Skip to content

Instantly share code, notes, and snippets.

@david-martin

david-martin/diff.diff

Created May 23, 2019 14:46
Show Gist options
  • Save david-martin/485b3200417b75dd725642e84b0c6323 to your computer and use it in GitHub Desktop.
Save david-martin/485b3200417b75dd725642e84b0c6323 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
diff.diff
diff file1.yaml file2.yaml
98,100c98
< value: serverData
< - name: HOME
< value: /var/run/artemis/split-1/
---
> value: broker
104c102
< - /opt/apache-artemis/custom/bin/launch-broker.sh
---
> - /opt/amq/custom/bin/launch-broker.sh
110c108
< - $ARTEMIS_HOME/custom/bin/probe.sh
---
> - $AMQ_HOME/custom/bin/probe.sh
129c127
< - $ARTEMIS_HOME/custom/bin/probe.sh
---
> - $AMQ_HOME/custom/bin/probe.sh
142c140
< - mountPath: /opt/apache-artemis/custom
---
> - mountPath: /opt/amq/custom
150a149,150
> - name: CERT_DIR
> value: /etc/enmasse-certs
164,166c164
< value: serverData
< - name: HOME
< value: /var/run/artemis/split-1/
---
> value: broker
185c183
< - mountPath: /opt/apache-artemis/custom
---
> - mountPath: /opt/amq/custom
305a304,305
> - name: ADDRESS_SPACE_TYPE
> value: brokered
483c483
< value: ${env.IMAGE_PULL_POLICY}
---
> value: Always
486c486
< value: ${env.AGENT_IMAGE}
---
> value: registry.redhat.io/amq7/amq-online-1-agent:latest
489c489
< value: ${env.BROKER_IMAGE}
---
> value: registry.redhat.io/amq-broker-7/amq-broker-72-openshift:latest
492c492
< value: ${env.BROKER_PLUGIN_IMAGE}
---
> value: registry.redhat.io/amq7/amq-online-1-broker-plugin:latest
495c495
< value: ${env.TOPIC_FORWARDER_IMAGE}
---
> value: registry.redhat.io/amq7/amq-online-1-topic-forwarder
Raw
left_enmasse.yaml
apiVersion: v1
kind: Template
metadata:
labels:
app: enmasse
name: brokered-space-infra
objects:
- apiVersion: v1
data:
tls.crt: ${AUTHENTICATION_SERVICE_CA_CERT}
kind: Secret
metadata:
name: authservice-ca.${INFRA_UUID}
labels:
app: enmasse
infraUuid: ${INFRA_UUID}
infraType: brokered
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
addressSpace: ${ADDRESS_SPACE}
labels:
app: enmasse
infraType: brokered
infraUuid: ${INFRA_UUID}
name: broker-data.${INFRA_UUID}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: ${BROKER_STORAGE_CAPACITY}
- apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
addressSpace: ${ADDRESS_SPACE}
enmasse.io/cert-secret: broker-internal-cert.${INFRA_UUID}
labels:
app: enmasse
role: broker
infraType: brokered
infraUuid: ${INFRA_UUID}
name: broker.${INFRA_UUID}
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: node-role.enmasse.io/messaging-infra
operator: In
values:
- "true"
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: enmasse
name: broker
role: broker
infraUuid: ${INFRA_UUID}
template:
metadata:
annotations:
addressSpace: ${ADDRESS_SPACE}
prometheus.io/path: /metrics
prometheus.io/port: '8080'
prometheus.io/scrape: 'true'
labels:
app: enmasse
name: broker
role: broker
infraUuid: ${INFRA_UUID}
spec:
containers:
- env:
- name: INFRA_UUID
value: ${INFRA_UUID}
- name: ADDRESS_SPACE_TYPE
value: brokered
