Untitled diff
240 removals
| Words removed | 395 |
| Total words | 1326 |
| Words removed (%) | 29.79 |
707 lines
279 additions
| Words added | 464 |
| Total words | 1395 |
| Words added (%) | 33.26 |
744 lines
# oc export routes
# oc export routes
apiVersion: v1
apiVersion: v1
items:
items:
- apiVersion: v1
- apiVersion: v1
kind: Route
kind: Route
metadata:
metadata:
creationTimestamp: null
creationTimestamp: null
name: docker-registry
name: docker-registry
spec:
spec:
host: trunk.registry.rdoproject.org
host: trunk.registry.rdoproject.org
tls:
tls:
termination: passthrough
caCertificate: |
-----BEGIN CERTIFICATE-----
snip
-----END CERTIFICATE-----
certificate: |
-----BEGIN CERTIFICATE-----
snip
-----END CERTIFICATE-----
destinationCACertificate: |
-----BEGIN CERTIFICATE-----
snip
-----END CERTIFICATE-----
key: |
-----BEGIN PRIVATE KEY-----
snip
-----END PRIVATE KEY-----
termination: reencrypt
to:
to:
kind: Service
kind: Service
name: docker-registry
name: docker-registry
weight: 100
weight: 100
wildcardPolicy: None
wildcardPolicy: None
status:
status:
ingress:
ingress:
- conditions:
- conditions:
- lastTransitionTime: 2017-05-18T19:10:32Z
- lastTransitionTime: 2017-05-18T19:37:22Z
status: "True"
status: "True"
type: Admitted
type: Admitted
host: trunk.registry.rdoproject.org
host: trunk.registry.rdoproject.org
routerName: router
routerName: router
wildcardPolicy: None
wildcardPolicy: None
- apiVersion: v1
- apiVersion: v1
kind: Route
kind: Route
metadata:
metadata:
creationTimestamp: null
creationTimestamp: null
name: registry-console
name: registry-console
spec:
spec:
host: console.registry.rdoproject.org
host: console.registry.rdoproject.org
tls:
tls:
termination: passthrough
caCertificate: |
-----BEGIN CERTIFICATE-----
snip
-----END CERTIFICATE-----
certificate: |
-----BEGIN CERTIFICATE-----
snip
-----END CERTIFICATE-----
destinationCACertificate: |
-----BEGIN CERTIFICATE-----
snip
-----END CERTIFICATE-----
key: |
-----BEGIN PRIVATE KEY-----
snip
-----END PRIVATE KEY-----
termination: reencrypt
to:
to:
kind: Service
kind: Service
name: registry-console
name: registry-console
weight: 100
weight: 100
wildcardPolicy: None
wildcardPolicy: None
status:
status:
ingress:
ingress:
- conditions:
- conditions:
- lastTransitionTime: 2017-05-18T19:10:36Z
- lastTransitionTime: 2017-05-18T19:37:26Z
status: "True"
status: "True"
type: Admitted
type: Admitted
host: console.registry.rdoproject.org
host: console.registry.rdoproject.org
routerName: router
routerName: router
wildcardPolicy: None
wildcardPolicy: None
kind: List
kind: List
metadata: {}
metadata: {}
# oc export svc
# oc export svc
apiVersion: v1
apiVersion: v1
items:
items:
- apiVersion: v1
- apiVersion: v1
kind: Service
kind: Service
metadata:
metadata:
creationTimestamp: null
creationTimestamp: null
name: docker-registry
name: docker-registry
spec:
spec:
ports:
ports:
- name: 5000-tcp
- name: 5000-tcp
port: 5000
port: 5000
protocol: TCP
protocol: TCP
targetPort: 5000
targetPort: 5000
selector:
selector:
docker-registry: default
docker-registry: default
sessionAffinity: ClientIP
sessionAffinity: ClientIP
type: ClusterIP
type: ClusterIP
status:
status:
loadBalancer: {}
loadBalancer: {}
- apiVersion: v1
- apiVersion: v1
kind: Service
kind: Service
metadata:
metadata:
creationTimestamp: null
creationTimestamp: null
labels:
labels:
component: apiserver
component: apiserver
provider: kubernetes
provider: kubernetes
name: kubernetes
name: kubernetes
spec:
spec:
ports:
ports:
- name: https
- name: https
port: 443
port: 443
protocol: TCP
protocol: TCP
targetPort: 443
targetPort: 443
- name: dns
- name: dns
port: 53
port: 53
protocol: UDP
protocol: UDP
targetPort: 8053
targetPort: 8053
- name: dns-tcp
- name: dns-tcp
port: 53
port: 53
protocol: TCP
protocol: TCP
targetPort: 8053
targetPort: 8053
sessionAffinity: ClientIP
sessionAffinity: ClientIP
type: ClusterIP
type: ClusterIP
status:
status:
loadBalancer: {}
loadBalancer: {}
- apiVersion: v1
- apiVersion: v1
