base_env: &base_env - name: RAILS_ENV value: "production" - name: DATABASE_URL value: "mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}" - name: FORCE_SSL value: "true" - name: THREESCALE_SUPERDOMAIN value: "${WILDCARD_DOMAIN}" - name: MASTER_DOMAIN value: "${MASTER_NAME}" - name: MASTER_USER value: "${MASTER_USER}" - name: MASTER_PASSWORD value: "${MASTER_PASSWORD}" - name: TENANT_NAME value: "${TENANT_NAME}" - name: APICAST_ACCESS_TOKEN value: "${APICAST_ACCESS_TOKEN}" - name: ADMIN_ACCESS_TOKEN value: "${ADMIN_ACCESS_TOKEN}" - name: PROVIDER_PLAN value: 'enterprise' - name: USER_LOGIN value: "${ADMIN_USERNAME}" - name: USER_PASSWORD value: "${ADMIN_PASSWORD}" - name: RAILS_LOG_TO_STDOUT value: "true" - name: RAILS_LOG_LEVEL value: "info" - name: THINKING_SPHINX_ADDRESS value: "system-sphinx" - name: THINKING_SPHINX_PORT value: "9306" - name: THINKING_SPHINX_CONFIGURATION_FILE value: "/tmp/sphinx.conf" - name: EVENTS_SHARED_SECRET value: "${SYSTEM_BACKEND_SHARED_SECRET}" - name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE value: "VERIFY_NONE" - name: APICAST_BACKEND_ROOT_ENDPOINT value: "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" - name: CONFIG_INTERNAL_API_USER value: "${SYSTEM_BACKEND_USERNAME}" - name: CONFIG_INTERNAL_API_PASSWORD value: "${SYSTEM_BACKEND_PASSWORD}" - name: SECRET_KEY_BASE value: "${SYSTEM_APP_SECRET_KEY_BASE}" - name: AMP_RELEASE value: "${AMP_RELEASE}" - name: ZYNC_AUTHENTICATION_TOKEN valueFrom: secretKeyRef: name: zync key: ZYNC_AUTHENTICATION_TOKEN - name: SMTP_ADDRESS valueFrom: configMapKeyRef: name: smtp key: address - name: SMTP_USER_NAME valueFrom: configMapKeyRef: name: smtp key: username - name: SMTP_PASSWORD valueFrom: configMapKeyRef: name: smtp key: password - name: SMTP_DOMAIN valueFrom: configMapKeyRef: name: smtp key: domain - name: SMTP_PORT valueFrom: configMapKeyRef: name: smtp key: port - name: SMTP_AUTHENTICATION valueFrom: configMapKeyRef: name: smtp key: authentication - name: SMTP_OPENSSL_VERIFY_MODE valueFrom: configMapKeyRef: name: smtp key: openssl.verify.mode - name: BACKEND_ROUTE value: "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" - name: SSL_CERT_DIR value: "/etc/pki/tls/certs" - name: APICAST_REGISTRY_URL value: "${APICAST_REGISTRY_URL}" apiVersion: v1 kind: Template metadata: name: "3scale-api-management" annotations: openshift.io/display-name: 3scale API Management openshift.io/provider-display-name: Red Hat, Inc. iconClass: icon-3scale description: >- 3scale API Management main system tags: integration, api management, 3scale message: "Login on https://${TENANT_NAME}-admin.${WILDCARD_DOMAIN} as ${ADMIN_USERNAME}/${ADMIN_PASSWORD}" objects: - kind: ImageStream apiVersion: v1 metadata: name: amp-system annotations: openshift.io/display-name: AMP System spec: tags: - name: latest annotations: openshift.io/display-name: AMP System (latest) from: kind: ImageStreamTag name: "${AMP_RELEASE}" - name: "${AMP_RELEASE}" annotations: openshift.io/display-name: AMP system ${AMP_RELEASE} from: kind: DockerImage name: registry.access.redhat.com/3scale-amp22/system:1.7 - kind: ImageStream apiVersion: v1 metadata: name: amp-backend annotations: openshift.io/display-name: AMP backend spec: tags: - name: latest annotations: openshift.io/display-name: amp-backend (latest) from: kind: ImageStreamTag name: "${AMP_RELEASE}" - name: "${AMP_RELEASE}" annotations: openshift.io/display-name: amp-backend ${AMP_RELEASE} from: kind: DockerImage name: registry.access.redhat.com/3scale-amp22/backend:1.6 - kind: ImageStream apiVersion: v1 metadata: name: amp-apicast annotations: openshift.io/display-name: AMP APIcast spec: tags: - name: latest annotations: openshift.io/display-name: AMP APIcast (latest) from: kind: ImageStreamTag name: "${AMP_RELEASE}" - name: "${AMP_RELEASE}" annotations: openshift.io/display-name: AMP APIcast ${AMP_RELEASE} from: kind: DockerImage name: registry.access.redhat.com/3scale-amp22/apicast-gateway:1.8 - kind: ImageStream apiVersion: v1 metadata: name: amp-wildcard-router annotations: openshift.io/display-name: AMP APIcast Wildcard Router spec: tags: - name: latest annotations: openshift.io/display-name: AMP APIcast Wildcard Router (latest) from: kind: ImageStreamTag name: "${AMP_RELEASE}" - name: "${AMP_RELEASE}" annotations: openshift.io/display-name: AMP APIcast Wildcard Router ${AMP_RELEASE} from: kind: DockerImage name: registry.access.redhat.com/3scale-amp22/wildcard-router:1.6 - apiVersion: "v1" kind: "PersistentVolumeClaim" metadata: name: "system-storage" spec: accessModes: - "ReadWriteMany" resources: requests: storage: "100Mi" - apiVersion: "v1" kind: "PersistentVolumeClaim" metadata: name: "mysql-storage" spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "1Gi" - apiVersion: "v1" kind: "PersistentVolumeClaim" metadata: name: "system-redis-storage" spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "1Gi" - apiVersion: "v1" kind: "PersistentVolumeClaim" metadata: name: "backend-redis-storage" spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "1Gi" - apiVersion: v1 kind: DeploymentConfig metadata: name: backend-cron labels: app: Backend spec: replicas: 1 selector: name: backend-cron strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: name: backend-cron spec: containers: - args: - backend-cron env: - name: CONFIG_REDIS_PROXY value: redis://backend-redis:6379/0 - name: CONFIG_REDIS_SENTINEL_HOSTS value: "" - name: CONFIG_REDIS_SENTINEL_ROLE value: "" - name: CONFIG_QUEUES_MASTER_NAME value: redis://backend-redis:6379/1 - name: CONFIG_QUEUES_SENTINEL_HOSTS value: "" - name: CONFIG_QUEUES_SENTINEL_ROLE value: "" - name: RACK_ENV value: "production" image: amp-backend:latest imagePullPolicy: IfNotPresent name: backend-cron resources: limits: cpu: 150m memory: 80Mi requests: cpu: 50m memory: 40Mi triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - backend-cron from: kind: ImageStreamTag name: amp-backend:latest - apiVersion: v1 kind: DeploymentConfig metadata: name: backend-redis labels: app: Backend spec: replicas: 1 selector: name: backend-redis strategy: type: Recreate template: metadata: labels: name: backend-redis spec: containers: - image: ${REDIS_IMAGE} imagePullPolicy: IfNotPresent name: backend-redis command: - "/opt/rh/rh-redis32/root/usr/bin/redis-server" args: - "/etc/redis.d/redis.conf" - "--daemonize" - "no" resources: limits: cpu: 2000m memory: 32Gi requests: cpu: 1000m memory: 1024Mi readinessProbe: exec: command: - "container-entrypoint" - "bash" - "-c" - "redis-cli set liveness-probe \"`date`\" | grep OK" initialDelaySeconds: 10 periodSeconds: 30 timeoutSeconds: 1 livenessProbe: tcpSocket: port: 6379 initialDelaySeconds: 10 periodSeconds: 10 volumeMounts: - name: backend-redis-storage mountPath: "/var/lib/redis/data" - name: redis-config mountPath: /etc/redis.d/ volumes: - name: backend-redis-storage persistentVolumeClaim: claimName: backend-redis-storage - name: redis-config configMap: name: redis-config items: - key: redis.conf path: redis.conf triggers: - type: ConfigChange - apiVersion: v1 kind: DeploymentConfig metadata: name: backend-listener labels: app: Backend spec: replicas: 1 selector: name: backend-listener strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: name: backend-listener spec: containers: - args: - bin/3scale_backend - start - "-e" - production - "-p" - '3000' - "-x" - "/dev/stdout" env: - name: CONFIG_REDIS_PROXY value: redis://backend-redis:6379/0 - name: CONFIG_REDIS_SENTINEL_HOSTS value: "" - name: CONFIG_REDIS_SENTINEL_ROLE value: "" - name: CONFIG_QUEUES_MASTER_NAME value: redis://backend-redis:6379/1 - name: CONFIG_QUEUES_SENTINEL_HOSTS value: "" - name: CONFIG_QUEUES_SENTINEL_ROLE value: "" - name: RACK_ENV value: "production" - name: CONFIG_INTERNAL_API_USER value: "${SYSTEM_BACKEND_USERNAME}" - name: CONFIG_INTERNAL_API_PASSWORD value: "${SYSTEM_BACKEND_PASSWORD}" - name: PUMA_WORKERS value: "16" image: amp-backend:latest imagePullPolicy: IfNotPresent name: backend-listener resources: limits: cpu: 1000m memory: 700Mi requests: cpu: 500m memory: 550Mi livenessProbe: initialDelaySeconds: 30 periodSeconds: 10 tcpSocket: port: 3000 readinessProbe: httpGet: path: "/status" port: 3000 initialDelaySeconds: 30 timeoutSeconds: 5 ports: - containerPort: 3000 protocol: TCP triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - backend-listener from: kind: ImageStreamTag name: amp-backend:latest - apiVersion: v1 kind: Service metadata: name: backend-redis spec: ports: - port: 6379 protocol: TCP targetPort: 6379 selector: name: backend-redis - apiVersion: v1 kind: Service metadata: name: backend-listener annotations: service.alpha.openshift.io/dependencies: '[{"name": "backend-redis", "kind": "Service"}]' spec: ports: - port: 3000 protocol: TCP targetPort: 3000 name: http selector: name: backend-listener - apiVersion: v1 kind: Service metadata: name: system-provider annotations: service.alpha.openshift.io/dependencies: '[{"name": "system-developer", "kind": "Service"}]' spec: ports: - port: 3000 protocol: TCP targetPort: provider name: http selector: name: system-app - apiVersion: v1 kind: Service metadata: name: system-master annotations: service.alpha.openshift.io/dependencies: '[{"name": "system-developer", "kind": "Service"}]' spec: ports: - port: 3000 protocol: TCP targetPort: master name: http selector: name: system-app - apiVersion: v1 kind: Service metadata: name: system-developer spec: ports: - port: 3000 protocol: TCP targetPort: developer name: http selector: name: system-app - apiVersion: v1 kind: DeploymentConfig metadata: name: backend-worker labels: app: Backend spec: replicas: 1 selector: name: backend-worker strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: name: backend-worker spec: containers: - args: - bin/3scale_backend_worker - run env: - name: CONFIG_REDIS_PROXY value: redis://backend-redis:6379/0 - name: CONFIG_REDIS_SENTINEL_HOSTS value: "" - name: CONFIG_REDIS_SENTINEL_ROLE value: "" - name: CONFIG_QUEUES_MASTER_NAME value: redis://backend-redis:6379/1 - name: CONFIG_QUEUES_SENTINEL_HOSTS value: "" - name: CONFIG_QUEUES_SENTINEL_ROLE value: "" - name: RACK_ENV value: "production" - name: CONFIG_EVENTS_HOOK value: http://system-master:3000/master/events/import - name: CONFIG_EVENTS_HOOK_SHARED_SECRET value: ${SYSTEM_BACKEND_SHARED_SECRET} image: amp-backend:latest imagePullPolicy: IfNotPresent name: backend-worker resources: limits: cpu: 1000m memory: 300Mi requests: cpu: 150m memory: 50Mi triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - backend-worker from: kind: ImageStreamTag name: amp-backend:latest - kind: Service apiVersion: v1 metadata: name: 'system-mysql' spec: ports: - name: system-mysql protocol: TCP port: 3306 targetPort: 3306 nodePort: 0 selector: name: 'system-mysql' - apiVersion: v1 kind: Service metadata: name: system-redis spec: ports: - port: 6379 protocol: TCP targetPort: 6379 name: redis selector: name: system-redis - apiVersion: v1 kind: DeploymentConfig metadata: name: system-redis labels: app: System spec: replicas: 1 selector: name: system-redis strategy: type: Recreate template: metadata: labels: name: system-redis spec: containers: - image: ${REDIS_IMAGE} imagePullPolicy: IfNotPresent name: system-redis command: - "/opt/rh/rh-redis32/root/usr/bin/redis-server" args: - "/etc/redis.d/redis.conf" - "--daemonize" - "no" resources: limits: memory: 32Gi cpu: 500m requests: cpu: 150m memory: 256Mi terminationMessagePath: /dev/termination-log volumeMounts: - name: system-redis-storage mountPath: "/var/lib/redis/data" - name: redis-config mountPath: /etc/redis.d/ readinessProbe: exec: command: - "container-entrypoint" - "bash" - "-c" - "redis-cli set liveness-probe \"`date`\" | grep OK" initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 livenessProbe: tcpSocket: port: 6379 initialDelaySeconds: 10 periodSeconds: 5 volumes: - name: system-redis-storage persistentVolumeClaim: claimName: system-redis-storage - name: redis-config configMap: name: redis-config items: - key: redis.conf path: redis.conf triggers: - type: ConfigChange - apiVersion: v1 kind: Service metadata: name: system-sphinx spec: ports: - port: 9306 protocol: TCP targetPort: 9306 name: sphinx selector: name: system-sphinx - apiVersion: v1 kind: DeploymentConfig metadata: name: system-sphinx labels: app: System spec: replicas: 1 selector: name: system-sphinx strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: name: system-sphinx spec: volumes: - name: system-sphinx-database emptyDir: {} containers: - args: - rake - 'openshift:thinking_sphinx:start' volumeMounts: - name: system-sphinx-database mountPath: "/opt/system/db/sphinx" env: - name: RAILS_ENV value: production - name: DATABASE_URL value: "mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}" - name: THINKING_SPHINX_ADDRESS value: 0.0.0.0 - name: THINKING_SPHINX_CONFIGURATION_FILE value: "db/sphinx/production.conf" - name: THINKING_SPHINX_PID_FILE value: db/sphinx/searchd.pid - name: DELTA_INDEX_INTERVAL value: '5' - name: FULL_REINDEX_INTERVAL value: '60' image: amp-system:latest imagePullPolicy: IfNotPresent name: system-sphinx resources: limits: cpu: 1000m memory: 512Mi requests: cpu: 80m memory: 250Mi livenessProbe: tcpSocket: port: 9306 initialDelaySeconds: 60 periodSeconds: 10 triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - system-sphinx from: kind: ImageStreamTag name: amp-system:latest - apiVersion: v1 kind: Service metadata: name: system-memcache spec: ports: - port: 11211 protocol: TCP targetPort: 11211 name: memcache selector: name: system-memcache - apiVersion: v1 kind: DeploymentConfig metadata: name: system-memcache labels: app: System spec: replicas: 1 selector: name: system-memcache strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: name: system-memcache spec: containers: - args: env: image: registry.access.redhat.com/3scale-amp20/memcached:1.4.15 imagePullPolicy: IfNotPresent name: memcache resources: limits: cpu: 250m memory: 96Mi requests: cpu: 50m memory: 64Mi readinessProbe: exec: command: - "sh" - "-c" - "echo version | nc $HOSTNAME 11211 | grep VERSION" initialDelaySeconds: 10 periodSeconds: 30 timeoutSeconds: 5 livenessProbe: tcpSocket: port: 11211 initialDelaySeconds: 10 periodSeconds: 10 command: - "memcached" - "-m" - "64" ports: - containerPort: 6379 protocol: TCP triggers: - type: ConfigChange - apiVersion: v1 kind: Route metadata: name: system-provider-admin-route spec: host: ${TENANT_NAME}-admin.