---
|
kind: Template
|
apiVersion: v1
|
metadata:
|
name: ec-vpn
|
annotations:
|
openshift.io/display-name: Everyware Cloud VPN Service
|
description: Everyware Cloud VPN service.
|
iconClass: icon-ec
|
tags: ec,vpn
|
template.openshift.io/long-description: This template provides a standalone VPN server.
|
template.openshift.io/provider-display-name: Eurotech S.p.A.
|
template.openshift.io/support-url: https://support.eurotech.com
|
message: "The following service(s) have been created in your project: ${EC_SERVICE_NAME}."
|
labels:
|
template: ec-vpn-template
|
objects:
|
- kind: Service
|
apiVersion: v1
|
metadata:
|
name: "${EC_SERVICE_NAME}"
|
spec:
|
ports:
|
- name: "${EC_SERVICE_NAME}"
|
protocol: UDP
|
port: 1194
|
nodePort: "${SERVICE_NODE_PORT}"
|
type: NodePort
|
selector:
|
app: "${EC_SERVICE_NAME}"
|
deploymentconfig: "${EC_SERVICE_NAME}"
|
- apiVersion: v1
|
kind: DeploymentConfig
|
metadata:
|
generation: 1
|
labels:
|
app: ${EC_SERVICE_NAME}
|
name: ${EC_SERVICE_NAME}
|
spec:
|
replicas: 1
|
strategy:
|
type: Recreate
|
triggers:
|
- type: ImageChange
|
imageChangeParams:
|
automatic: true
|
containerNames:
|
- "${EC_SERVICE_NAME}"
|
from:
|
kind: ImageStreamTag
|
name: "${EC_SERVICE_NAME}:${IMAGE_VERSION}"
|
namespace: "${NAMESPACE}"
|
- type: ConfigChange
|
selector:
|
app: "${EC_SERVICE_NAME}"
|
deploymentconfig: "${EC_SERVICE_NAME}"
|
template:
|
metadata:
|
labels:
|
app: "${EC_SERVICE_NAME}"
|
deploymentconfig: "${EC_SERVICE_NAME}"
|
spec:
|
containers:
|
- env:
|
- name: DB_NAME
|
valueFrom:
|
secretKeyRef:
|
name: "${EC_SECRET_DB}"
|
key: name
|
- name: DB_USERNAME
|
valueFrom:
|
secretKeyRef:
|
name: "${EC_SECRET_DB}"
|
key: username
|
- name: DB_PASSWORD
|
valueFrom:
|
secretKeyRef:
|
name: "${EC_SECRET_DB}"
|
key: password
|
- name: EC_CRT
|
valueFrom:
|
secretKeyRef:
|
name: "${EC_SECRET_CRT}"
|
key: crt
|
- name: EC_CA
|
valueFrom:
|
secretKeyRef:
|
name: "${EC_SECRET_CRT}"
|
key: ca
|
- name: EC_KEY
|
valueFrom:
|
secretKeyRef:
|
name: "${EC_SECRET_CRT}"
|
key: key
|
- name: JAVA_OPTS
|
value:
|
-Xmx1G
|
-Dcommons.db.connection.host=$MARIADB_101_RHEL7_PORT_3306_TCP_ADDR
|
-Dcommons.db.connection.port=$MARIADB_101_RHEL7_PORT_3306_TCP_PORT
|
-Dcommons.db.jdbcConnectionUrlResolver=${DB_RESOLVER}
|
-Dcommons.db.jdbc.driver=${DB_DRIVER}
|
-Dcommons.db.connection.scheme=${DB_CONNECTION_SCHEME}
|
-Dcommons.db.schema=${DB_SCHEMA_NAME}
|
-Dcommons.db.schema.update=${DB_SCHEMA_UPDATE}
|
-Dcommons.db.name=${DB_NAME}
|
-Dcommons.db.username=${DB_USERNAME}
|
-Dcommons.db.password=${DB_PASSWORD}
|
-Dcertificate.jwt.private.key=file:///tmp/key.pk8
|
-Dcertificate.jwt.certificate=file:///tmp/cert.pem
|
-Dkapua.config.dir=/etc/opt/ec/defaults
|
${JAVA_OPTS_EXTRA}
|
image: "${EC_SERVICE_NAME}:${IMAGE_VERSION}"
|
imagePullPolicy: IfNotPresent
|
name: "${EC_SERVICE_NAME}"
|
command:
|
- /docker-entrypoint.sh
|
- /usr/sbin/openvpn
|
- '--config'
|
- '/etc/openvpn/server.conf'
|
ports:
|
- containerPort: 1194
|
protocol: UDP
|
resources:
|
limits:
|
memory: "${MEMORY_LIMIT}"
|
securityContext:
|
privileged: true
|
runAsUser: 0
|
capabilities:
|
add:
|
- NET_ADMIN
|
restartPolicy: Always
|
terminationGracePeriodSeconds: 30
|
# imagePullSecrets:
|
# - name: eurotechreg
|
parameters:
|
- name: IMAGE_VERSION
|
description: The version of the image to use
|
value: latest
|
- name: MEMORY_LIMIT
|
displayName: Memory Limit
|
description: Maximum amount of memory the container can use.
|
value: 2Gi
|
required: true
|
- name: NAMESPACE
|
displayName: Namespace
|
description: The OpenShift Namespace where the ImageStream resides.
|
value: ec
|
- name: EC_SERVICE_NAME
|
displayName: EC api Service Name
|
description: The name of the OpenShift Service.
|
value: ec-vpn
|
required: true
|
# - name: DB_HOST
|
# description: Address of the DB
|
# value: mariadb.ec.svc.cluster.local
|
# required: true
|
# - name: DB_PORT
|
# description: The version of the image to use
|
# value: "3306"
|
# required: true
|
- name: DB_SCHEMA_NAME
|
description: Automatically update DB schema
|
value: "ecdb"
|
required: true
|
- name: DB_SCHEMA_UPDATE
|
description: Automatically update DB schema
|
value: "true"
|
required: true
|
- name: DB_RESOLVER
|
description: JDBC connection URL resolver
|
value: MariaDB
|
required: true
|
- name: DB_DRIVER
|
description: JDBC driver
|
value: org.mariadb.jdbc.Driver
|
required: true
|
- name: DB_CONNECTION_SCHEME
|
description: JDBC connection scheme
|
value: jdbc:mariadb
|
required: true
|
- name: SERVICE_NODE_PORT
|
description: Service node port
|
value: "31194"
|
required: true
|
- name: EC_SECRET_DB
|
description: Name of the secret containing DB credentials
|
value: "ec-db"
|
required: true
|
- name: EC_SECRET_CRT
|
description: Name of the secret containing certificates
|
value: "ec-crt"
|
required: true
|