kind: Service
kind: Service
metadata:
metadata:
annotations:
annotations:
openshift.io/generated-by: OpenShiftNewApp
openshift.io/generated-by: OpenShiftNewApp
creationTimestamp: null
creationTimestamp: null
labels:
labels:
app: registry-console
app: registry-console
createdBy: registry-console-template
createdBy: registry-console-template
name: registry-console
name: registry-console
name: registry-console
name: registry-console
spec:
spec:
ports:
ports:
- name: registry-console
- name: registry-console
port: 9000
port: 9000
protocol: TCP
protocol: TCP
targetPort: 9090
targetPort: 9090
selector:
selector:
name: registry-console
name: registry-console
sessionAffinity: None
sessionAffinity: None
type: ClusterIP
type: ClusterIP
status:
status:
loadBalancer: {}
loadBalancer: {}
- apiVersion: v1
- apiVersion: v1
kind: Service
kind: Service
metadata:
metadata:
annotations:
annotations:
service.alpha.openshift.io/serving-cert-secret-name: router-certs
service.alpha.openshift.io/serving-cert-secret-name: router-certs
service.alpha.openshift.io/serving-cert-signed-by: openshift-service-serving-signer@1495134279
service.alpha.openshift.io/serving-cert-signed-by: openshift-service-serving-signer@1495135831
creationTimestamp: null
creationTimestamp: null
labels:
labels:
router: router
router: router
name: router
name: router
spec:
spec:
ports:
ports:
- name: 80-tcp
- name: 80-tcp
port: 80
port: 80
protocol: TCP
protocol: TCP
targetPort: 80
targetPort: 80
- name: 443-tcp
- name: 443-tcp
port: 443
port: 443
protocol: TCP
protocol: TCP
targetPort: 443
targetPort: 443
- name: 1936-tcp
- name: 1936-tcp
port: 1936
port: 1936
protocol: TCP
protocol: TCP
targetPort: 1936
targetPort: 1936
selector:
selector:
router: router
router: router
sessionAffinity: None
sessionAffinity: None
type: ClusterIP
type: ClusterIP
status:
status:
loadBalancer: {}
loadBalancer: {}
kind: List
kind: List
metadata: {}
metadata: {}
Text moved with changes to lines 540-599 (99.5% similarity)
# cat /etc/origin/master/master-config.yaml
admissionConfig:
pluginConfig:
BuildDefaults:
configuration:
apiVersion: v1
env: []
kind: BuildDefaultsConfig
resources:
limits: {}
requests: {}
BuildOverrides:
configuration:
apiVersion: v1
kind: BuildOverridesConfig
openshift.io/ImagePolicy:
configuration:
apiVersion: v1
executionRules:
- matchImageAnnotations:
- key: images.openshift.io/deny-execution
value: 'true'
name: execution-denied
onResources:
- resource: pods
- resource: builds
reject: true
skipOnResolutionFailure: true
kind: ImagePolicyConfig
apiLevels:
- v1
apiVersion: v1
assetConfig:
logoutURL: ""
masterPublicURL: https://registry.rdoproject.org:8443
publicURL: https://registry.rdoproject.org:8443/console/
servingInfo:
bindAddress: 0.0.0.0:8443
bindNetwork: tcp4
certFile: master.server.crt
clientCA: ""
keyFile: master.server.key
maxRequestsInFlight: 0
requestTimeoutSeconds: 0
controllerConfig:
serviceServingCert:
signer:
certFile: service-signer.crt
keyFile: service-signer.key
controllers: '*'
corsAllowedOrigins:
- 127.0.0.1
- localhost
- 192.168.1.11
- 38.145.32.81
- kubernetes.default
- kubernetes.default.svc.cluster.local
- kubernetes
- openshift.default
- openshift.default.svc
- 172.30.0.1
- openshift.default.svc.cluster.local
- kubernetes.default.svc
- openshift
- registry.rdoproject.org
Text moved with changes to lines 605-738 (99.5% similarity)
disabledFeatures: ["Builder", "S2IBuilder", "WebConsole"]
dnsConfig:
bindAddress: 0.0.0.0:8053
bindNetwork: tcp4
etcdClientInfo:
ca: ca-bundle.crt
certFile: master.etcd-client.crt
keyFile: master.etcd-client.key
urls:
- https://192.168.1.11:4001
etcdConfig:
address: 192.168.1.11:4001
peerAddress: 192.168.1.11:7001
peerServingInfo:
bindAddress: 0.0.0.0:7001
certFile: etcd.server.crt
clientCA: ca-bundle.crt
keyFile: etcd.server.key
servingInfo:
bindAddress: 0.0.0.0:4001
certFile: etcd.server.crt
clientCA: ca-bundle.crt
keyFile: etcd.server.key
storageDirectory: /var/lib/origin/openshift.local.etcd
etcdStorageConfig:
