Miciah · April 20, 2020 20:06
diff --git a/cookies-annotation-controller.yaml b/cookies-annotation-controller.yaml
 # This yaml file defines a controller that ensures that all routes have the
 # "haproxy.router.openshift.io/disable_cookies" annotation set.
 #
 # Users may create routes with or without the annotation and may update the
 # annotation on existing routes.  However, if the user creates a route without
 # the annotation or updates a route to delete the annotation, the controller
 # will add the annotation with the value "true".
 #
 # Deploy this controller using the following command:
 #
 #     oc create -f cookies-annotation-controller.yaml
 #
 # Monitor the controller using the following command:
 #
 #     oc -n openshift-ingress logs deploy/cookies-annotation-controller -f
 #
 apiVersion: v1
 items:
 - kind: ServiceAccount
  apiVersion: v1
  metadata:
    name: cookies-annotation-controller
    namespace: openshift-ingress
 - kind: ClusterRole
  apiVersion: rbac.authorization.k8s.io/v1
  metadata:
    name: route-updater
  rules:
  - apiGroups:
    - route.openshift.io
    resources:
    - routes
    verbs:
    - get
    - list
    - patch
    - watch
 - kind: ClusterRoleBinding
  apiVersion: rbac.authorization.k8s.io/v1
  metadata:
    name: cookies-annotation-controller
  subjects:
  - kind: ServiceAccount
    name: cookies-annotation-controller
    namespace: openshift-ingress
  roleRef:
    kind: ClusterRole
    name: route-updater
    namespace: openshift-ingress
 - apiVersion: v1
  data:
    ensure-route-has-disable_cookies-annotation.sh: |
      #!/bin/bash
      set -euo pipefail
      if [[ -z "$(oc get -n "$1" "routes/$2" --output='jsonpath={.metadata.annotations.haproxy\.router\.openshift\.io/disable_cookies}')" ]]
      then
        oc annotate -n "$1" "routes/$2" haproxy.router.openshift.io/disable_cookies=true
      fi
  kind: ConfigMap
  metadata:
    name: cookies-annotation-controller-script
    namespace: openshift-ingress
 - apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: cookies-annotation-controller
    namespace: openshift-ingress
  spec:
    replicas: 1
    selector: 
      matchLabels:
        app: cookies-annotation-controller
    template:
      metadata:
        labels:
          app: cookies-annotation-controller
      spec:
        containers:
        - args:
          - routes
          - --all-namespaces=true
          - --
          - /tmp/script/ensure-route-has-disable_cookies-annotation.sh
          image: openshift/observe:latest
          name: observer
          volumeMounts:
          - mountPath: /tmp/script
            name: script
        serviceAccountName: cookies-annotation-controller
        volumes:
        - configMap:
            defaultMode: 0777
            name: cookies-annotation-controller-script
          name: script
 kind: List
 metadata: {}
	# This yaml file defines a controller that ensures that all routes have the
	# "haproxy.router.openshift.io/disable_cookies" annotation set.
	#
	# Users may create routes with or without the annotation and may update the
	# annotation on existing routes. However, if the user creates a route without
	# the annotation or updates a route to delete the annotation, the controller
	# will add the annotation with the value "true".
	#
	# Deploy this controller using the following command:
	#
	# oc create -f cookies-annotation-controller.yaml
	#
	# Monitor the controller using the following command:
	#
	# oc -n openshift-ingress logs deploy/cookies-annotation-controller -f
	#
	apiVersion: v1
	items:
	- kind: ServiceAccount
	apiVersion: v1
	metadata:
	name: cookies-annotation-controller
	namespace: openshift-ingress
	- kind: ClusterRole
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: route-updater
	rules:
	- apiGroups:
	- route.openshift.io
	resources:
	- routes
	verbs:
	- get
	- list
	- patch
	- watch
	- kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: cookies-annotation-controller
	subjects:
	- kind: ServiceAccount
	name: cookies-annotation-controller
	namespace: openshift-ingress
	roleRef:
	kind: ClusterRole
	name: route-updater
	namespace: openshift-ingress
	- apiVersion: v1
	data:
	ensure-route-has-disable_cookies-annotation.sh: \|
	#!/bin/bash
	set -euo pipefail
	if [[ -z "$(oc get -n "$1" "routes/$2" --output='jsonpath={.metadata.annotations.haproxy\.router\.openshift\.io/disable_cookies}')" ]]
	then
	oc annotate -n "$1" "routes/$2" haproxy.router.openshift.io/disable_cookies=true
	fi
	kind: ConfigMap
	metadata:
	name: cookies-annotation-controller-script
	namespace: openshift-ingress
	- apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: cookies-annotation-controller
	namespace: openshift-ingress
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: cookies-annotation-controller
	template:
	metadata:
	labels:
	app: cookies-annotation-controller
	spec:
	containers:
	- args:
	- routes
	- --all-namespaces=true
	- --
	- /tmp/script/ensure-route-has-disable_cookies-annotation.sh
	image: openshift/observe:latest
	name: observer
	volumeMounts:
	- mountPath: /tmp/script
	name: script
	serviceAccountName: cookies-annotation-controller
	volumes:
	- configMap:
	defaultMode: 0777
	name: cookies-annotation-controller-script
	name: script
	kind: List
	metadata: {}