Skip to content

Instantly share code, notes, and snippets.

@miguelsorianod

miguelsorianod/amp.yml

Created October 3, 2019 14:03
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save miguelsorianod/3958b5f86606f98ee5c2cd81fee1f147 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save miguelsorianod/3958b5f86606f98ee5c2cd81fee1f147 to your computer and use it in GitHub Desktop.
Download ZIP
3scale AMP 2.7.0 ER1
Raw
amp.yml
apiVersion: template.openshift.io/v1
kind: Template
message: Login on https://${TENANT_NAME}-admin.${WILDCARD_DOMAIN} as ${ADMIN_USERNAME}/${ADMIN_PASSWORD}
metadata:
annotations:
description: 3scale API Management main system
iconClass: icon-3scale
openshift.io/display-name: 3scale API Management
openshift.io/provider-display-name: Red Hat, Inc.
tags: integration, api management, 3scale
creationTimestamp: null
name: 3scale-api-management
objects:
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP backend
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
name: amp-backend
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: amp-backend (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: amp-backend ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_BACKEND_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP Zync
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: zync
name: amp-zync
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: AMP Zync (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: AMP Zync ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_ZYNC_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP APIcast
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: apicast
name: amp-apicast
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: AMP APIcast (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: AMP APIcast ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_APICAST_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP System
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: amp-system
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: AMP System (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: AMP system ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_SYSTEM_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: Zync database PostgreSQL
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: zync-database-postgresql
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: Zync PostgreSQL (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: Zync ${AMP_RELEASE} PostgreSQL
from:
kind: DockerImage
name: ${ZYNC_DATABASE_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: System Memcached
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-memcached
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: System Memcached (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: System ${AMP_RELEASE} Memcached
from:
kind: DockerImage
name: ${MEMCACHED_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: v1
imagePullSecrets:
- name: threescale-registry-auth
kind: ServiceAccount
metadata:
creationTimestamp: null
name: amp
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: System MySQL
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-mysql
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: System MySQL (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: System ${AMP_RELEASE} MySQL
from:
kind: DockerImage
name: ${SYSTEM_DATABASE_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
threescale_component_element: redis
name: backend-redis
spec:
replicas: 1
selector:
deploymentConfig: backend-redis
strategy:
resources: {}
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: backend-redis
threescale_component: backend
threescale_component_element: redis
spec:
containers:
- args:
- /etc/redis.d/redis.conf
- --daemonize
- "no"
command:
- /opt/rh/rh-redis32/root/usr/bin/redis-server
image: backend-redis:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 10
tcpSocket:
port: 6379
name: backend-redis
readinessProbe:
exec:
command:
- container-entrypoint
- bash
- -c
- redis-cli set liveness-probe "`date`" | grep OK
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 1
resources:
limits:
cpu: "2"
memory: 32Gi
requests:
cpu: "1"
memory: 1Gi
volumeMounts:
- mountPath: /var/lib/redis/data
name: backend-redis-storage
- mountPath: /etc/redis.d/
name: redis-config
serviceAccountName: amp
volumes:
- name: backend-redis-storage
persistentVolumeClaim:
claimName: backend-redis-storage
- configMap:
items:
- key: redis.conf
path: redis.conf
name: redis-config
name: redis-config
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- backend-redis
from:
kind: ImageStreamTag
name: backend-redis:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
threescale_component_element: redis
name: backend-redis
spec:
ports:
- port: 6379
protocol: TCP
targetPort: 6379
selector:
deploymentConfig: backend-redis
status:
loadBalancer: {}
- apiVersion: v1
data:
redis.conf: |
protected-mode no
port 6379
timeout 0
tcp-keepalive 300
daemonize no
supervised no
loglevel notice
databases 16
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
slave-serve-stale-data yes
slave-read-only yes
repl-diskless-sync no
repl-disable-tcp-nodelay no
appendonly yes
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
lua-time-limit 5000
activerehashing no
aof-rewrite-incremental-fsync yes
dir /var/lib/redis/data
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: redis
name: redis-config
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
threescale_component_element: redis
name: backend-redis-storage
spec:
accessModes:
- ReadWriteOnce
dataSource: null
resources:
requests:
storage: 1Gi
status: {}
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: Backend Redis
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
name: backend-redis
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: Backend Redis (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: Backend ${AMP_RELEASE} Redis
from:
kind: DockerImage
name: ${REDIS_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: redis
name: system-redis
spec:
replicas: 1
selector:
deploymentConfig: system-redis
strategy:
resources: {}
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: system-redis
threescale_component: system
threescale_component_element: redis
spec:
containers:
- args:
- /etc/redis.d/redis.conf
- --daemonize
- "no"
command:
- /opt/rh/rh-redis32/root/usr/bin/redis-server
image: system-redis:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 5
tcpSocket:
port: 6379
name: system-redis
readinessProbe:
exec:
command:
- container-entrypoint
- bash
- -c
- redis-cli set liveness-probe "`date`" | grep OK
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
resources:
limits:
cpu: 500m
memory: 32Gi
requests:
cpu: 150m
memory: 256Mi
terminationMessagePath: /dev/termination-log
volumeMounts:
- mountPath: /var/lib/redis/data
name: system-redis-storage
- mountPath: /etc/redis.d/
name: redis-config
serviceAccountName: amp
volumes:
- name: system-redis-storage
persistentVolumeClaim:
claimName: system-redis-storage
- configMap:
items:
- key: redis.conf
path: redis.conf
name: redis-config
name: redis-config
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- system-redis
from:
kind: ImageStreamTag
name: system-redis:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: redis
name: system-redis-storage
spec:
accessModes:
- ReadWriteOnce
dataSource: null
resources:
requests:
storage: 1Gi
status: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: redis
name: system-redis
spec:
ports:
- name: redis
port: 6379
protocol: TCP
targetPort: 6379
selector:
deploymentConfig: system-redis
status:
loadBalancer: {}
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: System Redis
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-redis
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: System Redis (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: System ${AMP_RELEASE} Redis
from:
kind: DockerImage
name: ${REDIS_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
threescale_component_element: cron
name: backend-cron
spec:
replicas: 1
selector:
deploymentConfig: backend-cron
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: backend-cron
threescale_component: backend
threescale_component_element: cron
spec:
containers:
- args:
- backend-cron
env:
- name: CONFIG_REDIS_PROXY
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_ROLE
name: backend-redis
- name: RACK_ENV
valueFrom:
configMapKeyRef:
key: RACK_ENV
name: backend-environment
image: amp-backend:latest
imagePullPolicy: IfNotPresent
name: backend-cron
resources:
limits:
cpu: 150m
memory: 80Mi
requests:
cpu: 50m
memory: 40Mi
initContainers:
- command:
- /opt/app/entrypoint.sh
- sh
- -c
- until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS;
done
env:
- name: CONFIG_REDIS_PROXY
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_ROLE
name: backend-redis
- name: RACK_ENV
valueFrom:
configMapKeyRef:
key: RACK_ENV
name: backend-environment
- name: SLEEP_SECONDS
value: "1"
image: amp-backend:latest
name: backend-redis-svc
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- backend-redis-svc
- backend-cron
from:
kind: ImageStreamTag
name: amp-backend:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
threescale_component_element: listener
name: backend-listener
spec:
replicas: 1
selector:
deploymentConfig: backend-listener
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 600
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: backend-listener
threescale_component: backend
threescale_component_element: listener
spec:
containers:
- args:
- bin/3scale_backend
- start
- -e
- production
- -p
- "3000"
- -x
- /dev/stdout
env:
- name: CONFIG_REDIS_PROXY
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_ROLE
name: backend-redis
- name: RACK_ENV
valueFrom:
configMapKeyRef:
key: RACK_ENV
name: backend-environment
- name: PUMA_WORKERS
value: "16"
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-backend:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
tcpSocket:
port: 3000
name: backend-listener
ports:
- containerPort: 3000
protocol: TCP
readinessProbe:
httpGet:
path: /status
port: 3000
initialDelaySeconds: 30
timeoutSeconds: 5
resources:
limits:
cpu: "1"
memory: 700Mi
requests:
cpu: 500m
memory: 550Mi
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- backend-listener
from:
kind: ImageStreamTag
name: amp-backend:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
threescale_component_element: listener
name: backend-listener
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: 3000
selector:
deploymentConfig: backend-listener
status:
loadBalancer: {}
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
name: backend
spec:
host: backend-${TENANT_NAME}.${WILDCARD_DOMAIN}
port:
targetPort: http
tls:
insecureEdgeTerminationPolicy: Allow
termination: edge
to:
kind: Service
name: backend-listener
weight: null
status:
ingress: null
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
threescale_component_element: worker
name: backend-worker
spec:
replicas: 1
selector:
deploymentConfig: backend-worker
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: backend-worker
threescale_component: backend
threescale_component_element: worker
spec:
containers:
- args:
- bin/3scale_backend_worker
- run
env:
- name: CONFIG_REDIS_PROXY
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_ROLE
name: backend-redis
- name: RACK_ENV
valueFrom:
configMapKeyRef:
key: RACK_ENV
name: backend-environment
- name: CONFIG_EVENTS_HOOK
valueFrom:
secretKeyRef:
key: URL
name: system-events-hook
- name: CONFIG_EVENTS_HOOK_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
image: amp-backend:latest
imagePullPolicy: IfNotPresent
name: backend-worker
resources:
limits:
cpu: "1"
memory: 300Mi
requests:
cpu: 150m
memory: 50Mi
initContainers:
- command:
- /opt/app/entrypoint.sh
- sh
- -c
- until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS;
done
env:
- name: CONFIG_REDIS_PROXY
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_ROLE
name: backend-redis
- name: RACK_ENV
valueFrom:
configMapKeyRef:
key: RACK_ENV
name: backend-environment
- name: SLEEP_SECONDS
value: "1"
image: amp-backend:latest
name: backend-redis-svc
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- backend-redis-svc
- backend-worker
from:
kind: ImageStreamTag
name: amp-backend:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
data:
RACK_ENV: production
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
name: backend-environment
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
name: backend-internal-api
stringData:
password: ${SYSTEM_BACKEND_PASSWORD}
username: ${SYSTEM_BACKEND_USERNAME}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
name: backend-redis
stringData:
REDIS_QUEUES_SENTINEL_HOSTS: ""
REDIS_QUEUES_SENTINEL_ROLE: ""
REDIS_QUEUES_URL: redis://backend-redis:6379/1
REDIS_STORAGE_SENTINEL_HOSTS: ""
REDIS_STORAGE_SENTINEL_ROLE: ""
REDIS_STORAGE_URL: redis://backend-redis:6379/0
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
name: backend-listener
stringData:
route_endpoint: https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}
service_endpoint: http://backend-listener:3000
type: Opaque
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: mysql
name: system-mysql
spec:
replicas: 1
selector:
deploymentConfig: system-mysql
strategy:
resources: {}
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: system-mysql
threescale_component: system
threescale_component_element: mysql
spec:
containers:
- env:
- name: MYSQL_USER
valueFrom:
secretKeyRef:
key: DB_USER
name: system-database
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
key: DB_PASSWORD
name: system-database
- name: MYSQL_DATABASE
value: ${SYSTEM_DATABASE}
- name: MYSQL_ROOT_PASSWORD
value: ${SYSTEM_DATABASE_ROOT_PASSWORD}
- name: MYSQL_LOWER_CASE_TABLE_NAMES
value: "1"
- name: MYSQL_DEFAULTS_FILE
value: /etc/my-extra/my.cnf
image: system-mysql:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
tcpSocket:
port: 3306
name: system-mysql
ports:
- containerPort: 3306
protocol: TCP
readinessProbe:
exec:
command:
- /bin/sh
- -i
- -c
- MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE
-e 'SELECT 1'
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 5
resources:
limits:
memory: 2Gi
requests:
cpu: 250m
memory: 512Mi
volumeMounts:
- mountPath: /var/lib/mysql/data
name: mysql-storage
- mountPath: /etc/my-extra.d
name: mysql-extra-conf
- mountPath: /etc/my-extra
name: mysql-main-conf
serviceAccountName: amp
volumes:
- name: mysql-storage
persistentVolumeClaim:
claimName: mysql-storage
- configMap:
name: mysql-extra-conf
name: mysql-extra-conf
- configMap:
name: mysql-main-conf
name: mysql-main-conf
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- system-mysql
from:
kind: ImageStreamTag
name: system-mysql:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: mysql
name: system-mysql
spec:
ports:
- name: system-mysql
port: 3306
protocol: TCP
targetPort: 3306
selector:
deploymentConfig: system-mysql
status:
loadBalancer: {}
- apiVersion: v1
data:
my.cnf: |
!include /etc/my.cnf
!includedir /etc/my-extra.d
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: mysql
name: mysql-main-conf
- apiVersion: v1
data:
mysql-charset.cnf: |
[client]
default-character-set = utf8
[mysql]
default-character-set = utf8
[mysqld]
character-set-server = utf8
collation-server = utf8_unicode_ci
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: mysql
name: mysql-extra-conf
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: mysql
name: mysql-storage
spec:
accessModes:
- ReadWriteOnce
dataSource: null
resources:
requests:
storage: 1Gi
status: {}
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-database
stringData:
DB_PASSWORD: ${SYSTEM_DATABASE_PASSWORD}
DB_USER: ${SYSTEM_DATABASE_USER}
URL: mysql2://root:${SYSTEM_DATABASE_ROOT_PASSWORD}@system-mysql/${SYSTEM_DATABASE}
type: Opaque
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: memcache
name: system-memcache
spec:
replicas: 1
selector:
deploymentConfig: system-memcache
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 600
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: system-memcache
threescale_component: system
threescale_component_element: memcache
spec:
containers:
- command:
- memcached
- -m
- "64"
image: system-memcached:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 10
tcpSocket:
port: 11211
name: memcache
ports:
- containerPort: 11211
protocol: TCP
readinessProbe:
exec:
command:
- sh
- -c
- echo version | nc $HOSTNAME 11211 | grep VERSION
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 5
resources:
limits:
cpu: 250m
memory: 96Mi
requests:
cpu: 50m
memory: 64Mi
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- memcache
from:
kind: ImageStreamTag
name: system-memcached:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: app
name: system-storage
spec:
accessModes:
- ReadWriteMany
dataSource: null
resources:
requests:
storage: 100Mi
storageClassName: ${{RWX_STORAGE_CLASS}}
status: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: provider-ui
name: system-provider
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: provider
selector:
deploymentConfig: system-app
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: master-ui
name: system-master
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: master
selector:
deploymentConfig: system-app
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: developer-ui
name: system-developer
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: developer
selector:
deploymentConfig: system-app
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: sphinx
name: system-sphinx
spec:
ports:
- name: sphinx
port: 9306
protocol: TCP
targetPort: 9306
selector:
deploymentConfig: system-sphinx
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: memcache
name: system-memcache
spec:
ports:
- name: memcache
port: 11211
protocol: TCP
targetPort: 11211
selector:
deploymentConfig: system-memcache
status:
loadBalancer: {}
- apiVersion: v1
data:
rolling_updates.yml: |
production: {}
service_discovery.yml: |
production:
enabled: <%= cluster_token_file_exists = File.exists?(cluster_token_file_path = '/var/run/secrets/kubernetes.io/serviceaccount/token') %>
server_scheme: 'https'
server_host: 'kubernetes.default.svc.cluster.local'
server_port: 443
bearer_token: "<%= File.read(cluster_token_file_path) if cluster_token_file_exists %>"
authentication_method: service_account # can be service_account|oauth
oauth_server_type: builtin # can be builtin|rh_sso
client_id:
client_secret:
timeout: 1
open_timeout: 1
max_retry: 5
verify_ssl: <%= OpenSSL::SSL::VERIFY_NONE %> # 0
zync.yml: |
production:
endpoint: 'http://zync:8080'
authentication:
token: "<%= ENV.fetch('ZYNC_AUTHENTICATION_TOKEN') %>"
connect_timeout: 5
send_timeout: 5
receive_timeout: 10
root_url:
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system
- apiVersion: v1
data:
address: ""
authentication: ""
domain: ""
openssl.verify.mode: ""
password: ""
port: ""
username: ""
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: smtp
name: smtp
- apiVersion: v1
data:
AMP_RELEASE: ${AMP_RELEASE}
APICAST_REGISTRY_URL: ${APICAST_REGISTRY_URL}
FORCE_SSL: "true"
PROVIDER_PLAN: enterprise
RAILS_ENV: production
RAILS_LOG_LEVEL: info
RAILS_LOG_TO_STDOUT: "true"
SSL_CERT_DIR: /etc/pki/tls/certs
THINKING_SPHINX_PORT: "9306"
THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE: VERIFY_NONE
THREESCALE_SUPERDOMAIN: ${WILDCARD_DOMAIN}
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-environment
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: app
name: system-app
spec:
replicas: 1
selector:
deploymentConfig: system-app
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
post:
execNewPod:
command:
- bash
- -c
- bundle exec rake boot openshift:post_deploy
containerName: system-master
failurePolicy: Abort
pre:
execNewPod:
command:
- bash
- -c
- bundle exec rake boot openshift:deploy MASTER_ACCESS_TOKEN="${MASTER_ACCESS_TOKEN}"
containerName: system-master
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: USER_EMAIL
valueFrom:
secretKeyRef:
key: ADMIN_EMAIL
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: MEMCACHE_SERVERS
valueFrom:
secretKeyRef:
key: SERVERS
name: system-memcache
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: MESSAGE_BUS_REDIS_URL
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_URL
name: system-redis
- name: REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: NAMESPACE
name: system-redis
- name: MESSAGE_BUS_REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_NAMESPACE
name: system-redis
- name: REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: SENTINEL_HOSTS
name: system-redis
- name: REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: SENTINEL_ROLE
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_HOSTS
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_ROLE
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
configMapKeyRef:
key: address
name: smtp
- name: SMTP_USER_NAME
valueFrom:
configMapKeyRef:
key: username
name: smtp
- name: SMTP_PASSWORD
valueFrom:
configMapKeyRef:
key: password
name: smtp
- name: SMTP_DOMAIN
valueFrom:
configMapKeyRef:
key: domain
name: smtp
- name: SMTP_PORT
valueFrom:
configMapKeyRef:
key: port
name: smtp
- name: SMTP_AUTHENTICATION
valueFrom:
configMapKeyRef:
key: authentication
name: smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: openssl.verify.mode
name: smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
volumes:
- system-storage
failurePolicy: Retry
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: system-app
threescale_component: system
threescale_component_element: app
spec:
containers:
- args:
- env
- TENANT_MODE=master
- PORT=3002
- container-entrypoint
- bundle
- exec
- unicorn
- -c
- config/unicorn.rb
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: USER_EMAIL
valueFrom:
secretKeyRef:
key: ADMIN_EMAIL
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: MEMCACHE_SERVERS
valueFrom:
secretKeyRef:
key: SERVERS
name: system-memcache
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: MESSAGE_BUS_REDIS_URL
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_URL
name: system-redis
- name: REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: NAMESPACE
name: system-redis
- name: MESSAGE_BUS_REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_NAMESPACE
name: system-redis
- name: REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: SENTINEL_HOSTS
name: system-redis
- name: REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: SENTINEL_ROLE
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_HOSTS
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_ROLE
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
configMapKeyRef:
key: address
name: smtp
- name: SMTP_USER_NAME
valueFrom:
configMapKeyRef:
key: username
name: smtp
- name: SMTP_PASSWORD
valueFrom:
configMapKeyRef:
key: password
name: smtp
- name: SMTP_DOMAIN
valueFrom:
configMapKeyRef:
key: domain
name: smtp
- name: SMTP_PORT
valueFrom:
configMapKeyRef:
key: port
name: smtp
- name: SMTP_AUTHENTICATION
valueFrom:
configMapKeyRef:
key: authentication
name: smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: openssl.verify.mode
name: smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-system:latest
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 40
initialDelaySeconds: 40
periodSeconds: 10
tcpSocket:
port: master
timeoutSeconds: 10
name: system-master
ports:
- containerPort: 3002
name: master
protocol: TCP
readinessProbe:
failureThreshold: 10
httpGet:
httpHeaders:
- name: X-Forwarded-Proto
value: https
path: /check.txt
port: master
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
resources:
limits:
cpu: "1"
memory: 800Mi
requests:
cpu: 50m
memory: 600Mi
volumeMounts:
- mountPath: /opt/system/public/system
name: system-storage
- mountPath: /opt/system-extra-configs
name: system-config
- args:
- env
- TENANT_MODE=provider
- PORT=3000
- container-entrypoint
- bundle
- exec
- unicorn
- -c
- config/unicorn.rb
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: USER_EMAIL
valueFrom:
secretKeyRef:
key: ADMIN_EMAIL
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: MEMCACHE_SERVERS
valueFrom:
secretKeyRef:
key: SERVERS
name: system-memcache
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: MESSAGE_BUS_REDIS_URL
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_URL
name: system-redis
- name: REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: NAMESPACE
name: system-redis
- name: MESSAGE_BUS_REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_NAMESPACE
name: system-redis
- name: REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: SENTINEL_HOSTS
name: system-redis
- name: REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: SENTINEL_ROLE
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_HOSTS
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_ROLE
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
configMapKeyRef:
key: address
name: smtp
- name: SMTP_USER_NAME
valueFrom:
configMapKeyRef:
key: username
name: smtp
- name: SMTP_PASSWORD
valueFrom:
configMapKeyRef:
key: password
name: smtp
- name: SMTP_DOMAIN
valueFrom:
configMapKeyRef:
key: domain
name: smtp
- name: SMTP_PORT
valueFrom:
configMapKeyRef:
key: port
name: smtp
- name: SMTP_AUTHENTICATION
valueFrom:
configMapKeyRef:
key: authentication
name: smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: openssl.verify.mode
name: smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-system:latest
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 40
initialDelaySeconds: 40
periodSeconds: 10
tcpSocket:
port: provider
timeoutSeconds: 10
name: system-provider
ports:
- containerPort: 3000
name: provider
protocol: TCP
readinessProbe:
failureThreshold: 10
httpGet:
httpHeaders:
- name: X-Forwarded-Proto
value: https
path: /check.txt
port: provider
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
resources:
limits:
cpu: "1"
memory: 800Mi
requests:
cpu: 50m
memory: 600Mi
volumeMounts:
- mountPath: /opt/system/public/system
name: system-storage
- mountPath: /opt/system-extra-configs
name: system-config
- args:
- env
- PORT=3001
- container-entrypoint
- bundle
- exec
- unicorn
- -c
- config/unicorn.rb
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: USER_EMAIL
valueFrom:
secretKeyRef:
key: ADMIN_EMAIL
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: MEMCACHE_SERVERS
valueFrom:
secretKeyRef:
key: SERVERS
name: system-memcache
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: MESSAGE_BUS_REDIS_URL
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_URL
name: system-redis
- name: REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: NAMESPACE
name: system-redis
- name: MESSAGE_BUS_REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_NAMESPACE
name: system-redis
- name: REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: SENTINEL_HOSTS
name: system-redis
- name: REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: SENTINEL_ROLE
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_HOSTS
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_ROLE
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
configMapKeyRef:
key: address
name: smtp
- name: SMTP_USER_NAME
valueFrom:
configMapKeyRef:
key: username
name: smtp
- name: SMTP_PASSWORD
valueFrom:
configMapKeyRef:
key: password
name: smtp
- name: SMTP_DOMAIN
valueFrom:
configMapKeyRef:
key: domain
name: smtp
- name: SMTP_PORT
valueFrom:
configMapKeyRef:
key: port
name: smtp
- name: SMTP_AUTHENTICATION
valueFrom:
configMapKeyRef:
key: authentication
name: smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: openssl.verify.mode
name: smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-system:latest
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 40
initialDelaySeconds: 40
periodSeconds: 10
tcpSocket:
port: developer
timeoutSeconds: 10
name: system-developer
ports:
- containerPort: 3001
name: developer
protocol: TCP
readinessProbe:
failureThreshold: 10
httpGet:
httpHeaders:
- name: X-Forwarded-Proto
value: https
path: /check.txt
port: developer
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
resources:
limits:
cpu: "1"
memory: 800Mi
requests:
cpu: 50m
memory: 600Mi
volumeMounts:
- mountPath: /opt/system/public/system
name: system-storage
readOnly: true
- mountPath: /opt/system-extra-configs
name: system-config
serviceAccountName: amp
volumes:
- name: system-storage
persistentVolumeClaim:
claimName: system-storage
- configMap:
items:
- key: zync.yml
path: zync.yml
- key: rolling_updates.yml
path: rolling_updates.yml
- key: service_discovery.yml
path: service_discovery.yml
name: system
name: system-config
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- system-provider
- system-developer
- system-master
from:
kind: ImageStreamTag
name: amp-system:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: sidekiq
name: system-sidekiq
spec:
replicas: 1
selector:
deploymentConfig: system-sidekiq
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: system-sidekiq
threescale_component: system
threescale_component_element: sidekiq
spec:
containers:
- args:
- rake
- sidekiq:worker
- RAILS_MAX_THREADS=25
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: USER_EMAIL
valueFrom:
secretKeyRef:
key: ADMIN_EMAIL
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: MEMCACHE_SERVERS
valueFrom:
secretKeyRef:
key: SERVERS
name: system-memcache
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: MESSAGE_BUS_REDIS_URL
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_URL
name: system-redis
- name: REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: NAMESPACE
name: system-redis
- name: MESSAGE_BUS_REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_NAMESPACE
name: system-redis
- name: REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: SENTINEL_HOSTS
name: system-redis
- name: REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: SENTINEL_ROLE
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_HOSTS
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_ROLE
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
configMapKeyRef:
key: address
name: smtp
- name: SMTP_USER_NAME
valueFrom:
configMapKeyRef:
key: username
name: smtp
- name: SMTP_PASSWORD
valueFrom:
configMapKeyRef:
key: password
name: smtp
- name: SMTP_DOMAIN
valueFrom:
configMapKeyRef:
key: domain
name: smtp
- name: SMTP_PORT
valueFrom:
configMapKeyRef:
key: port
name: smtp
- name: SMTP_AUTHENTICATION
valueFrom:
configMapKeyRef:
key: authentication
name: smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: openssl.verify.mode
name: smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-system:latest
imagePullPolicy: IfNotPresent
name: system-sidekiq
resources:
limits:
cpu: "1"
memory: 2Gi
requests:
cpu: 100m
memory: 500Mi
volumeMounts:
- mountPath: /opt/system/public/system
name: system-storage
- mountPath: /tmp
name: system-tmp
- mountPath: /opt/system-extra-configs
name: system-config
initContainers:
- command:
- bash
- -c
- bundle exec sh -c "until rake boot:redis && curl --output /dev/null --silent
--fail --head http://system-master:3000/status; do sleep $SLEEP_SECONDS;
done"
env:
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: MESSAGE_BUS_REDIS_URL
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_URL
name: system-redis
- name: REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: NAMESPACE
name: system-redis
- name: MESSAGE_BUS_REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_NAMESPACE
name: system-redis
- name: REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: SENTINEL_HOSTS
name: system-redis
- name: REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: SENTINEL_ROLE
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_HOSTS
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_ROLE
name: system-redis
- name: SLEEP_SECONDS
value: "1"
image: amp-system:latest
name: check-svc
resources: {}
serviceAccountName: amp
volumes:
- emptyDir:
medium: Memory
name: system-tmp
- name: system-storage
persistentVolumeClaim:
claimName: system-storage
- configMap:
items:
- key: zync.yml
path: zync.yml
- key: rolling_updates.yml
path: rolling_updates.yml
- key: service_discovery.yml
path: service_discovery.yml
name: system
name: system-config
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- check-svc
- system-sidekiq
from:
kind: ImageStreamTag
name: amp-system:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: sphinx
name: system-sphinx
spec:
replicas: 1
selector:
deploymentConfig: system-sphinx
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: system-sphinx
threescale_component: system
threescale_component_element: sphinx
spec:
containers:
- args:
- rake
- openshift:thinking_sphinx:start
env:
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: THINKING_SPHINX_ADDRESS
value: 0.0.0.0
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: db/sphinx/production.conf
- name: THINKING_SPHINX_PID_FILE
value: db/sphinx/searchd.pid
- name: DELTA_INDEX_INTERVAL
value: "5"
- name: FULL_REINDEX_INTERVAL
value: "60"
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: MESSAGE_BUS_REDIS_URL
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_URL
name: system-redis
- name: REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: NAMESPACE
name: system-redis
- name: MESSAGE_BUS_REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_NAMESPACE
name: system-redis
- name: REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: SENTINEL_HOSTS
name: system-redis
- name: REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: SENTINEL_ROLE
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_HOSTS
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_ROLE
name: system-redis
image: amp-system:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 60
periodSeconds: 10
tcpSocket:
port: 9306
name: system-sphinx
resources:
limits:
cpu: "1"
memory: 512Mi
requests:
cpu: 80m
memory: 250Mi
volumeMounts:
- mountPath: /opt/system/db/sphinx
name: system-sphinx-database
initContainers:
- command:
- sh
- -c
- until $(curl --output /dev/null --silent --fail --head http://system-master:3000/status);
do sleep $SLEEP_SECONDS; done
env:
- name: SLEEP_SECONDS
value: "1"
image: amp-system:latest
name: system-master-svc
resources: {}
serviceAccountName: amp
volumes:
- emptyDir: {}
name: system-sphinx-database
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- system-master-svc
- system-sphinx
from:
kind: ImageStreamTag
name: amp-system:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-events-hook
stringData:
PASSWORD: ${SYSTEM_BACKEND_SHARED_SECRET}
URL: http://system-master:3000/master/events/import
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-redis
stringData:
MESSAGE_BUS_NAMESPACE: ${SYSTEM_MESSAGE_BUS_REDIS_NAMESPACE}
MESSAGE_BUS_SENTINEL_HOSTS: ""
MESSAGE_BUS_SENTINEL_ROLE: ""
MESSAGE_BUS_URL: ${SYSTEM_MESSAGE_BUS_REDIS_URL}
NAMESPACE: ${SYSTEM_REDIS_NAMESPACE}
SENTINEL_HOSTS: ""
SENTINEL_ROLE: ""
URL: ${SYSTEM_REDIS_URL}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-master-apicast
stringData:
ACCESS_TOKEN: ${APICAST_ACCESS_TOKEN}
BASE_URL: http://${APICAST_ACCESS_TOKEN}@system-master:3000
PROXY_CONFIGS_ENDPOINT: http://${APICAST_ACCESS_TOKEN}@system-master:3000/master/api/proxy/configs
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-seed
stringData:
ADMIN_ACCESS_TOKEN: ${ADMIN_ACCESS_TOKEN}
ADMIN_EMAIL: ${ADMIN_EMAIL}
ADMIN_PASSWORD: ${ADMIN_PASSWORD}
ADMIN_USER: ${ADMIN_USERNAME}
MASTER_ACCESS_TOKEN: ${MASTER_ACCESS_TOKEN}
MASTER_DOMAIN: ${MASTER_NAME}
MASTER_PASSWORD: ${MASTER_PASSWORD}
MASTER_USER: ${MASTER_USER}
TENANT_NAME: ${TENANT_NAME}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-recaptcha
stringData:
PRIVATE_KEY: ${RECAPTCHA_PRIVATE_KEY}
PUBLIC_KEY: ${RECAPTCHA_PUBLIC_KEY}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-app
stringData:
SECRET_KEY_BASE: ${SYSTEM_APP_SECRET_KEY_BASE}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-memcache
stringData:
SERVERS: system-memcache:11211
type: Opaque
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: zync-que-role
rules:
- apiGroups:
- apps.openshift.io
resources:
- deploymentconfigs
verbs:
- get
- list
- apiGroups:
- ""
resources:
- pods
- replicationcontrollers
verbs:
- get
- list
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- get
- list
- create
- delete
- patch
- update
- apiGroups:
- route.openshift.io
resources:
- routes/status
verbs:
- get
- apiGroups:
- route.openshift.io
resources:
- routes/custom-host
verbs:
- create
- apiVersion: v1
imagePullSecrets:
- name: threescale-registry-auth
kind: ServiceAccount
metadata:
creationTimestamp: null
name: zync-que-sa
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: null
name: zync-que-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: zync-que-role
subjects:
- kind: ServiceAccount
name: zync-que-sa
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
annotations:
prometheus.io/port: "9393"
prometheus.io/scrape: "true"
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: zync
name: zync
spec:
replicas: 1
selector:
deploymentConfig: zync
strategy:
resources: {}
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: zync
threescale_component: zync
spec:
containers:
- env:
- name: RAILS_LOG_TO_STDOUT
value: "true"
- name: RAILS_ENV
value: production
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: DATABASE_URL
name: zync
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: zync
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: amp-zync:latest
livenessProbe:
failureThreshold: 10
httpGet:
path: /status/live
port: 8080
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 60
name: zync
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /status/ready
port: 8080
scheme: HTTP
initialDelaySeconds: 100
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
limits:
cpu: "1"
memory: 512Mi
requests:
cpu: 150m
memory: 250M
initContainers:
- command:
- bash
- -c
- bundle exec sh -c "until rake boot:db; do sleep $SLEEP_SECONDS; done"
env:
- name: SLEEP_SECONDS
value: "1"
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: DATABASE_URL
name: zync
image: amp-zync:latest
name: zync-db-svc
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- zync-db-svc
- zync
from:
kind: ImageStreamTag
name: amp-zync:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: zync
name: zync-que
spec:
replicas: 1
selector:
deploymentConfig: zync-que
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 600
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
annotations:
prometheus.io/port: "9394"
prometheus.io/scrape: "true"
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: zync-que
spec:
containers:
- args:
- -c
- bundle exec rake 'que[--worker-count 10]'
command:
- /usr/bin/bash
env:
- name: RAILS_LOG_TO_STDOUT
value: "true"
- name: RAILS_ENV
value: production
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: DATABASE_URL
name: zync
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: zync
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: amp-zync:latest
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
httpGet:
path: /metrics
port: 9394
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 60
name: que
ports:
- containerPort: 9394
name: metrics
protocol: TCP
resources:
limits:
cpu: "1"
memory: 512Mi
requests:
cpu: 250m
memory: 250M
restartPolicy: Always
serviceAccountName: zync-que-sa
terminationGracePeriodSeconds: 30
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- que
from:
kind: ImageStreamTag
name: amp-zync:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: zync
threescale_component_element: database
name: zync-database
spec:
replicas: 1
selector:
deploymentConfig: zync-database
strategy:
resources: {}
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: zync-database
threescale_component: zync
threescale_component_element: database
spec:
containers:
- env:
- name: POSTGRESQL_USER
value: zync
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
key: ZYNC_DATABASE_PASSWORD
name: zync
- name: POSTGRESQL_DATABASE
value: zync_production
image: ' '
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 30
tcpSocket:
port: 5432
timeoutSeconds: 1
name: postgresql
ports:
- containerPort: 5432
protocol: TCP
readinessProbe:
exec:
command:
- /bin/sh
- -i
- -c
- psql -h 127.0.0.1 -U zync -q -d zync_production -c 'SELECT 1'
initialDelaySeconds: 5
timeoutSeconds: 1
resources:
limits:
cpu: 250m
memory: 2G
requests:
cpu: 50m
memory: 250M
volumeMounts:
- mountPath: /var/lib/pgsql/data
name: zync-database-data
restartPolicy: Always
serviceAccountName: amp
volumes:
- emptyDir: {}
name: zync-database-data
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- postgresql
from:
kind: ImageStreamTag
name: zync-database-postgresql:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: zync
name: zync
spec:
ports:
- name: 8080-tcp
port: 8080
protocol: TCP
targetPort: 8080
selector:
deploymentConfig: zync
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: zync
threescale_component_element: database
name: zync-database
spec:
ports:
- name: postgresql
port: 5432
protocol: TCP
targetPort: 5432
selector:
deploymentConfig: zync-database
status:
loadBalancer: {}
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: zync
name: zync
stringData:
DATABASE_URL: postgresql://zync:${ZYNC_DATABASE_PASSWORD}@zync-database:5432/zync_production
SECRET_KEY_BASE: ${ZYNC_SECRET_KEY_BASE}
ZYNC_AUTHENTICATION_TOKEN: ${ZYNC_AUTHENTICATION_TOKEN}
ZYNC_DATABASE_PASSWORD: ${ZYNC_DATABASE_PASSWORD}
type: Opaque
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: apicast
threescale_component_element: staging
name: apicast-staging
spec:
replicas: 1
selector:
deploymentConfig: apicast-staging
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1800
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
annotations:
prometheus.io/port: "9421"
prometheus.io/scrape: "true"
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: apicast-staging
threescale_component: apicast
threescale_component_element: staging
spec:
containers:
- env:
- name: THREESCALE_PORTAL_ENDPOINT
valueFrom:
secretKeyRef:
key: PROXY_CONFIGS_ENDPOINT
name: system-master-apicast
- name: BACKEND_ENDPOINT_OVERRIDE
valueFrom:
secretKeyRef:
key: service_endpoint
name: backend-listener
- name: APICAST_MANAGEMENT_API
valueFrom:
configMapKeyRef:
key: APICAST_MANAGEMENT_API
name: apicast-environment
- name: OPENSSL_VERIFY
valueFrom:
configMapKeyRef:
key: OPENSSL_VERIFY
name: apicast-environment
- name: APICAST_RESPONSE_CODES
valueFrom:
configMapKeyRef:
key: APICAST_RESPONSE_CODES
name: apicast-environment
- name: APICAST_CONFIGURATION_LOADER
value: lazy
- name: APICAST_CONFIGURATION_CACHE
value: "0"
- name: THREESCALE_DEPLOYMENT_ENV
value: staging
image: amp-apicast:latest
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /status/live
port: 8090
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
name: apicast-staging
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8090
protocol: TCP
- containerPort: 9421
name: metrics
protocol: TCP
readinessProbe:
httpGet:
path: /status/ready
port: 8090
initialDelaySeconds: 15
periodSeconds: 30
timeoutSeconds: 5
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- apicast-staging
from:
kind: ImageStreamTag
name: amp-apicast:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: apicast
threescale_component_element: production
name: apicast-production
spec:
replicas: 1
selector:
deploymentConfig: apicast-production
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1800
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
annotations:
prometheus.io/port: "9421"
prometheus.io/scrape: "true"
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: apicast-production
threescale_component: apicast
threescale_component_element: production
spec:
containers:
- env:
- name: THREESCALE_PORTAL_ENDPOINT
valueFrom:
secretKeyRef:
key: PROXY_CONFIGS_ENDPOINT
name: system-master-apicast
- name: BACKEND_ENDPOINT_OVERRIDE
valueFrom:
secretKeyRef:
key: service_endpoint
name: backend-listener
- name: APICAST_MANAGEMENT_API
valueFrom:
configMapKeyRef:
key: APICAST_MANAGEMENT_API
name: apicast-environment
- name: OPENSSL_VERIFY
valueFrom:
configMapKeyRef:
key: OPENSSL_VERIFY
name: apicast-environment
- name: APICAST_RESPONSE_CODES
valueFrom:
configMapKeyRef:
key: APICAST_RESPONSE_CODES
name: apicast-environment
- name: APICAST_CONFIGURATION_LOADER
value: boot
- name: APICAST_CONFIGURATION_CACHE
value: "300"
- name: THREESCALE_DEPLOYMENT_ENV
value: production
image: amp-apicast:latest
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /status/live
port: 8090
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
name: apicast-production
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8090
protocol: TCP
- containerPort: 9421
name: metrics
protocol: TCP
readinessProbe:
httpGet:
path: /status/ready
port: 8090
initialDelaySeconds: 15
periodSeconds: 30
timeoutSeconds: 5
resources:
limits:
cpu: "1"
memory: 128Mi
requests:
cpu: 500m
memory: 64Mi
initContainers:
- command:
- sh
- -c
- until $(curl --output /dev/null --silent --fail --head http://system-master:3000/status);
do sleep $SLEEP_SECONDS; done
env:
- name: SLEEP_SECONDS
value: "1"
image: amp-apicast:latest
name: system-master-svc
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- system-master-svc
- apicast-production
from:
kind: ImageStreamTag
name: amp-apicast:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: apicast
threescale_component_element: staging
name: apicast-staging
spec:
ports:
- name: gateway
port: 8080
protocol: TCP
targetPort: 8080
- name: management
port: 8090
protocol: TCP
targetPort: 8090
selector:
deploymentConfig: apicast-staging
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: apicast
threescale_component_element: production
name: apicast-production
spec:
ports:
- name: gateway
port: 8080
protocol: TCP
targetPort: 8080
- name: management
port: 8090
protocol: TCP
targetPort: 8090
selector:
deploymentConfig: apicast-production
status:
loadBalancer: {}
- apiVersion: v1
data:
APICAST_MANAGEMENT_API: ${APICAST_MANAGEMENT_API}
APICAST_RESPONSE_CODES: ${APICAST_RESPONSE_CODES}
OPENSSL_VERIFY: ${APICAST_OPENSSL_VERIFY}
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: apicast
name: apicast-environment
parameters:
- description: AMP release tag.
name: AMP_RELEASE
required: true
value: "2.7"
- description: Used for object app labels
name: APP_LABEL
required: true
value: 3scale-api-management
- description: Tenant name under the root that Admin UI will be available with -admin
suffix.
name: TENANT_NAME
required: true
value: 3scale
- description: The Storage Class to be used by ReadWriteMany PVCs
name: RWX_STORAGE_CLASS
value: "null"
- name: AMP_BACKEND_IMAGE
required: true
value: registry.redhat.io/3scale-amp2/backend-rhel7:3scale2.7
- name: AMP_ZYNC_IMAGE
required: true
value: registry.redhat.io/3scale-amp2/zync-rhel7:3scale2.7
- name: AMP_APICAST_IMAGE
required: true
value: registry.redhat.io/3scale-amp2/apicast-gateway-rhel7:3scale2.7
- name: AMP_SYSTEM_IMAGE
required: true
value: registry.redhat.io/3scale-amp2/system-rhel7:3scale2.7
- description: Zync's PostgreSQL image to use
name: ZYNC_DATABASE_IMAGE
required: true
value: registry.redhat.io/rhscl/postgresql-10-rhel7
- description: Memcached image to use
name: MEMCACHED_IMAGE
required: true
value: registry.redhat.io/3scale-amp2/memcached-rhel7:3scale2.7
- description: Set to true if the server may bypass certificate verification or connect
directly over HTTP during image import.
name: IMAGESTREAM_TAG_IMPORT_INSECURE
required: true
value: "false"
- description: System MySQL image to use
name: SYSTEM_DATABASE_IMAGE
required: true
value: registry.redhat.io/rhscl/mysql-57-rhel7:5.7
- description: Redis image to use
name: REDIS_IMAGE
required: true
value: registry.redhat.io/rhscl/redis-32-rhel7:3.2
- description: Username for System's MySQL user that will be used for accessing the
database.
displayName: System MySQL User
name: SYSTEM_DATABASE_USER
required: true
value: mysql
- description: Password for the System's MySQL user.
displayName: System MySQL Password
from: '[a-z0-9]{8}'
generate: expression
name: SYSTEM_DATABASE_PASSWORD
required: true
- description: Name of the System's MySQL database accessed.
displayName: System MySQL Database Name
name: SYSTEM_DATABASE
required: true
value: system
- description: Password for Root user.
displayName: System MySQL Root password.
from: '[a-z0-9]{8}'
generate: expression
name: SYSTEM_DATABASE_ROOT_PASSWORD
required: true
- description: Root domain for the wildcard routes. Eg. example.com will generate
3scale-admin.example.com.
name: WILDCARD_DOMAIN
required: true
- description: Internal 3scale API username for internal 3scale api auth.
name: SYSTEM_BACKEND_USERNAME
required: true
value: 3scale_api_user
- description: Internal 3scale API password for internal 3scale api auth.
from: '[a-z0-9]{8}'
generate: expression
name: SYSTEM_BACKEND_PASSWORD
required: true
- description: Shared secret to import events from backend to system.
from: '[a-z0-9]{8}'
generate: expression
name: SYSTEM_BACKEND_SHARED_SECRET
required: true
- description: System application secret key base
from: '[a-f0-9]{128}'
generate: expression
name: SYSTEM_APP_SECRET_KEY_BASE
required: true
- from: '[a-z0-9]{8}'
generate: expression
name: ADMIN_PASSWORD
required: true
- name: ADMIN_USERNAME
required: true
value: admin
- name: ADMIN_EMAIL
- description: Admin Access Token with all scopes and write permissions for API access.
from: '[a-z0-9]{16}'
generate: expression
name: ADMIN_ACCESS_TOKEN
- description: The root name which Master Admin UI will be available at.
name: MASTER_NAME
required: true
value: master
- name: MASTER_USER
required: true
value: master
- from: '[a-z0-9]{8}'
generate: expression
name: MASTER_PASSWORD
required: true
- from: '[a-z0-9]{8}'
generate: expression
name: MASTER_ACCESS_TOKEN
required: true
- description: reCAPTCHA site key (used in spam protection)
name: RECAPTCHA_PUBLIC_KEY
- description: reCAPTCHA secret key (used in spam protection)
name: RECAPTCHA_PRIVATE_KEY
- description: Define the external system-redis to connect to
name: SYSTEM_REDIS_URL
required: true
value: redis://system-redis:6379/1
- description: Define the external system-redis message bus to connect to. By default
the same value as SYSTEM_REDIS_URL but with the logical database incremented by
1 and the result applied mod 16
name: SYSTEM_MESSAGE_BUS_REDIS_URL
- description: Define the namespace to be used by System's Redis Database. The empty
value means not namespaced
name: SYSTEM_REDIS_NAMESPACE
- description: Define the namespace to be used by System's Message Bus Redis Database.
The empty value means not namespaced
name: SYSTEM_MESSAGE_BUS_REDIS_NAMESPACE
- description: Password for the Zync Database PostgreSQL connection user.
displayName: Zync Database PostgreSQL Connection Password
from: '[a-zA-Z0-9]{16}'
generate: expression
name: ZYNC_DATABASE_PASSWORD
required: true
- from: '[a-zA-Z0-9]{16}'
generate: expression
name: ZYNC_SECRET_KEY_BASE
required: true
- from: '[a-zA-Z0-9]{16}'
generate: expression
name: ZYNC_AUTHENTICATION_TOKEN
required: true
- description: Read Only Access Token that is APIcast going to use to download its
configuration.
from: '[a-z0-9]{8}'
generate: expression
name: APICAST_ACCESS_TOKEN
required: true
- description: Scope of the APIcast Management API. Can be disabled, status or debug.
At least status required for health checks.
name: APICAST_MANAGEMENT_API
value: status
- description: Turn on/off the OpenSSL peer verification when downloading the configuration.
Can be set to true/false.
name: APICAST_OPENSSL_VERIFY
value: "false"
- description: Enable logging response codes in APIcast.
name: APICAST_RESPONSE_CODES
value: "true"
- description: The URL to point to APIcast policies registry management
name: APICAST_REGISTRY_URL
required: true
value: http://apicast-staging:8090/policies
Raw
apicast.yml
apiVersion: v1
kind: Template
metadata:
name: 3scale-gateway
annotations:
openshift.io/documentation-url: https://access.redhat.com/documentation/en-us/red_hat_3scale/2.saas/html/deployment_options/apicast-openshift
openshift.io/display-name: 3scale APIcast API Gateway
openshift.io/provider-display-name: Red Hat, Inc.
iconClass: icon-3scale
description: >-
3scale's APIcast is an NGINX based API gateway used to integrate your internal and external
API services with 3scale's API Management Platform. It supports OpenID connect to integrate
with external Identity Providers such as Red Hat Single Sign On, for API traffic authentication
tags: api,gateway,3scale
objects:
- apiVersion: v1
kind: DeploymentConfig
metadata:
name: "${APICAST_NAME}"
spec:
replicas: 1
selector:
deploymentconfig: "${APICAST_NAME}"
strategy:
type: Rolling
template:
metadata:
labels:
deploymentconfig: "${APICAST_NAME}"
annotations:
prometheus.io/scrape: 'true'
prometheus.io/port: '9421'
spec:
containers:
- env:
- name: THREESCALE_PORTAL_ENDPOINT
valueFrom:
secretKeyRef:
name: "${CONFIGURATION_URL_SECRET}"
key: password
- name: THREESCALE_CONFIG_FILE
value: "${CONFIGURATION_FILE_PATH}"
- name: THREESCALE_DEPLOYMENT_ENV
value: "${DEPLOYMENT_ENVIRONMENT}"
- name: RESOLVER
value: "${RESOLVER}"
- name: APICAST_SERVICES_LIST
value: "${SERVICES_LIST}"
- name: APICAST_CONFIGURATION_LOADER
value: "${CONFIGURATION_LOADER}"
- name: APICAST_LOG_LEVEL
value: "${LOG_LEVEL}"
- name: APICAST_PATH_ROUTING
value: "${PATH_ROUTING}"
- name: APICAST_RESPONSE_CODES
value: "${RESPONSE_CODES}"
- name: APICAST_CONFIGURATION_CACHE
value: "${CONFIGURATION_CACHE}"
- name: REDIS_URL
value: "${REDIS_URL}"
- name: APICAST_MANAGEMENT_API
value: "${MANAGEMENT_API}"
- name: OPENSSL_VERIFY
value: "${OPENSSL_VERIFY}"
image: ${AMP_APICAST_IMAGE}
imagePullPolicy: IfNotPresent
name: "${APICAST_NAME}"
livenessProbe:
httpGet:
path: /status/live
port: management
initialDelaySeconds: 10
timeoutSeconds: 1
readinessProbe:
httpGet:
path: /status/ready
port: management
initialDelaySeconds: 15
timeoutSeconds: 1
ports:
- name: proxy
containerPort: 8080
protocol: TCP
- name: management
containerPort: 8090
protocol: TCP
- name: metrics
containerPort: 9421
protocol: TCP
resources:
limits:
cpu: '1'
memory: 128Mi
requests:
cpu: 500m
memory: 64Mi
triggers:
- type: ConfigChange
- apiVersion: v1
kind: Service
metadata:
name: "${APICAST_NAME}"
spec:
ports:
- name: proxy
port: 8080
protocol: TCP
targetPort: 8080
- name: management
port: 8090
protocol: TCP
targetPort: 8090
selector:
deploymentconfig: "${APICAST_NAME}"
parameters:
- name: AMP_RELEASE
description: "AMP release tag."
value: "2.7.0"
required: true
- name: AMP_APICAST_IMAGE
value: "registry.redhat.io/3scale-amp2/apicast-gateway-rhel7:3scale2.7"
required: true
- description: "Name of the secret containing the THREESCALE_PORTAL_ENDPOINT with the access-token or provider key"
value: apicast-configuration-url-secret
name: CONFIGURATION_URL_SECRET
required: true
- description: "Path to saved JSON file with configuration for the gateway. Has to be injected to the container image as read only volume."
value:
name: CONFIGURATION_FILE_PATH
required: false
- description: "Deployment environment. Can be staging or production."
value: production
name: DEPLOYMENT_ENVIRONMENT
required: true
- description: "Name for the 3scale API Gateway"
value: apicast
name: APICAST_NAME
required: true
- description: "DNS Resolver for openresty, if empty it will be autodiscovered"
value:
name: RESOLVER
required: false
- description: "Subset of services to run. Use comma separated list of service ids (eg. 42,1337)"
value:
name: SERVICES_LIST
required: false
- name: CONFIGURATION_LOADER
description: "When to load configuration. If on gateway start or incoming request. Allowed values are: lazy, boot."
value: boot
required: false
- description: "Log level. One of the following: debug, info, notice, warn, error, crit, alert, or emerg."
name: LOG_LEVEL
required: false
- description: "Enable path routing. Experimental feature."
name: PATH_ROUTING
required: false
value: "false"
- description: "Enable logging response codes to 3scale."
value: "false"
name: RESPONSE_CODES
required: false
- name: CONFIGURATION_CACHE
description: "For how long to cache the downloaded configuration in seconds. Can be left empty, 0 or greater than 60."
value: ""
required: false
- description: "Redis URL. Required for OAuth2 integration. ex: redis://[email protected]:6379/0"
name: REDIS_URL
required: false
- name: MANAGEMENT_API
description: "Scope of the Management API. Can be disabled, status or debug. At least status required for health checks."
required: false
value: "status"
- name: OPENSSL_VERIFY
description: "Turn on/off the OpenSSL peer verification. Can be set to true/false."
required: true
value: "false"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment