summaryrefslogtreecommitdiffstats
path: root/roles/openshift_logging/templates
diff options
context:
space:
mode:
authorewolinetz <ewolinet@redhat.com>2016-09-28 10:52:07 -0500
committerewolinetz <ewolinet@redhat.com>2016-12-14 15:38:10 -0600
commitb579a4acfa64f85119ffbcbb8f6701972ef0dbb6 (patch)
tree6b65a25017defdca2fafe8655a858436c34db679 /roles/openshift_logging/templates
parent43f52e292afac7bde5e588377e56d9c49574806c (diff)
downloadopenshift-b579a4acfa64f85119ffbcbb8f6701972ef0dbb6.tar.gz
openshift-b579a4acfa64f85119ffbcbb8f6701972ef0dbb6.tar.bz2
openshift-b579a4acfa64f85119ffbcbb8f6701972ef0dbb6.tar.xz
openshift-b579a4acfa64f85119ffbcbb8f6701972ef0dbb6.zip
Creating openshift_logging role for deploying Aggregated Logging without a deployer image
Diffstat (limited to 'roles/openshift_logging/templates')
-rw-r--r--roles/openshift_logging/templates/clusterrole.j221
-rw-r--r--roles/openshift_logging/templates/clusterrolebinding.j224
-rw-r--r--roles/openshift_logging/templates/curator.j297
-rw-r--r--roles/openshift_logging/templates/es.j2105
-rw-r--r--roles/openshift_logging/templates/fluentd.j2149
-rw-r--r--roles/openshift_logging/templates/job.j226
-rw-r--r--roles/openshift_logging/templates/kibana.j2110
-rw-r--r--roles/openshift_logging/templates/oauth-client.j215
-rw-r--r--roles/openshift_logging/templates/pvc.j227
-rw-r--r--roles/openshift_logging/templates/rolebinding.j214
-rw-r--r--roles/openshift_logging/templates/route_reencrypt.j225
-rw-r--r--roles/openshift_logging/templates/secret.j29
-rw-r--r--roles/openshift_logging/templates/service.j228
-rw-r--r--roles/openshift_logging/templates/serviceaccount.j216
14 files changed, 666 insertions, 0 deletions
diff --git a/roles/openshift_logging/templates/clusterrole.j2 b/roles/openshift_logging/templates/clusterrole.j2
new file mode 100644
index 000000000..0d28db48e
--- /dev/null
+++ b/roles/openshift_logging/templates/clusterrole.j2
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: ClusterRole
+metadata:
+ name: {{obj_name}}
+rules:
+{% for rule in rules %}
+- resources:
+{% for kind in rule.resources %}
+ - {{ kind }}
+{% endfor %}
+ apiGroups:
+{% if rule.api_groups is defined %}
+{% for group in rule.api_groups %}
+ - {{ group }}
+{% endfor %}
+{% endif %}
+ verbs:
+{% for verb in rule.verbs %}
+ - {{ verb }}
+{% endfor %}
+{% endfor %}
diff --git a/roles/openshift_logging/templates/clusterrolebinding.j2 b/roles/openshift_logging/templates/clusterrolebinding.j2
new file mode 100644
index 000000000..2d25ff1fb
--- /dev/null
+++ b/roles/openshift_logging/templates/clusterrolebinding.j2
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{obj_name}}
+{% if crb_usernames is defined %}
+userNames:
+{% for name in crb_usernames %}
+ - {{ name }}
+{% endfor %}
+{% endif %}
+{% if crb_groupnames is defined %}
+groupNames:
+{% for name in crb_groupnames %}
+ - {{ name }}
+{% endfor %}
+{% endif %}
+subjects:
+{% for sub in subjects %}
+ - kind: {{ sub.kind }}
+ name: {{ sub.name }}
+ namespace: {{sub.namespace}}
+{% endfor %}
+roleRef:
+ name: {{obj_name}}
diff --git a/roles/openshift_logging/templates/curator.j2 b/roles/openshift_logging/templates/curator.j2
new file mode 100644
index 000000000..3ffb48bfb
--- /dev/null
+++ b/roles/openshift_logging/templates/curator.j2
@@ -0,0 +1,97 @@
+apiVersion: "v1"
+kind: "DeploymentConfig"
+metadata:
+ name: "{{deploy_name}}"
+ labels:
+ provider: openshift
+ component: "{{component}}"
+ logging-infra: "{{logging_component}}"
+spec:
+ replicas: 0
+ selector:
+ provider: openshift
+ component: "{{component}}"
+ logging-infra: "{{logging_component}}"
+ strategy:
+ rollingParams:
+ intervalSeconds: 1
+ timeoutSeconds: 600
+ updatePeriodSeconds: 1
+ type: Recreate
+ template:
+ metadata:
+ name: "{{deploy_name}}"
+ labels:
+ logging-infra: "{{logging_component}}"
+ provider: openshift
+ component: "{{component}}"
+ spec:
+ terminationGracePeriod: 600
+ serviceAccountName: aggregated-logging-curator
+ containers:
+ -
+ name: "curator"
+ image: {{image}}
+ imagePullPolicy: Always
+ resources:
+ limits:
+ cpu: "{{curator_cpu_limit}}"
+{% if curator_memory_limit is defined and curator_memory_limit is not none %}
+ memory: "{{curator_memory_limit}}"
+{% endif %}
+ env:
+ -
+ name: "K8S_HOST_URL"
+ value: "{{master_url}}"
+ -
+ name: "ES_HOST"
+ value: "{{es_host}}"
+ -
+ name: "ES_PORT"
+ value: "{{es_port}}"
+ -
+ name: "ES_CLIENT_CERT"
+ value: "/etc/curator/keys/cert"
+ -
+ name: "ES_CLIENT_KEY"
+ value: "/etc/curator/keys/key"
+ -
+ name: "ES_CA"
+ value: "/etc/curator/keys/ca"
+ -
+ name: "CURATOR_DEFAULT_DAYS"
+ value: "{{openshift_logging_curator_default_days}}"
+ -
+ name: "CURATOR_RUN_HOUR"
+ value: "{{openshift_logging_curator_run_hour}}"
+ -
+ name: "CURATOR_RUN_MINUTE"
+ value: "{{openshift_logging_curator_run_minute}}"
+ -
+ name: "CURATOR_RUN_TIMEZONE"
+ value: "{{openshift_logging_curator_run_timezone}}"
+ -
+ name: "CURATOR_SCRIPT_LOG_LEVEL"
+ value: "{{openshift_logging_curator_script_log_level}}"
+ -
+ name: "CURATOR_LOG_LEVEL"
+ value: "{{openshift_logging_curator_log_level}}"
+ volumeMounts:
+ - name: certs
+ mountPath: /etc/curator/keys
+ readOnly: true
+ - name: config
+ mountPath: /usr/curator/settings
+ readOnly: true
+ - name: elasticsearch-storage
+ mountPath: /elasticsearch/persistent
+ readOnly: true
+ volumes:
+ - name: certs
+ secret:
+ secretName: logging-curator
+ - name: config
+ configMap:
+ name: logging-curator
+ - name: elasticsearch-storage
+ emptyDir: {}
diff --git a/roles/openshift_logging/templates/es.j2 b/roles/openshift_logging/templates/es.j2
new file mode 100644
index 000000000..e5d415f81
--- /dev/null
+++ b/roles/openshift_logging/templates/es.j2
@@ -0,0 +1,105 @@
+apiVersion: "v1"
+kind: "DeploymentConfig"
+metadata:
+ name: "{{deploy_name}}"
+ labels:
+ provider: openshift
+ component: "{{component}}"
+ deployment: "{{deploy_name}}"
+ logging-infra: "{{logging_component}}"
+spec:
+ replicas: 0
+ selector:
+ provider: openshift
+ component: "{{component}}"
+ deployment: "{{deploy_name}}"
+ logging-infra: "{{logging_component}}"
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ name: "{{deploy_name}}"
+ labels:
+ logging-infra: "{{logging_component}}"
+ provider: openshift
+ component: "{{component}}"
+ deployment: "{{deploy_name}}"
+ spec:
+ terminationGracePeriod: 600
+ serviceAccountName: aggregated-logging-elasticsearch
+ securityContext:
+ supplementalGroups:
+ - {{openshift_logging_es_storage_group}}
+ containers:
+ -
+ name: "elasticsearch"
+ image: {{image}}
+ imagePullPolicy: Always
+ resources:
+ limits:
+ memory: "{{es_memory_limit}}"
+{% if es_cpu_limit is defined and es_cpu_limit is not none %}
+ cpu: "{{es_cpu_limit}}"
+{% endif %}
+ requests:
+ memory: "512Mi"
+ ports:
+ -
+ containerPort: 9200
+ name: "restapi"
+ -
+ containerPort: 9300
+ name: "cluster"
+ env:
+ -
+ name: "NAMESPACE"
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ -
+ name: "KUBERNETES_TRUST_CERT"
+ value: "true"
+ -
+ name: "SERVICE_DNS"
+ value: "logging-{{es_cluster_name}}-cluster"
+ -
+ name: "CLUSTER_NAME"
+ value: "logging-{{es_cluster_name}}"
+ -
+ name: "INSTANCE_RAM"
+ value: "{{openshift_logging_es_memory_limit}}"
+ -
+ name: "NODE_QUORUM"
+ value: "{{es_node_quorum | int}}"
+ -
+ name: "RECOVER_AFTER_NODES"
+ value: "{{es_recover_after_nodes}}"
+ -
+ name: "RECOVER_EXPECTED_NODES"
+ value: "{{es_recover_expected_nodes}}"
+ -
+ name: "RECOVER_AFTER_TIME"
+ value: "{{openshift_logging_es_recover_after_time}}"
+ volumeMounts:
+ - name: elasticsearch
+ mountPath: /etc/elasticsearch/secret
+ readOnly: true
+ - name: elasticsearch-config
+ mountPath: /usr/share/java/elasticsearch/config
+ readOnly: true
+ - name: elasticsearch-storage
+ mountPath: /elasticsearch/persistent
+ volumes:
+ - name: elasticsearch
+ secret:
+ secretName: logging-elasticsearch
+ - name: elasticsearch-config
+ configMap:
+ name: logging-elasticsearch
+ - name: elasticsearch-storage
+{% if pvc_claim is defined and pvc_claim | trim | length > 0 %}
+ persistentVolumeClaim:
+ claimName: {{pvc_claim}}
+{% else %}
+ emptyDir: {}
+{% endif %}
diff --git a/roles/openshift_logging/templates/fluentd.j2 b/roles/openshift_logging/templates/fluentd.j2
new file mode 100644
index 000000000..a09b582a2
--- /dev/null
+++ b/roles/openshift_logging/templates/fluentd.j2
@@ -0,0 +1,149 @@
+apiVersion: extensions/v1beta1
+kind: "DaemonSet"
+metadata:
+ name: "{{daemonset_name}}"
+ labels:
+ provider: openshift
+ component: "{{daemonset_component}}"
+ logging-infra: "{{daemonset_component}}"
+spec:
+ selector:
+ matchLabels:
+ provider: openshift
+ component: "{{daemonset_component}}"
+ updateStrategy:
+ type: RollingUpdate
+ rollingUpdate:
+ minReadySeconds: 600
+ template:
+ metadata:
+ name: "{{daemonset_container_name}}"
+ labels:
+ logging-infra: "{{daemonset_component}}"
+ provider: openshift
+ component: "{{daemonset_component}}"
+ spec:
+ serviceAccountName: "{{daemonset_serviceAccount}}"
+ nodeSelector:
+ {{openshift_logging_fluentd_nodeselector}}
+ containers:
+ - name: "{{daemonset_container_name}}"
+ image: "{{openshift_logging_image_prefix}}{{daemonset_name}}:{{openshift_logging_image_version}}"
+ imagePullPolicy: Always
+ securityContext:
+ privileged: true
+ resources:
+ limits:
+ cpu: {{openshift_logging_fluentd_cpu_limit}}
+ memory: {{openshift_logging_fluentd_memory_limit}}
+ volumeMounts:
+ - name: runlogjournal
+ mountPath: /run/log/journal
+ - name: varlog
+ mountPath: /var/log
+ - name: varlibdockercontainers
+ mountPath: /var/lib/docker/containers
+ readOnly: true
+ - name: config
+ mountPath: /etc/fluent/configs.d/user
+ readOnly: true
+ - name: certs
+ mountPath: /etc/fluent/keys
+ readOnly: true
+ - name: dockerhostname
+ mountPath: /etc/docker-hostname
+ readOnly: true
+ - name: localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: dockercfg
+ mountPath: /etc/sysconfig/docker
+ readOnly: true
+ env:
+ - name: "K8S_HOST_URL"
+ value: "{{master_url}}"
+ - name: "ES_HOST"
+ value: "{{openshift_logging_es_host}}"
+ - name: "ES_PORT"
+ value: "{{openshift_logging_es_port}}"
+ - name: "ES_CLIENT_CERT"
+ value: "{{openshift_logging_es_client_cert}}"
+ - name: "ES_CLIENT_KEY"
+ value: "{{openshift_logging_es_client_key}}"
+ - name: "ES_CA"
+ value: "{{openshift_logging_es_ca}}"
+ - name: "OPS_HOST"