- name: ADDRESS_FULL_POLICY
value: ${BROKER_ADDRESS_FULL_POLICY}
- name: CERT_DIR
value: /etc/enmasse-certs
- name: AUTHENTICATION_SERVICE_HOST
value: ${AUTHENTICATION_SERVICE_HOST}
- name: AUTHENTICATION_SERVICE_PORT
value: ${AUTHENTICATION_SERVICE_PORT}
- name: AUTHENTICATION_SERVICE_CLIENT_SECRET
value: ${AUTHENTICATION_SERVICE_CLIENT_SECRET}
- name: AUTHENTICATION_SERVICE_SASL_INIT_HOST
value: ${AUTHENTICATION_SERVICE_SASL_INIT_HOST}
- name: AMQ_NAME
value: serverData
- name: HOME
value: /var/run/artemis/split-1/
image: ${BROKER_IMAGE}
imagePullPolicy: ${IMAGE_PULL_POLICY}
command:
- /opt/apache-artemis/custom/bin/launch-broker.sh
livenessProbe:
exec:
command:
- sh
- -c
- $ARTEMIS_HOME/custom/bin/probe.sh
initialDelaySeconds: 120
name: broker
ports:
- containerPort: 5672
name: amqp
- containerPort: 5671
name: amqps
- containerPort: 55671
name: amqps-normal
- containerPort: 8161
name: jolokia
- containerPort: 8080
name: artemismetrics
readinessProbe:
exec:
command:
- sh
- -c
- $ARTEMIS_HOME/custom/bin/probe.sh
initialDelaySeconds: 10
resources:
limits:
memory: ${BROKER_MEMORY_LIMIT}
requests:
memory: ${BROKER_MEMORY_LIMIT}
volumeMounts:
- mountPath: /var/run/artemis
name: data
- mountPath: /etc/prometheus-config
name: broker-prometheus-config
readOnly: true
- mountPath: /opt/apache-artemis/custom
name: broker-custom
readOnly: false
initContainers:
- env:
- name: INFRA_UUID
value: ${INFRA_UUID}
- name: ADDRESS_SPACE_TYPE
value: brokered
- name: ADDRESS_FULL_POLICY
value: ${BROKER_ADDRESS_FULL_POLICY}
- name: GLOBAL_MAX_SIZE
value: ${BROKER_GLOBAL_MAX_SIZE}
- name: AUTHENTICATION_SERVICE_HOST
value: ${AUTHENTICATION_SERVICE_HOST}
- name: AUTHENTICATION_SERVICE_PORT
value: ${AUTHENTICATION_SERVICE_PORT}
- name: AUTHENTICATION_SERVICE_CLIENT_SECRET
value: ${AUTHENTICATION_SERVICE_CLIENT_SECRET}
- name: AUTHENTICATION_SERVICE_SASL_INIT_HOST
value: ${AUTHENTICATION_SERVICE_SASL_INIT_HOST}
- name: AMQ_NAME
value: serverData
- name: HOME
value: /var/run/artemis/split-1/
image: ${BROKER_PLUGIN_IMAGE}
imagePullPolicy: ${IMAGE_PULL_POLICY}
name: broker-plugin
volumeMounts:
- mountPath: /var/run/artemis
name: data
- mountPath: /etc/enmasse-certs
name: broker-internal-cert
readOnly: true
- mountPath: /etc/external-certs
name: external-cert
readOnly: true
- mountPath: /etc/authservice-ca
name: authservice-ca
readOnly: true
- mountPath: /etc/prometheus-config
name: broker-prometheus-config
readOnly: true
- mountPath: /opt/apache-artemis/custom
name: broker-custom
readOnly: false
volumes:
- name: data
persistentVolumeClaim:
claimName: broker-data.${INFRA_UUID}
- emptyDir: {}
name: broker-custom
- name: broker-prometheus-config
configMap:
name: broker-prometheus-config
- name: broker-internal-cert
secret:
secretName: broker-internal-cert.${INFRA_UUID}
- name: authservice-ca
secret:
secretName: authservice-ca.${INFRA_UUID}
- name: external-cert
secret:
secretName: ${MESSAGING_SECRET}
- apiVersion: v1
kind: Service
metadata:
labels:
app: enmasse
infraType: brokered
infraUuid: ${INFRA_UUID}
name: broker-${INFRA_UUID}