kubernetesStoragePrefix: kubernetes.io
kubernetesStorageVersion: v1
openShiftStoragePrefix: openshift.io
openShiftStorageVersion: v1
imageConfig:
format: openshift/origin-${component}:${version}
latest: false
kind: MasterConfig
kubeletClientInfo:
ca: ca-bundle.crt
certFile: master.kubelet-client.crt
keyFile: master.kubelet-client.key
port: 10250
kubernetesMasterConfig:
apiServerArguments:
controllerArguments:
masterCount: 1
masterIP: 192.168.1.11
podEvictionTimeout:
proxyClientInfo:
certFile: master.proxy-client.crt
keyFile: master.proxy-client.key
schedulerArguments:
schedulerConfigFile: /etc/origin/master/scheduler.json
servicesNodePortRange: ""
servicesSubnet: 172.30.0.0/16
staticNodeNames: []
masterClients:
externalKubernetesClientConnectionOverrides:
acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
contentType: application/vnd.kubernetes.protobuf
burst: 400
qps: 200
externalKubernetesKubeConfig: ""
openshiftLoopbackClientConnectionOverrides:
acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
contentType: application/vnd.kubernetes.protobuf
burst: 600
qps: 300
openshiftLoopbackKubeConfig: openshift-master.kubeconfig
masterPublicURL: https://registry.rdoproject.org:8443
networkConfig:
clusterNetworkCIDR: 10.128.0.0/14
hostSubnetLength: 9
networkPluginName: redhat/openshift-ovs-subnet
# serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet
serviceNetworkCIDR: 172.30.0.0/16
externalIPNetworkCIDRs:
- 0.0.0.0/0
oauthConfig:
assetPublicURL: https://registry.rdoproject.org:8443/console/
grantConfig:
method: auto
identityProviders:
- challenge: false
login: true
mappingMethod: claim
name: github
provider:
apiVersion: v1
clientID: snip
clientSecret: snip
kind: GitHubIdentityProvider
teams:
- rdo-infra/registry-rdoproject-org
masterCA: ca-bundle.crt
masterPublicURL: https://registry.rdoproject.org:8443
masterURL: https://192.168.1.11:8443
sessionConfig:
sessionMaxAgeSeconds: 3600
sessionName: ssn
sessionSecretsFile: /etc/origin/master/session-secrets.yaml
tokenConfig:
accessTokenMaxAgeSeconds: 86400
authorizeTokenMaxAgeSeconds: 500
pauseControllers: false
policyConfig:
bootstrapPolicyFile: /etc/origin/master/policy.json
openshiftInfrastructureNamespace: openshift-infra
openshiftSharedResourcesNamespace: openshift
projectConfig:
defaultNodeSelector: ""
projectRequestMessage: ""
projectRequestTemplate: ""
securityAllocator:
mcsAllocatorRange: "s0:/2"
mcsLabelsPerProject: 5
uidAllocatorRange: "1000000000-1999999999/10000"
routingConfig:
subdomain: "apps.registry.rdoproject.org"
serviceAccountConfig:
limitSecretReferences: false
managedNames:
- default
- builder
- deployer
masterCA: ca-bundle.crt
privateKeyFile: serviceaccounts.private.key
publicKeyFiles:
- serviceaccounts.public.key
servingInfo:
bindAddress: 0.0.0.0:8443
bindNetwork: tcp4
certFile: master.server.crt
clientCA: ca-bundle.crt
keyFile: master.server.key
maxRequestsInFlight: 500
requestTimeoutSeconds: 3600
volumeConfig:
dynamicProvisioningEnabled: True
# oc export pods
# oc export pods
apiVersion: v1
apiVersion: v1
items:
items:
- apiVersion: v1
- apiVersion: v1
kind: Pod
kind: Pod
metadata:
metadata:
annotations:
annotations:
kubernetes.io/created-by: |
kubernetes.io/created-by: |
{"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicationController","namespace":"default","name":"docker-registry-1","uid":"aabfc0a8-3bfd-11e7-a050-fa163e9324cd","apiVersion":"v1","resourceVersion":"842"}}
{"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicationController","namespace":"default","name":"docker-registry-1","uid":"699f6b66-3c01-11e7-97e2-fa163e2d773e","apiVersion":"v1","resourceVersion":"852"}}
openshift.io/deployment-config.latest-version: "1"
openshift.io/deployment-config.latest-version: "1"
openshift.io/deployment-config.name: docker-registry
openshift.io/deployment-config.name: docker-registry
openshift.io/deployment.name: docker-registry-1
openshift.io/deployment.name: docker-registry-1
openshift.io/scc: hostnetwork
