Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Prepare FASJSON for the new certificate profile setting

Browse source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2020-10-14 10:58:08 +02:00
parent 5c71822352
commit ca8a00dc54
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
3 changed files with 64 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/openshift-apps/fasjson/templates/configmap.yml
View file

@ -15,6 +15,8 @@ items:
{{ load_file('start.sh') | indent(6) }} {{ load_file('start.sh') | indent(6) }}
httpd.conf: |- httpd.conf: |-
{{ load_file('httpd.conf') | indent(6) }} {{ load_file('httpd.conf') | indent(6) }}
fasjson.conf: |-
{{ load_file('fasjson.conf') | indent(6) }}
- apiVersion: v1 - apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:

117
roles/openshift-apps/fasjson/templates/deploymentconfig.yml
View file

@ -26,62 +26,65 @@ spec:
deploymentconfig: fasjson deploymentconfig: fasjson
spec: spec:
containers: containers:
- name: fasjson - name: fasjson
imagePullPolicy: Always imagePullPolicy: Always
ports: ports:
- containerPort: 8080 - containerPort: 8080
volumeMounts: volumeMounts:
- name: keytab-http-volume - name: keytab-http-volume
mountPath: /etc/keytabs/http mountPath: /etc/keytabs/http
subPath: http subPath: http
readOnly: true readOnly: true
- name: krb-config-volume - name: krb-config-volume
mountPath: /etc/krb5 mountPath: /etc/krb5
readOnly: true readOnly: true
- name: fasjson-config-volume - name: fasjson-config-volume
mountPath: /etc/fasjson mountPath: /etc/fasjson
readOnly: true readOnly: true
- name: ipa-config-volume - name: ipa-config-volume
mountPath: /etc/ipa mountPath: /etc/ipa
readOnly: true readOnly: true
- name: httpdir - name: httpdir
mountPath: /httpdir mountPath: /httpdir
livenessProbe: env:
timeoutSeconds: 10 - name: FASJSON_CONFIG_PATH
initialDelaySeconds: 10 value: "/etc/fasjson/fasjson.conf"
periodSeconds: 60 livenessProbe:
httpGet: timeoutSeconds: 10
path: /healthz/live initialDelaySeconds: 10
port: 8080 periodSeconds: 60
readinessProbe: httpGet:
timeoutSeconds: 10 path: /healthz/live
initialDelaySeconds: 5 port: 8080
periodSeconds: 60 readinessProbe:
httpGet: timeoutSeconds: 10
path: /healthz/ready initialDelaySeconds: 5
port: 8080 periodSeconds: 60
httpGet:
path: /healthz/ready
port: 8080
volumes: volumes:
- name: fasjson-config-volume - name: fasjson-config-volume
configMap: configMap:
name: fasjson-config name: fasjson-config
- name: keytab-http-volume - name: keytab-http-volume
secret: secret:
secretName: fasjson-keytab-http secretName: fasjson-keytab-http
- name: krb-config-volume - name: krb-config-volume
configMap: configMap:
name: krb5-config name: krb5-config
- name: ipa-config-volume - name: ipa-config-volume
configMap: configMap:
name: ipa-client-config name: ipa-client-config
- name: httpdir - name: httpdir
emptyDir: {} emptyDir: {}
triggers: triggers:
- imageChangeParams: - imageChangeParams:
automatic: true automatic: true
containerNames: containerNames:
- fasjson - fasjson
from: from:
kind: ImageStreamTag kind: ImageStreamTag
name: fasjson:latest name: fasjson:latest
type: ImageChange type: ImageChange
- type: ConfigChange - type: ConfigChange

2
roles/openshift-apps/fasjson/templates/fasjson.conf Normal file
View file

@ -0,0 +1,2 @@
# The ID of the Certificate Profile to use in IPA
CERTIFICATE_PROFILE = "userCerts"