spec:
ports:
- name: amqps-normal
port: 55671
targetPort: amqps-normal
- name: health
port: 8080
protocol: TCP
targetPort: artemismetrics
selector:
role: broker
infraUuid: ${INFRA_UUID}
- apiVersion: v1
kind: Service
metadata:
annotations:
addressSpace: ${ADDRESS_SPACE}
enmasse.io/service-port.amqp: 5672
enmasse.io/service-port.amqps: 5671
labels:
app: enmasse
infraType: brokered
infraUuid: ${INFRA_UUID}
name: messaging-${INFRA_UUID}
spec:
ports:
- name: amqp
port: 5672
targetPort: amqp
- name: amqps
port: 5671
targetPort: amqps
selector:
role: broker
infraUuid: ${INFRA_UUID}
- apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
addressSpace: ${ADDRESS_SPACE}
enmasse.io/cert-secret: agent-internal-cert.${INFRA_UUID}
labels:
app: enmasse
role: agent
infraType: brokered
infraUuid: ${INFRA_UUID}
name: agent.${INFRA_UUID}
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: node-role.enmasse.io/operator-infra
operator: In
values:
- "true"
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: enmasse
name: agent
role: agent
infraUuid: ${INFRA_UUID}
template:
metadata:
annotations:
addressSpace: ${ADDRESS_SPACE}
namespace: ${ADDRESS_SPACE_NAMESPACE}
labels:
app: enmasse
name: agent
role: agent
infraUuid: ${INFRA_UUID}
spec:
containers:
- env:
- name: BROKER_SERVICE_HOST
value: broker-${INFRA_UUID}
- name: BROKER_SERVICE_PORT
value: 55671
- name: ADDRESS_SPACE_PLAN
value: ${ADDRESS_SPACE_PLAN}
- name: ADDRESS_SPACE
value: ${ADDRESS_SPACE}
- name: ADDRESS_SPACE_NAMESPACE
value: ${ADDRESS_SPACE_NAMESPACE}
- name: INFRA_UUID
value: ${INFRA_UUID}
- name: ENABLE_EVENT_LOGGER
value: ${ENABLE_EVENT_LOGGER}
- name: ADDRESS_SPACE_TYPE
value: brokered
- name: CERT_DIR
value: /etc/enmasse-certs
- name: CONSOLE_CERT_DIR
value: /etc/console-certs
- name: MESSAGING_CERT
value: /opt/agent/messaging-cert/tls.crt
- name: HEALTH_PORT
value: '8088'
- name: AUTHENTICATION_SERVICE_HOST
value: ${AUTHENTICATION_SERVICE_HOST}
- name: AUTHENTICATION_SERVICE_PORT
value: ${AUTHENTICATION_SERVICE_PORT}
- name: AUTHENTICATION_SERVICE_CLIENT_SECRET
value: ${AUTHENTICATION_SERVICE_CLIENT_SECRET}
- name: AUTHENTICATION_SERVICE_SASL_INIT_HOST
value: ${AUTHENTICATION_SERVICE_SASL_INIT_HOST}
- name: CONSOLE_OAUTH_DISCOVERY_URL
value: ${CONSOLE_OAUTH_DISCOVERY_URL}
- name: CONSOLE_OAUTH_SCOPE
value: ${CONSOLE_OAUTH_SCOPE}
- name: CONSOLE_LINK
value: ${CONSOLE_LINK}
- name: CONSOLE_OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
name: ${CONSOLE_OAUTH_SECRET_SECRET_NAME}
key: client-id
optional: true
- name: CONSOLE_OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: ${CONSOLE_OAUTH_SECRET_SECRET_NAME}
key: client-secret
optional: true
- name: SSO_COOKIE_SECRET
valueFrom:
secretKeyRef:
name: ${CONSOLE_SSO_COOKIE_SECRET_SECRET_NAME}
key: cookie-secret
optional: true
image: ${AGENT_IMAGE}
imagePullPolicy: ${IMAGE_PULL_POLICY}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
name: agent
resources:
limits:
memory: ${ADMIN_MEMORY_LIMIT}
requests:
memory: ${ADMIN_MEMORY_LIMIT}
ports:
- containerPort: 8080