openshift.io/scc: hostnetwork
creationTimestamp: null
creationTimestamp: null
generateName: docker-registry-1-
generateName: docker-registry-1-
labels:
labels:
deployment: docker-registry-1
deployment: docker-registry-1
deploymentconfig: docker-registry
deploymentconfig: docker-registry
docker-registry: default
docker-registry: default
spec:
spec:
containers:
containers:
- env:
- env:
- name: REGISTRY_HTTP_ADDR
- name: REGISTRY_HTTP_ADDR
value: :5000
value: :5000
- name: REGISTRY_HTTP_NET
- name: REGISTRY_HTTP_NET
value: tcp
value: tcp
- name: REGISTRY_HTTP_SECRET
- name: REGISTRY_HTTP_SECRET
value: ONmPGiV8QG6pByhgUQoAi2rQYinPryOZz0bWRwB9BPg=
value: 47ZwEcBDx86IugJuWuyGE1SJpkMM6xLk/ZqLuLUWT7Y=
- name: REGISTRY_MIDDLEWARE_REPOSITORY_OPENSHIFT_ENFORCEQUOTA
- name: REGISTRY_MIDDLEWARE_REPOSITORY_OPENSHIFT_ENFORCEQUOTA
value: "false"
value: "false"
- name: REGISTRY_HTTP_TLS_KEY
- name: REGISTRY_HTTP_TLS_KEY
value: /etc/secrets/registry.key
value: /etc/secrets/registry.key
- name: REGISTRY_HTTP_TLS_CERTIFICATE
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: /etc/secrets/registry.crt
value: /etc/secrets/registry.crt
image: openshift/origin-docker-registry:v1.5.0
image: openshift/origin-docker-registry:v1.5.0
imagePullPolicy: IfNotPresent
imagePullPolicy: IfNotPresent
livenessProbe:
livenessProbe:
failureThreshold: 3
failureThreshold: 3
httpGet:
httpGet:
path: /healthz
path: /healthz
port: 5000
port: 5000
scheme: HTTPS
scheme: HTTPS
initialDelaySeconds: 10
initialDelaySeconds: 10
periodSeconds: 10
periodSeconds: 10
successThreshold: 1
successThreshold: 1
timeoutSeconds: 5
timeoutSeconds: 5
name: registry
name: registry
ports:
ports:
- containerPort: 5000
- containerPort: 5000
protocol: TCP
protocol: TCP
readinessProbe:
readinessProbe:
failureThreshold: 3
failureThreshold: 3
httpGet:
httpGet:
path: /healthz
path: /healthz
port: 5000
port: 5000
scheme: HTTPS
scheme: HTTPS
periodSeconds: 10
periodSeconds: 10
successThreshold: 1
successThreshold: 1
timeoutSeconds: 5
timeoutSeconds: 5
resources:
resources:
requests:
requests:
cpu: 100m
cpu: 100m
memory: 256Mi
memory: 256Mi
securityContext:
securityContext:
capabilities:
capabilities:
drop:
drop:
- KILL
- KILL
- MKNOD
- MKNOD
- SETGID
- SETGID
- SETUID
- SETUID
- SYS_CHROOT
- SYS_CHROOT
privileged: false
privileged: false
runAsUser: 1000000000
runAsUser: 1000030000
seLinuxOptions:
seLinuxOptions:
level: s0:c1,c0
level: s0:c6,c0
terminationMessagePath: /dev/termination-log
terminationMessagePath: /dev/termination-log
volumeMounts:
volumeMounts:
- mountPath: /registry
- mountPath: /registry
name: registry-storage
name: registry-storage
- mountPath: /etc/secrets
- mountPath: /etc/secrets
name: registry-certificates
name: registry-certificates
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: registry-token-m8vxh
name: registry-token-mk6dc
readOnly: true
readOnly: true
dnsPolicy: ClusterFirst
dnsPolicy: ClusterFirst
imagePullSecrets:
imagePullSecrets:
- name: registry-dockercfg-mkhfw
- name: registry-dockercfg-d5q8g
nodeName: 192.168.1.11
nodeName: 192.168.1.6
nodeSelector:
nodeSelector:
region: infra
region: infra
restartPolicy: Always
restartPolicy: Always
securityContext:
securityContext:
fsGroup: 1000000000
fsGroup: 1000030000
seLinuxOptions:
seLinuxOptions:
level: s0:c1,c0
level: s0:c6,c0
supplementalGroups:
supplementalGroups:
- 1000000000
- 1000030000
serviceAccount: registry
serviceAccount: registry
serviceAccountName: registry
serviceAccountName: registry
terminationGracePeriodSeconds: 30
terminationGracePeriodSeconds: 30
volumes:
volumes:
- emptyDir: {}
- emptyDir: {}
name: registry-storage
name: registry-storage
- name: registry-certificates
- name: registry-certificates
secret:
secret:
defaultMode: 420
defaultMode: 420
secretName: registry-certificates
secretName: registry-certificates
- name: registry-token-m8vxh
- name: registry-token-mk6dc
secret:
secret:
defaultMode: 420
defaultMode: 420
secretName: registry-token-m8vxh
secretName: registry-token-mk6dc