${WILDCARD_DOMAIN} to: kind: Service name: system-provider port: targetPort: http tls: termination: edge insecureEdgeTerminationPolicy: Allow - apiVersion: v1 kind: Route metadata: name: system-master-admin-route spec: host: ${MASTER_NAME}-admin.${WILDCARD_DOMAIN} to: kind: Service name: system-master port: targetPort: http tls: termination: edge insecureEdgeTerminationPolicy: Allow - apiVersion: v1 kind: Route metadata: name: backend-route labels: app: system-route spec: host: backend-${TENANT_NAME}.${WILDCARD_DOMAIN} to: kind: Service name: backend-listener port: targetPort: http tls: termination: edge insecureEdgeTerminationPolicy: Allow - apiVersion: v1 kind: Route metadata: name: system-developer-route spec: host: ${TENANT_NAME}.${WILDCARD_DOMAIN} to: kind: Service name: system-developer port: targetPort: http tls: termination: edge insecureEdgeTerminationPolicy: Allow - apiVersion: v1 kind: DeploymentConfig metadata: name: apicast-staging labels: app: APIcast spec: replicas: 1 selector: deploymentconfig: apicast-staging strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 1800 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: deploymentconfig: apicast-staging spec: containers: - env: - name: THREESCALE_PORTAL_ENDPOINT value: "http://${APICAST_ACCESS_TOKEN}@system-master:3000/master/api/proxy/configs" - name: APICAST_CONFIGURATION_LOADER value: "lazy" - name: APICAST_CONFIGURATION_CACHE value: "0" - name: THREESCALE_DEPLOYMENT_ENV value: "sandbox" - name: APICAST_MANAGEMENT_API value: "${APICAST_MANAGEMENT_API}" - name: BACKEND_ENDPOINT_OVERRIDE value: http://backend-listener:3000 - name: OPENSSL_VERIFY value: '${APICAST_OPENSSL_VERIFY}' - name: APICAST_RESPONSE_CODES value: '${APICAST_RESPONSE_CODES}' - name: REDIS_URL value: "redis://system-redis:6379/2" image: amp-apicast:latest imagePullPolicy: IfNotPresent name: apicast-staging resources: limits: cpu: 100m memory: 128Mi requests: cpu: 50m memory: 64Mi livenessProbe: httpGet: path: /status/live port: 8090 initialDelaySeconds: 10 timeoutSeconds: 5 periodSeconds: 10 readinessProbe: httpGet: path: /status/ready port: 8090 initialDelaySeconds: 15 timeoutSeconds: 5 periodSeconds: 30 ports: - containerPort: 8080 protocol: TCP - containerPort: 8090 protocol: TCP triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - apicast-staging from: kind: ImageStreamTag name: amp-apicast:latest - apiVersion: v1 kind: Service metadata: name: apicast-staging spec: ports: - name: gateway port: 8080 protocol: TCP targetPort: 8080 - name: management port: 8090 protocol: TCP targetPort: 8090 selector: deploymentconfig: apicast-staging - apiVersion: v1 kind: DeploymentConfig metadata: name: apicast-production labels: app: APIcast spec: replicas: 1 selector: deploymentconfig: apicast-production strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 1800 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: deploymentconfig: apicast-production spec: containers: - env: - name: THREESCALE_PORTAL_ENDPOINT value: "http://${APICAST_ACCESS_TOKEN}@system-master:3000/master/api/proxy/configs" - name: APICAST_CONFIGURATION_LOADER value: "boot" - name: APICAST_CONFIGURATION_CACHE value: "300" - name: THREESCALE_DEPLOYMENT_ENV value: "production" - name: APICAST_MANAGEMENT_API value: "${APICAST_MANAGEMENT_API}" - name: BACKEND_ENDPOINT_OVERRIDE value: http://backend-listener:3000 - name: OPENSSL_VERIFY value: '${APICAST_OPENSSL_VERIFY}' - name: APICAST_RESPONSE_CODES value: '${APICAST_RESPONSE_CODES}' - name: REDIS_URL value: "redis://system-redis:6379/1" image: amp-apicast:latest imagePullPolicy: IfNotPresent name: apicast-production resources: limits: cpu: 1000m memory: 128Mi requests: cpu: 500m memory: 64Mi livenessProbe: httpGet: path: /status/live port: 8090 initialDelaySeconds: 10 timeoutSeconds: 5 periodSeconds: 10 readinessProbe: httpGet: path: /status/ready port: 8090 initialDelaySeconds: 15 timeoutSeconds: 5 periodSeconds: 30 ports: - containerPort: 8080 protocol: TCP - containerPort: 8090 protocol: TCP triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - apicast-production from: kind: ImageStreamTag name: amp-apicast:latest - apiVersion: v1 kind: Service metadata: name: apicast-production annotations: service.alpha.openshift.io/dependencies: '[{"name": "apicast-staging", "kind": "Service"}]' spec: ports: - name: gateway port: 8080 protocol: TCP targetPort: 8080 - name: management port: 8090 protocol: TCP targetPort: 8090 selector: deploymentconfig: apicast-production - apiVersion: v1 kind: Route metadata: name: api-apicast-staging-route spec: host: api-${TENANT_NAME}-apicast-staging.