nicolas
/
sso-proxy
mirror of https://github.com/nmasse-itix/sso-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity
An SSL/TLS-enabled proxy for Red Hat SSO
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
18 Commits
1 Branch
0 Tags
40 KiB
 
Tree: 1c538bafaa
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1c538bafaa'
${ noResults }
sso-proxy/template.yaml

210 lines
4.9 KiB
Raw Blame History

apiVersion: v1
kind: Template
labels:
template: sso-proxy
message: Will forward requests with SSL/TLS client authentication to http://${SSO_SERVICE_HOSTNAME}
metadata:
annotations:
description: |-
An SSL/TLS-enabled proxy for Red Hat SSO.
openshift.io/display-name: Red Hat SSO - SSL/TLS Proxy
tags: instant-app
template.openshift.io/documentation-url: https://github.com/nmasse-itix/sso-proxy
template.openshift.io/long-description: An SSL/TLS-enabled proxy for Red Hat SSO.
template.openshift.io/provider-display-name: Nicolas Massé
template.openshift.io/support-url: https://github.com/nmasse-itix/sso-proxy/issues
name: sso-proxy
parameters:
- description: The GIT repository to use.
displayName: GIT Repo URL
name: GIT_REPO
value: https://github.com/nmasse-itix/sso-proxy.git
- description: "The nginx log level (one of: debug, info, warn, error, crit, emerg)"
displayName: Nginx log level
name: LOG_LEVEL
value: info
- description: IP Address of your DNS server
displayName: Nginx resolvers
name: RESOLVER
value: "8.8.8.8"
- description: The Hostname to use to create the OpenShift Route
displayName: OpenShift Route Hostname
name: PROXY_ROUTE_HOSTNAME
required: true
- description: The hostname and port of the Red Hat SSO Service
displayName: Red Hat SSO Service Hostname and Port
name: SSO_SERVICE_HOSTNAME
required: true
objects:
- apiVersion: v1
kind: ImageStream
metadata:
name: nginx
spec:
lookupPolicy:
local: false
tags:
- name: latest
from:
kind: DockerImage
name: registry.access.redhat.com/rhscl/nginx-112-rhel7:latest
referencePolicy:
type: Source
- apiVersion: v1
kind: ImageStream
metadata:
labels:
app: sso-proxy
name: sso-proxy
spec:
- apiVersion: v1
kind: BuildConfig
metadata:
labels:
app: sso-proxy
name: sso-proxy
spec:
failedBuildsHistoryLimit: 1
output:
to:
kind: ImageStreamTag
name: sso-proxy:latest
postCommit: {}
resources: {}
runPolicy: Serial
source:
git:
uri: ${GIT_REPO}
type: Git
strategy:
sourceStrategy:
from:
kind: ImageStreamTag
name: nginx:latest
type: Source
successfulBuildsHistoryLimit: 5
triggers:
- type: ConfigChange
- imageChange: {}
type: ImageChange
- apiVersion: v1
kind: DeploymentConfig
metadata:
labels:
app: sso-proxy
name: sso-proxy
spec:
replicas: 1
selector:
app: sso-proxy
deploymentconfig: sso-proxy
strategy:
activeDeadlineSeconds: 21600
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 600
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
labels:
app: sso-proxy
deploymentconfig: sso-proxy
spec:
containers:
- env:
- name: RESOLVER
value: ${RESOLVER}
- name: LOG_LEVEL
value: ${LOG_LEVEL}
- name: PROXY_ROUTE_HOSTNAME
value: ${PROXY_ROUTE_HOSTNAME}
- name: SSO_SERVICE_HOSTNAME
value: ${SSO_SERVICE_HOSTNAME}
image: " "
imagePullPolicy: Always
name: sso-proxy
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8443
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /opt/app-root/etc/serving-cert/
name: tls
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: tls
secret:
defaultMode: 420
secretName: sso-proxy-tls
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- sso-proxy
from:
kind: ImageStreamTag
name: sso-proxy:latest
type: ImageChange
- apiVersion: v1
kind: Service
metadata:
annotations:
service.alpha.openshift.io/serving-cert-secret-name: sso-proxy-tls
labels:
app: sso-proxy
name: sso-proxy
spec:
ports:
- name: 8080-tcp
port: 8080
protocol: TCP
targetPort: 8080
- name: 8443-tcp
port: 8443
protocol: TCP
targetPort: 8443
selector:
app: sso-proxy
deploymentconfig: sso-proxy
sessionAffinity: None
type: ClusterIP
- apiVersion: v1
kind: Route
metadata:
labels:
app: sso-proxy
name: sso-proxy
spec:
host: ${PROXY_ROUTE_HOSTNAME}
port:
targetPort: 8443-tcp
tls:
termination: passthrough
to:
kind: Service
name: sso-proxy
weight: 100
wildcardPolicy: None