status:
status:
phase: Pending
phase: Pending
- apiVersion: v1
- apiVersion: v1
kind: Pod
kind: Pod
metadata:
metadata:
annotations:
annotations:
kubernetes.io/created-by: |
kubernetes.io/created-by: |
{"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicationController","namespace":"default","name":"registry-console-2","uid":"b2af7297-3bfd-11e7-a050-fa163e9324cd","apiVersion":"v1","resourceVersion":"976"}}
{"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicationController","namespace":"default","name":"registry-console-2","uid":"72098b35-3c01-11e7-97e2-fa163e2d773e","apiVersion":"v1","resourceVersion":"947"}}
openshift.io/deployment-config.latest-version: "2"
openshift.io/deployment-config.latest-version: "2"
openshift.io/deployment-config.name: registry-console
openshift.io/deployment-config.name: registry-console
openshift.io/deployment.name: registry-console-2
openshift.io/deployment.name: registry-console-2
openshift.io/generated-by: OpenShiftNewApp
openshift.io/generated-by: OpenShiftNewApp
openshift.io/scc: restricted
openshift.io/scc: restricted
creationTimestamp: null
creationTimestamp: null
generateName: registry-console-2-
generateName: registry-console-2-
labels:
labels:
app: registry-console
app: registry-console
deployment: registry-console-2
deployment: registry-console-2
deploymentconfig: registry-console
deploymentconfig: registry-console
name: registry-console
name: registry-console
spec:
spec:
containers:
containers:
- env:
- env:
- name: OPENSHIFT_OAUTH_PROVIDER_URL
- name: OPENSHIFT_OAUTH_PROVIDER_URL
value: https://registry.rdoproject.org:8443
value: https://registry.rdoproject.org:8443
- name: OPENSHIFT_OAUTH_CLIENT_ID
- name: OPENSHIFT_OAUTH_CLIENT_ID
value: cockpit-oauth-client
value: cockpit-oauth-client
- name: KUBERNETES_INSECURE
- name: KUBERNETES_INSECURE
value: "false"
value: "false"
- name: COCKPIT_KUBE_INSECURE
- name: COCKPIT_KUBE_INSECURE
value: "false"
value: "false"
- name: REGISTRY_ONLY
- name: REGISTRY_ONLY
value: "true"
value: "true"
- name: REGISTRY_HOST
- name: REGISTRY_HOST
value: trunk.registry.rdoproject.org
value: trunk.registry.rdoproject.org
image: cockpit/kubernetes:latest
image: cockpit/kubernetes:latest
imagePullPolicy: Always
imagePullPolicy: Always
livenessProbe:
livenessProbe:
failureThreshold: 3
failureThreshold: 3
httpGet:
httpGet:
path: /ping
path: /ping
port: 9090
port: 9090
scheme: HTTP
scheme: HTTP
initialDelaySeconds: 10
initialDelaySeconds: 10
periodSeconds: 10
periodSeconds: 10
successThreshold: 1
successThreshold: 1
timeoutSeconds: 5
timeoutSeconds: 5
name: registry-console
name: registry-console
ports:
ports:
- containerPort: 9090
- containerPort: 9090
protocol: TCP
protocol: TCP
readinessProbe:
readinessProbe:
failureThreshold: 3
failureThreshold: 3
httpGet:
httpGet:
path: /ping
path: /ping
port: 9090
port: 9090
scheme: HTTP
scheme: HTTP
periodSeconds: 10
periodSeconds: 10
successThreshold: 1
successThreshold: 1
timeoutSeconds: 5
timeoutSeconds: 5
resources: {}
resources: {}
securityContext:
securityContext:
capabilities:
capabilities:
drop:
drop:
- KILL
- KILL
- MKNOD
- MKNOD
- SETGID
- SETGID
- SETUID
- SETUID
- SYS_CHROOT
- SYS_CHROOT
privileged: false
privileged: false
runAsUser: 1000000000
runAsUser: 1000030000
seLinuxOptions:
seLinuxOptions:
level: s0:c1,c0
level: s0:c6,c0
terminationMessagePath: /dev/termination-log
terminationMessagePath: /dev/termination-log
volumeMounts:
volumeMounts:
- mountPath: /etc/cockpit/ws-certs.d
- mountPath: /etc/cockpit/ws-certs.d
name: registry-console-certificates
name: registry-console-certificates
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-0q45q
name: default-token-q3lgl
readOnly: true
readOnly: true
dnsPolicy: ClusterFirst
dnsPolicy: ClusterFirst
imagePullSecrets:
imagePullSecrets:
- name: default-dockercfg-m9b34
- name: default-dockercfg-s2jks
nodeName: 192.168.1.11
nodeName: 192.168.1.6
restartPolicy: Always
restartPolicy: Always
securityContext:
securityContext:
fsGroup: 1000000000
