-
Notifications
You must be signed in to change notification settings - Fork 11
/
template.yaml
142 lines (142 loc) · 3.95 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
apiVersion: v1
kind: Template
metadata:
name: java-template
objects:
- apiVersion: v1
kind: BuildConfig
metadata:
labels:
app: ${APPLICATION_NAME}
name: ${APPLICATION_NAME}
spec:
output:
to:
kind: ImageStreamTag
name: ${APPLICATION_NAME}:latest
postCommit: {}
resources: {}
runPolicy: Serial
source:
git:
uri: "https://github.com/domenicbove/openshift-ssl-server"
ref: "master"
strategy:
sourceStrategy:
from:
kind: DockerImage
name: registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift
type: Source
triggers:
- type: ConfigChange
- apiVersion: v1
kind: ImageStream
metadata:
labels:
app: ${APPLICATION_NAME}
name: ${APPLICATION_NAME}
- apiVersion: v1
kind: DeploymentConfig
metadata:
labels:
app: ${APPLICATION_NAME}
name: ${APPLICATION_NAME}
spec:
replicas: 1
selector:
deploymentconfig: ${APPLICATION_NAME}
template:
metadata:
labels:
app: ${APPLICATION_NAME}
deploymentconfig: ${APPLICATION_NAME}
spec:
containers:
- name: ${APPLICATION_NAME}
image: ${APPLICATION_NAME}
env:
- name: keystore_jks
value: /var/run/secrets/java.io/keystores/keystore.jks
- name: password
value: changeit
ports:
- containerPort: 8443
protocol: TCP
resources: {}
volumeMounts:
- name: keystore-volume
mountPath: /var/run/secrets/java.io/keystores
initContainers:
- name: pem-to-keystore
image: registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.1-16
env:
- name: keyfile
value: /var/run/secrets/openshift.io/services_serving_certs/tls.key
- name: crtfile
value: /var/run/secrets/openshift.io/services_serving_certs/tls.crt
- name: keystore_pkcs12
value: /var/run/secrets/java.io/keystores/keystore.pkcs12
- name: keystore_jks
value: /var/run/secrets/java.io/keystores/keystore.jks
- name: password
value: changeit
command: ['/bin/bash']
args: ['-c', "openssl pkcs12 -export -inkey $keyfile -in $crtfile -out $keystore_pkcs12 -password pass:$password && keytool -importkeystore -noprompt -srckeystore $keystore_pkcs12 -srcstoretype pkcs12 -destkeystore $keystore_jks -storepass $password -srcstorepass $password"]
volumeMounts:
- name: keystore-volume
mountPath: /var/run/secrets/java.io/keystores
- name: service-certs
mountPath: /var/run/secrets/openshift.io/services_serving_certs
volumes:
- name: keystore-volume
emtpyDir: {}
- name: service-certs
secret:
secretName: service-certs
triggers:
- imageChangeParams:
automatic: true
containerNames:
- ${APPLICATION_NAME}
from:
kind: ImageStreamTag
name: ${APPLICATION_NAME}:latest
type: ImageChange
- apiVersion: v1
kind: Route
metadata:
labels:
app: ${APPLICATION_NAME}
name: ${APPLICATION_NAME}
spec:
port:
targetPort: 8443-tcp
tls:
termination: reencrypt
to:
kind: Service
name: ${APPLICATION_NAME}
weight: 100
wildcardPolicy: None
- apiVersion: v1
kind: Service
metadata:
annotations:
service.alpha.openshift.io/serving-cert-secret-name: service-certs
labels:
app: ${APPLICATION_NAME}
name: ${APPLICATION_NAME}
spec:
ports:
- name: 8443-tcp
port: 8443
protocol: TCP
targetPort: 8443
selector:
deploymentconfig: ${APPLICATION_NAME}
parameters:
- name: APPLICATION_NAME
description: The name for the application.
displayName: Application name
value: ssl-server
required: true