signed-off-by: Patrick Uiterwijk --- .../fas/files/service-yubikey.yml | 15 ++++ .../fas/templates/buildconfig-yubikey.yml | 39 +++++++++++ .../templates/deploymentconfig-yubikey.yml | 69 +++++++++++++++++++ 3 files changed, 123 insertions(+) create mode 100644 roles/openshift-apps/fas/files/service-yubikey.yml create mode 100644 roles/openshift-apps/fas/templates/buildconfig-yubikey.yml create mode 100644 roles/openshift-apps/fas/templates/deploymentconfig-yubikey.yml diff --git a/roles/openshift-apps/fas/files/service-yubikey.yml b/roles/openshift-apps/fas/files/service-yubikey.yml new file mode 100644 index 0000000000..4e772380e3 --- /dev/null +++ b/roles/openshift-apps/fas/files/service-yubikey.yml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: yubikey + labels: + app: fas + service: yubikey + namespace: fas +spec: + ports: + - name: web + port: 8080 + targetPort: 8080 + selector: + deploymentconfig: yubikey diff --git a/roles/openshift-apps/fas/templates/buildconfig-yubikey.yml b/roles/openshift-apps/fas/templates/buildconfig-yubikey.yml new file mode 100644 index 0000000000..3c9b807845 --- /dev/null +++ b/roles/openshift-apps/fas/templates/buildconfig-yubikey.yml @@ -0,0 +1,39 @@ +apiVersion: v1 +kind: BuildConfig +metadata: + labels: + build: yubikey + name: yubikey +spec: + runPolicy: Serial + source: + dockerfile: |- + FROM registry.access.redhat.com/rhel6 + RUN curl -o /etc/yum.repos.d/rhel6.repo https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/files/common/rhel6.repo && \ + curl -o /etc/yum.repos.d/epel6.repo https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/files/common/epel6.repo && \ +{% if env == "staging" %} + curl -o /etc/yum.repos.d/infra-tags-stg.repo https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/files/common/rhel-infra-tags-stg.repo && \ +{% endif %} + curl -o /etc/yum.repos.d/infra-tags.repo https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/files/common/rhel-infra-tags.repo + + RUN yum install -y \ + httpd \ + yubikey-ksm \ + yubikey-val \ + php-pgsql + + # Set up config symlinks + RUN rm -f /usr/share/ykval/ykval-config.php && \ + rm -f /usr/share/ykksm/ykksm-config.php && \ + ln -sf /etc/ykksm/ykksm-config.php /usr/share/ykksm/ykksm-config.php && \ + ln -sf /etc/ykval/ykval-config.php /usr/share/ykval/ykval-config.php + + EXPOSE 8080 + ENTRYPOINT bash /etc/yubikey/start.sh + type: Dockerfile + strategy: + type: Docker + output: + to: + kind: ImageStreamTag + name: yubikey:latest diff --git a/roles/openshift-apps/fas/templates/deploymentconfig-yubikey.yml b/roles/openshift-apps/fas/templates/deploymentconfig-yubikey.yml new file mode 100644 index 0000000000..2d7347e62f --- /dev/null +++ b/roles/openshift-apps/fas/templates/deploymentconfig-yubikey.yml @@ -0,0 +1,69 @@ +apiVersion: v1 +kind: DeploymentConfig +metadata: + labels: + app: fas + service: yubikey + name: yubikey +spec: + replicas: 1 + selector: + deploymentconfig: yubikey + strategy: + activeDeadlineSeconds: 21600 + recreateParams: + timeoutSeconds: 600 + resources: {} + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + creationTimestamp: null + labels: + app: fas + deploymentconfig: yubikey + spec: + containers: + - name: yubikey + image: yubikey:latest + ports: + - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /etc/yubikey + readOnly: true + - name: httpdir-volume + mountPath: /httpdir + readinessProbe: + timeoutSeconds: 5 + initialDelaySeconds: 1 + httpGet: + path: / + port: 8080 + livenessProbe: + timeoutSeconds: 5 + initialDelaySeconds: 1 + httpGet: + path: / + port: 8080 + volumes: + - name: config-volume + configMap: + name: yubikey + emptyDir: {} + triggers: + - imageChangeParams: + automatic: true + containerNames: + - yubikey + from: + kind: ImageStreamTag + name: yubikey:latest + namespace: fas + type: ImageChange + - type: ConfigChange