Skip to content
This repository was archived by the owner on Mar 22, 2018. It is now read-only.

Commit 05ddb10

Browse files
Saverio Protodims
Saverio Proto
authored and
dims
committed
Provide Dockerfile and Pod to run the Webhook in kube-system
1 parent d749164 commit 05ddb10

2 files changed

Lines changed: 70 additions & 0 deletions

File tree

kube-system/Dockerfile

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
FROM ubuntu:16.04
2+
MAINTAINER Saverio Proto <[email protected]>
3+
RUN apt-get update && \
4+
apt-get install -y software-properties-common
5+
RUN add-apt-repository -y ppa:masterminds/glide
6+
RUN apt-get update && \
7+
apt-get install -y glide git build-essential golang && \
8+
apt-get clean && \
9+
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
10+
RUN git clone https://github.com/dims/k8s-keystone-auth
11+
WORKDIR k8s-keystone-auth
12+
RUN make depend && make build
13+
EXPOSE 8443
14+
CMD ./bin/k8s-keystone-auth --tls-cert-file ${API_SERVER_CERT} --tls-private-key-file ${API_SERVER_KEY} --keystone-url ${OPENSTACK_KEYSTONE_URL}
15+

kube-system/k8s-keystone-auth.yaml

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
---
2+
apiVersion: v1
3+
kind: Pod
4+
metadata:
5+
annotations:
6+
scheduler.alpha.kubernetes.io/critical-pod: ""
7+
creationTimestamp: null
8+
labels:
9+
component: k8s-keystone-auth
10+
tier: control-plane
11+
name: k8s-keystone-auth
12+
namespace: kube-system
13+
spec:
14+
containers:
15+
- command:
16+
- ./bin/k8s-keystone-auth
17+
- --tls-cert-file
18+
- /etc/kubernetes/pki/apiserver.crt
19+
- --tls-private-key-file
20+
- /etc/kubernetes/pki/apiserver.key
21+
- --keystone-url
22+
- https://mykeystone.com:5000/v3
23+
image: k8s-keystone-auth
24+
imagePullPolicy: Always
25+
#livenessProbe:
26+
# failureThreshold: 8
27+
# httpGet:
28+
# host: 127.0.0.1
29+
# path: /healthz
30+
# port: 6443
31+
# scheme: HTTPS
32+
# initialDelaySeconds: 15
33+
# timeoutSeconds: 15
34+
name: k8s-keystone-auth
35+
resources:
36+
requests:
37+
cpu: 250m
38+
volumeMounts:
39+
- mountPath: /etc/kubernetes/pki
40+
name: k8s-certs
41+
readOnly: true
42+
- mountPath: /etc/ssl/certs
43+
name: ca-certs
44+
readOnly: true
45+
hostNetwork: true
46+
volumes:
47+
- hostPath:
48+
path: /etc/kubernetes/pki
49+
type: DirectoryOrCreate
50+
name: k8s-certs
51+
- hostPath:
52+
path: /etc/ssl/certs
53+
type: DirectoryOrCreate
54+
name: ca-certs
55+
status: {}

0 commit comments

Comments
 (0)