base_env: &base_env - name: RAILS_ENV value: "production" - name: DATABASE_URL value: "mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}" - name: FORCE_SSL value: "true" - name: THREESCALE_SUPERDOMAIN value: "${WILDCARD_DOMAIN}" - name: TENANT_NAME value: "${TENANT_NAME}" - name: APICAST_ACCESS_TOKEN value: "${APICAST_ACCESS_TOKEN}" - name: ADMIN_ACCESS_TOKEN value: "${ADMIN_ACCESS_TOKEN}" - name: PROVIDER_PLAN value: 'enterprise' - name: USER_LOGIN value: "${ADMIN_USERNAME}" - name: USER_PASSWORD value: "${ADMIN_PASSWORD}" - name: RAILS_LOG_TO_STDOUT value: "true" - name: RAILS_LOG_LEVEL value: "info" - name: THINKING_SPHINX_ADDRESS value: "system-sphinx" - name: THINKING_SPHINX_PORT value: "9306" - name: THINKING_SPHINX_CONFIGURATION_FILE value: "/tmp/sphinx.conf" - name: EVENTS_SHARED_SECRET value: "${SYSTEM_BACKEND_SHARED_SECRET}" - name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE value: "VERIFY_NONE" - name: APICAST_BACKEND_ROOT_ENDPOINT value: "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" - name: CONFIG_INTERNAL_API_USER value: "${SYSTEM_BACKEND_USERNAME}" - name: CONFIG_INTERNAL_API_PASSWORD value: "${SYSTEM_BACKEND_PASSWORD}" - name: SECRET_KEY_BASE value: "${SYSTEM_APP_SECRET_KEY_BASE}" - name: ZYNC_AUTHENTICATION_TOKEN valueFrom: secretKeyRef: name: zync key: ZYNC_AUTHENTICATION_TOKEN - name: SMTP_ADDRESS valueFrom: configMapKeyRef: name: smtp key: address - name: SMTP_USER_NAME valueFrom: configMapKeyRef: name: smtp key: username - name: SMTP_PASSWORD valueFrom: configMapKeyRef: name: smtp key: password - name: SMTP_DOMAIN valueFrom: configMapKeyRef: name: smtp key: domain - name: SMTP_PORT valueFrom: configMapKeyRef: name: smtp key: port - name: SMTP_AUTHENTICATION valueFrom: configMapKeyRef: name: smtp key: authentication - name: SMTP_OPENSSL_VERIFY_MODE valueFrom: configMapKeyRef: name: smtp key: openssl.verify.mode - name: BACKEND_ROUTE value: "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" - name: SSL_CERT_DIR value: "/etc/pki/tls/certs" apiVersion: v1 kind: Template metadata: name: "system" message: "Login on https://${TENANT_NAME}-admin.${WILDCARD_DOMAIN} as ${ADMIN_USERNAME}/${ADMIN_PASSWORD}" objects: - kind: ImageStream apiVersion: v1 metadata: name: amp-system annotations: openshift.io/display-name: AMP System spec: tags: - name: latest annotations: openshift.io/display-name: AMP System (latest) from: kind: ImageStreamTag name: "2.1.0-CR2-redhat-1" - name: "2.1.0-CR2-redhat-1" annotations: openshift.io/display-name: AMP system 2.1.0-CR2-redhat-1 from: kind: DockerImage name: registry.access.redhat.com/3scale-amp21/system:1.4-1 - kind: ImageStream apiVersion: v1 metadata: name: amp-backend annotations: openshift.io/display-name: AMP backend spec: tags: - name: latest annotations: openshift.io/display-name: amp-backend (latest) from: kind: ImageStreamTag name: "2.1.0-CR2-redhat-1" - name: "2.1.0-CR2-redhat-1" annotations: openshift.io/display-name: amp-backend 2.1.0-CR2-redhat-1 from: kind: DockerImage name: registry.access.redhat.com/3scale-amp21/backend:1.4-2 - kind: ImageStream apiVersion: v1 metadata: name: amp-apicast annotations: openshift.io/display-name: AMP APIcast spec: tags: - name: latest annotations: openshift.io/display-name: AMP APIcast (latest) from: kind: ImageStreamTag name: "2.1.0-CR2-redhat-1" - name: "2.1.0-CR2-redhat-1" annotations: openshift.io/display-name: AMP APIcast 2.1.0-CR2-redhat-1 from: kind: DockerImage name: registry.access.redhat.com/3scale-amp21/apicast-gateway:1.4-2 - kind: ImageStream apiVersion: v1 metadata: name: amp-wildcard-router annotations: openshift.io/display-name: AMP APIcast Wildcard Router spec: tags: - name: latest annotations: openshift.io/display-name: AMP APIcast Wildcard Router (latest) from: kind: ImageStreamTag name: "2.1.0-CR2-redhat-1" - name: "2.1.0-CR2-redhat-1" annotations: openshift.io/display-name: AMP APIcast Wildcard Router 2.1.0-CR2-redhat-1 from: kind: DockerImage name: registry.access.redhat.com/3scale-amp21/wildcard-router:1.4-2 - kind: ImageStream apiVersion: v1 metadata: name: amp-zync labels: app: zync annotations: openshift.io/display-name: AMP Zync spec: tags: - name: latest annotations: openshift.io/display-name: AMP Zync (latest) from: kind: ImageStreamTag name: "2.1.0-CR2-redhat-1" - name: "2.1.0-CR2-redhat-1" annotations: openshift.io/display-name: AMP Zync 2.1.0-CR2-redhat-1 from: kind: DockerImage name: registry.access.redhat.com/3scale-amp21/zync:1.4-1 - apiVersion: "v1" kind: "PersistentVolumeClaim" metadata: name: "system-storage" spec: accessModes: - "ReadWriteMany" resources: requests: storage: "100Mi" - apiVersion: "v1" kind: "PersistentVolumeClaim" metadata: name: "mysql-storage" spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "1Gi" - apiVersion: "v1" kind: "PersistentVolumeClaim" metadata: name: "system-redis-storage" spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "1Gi" - apiVersion: "v1" kind: "PersistentVolumeClaim" metadata: name: "backend-redis-storage" spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "1Gi" - apiVersion: v1 kind: DeploymentConfig metadata: name: backend-cron spec: replicas: 1 selector: name: backend-cron strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: name: backend-cron spec: containers: - args: - backend-cron env: - name: CONFIG_REDIS_PROXY value: "backend-redis:6379" - name: CONFIG_QUEUES_MASTER_NAME value: "backend-redis:6379/1" - name: RACK_ENV value: "production" image: amp-backend:latest imagePullPolicy: Always name: backend-cron triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - backend-cron from: kind: ImageStreamTag name: amp-backend:latest - apiVersion: v1 kind: DeploymentConfig metadata: name: backend-redis spec: replicas: 1 selector: name: backend-redis strategy: type: Recreate template: metadata: labels: name: backend-redis spec: containers: - image: ${REDIS_IMAGE} imagePullPolicy: Always name: backend-redis readinessProbe: exec: command: - "container-entrypoint" - "bash" - "-c" - "redis-cli set liveness-probe \"`date`\" | grep OK" initialDelaySeconds: 10 periodSeconds: 30 timeoutSeconds: 1 livenessProbe: tcpSocket: port: 6379 initialDelaySeconds: 10 periodSeconds: 10 volumeMounts: - name: backend-redis-storage mountPath: "/var/lib/redis/data" - name: redis-config mountPath: /etc/redis.conf subPath: redis.conf volumes: - name: backend-redis-storage persistentVolumeClaim: claimName: backend-redis-storage - name: redis-config configMap: name: redis-config items: - key: redis.conf path: redis.conf triggers: - type: ConfigChange - apiVersion: v1 kind: DeploymentConfig metadata: name: backend-listener spec: replicas: 1 selector: name: backend-listener strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: name: backend-listener spec: containers: - args: - bin/3scale_backend - start - "-e" - production - "-p" - '3000' - "-x" - "/dev/stdout" env: - name: CONFIG_REDIS_PROXY value: "backend-redis:6379" - name: CONFIG_QUEUES_MASTER_NAME value: "backend-redis:6379/1" - name: RACK_ENV value: "production" - name: CONFIG_INTERNAL_API_USER value: "${SYSTEM_BACKEND_USERNAME}" - name: CONFIG_INTERNAL_API_PASSWORD value: "${SYSTEM_BACKEND_PASSWORD}" image: amp-backend:latest imagePullPolicy: Always name: backend-listener livenessProbe: initialDelaySeconds: 30 periodSeconds: 10 tcpSocket: port: 3000 readinessProbe: httpGet: path: "/status" port: 3000 initialDelaySeconds: 30 timeoutSeconds: 5 ports: - containerPort: 3000 protocol: TCP triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - backend-listener from: kind: ImageStreamTag name: amp-backend:latest - apiVersion: v1 kind: Service metadata: name: backend-redis spec: ports: - port: 6379 protocol: TCP targetPort: 6379 selector: name: backend-redis - apiVersion: v1 kind: Service metadata: name: backend-listener annotations: service.alpha.openshift.io/dependencies: '[{"name": "backend-redis", "kind": "Service"}]' spec: ports: - port: 3000 protocol: TCP targetPort: 3000 name: http selector: name: backend-listener - apiVersion: v1 kind: Service metadata: name: system-provider annotations: service.alpha.openshift.io/dependencies: '[{"name": "system-developer", "kind": "Service"}]' spec: ports: - port: 3000 protocol: TCP targetPort: provider name: http selector: name: system-app - apiVersion: v1 kind: Service metadata: name: system-developer spec: ports: - port: 3000 protocol: TCP targetPort: developer name: http selector: name: system-app - apiVersion: v1 kind: DeploymentConfig metadata: name: backend-worker spec: replicas: 1 selector: name: backend-worker strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: name: backend-worker spec: containers: - args: - bin/3scale_backend_worker - run env: - name: CONFIG_REDIS_PROXY value: "backend-redis:6379" - name: CONFIG_QUEUES_MASTER_NAME value: "backend-redis:6379/1" - name: RACK_ENV value: "production" - name: CONFIG_EVENTS_HOOK value: http://system-provider:3000/master/events/import - name: CONFIG_EVENTS_HOOK_SHARED_SECRET value: ${SYSTEM_BACKEND_SHARED_SECRET} image: amp-backend:latest imagePullPolicy: Always name: backend-worker triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - backend-worker from: kind: ImageStreamTag name: amp-backend:latest - kind: Service apiVersion: v1 metadata: name: 'system-mysql' spec: ports: - name: system-mysql protocol: TCP port: 3306 targetPort: 3306 nodePort: 0 selector: name: 'system-mysql' - apiVersion: v1 kind: Service metadata: name: system-redis spec: ports: - port: 6379 protocol: TCP targetPort: 6379 name: redis selector: name: system-redis - apiVersion: v1 kind: DeploymentConfig metadata: name: system-redis spec: replicas: 1 selector: name: system-redis strategy: type: Recreate template: metadata: labels: name: system-redis spec: containers: - args: image: ${REDIS_IMAGE} imagePullPolicy: Always name: system-redis terminationMessagePath: /dev/termination-log volumeMounts: - name: system-redis-storage mountPath: "/var/lib/redis/data" - name: redis-config mountPath: /etc/redis.conf subPath: redis.conf readinessProbe: exec: command: - "container-entrypoint" - "bash" - "-c" - "redis-cli set liveness-probe \"`date`\" | grep OK" initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 livenessProbe: tcpSocket: port: 6379 initialDelaySeconds: 10 periodSeconds: 5 volumes: - name: system-redis-storage persistentVolumeClaim: claimName: system-redis-storage - name: redis-config configMap: name: redis-config items: - key: redis.conf path: redis.conf triggers: - type: ConfigChange - apiVersion: v1 kind: Service metadata: name: system-sphinx spec: ports: - port: 9306 protocol: TCP targetPort: 9306 name: sphinx selector: name: system-sphinx - apiVersion: v1 kind: DeploymentConfig metadata: name: system-sphinx spec: replicas: 1 selector: name: system-sphinx strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: name: system-sphinx spec: volumes: - name: system-sphinx-database emptyDir: {} containers: - args: - rake - 'openshift:thinking_sphinx:start' volumeMounts: - name: system-sphinx-database mountPath: "/opt/system/db/sphinx" env: - name: RAILS_ENV value: production - name: DATABASE_URL value: "mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}" - name: THINKING_SPHINX_ADDRESS value: 0.0.0.0 - name: THINKING_SPHINX_CONFIGURATION_FILE value: "db/sphinx/production.conf" - name: THINKING_SPHINX_PID_FILE value: db/sphinx/searchd.pid - name: DELTA_INDEX_INTERVAL value: '5' - name: FULL_REINDEX_INTERVAL value: '60' image: amp-system:latest imagePullPolicy: Always name: system-sphinx livenessProbe: tcpSocket: port: 9306 initialDelaySeconds: 60 periodSeconds: 10 triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - system-sphinx from: kind: ImageStreamTag name: amp-system:latest - apiVersion: v1 kind: Service metadata: name: system-memcache spec: ports: - port: 11211 protocol: TCP targetPort: 11211 name: memcache selector: name: system-memcache - apiVersion: v1 kind: DeploymentConfig metadata: name: system-memcache spec: replicas: 1 selector: name: system-memcache strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: name: system-memcache spec: containers: - args: env: image: 3scale-amp20/memcached:1.4.15-8 imagePullPolicy: Always name: memcache readinessProbe: exec: command: - "sh" - "-c" - "echo version | nc $HOSTNAME 11211 | grep VERSION" initialDelaySeconds: 10 periodSeconds: 30 timeoutSeconds: 5 livenessProbe: tcpSocket: port: 11211 initialDelaySeconds: 10 periodSeconds: 10 command: - "memcached" - "-m" - "64" ports: - containerPort: 6379 protocol: TCP triggers: - type: ConfigChange - apiVersion: v1 kind: Route metadata: name: system-provider-admin-route labels: app: system-route spec: host: ${TENANT_NAME}-admin.${WILDCARD_DOMAIN} to: kind: Service name: system-provider port: targetPort: http tls: termination: edge insecureEdgeTerminationPolicy: Allow - apiVersion: v1 kind: Route metadata: name: backend-route labels: app: system-route spec: host: backend-${TENANT_NAME}.${WILDCARD_DOMAIN} to: kind: Service name: backend-listener port: targetPort: http tls: termination: edge insecureEdgeTerminationPolicy: Allow - apiVersion: v1 kind: Route metadata: name: system-developer-route labels: app: system-route spec: host: ${TENANT_NAME}.${WILDCARD_DOMAIN} to: kind: Service name: system-developer port: targetPort: http tls: termination: edge insecureEdgeTerminationPolicy: Allow - apiVersion: v1 kind: DeploymentConfig metadata: name: apicast-staging spec: replicas: 1 selector: deploymentconfig: apicast-staging strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 1800 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: deploymentconfig: apicast-staging spec: containers: - env: - name: THREESCALE_PORTAL_ENDPOINT value: http://${APICAST_ACCESS_TOKEN}@system-provider:3000 - name: APICAST_CONFIGURATION_LOADER value: "lazy" - name: APICAST_CONFIGURATION_CACHE value: "0" - name: THREESCALE_DEPLOYMENT_ENV value: "sandbox" - name: APICAST_MANAGEMENT_API value: "${APICAST_MANAGEMENT_API}" - name: BACKEND_ENDPOINT_OVERRIDE value: http://backend-listener:3000 - name: OPENSSL_VERIFY value: '${APICAST_OPENSSL_VERIFY}' - name: APICAST_RESPONSE_CODES value: '${APICAST_RESPONSE_CODES}' - name: REDIS_URL value: "redis://system-redis:6379/2" image: amp-apicast:latest imagePullPolicy: Always name: apicast-staging livenessProbe: httpGet: path: /status/live port: 8090 initialDelaySeconds: 10 timeoutSeconds: 5 periodSeconds: 10 readinessProbe: httpGet: path: /status/ready port: 8090 initialDelaySeconds: 15 timeoutSeconds: 5 periodSeconds: 30 ports: - containerPort: 8080 protocol: TCP - containerPort: 8090 protocol: TCP triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - apicast-staging from: kind: ImageStreamTag name: amp-apicast:latest - apiVersion: v1 kind: Service metadata: name: apicast-staging spec: ports: - name: gateway port: 8080 protocol: TCP targetPort: 8080 - name: management port: 8090 protocol: TCP targetPort: 8090 selector: deploymentconfig: apicast-staging - apiVersion: v1 kind: DeploymentConfig metadata: name: apicast-production spec: replicas: 1 selector: deploymentconfig: apicast-production strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 1800 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: deploymentconfig: apicast-production spec: containers: - env: - name: THREESCALE_PORTAL_ENDPOINT value: "http://${APICAST_ACCESS_TOKEN}@system-provider:3000" - name: APICAST_CONFIGURATION_LOADER value: "boot" - name: APICAST_CONFIGURATION_CACHE value: "300" - name: THREESCALE_DEPLOYMENT_ENV value: "production" - name: APICAST_MANAGEMENT_API value: "${APICAST_MANAGEMENT_API}" - name: BACKEND_ENDPOINT_OVERRIDE value: http://backend-listener:3000 - name: OPENSSL_VERIFY value: '${APICAST_OPENSSL_VERIFY}' - name: APICAST_RESPONSE_CODES value: '${APICAST_RESPONSE_CODES}' - name: REDIS_URL value: "redis://system-redis:6379/1" image: amp-apicast:latest imagePullPolicy: Always name: apicast-production livenessProbe: httpGet: path: /status/live port: 8090 initialDelaySeconds: 10 timeoutSeconds: 5 periodSeconds: 10 readinessProbe: httpGet: path: /status/ready port: 8090 initialDelaySeconds: 15 timeoutSeconds: 5 periodSeconds: 30 ports: - containerPort: 8080 protocol: TCP - containerPort: 8090 protocol: TCP triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - apicast-production from: kind: ImageStreamTag name: amp-apicast:latest - apiVersion: v1 kind: Service metadata: name: apicast-production annotations: service.alpha.openshift.io/dependencies: '[{"name": "apicast-staging", "kind": "Service"}]' spec: ports: - name: gateway port: 8080 protocol: TCP targetPort: 8080 - name: management port: 8090 protocol: TCP targetPort: 8090 selector: deploymentconfig: apicast-production - apiVersion: v1 kind: Route metadata: name: api-apicast-staging-route labels: app: apicast-staging spec: host: api-${TENANT_NAME}-apicast-staging.${WILDCARD_DOMAIN} to: kind: Service name: apicast-staging port: targetPort: gateway tls: termination: edge insecureEdgeTerminationPolicy: Allow - apiVersion: v1 kind: Route metadata: name: api-apicast-production-route labels: app: apicast-production spec: host: api-${TENANT_NAME}-apicast-production.${WILDCARD_DOMAIN} to: kind: Service name: apicast-production port: targetPort: gateway tls: termination: edge insecureEdgeTerminationPolicy: Allow - apiVersion: v1 kind: DeploymentConfig metadata: name: apicast-wildcard-router spec: replicas: 1 selector: deploymentconfig: apicast-wildcard-router strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 1800 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: deploymentconfig: apicast-wildcard-router spec: containers: - env: - name: API_HOST value: http://system-provider:3000 - name: ACCESS_TOKEN value: "${APICAST_ACCESS_TOKEN}" image: amp-wildcard-router:latest imagePullPolicy: Always name: apicast-wildcard-router ports: - containerPort: 8080 protocol: TCP name: http livenessProbe: initialDelaySeconds: 30 periodSeconds: 10 tcpSocket: port: http triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - apicast-wildcard-router from: kind: ImageStreamTag name: amp-wildcard-router:latest - apiVersion: v1 kind: Service metadata: name: apicast-wildcard-router spec: ports: - port: 8080 protocol: TCP targetPort: http name: http selector: deploymentconfig: apicast-wildcard-router - apiVersion: v1 kind: Route metadata: name: apicast-wildcard-router-route labels: app: apicast-wildcard-router spec: host: apicast-wildcard.${WILDCARD_DOMAIN} to: kind: Service name: apicast-wildcard-router port: targetPort: http wildcardPolicy: ${WILDCARD_POLICY} tls: termination: edge insecureEdgeTerminationPolicy: Allow - kind: ConfigMap apiVersion: v1 metadata: name: system data: zync.yml: | production: endpoint: 'http://zync:8080' authentication: token: "<%= ENV.fetch('ZYNC_AUTHENTICATION_TOKEN') %>" connect_timeout: 5 send_timeout: 5 receive_timeout: 10 root_url: 'http://system-provider:3000' rolling_updates.yml: | production: old_charts: false new_provider_documentation: false proxy_pro: false instant_bill_plan_change: false service_permissions: true async_apicast_deploy: false duplicate_application_id: true duplicate_user_key: true plan_changes_wizard: false require_cc_on_signup: false apicast_per_service: true new_notification_system: true cms_api: false apicast_v2: true forum: false published_service_plan_signup: true apicast_oidc: true - apiVersion: v1 kind: DeploymentConfig metadata: name: system-app spec: replicas: 1 selector: name: system-app strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 pre: failurePolicy: Retry execNewPod: containerName: system-provider command: - bash - -c - bundle exec rake boot openshift:deploy env: *base_env volumes: - system-storage post: failurePolicy: Abort execNewPod: containerName: system-provider command: - bash - -c - bundle exec rake boot openshift:post_deploy type: Rolling template: metadata: labels: name: system-app spec: containers: - args: env: *base_env image: amp-system:latest imagePullPolicy: Always command: [ 'env', 'TENANT_MODE=provider', 'PORT=3000', 'container-entrypoint', 'bundle', 'exec', 'unicorn', '-c', 'config/unicorn.rb' ] name: system-provider livenessProbe: timeoutSeconds: 10 initialDelaySeconds: 20 tcpSocket: port: provider periodSeconds: 10 readinessProbe: httpGet: path: /check.txt port: provider scheme: HTTP httpHeaders: - name: X-Forwarded-Proto value: https initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 30 ports: - containerPort: 3000 protocol: TCP name: provider volumeMounts: - name: system-storage mountPath: /opt/system/public/system - name: system-config mountPath: /opt/system/config/zync.yml subPath: zync.yml - name: system-config mountPath: /opt/system/config/rolling_updates.yml subPath: rolling_updates.yml - args: env: *base_env image: amp-system:latest command: [ 'env', 'TENANT_MODE=developer', 'PORT=3001', 'container-entrypoint', 'bundle', 'exec', 'unicorn', '-c', 'config/unicorn.rb' ] imagePullPolicy: Always name: system-developer livenessProbe: timeoutSeconds: 10 initialDelaySeconds: 20 tcpSocket: port: developer periodSeconds: 10 readinessProbe: httpGet: path: /check.txt port: developer scheme: HTTP httpHeaders: - name: X-Forwarded-Proto value: https initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 30 ports: - containerPort: 3001 protocol: TCP name: developer volumeMounts: - name: system-storage mountPath: /opt/system/public/system readOnly: true - name: system-config mountPath: /opt/system/config/zync.yml subPath: zync.yml - name: system-config mountPath: /opt/system/config/rolling_updates.yml subPath: rolling_updates.yml volumes: - name: system-storage persistentVolumeClaim: claimName: system-storage - name: system-config configMap: name: system items: - key: zync.yml path: zync.yml - key: rolling_updates.yml path: rolling_updates.yml triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - system-provider - system-developer from: kind: ImageStreamTag name: amp-system:latest - apiVersion: v1 kind: DeploymentConfig metadata: name: system-resque spec: replicas: 1 selector: name: system-resque strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: name: system-resque spec: containers: - args: - 'rake' - 'resque:work' - 'QUEUE=*' env: *base_env image: amp-system:latest imagePullPolicy: Always name: system-resque volumeMounts: - name: system-storage mountPath: /opt/system/public/system - args: - 'rake' - 'resque:scheduler' - 'QUEUE=*' env: *base_env image: amp-system:latest imagePullPolicy: Always name: system-scheduler volumes: - name: system-storage persistentVolumeClaim: claimName: system-storage triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - system-scheduler - system-resque from: kind: ImageStreamTag name: amp-system:latest - apiVersion: v1 kind: DeploymentConfig metadata: name: system-sidekiq spec: replicas: 1 selector: name: system-sidekiq strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: name: system-sidekiq spec: containers: - args: - rake - sidekiq:worker env: *base_env image: amp-system:latest imagePullPolicy: Always name: system-sidekiq volumeMounts: - name: system-storage mountPath: /opt/system/public/system - name: system-config mountPath: /opt/system/config/zync.yml subPath: zync.yml - name: system-config mountPath: /opt/system/config/rolling_updates.yml subPath: rolling_updates.yml volumes: - name: system-storage persistentVolumeClaim: claimName: system-storage - name: system-config configMap: name: system items: - key: zync.yml path: zync.yml - key: rolling_updates.yml path: rolling_updates.yml triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - system-sidekiq from: kind: ImageStreamTag name: amp-system:latest - kind: DeploymentConfig apiVersion: v1 metadata: name: 'system-mysql' spec: strategy: type: Recreate triggers: - type: ConfigChange replicas: 1 selector: name: 'system-mysql' template: metadata: labels: name: 'system-mysql' spec: containers: - name: system-mysql image: ${MYSQL_IMAGE} ports: - containerPort: 3306 protocol: TCP resources: limits: memory: 2Gi requests: cpu: '1' memory: 1Gi readinessProbe: timeoutSeconds: 5 initialDelaySeconds: 10 periodSeconds: 30 exec: command: - /bin/sh - '-i' - '-c' - >- MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1' livenessProbe: initialDelaySeconds: 30 periodSeconds: 10 tcpSocket: port: 3306 env: - name: MYSQL_USER value: ${MYSQL_USER} - name: MYSQL_PASSWORD value: ${MYSQL_PASSWORD} - name: MYSQL_DATABASE value: ${MYSQL_DATABASE} - name: MYSQL_ROOT_PASSWORD value: ${MYSQL_ROOT_PASSWORD} - name: MYSQL_LOWER_CASE_TABLE_NAMES value: "1" volumeMounts: - name: 'mysql-storage' mountPath: /var/lib/mysql/data imagePullPolicy: Always volumes: - name: 'mysql-storage' persistentVolumeClaim: claimName: 'mysql-storage' - kind: ConfigMap apiVersion: v1 metadata: name: redis-config data: redis.conf: | protected-mode no port 6379 timeout 0 tcp-keepalive 300 daemonize no supervised no loglevel notice databases 16 save 900 1 save 300 10 save 60 10000 stop-writes-on-bgsave-error yes rdbcompression yes rdbchecksum yes dbfilename dump.rdb slave-serve-stale-data yes slave-read-only yes repl-diskless-sync no repl-disable-tcp-nodelay no appendonly yes appendfilename "appendonly.aof" appendfsync everysec no-appendfsync-on-rewrite no auto-aof-rewrite-percentage 100 auto-aof-rewrite-min-size 64mb aof-load-truncated yes lua-time-limit 5000 activerehashing no aof-rewrite-incremental-fsync yes dir /var/lib/redis/data - kind: ConfigMap apiVersion: v1 metadata: name: smtp data: address: "" username: "" password: "" domain: "" port: "" authentication: "" openssl.verify.mode: "" - apiVersion: v1 kind: ImageStream metadata: name: postgresql spec: tags: - name: '9.5' from: kind: DockerImage name: registry.access.redhat.com/rhscl/postgresql-95-rhel7:9.5 - kind: Secret apiVersion: v1 stringData: SECRET_KEY_BASE: "${ZYNC_SECRET_KEY_BASE}" DATABASE_URL: "postgresql://zync:${ZYNC_DATABASE_PASSWORD}@zync-database:5432/zync_production" ZYNC_DATABASE_PASSWORD: "${ZYNC_DATABASE_PASSWORD}" ZYNC_AUTHENTICATION_TOKEN: "${ZYNC_AUTHENTICATION_TOKEN}" metadata: name: zync type: Opaque - apiVersion: v1 kind: DeploymentConfig metadata: annotations: labels: app: zync name: zync spec: replicas: 1 selector: app: zync deploymentconfig: zync template: metadata: annotations: labels: app: zync deploymentconfig: zync spec: containers: - image: " " name: zync ports: - containerPort: 8080 protocol: TCP resources: limits: cpu: '1' memory: 250Mi requests: cpu: 250m memory: 150M env: - name: RAILS_LOG_TO_STDOUT value: 'true' - name: RAILS_ENV value: production - name: DATABASE_URL valueFrom: secretKeyRef: name: zync key: DATABASE_URL - name: SECRET_KEY_BASE valueFrom: secretKeyRef: name: zync key: SECRET_KEY_BASE - name: ZYNC_AUTHENTICATION_TOKEN valueFrom: secretKeyRef: name: zync key: ZYNC_AUTHENTICATION_TOKEN livenessProbe: httpGet: path: /status/live port: 8080 scheme: HTTP initialDelaySeconds: 10 timeoutSeconds: 60 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 readinessProbe: httpGet: path: /status/ready port: 8080 scheme: HTTP initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - zync from: kind: ImageStreamTag name: amp-zync:latest type: ImageChange - apiVersion: v1 kind: Service metadata: annotations: service.alpha.openshift.io/dependencies: '[{"name": "zync-database", "kind": "Service"}]' labels: app: zync name: zync spec: ports: - name: 8080-tcp port: 8080 protocol: TCP targetPort: 8080 selector: app: zync deploymentconfig: zync - kind: Service apiVersion: v1 metadata: name: "zync-database" spec: ports: - name: postgresql protocol: TCP port: 5432 targetPort: 5432 nodePort: 0 selector: name: "zync-database" - kind: DeploymentConfig apiVersion: v1 metadata: name: zync-database spec: strategy: type: Recreate triggers: - type: ImageChange imageChangeParams: automatic: true containerNames: - postgresql from: kind: ImageStreamTag name: postgresql:9.5 - type: ConfigChange replicas: 1 selector: name: "zync-database" template: metadata: labels: name: "zync-database" spec: containers: - name: postgresql image: " " ports: - containerPort: 5432 protocol: TCP readinessProbe: timeoutSeconds: 1 initialDelaySeconds: 5 exec: command: - "/bin/sh" - "-i" - "-c" - psql -h 127.0.0.1 -U zync -q -d zync_production -c 'SELECT 1' livenessProbe: timeoutSeconds: 1 initialDelaySeconds: 30 tcpSocket: port: 5432 env: - name: POSTGRESQL_USER value: zync - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: name: zync key: ZYNC_DATABASE_PASSWORD - name: POSTGRESQL_DATABASE value: "zync_production" resources: limits: memory: "2G" volumeMounts: - name: "zync-database-data" mountPath: "/var/lib/pgsql/data" imagePullPolicy: Always volumes: - name: "zync-database-data" emptyDir: medium: '' restartPolicy: Always parameters: - name: ZYNC_DATABASE_PASSWORD displayName: PostgreSQL Connection Password description: Password for the PostgreSQL connection user. generate: expression from: "[a-zA-Z0-9]{16}" required: true - name: ZYNC_SECRET_KEY_BASE generate: expression from: "[a-zA-Z0-9]{16}" required: true - name: ZYNC_AUTHENTICATION_TOKEN generate: expression from: "[a-zA-Z0-9]{16}" required: true - name: ADMIN_PASSWORD required: true generate: expression from: "[a-z0-9]{8}" - name: ADMIN_USERNAME value: admin required: true - name: APICAST_ACCESS_TOKEN required: true generate: expression from: "[a-z0-9]{8}" description: "Read Only Access Token that is APIcast going to use to download its configuration." - name: ADMIN_ACCESS_TOKEN required: false generate: expression from: "[a-z0-9]{16}" description: "Admin Access Token with all scopes and write permissions for API access." - name: WILDCARD_DOMAIN description: Root domain for the wildcard routes. Eg. example.com will generate 3scale-admin.example.com. required: true - name: WILDCARD_POLICY description: Use "Subdomain" to create a wildcard route for apicast wildcard router required: true value: "None" - name: TENANT_NAME description: "Tenant name under the root that Admin UI will be available with -admin suffix." required: true value: "3scale" - name: MYSQL_USER displayName: MySQL User description: Username for MySQL user that will be used for accessing the database. value: "mysql" required: true - name: MYSQL_PASSWORD displayName: MySQL Password description: Password for the MySQL user. generate: expression from: "[a-z0-9]{8}" required: true - name: MYSQL_DATABASE displayName: MySQL Database Name description: Name of the MySQL database accessed. value: "system" required: true - name: MYSQL_ROOT_PASSWORD displayName: MySQL Root password. description: Password for Root user. generate: expression from: "[a-z0-9]{8}" required: true - name: SYSTEM_BACKEND_USERNAME description: Internal 3scale API username for internal 3scale api auth. value: "3scale_api_user" required: true - name: SYSTEM_BACKEND_PASSWORD description: Internal 3scale API password for internal 3scale api auth. generate: expression from: "[a-z0-9]{8}" required: true - name: REDIS_IMAGE description: Redis image to use required: true value: "rhscl/redis-32-rhel7:3.2" - name: MYSQL_IMAGE description: Mysql image to use required: true value: "rhscl/mysql-56-rhel7:5.6" - name: SYSTEM_BACKEND_SHARED_SECRET description: Shared secret to import events from backend to system. generate: expression from: "[a-z0-9]{8}" required: true - name: SYSTEM_APP_SECRET_KEY_BASE description: System application secret key base generate: expression from: "[a-f0-9]{128}" required: true - name: APICAST_MANAGEMENT_API description: "Scope of the APIcast Management API. Can be disabled, status or debug. At least status required for health checks." required: false value: "status" - name: APICAST_OPENSSL_VERIFY description: "Turn on/off the OpenSSL peer verification when downloading the configuration. Can be set to true/false." required: false value: "false" - name: APICAST_RESPONSE_CODES description: "Enable logging response codes in APIcast." value: "true" required: false