From ca8a00dc54a2366fa547906dcf673f0454158b9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Wed, 14 Oct 2020 10:58:08 +0200 Subject: [PATCH] Prepare FASJSON for the new certificate profile setting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aurélien Bompard --- .../fasjson/templates/configmap.yml | 2 + .../fasjson/templates/deploymentconfig.yml | 117 +++++++++--------- .../fasjson/templates/fasjson.conf | 2 + 3 files changed, 64 insertions(+), 57 deletions(-) create mode 100644 roles/openshift-apps/fasjson/templates/fasjson.conf diff --git a/roles/openshift-apps/fasjson/templates/configmap.yml b/roles/openshift-apps/fasjson/templates/configmap.yml index 4b3beacbda..50ef5eea6f 100644 --- a/roles/openshift-apps/fasjson/templates/configmap.yml +++ b/roles/openshift-apps/fasjson/templates/configmap.yml @@ -15,6 +15,8 @@ items: {{ load_file('start.sh') | indent(6) }} httpd.conf: |- {{ load_file('httpd.conf') | indent(6) }} + fasjson.conf: |- + {{ load_file('fasjson.conf') | indent(6) }} - apiVersion: v1 kind: ConfigMap metadata: diff --git a/roles/openshift-apps/fasjson/templates/deploymentconfig.yml b/roles/openshift-apps/fasjson/templates/deploymentconfig.yml index 94a5f497c6..8427d7abe0 100644 --- a/roles/openshift-apps/fasjson/templates/deploymentconfig.yml +++ b/roles/openshift-apps/fasjson/templates/deploymentconfig.yml @@ -26,62 +26,65 @@ spec: deploymentconfig: fasjson spec: containers: - - name: fasjson - imagePullPolicy: Always - ports: - - containerPort: 8080 - volumeMounts: - - name: keytab-http-volume - mountPath: /etc/keytabs/http - subPath: http - readOnly: true - - name: krb-config-volume - mountPath: /etc/krb5 - readOnly: true - - name: fasjson-config-volume - mountPath: /etc/fasjson - readOnly: true - - name: ipa-config-volume - mountPath: /etc/ipa - readOnly: true - - name: httpdir - mountPath: /httpdir - livenessProbe: - timeoutSeconds: 10 - initialDelaySeconds: 10 - periodSeconds: 60 - httpGet: - path: /healthz/live - port: 8080 - readinessProbe: - timeoutSeconds: 10 - initialDelaySeconds: 5 - periodSeconds: 60 - httpGet: - path: /healthz/ready - port: 8080 + - name: fasjson + imagePullPolicy: Always + ports: + - containerPort: 8080 + volumeMounts: + - name: keytab-http-volume + mountPath: /etc/keytabs/http + subPath: http + readOnly: true + - name: krb-config-volume + mountPath: /etc/krb5 + readOnly: true + - name: fasjson-config-volume + mountPath: /etc/fasjson + readOnly: true + - name: ipa-config-volume + mountPath: /etc/ipa + readOnly: true + - name: httpdir + mountPath: /httpdir + env: + - name: FASJSON_CONFIG_PATH + value: "/etc/fasjson/fasjson.conf" + livenessProbe: + timeoutSeconds: 10 + initialDelaySeconds: 10 + periodSeconds: 60 + httpGet: + path: /healthz/live + port: 8080 + readinessProbe: + timeoutSeconds: 10 + initialDelaySeconds: 5 + periodSeconds: 60 + httpGet: + path: /healthz/ready + port: 8080 volumes: - - name: fasjson-config-volume - configMap: - name: fasjson-config - - name: keytab-http-volume - secret: - secretName: fasjson-keytab-http - - name: krb-config-volume - configMap: - name: krb5-config - - name: ipa-config-volume - configMap: - name: ipa-client-config - - name: httpdir - emptyDir: {} + - name: fasjson-config-volume + configMap: + name: fasjson-config + - name: keytab-http-volume + secret: + secretName: fasjson-keytab-http + - name: krb-config-volume + configMap: + name: krb5-config + - name: ipa-config-volume + configMap: + name: ipa-client-config + - name: httpdir + emptyDir: {} triggers: - - imageChangeParams: - automatic: true - containerNames: - - fasjson - from: - kind: ImageStreamTag - name: fasjson:latest - type: ImageChange - - type: ConfigChange + - imageChangeParams: + automatic: true + containerNames: + - fasjson + from: + kind: ImageStreamTag + name: fasjson:latest + type: ImageChange + - type: ConfigChange diff --git a/roles/openshift-apps/fasjson/templates/fasjson.conf b/roles/openshift-apps/fasjson/templates/fasjson.conf new file mode 100644 index 0000000000..6a26f3cc4b --- /dev/null +++ b/roles/openshift-apps/fasjson/templates/fasjson.conf @@ -0,0 +1,2 @@ +# The ID of the Certificate Profile to use in IPA +CERTIFICATE_PROFILE = "userCerts"