jfblaine/gist:fffa93da0bee38caf469b6cf6a11129c

## gistfile1.txt
apiVersion: v1
kind: Template
labels:
  template: "httpd-cert-tests"
metadata:
  name: envoy-test-template
  annotations:
    description: "Demo of secret signing for certs"
    tags: "httpd"
objects:
- apiVersion: apps/v1
  kind: Deployment
  metadata:
    annotations:
      deployment.kubernetes.io/revision: "1"
    labels:
      app: hello
    name: hello
    namespace: "${NAMESPACE}"
  spec:
    progressDeadlineSeconds: 600
    replicas: 1
    revisionHistoryLimit: 0
    selector:
      matchLabels:
        app: hello
    strategy:
      rollingUpdate:
        maxSurge: 25%
        maxUnavailable: 25%
      type: RollingUpdate
    template:
      metadata:
        labels:
          app: hello
      spec:
        containers:
        - image: image-registry.openshift-image-registry.svc:5000/openshift/httpd@sha256:32e50b54dccf847354e224d18ba58f39da053e351cf2377a9865206a43c5c62a
          imagePullPolicy: IfNotPresent
          name: httpd
          resources:
            limits:
              cpu: 200m
              memory: 200Mi
            requests:
              cpu: 100m
              memory: 100Mi
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
          - name: hello-volume
            mountPath: "/etc/pki/tls"
            readOnly: true
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        schedulerName: default-scheduler
        securityContext: {}
        terminationGracePeriodSeconds: 30
        volumes:
        - configMap:
            defaultMode: 420
            name: envoy-config
          name: envoy-config
        - name: hello-volume
          secret:
            secretName: hello
            items:
            - key: tls.key
              path: private/localhost.key
            - key: tls.crt
              path: certs/localhost.crt
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      service.beta.openshift.io/serving-cert-secret-name: hello
    labels:
      app: hello
    name: hello
  spec:
    ports:
    - name: 8080-tcp
      port: 8080
      protocol: TCP
      targetPort: 8080
    - name: 8443-tcp
      port: 8443
      protocol: TCP
      targetPort: 8443
    selector:
      app: hello
    sessionAffinity: None
    type: ClusterIP
- apiVersion: route.openshift.io/v1
  kind: Route
  metadata:
    labels:
      app: hello
    name: hello-http
    namespace: "${NAMESPACE}"
  spec:
    host: hello-http${WILDCARD_DNS}
    port:
      targetPort: 8080
    to:
      kind: Service
      name: hello
      weight: 100
    wildcardPolicy: None
- apiVersion: route.openshift.io/v1
  kind: Route
  metadata:
    labels:
      app: hello
    name: hello-edge
    namespace: "${NAMESPACE}"
  spec:
    host: hello-edge${WILDCARD_DNS}
    port:
      targetPort: 8080
    tls:
      termination: edge
      insecureEdgeTerminationPolicy: Redirect
    to:
      kind: Service
      name: hello
      weight: 100
    wildcardPolicy: None
- apiVersion: route.openshift.io/v1
  kind: Route
  metadata:
    labels:
      app: hello
    name: hello-reencrypt
    namespace: "${NAMESPACE}"
  spec:
    host: hello-reencrypt${WILDCARD_DNS}
    port:
      targetPort: 8443
    tls:
      termination: reencrypt
      insecureEdgeTerminationPolicy: Redirect
    to:
      kind: Service
      name: hello
      weight: 100
    wildcardPolicy: None
- apiVersion: route.openshift.io/v1
  kind: Route
  metadata:
    labels:
      app: hello
    name: hello-passthrough
    namespace: "${NAMESPACE}"
  spec:
    host: hello-passthrough${WILDCARD_DNS}
    port:
      targetPort: 8443
    tls:
      termination: passthrough
      insecureEdgeTerminationPolicy: Redirect
    to:
      kind: Service
      name: hello
      weight: 100
    wildcardPolicy: None
parameters:
  - name: WILDCARD_DNS
    displayName: Wildcard DNS
    description: The wildcard dns entry for routes on this cluster
    required: true
  - name: NAMESPACE
    displayName: Target Namespace
    description: The target namespace for object creation
    required: true
	apiVersion: v1
	kind: Template
	labels:
	template: "httpd-cert-tests"
	metadata:
	name: envoy-test-template
	annotations:
	description: "Demo of secret signing for certs"
	tags: "httpd"
	objects:
	- apiVersion: apps/v1
	kind: Deployment
	metadata:
	annotations:
	deployment.kubernetes.io/revision: "1"
	labels:
	app: hello
	name: hello
	namespace: "${NAMESPACE}"
	spec:
	progressDeadlineSeconds: 600
	replicas: 1
	revisionHistoryLimit: 0
	selector:
	matchLabels:
	app: hello
	strategy:
	rollingUpdate:
	maxSurge: 25%
	maxUnavailable: 25%
	type: RollingUpdate
	template:
	metadata:
	labels:
	app: hello
	spec:
	containers:
	- image: image-registry.openshift-image-registry.svc:5000/openshift/httpd@sha256:32e50b54dccf847354e224d18ba58f39da053e351cf2377a9865206a43c5c62a
	imagePullPolicy: IfNotPresent
	name: httpd
	resources:
	limits:
	cpu: 200m
	memory: 200Mi
	requests:
	cpu: 100m
	memory: 100Mi
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- name: hello-volume
	mountPath: "/etc/pki/tls"
	readOnly: true
	dnsPolicy: ClusterFirst
	restartPolicy: Always
	schedulerName: default-scheduler
	securityContext: {}
	terminationGracePeriodSeconds: 30
	volumes:
	- configMap:
	defaultMode: 420
	name: envoy-config
	name: envoy-config
	- name: hello-volume
	secret:
	secretName: hello
	items:
	- key: tls.key
	path: private/localhost.key
	- key: tls.crt
	path: certs/localhost.crt
	- apiVersion: v1
	kind: Service
	metadata:
	annotations:
	service.beta.openshift.io/serving-cert-secret-name: hello
	labels:
	app: hello
	name: hello
	spec:
	ports:
	- name: 8080-tcp
	port: 8080
	protocol: TCP
	targetPort: 8080
	- name: 8443-tcp
	port: 8443
	protocol: TCP
	targetPort: 8443
	selector:
	app: hello
	sessionAffinity: None
	type: ClusterIP
	- apiVersion: route.openshift.io/v1
	kind: Route
	metadata:
	labels:
	app: hello
	name: hello-http
	namespace: "${NAMESPACE}"
	spec:
	host: hello-http${WILDCARD_DNS}
	port:
	targetPort: 8080
	to:
	kind: Service
	name: hello
	weight: 100
	wildcardPolicy: None
	- apiVersion: route.openshift.io/v1
	kind: Route
	metadata:
	labels:
	app: hello
	name: hello-edge
	namespace: "${NAMESPACE}"
	spec:
	host: hello-edge${WILDCARD_DNS}
	port:
	targetPort: 8080
	tls:
	termination: edge
	insecureEdgeTerminationPolicy: Redirect
	to:
	kind: Service
	name: hello
	weight: 100
	wildcardPolicy: None
	- apiVersion: route.openshift.io/v1
	kind: Route
	metadata:
	labels:
	app: hello
	name: hello-reencrypt
	namespace: "${NAMESPACE}"
	spec:
	host: hello-reencrypt${WILDCARD_DNS}
	port:
	targetPort: 8443
	tls:
	termination: reencrypt
	insecureEdgeTerminationPolicy: Redirect
	to:
	kind: Service
	name: hello
	weight: 100
	wildcardPolicy: None
	- apiVersion: route.openshift.io/v1
	kind: Route
	metadata:
	labels:
	app: hello
	name: hello-passthrough
	namespace: "${NAMESPACE}"
	spec:
	host: hello-passthrough${WILDCARD_DNS}
	port:
	targetPort: 8443
	tls:
	termination: passthrough
	insecureEdgeTerminationPolicy: Redirect
	to:
	kind: Service
	name: hello
	weight: 100
	wildcardPolicy: None
	parameters:
	- name: WILDCARD_DNS
	displayName: Wildcard DNS
	description: The wildcard dns entry for routes on this cluster
	required: true
	- name: NAMESPACE
	displayName: Target Namespace
	description: The target namespace for object creation
	required: true
No results found