+ value: "{{ops_host}}"
+ - name: "OPS_PORT"
+ value: "{{ops_port}}"
+ - name: "OPS_CLIENT_CERT"
+ value: "{{openshift_logging_es_ops_client_cert}}"
+ - name: "OPS_CLIENT_KEY"
+ value: "{{openshift_logging_es_ops_client_key}}"
+ - name: "OPS_CA"
+ value: "{{openshift_logging_es_ops_ca}}"
+ - name: "ES_COPY"
+ value: "{{openshift_logging_fluentd_es_copy|lower}}"
+ - name: "ES_COPY_HOST"
+ value: "{{es_copy_host | default('')}}"
+ - name: "ES_COPY_PORT"
+ value: "{{es_copy_port | default('')}}"
+ - name: "ES_COPY_SCHEME"
+ value: "{{es_copy_scheme | default('https')}}"
+ - name: "ES_COPY_CLIENT_CERT"
+ value: "{{es_copy_client_cert | default('')}}"
+ - name: "ES_COPY_CLIENT_KEY"
+ value: "{{es_copy_client_key | default('')}}"
+ - name: "ES_COPY_CA"
+ value: "{{es_copy_ca | default('')}}"
+ - name: "ES_COPY_USERNAME"
+ value: "{{es_copy_username | default('')}}"
+ - name: "ES_COPY_PASSWORD"
+ value: "{{es_copy_password | default('')}}"
+ - name: "OPS_COPY_HOST"
+ value: "{{ops_copy_host | default('')}}"
+ - name: "OPS_COPY_PORT"
+ value: "{{ops_copy_port | default('')}}"
+ - name: "OPS_COPY_SCHEME"
+ value: "{{ops_copy_scheme | default('https')}}"
+ - name: "OPS_COPY_CLIENT_CERT"
+ value: "{{ops_copy_client_cert | default('')}}"
+ - name: "OPS_COPY_CLIENT_KEY"
+ value: "{{ops_copy_client_key | default('')}}"
+ - name: "OPS_COPY_CA"
+ value: "{{ops_copy_ca | default('')}}"
+ - name: "OPS_COPY_USERNAME"
+ value: "{{ops_copy_username | default('')}}"
+ - name: "OPS_COPY_PASSWORD"
+ value: "{{ops_copy_password | default('')}}"
+ - name: "USE_JOURNAL"
+ value: "{{openshift_logging_fluentd_use_journal|lower}}"
+ - name: "JOURNAL_SOURCE"
+ value: "{{fluentd_journal_source | default('')}}"
+ - name: "JOURNAL_READ_FROM_HEAD"
+ value: "{{openshift_logging_fluentd_journal_read_from_head|lower}}"
+ volumes:
+ - name: runlogjournal
+ hostPath:
+ path: /run/log/journal
+ - name: varlog
+ hostPath:
+ path: /var/log
+ - name: varlibdockercontainers
+ hostPath:
+ path: /var/lib/docker/containers
+ - name: config
+ configMap:
+ name: logging-fluentd
+ - name: certs
+ secret:
+ secretName: logging-fluentd
+ - name: dockerhostname
+ hostPath:
+ path: /etc/hostname
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: dockercfg
+ hostPath:
+ path: /etc/sysconfig/docker
diff --git a/roles/openshift_logging/templates/job.j2 b/roles/openshift_logging/templates/job.j2
new file mode 100644
index 000000000..d7794a407
--- /dev/null
+++ b/roles/openshift_logging/templates/job.j2
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ labels:
+ logging-infra: support
+ generateName: jks-cert-gen-
+spec:
+ containers:
+ - name: jks-cert-gen
+ image: {{openshift_logging_image_prefix}}logging-deployer:{{openshift_logging_image_version}}
+ imagePullPolicy: Always
+ command: ["sh", "generate-jks.sh"]
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /opt/deploy
+ name: certmount
+ env:
+ - name: PROJECT
+ value: {{openshift_logging_namespace}}
+ restartPolicy: Never
+ serviceAccount: aggregated-logging-fluentd
+ volumes:
+ - hostPath:
+ path: "{{generated_certs_dir}}"
+ name: certmount
diff --git a/roles/openshift_logging/templates/kibana.j2 b/roles/openshift_logging/templates/kibana.j2
new file mode 100644
index 000000000..ca3d727bf
--- /dev/null
+++ b/roles/openshift_logging/templates/kibana.j2
@@ -0,0 +1,110 @@
+apiVersion: "v1"
+kind: "DeploymentConfig"
+metadata:
+ name: "{{deploy_name}}"
+ labels:
+ provider: openshift
+ component: "{{component}}"
+ logging-infra: "{{logging_component}}"
+spec:
+ replicas: 0
+ selector:
+ provider: openshift
+ component: "{{component}}"
+ logging-infra: "{{logging_component}}"
+ strategy:
+ rollingParams:
+ intervalSeconds: 1
+ timeoutSeconds: 600
+ updatePeriodSeconds: 1
+ type: Rolling
+ template:
+ metadata:
+ name: "{{deploy_name}}"
+ labels:
+ logging-infra: "{{logging_component}}"
+ provider: openshift
+ component: "{{component}}"
+ spec:
+ serviceAccountName: aggregated-logging-kibana
+ containers:
+ -
+ name: "kibana"
+ image: {{image}}
+ imagePullPolicy: Always
+{% if (kibana_memory_limit is defined and kibana_memory_limit is not none) or (kibana_cpu_limit is defined and kibana_cpu_limit is not none) %}
+ resources:
+ limits:
+{% if kibana_cpu_limit is not none %}
+ cpu: "{{kibana_cpu_limit}}"
+{% endif %}
+{% if kibana_memory_limit is not none %}
+ memory: "{{kibana_memory_limit}}"
+{% endif %}
+{% endif %}
+ env:
+ - name: "ES_HOST"
+ value: "{{es_host}}"
+ - name: "ES_PORT"
+ value: "{{es_port}}"
+ volumeMounts:
+ - name: kibana
+ mountPath: /etc/kibana/keys
+ readOnly: true
+ -
+ name: "kibana-proxy"
+ image: {{proxy_image}}
+ imagePullPolicy: Always
+{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none) or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none) %}
+ resources:
+ limits:
+{% if kibana_proxy_cpu_limit is not none %}
+ cpu: "{{kibana_proxy_cpu_limit}}"
+{% endif %}
+{% if kibana_proxy_memory_limit is not none %}
+ memory: "{{kibana_proxy_memory_limit}}"
+{% endif %}
+{% endif %}
+ ports:
+ -
+ name: "oaproxy"
+ containerPort: 3000
+ env:
+ -
+ name: "OAP_BACKEND_URL"
+ value: "http://localhost:5601"
+ -
+ name: "OAP_AUTH_MODE"
+ value: "oauth2"
+ -
+ name: "OAP_TRANSFORM"
+ value: "user_header,token_header"
+ -
+ name: "OAP_OAUTH_ID"
+ value: kibana-proxy
+ -
+ name: "OAP_MASTER_URL"
+ value: {{master_url}}
+ -
+ name: "OAP_PUBLIC_MASTER_URL"
+ value: {{public_master_url}}
+ -
+ name: "OAP_LOGOUT_REDIRECT"
+ value: {{public_master_url}}/console/logout
+ -
+ name: "OAP_MASTER_CA_FILE"
+ value: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+ -
+ name: "OAP_DEBUG"
+ value: "{{openshift_logging_kibana_proxy_debug}}"
+ volumeMounts:
+ - name: kibana-proxy
+ mountPath: /secret
+ readOnly: true
+ volumes:
+ - name: kibana
+ secret:
+ secretName: logging-kibana
+ - name: kibana-proxy
+ secret:
+ secretName: logging-kibana-proxy
diff --git a/roles/openshift_logging/templates/oauth-client.j2 b/roles/openshift_logging/templates/oauth-client.j2
new file mode 100644
index 000000000..41d3123cb
--- /dev/null
+++ b/roles/openshift_logging/templates/oauth-client.j2
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: OAuthClient
+metadata:
+ name: kibana-proxy
+ labels:
+ logging-infra: support
+secret: {{secret}}
+redirectURIs:
+- https://{{openshift_logging_kibana_hostname}}
+- https://{{openshift_logging_kibana_ops_hostname}}
+scopeRestrictions:
+- literals:
+ - user:info
+ - user:check-access
+ - user:list-projects
diff --git a/roles/openshift_logging/templates/pvc.j2 b/roles/openshift_logging/templates/pvc.j2
new file mode 100644
index 000000000..f19a3a750
--- /dev/null
+++ b/roles/openshift_logging/templates/pvc.j2
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: {{obj_name}}
+ labels:
+ logging-infra: support
+{% if annotations is defined %}
+ annotations:
+{% for key,value in annotations.iteritems() %}
+ {{key}}: {{value}}
+{% endfor %}
+{% endif %}
+spec:
+{% if pv_selector is defined and pv_selector is mapping %}
+ selector:
+ matchLabels:
+{% for key,value in pv_selector.iteritems() %}
+ {{key}}: {{value}}
+{% endfor %}
+{% endif %}
+ accessModes:
+{% for mode in access_modes %}
+ - {{ mode }}
+{% endfor %}
+ resources:
+ requests:
+ storage: {{size}}
diff --git a/roles/openshift_logging/templates/rolebinding.j2 b/roles/openshift_logging/templates/rolebinding.j2
new file mode 100644
index 000000000..fcd4e87cc
--- /dev/null
+++ b/roles/openshift_logging/templates/rolebinding.j2
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: RoleBinding
+metadata:
+ name: {{obj_name}}
+roleRef:
+{% if roleRef.kind is defined %}
+ kind: {{ roleRef.kind }}
+{% endif %}
+ name: {{ roleRef.name }}
+subjects:
+{% for sub in subjects %}
+ - kind: {{ sub.kind }}
+ name: {{ sub.name }}
+{% endfor %}
diff --git a/roles/openshift_logging/templates/route_reencrypt.j2 b/roles/openshift_logging/templates/route_reencrypt.j2
new file mode 100644
index 000000000..8be30a2c4
--- /dev/null
+++ b/roles/openshift_logging/templates/route_reencrypt.j2
@@ -0,0 +1,25 @@
+apiVersion: "v1"
+kind: "Route"
+metadata:
+ name: "{{obj_name}}"
+{% if labels is defined%}
+ labels:
+{% for key, value in labels.iteritems() %}
+ {{key}}: {{value}}
+{% endfor %}
+{% endif %}
+spec:
+ host: {{ route_host }}
+ tls:
+ caCertificate: |
+{% for line in tls_ca_cert.split('\n') %}
+ {{ line }}
+{% endfor %}
+ destinationCACertificate: |
+{% for line in tls_dest_ca_cert.split('\n') %}
+ {{ line }}
+{% endfor %}
+ termination: reencrypt
+ to:
+ kind: Service
+ name: {{ service_name }}
diff --git a/roles/openshift_logging/templates/secret.j2 b/roles/openshift_logging/templates/secret.j2
new file mode 100644
index 000000000..d73bae9c4
--- /dev/null
+++ b/roles/openshift_logging/templates/secret.j2
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{secret_name}}
+type: Opaque
+data:
+{% for s in secrets %}
+ {{s.key}}: {{s.value | b64encode}}
+{% endfor %}
diff --git a/roles/openshift_logging/templates/service.j2 b/roles/openshift_logging/templates/service.j2
new file mode 100644
index 000000000..6c4ec0c76
--- /dev/null
+++ b/roles/openshift_logging/templates/service.j2
@@ -0,0 +1,28 @@
+apiVersion: "v1"
+kind: "Service"
+metadata:
+ name: "{{obj_name}}"
+{% if labels is defined%}
+ labels:
+{% for key, value in labels.iteritems() %}
+ {{key}}: {{value}}
+{% endfor %}
+{% endif %}
+spec:
+ ports:
+{% for port in ports %}
+ -
+{% for key, value in port.iteritems() %}
+ {{key}}: {{value}}
+{% endfor %}
+{% if port.targetPort is undefined %}
+ clusterIP: "None"
+{% endif %}
+{% endfor %}
+{% if service_targetPort is defined %}
+ targetPort: {{service_targetPort}}
+{% endif %}
+ selector:
+ {% for key, value in selector.iteritems() %}
+ {{key}}: {{value}}
+ {% endfor %}
diff --git a/roles/openshift_logging/templates/serviceaccount.j2 b/roles/openshift_logging/templates/serviceaccount.j2
new file mode 100644
index 000000000..b22acc594
--- /dev/null
+++ b/roles/openshift_logging/templates/serviceaccount.j2
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{obj_name}}
+{% if labels is defined%}
+ labels:
+{% for key, value in labels.iteritems() %}
+ {{key}}: {{value}}
+{% endfor %}
+{% endif %}
+{% if secrets is defined %}
+secrets:
+{% for name in secrets %}
+- name: {{ name }}
+{% endfor %}
+{% endif %}