Skip to content

Instantly share code, notes, and snippets.

@aidenkeating

aidenkeating/README.md

Last active August 2, 2017 14:14
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save aidenkeating/3467a71b9bb93e95a9a60b58476f793c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save aidenkeating/3467a71b9bb93e95a9a60b58476f793c to your computer and use it in GitHub Desktop.
Download ZIP
Provision OpenShift Template Service Broker
Raw
README.md

Provision OpenShift Template Service Broker (POTSB)

Small script to provision the Template Service Broker in OpenShift and add any templates you might want there. Template URLs or local paths can be specified as a list of arguments to the script.

Prerequisites

Have an OpenShift cluster >= 3.6 with the Service Catalog enabled.

The most simple way to do this is by running oc cluster up --service-catalog.

Once the cluster is up you are ready to run potsb.sh.

What does the script do?

  1. Logs in to OpenShift as system:admin.
  2. Uses the openshift project.
  3. Allow unauthenticated access to the Template Service Broker API.
  4. Create each template specified in the arguments in the openshift project.

Examples

Enable unauthenticated access to the Template Service Broker API

Note: This will not add any custom templates ./potsb.sh

Result: You will now be able to see all default availble templates in the Catalog.

Add the fh-sync-service template

./potsb.sh https://raw.githubusercontent.com/aidenkeating/fh-sync-server/FH-3807_update-sync-template/fh-sync-server-DEVELOPMENT.yaml

Result: You will now be able to see all default templates along with a Sync template in the Catalog.

Raw
potsb.sh
#!/bin/bash
# Provision OpenShift Template Service Broker (potsb)
# In order to enable access to the TSB we must grant unauthenticated access to
# the template service broker api.
readonly GROUP="system:openshift:templateservicebroker-client"
readonly ROLES="system:unauthenticated system:authenticated"
# The 'system:admin' user has permissions to grant unauthenticated access etc.
# so we'll use that user.
readonly USER="system:admin"
# By default, any templates in the 'openshift' project will be exposed in the
# catalog.
readonly PROJECT="openshift"
# We'll be messing with OpenShift users, so let's *try* to return you back to
# your previous state after we complete.
originalUser="$(oc whoami)"
originalProject="$(oc project -q)"
# Change user.
oc login -u "${USER}"
# Change project.
oc project "${PROJECT}"
# Add those roles that are required, mentioned above.
oc adm policy add-cluster-role-to-group "${GROUP}" ${ROLES}
# Go through each argument, they can be local paths or URLs. Some may fail
# because they already exist. That's fine, we'll carry on.
for templateUrl in "${@}"
do
oc create -f "${templateUrl}"
done
echo -e "\nProvisioning complete. Trying to restore user state...\n"
# Try to restore the original user state.
oc login -u "${originalUser}"
oc project "${originalProject}"
echo -e "\nUser state restored. user=$(oc whoami) project=$(oc project -q)"
echo -e "\nHooray! We're all done! Go to your OpenShift console. You should be
able to see a bunch of templates. If not, refresh, it can take a while."
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment