From e7ed329bd81c2273c03e94c93c9ce9c1d01cdc86 Mon Sep 17 00:00:00 2001
From: "Suren A. Chilingaryan" <csa@suren.me>
Date: Sat, 1 Apr 2017 04:53:28 +0200
Subject: Initial import

---
 .../templates/00-katrin-restricted.yml.j2.excl     |  43 +++++++
 setup/projects/katrin/templates/katrin.yml.j2.bk   | 135 +++++++++++++++++++++
 2 files changed, 178 insertions(+)
 create mode 100644 setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl
 create mode 100644 setup/projects/katrin/templates/katrin.yml.j2.bk

(limited to 'setup/projects/katrin/templates')

diff --git a/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl b/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl
new file mode 100644
index 0000000..d155267
--- /dev/null
+++ b/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl
@@ -0,0 +1,43 @@
+---
+allowHostDirVolumePlugin: false
+allowHostIPC: false
+allowHostNetwork: false
+allowHostPID: false
+allowHostPorts: false
+allowPrivilegedContainer: false
+allowedCapabilities: null
+apiVersion: v1
+defaultAddCapabilities: null
+fsGroup:
+  type: MustRunAs
+groups:
+- system:authenticated
+kind: SecurityContextConstraints
+metadata:
+  annotations:
+    kubernetes.io/description: restricted denies access to all host features and requires
+      pods to be run with a UID, and SELinux context that are allocated to the namespace.  This
+      is the most restrictive SCC.
+  creationTimestamp: null
+  name: katrin-restricted
+priority: null
+readOnlyRootFilesystem: false
+requiredDropCapabilities:
+- KILL
+- MKNOD
+- SYS_CHROOT
+- SETUID
+- SETGID
+runAsUser:
+  type: MustRunAsRange
+seLinuxContext:
+  type: MustRunAs
+supplementalGroups:
+  type: RunAsAny
+volumes:
+- glusterfs
+- configMap
+- downwardAPI
+- emptyDir
+- persistentVolumeClaim
+- secret
diff --git a/setup/projects/katrin/templates/katrin.yml.j2.bk b/setup/projects/katrin/templates/katrin.yml.j2.bk
new file mode 100644
index 0000000..5d032b3
--- /dev/null
+++ b/setup/projects/katrin/templates/katrin.yml.j2.bk
@@ -0,0 +1,135 @@
+---
+apiVersion: v1
+kind: Template
+metadata:
+  name: kaas
+  annotations:
+    descriptions: "KATRIN Routing Service"
+objects:
+  - apiVersion: v1
+    kind: Service
+    metadata:
+      name: kaas
+    spec:
+      selector:
+        name: kaas
+      ports:
+        - name: http
+          port: 80
+          targetPort: 8080
+        - name: https
+          port: 443
+          targetPort: 8443
+  - apiVersion: v1
+    kind: Route
+    metadata:
+      name: kaas
+    spec:
+      host: {{ kaas_project_config.katrin_node }}
+      to:
+        kind: Service
+        name: kaas
+      port:
+        targetPort: http
+      tls:
+        termination: edge   
+        insecureEdgeTerminationPolicy: Allow
+        certificate: |-
+          -----BEGIN CERTIFICATE-----
+          MIIDmTCCAoGgAwIBAgIJAOnpyunJRkjVMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV
+          BAYTAkRFMQswCQYDVQQIDAJCVzESMBAGA1UEBwwJS2FybHNydWhlMQwwCgYDVQQK
+          DANLSVQxDDAKBgNVBAsMA0lQRTEXMBUGA1UEAwwOa2F0cmluLmtpdC5lZHUwHhcN
+          MTQxMjE5MDEwMTEyWhcNMjQxMjE2MDEwMTEyWjBjMQswCQYDVQQGEwJERTELMAkG
+          A1UECAwCQlcxEjAQBgNVBAcMCUthcmxzcnVoZTEMMAoGA1UECgwDS0lUMQwwCgYD
+          VQQLDANJUEUxFzAVBgNVBAMMDmthdHJpbi5raXQuZWR1MIIBIjANBgkqhkiG9w0B
+          AQEFAAOCAQ8AMIIBCgKCAQEAyJ9+nKbhK4AaVyVH/jmAxPFC/o2shejmFL9jIE4I
+          ryrdnirepxcgvd2xcpTYeOb5TMKKFtJmqeW3jPOB3jAEyLzvuy1aYwd/DNx4A9VU
+          GO2shdqjPMaBOk4KjsjZnt+8toWJeABYsJ4nATpbM0ijkX6RqQoRboiaKWlvo10n
+          qMfGmQjMR+lC5uhF5hWhHwD+qPigEFGYis73dgFDhydfl4pzPXBySv4hM4zHvHHH
+          DO0QipGIxwmMrw4U/y4snN1hDCPFDJN3WehK4lt7tD8Ea1VwikCLh2eZ+v94BQC3
+          060hHIC4lEhtTaDsNXrGIwzqVP9TPuOVEOgEAjxyN12D0wIDAQABo1AwTjAdBgNV
+          HQ4EFgQUGTmlNR3S73QucufU1P+8TehunFQwHwYDVR0jBBgwFoAUGTmlNR3S73Qu
+          cufU1P+8TehunFQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAfwuL
+          ayz7Mg1YzX3RUISmN0rJYFS9u57qaWkGK5LX5s/6T9Ppzjd3sPcFwryycumcNJ3x
+          G9iIuTX1n1/uPdwdulgGRtsq3vl1zLgI/at0UIZJxnQPxr73n8o5o9W5FFVRsJTs
+          WN2t7DurOQi0nLiIG+qmHHrRmFpSsgeegM720VCS9Wf434r0XZVMNl1ngIk4ppo6
+          /ecuRTxpv+iOM4j/QqFwXNZQwjGv3o1UZELJ9RMDVY7zGyL/77cu6Iz6aLVy3QrE
+          qMexD5/zZTnrKc4dWmuQSDqgMJeLdyebxZnYT8LLLr/QtUMmm1iLCw1MuY4tmPIp
+          j5rXZ3Oda5tHYrnPsA==
+          -----END CERTIFICATE-----
+        key: |-
+          -----BEGIN PRIVATE KEY-----
+          MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIn36cpuErgBpX
+          JUf+OYDE8UL+jayF6OYUv2MgTgivKt2eKt6nFyC93bFylNh45vlMwooW0map5beM
+          84HeMATIvO+7LVpjB38M3HgD1VQY7ayF2qM8xoE6TgqOyNme37y2hYl4AFiwnicB
+          OlszSKORfpGpChFuiJopaW+jXSeox8aZCMxH6ULm6EXmFaEfAP6o+KAQUZiKzvd2
+          AUOHJ1+XinM9cHJK/iEzjMe8cccM7RCKkYjHCYyvDhT/Liyc3WEMI8UMk3dZ6Eri
+          W3u0PwRrVXCKQIuHZ5n6/3gFALfTrSEcgLiUSG1NoOw1esYjDOpU/1M+45UQ6AQC
+          PHI3XYPTAgMBAAECggEAFFXubIyR2Gn0wY6a3I8RmWTnKIxNx4kTAVlg/95JDRBo
+          RGcOCJvUispU+UtTIfYvoPM7MhMDqwcI8vWf3Vi6s2pLVorDVbRl0XTriV/vVVOK
+          IEtILpnkcXeFpHGBdZQyOcIRbCOE2eo+A+bZZbpgMhhFRYAqwiyAi+APG90ObxIb
+          AqTEeTyztqyrKfnTdr50owL2KT7adS6XuSUNX681IJc+szbQ7piXN57Kdxd2PydM
+          JnSZAOBpQHkbiOEDUseeDjYRT23loeMIS7nWTwo1Y1LwsEKL5S7C0fKBfZV9xARw
+          TntGuM87HzbAk4535We8qW3t/5EqpzurgK7u9/PEEQKBgQDjy8CjDdobGK9+VUDg
+          iHbANbzEB4LrpVJiE+esr0iLXOoMdfTPwpd4XpbPPOjx/A9+6VfpdGt1EdZwLMpy
+          qryPW0iumsri3iPSVBS79mN6WmwYhNOcOTWlmbs4pEhubht9aNBi7rZ7QZgV3PLN
+          7YBZHzxfyxTcIBCAzzoF7zaUeQKBgQDhdneOijWAYx0AMKTBzJw52KO/gloTDl9M
+          mOhvUIuYxkUE/mDE5EqI6k9VkbAqUvlD3z2S7yNY+h2hldO+u3w8GPo+bTCMyNDB
+          0tQGCZnbKl8mfmItUlTyJ/MmNbanmYI2VmhDTMh6S8d8qKW9txXfDEXrzY2p7z/X
+          gRF3Ow9PqwKBgGw7CMHv+Ora5bbehr6n19QnNBLnhrqzh9r1niOb/JnKgaF+Ad0c
+          lZ8pQfog9ITUwAAKmixflha/bOVLQr0Mhh6Ovo/HGBKGfPqX3GoZ/NXLVISpx2j4
+          fZa63gthctCVHBaP0ELRLH6PgdURb4OMDmlJwAO7l6Om0HCDBQyAxavxAoGAZPUJ
+          QBh/MIgxGj6t5+HZKsXpPP3/m3zaC5CEtCOa/sP5b+0AI+odvgU9lRFxkuIon828
+          4qiWaWdGEW7nrAaD8N02YPG/xaq+X6wqKLHv5QWqKbB6AdVWGEDvTfLLYW0Js48p
+          jMk7FBgOsbFK1hK/hmsWfCpE/w0Ux0kSKxOVHZUCgYEA41rhW18+KdxJyQTZaQRV
+          0KQr8/30L116XYYTYrkILa6504nXMr7xSHuMxaPNl20b/sBz8a8VuKJt2CLZQ0Q3
+          oW3GAG2Fk+mvrauLriiJ2KgZkS5IJweJKHbIk1GQrucNArNojk9unrqN8wpa3Ywo
+          9GafqnfUGu+FVd1CKolicSA=
+          -----END PRIVATE KEY-----
+  - apiVersion: v1
+    kind: DeploymentConfig
+    metadata:
+      name: kaas
+    spec:
+      replicas: 1
+      selector:
+        name: kaas
+      template:
+        metadata:
+          name: kaas
+          labels:
+            name: kaas
+        strategy:
+          type: Rolling
+        triggers:
+          - type: ConfigChange
+        spec:
+          nodeSelector:
+            master: "1"
+          containers:
+            - name: kaas
+              image: centos/httpd-24-centos7
+              imagePullPolicy: Always
+              ports:
+                - containerPort: 8080
+                - containerPort: 8443
+              volumeMounts:
+                - name: config
+                  subPath: etc/apache2-kaas
+                  mountPath: /etc/httpd
+                - name: config
+                  subPath: log/apache2-kaas
+                  mountPath: /var/log/httpd24
+                - name: config
+                  subPath: htdocs/kaas
+                  mountPath: /opt/rh/httpd24/root/var/www/html
+              livenessProbe:
+                timeoutSeconds: 1
+                initialDelaySeconds: 3
+                httpGet: 
+                  path: /index.html
+                  port: 8080
+          volumes:
+            - name: config
+              persistentVolumeClaim: 
+                claimName: openshift
-- 
cgit v1.2.3