${WILDCARD_DOMAIN} to: kind: Service name: apicast-staging port: targetPort: gateway tls: termination: edge insecureEdgeTerminationPolicy: Allow - apiVersion: v1 kind: Route metadata: name: api-apicast-production-route spec: host: api-${TENANT_NAME}-apicast-production.${WILDCARD_DOMAIN} to: kind: Service name: apicast-production port: targetPort: gateway tls: termination: edge insecureEdgeTerminationPolicy: Allow - apiVersion: v1 kind: DeploymentConfig metadata: name: apicast-wildcard-router labels: app: APIcast spec: replicas: 1 selector: deploymentconfig: apicast-wildcard-router strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 1800 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: deploymentconfig: apicast-wildcard-router spec: containers: - env: - name: API_HOST value: "http://${APICAST_ACCESS_TOKEN}@system-master:3000" image: amp-wildcard-router:latest imagePullPolicy: IfNotPresent name: apicast-wildcard-router resources: limits: cpu: 500m memory: 64Mi requests: cpu: 120m memory: 32Mi ports: - containerPort: 8080 protocol: TCP name: http livenessProbe: initialDelaySeconds: 30 periodSeconds: 10 tcpSocket: port: http triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - apicast-wildcard-router from: kind: ImageStreamTag name: amp-wildcard-router:latest - apiVersion: v1 kind: Service metadata: name: apicast-wildcard-router spec: ports: - port: 8080 protocol: TCP targetPort: http name: http selector: deploymentconfig: apicast-wildcard-router - apiVersion: v1 kind: Route metadata: name: apicast-wildcard-router-route spec: host: apicast-wildcard.${WILDCARD_DOMAIN} to: kind: Service name: apicast-wildcard-router port: targetPort: http wildcardPolicy: ${WILDCARD_POLICY} tls: termination: edge insecureEdgeTerminationPolicy: Allow - kind: ConfigMap apiVersion: v1 metadata: name: system data: zync.yml: | production: endpoint: 'http://zync:8080' authentication: token: "<%= ENV.fetch('ZYNC_AUTHENTICATION_TOKEN') %>" connect_timeout: 5 send_timeout: 5 receive_timeout: 10 root_url: rolling_updates.yml: | production: old_charts: false new_provider_documentation: false proxy_pro: false instant_bill_plan_change: false service_permissions: true async_apicast_deploy: false duplicate_application_id: true duplicate_user_key: true plan_changes_wizard: false require_cc_on_signup: false apicast_per_service: true new_notification_system: true cms_api: false apicast_v2: true forum: false published_service_plan_signup: true apicast_oidc: true policies: true - kind: ConfigMap apiVersion: v1 metadata: name: mysql-extra-conf data: mysql-charset.cnf: | [client] default-character-set = utf8 [mysql] default-character-set = utf8 [mysqld] character-set-server = utf8 collation-server = utf8_unicode_ci - kind: ConfigMap apiVersion: v1 metadata: name: mysql-main-conf data: my.cnf: | !include /etc/my.cnf !includedir /etc/my-extra.d - apiVersion: v1 kind: DeploymentConfig metadata: name: system-app labels: app: System spec: replicas: 1 selector: name: system-app strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 pre: failurePolicy: Retry execNewPod: containerName: system-master command: - bash - -c - bundle exec rake boot openshift:deploy MASTER_ACCESS_TOKEN="${MASTER_ACCESS_TOKEN}" env: *base_env volumes: - system-storage post: failurePolicy: Abort execNewPod: containerName: system-master command: - bash - -c - bundle exec rake boot openshift:post_deploy type: Rolling template: metadata: labels: name: system-app spec: containers: - env: *base_env image: amp-system:latest imagePullPolicy: IfNotPresent args: [ 'env', 'TENANT_MODE=master', 'PORT=3002', 'container-entrypoint', 'bundle', 'exec', 'unicorn', '-c', 'config/unicorn.rb' ] name: system-master resources: limits: cpu: 1000m memory: 800Mi requests: cpu: 50m memory: 600Mi livenessProbe: timeoutSeconds: 10 initialDelaySeconds: 20 tcpSocket: port: master periodSeconds: 10 readinessProbe: httpGet: path: /check.txt port: master scheme: HTTP httpHeaders: - name: X-Forwarded-Proto value: https initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 30 ports: - containerPort: 3002 protocol: TCP name: master volumeMounts: - name: system-storage mountPath: /opt/system/public/system - name: system-config mountPath: /opt/system-extra-configs - env: *base_env image: amp-system:latest imagePullPolicy: IfNotPresent args: [ 'env', 'TENANT_MODE=provider', 'PORT=3000', 'container-entrypoint', 'bundle', 'exec', 'unicorn', '-c', 'config/unicorn.rb' ] name: system-provider resources: limits: cpu: 1000m memory: 800Mi requests: cpu: 50m memory: 600Mi livenessProbe: timeoutSeconds: 10 initialDelaySeconds: 20 tcpSocket: port: provider periodSeconds: 10 readinessProbe: httpGet: path: /check.txt port: provider scheme: HTTP httpHeaders: - name: X-Forwarded-Proto value: https initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 30 ports: - containerPort: 3000 protocol: TCP name: provider volumeMounts: - name: system-storage mountPath: /opt/system/public/system - name: system-config mountPath: /opt/system-extra-configs - env: *base_env image: amp-system:latest args: [ 'env', 'PORT=3001', 'container-entrypoint', 'bundle', 'exec', 'unicorn', '-c', 'config/unicorn.rb' ] imagePullPolicy: IfNotPresent name: system-developer resources: limits: cpu: 1000m memory: 800Mi requests: cpu: 50m memory: 600Mi livenessProbe: timeoutSeconds: 10 initialDelaySeconds: 20 tcpSocket: port: developer periodSeconds: 10 readinessProbe: httpGet: path: /check.txt port: developer scheme: HTTP httpHeaders: - name: X-Forwarded-Proto value: https initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 30 ports: - containerPort: 3001 protocol: TCP name: developer volumeMounts: - name: system-storage mountPath: /opt/system/public/system readOnly: true - name: system-config mountPath: /opt/system-extra-configs volumes: - name: system-storage persistentVolumeClaim: claimName: system-storage - name: system-config configMap: name: system items: - key: zync.yml path: zync.yml - key: rolling_updates.yml path: rolling_updates.yml triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - system-provider - system-developer - system-master from: kind: ImageStreamTag name: amp-system:latest - apiVersion: v1 kind: DeploymentConfig metadata: name: system-resque labels: app: System spec: replicas: 1 selector: name: system-resque strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: name: system-resque spec: containers: - args: - 'rake' - 'resque:work' - 'QUEUE=*' env: *base_env image: amp-system:latest imagePullPolicy: IfNotPresent name: system-resque resources: limits: cpu: 150m memory: 450Mi requests: cpu: 100m memory: 300Mi volumeMounts: - name: system-storage mountPath: /opt/system/public/system - args: - 'rake' - 'resque:scheduler' - 'QUEUE=*' env: *base_env image: amp-system:latest imagePullPolicy: IfNotPresent name: system-scheduler resources: limits: cpu: 150m memory: 250Mi requests: cpu: 50m memory: 200Mi volumes: - name: system-storage persistentVolumeClaim: claimName: system-storage triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - system-scheduler - system-resque from: kind: ImageStreamTag name: amp-system:latest - apiVersion: v1 kind: DeploymentConfig metadata: name: system-sidekiq labels: app: System spec: replicas: 1 selector: name: system-sidekiq strategy: rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: labels: name: system-sidekiq spec: containers: - args: - rake - sidekiq:worker env: *base_env image: amp-system:latest imagePullPolicy: IfNotPresent name: system-sidekiq resources: limits: cpu: 1000m memory: 2Gi requests: cpu: 100m memory: 500Mi volumeMounts: - name: system-storage mountPath: /opt/system/public/system - name: system-tmp mountPath: /tmp - name: system-config mountPath: /opt/system-extra-configs volumes: - name: system-tmp emptyDir: medium: Memory - name: system-storage persistentVolumeClaim: claimName: system-storage - name: system-config configMap: name: system items: - key: zync.yml path: zync.yml - key: rolling_updates.yml path: rolling_updates.yml triggers: - type: ConfigChange - type: ImageChange imageChangeParams: automatic: true containerNames: - system-sidekiq from: kind: ImageStreamTag name: amp-system:latest - kind: DeploymentConfig apiVersion: v1 metadata: name: 'system-mysql' labels: app: System spec: strategy: type: Recreate triggers: - type: ConfigChange replicas: 1 selector: name: 'system-mysql' template: metadata: labels: name: 'system-mysql' spec: containers: - name: system-mysql image: ${MYSQL_IMAGE} ports: - containerPort: 3306 protocol: TCP resources: limits: memory: 2Gi requests: cpu: 250m memory: 512Mi readinessProbe: timeoutSeconds: 5 initialDelaySeconds: 10 periodSeconds: 30 exec: command: - /bin/sh - '-i' - '-c' - >- MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1' livenessProbe: initialDelaySeconds: 30 periodSeconds: 10 tcpSocket: port: 3306 env: - name: MYSQL_USER value: ${MYSQL_USER} - name: MYSQL_PASSWORD value: ${MYSQL_PASSWORD} - name: MYSQL_DATABASE value: ${MYSQL_DATABASE} - name: MYSQL_ROOT_PASSWORD value: ${MYSQL_ROOT_PASSWORD} - name: MYSQL_LOWER_CASE_TABLE_NAMES value: "1" - name: MYSQL_DEFAULTS_FILE value: /etc/my-extra/my.cnf volumeMounts: - name: 'mysql-storage' mountPath: /var/lib/mysql/data - name: 'mysql-extra-conf' mountPath: /etc/my-extra.d - name: 'mysql-main-conf' mountPath: /etc/my-extra imagePullPolicy: IfNotPresent volumes: - name: 'mysql-storage' persistentVolumeClaim: claimName: 'mysql-storage' - name: 'mysql-extra-conf' configMap: name: 'mysql-extra-conf' - name: 'mysql-main-conf' configMap: name: 'mysql-main-conf' - kind: ConfigMap apiVersion: v1 metadata: name: redis-config data: redis.conf: | protected-mode no port 6379 timeout 0 tcp-keepalive 300 daemonize no supervised no loglevel notice databases 16 save 900 1 save 300 10 save 60 10000 stop-writes-on-bgsave-error yes rdbcompression yes rdbchecksum yes dbfilename dump.rdb slave-serve-stale-data yes slave-read-only yes repl-diskless-sync no repl-disable-tcp-nodelay no appendonly yes appendfilename "appendonly.aof" appendfsync everysec no-appendfsync-on-rewrite no auto-aof-rewrite-percentage 100 auto-aof-rewrite-min-size 64mb aof-load-truncated yes lua-time-limit 5000 activerehashing no aof-rewrite-incremental-fsync yes dir /var/lib/redis/data - kind: ConfigMap apiVersion: v1 metadata: name: smtp data: address: "" username: "" password: "" domain: "" port: "" authentication: "" openssl.verify.mode: "" - apiVersion: v1 kind: ImageStream metadata: name: postgresql spec: tags: - name: '9.5' from: kind: DockerImage name: registry.access.redhat.com/rhscl/postgresql-95-rhel7:9.5 - kind: ImageStream apiVersion: v1 metadata: name: amp-zync annotations: openshift.io/display-name: AMP Zync spec: tags: - name: latest annotations: openshift.io/display-name: AMP Zync (latest) from: kind: ImageStreamTag name: "${AMP_RELEASE}" - name: "${AMP_RELEASE}" annotations: openshift.io/display-name: AMP Zync ${AMP_RELEASE} from: kind: DockerImage name: registry.access.redhat.com/3scale-amp22/zync:1.6 - kind: Secret apiVersion: v1 stringData: SECRET_KEY_BASE: "${ZYNC_SECRET_KEY_BASE}" DATABASE_URL: "postgresql://zync:${ZYNC_DATABASE_PASSWORD}@zync-database:5432/zync_production" ZYNC_DATABASE_PASSWORD: "${ZYNC_DATABASE_PASSWORD}" ZYNC_AUTHENTICATION_TOKEN: "${ZYNC_AUTHENTICATION_TOKEN}" metadata: name: zync type: Opaque - apiVersion: v1 kind: DeploymentConfig metadata: annotations: labels: app: Zync name: zync spec: replicas: 1 selector: app: zync deploymentconfig: zync template: metadata: annotations: labels: app: zync deploymentconfig: zync spec: containers: - image: " " name: zync ports: - containerPort: 8080 protocol: TCP resources: limits: cpu: '1' memory: 512Mi requests: cpu: 150m memory: 250M env: - name: RAILS_LOG_TO_STDOUT value: 'true' - name: RAILS_ENV value: production - name: DATABASE_URL valueFrom: secretKeyRef: name: zync key: DATABASE_URL - name: SECRET_KEY_BASE valueFrom: secretKeyRef: name: zync key: SECRET_KEY_BASE - name: ZYNC_AUTHENTICATION_TOKEN valueFrom: secretKeyRef: name: zync key: ZYNC_AUTHENTICATION_TOKEN livenessProbe: httpGet: path: /status/live port: 8080 scheme: HTTP initialDelaySeconds: 10 timeoutSeconds: 60 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 readinessProbe: httpGet: path: /status/ready port: 8080 scheme: HTTP initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - zync from: kind: ImageStreamTag name: amp-zync:latest type: ImageChange - apiVersion: v1 kind: Service metadata: annotations: service.alpha.openshift.io/dependencies: '[{"name": "zync-database", "kind": "Service"}]' labels: app: zync name: zync spec: ports: - name: 8080-tcp port: 8080 protocol: TCP targetPort: 8080 selector: app: zync deploymentconfig: zync - kind: Service apiVersion: v1 metadata: name: "zync-database" spec: ports: - name: postgresql protocol: TCP port: 5432 targetPort: 5432 nodePort: 0 selector: name: "zync-database" - kind: DeploymentConfig apiVersion: v1 metadata: name: zync-database labels: app: Zync spec: strategy: type: Recreate triggers: - type: ImageChange imageChangeParams: automatic: true containerNames: - postgresql from: kind: ImageStreamTag name: postgresql:9.5 - type: ConfigChange replicas: 1 selector: name: "zync-database" template: metadata: labels: name: "zync-database" spec: containers: - name: postgresql image: " " ports: - containerPort: 5432 protocol: TCP readinessProbe: timeoutSeconds: 1 initialDelaySeconds: 5 exec: command: - "/bin/sh" - "-i" - "-c" - psql -h 127.0.0.1 -U zync -q -d zync_production -c 'SELECT 1' livenessProbe: timeoutSeconds: 1 initialDelaySeconds: 30 tcpSocket: port: 5432 env: - name: POSTGRESQL_USER value: zync - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: name: zync key: ZYNC_DATABASE_PASSWORD - name: POSTGRESQL_DATABASE value: "zync_production" resources: limits: memory: "2G" cpu: 250m requests: cpu: 50m memory: 250M volumeMounts: - name: "zync-database-data" mountPath: "/var/lib/pgsql/data" imagePullPolicy: IfNotPresent volumes: - name: "zync-database-data" emptyDir: medium: '' restartPolicy: Always parameters: - name: ZYNC_DATABASE_PASSWORD displayName: PostgreSQL Connection Password description: Password for the PostgreSQL connection user. generate: expression from: "[a-zA-Z0-9]{16}" required: true - name: ZYNC_SECRET_KEY_BASE generate: expression from: "[a-zA-Z0-9]{16}" required: true - name: ZYNC_AUTHENTICATION_TOKEN generate: expression from: "[a-zA-Z0-9]{16}" required: true - name: AMP_RELEASE description: "AMP release tag." value: "2.2.0" required: true - name: ADMIN_PASSWORD required: true generate: expression from: "[a-z0-9]{8}" - name: ADMIN_USERNAME value: admin required: true - name: APICAST_ACCESS_TOKEN required: true generate: expression from: "[a-z0-9]{8}" description: "Read Only Access Token that is APIcast going to use to download its configuration." - name: ADMIN_ACCESS_TOKEN required: false generate: expression from: "[a-z0-9]{16}" description: "Admin Access Token with all scopes and write permissions for API access." - name: WILDCARD_DOMAIN description: Root domain for the wildcard routes. Eg. example.com will generate 3scale-admin.example.com. required: true - name: WILDCARD_POLICY description: Use "Subdomain" to create a wildcard route for apicast wildcard router required: true value: "None" - name: TENANT_NAME description: "Tenant name under the root that Admin UI will be available with -admin suffix." required: true value: "3scale" - name: MYSQL_USER displayName: MySQL User description: Username for MySQL user that will be used for accessing the database. value: "mysql" required: true - name: MYSQL_PASSWORD displayName: MySQL Password description: Password for the MySQL user. generate: expression from: "[a-z0-9]{8}" required: true - name: MYSQL_DATABASE displayName: MySQL Database Name description: Name of the MySQL database accessed. value: "system" required: true - name: MYSQL_ROOT_PASSWORD displayName: MySQL Root password. description: Password for Root user. generate: expression from: "[a-z0-9]{8}" required: true - name: SYSTEM_BACKEND_USERNAME description: Internal 3scale API username for internal 3scale api auth. value: "3scale_api_user" required: true - name: SYSTEM_BACKEND_PASSWORD description: Internal 3scale API password for internal 3scale api auth. generate: expression from: "[a-z0-9]{8}" required: true - name: REDIS_IMAGE description: Redis image to use required: true value: "registry.access.redhat.com/rhscl/redis-32-rhel7:3.2" - name: MYSQL_IMAGE description: Mysql image to use required: true value: "registry.access.redhat.com/rhscl/mysql-57-rhel7:5.7-5" - name: SYSTEM_BACKEND_SHARED_SECRET description: Shared secret to import events from backend to system. generate: expression from: "[a-z0-9]{8}" required: true - name: SYSTEM_APP_SECRET_KEY_BASE description: System application secret key base generate: expression from: "[a-f0-9]{128}" required: true - name: APICAST_MANAGEMENT_API description: "Scope of the APIcast Management API. Can be disabled, status or debug. At least status required for health checks." required: false value: "status" - name: APICAST_OPENSSL_VERIFY description: "Turn on/off the OpenSSL peer verification when downloading the configuration. Can be set to true/false." required: false value: "false" - name: APICAST_RESPONSE_CODES description: "Enable logging response codes in APIcast." value: "true" required: false - name: MASTER_NAME description: "The root name which Admin UI will be available with -admin suffix." value: "master" required: true - name: MASTER_USER value: master required: true - name: MASTER_PASSWORD required: true generate: expression from: "[a-z0-9]{8}" - name: MASTER_ACCESS_TOKEN required: true generate: expression from: "[a-z0-9]{8}" - name: APICAST_REGISTRY_URL description: "The URL to point to APIcast policies registry management" value: "http://apicast-staging:8090/policies" required: true