fsGroup: 1000030000
seLinuxOptions:
seLinuxOptions:
level: s0:c1,c0
level: s0:c6,c0
serviceAccount: default
serviceAccount: default
serviceAccountName: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
terminationGracePeriodSeconds: 30
volumes:
volumes:
- name: registry-console-certificates
- name: registry-console-certificates
secret:
secret:
defaultMode: 420
defaultMode: 420
secretName: registry-console-certificates
secretName: registry-console-certificates
- name: default-token-0q45q
- name: default-token-q3lgl
secret:
secret:
defaultMode: 420
defaultMode: 420
secretName: default-token-0q45q
secretName: default-token-q3lgl
status:
status:
phase: Pending
phase: Pending
- apiVersion: v1
- apiVersion: v1
kind: Pod
kind: Pod
metadata:
metadata:
annotations:
annotations:
kubernetes.io/created-by: |
kubernetes.io/created-by: |
{"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicationController","namespace":"default","name":"router-1","uid":"9216436e-3bfd-11e7-a050-fa163e9324cd","apiVersion":"v1","resourceVersion":"737"}}
{"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicationController","namespace":"default","name":"router-1","uid":"4ed4fd15-3c01-11e7-97e2-fa163e2d773e","apiVersion":"v1","resourceVersion":"759"}}
openshift.io/deployment-config.latest-version: "1"
openshift.io/deployment-config.latest-version: "1"
openshift.io/deployment-config.name: router
openshift.io/deployment-config.name: router
openshift.io/deployment.name: router-1
openshift.io/deployment.name: router-1
openshift.io/scc: hostnetwork
openshift.io/scc: hostnetwork
creationTimestamp: null
creationTimestamp: null
generateName: router-1-
generateName: router-1-
labels:
labels:
deployment: router-1
deployment: router-1
deploymentconfig: router
deploymentconfig: router
router: router
router: router
spec:
spec:
containers:
containers:
- env:
- env:
- name: DEFAULT_CERTIFICATE_DIR
- name: DEFAULT_CERTIFICATE_DIR
value: /etc/pki/tls/private
value: /etc/pki/tls/private
- name: ROUTER_EXTERNAL_HOST_HOSTNAME
- name: ROUTER_EXTERNAL_HOST_HOSTNAME
- name: ROUTER_EXTERNAL_HOST_HTTPS_VSERVER
- name: ROUTER_EXTERNAL_HOST_HTTPS_VSERVER
- name: ROUTER_EXTERNAL_HOST_HTTP_VSERVER
- name: ROUTER_EXTERNAL_HOST_HTTP_VSERVER
- name: ROUTER_EXTERNAL_HOST_INSECURE
- name: ROUTER_EXTERNAL_HOST_INSECURE
value: "false"
value: "false"
- name: ROUTER_EXTERNAL_HOST_INTERNAL_ADDRESS
- name: ROUTER_EXTERNAL_HOST_INTERNAL_ADDRESS
- name: ROUTER_EXTERNAL_HOST_PARTITION_PATH
- name: ROUTER_EXTERNAL_HOST_PARTITION_PATH
- name: ROUTER_EXTERNAL_HOST_PASSWORD
- name: ROUTER_EXTERNAL_HOST_PASSWORD
- name: ROUTER_EXTERNAL_HOST_PRIVKEY
- name: ROUTER_EXTERNAL_HOST_PRIVKEY
value: /etc/secret-volume/router.pem
value: /etc/secret-volume/router.pem
- name: ROUTER_EXTERNAL_HOST_USERNAME
- name: ROUTER_EXTERNAL_HOST_USERNAME
- name: ROUTER_EXTERNAL_HOST_VXLAN_GW_CIDR
- name: ROUTER_EXTERNAL_HOST_VXLAN_GW_CIDR
- name: ROUTER_SERVICE_HTTPS_PORT
- name: ROUTER_SERVICE_HTTPS_PORT
value: "443"
value: "443"
- name: ROUTER_SERVICE_HTTP_PORT
- name: ROUTER_SERVICE_HTTP_PORT
value: "80"
value: "80"
- name: ROUTER_SERVICE_NAME
- name: ROUTER_SERVICE_NAME
value: router
value: router
- name: ROUTER_SERVICE_NAMESPACE
- name: ROUTER_SERVICE_NAMESPACE
value: default
value: default
- name: ROUTER_SUBDOMAIN
- name: ROUTER_SUBDOMAIN
- name: STATS_PASSWORD
- name: STATS_PASSWORD
value: R3k6bmXZ2g
value: IHp5FXY38Q
- name: STATS_PORT
- name: STATS_PORT
value: "1936"
value: "1936"
- name: STATS_USERNAME
- name: STATS_USERNAME
value: admin
value: admin
image: openshift/origin-haproxy-router:v1.5.0
image: openshift/origin-haproxy-router:v1.5.0
imagePullPolicy: IfNotPresent
imagePullPolicy: IfNotPresent
livenessProbe:
livenessProbe:
failureThreshold: 3
failureThreshold: 3
httpGet:
httpGet:
host: localhost
host: localhost
path: /healthz
path: /healthz
port: 1936
port: 1936
scheme: HTTP
scheme: HTTP
initialDelaySeconds: 10
initialDelaySeconds: 10
periodSeconds: 10
periodSeconds: 10
successThreshold: 1
successThreshold: 1
timeoutSeconds: 1
timeoutSeconds: 1
name: router
name: router
ports:
ports:
- containerPort: 80
- containerPort: 80
hostPort: 80
hostPort: 80
protocol: TCP
protocol: TCP
- containerPort: 443
- containerPort: 443
hostPort: 443
hostPort: 443
protocol: TCP
protocol: TCP
- containerPort: 1936
- containerPort: 1936
hostPort: 1936
hostPort: 1936
name: stats
name: stats
protocol: TCP
protocol: TCP
readinessProbe:
readinessProbe:
failureThreshold: 3
failureThreshold: 3
httpGet:
httpGet:
host: localhost
host: localhost
path: /healthz
path: /healthz
port: 1936
port: 1936
scheme: HTTP
scheme: HTTP
initialDelaySeconds: 10
initialDelaySeconds: 10
periodSeconds: 10
periodSeconds: 10
successThreshold: 1
successThreshold: 1
timeoutSeconds: 1
timeoutSeconds: 1
resources:
resources:
requests:
requests:
cpu: 100m
cpu: 100m
memory: 256Mi
memory: 256Mi
securityContext:
securityContext:
capabilities:
capabilities:
drop:
drop:
- KILL
- KILL
- MKNOD
- MKNOD
- SETGID
- SETGID
- SETUID
- SETUID
- SYS_CHROOT
- SYS_CHROOT
privileged: false
privileged: false
runAsUser: 1000000000
runAsUser: 1000030000
seLinuxOptions:
seLinuxOptions:
level: s0:c1,c0
level: s0:c6,c0
terminationMessagePath: /dev/termination-log
terminationMessagePath: /dev/termination-log
volumeMounts:
volumeMounts:
- mountPath: /etc/pki/tls/private
- mountPath: /etc/pki/tls/private
name: server-certificate
name: server-certificate
readOnly: true
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: router-token-3rcm2
name: router-token-9w940
readOnly: true
readOnly: true
dnsPolicy: ClusterFirst
dnsPolicy: ClusterFirst
hostNetwork: true
hostNetwork: true
imagePullSecrets:
imagePullSecrets:
- name: router-dockercfg-lbsjl
- name: router-dockercfg-sk1nm
nodeName: 192.168.1.11
nodeName: 192.168.1.6
nodeSelector:
nodeSelector:
region: infra
region: infra
restartPolicy: Always
restartPolicy: Always
securityContext:
securityContext:
fsGroup: 1000000000
fsGroup: 1000030000
seLinuxOptions:
seLinuxOptions:
level: s0:c1,c0
level: s0:c6,c0
supplementalGroups:
supplementalGroups:
- 1000000000
- 1000030000
serviceAccount: router
serviceAccount: router
serviceAccountName: router
serviceAccountName: router
terminationGracePeriodSeconds: 30
terminationGracePeriodSeconds: 30
volumes:
volumes:
- name: server-certificate
- name: server-certificate
secret:
secret:
defaultMode: 420
defaultMode: 420
secretName: router-certs
secretName: router-certs
- name: router-token-3rcm2
- name: router-token-9w940
secret:
secret:
defaultMode: 420
defaultMode: 420
secretName: router-token-3rcm2
secretName: router-token-9w940
status:
status:
phase: Pending
phase: Pending
kind: List
kind: List
metadata: {}
metadata: {}
Text moved with changes from lines 155-214 (99.5% similarity)
# cat /etc/origin/master/master-config.yaml
admissionConfig:
pluginConfig:
BuildDefaults:
configuration:
apiVersion: v1
env: []
kind: BuildDefaultsConfig
resources:
limits: {}
requests: {}
BuildOverrides:
configuration:
apiVersion: v1
kind: BuildOverridesConfig
openshift.io/ImagePolicy:
configuration:
apiVersion: v1
executionRules:
- matchImageAnnotations:
- key: images.openshift.io/deny-execution
value: 'true'
name: execution-denied
onResources:
- resource: pods
- resource: builds
reject: true
skipOnResolutionFailure: true
kind: ImagePolicyConfig
apiLevels:
- v1
apiVersion: v1
assetConfig:
logoutURL: ""
masterPublicURL: https://registry.rdoproject.org:8443
publicURL: https://registry.rdoproject.org:8443/console/
servingInfo:
bindAddress: 0.0.0.0:8443
bindNetwork: tcp4
certFile: master.server.crt
clientCA: ""
keyFile: master.server.key
maxRequestsInFlight: 0
requestTimeoutSeconds: 0
controllerConfig:
serviceServingCert:
signer:
certFile: service-signer.crt
keyFile: service-signer.key
controllers: '*'
corsAllowedOrigins:
- 127.0.0.1
- localhost
- 192.168.1.6
- 38.145.32.81
- kubernetes.default
- kubernetes.default.svc.cluster.local
- kubernetes
- openshift.default
- registry.rdoproject.org
- openshift.default.svc
- 172.30.0.1
- openshift.default.svc.cluster.local
- kubernetes.default.svc
- openshift
Text moved with changes from lines 220-353 (99.5% similarity)
disabledFeatures: ["Builder", "S2IBuilder", "WebConsole"]
dnsConfig:
bindAddress: 0.0.0.0:8053
bindNetwork: tcp4
etcdClientInfo:
ca: ca-bundle.crt
certFile: master.etcd-client.crt
keyFile: master.etcd-client.key
urls:
- https://192.168.1.6:4001
etcdConfig:
address: 192.168.1.6:4001
peerAddress: 192.168.1.6:7001
peerServingInfo:
bindAddress: 0.0.0.0:7001
certFile: etcd.server.crt
clientCA: ca-bundle.crt
keyFile: etcd.server.key
servingInfo:
bindAddress: 0.0.0.0:4001
certFile: etcd.server.crt
clientCA: ca-bundle.crt
keyFile: etcd.server.key
storageDirectory: /var/lib/origin/openshift.local.etcd
etcdStorageConfig:
kubernetesStoragePrefix: kubernetes.io
kubernetesStorageVersion: v1
openShiftStoragePrefix: openshift.io
openShiftStorageVersion: v1
imageConfig:
format: openshift/origin-${component}:${version}
latest: false
kind: MasterConfig
kubeletClientInfo:
ca: ca-bundle.crt
certFile: master.kubelet-client.crt
keyFile: master.kubelet-client.key
port: 10250
kubernetesMasterConfig:
apiServerArguments:
controllerArguments:
masterCount: 1
masterIP: 192.168.1.6
podEvictionTimeout:
proxyClientInfo:
certFile: master.proxy-client.crt
keyFile: master.proxy-client.key
schedulerArguments:
schedulerConfigFile: /etc/origin/master/scheduler.json
servicesNodePortRange: ""
servicesSubnet: 172.30.0.0/16
staticNodeNames: []
masterClients:
externalKubernetesClientConnectionOverrides:
acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
contentType: application/vnd.kubernetes.protobuf
burst: 400
qps: 200
externalKubernetesKubeConfig: ""
openshiftLoopbackClientConnectionOverrides:
acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
contentType: application/vnd.kubernetes.protobuf
burst: 600
qps: 300
openshiftLoopbackKubeConfig: openshift-master.kubeconfig
masterPublicURL: https://registry.rdoproject.org:8443
networkConfig:
clusterNetworkCIDR: 10.128.0.0/14
hostSubnetLength: 9
networkPluginName: redhat/openshift-ovs-subnet
# serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet
serviceNetworkCIDR: 172.30.0.0/16
externalIPNetworkCIDRs:
- 0.0.0.0/0
oauthConfig:
assetPublicURL: https://registry.rdoproject.org:8443/console/
grantConfig:
method: auto
identityProviders:
- challenge: false
login: true
mappingMethod: claim
name: github
provider:
apiVersion: v1
clientID: snip
clientSecret: snip
kind: GitHubIdentityProvider
teams:
- rdo-infra/registry-rdoproject-org
masterCA: ca-bundle.crt
masterPublicURL: https://registry.rdoproject.org:8443
masterURL: https://192.168.1.6:8443
sessionConfig:
sessionMaxAgeSeconds: 3600
sessionName: ssn
sessionSecretsFile: /etc/origin/master/session-secrets.yaml
tokenConfig:
accessTokenMaxAgeSeconds: 86400
authorizeTokenMaxAgeSeconds: 500
pauseControllers: false
policyConfig:
bootstrapPolicyFile: /etc/origin/master/policy.json
openshiftInfrastructureNamespace: openshift-infra
openshiftSharedResourcesNamespace: openshift
projectConfig:
defaultNodeSelector: ""
projectRequestMessage: ""
projectRequestTemplate: ""
securityAllocator:
mcsAllocatorRange: "s0:/2"
mcsLabelsPerProject: 5
uidAllocatorRange: "1000000000-1999999999/10000"
routingConfig:
subdomain: "apps.registry.rdoproject.org"
serviceAccountConfig:
limitSecretReferences: false
managedNames:
- default
- builder
- deployer
masterCA: ca-bundle.crt
privateKeyFile: serviceaccounts.private.key
publicKeyFiles:
- serviceaccounts.public.key
servingInfo:
bindAddress: 0.0.0.0:8443
bindNetwork: tcp4
certFile: master.server.crt
clientCA: ca-bundle.crt
keyFile: master.server.key
maxRequestsInFlight: 500
requestTimeoutSeconds: 3600
namedCertificates:
- certFile: /etc/origin/master/named_certificates/registry.rdoproject.org-fullchain.pem
keyFile: /etc/origin/master/named_certificates/registry.rdoproject.org-privkey.pem
names:
- "registry.rdoproject.org"
volumeConfig:
dynamicProvisioningEnabled: True