name: https
- containerPort: 8088
name: http
readinessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
volumeMounts:
- mountPath: /opt/agent/authservice-ca
name: authservice-ca
readOnly: true
- mountPath: /etc/console-certs
name: console-external-cert
readOnly: true
- mountPath: /etc/enmasse-certs
name: agent-internal-cert
readOnly: true
- mountPath: /opt/agent/messaging-cert
name: messaging-cert
readOnly: true
serviceAccountName: ${ADDRESS_SPACE_ADMIN_SA}
volumes:
- name: authservice-ca
secret:
secretName: authservice-ca.${INFRA_UUID}
- name: console-external-cert
secret:
secretName: ${CONSOLE_SECRET}
- name: agent-internal-cert
secret:
secretName: agent-internal-cert.${INFRA_UUID}
- name: messaging-cert
secret:
secretName: ${MESSAGING_SECRET}
- apiVersion: v1
kind: Service
metadata:
annotations:
addressSpace: ${ADDRESS_SPACE}
namespace: ${ADDRESS_SPACE_NAMESPACE}
enmasse.io/service-port.https: 8081
labels:
app: enmasse
infraType: brokered
infraUuid: ${INFRA_UUID}
name: console-${INFRA_UUID}
spec:
ports:
- name: https
port: 8081
targetPort: 8080
- name: health
port: 8088
targetPort: 8088
selector:
role: agent
infraUuid: ${INFRA_UUID}
parameters:
- name: INFRA_UUID
description: UUID to use for infrastructure
required: true
- name: INFRA_NAMESPACE
description: Namespace where infrastructure is created
required: true
- description: Storage capacity required for volume claims
name: BROKER_STORAGE_CAPACITY
value: 2Gi
- description: The name of our address space
name: ADDRESS_SPACE
required: true
- description: The namespace of our address space
name: ADDRESS_SPACE_NAMESPACE
required: true
- name: ADDRESS_SPACE_PLAN
description: Name of address space plan followed
required: true
- description: Certificate to be used for public messaging service
name: MESSAGING_SECRET
required: true
- description: Certificate to be used for public console service
name: CONSOLE_SECRET
required: true
- description: The hostname of the authentication service used by this address space
name: AUTHENTICATION_SERVICE_HOST
required: true
- description: The port of the authentication service used by this address space
name: AUTHENTICATION_SERVICE_PORT
required: true
- description: The CA cert to use for validating authentication service cert
name: AUTHENTICATION_SERVICE_CA_CERT
required: true
- description: The client cert to use as identity against authentication service
name: AUTHENTICATION_SERVICE_CLIENT_SECRET
- description: The hostname to use in sasl init
name: AUTHENTICATION_SERVICE_SASL_INIT_HOST
- description: Enable logging of kubernetes events
name: ENABLE_EVENT_LOGGER
value: 'true'
- description: The service account with address space admin privileges
name: ADDRESS_SPACE_ADMIN_SA
value: address-space-admin
- description: Memory limits for admin
name: ADMIN_MEMORY_LIMIT
value: 512Mi
- description: Memory limits for container
name: BROKER_MEMORY_LIMIT
value: 512Mi
- description: Global max size for all addresses in broker. Cannot be larger than
a quarter of BROKER_MEMORY_LIMIT
name: BROKER_GLOBAL_MAX_SIZE
value: "-1"
- description: Broker address full policy
name: BROKER_ADDRESS_FULL_POLICY
value: FAIL
- name: IMAGE_PULL_POLICY
description: Image Pull Policy
value: ${env.IMAGE_PULL_POLICY}
- name: AGENT_IMAGE
description: Agent Image
value: ${env.AGENT_IMAGE}
- name: BROKER_IMAGE
description: Broker Image
value: ${env.BROKER_IMAGE}
- name: BROKER_PLUGIN_IMAGE
description: Broker Plugin Image
value: ${env.BROKER_PLUGIN_IMAGE}
- name: TOPIC_FORWARDER_IMAGE
description: Topic Forwarder Image
value: ${env.TOPIC_FORWARDER_IMAGE}
- description:
name: CONSOLE_OAUTH_DISCOVERY_URL
- description:
name: CONSOLE_OAUTH_SCOPE
- description:
name: CONSOLE_OAUTH_SECRET_SECRET_NAME
- description:
name: CONSOLE_SSO_COOKIE_SECRET_SECRET_NAME
- description:
name: CONSOLE_LINK
Raw
right_amqonline.yaml
apiVersion: v1
kind: Template
metadata:
labels:
app: enmasse
name: brokered-space-infra
objects:
- apiVersion: v1
data:
tls.crt: ${AUTHENTICATION_SERVICE_CA_CERT}
kind: Secret
metadata:
name: authservice-ca.${INFRA_UUID}
labels:
app: enmasse
infraUuid: ${INFRA_UUID}
infraType: brokered
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
addressSpace: ${ADDRESS_SPACE}
labels:
app: enmasse
infraType: brokered
infraUuid: ${INFRA_UUID}
name: broker-data.${INFRA_UUID}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: ${BROKER_STORAGE_CAPACITY}
- apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
addressSpace: ${ADDRESS_SPACE}
enmasse.io/cert-secret: broker-internal-cert.${INFRA_UUID}
labels:
app: enmasse
role: broker
infraType: brokered
infraUuid: ${INFRA_UUID}
name: broker.${INFRA_UUID}
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: node-role.enmasse.io/messaging-infra
operator: In
values:
- "true"
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: enmasse
name: broker
role: broker
infraUuid: ${INFRA_UUID}
template:
metadata:
annotations:
addressSpace: ${ADDRESS_SPACE}
prometheus.io/path: /metrics
prometheus.io/port: '8080'
prometheus.io/scrape: 'true'
labels:
app: enmasse
name: broker
role: broker
infraUuid: ${INFRA_UUID}
spec:
containers:
- env:
- name: INFRA_UUID
value: ${INFRA_UUID}
- name: ADDRESS_SPACE_TYPE
value: brokered
- name: ADDRESS_FULL_POLICY
value: ${BROKER_ADDRESS_FULL_POLICY}
- name: CERT_DIR
value: /etc/enmasse-certs
- name: AUTHENTICATION_SERVICE_HOST
value: ${AUTHENTICATION_SERVICE_HOST}
- name: AUTHENTICATION_SERVICE_PORT
value: ${AUTHENTICATION_SERVICE_PORT}
- name: AUTHENTICATION_SERVICE_CLIENT_SECRET
value: ${AUTHENTICATION_SERVICE_CLIENT_SECRET}
- name: AUTHENTICATION_SERVICE_SASL_INIT_HOST
value: ${AUTHENTICATION_SERVICE_SASL_INIT_HOST}
- name: AMQ_NAME
value: broker
image: ${BROKER_IMAGE}
imagePullPolicy: ${IMAGE_PULL_POLICY}
command:
- /opt/amq/custom/bin/launch-broker.sh
livenessProbe:
exec:
command:
- sh
- -c
- $AMQ_HOME/custom/bin/probe.sh
initialDelaySeconds: 120
name: broker
ports:
- containerPort: 5672
name: amqp
- containerPort: 5671
name: amqps
- containerPort: 55671
name: amqps-normal
- containerPort: 8161
name: jolokia
- containerPort: 8080
name: artemismetrics
readinessProbe:
exec:
command:
- sh
- -c
- $AMQ_HOME/custom/bin/probe.sh
initialDelaySeconds: 10
resources:
limits:
memory: ${BROKER_MEMORY_LIMIT}
requests:
memory: ${BROKER_MEMORY_LIMIT}
volumeMounts:
- mountPath: /var/run/artemis
name: data
- mountPath: /etc/prometheus-config
name: broker-prometheus-config
readOnly: true
- mountPath: /opt/amq/custom
name: broker-custom
readOnly: false
initContainers:
- env:
- name: INFRA_UUID
value: ${INFRA_UUID}
- name: ADDRESS_SPACE_TYPE
value: brokered
- name: CERT_DIR
value: /etc/enmasse-certs
- name: ADDRESS_FULL_POLICY
value: ${BROKER_ADDRESS_FULL_POLICY}
- name: GLOBAL_MAX_SIZE
value: ${BROKER_GLOBAL_MAX_SIZE}
- name: AUTHENTICATION_SERVICE_HOST
value: ${AUTHENTICATION_SERVICE_HOST}
- name: AUTHENTICATION_SERVICE_PORT
value: ${AUTHENTICATION_SERVICE_PORT}
- name: AUTHENTICATION_SERVICE_CLIENT_SECRET
value: ${AUTHENTICATION_SERVICE_CLIENT_SECRET}
- name: AUTHENTICATION_SERVICE_SASL_INIT_HOST
value: ${AUTHENTICATION_SERVICE_SASL_INIT_HOST}
- name: AMQ_NAME
value: broker
image: ${BROKER_PLUGIN_IMAGE}
imagePullPolicy: ${IMAGE_PULL_POLICY}
name: broker-plugin
volumeMounts:
- mountPath: /var/run/artemis
name: data
- mountPath: /etc/enmasse-certs
name: broker-internal-cert
readOnly: true
- mountPath: /etc/external-certs
name: external-cert
readOnly: true
- mountPath: /etc/authservice-ca
name: authservice-ca
readOnly: true
- mountPath: /etc/prometheus-config
name: broker-prometheus-config
readOnly: true
- mountPath: /opt/amq/custom
name: broker-custom
readOnly: false
volumes:
- name: data
persistentVolumeClaim:
claimName: broker-data.${INFRA_UUID}
- emptyDir: {}
name: broker-custom
- name: broker-prometheus-config
configMap:
name: broker-prometheus-config
- name: broker-internal-cert
secret:
secretName: broker-internal-cert.${INFRA_UUID}
- name: authservice-ca
secret:
secretName: authservice-ca.${INFRA_UUID}
- name: external-cert
secret:
secretName: ${MESSAGING_SECRET}
- apiVersion: v1
kind: Service
metadata:
labels:
app: enmasse
infraType: brokered
infraUuid: ${INFRA_UUID}
name: broker-${INFRA_UUID}
spec:
ports:
- name: amqps-normal
port: 55671
targetPort: amqps-normal
- name: health
port: 8080
protocol: TCP
targetPort: artemismetrics
selector:
role: broker
infraUuid: ${INFRA_UUID}
- apiVersion: v1
kind: Service
metadata:
annotations:
addressSpace: ${ADDRESS_SPACE}
enmasse.io/service-port.amqp: 5672
enmasse.io/service-port.amqps: 5671
labels:
app: enmasse
infraType: brokered
infraUuid: ${INFRA_UUID}
name: messaging-${INFRA_UUID}
spec:
ports:
- name: amqp
port: 5672
targetPort: amqp
- name: amqps
port: 5671
targetPort: amqps
selector:
role: broker
infraUuid: ${INFRA_UUID}
- apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
addressSpace: ${ADDRESS_SPACE}
enmasse.io/cert-secret: agent-internal-cert.${INFRA_UUID}
labels:
app: enmasse
role: agent
infraType: brokered
infraUuid: ${INFRA_UUID}
name: agent.${INFRA_UUID}
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: node-role.enmasse.io/operator-infra
operator: In
values:
- "true"
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: enmasse
name: agent
role: agent
infraUuid: ${INFRA_UUID}
template:
metadata:
annotations:
addressSpace: ${ADDRESS_SPACE}
namespace: ${ADDRESS_SPACE_NAMESPACE}
labels:
app: enmasse
name: agent
role: agent
infraUuid: ${INFRA_UUID}
spec:
containers:
- env:
- name: BROKER_SERVICE_HOST
value: broker-${INFRA_UUID}
- name: BROKER_SERVICE_PORT
value: 55671
- name: ADDRESS_SPACE_PLAN
value: ${ADDRESS_SPACE_PLAN}
- name: ADDRESS_SPACE
value: ${ADDRESS_SPACE}
- name: ADDRESS_SPACE_NAMESPACE
value: ${ADDRESS_SPACE_NAMESPACE}
- name: INFRA_UUID
value: ${INFRA_UUID}
- name: ADDRESS_SPACE_TYPE
value: brokered
- name: ENABLE_EVENT_LOGGER
value: ${ENABLE_EVENT_LOGGER}
- name: ADDRESS_SPACE_TYPE
value: brokered
- name: CERT_DIR
value: /etc/enmasse-certs
- name: CONSOLE_CERT_DIR
value: /etc/console-certs
- name: MESSAGING_CERT
value: /opt/agent/messaging-cert/tls.crt
- name: HEALTH_PORT
value: '8088'
- name: AUTHENTICATION_SERVICE_HOST
value: ${AUTHENTICATION_SERVICE_HOST}
- name: AUTHENTICATION_SERVICE_PORT
value: ${AUTHENTICATION_SERVICE_PORT}
- name: AUTHENTICATION_SERVICE_CLIENT_SECRET
value: ${AUTHENTICATION_SERVICE_CLIENT_SECRET}
- name: AUTHENTICATION_SERVICE_SASL_INIT_HOST
value: ${AUTHENTICATION_SERVICE_SASL_INIT_HOST}
- name: CONSOLE_OAUTH_DISCOVERY_URL
value: ${CONSOLE_OAUTH_DISCOVERY_URL}
- name: CONSOLE_OAUTH_SCOPE
value: ${CONSOLE_OAUTH_SCOPE}
- name: CONSOLE_LINK
value: ${CONSOLE_LINK}
- name: CONSOLE_OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
name: ${CONSOLE_OAUTH_SECRET_SECRET_NAME}
key: client-id
optional: true
- name: CONSOLE_OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: ${CONSOLE_OAUTH_SECRET_SECRET_NAME}
key: client-secret
optional: true
- name: SSO_COOKIE_SECRET
valueFrom:
secretKeyRef:
name: ${CONSOLE_SSO_COOKIE_SECRET_SECRET_NAME}
key: cookie-secret
optional: true
image: ${AGENT_IMAGE}
imagePullPolicy: ${IMAGE_PULL_POLICY}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
name: agent
resources:
limits:
memory: ${ADMIN_MEMORY_LIMIT}
requests:
memory: ${ADMIN_MEMORY_LIMIT}
ports:
- containerPort: 8080
name: https
- containerPort: 8088
name: http
readinessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
volumeMounts:
- mountPath: /opt/agent/authservice-ca
name: authservice-ca
readOnly: true
- mountPath: /etc/console-certs
name: console-external-cert
readOnly: true
- mountPath: /etc/enmasse-certs
name: agent-internal-cert
readOnly: true
- mountPath: /opt/agent/messaging-cert
name: messaging-cert
readOnly: true
serviceAccountName: ${ADDRESS_SPACE_ADMIN_SA}
volumes:
- name: authservice-ca
secret:
secretName: authservice-ca.${INFRA_UUID}
- name: console-external-cert
secret:
secretName: ${CONSOLE_SECRET}
- name: agent-internal-cert
secret:
secretName: agent-internal-cert.${INFRA_UUID}
- name: messaging-cert
secret:
secretName: ${MESSAGING_SECRET}
- apiVersion: v1
kind: Service
metadata:
annotations:
addressSpace: ${ADDRESS_SPACE}
namespace: ${ADDRESS_SPACE_NAMESPACE}
enmasse.io/service-port.https: 8081
labels:
app: enmasse
infraType: brokered
infraUuid: ${INFRA_UUID}
name: console-${INFRA_UUID}
spec:
ports:
- name: https
port: 8081
targetPort: 8080
- name: health
port: 8088
targetPort: 8088
selector:
role: agent
infraUuid: ${INFRA_UUID}
parameters:
- name: INFRA_UUID
description: UUID to use for infrastructure
required: true
- name: INFRA_NAMESPACE
description: Namespace where infrastructure is created
required: true
- description: Storage capacity required for volume claims
name: BROKER_STORAGE_CAPACITY
value: 2Gi
- description: The name of our address space
name: ADDRESS_SPACE
required: true
- description: The namespace of our address space
name: ADDRESS_SPACE_NAMESPACE
required: true
- name: ADDRESS_SPACE_PLAN
description: Name of address space plan followed
required: true
- description: Certificate to be used for public messaging service
name: MESSAGING_SECRET
required: true
- description: Certificate to be used for public console service
name: CONSOLE_SECRET
required: true
- description: The hostname of the authentication service used by this address space
name: AUTHENTICATION_SERVICE_HOST
required: true
- description: The port of the authentication service used by this address space
name: AUTHENTICATION_SERVICE_PORT
required: true
- description: The CA cert to use for validating authentication service cert
name: AUTHENTICATION_SERVICE_CA_CERT
required: true
- description: The client cert to use as identity against authentication service
name: AUTHENTICATION_SERVICE_CLIENT_SECRET
- description: The hostname to use in sasl init
name: AUTHENTICATION_SERVICE_SASL_INIT_HOST
- description: Enable logging of kubernetes events
name: ENABLE_EVENT_LOGGER
value: 'true'
- description: The service account with address space admin privileges
name: ADDRESS_SPACE_ADMIN_SA
value: address-space-admin
- description: Memory limits for admin
name: ADMIN_MEMORY_LIMIT
value: 512Mi
- description: Memory limits for container
name: BROKER_MEMORY_LIMIT
value: 512Mi
- description: Global max size for all addresses in broker. Cannot be larger than
a quarter of BROKER_MEMORY_LIMIT
name: BROKER_GLOBAL_MAX_SIZE
value: "-1"
- description: Broker address full policy
name: BROKER_ADDRESS_FULL_POLICY
value: FAIL
- name: IMAGE_PULL_POLICY
description: Image Pull Policy
value: Always
- name: AGENT_IMAGE
description: Agent Image
value: registry.redhat.io/amq7/amq-online-1-agent:latest
- name: BROKER_IMAGE
description: Broker Image
value: registry.redhat.io/amq-broker-7/amq-broker-72-openshift:latest
- name: BROKER_PLUGIN_IMAGE
description: Broker Plugin Image
value: registry.redhat.io/amq7/amq-online-1-broker-plugin:latest
- name: TOPIC_FORWARDER_IMAGE
description: Topic Forwarder Image
value: registry.redhat.io/amq7/amq-online-1-topic-forwarder:latest
- description:
name: CONSOLE_OAUTH_DISCOVERY_URL
- description:
name: CONSOLE_OAUTH_SCOPE
- description:
name: CONSOLE_OAUTH_SECRET_SECRET_NAME
- description:
name: CONSOLE_SSO_COOKIE_SECRET_SECRET_NAME
- description:
name: CONSOLE_LINK
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment