apiVersion: template.openshift.io/v1 kind: Template message: Login on https://${TENANT_NAME}-admin.${WILDCARD_DOMAIN} as ${ADMIN_USERNAME}/${ADMIN_PASSWORD} metadata: annotations: description: 3scale API Management main system (Evaluation) iconClass: icon-3scale openshift.io/display-name: 3scale API Management openshift.io/provider-display-name: Red Hat, Inc. tags: integration, api management, 3scale creationTimestamp: null name: 3scale-api-management-eval objects: - apiVersion: image.openshift.io/v1 kind: ImageStream metadata: annotations: openshift.io/display-name: AMP backend creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: backend name: amp-backend spec: lookupPolicy: local: false tags: - annotations: openshift.io/display-name: amp-backend ${AMP_RELEASE} from: kind: DockerImage name: ${AMP_BACKEND_IMAGE} generation: null importPolicy: insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} name: ${AMP_RELEASE} referencePolicy: type: "" status: dockerImageRepository: "" - apiVersion: image.openshift.io/v1 kind: ImageStream metadata: annotations: openshift.io/display-name: AMP Zync creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: zync name: amp-zync spec: lookupPolicy: local: false tags: - annotations: openshift.io/display-name: AMP Zync ${AMP_RELEASE} from: kind: DockerImage name: ${AMP_ZYNC_IMAGE} generation: null importPolicy: insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} name: ${AMP_RELEASE} referencePolicy: type: "" status: dockerImageRepository: "" - apiVersion: image.openshift.io/v1 kind: ImageStream metadata: annotations: openshift.io/display-name: AMP APIcast creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: apicast name: amp-apicast spec: lookupPolicy: local: false tags: - annotations: openshift.io/display-name: AMP APIcast ${AMP_RELEASE} from: kind: DockerImage name: ${AMP_APICAST_IMAGE} generation: null importPolicy: insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} name: ${AMP_RELEASE} referencePolicy: type: "" status: dockerImageRepository: "" - apiVersion: image.openshift.io/v1 kind: ImageStream metadata: annotations: openshift.io/display-name: AMP System creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system name: amp-system spec: lookupPolicy: local: false tags: - annotations: openshift.io/display-name: AMP system ${AMP_RELEASE} from: kind: DockerImage name: ${AMP_SYSTEM_IMAGE} generation: null importPolicy: insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} name: ${AMP_RELEASE} referencePolicy: type: "" status: dockerImageRepository: "" - apiVersion: image.openshift.io/v1 kind: ImageStream metadata: annotations: openshift.io/display-name: Zync database PostgreSQL creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system name: zync-database-postgresql spec: lookupPolicy: local: false tags: - annotations: openshift.io/display-name: Zync ${AMP_RELEASE} PostgreSQL from: kind: DockerImage name: ${ZYNC_DATABASE_IMAGE} generation: null importPolicy: insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} name: ${AMP_RELEASE} referencePolicy: type: "" status: dockerImageRepository: "" - apiVersion: image.openshift.io/v1 kind: ImageStream metadata: annotations: openshift.io/display-name: System Memcached creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system name: system-memcached spec: lookupPolicy: local: false tags: - annotations: openshift.io/display-name: System ${AMP_RELEASE} Memcached from: kind: DockerImage name: ${MEMCACHED_IMAGE} generation: null importPolicy: insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} name: ${AMP_RELEASE} referencePolicy: type: "" status: dockerImageRepository: "" - apiVersion: v1 imagePullSecrets: - name: threescale-registry-auth kind: ServiceAccount metadata: creationTimestamp: null name: amp - apiVersion: image.openshift.io/v1 kind: ImageStream metadata: annotations: openshift.io/display-name: System MySQL creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system name: system-mysql spec: lookupPolicy: local: false tags: - annotations: openshift.io/display-name: System ${AMP_RELEASE} MySQL from: kind: DockerImage name: ${SYSTEM_DATABASE_IMAGE} generation: null importPolicy: insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} name: ${AMP_RELEASE} referencePolicy: type: "" status: dockerImageRepository: "" - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: backend threescale_component_element: redis name: backend-redis spec: replicas: 1 selector: deploymentConfig: backend-redis strategy: resources: {} type: Recreate template: metadata: creationTimestamp: null labels: app: ${APP_LABEL} deploymentConfig: backend-redis threescale_component: backend threescale_component_element: redis spec: containers: - args: - /etc/redis.d/redis.conf - --daemonize - "no" command: - /opt/rh/rh-redis5/root/usr/bin/redis-server image: backend-redis:latest imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 10 periodSeconds: 10 tcpSocket: port: 6379 name: backend-redis readinessProbe: exec: command: - container-entrypoint - bash - -c - redis-cli set liveness-probe "`date`" | grep OK initialDelaySeconds: 10 periodSeconds: 30 timeoutSeconds: 1 resources: {} volumeMounts: - mountPath: /var/lib/redis/data name: backend-redis-storage - mountPath: /etc/redis.d/ name: redis-config serviceAccountName: amp volumes: - name: backend-redis-storage persistentVolumeClaim: claimName: backend-redis-storage - configMap: items: - key: redis.conf path: redis.conf name: redis-config name: redis-config test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - backend-redis from: kind: ImageStreamTag name: backend-redis:${AMP_RELEASE} type: ImageChange status: availableReplicas: 0 latestVersion: 0 observedGeneration: 0 replicas: 0 unavailableReplicas: 0 updatedReplicas: 0 - apiVersion: v1 kind: Service metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: backend threescale_component_element: redis name: backend-redis spec: ports: - port: 6379 protocol: TCP targetPort: 6379 selector: deploymentConfig: backend-redis status: loadBalancer: {} - apiVersion: v1 data: redis.conf: | protected-mode no port 6379 timeout 0 tcp-keepalive 300 daemonize no supervised no loglevel notice databases 16 save 900 1 save 300 10 save 60 10000 stop-writes-on-bgsave-error yes rdbcompression yes rdbchecksum yes dbfilename dump.rdb slave-serve-stale-data yes slave-read-only yes repl-diskless-sync no repl-disable-tcp-nodelay no appendonly yes appendfilename "appendonly.aof" appendfsync everysec no-appendfsync-on-rewrite no auto-aof-rewrite-percentage 100 auto-aof-rewrite-min-size 64mb aof-load-truncated yes lua-time-limit 5000 activerehashing no aof-rewrite-incremental-fsync yes dir /var/lib/redis/data kind: ConfigMap metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: redis name: redis-config - apiVersion: v1 kind: PersistentVolumeClaim metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: backend threescale_component_element: redis name: backend-redis-storage spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi status: {} - apiVersion: image.openshift.io/v1 kind: ImageStream metadata: annotations: openshift.io/display-name: Backend Redis creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: backend name: backend-redis spec: lookupPolicy: local: false tags: - annotations: openshift.io/display-name: Backend ${AMP_RELEASE} Redis from: kind: DockerImage name: ${REDIS_IMAGE} generation: null importPolicy: insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} name: ${AMP_RELEASE} referencePolicy: type: "" status: dockerImageRepository: "" - apiVersion: v1 kind: Secret metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: backend name: backend-redis stringData: REDIS_QUEUES_SENTINEL_HOSTS: "" REDIS_QUEUES_SENTINEL_ROLE: "" REDIS_QUEUES_URL: redis://backend-redis:6379/1 REDIS_STORAGE_SENTINEL_HOSTS: "" REDIS_STORAGE_SENTINEL_ROLE: "" REDIS_STORAGE_URL: redis://backend-redis:6379/0 type: Opaque - apiVersion: v1 kind: Secret metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system name: system-redis stringData: NAMESPACE: ${SYSTEM_REDIS_NAMESPACE} SENTINEL_HOSTS: "" SENTINEL_ROLE: "" URL: ${SYSTEM_REDIS_URL} type: Opaque - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: redis name: system-redis spec: replicas: 1 selector: deploymentConfig: system-redis strategy: resources: {} type: Recreate template: metadata: creationTimestamp: null labels: app: ${APP_LABEL} deploymentConfig: system-redis threescale_component: system threescale_component_element: redis spec: containers: - args: - /etc/redis.d/redis.conf - --daemonize - "no" command: - /opt/rh/rh-redis5/root/usr/bin/redis-server image: system-redis:latest imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 10 periodSeconds: 5 tcpSocket: port: 6379 name: system-redis readinessProbe: exec: command: - container-entrypoint - bash - -c - redis-cli set liveness-probe "`date`" | grep OK initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 resources: {} terminationMessagePath: /dev/termination-log volumeMounts: - mountPath: /var/lib/redis/data name: system-redis-storage - mountPath: /etc/redis.d/ name: redis-config serviceAccountName: amp volumes: - name: system-redis-storage persistentVolumeClaim: claimName: system-redis-storage - configMap: items: - key: redis.conf path: redis.conf name: redis-config name: redis-config test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - system-redis from: kind: ImageStreamTag name: system-redis:${AMP_RELEASE} type: ImageChange status: availableReplicas: 0 latestVersion: 0 observedGeneration: 0 replicas: 0 unavailableReplicas: 0 updatedReplicas: 0 - apiVersion: v1 kind: PersistentVolumeClaim metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: redis name: system-redis-storage spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi status: {} - apiVersion: v1 kind: Service metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: redis name: system-redis spec: ports: - name: redis port: 6379 protocol: TCP targetPort: 6379 selector: deploymentConfig: system-redis status: loadBalancer: {} - apiVersion: image.openshift.io/v1 kind: ImageStream metadata: annotations: openshift.io/display-name: System Redis creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system name: system-redis spec: lookupPolicy: local: false tags: - annotations: openshift.io/display-name: System ${AMP_RELEASE} Redis from: kind: DockerImage name: ${REDIS_IMAGE} generation: null importPolicy: insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} name: ${AMP_RELEASE} referencePolicy: type: "" status: dockerImageRepository: "" - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: backend threescale_component_element: cron name: backend-cron spec: replicas: 1 selector: deploymentConfig: backend-cron strategy: resources: {} rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 1200 updatePeriodSeconds: 1 type: Rolling template: metadata: creationTimestamp: null labels: app: ${APP_LABEL} deploymentConfig: backend-cron threescale_component: backend threescale_component_element: cron spec: containers: - args: - backend-cron env: - name: CONFIG_REDIS_PROXY valueFrom: secretKeyRef: key: REDIS_STORAGE_URL name: backend-redis - name: CONFIG_REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_HOSTS name: backend-redis - name: CONFIG_REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_ROLE name: backend-redis - name: CONFIG_QUEUES_MASTER_NAME valueFrom: secretKeyRef: key: REDIS_QUEUES_URL name: backend-redis - name: CONFIG_QUEUES_SENTINEL_HOSTS valueFrom: secretKeyRef: key: REDIS_QUEUES_SENTINEL_HOSTS name: backend-redis - name: CONFIG_QUEUES_SENTINEL_ROLE valueFrom: secretKeyRef: key: REDIS_QUEUES_SENTINEL_ROLE name: backend-redis - name: RACK_ENV valueFrom: configMapKeyRef: key: RACK_ENV name: backend-environment image: amp-backend:latest imagePullPolicy: IfNotPresent name: backend-cron resources: {} initContainers: - command: - /opt/app/entrypoint.sh - sh - -c - until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS; done env: - name: CONFIG_REDIS_PROXY valueFrom: secretKeyRef: key: REDIS_STORAGE_URL name: backend-redis - name: CONFIG_REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_HOSTS name: backend-redis - name: CONFIG_REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_ROLE name: backend-redis - name: CONFIG_QUEUES_MASTER_NAME valueFrom: secretKeyRef: key: REDIS_QUEUES_URL name: backend-redis - name: CONFIG_QUEUES_SENTINEL_HOSTS valueFrom: secretKeyRef: key: REDIS_QUEUES_SENTINEL_HOSTS name: backend-redis - name: CONFIG_QUEUES_SENTINEL_ROLE valueFrom: secretKeyRef: key: REDIS_QUEUES_SENTINEL_ROLE name: backend-redis - name: RACK_ENV valueFrom: configMapKeyRef: key: RACK_ENV name: backend-environment - name: SLEEP_SECONDS value: "1" image: amp-backend:latest name: backend-redis-svc resources: {} serviceAccountName: amp test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - backend-redis-svc - backend-cron from: kind: ImageStreamTag name: amp-backend:${AMP_RELEASE} type: ImageChange status: availableReplicas: 0 latestVersion: 0 observedGeneration: 0 replicas: 0 unavailableReplicas: 0 updatedReplicas: 0 - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: backend threescale_component_element: listener name: backend-listener spec: replicas: 1 selector: deploymentConfig: backend-listener strategy: resources: {} rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: creationTimestamp: null labels: app: ${APP_LABEL} deploymentConfig: backend-listener threescale_component: backend threescale_component_element: listener spec: containers: - args: - bin/3scale_backend - start - -e - production - -p - "3000" - -x - /dev/stdout env: - name: CONFIG_REDIS_PROXY valueFrom: secretKeyRef: key: REDIS_STORAGE_URL name: backend-redis - name: CONFIG_REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_HOSTS name: backend-redis - name: CONFIG_REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_ROLE name: backend-redis - name: CONFIG_QUEUES_MASTER_NAME valueFrom: secretKeyRef: key: REDIS_QUEUES_URL name: backend-redis - name: CONFIG_QUEUES_SENTINEL_HOSTS valueFrom: secretKeyRef: key: REDIS_QUEUES_SENTINEL_HOSTS name: backend-redis - name: CONFIG_QUEUES_SENTINEL_ROLE valueFrom: secretKeyRef: key: REDIS_QUEUES_SENTINEL_ROLE name: backend-redis - name: RACK_ENV valueFrom: configMapKeyRef: key: RACK_ENV name: backend-environment - name: PUMA_WORKERS value: "16" - name: CONFIG_INTERNAL_API_USER valueFrom: secretKeyRef: key: username name: backend-internal-api - name: CONFIG_INTERNAL_API_PASSWORD valueFrom: secretKeyRef: key: password name: backend-internal-api image: amp-backend:latest imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 30 periodSeconds: 10 tcpSocket: port: 3000 name: backend-listener ports: - containerPort: 3000 protocol: TCP readinessProbe: httpGet: path: /status port: 3000 initialDelaySeconds: 30 timeoutSeconds: 5 resources: {} serviceAccountName: amp test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - backend-listener from: kind: ImageStreamTag name: amp-backend:${AMP_RELEASE} type: ImageChange status: availableReplicas: 0 latestVersion: 0 observedGeneration: 0 replicas: 0 unavailableReplicas: 0 updatedReplicas: 0 - apiVersion: v1 kind: Service metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: backend threescale_component_element: listener name: backend-listener spec: ports: - name: http port: 3000 protocol: TCP targetPort: 3000 selector: deploymentConfig: backend-listener status: loadBalancer: {} - apiVersion: route.openshift.io/v1 kind: Route metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: backend name: backend spec: host: backend-${TENANT_NAME}.${WILDCARD_DOMAIN} port: targetPort: http tls: insecureEdgeTerminationPolicy: Allow termination: edge to: kind: Service name: backend-listener weight: null status: ingress: null - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: backend threescale_component_element: worker name: backend-worker spec: replicas: 1 selector: deploymentConfig: backend-worker strategy: resources: {} rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 1200 updatePeriodSeconds: 1 type: Rolling template: metadata: creationTimestamp: null labels: app: ${APP_LABEL} deploymentConfig: backend-worker threescale_component: backend threescale_component_element: worker spec: containers: - args: - bin/3scale_backend_worker - run env: - name: CONFIG_REDIS_PROXY valueFrom: secretKeyRef: key: REDIS_STORAGE_URL name: backend-redis - name: CONFIG_REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_HOSTS name: backend-redis - name: CONFIG_REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_ROLE name: backend-redis - name: CONFIG_QUEUES_MASTER_NAME valueFrom: secretKeyRef: key: REDIS_QUEUES_URL name: backend-redis - name: CONFIG_QUEUES_SENTINEL_HOSTS valueFrom: secretKeyRef: key: REDIS_QUEUES_SENTINEL_HOSTS name: backend-redis - name: CONFIG_QUEUES_SENTINEL_ROLE valueFrom: secretKeyRef: key: REDIS_QUEUES_SENTINEL_ROLE name: backend-redis - name: RACK_ENV valueFrom: configMapKeyRef: key: RACK_ENV name: backend-environment - name: CONFIG_EVENTS_HOOK valueFrom: secretKeyRef: key: URL name: system-events-hook - name: CONFIG_EVENTS_HOOK_SHARED_SECRET valueFrom: secretKeyRef: key: PASSWORD name: system-events-hook image: amp-backend:latest imagePullPolicy: IfNotPresent name: backend-worker resources: {} initContainers: - command: - /opt/app/entrypoint.sh - sh - -c - until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS; done env: - name: CONFIG_REDIS_PROXY valueFrom: secretKeyRef: key: REDIS_STORAGE_URL name: backend-redis - name: CONFIG_REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_HOSTS name: backend-redis - name: CONFIG_REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_ROLE name: backend-redis - name: CONFIG_QUEUES_MASTER_NAME valueFrom: secretKeyRef: key: REDIS_QUEUES_URL name: backend-redis - name: CONFIG_QUEUES_SENTINEL_HOSTS valueFrom: secretKeyRef: key: REDIS_QUEUES_SENTINEL_HOSTS name: backend-redis - name: CONFIG_QUEUES_SENTINEL_ROLE valueFrom: secretKeyRef: key: REDIS_QUEUES_SENTINEL_ROLE name: backend-redis - name: RACK_ENV valueFrom: configMapKeyRef: key: RACK_ENV name: backend-environment - name: SLEEP_SECONDS value: "1" image: amp-backend:latest name: backend-redis-svc resources: {} serviceAccountName: amp test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - backend-redis-svc - backend-worker from: kind: ImageStreamTag name: amp-backend:${AMP_RELEASE} type: ImageChange status: availableReplicas: 0 latestVersion: 0 observedGeneration: 0 replicas: 0 unavailableReplicas: 0 updatedReplicas: 0 - apiVersion: v1 data: RACK_ENV: production kind: ConfigMap metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: backend name: backend-environment - apiVersion: v1 kind: Secret metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: backend name: backend-internal-api stringData: password: ${SYSTEM_BACKEND_PASSWORD} username: ${SYSTEM_BACKEND_USERNAME} type: Opaque - apiVersion: v1 kind: Secret metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: backend name: backend-listener stringData: route_endpoint: https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN} service_endpoint: http://backend-listener:3000 type: Opaque - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: mysql name: system-mysql spec: replicas: 1 selector: deploymentConfig: system-mysql strategy: resources: {} type: Recreate template: metadata: creationTimestamp: null labels: app: ${APP_LABEL} deploymentConfig: system-mysql threescale_component: system threescale_component_element: mysql spec: containers: - env: - name: MYSQL_USER valueFrom: secretKeyRef: key: DB_USER name: system-database - name: MYSQL_PASSWORD valueFrom: secretKeyRef: key: DB_PASSWORD name: system-database - name: MYSQL_DATABASE value: ${SYSTEM_DATABASE} - name: MYSQL_ROOT_PASSWORD value: ${SYSTEM_DATABASE_ROOT_PASSWORD} - name: MYSQL_LOWER_CASE_TABLE_NAMES value: "1" - name: MYSQL_DEFAULTS_FILE value: /etc/my-extra/my.cnf image: system-mysql:latest imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 30 periodSeconds: 10 tcpSocket: port: 3306 name: system-mysql ports: - containerPort: 3306 protocol: TCP readinessProbe: exec: command: - /bin/sh - -i - -c - MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1' initialDelaySeconds: 10 periodSeconds: 30 timeoutSeconds: 5 resources: {} volumeMounts: - mountPath: /var/lib/mysql/data name: mysql-storage - mountPath: /etc/my-extra.d name: mysql-extra-conf - mountPath: /etc/my-extra name: mysql-main-conf serviceAccountName: amp volumes: - name: mysql-storage persistentVolumeClaim: claimName: mysql-storage - configMap: name: mysql-extra-conf name: mysql-extra-conf - configMap: name: mysql-main-conf name: mysql-main-conf test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - system-mysql from: kind: ImageStreamTag name: system-mysql:${AMP_RELEASE} type: ImageChange status: availableReplicas: 0 latestVersion: 0 observedGeneration: 0 replicas: 0 unavailableReplicas: 0 updatedReplicas: 0 - apiVersion: v1 kind: Service metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: mysql name: system-mysql spec: ports: - name: system-mysql port: 3306 protocol: TCP targetPort: 3306 selector: deploymentConfig: system-mysql status: loadBalancer: {} - apiVersion: v1 data: my.cnf: | !include /etc/my.cnf !includedir /etc/my-extra.d kind: ConfigMap metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: mysql name: mysql-main-conf - apiVersion: v1 data: mysql-charset.cnf: | [client] default-character-set = utf8 [mysql] default-character-set = utf8 [mysqld] character-set-server = utf8 collation-server = utf8_unicode_ci mysql-default-authentication-plugin.cnf: | [mysqld] default_authentication_plugin=mysql_native_password kind: ConfigMap metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: mysql name: mysql-extra-conf - apiVersion: v1 kind: PersistentVolumeClaim metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: mysql name: mysql-storage spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi status: {} - apiVersion: v1 kind: Secret metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system name: system-database stringData: DB_PASSWORD: ${SYSTEM_DATABASE_PASSWORD} DB_USER: ${SYSTEM_DATABASE_USER} URL: mysql2://root:${SYSTEM_DATABASE_ROOT_PASSWORD}@system-mysql/${SYSTEM_DATABASE} type: Opaque - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: memcache name: system-memcache spec: replicas: 1 selector: deploymentConfig: system-memcache strategy: resources: {} rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: creationTimestamp: null labels: app: ${APP_LABEL} deploymentConfig: system-memcache threescale_component: system threescale_component_element: memcache spec: containers: - command: - memcached - -m - "64" image: system-memcached:latest imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 10 periodSeconds: 10 tcpSocket: port: 11211 name: memcache ports: - containerPort: 11211 protocol: TCP readinessProbe: exec: command: - sh - -c - echo version | nc $HOSTNAME 11211 | grep VERSION initialDelaySeconds: 10 periodSeconds: 30 timeoutSeconds: 5 resources: {} serviceAccountName: amp test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - memcache from: kind: ImageStreamTag name: system-memcached:${AMP_RELEASE} type: ImageChange status: availableReplicas: 0 latestVersion: 0 observedGeneration: 0 replicas: 0 unavailableReplicas: 0 updatedReplicas: 0 - apiVersion: v1 kind: PersistentVolumeClaim metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: app name: system-storage spec: accessModes: - ReadWriteMany resources: requests: storage: 100Mi storageClassName: ${{RWX_STORAGE_CLASS}} status: {} - apiVersion: v1 kind: Service metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: provider-ui name: system-provider spec: ports: - name: http port: 3000 protocol: TCP targetPort: provider selector: deploymentConfig: system-app status: loadBalancer: {} - apiVersion: v1 kind: Service metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: master-ui name: system-master spec: ports: - name: http port: 3000 protocol: TCP targetPort: master selector: deploymentConfig: system-app status: loadBalancer: {} - apiVersion: v1 kind: Service metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: developer-ui name: system-developer spec: ports: - name: http port: 3000 protocol: TCP targetPort: developer selector: deploymentConfig: system-app status: loadBalancer: {} - apiVersion: v1 kind: Service metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: sphinx name: system-sphinx spec: ports: - name: sphinx port: 9306 protocol: TCP targetPort: 9306 selector: deploymentConfig: system-sphinx status: loadBalancer: {} - apiVersion: v1 kind: Service metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: memcache name: system-memcache spec: ports: - name: memcache port: 11211 protocol: TCP targetPort: 11211 selector: deploymentConfig: system-memcache status: loadBalancer: {} - apiVersion: v1 data: rolling_updates.yml: | production: {} service_discovery.yml: | production: enabled: <%= cluster_token_file_exists = File.exists?(cluster_token_file_path = '/var/run/secrets/kubernetes.io/serviceaccount/token') %> server_scheme: 'https' server_host: 'kubernetes.default.svc.cluster.local' server_port: 443 bearer_token: "<%= File.read(cluster_token_file_path) if cluster_token_file_exists %>" authentication_method: service_account # can be service_account|oauth oauth_server_type: builtin # can be builtin|rh_sso client_id: client_secret: timeout: 1 open_timeout: 1 max_retry: 5 verify_ssl: <%= OpenSSL::SSL::VERIFY_NONE %> # 0 zync.yml: | production: endpoint: 'http://zync:8080' authentication: token: "<%= ENV.fetch('ZYNC_AUTHENTICATION_TOKEN') %>" connect_timeout: 5 send_timeout: 5 receive_timeout: 10 root_url: kind: ConfigMap metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system name: system - apiVersion: v1 kind: Secret metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: smtp name: system-smtp stringData: address: "" authentication: "" domain: "" openssl.verify.mode: "" password: "" port: "" username: "" - apiVersion: v1 data: APICAST_REGISTRY_URL: ${APICAST_REGISTRY_URL} FORCE_SSL: "true" PROVIDER_PLAN: enterprise RAILS_ENV: production RAILS_LOG_LEVEL: info RAILS_LOG_TO_STDOUT: "true" SSL_CERT_DIR: /etc/pki/tls/certs THINKING_SPHINX_PORT: "9306" THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE: VERIFY_NONE THREESCALE_SUPERDOMAIN: ${WILDCARD_DOMAIN} kind: ConfigMap metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system name: system-environment - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: app name: system-app spec: replicas: 1 selector: deploymentConfig: system-app strategy: resources: {} rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% post: execNewPod: command: - bash - -c - bundle exec rake boot openshift:post_deploy containerName: system-master failurePolicy: Abort pre: execNewPod: command: - bash - -c - bundle exec rake boot openshift:deploy containerName: system-master env: - name: APICAST_REGISTRY_URL valueFrom: configMapKeyRef: key: APICAST_REGISTRY_URL name: system-environment - name: FORCE_SSL valueFrom: configMapKeyRef: key: FORCE_SSL name: system-environment - name: PROVIDER_PLAN valueFrom: configMapKeyRef: key: PROVIDER_PLAN name: system-environment - name: RAILS_ENV valueFrom: configMapKeyRef: key: RAILS_ENV name: system-environment - name: RAILS_LOG_LEVEL valueFrom: configMapKeyRef: key: RAILS_LOG_LEVEL name: system-environment - name: RAILS_LOG_TO_STDOUT valueFrom: configMapKeyRef: key: RAILS_LOG_TO_STDOUT name: system-environment - name: SSL_CERT_DIR valueFrom: configMapKeyRef: key: SSL_CERT_DIR name: system-environment - name: THINKING_SPHINX_PORT valueFrom: configMapKeyRef: key: THINKING_SPHINX_PORT name: system-environment - name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE valueFrom: configMapKeyRef: key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE name: system-environment - name: THREESCALE_SUPERDOMAIN valueFrom: configMapKeyRef: key: THREESCALE_SUPERDOMAIN name: system-environment - name: DATABASE_URL valueFrom: secretKeyRef: key: URL name: system-database - name: MASTER_DOMAIN valueFrom: secretKeyRef: key: MASTER_DOMAIN name: system-seed - name: MASTER_USER valueFrom: secretKeyRef: key: MASTER_USER name: system-seed - name: MASTER_PASSWORD valueFrom: secretKeyRef: key: MASTER_PASSWORD name: system-seed - name: ADMIN_ACCESS_TOKEN valueFrom: secretKeyRef: key: ADMIN_ACCESS_TOKEN name: system-seed - name: USER_LOGIN valueFrom: secretKeyRef: key: ADMIN_USER name: system-seed - name: USER_PASSWORD valueFrom: secretKeyRef: key: ADMIN_PASSWORD name: system-seed - name: USER_EMAIL valueFrom: secretKeyRef: key: ADMIN_EMAIL name: system-seed - name: TENANT_NAME valueFrom: secretKeyRef: key: TENANT_NAME name: system-seed - name: THINKING_SPHINX_ADDRESS value: system-sphinx - name: THINKING_SPHINX_CONFIGURATION_FILE value: /tmp/sphinx.conf - name: EVENTS_SHARED_SECRET valueFrom: secretKeyRef: key: PASSWORD name: system-events-hook - name: RECAPTCHA_PUBLIC_KEY valueFrom: secretKeyRef: key: PUBLIC_KEY name: system-recaptcha - name: RECAPTCHA_PRIVATE_KEY valueFrom: secretKeyRef: key: PRIVATE_KEY name: system-recaptcha - name: SECRET_KEY_BASE valueFrom: secretKeyRef: key: SECRET_KEY_BASE name: system-app - name: MEMCACHE_SERVERS valueFrom: secretKeyRef: key: SERVERS name: system-memcache - name: REDIS_URL valueFrom: secretKeyRef: key: URL name: system-redis - name: REDIS_NAMESPACE valueFrom: secretKeyRef: key: NAMESPACE name: system-redis - name: REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: SENTINEL_HOSTS name: system-redis - name: REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: SENTINEL_ROLE name: system-redis - name: BACKEND_REDIS_URL valueFrom: secretKeyRef: key: REDIS_STORAGE_URL name: backend-redis - name: BACKEND_REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_HOSTS name: backend-redis - name: BACKEND_REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_ROLE name: backend-redis - name: APICAST_BACKEND_ROOT_ENDPOINT valueFrom: secretKeyRef: key: route_endpoint name: backend-listener - name: BACKEND_ROUTE value: http://backend-listener:3000/internal/ - name: SMTP_ADDRESS valueFrom: secretKeyRef: key: address name: system-smtp - name: SMTP_USER_NAME valueFrom: secretKeyRef: key: username name: system-smtp - name: SMTP_PASSWORD valueFrom: secretKeyRef: key: password name: system-smtp - name: SMTP_DOMAIN valueFrom: secretKeyRef: key: domain name: system-smtp - name: SMTP_PORT valueFrom: secretKeyRef: key: port name: system-smtp - name: SMTP_AUTHENTICATION valueFrom: secretKeyRef: key: authentication name: system-smtp - name: SMTP_OPENSSL_VERIFY_MODE valueFrom: secretKeyRef: key: openssl.verify.mode name: system-smtp - name: APICAST_ACCESS_TOKEN valueFrom: secretKeyRef: key: ACCESS_TOKEN name: system-master-apicast - name: ZYNC_AUTHENTICATION_TOKEN valueFrom: secretKeyRef: key: ZYNC_AUTHENTICATION_TOKEN name: zync - name: CONFIG_INTERNAL_API_USER valueFrom: secretKeyRef: key: username name: backend-internal-api - name: CONFIG_INTERNAL_API_PASSWORD valueFrom: secretKeyRef: key: password name: backend-internal-api - name: MASTER_ACCESS_TOKEN valueFrom: secretKeyRef: key: MASTER_ACCESS_TOKEN name: system-seed volumes: - system-storage failurePolicy: Retry timeoutSeconds: 1200 updatePeriodSeconds: 1 type: Rolling template: metadata: creationTimestamp: null labels: app: ${APP_LABEL} deploymentConfig: system-app threescale_component: system threescale_component_element: app spec: containers: - args: - env - TENANT_MODE=master - PORT=3002 - container-entrypoint - bundle - exec - unicorn - -c - config/unicorn.rb env: - name: APICAST_REGISTRY_URL valueFrom: configMapKeyRef: key: APICAST_REGISTRY_URL name: system-environment - name: FORCE_SSL valueFrom: configMapKeyRef: key: FORCE_SSL name: system-environment - name: PROVIDER_PLAN valueFrom: configMapKeyRef: key: PROVIDER_PLAN name: system-environment - name: RAILS_ENV valueFrom: configMapKeyRef: key: RAILS_ENV name: system-environment - name: RAILS_LOG_LEVEL valueFrom: configMapKeyRef: key: RAILS_LOG_LEVEL name: system-environment - name: RAILS_LOG_TO_STDOUT valueFrom: configMapKeyRef: key: RAILS_LOG_TO_STDOUT name: system-environment - name: SSL_CERT_DIR valueFrom: configMapKeyRef: key: SSL_CERT_DIR name: system-environment - name: THINKING_SPHINX_PORT valueFrom: configMapKeyRef: key: THINKING_SPHINX_PORT name: system-environment - name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE valueFrom: configMapKeyRef: key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE name: system-environment - name: THREESCALE_SUPERDOMAIN valueFrom: configMapKeyRef: key: THREESCALE_SUPERDOMAIN name: system-environment - name: DATABASE_URL valueFrom: secretKeyRef: key: URL name: system-database - name: MASTER_DOMAIN valueFrom: secretKeyRef: key: MASTER_DOMAIN name: system-seed - name: MASTER_USER valueFrom: secretKeyRef: key: MASTER_USER name: system-seed - name: MASTER_PASSWORD valueFrom: secretKeyRef: key: MASTER_PASSWORD name: system-seed - name: ADMIN_ACCESS_TOKEN valueFrom: secretKeyRef: key: ADMIN_ACCESS_TOKEN name: system-seed - name: USER_LOGIN valueFrom: secretKeyRef: key: ADMIN_USER name: system-seed - name: USER_PASSWORD valueFrom: secretKeyRef: key: ADMIN_PASSWORD name: system-seed - name: USER_EMAIL valueFrom: secretKeyRef: key: ADMIN_EMAIL name: system-seed - name: TENANT_NAME valueFrom: secretKeyRef: key: TENANT_NAME name: system-seed - name: THINKING_SPHINX_ADDRESS value: system-sphinx - name: THINKING_SPHINX_CONFIGURATION_FILE value: /tmp/sphinx.conf - name: EVENTS_SHARED_SECRET valueFrom: secretKeyRef: key: PASSWORD name: system-events-hook - name: RECAPTCHA_PUBLIC_KEY valueFrom: secretKeyRef: key: PUBLIC_KEY name: system-recaptcha - name: RECAPTCHA_PRIVATE_KEY valueFrom: secretKeyRef: key: PRIVATE_KEY name: system-recaptcha - name: SECRET_KEY_BASE valueFrom: secretKeyRef: key: SECRET_KEY_BASE name: system-app - name: MEMCACHE_SERVERS valueFrom: secretKeyRef: key: SERVERS name: system-memcache - name: REDIS_URL valueFrom: secretKeyRef: key: URL name: system-redis - name: REDIS_NAMESPACE valueFrom: secretKeyRef: key: NAMESPACE name: system-redis - name: REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: SENTINEL_HOSTS name: system-redis - name: REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: SENTINEL_ROLE name: system-redis - name: BACKEND_REDIS_URL valueFrom: secretKeyRef: key: REDIS_STORAGE_URL name: backend-redis - name: BACKEND_REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_HOSTS name: backend-redis - name: BACKEND_REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_ROLE name: backend-redis - name: APICAST_BACKEND_ROOT_ENDPOINT valueFrom: secretKeyRef: key: route_endpoint name: backend-listener - name: BACKEND_ROUTE value: http://backend-listener:3000/internal/ - name: SMTP_ADDRESS valueFrom: secretKeyRef: key: address name: system-smtp - name: SMTP_USER_NAME valueFrom: secretKeyRef: key: username name: system-smtp - name: SMTP_PASSWORD valueFrom: secretKeyRef: key: password name: system-smtp - name: SMTP_DOMAIN valueFrom: secretKeyRef: key: domain name: system-smtp - name: SMTP_PORT valueFrom: secretKeyRef: key: port name: system-smtp - name: SMTP_AUTHENTICATION valueFrom: secretKeyRef: key: authentication name: system-smtp - name: SMTP_OPENSSL_VERIFY_MODE valueFrom: secretKeyRef: key: openssl.verify.mode name: system-smtp - name: APICAST_ACCESS_TOKEN valueFrom: secretKeyRef: key: ACCESS_TOKEN name: system-master-apicast - name: ZYNC_AUTHENTICATION_TOKEN valueFrom: secretKeyRef: key: ZYNC_AUTHENTICATION_TOKEN name: zync - name: CONFIG_INTERNAL_API_USER valueFrom: secretKeyRef: key: username name: backend-internal-api - name: CONFIG_INTERNAL_API_PASSWORD valueFrom: secretKeyRef: key: password name: backend-internal-api - name: USER_SESSION_TTL valueFrom: secretKeyRef: key: USER_SESSION_TTL name: system-app image: amp-system:latest imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 40 initialDelaySeconds: 40 periodSeconds: 10 tcpSocket: port: master timeoutSeconds: 10 name: system-master ports: - containerPort: 3002 name: master protocol: TCP readinessProbe: failureThreshold: 10 httpGet: httpHeaders: - name: X-Forwarded-Proto value: https path: /check.txt port: master scheme: HTTP initialDelaySeconds: 60 periodSeconds: 30 timeoutSeconds: 10 resources: {} volumeMounts: - mountPath: /opt/system/public/system name: system-storage - mountPath: /opt/system-extra-configs name: system-config - args: - env - TENANT_MODE=provider - PORT=3000 - container-entrypoint - bundle - exec - unicorn - -c - config/unicorn.rb env: - name: APICAST_REGISTRY_URL valueFrom: configMapKeyRef: key: APICAST_REGISTRY_URL name: system-environment - name: FORCE_SSL valueFrom: configMapKeyRef: key: FORCE_SSL name: system-environment - name: PROVIDER_PLAN valueFrom: configMapKeyRef: key: PROVIDER_PLAN name: system-environment - name: RAILS_ENV valueFrom: configMapKeyRef: key: RAILS_ENV name: system-environment - name: RAILS_LOG_LEVEL valueFrom: configMapKeyRef: key: RAILS_LOG_LEVEL name: system-environment - name: RAILS_LOG_TO_STDOUT valueFrom: configMapKeyRef: key: RAILS_LOG_TO_STDOUT name: system-environment - name: SSL_CERT_DIR valueFrom: configMapKeyRef: key: SSL_CERT_DIR name: system-environment - name: THINKING_SPHINX_PORT valueFrom: configMapKeyRef: key: THINKING_SPHINX_PORT name: system-environment - name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE valueFrom: configMapKeyRef: key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE name: system-environment - name: THREESCALE_SUPERDOMAIN valueFrom: configMapKeyRef: key: THREESCALE_SUPERDOMAIN name: system-environment - name: DATABASE_URL valueFrom: secretKeyRef: key: URL name: system-database - name: MASTER_DOMAIN valueFrom: secretKeyRef: key: MASTER_DOMAIN name: system-seed - name: MASTER_USER valueFrom: secretKeyRef: key: MASTER_USER name: system-seed - name: MASTER_PASSWORD valueFrom: secretKeyRef: key: MASTER_PASSWORD name: system-seed - name: ADMIN_ACCESS_TOKEN valueFrom: secretKeyRef: key: ADMIN_ACCESS_TOKEN name: system-seed - name: USER_LOGIN valueFrom: secretKeyRef: key: ADMIN_USER name: system-seed - name: USER_PASSWORD valueFrom: secretKeyRef: key: ADMIN_PASSWORD name: system-seed - name: USER_EMAIL valueFrom: secretKeyRef: key: ADMIN_EMAIL name: system-seed - name: TENANT_NAME valueFrom: secretKeyRef: key: TENANT_NAME name: system-seed - name: THINKING_SPHINX_ADDRESS value: system-sphinx - name: THINKING_SPHINX_CONFIGURATION_FILE value: /tmp/sphinx.conf - name: EVENTS_SHARED_SECRET valueFrom: secretKeyRef: key: PASSWORD name: system-events-hook - name: RECAPTCHA_PUBLIC_KEY valueFrom: secretKeyRef: key: PUBLIC_KEY name: system-recaptcha - name: RECAPTCHA_PRIVATE_KEY valueFrom: secretKeyRef: key: PRIVATE_KEY name: system-recaptcha - name: SECRET_KEY_BASE valueFrom: secretKeyRef: key: SECRET_KEY_BASE name: system-app - name: MEMCACHE_SERVERS valueFrom: secretKeyRef: key: SERVERS name: system-memcache - name: REDIS_URL valueFrom: secretKeyRef: key: URL name: system-redis - name: REDIS_NAMESPACE valueFrom: secretKeyRef: key: NAMESPACE name: system-redis - name: REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: SENTINEL_HOSTS name: system-redis - name: REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: SENTINEL_ROLE name: system-redis - name: BACKEND_REDIS_URL valueFrom: secretKeyRef: key: REDIS_STORAGE_URL name: backend-redis - name: BACKEND_REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_HOSTS name: backend-redis - name: BACKEND_REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_ROLE name: backend-redis - name: APICAST_BACKEND_ROOT_ENDPOINT valueFrom: secretKeyRef: key: route_endpoint name: backend-listener - name: BACKEND_ROUTE value: http://backend-listener:3000/internal/ - name: SMTP_ADDRESS valueFrom: secretKeyRef: key: address name: system-smtp - name: SMTP_USER_NAME valueFrom: secretKeyRef: key: username name: system-smtp - name: SMTP_PASSWORD valueFrom: secretKeyRef: key: password name: system-smtp - name: SMTP_DOMAIN valueFrom: secretKeyRef: key: domain name: system-smtp - name: SMTP_PORT valueFrom: secretKeyRef: key: port name: system-smtp - name: SMTP_AUTHENTICATION valueFrom: secretKeyRef: key: authentication name: system-smtp - name: SMTP_OPENSSL_VERIFY_MODE valueFrom: secretKeyRef: key: openssl.verify.mode name: system-smtp - name: APICAST_ACCESS_TOKEN valueFrom: secretKeyRef: key: ACCESS_TOKEN name: system-master-apicast - name: ZYNC_AUTHENTICATION_TOKEN valueFrom: secretKeyRef: key: ZYNC_AUTHENTICATION_TOKEN name: zync - name: CONFIG_INTERNAL_API_USER valueFrom: secretKeyRef: key: username name: backend-internal-api - name: CONFIG_INTERNAL_API_PASSWORD valueFrom: secretKeyRef: key: password name: backend-internal-api - name: USER_SESSION_TTL valueFrom: secretKeyRef: key: USER_SESSION_TTL name: system-app image: amp-system:latest imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 40 initialDelaySeconds: 40 periodSeconds: 10 tcpSocket: port: provider timeoutSeconds: 10 name: system-provider ports: - containerPort: 3000 name: provider protocol: TCP readinessProbe: failureThreshold: 10 httpGet: httpHeaders: - name: X-Forwarded-Proto value: https path: /check.txt port: provider scheme: HTTP initialDelaySeconds: 60 periodSeconds: 30 timeoutSeconds: 10 resources: {} volumeMounts: - mountPath: /opt/system/public/system name: system-storage - mountPath: /opt/system-extra-configs name: system-config - args: - env - PORT=3001 - container-entrypoint - bundle - exec - unicorn - -c - config/unicorn.rb env: - name: APICAST_REGISTRY_URL valueFrom: configMapKeyRef: key: APICAST_REGISTRY_URL name: system-environment - name: FORCE_SSL valueFrom: configMapKeyRef: key: FORCE_SSL name: system-environment - name: PROVIDER_PLAN valueFrom: configMapKeyRef: key: PROVIDER_PLAN name: system-environment - name: RAILS_ENV valueFrom: configMapKeyRef: key: RAILS_ENV name: system-environment - name: RAILS_LOG_LEVEL valueFrom: configMapKeyRef: key: RAILS_LOG_LEVEL name: system-environment - name: RAILS_LOG_TO_STDOUT valueFrom: configMapKeyRef: key: RAILS_LOG_TO_STDOUT name: system-environment - name: SSL_CERT_DIR valueFrom: configMapKeyRef: key: SSL_CERT_DIR name: system-environment - name: THINKING_SPHINX_PORT valueFrom: configMapKeyRef: key: THINKING_SPHINX_PORT name: system-environment - name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE valueFrom: configMapKeyRef: key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE name: system-environment - name: THREESCALE_SUPERDOMAIN valueFrom: configMapKeyRef: key: THREESCALE_SUPERDOMAIN name: system-environment - name: DATABASE_URL valueFrom: secretKeyRef: key: URL name: system-database - name: MASTER_DOMAIN valueFrom: secretKeyRef: key: MASTER_DOMAIN name: system-seed - name: MASTER_USER valueFrom: secretKeyRef: key: MASTER_USER name: system-seed - name: MASTER_PASSWORD valueFrom: secretKeyRef: key: MASTER_PASSWORD name: system-seed - name: ADMIN_ACCESS_TOKEN valueFrom: secretKeyRef: key: ADMIN_ACCESS_TOKEN name: system-seed - name: USER_LOGIN valueFrom: secretKeyRef: key: ADMIN_USER name: system-seed - name: USER_PASSWORD valueFrom: secretKeyRef: key: ADMIN_PASSWORD name: system-seed - name: USER_EMAIL valueFrom: secretKeyRef: key: ADMIN_EMAIL name: system-seed - name: TENANT_NAME valueFrom: secretKeyRef: key: TENANT_NAME name: system-seed - name: THINKING_SPHINX_ADDRESS value: system-sphinx - name: THINKING_SPHINX_CONFIGURATION_FILE value: /tmp/sphinx.conf - name: EVENTS_SHARED_SECRET valueFrom: secretKeyRef: key: PASSWORD name: system-events-hook - name: RECAPTCHA_PUBLIC_KEY valueFrom: secretKeyRef: key: PUBLIC_KEY name: system-recaptcha - name: RECAPTCHA_PRIVATE_KEY valueFrom: secretKeyRef: key: PRIVATE_KEY name: system-recaptcha - name: SECRET_KEY_BASE valueFrom: secretKeyRef: key: SECRET_KEY_BASE name: system-app - name: MEMCACHE_SERVERS valueFrom: secretKeyRef: key: SERVERS name: system-memcache - name: REDIS_URL valueFrom: secretKeyRef: key: URL name: system-redis - name: REDIS_NAMESPACE valueFrom: secretKeyRef: key: NAMESPACE name: system-redis - name: REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: SENTINEL_HOSTS name: system-redis - name: REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: SENTINEL_ROLE name: system-redis - name: BACKEND_REDIS_URL valueFrom: secretKeyRef: key: REDIS_STORAGE_URL name: backend-redis - name: BACKEND_REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_HOSTS name: backend-redis - name: BACKEND_REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_ROLE name: backend-redis - name: APICAST_BACKEND_ROOT_ENDPOINT valueFrom: secretKeyRef: key: route_endpoint name: backend-listener - name: BACKEND_ROUTE value: http://backend-listener:3000/internal/ - name: SMTP_ADDRESS valueFrom: secretKeyRef: key: address name: system-smtp - name: SMTP_USER_NAME valueFrom: secretKeyRef: key: username name: system-smtp - name: SMTP_PASSWORD valueFrom: secretKeyRef: key: password name: system-smtp - name: SMTP_DOMAIN valueFrom: secretKeyRef: key: domain name: system-smtp - name: SMTP_PORT valueFrom: secretKeyRef: key: port name: system-smtp - name: SMTP_AUTHENTICATION valueFrom: secretKeyRef: key: authentication name: system-smtp - name: SMTP_OPENSSL_VERIFY_MODE valueFrom: secretKeyRef: key: openssl.verify.mode name: system-smtp - name: APICAST_ACCESS_TOKEN valueFrom: secretKeyRef: key: ACCESS_TOKEN name: system-master-apicast - name: ZYNC_AUTHENTICATION_TOKEN valueFrom: secretKeyRef: key: ZYNC_AUTHENTICATION_TOKEN name: zync - name: CONFIG_INTERNAL_API_USER valueFrom: secretKeyRef: key: username name: backend-internal-api - name: CONFIG_INTERNAL_API_PASSWORD valueFrom: secretKeyRef: key: password name: backend-internal-api - name: USER_SESSION_TTL valueFrom: secretKeyRef: key: USER_SESSION_TTL name: system-app image: amp-system:latest imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 40 initialDelaySeconds: 40 periodSeconds: 10 tcpSocket: port: developer timeoutSeconds: 10 name: system-developer ports: - containerPort: 3001 name: developer protocol: TCP readinessProbe: failureThreshold: 10 httpGet: httpHeaders: - name: X-Forwarded-Proto value: https path: /check.txt port: developer scheme: HTTP initialDelaySeconds: 60 periodSeconds: 30 timeoutSeconds: 10 resources: {} volumeMounts: - mountPath: /opt/system/public/system name: system-storage readOnly: true - mountPath: /opt/system-extra-configs name: system-config serviceAccountName: amp volumes: - name: system-storage persistentVolumeClaim: claimName: system-storage - configMap: items: - key: zync.yml path: zync.yml - key: rolling_updates.yml path: rolling_updates.yml - key: service_discovery.yml path: service_discovery.yml name: system name: system-config test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - system-provider - system-developer - system-master from: kind: ImageStreamTag name: amp-system:${AMP_RELEASE} type: ImageChange status: availableReplicas: 0 latestVersion: 0 observedGeneration: 0 replicas: 0 unavailableReplicas: 0 updatedReplicas: 0 - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: sidekiq name: system-sidekiq spec: replicas: 1 selector: deploymentConfig: system-sidekiq strategy: resources: {} rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 1200 updatePeriodSeconds: 1 type: Rolling template: metadata: creationTimestamp: null labels: app: ${APP_LABEL} deploymentConfig: system-sidekiq threescale_component: system threescale_component_element: sidekiq spec: containers: - args: - rake - sidekiq:worker - RAILS_MAX_THREADS=25 env: - name: APICAST_REGISTRY_URL valueFrom: configMapKeyRef: key: APICAST_REGISTRY_URL name: system-environment - name: FORCE_SSL valueFrom: configMapKeyRef: key: FORCE_SSL name: system-environment - name: PROVIDER_PLAN valueFrom: configMapKeyRef: key: PROVIDER_PLAN name: system-environment - name: RAILS_ENV valueFrom: configMapKeyRef: key: RAILS_ENV name: system-environment - name: RAILS_LOG_LEVEL valueFrom: configMapKeyRef: key: RAILS_LOG_LEVEL name: system-environment - name: RAILS_LOG_TO_STDOUT valueFrom: configMapKeyRef: key: RAILS_LOG_TO_STDOUT name: system-environment - name: SSL_CERT_DIR valueFrom: configMapKeyRef: key: SSL_CERT_DIR name: system-environment - name: THINKING_SPHINX_PORT valueFrom: configMapKeyRef: key: THINKING_SPHINX_PORT name: system-environment - name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE valueFrom: configMapKeyRef: key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE name: system-environment - name: THREESCALE_SUPERDOMAIN valueFrom: configMapKeyRef: key: THREESCALE_SUPERDOMAIN name: system-environment - name: DATABASE_URL valueFrom: secretKeyRef: key: URL name: system-database - name: MASTER_DOMAIN valueFrom: secretKeyRef: key: MASTER_DOMAIN name: system-seed - name: MASTER_USER valueFrom: secretKeyRef: key: MASTER_USER name: system-seed - name: MASTER_PASSWORD valueFrom: secretKeyRef: key: MASTER_PASSWORD name: system-seed - name: ADMIN_ACCESS_TOKEN valueFrom: secretKeyRef: key: ADMIN_ACCESS_TOKEN name: system-seed - name: USER_LOGIN valueFrom: secretKeyRef: key: ADMIN_USER name: system-seed - name: USER_PASSWORD valueFrom: secretKeyRef: key: ADMIN_PASSWORD name: system-seed - name: USER_EMAIL valueFrom: secretKeyRef: key: ADMIN_EMAIL name: system-seed - name: TENANT_NAME valueFrom: secretKeyRef: key: TENANT_NAME name: system-seed - name: THINKING_SPHINX_ADDRESS value: system-sphinx - name: THINKING_SPHINX_CONFIGURATION_FILE value: /tmp/sphinx.conf - name: EVENTS_SHARED_SECRET valueFrom: secretKeyRef: key: PASSWORD name: system-events-hook - name: RECAPTCHA_PUBLIC_KEY valueFrom: secretKeyRef: key: PUBLIC_KEY name: system-recaptcha - name: RECAPTCHA_PRIVATE_KEY valueFrom: secretKeyRef: key: PRIVATE_KEY name: system-recaptcha - name: SECRET_KEY_BASE valueFrom: secretKeyRef: key: SECRET_KEY_BASE name: system-app - name: MEMCACHE_SERVERS valueFrom: secretKeyRef: key: SERVERS name: system-memcache - name: REDIS_URL valueFrom: secretKeyRef: key: URL name: system-redis - name: REDIS_NAMESPACE valueFrom: secretKeyRef: key: NAMESPACE name: system-redis - name: REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: SENTINEL_HOSTS name: system-redis - name: REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: SENTINEL_ROLE name: system-redis - name: BACKEND_REDIS_URL valueFrom: secretKeyRef: key: REDIS_STORAGE_URL name: backend-redis - name: BACKEND_REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_HOSTS name: backend-redis - name: BACKEND_REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: REDIS_STORAGE_SENTINEL_ROLE name: backend-redis - name: APICAST_BACKEND_ROOT_ENDPOINT valueFrom: secretKeyRef: key: route_endpoint name: backend-listener - name: BACKEND_ROUTE value: http://backend-listener:3000/internal/ - name: SMTP_ADDRESS valueFrom: secretKeyRef: key: address name: system-smtp - name: SMTP_USER_NAME valueFrom: secretKeyRef: key: username name: system-smtp - name: SMTP_PASSWORD valueFrom: secretKeyRef: key: password name: system-smtp - name: SMTP_DOMAIN valueFrom: secretKeyRef: key: domain name: system-smtp - name: SMTP_PORT valueFrom: secretKeyRef: key: port name: system-smtp - name: SMTP_AUTHENTICATION valueFrom: secretKeyRef: key: authentication name: system-smtp - name: SMTP_OPENSSL_VERIFY_MODE valueFrom: secretKeyRef: key: openssl.verify.mode name: system-smtp - name: APICAST_ACCESS_TOKEN valueFrom: secretKeyRef: key: ACCESS_TOKEN name: system-master-apicast - name: ZYNC_AUTHENTICATION_TOKEN valueFrom: secretKeyRef: key: ZYNC_AUTHENTICATION_TOKEN name: zync - name: CONFIG_INTERNAL_API_USER valueFrom: secretKeyRef: key: username name: backend-internal-api - name: CONFIG_INTERNAL_API_PASSWORD valueFrom: secretKeyRef: key: password name: backend-internal-api image: amp-system:latest imagePullPolicy: IfNotPresent name: system-sidekiq resources: {} volumeMounts: - mountPath: /opt/system/public/system name: system-storage - mountPath: /tmp name: system-tmp - mountPath: /opt/system-extra-configs name: system-config initContainers: - command: - bash - -c - bundle exec sh -c "until rake boot:redis && curl --output /dev/null --silent --fail --head http://system-master:3000/status; do sleep $SLEEP_SECONDS; done" env: - name: REDIS_URL valueFrom: secretKeyRef: key: URL name: system-redis - name: REDIS_NAMESPACE valueFrom: secretKeyRef: key: NAMESPACE name: system-redis - name: REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: SENTINEL_HOSTS name: system-redis - name: REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: SENTINEL_ROLE name: system-redis - name: SLEEP_SECONDS value: "1" image: amp-system:latest name: check-svc resources: {} serviceAccountName: amp volumes: - emptyDir: medium: Memory name: system-tmp - name: system-storage persistentVolumeClaim: claimName: system-storage - configMap: items: - key: zync.yml path: zync.yml - key: rolling_updates.yml path: rolling_updates.yml - key: service_discovery.yml path: service_discovery.yml name: system name: system-config test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - check-svc - system-sidekiq from: kind: ImageStreamTag name: amp-system:${AMP_RELEASE} type: ImageChange status: availableReplicas: 0 latestVersion: 0 observedGeneration: 0 replicas: 0 unavailableReplicas: 0 updatedReplicas: 0 - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system threescale_component_element: sphinx name: system-sphinx spec: replicas: 1 selector: deploymentConfig: system-sphinx strategy: resources: {} rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 1200 updatePeriodSeconds: 1 type: Rolling template: metadata: creationTimestamp: null labels: app: ${APP_LABEL} deploymentConfig: system-sphinx threescale_component: system threescale_component_element: sphinx spec: containers: - args: - rake - openshift:thinking_sphinx:start env: - name: RAILS_ENV valueFrom: configMapKeyRef: key: RAILS_ENV name: system-environment - name: DATABASE_URL valueFrom: secretKeyRef: key: URL name: system-database - name: THINKING_SPHINX_ADDRESS value: 0.0.0.0 - name: THINKING_SPHINX_CONFIGURATION_FILE value: db/sphinx/production.conf - name: THINKING_SPHINX_PID_FILE value: db/sphinx/searchd.pid - name: DELTA_INDEX_INTERVAL value: "5" - name: FULL_REINDEX_INTERVAL value: "60" - name: REDIS_URL valueFrom: secretKeyRef: key: URL name: system-redis - name: REDIS_NAMESPACE valueFrom: secretKeyRef: key: NAMESPACE name: system-redis - name: REDIS_SENTINEL_HOSTS valueFrom: secretKeyRef: key: SENTINEL_HOSTS name: system-redis - name: REDIS_SENTINEL_ROLE valueFrom: secretKeyRef: key: SENTINEL_ROLE name: system-redis image: amp-system:latest imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 60 periodSeconds: 10 tcpSocket: port: 9306 name: system-sphinx resources: {} volumeMounts: - mountPath: /opt/system/db/sphinx name: system-sphinx-database initContainers: - command: - sh - -c - until $(curl --output /dev/null --silent --fail --head http://system-master:3000/status); do sleep $SLEEP_SECONDS; done env: - name: SLEEP_SECONDS value: "1" image: amp-system:latest name: system-master-svc resources: {} serviceAccountName: amp volumes: - emptyDir: {} name: system-sphinx-database test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - system-master-svc - system-sphinx from: kind: ImageStreamTag name: amp-system:${AMP_RELEASE} type: ImageChange status: availableReplicas: 0 latestVersion: 0 observedGeneration: 0 replicas: 0 unavailableReplicas: 0 updatedReplicas: 0 - apiVersion: v1 kind: Secret metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system name: system-events-hook stringData: PASSWORD: ${SYSTEM_BACKEND_SHARED_SECRET} URL: http://system-master:3000/master/events/import type: Opaque - apiVersion: v1 kind: Secret metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system name: system-master-apicast stringData: ACCESS_TOKEN: ${APICAST_ACCESS_TOKEN} PROXY_CONFIGS_ENDPOINT: http://${APICAST_ACCESS_TOKEN}@system-master:3000/master/api/proxy/configs type: Opaque - apiVersion: v1 kind: Secret metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system name: system-seed stringData: ADMIN_ACCESS_TOKEN: ${ADMIN_ACCESS_TOKEN} ADMIN_EMAIL: ${ADMIN_EMAIL} ADMIN_PASSWORD: ${ADMIN_PASSWORD} ADMIN_USER: ${ADMIN_USERNAME} MASTER_ACCESS_TOKEN: ${MASTER_ACCESS_TOKEN} MASTER_DOMAIN: ${MASTER_NAME} MASTER_PASSWORD: ${MASTER_PASSWORD} MASTER_USER: ${MASTER_USER} TENANT_NAME: ${TENANT_NAME} type: Opaque - apiVersion: v1 kind: Secret metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system name: system-recaptcha stringData: PRIVATE_KEY: ${RECAPTCHA_PRIVATE_KEY} PUBLIC_KEY: ${RECAPTCHA_PUBLIC_KEY} type: Opaque - apiVersion: v1 kind: Secret metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system name: system-app stringData: SECRET_KEY_BASE: ${SYSTEM_APP_SECRET_KEY_BASE} USER_SESSION_TTL: ${USER_SESSION_TTL} type: Opaque - apiVersion: v1 kind: Secret metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: system name: system-memcache stringData: SERVERS: system-memcache:11211 type: Opaque - apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: creationTimestamp: null name: zync-que-role rules: - apiGroups: - apps.openshift.io resources: - deploymentconfigs verbs: - get - list - apiGroups: - "" resources: - pods - replicationcontrollers verbs: - get - list - apiGroups: - route.openshift.io resources: - routes verbs: - get - list - create - delete - patch - update - apiGroups: - route.openshift.io resources: - routes/status verbs: - get - apiGroups: - route.openshift.io resources: - routes/custom-host verbs: - create - apiVersion: v1 imagePullSecrets: - name: threescale-registry-auth kind: ServiceAccount metadata: creationTimestamp: null name: zync-que-sa - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: creationTimestamp: null name: zync-que-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: zync-que-role subjects: - kind: ServiceAccount name: zync-que-sa - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: zync name: zync spec: replicas: 1 selector: deploymentConfig: zync strategy: resources: {} template: metadata: annotations: prometheus.io/port: "9393" prometheus.io/scrape: "true" creationTimestamp: null labels: app: ${APP_LABEL} deploymentConfig: zync threescale_component: zync spec: containers: - env: - name: RAILS_LOG_TO_STDOUT value: "true" - name: RAILS_ENV value: production - name: DATABASE_URL valueFrom: secretKeyRef: key: DATABASE_URL name: zync - name: SECRET_KEY_BASE valueFrom: secretKeyRef: key: SECRET_KEY_BASE name: zync - name: ZYNC_AUTHENTICATION_TOKEN valueFrom: secretKeyRef: key: ZYNC_AUTHENTICATION_TOKEN name: zync - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: amp-zync:latest livenessProbe: failureThreshold: 10 httpGet: path: /status/live port: 8080 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 60 name: zync ports: - containerPort: 8080 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /status/ready port: 8080 scheme: HTTP initialDelaySeconds: 100 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 10 resources: {} initContainers: - command: - bash - -c - bundle exec sh -c "until rake boot:db; do sleep $SLEEP_SECONDS; done" env: - name: SLEEP_SECONDS value: "1" - name: DATABASE_URL valueFrom: secretKeyRef: key: DATABASE_URL name: zync image: amp-zync:latest name: zync-db-svc resources: {} serviceAccountName: amp test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - zync-db-svc - zync from: kind: ImageStreamTag name: amp-zync:${AMP_RELEASE} type: ImageChange status: availableReplicas: 0 latestVersion: 0 observedGeneration: 0 replicas: 0 unavailableReplicas: 0 updatedReplicas: 0 - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: zync name: zync-que spec: replicas: 1 selector: deploymentConfig: zync-que strategy: resources: {} rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: annotations: prometheus.io/port: "9394" prometheus.io/scrape: "true" creationTimestamp: null labels: app: ${APP_LABEL} deploymentConfig: zync-que spec: containers: - args: - -c - bundle exec rake 'que[--worker-count 10]' command: - /usr/bin/bash env: - name: RAILS_LOG_TO_STDOUT value: "true" - name: RAILS_ENV value: production - name: DATABASE_URL valueFrom: secretKeyRef: key: DATABASE_URL name: zync - name: SECRET_KEY_BASE valueFrom: secretKeyRef: key: SECRET_KEY_BASE name: zync - name: ZYNC_AUTHENTICATION_TOKEN valueFrom: secretKeyRef: key: ZYNC_AUTHENTICATION_TOKEN name: zync - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: amp-zync:latest imagePullPolicy: Always livenessProbe: failureThreshold: 3 httpGet: path: /metrics port: 9394 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 60 name: que ports: - containerPort: 9394 name: metrics protocol: TCP resources: {} restartPolicy: Always serviceAccountName: zync-que-sa terminationGracePeriodSeconds: 30 test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - que from: kind: ImageStreamTag name: amp-zync:${AMP_RELEASE} type: ImageChange status: availableReplicas: 0 latestVersion: 0 observedGeneration: 0 replicas: 0 unavailableReplicas: 0 updatedReplicas: 0 - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: zync threescale_component_element: database name: zync-database spec: replicas: 1 selector: deploymentConfig: zync-database strategy: resources: {} type: Recreate template: metadata: creationTimestamp: null labels: app: ${APP_LABEL} deploymentConfig: zync-database threescale_component: zync threescale_component_element: database spec: containers: - env: - name: POSTGRESQL_USER value: zync - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: key: ZYNC_DATABASE_PASSWORD name: zync - name: POSTGRESQL_DATABASE value: zync_production image: ' ' imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 30 tcpSocket: port: 5432 timeoutSeconds: 1 name: postgresql ports: - containerPort: 5432 protocol: TCP readinessProbe: exec: command: - /bin/sh - -i - -c - psql -h 127.0.0.1 -U zync -q -d zync_production -c 'SELECT 1' initialDelaySeconds: 5 timeoutSeconds: 1 resources: {} volumeMounts: - mountPath: /var/lib/pgsql/data name: zync-database-data restartPolicy: Always serviceAccountName: amp volumes: - emptyDir: {} name: zync-database-data test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - postgresql from: kind: ImageStreamTag name: zync-database-postgresql:${AMP_RELEASE} type: ImageChange status: availableReplicas: 0 latestVersion: 0 observedGeneration: 0 replicas: 0 unavailableReplicas: 0 updatedReplicas: 0 - apiVersion: v1 kind: Service metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: zync name: zync spec: ports: - name: 8080-tcp port: 8080 protocol: TCP targetPort: 8080 selector: deploymentConfig: zync status: loadBalancer: {} - apiVersion: v1 kind: Service metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: zync threescale_component_element: database name: zync-database spec: ports: - name: postgresql port: 5432 protocol: TCP targetPort: 5432 selector: deploymentConfig: zync-database status: loadBalancer: {} - apiVersion: v1 kind: Secret metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: zync name: zync stringData: DATABASE_URL: postgresql://zync:${ZYNC_DATABASE_PASSWORD}@zync-database:5432/zync_production SECRET_KEY_BASE: ${ZYNC_SECRET_KEY_BASE} ZYNC_AUTHENTICATION_TOKEN: ${ZYNC_AUTHENTICATION_TOKEN} ZYNC_DATABASE_PASSWORD: ${ZYNC_DATABASE_PASSWORD} type: Opaque - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: apicast threescale_component_element: staging name: apicast-staging spec: replicas: 1 selector: deploymentConfig: apicast-staging strategy: resources: {} rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 1800 updatePeriodSeconds: 1 type: Rolling template: metadata: annotations: prometheus.io/port: "9421" prometheus.io/scrape: "true" creationTimestamp: null labels: app: ${APP_LABEL} deploymentConfig: apicast-staging threescale_component: apicast threescale_component_element: staging spec: containers: - env: - name: THREESCALE_PORTAL_ENDPOINT valueFrom: secretKeyRef: key: PROXY_CONFIGS_ENDPOINT name: system-master-apicast - name: BACKEND_ENDPOINT_OVERRIDE valueFrom: secretKeyRef: key: service_endpoint name: backend-listener - name: APICAST_MANAGEMENT_API valueFrom: configMapKeyRef: key: APICAST_MANAGEMENT_API name: apicast-environment - name: OPENSSL_VERIFY valueFrom: configMapKeyRef: key: OPENSSL_VERIFY name: apicast-environment - name: APICAST_RESPONSE_CODES valueFrom: configMapKeyRef: key: APICAST_RESPONSE_CODES name: apicast-environment - name: APICAST_CONFIGURATION_LOADER value: lazy - name: APICAST_CONFIGURATION_CACHE value: "0" - name: THREESCALE_DEPLOYMENT_ENV value: staging image: amp-apicast:latest imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /status/live port: 8090 initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 name: apicast-staging ports: - containerPort: 8080 protocol: TCP - containerPort: 8090 protocol: TCP - containerPort: 9421 name: metrics protocol: TCP readinessProbe: httpGet: path: /status/ready port: 8090 initialDelaySeconds: 15 periodSeconds: 30 timeoutSeconds: 5 resources: {} serviceAccountName: amp test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - apicast-staging from: kind: ImageStreamTag name: amp-apicast:${AMP_RELEASE} type: ImageChange status: availableReplicas: 0 latestVersion: 0 observedGeneration: 0 replicas: 0 unavailableReplicas: 0 updatedReplicas: 0 - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: apicast threescale_component_element: production name: apicast-production spec: replicas: 1 selector: deploymentConfig: apicast-production strategy: resources: {} rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 1800 updatePeriodSeconds: 1 type: Rolling template: metadata: annotations: prometheus.io/port: "9421" prometheus.io/scrape: "true" creationTimestamp: null labels: app: ${APP_LABEL} deploymentConfig: apicast-production threescale_component: apicast threescale_component_element: production spec: containers: - env: - name: THREESCALE_PORTAL_ENDPOINT valueFrom: secretKeyRef: key: PROXY_CONFIGS_ENDPOINT name: system-master-apicast - name: BACKEND_ENDPOINT_OVERRIDE valueFrom: secretKeyRef: key: service_endpoint name: backend-listener - name: APICAST_MANAGEMENT_API valueFrom: configMapKeyRef: key: APICAST_MANAGEMENT_API name: apicast-environment - name: OPENSSL_VERIFY valueFrom: configMapKeyRef: key: OPENSSL_VERIFY name: apicast-environment - name: APICAST_RESPONSE_CODES valueFrom: configMapKeyRef: key: APICAST_RESPONSE_CODES name: apicast-environment - name: APICAST_CONFIGURATION_LOADER value: boot - name: APICAST_CONFIGURATION_CACHE value: "300" - name: THREESCALE_DEPLOYMENT_ENV value: production image: amp-apicast:latest imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /status/live port: 8090 initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 name: apicast-production ports: - containerPort: 8080 protocol: TCP - containerPort: 8090 protocol: TCP - containerPort: 9421 name: metrics protocol: TCP readinessProbe: httpGet: path: /status/ready port: 8090 initialDelaySeconds: 15 periodSeconds: 30 timeoutSeconds: 5 resources: {} initContainers: - command: - sh - -c - until $(curl --output /dev/null --silent --fail --head http://system-master:3000/status); do sleep $SLEEP_SECONDS; done env: - name: SLEEP_SECONDS value: "1" image: amp-apicast:latest name: system-master-svc resources: {} serviceAccountName: amp test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - system-master-svc - apicast-production from: kind: ImageStreamTag name: amp-apicast:${AMP_RELEASE} type: ImageChange status: availableReplicas: 0 latestVersion: 0 observedGeneration: 0 replicas: 0 unavailableReplicas: 0 updatedReplicas: 0 - apiVersion: v1 kind: Service metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: apicast threescale_component_element: staging name: apicast-staging spec: ports: - name: gateway port: 8080 protocol: TCP targetPort: 8080 - name: management port: 8090 protocol: TCP targetPort: 8090 selector: deploymentConfig: apicast-staging status: loadBalancer: {} - apiVersion: v1 kind: Service metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: apicast threescale_component_element: production name: apicast-production spec: ports: - name: gateway port: 8080 protocol: TCP targetPort: 8080 - name: management port: 8090 protocol: TCP targetPort: 8090 selector: deploymentConfig: apicast-production status: loadBalancer: {} - apiVersion: v1 data: APICAST_MANAGEMENT_API: ${APICAST_MANAGEMENT_API} APICAST_RESPONSE_CODES: ${APICAST_RESPONSE_CODES} OPENSSL_VERIFY: ${APICAST_OPENSSL_VERIFY} kind: ConfigMap metadata: creationTimestamp: null labels: app: ${APP_LABEL} threescale_component: apicast name: apicast-environment parameters: - description: AMP release tag. name: AMP_RELEASE required: true value: "2.12" - description: Used for object app labels name: APP_LABEL required: true value: 3scale-api-management - description: Tenant name under the root that Admin UI will be available with -admin suffix. name: TENANT_NAME required: true value: 3scale - description: The Storage Class to be used by ReadWriteMany PVCs name: RWX_STORAGE_CLASS value: "null" - name: AMP_BACKEND_IMAGE required: true value: registry.redhat.com/3scale-amp2/backend-rhel8:3scale2.12 - name: AMP_ZYNC_IMAGE required: true value: registry.redhat.io/3scale-amp2/zync-rhel8:3scale2.12 - name: AMP_APICAST_IMAGE required: true value: registry.redhat.io/3scale-amp2/apicast-gateway-rhel8:3scale2.12 - name: AMP_SYSTEM_IMAGE required: true value: registry.redhat.io/3scale-amp2/system-rhel7:3scale2.12 - description: Zync's PostgreSQL image to use name: ZYNC_DATABASE_IMAGE required: true value: registry.redhat.io/rhscl/postgresql-10-rhel7 - description: Memcached image to use name: MEMCACHED_IMAGE required: true value: registry.redhat.io/3scale-amp2/memcached-rhel7:3scale2.12 - description: Set to true if the server may bypass certificate verification or connect directly over HTTP during image import. name: IMAGESTREAM_TAG_IMPORT_INSECURE required: true value: "false" - description: System MySQL image to use name: SYSTEM_DATABASE_IMAGE required: true value: registry.redhat.io/rhel8/mysql-80:1 - description: Redis image to use name: REDIS_IMAGE required: true value: registry.redhat.io/rhscl/redis-5-rhel7:5 - description: Username for System's MySQL user that will be used for accessing the database. displayName: System MySQL User name: SYSTEM_DATABASE_USER required: true value: mysql - description: Password for the System's MySQL user. displayName: System MySQL Password from: '[a-z0-9]{8}' generate: expression name: SYSTEM_DATABASE_PASSWORD required: true - description: Name of the System's MySQL database accessed. displayName: System MySQL Database Name name: SYSTEM_DATABASE required: true value: system - description: Password for Root user. displayName: System MySQL Root password. from: '[a-z0-9]{8}' generate: expression name: SYSTEM_DATABASE_ROOT_PASSWORD required: true - description: Root domain for the wildcard routes. Eg. example.com will generate 3scale-admin.example.com. name: WILDCARD_DOMAIN required: true - description: Internal 3scale API username for internal 3scale api auth. name: SYSTEM_BACKEND_USERNAME required: true value: 3scale_api_user - description: Internal 3scale API password for internal 3scale api auth. from: '[a-z0-9]{8}' generate: expression name: SYSTEM_BACKEND_PASSWORD required: true - description: Shared secret to import events from backend to system. from: '[a-z0-9]{8}' generate: expression name: SYSTEM_BACKEND_SHARED_SECRET required: true - description: System application secret key base from: '[a-f0-9]{128}' generate: expression name: SYSTEM_APP_SECRET_KEY_BASE required: true - from: '[a-z0-9]{8}' generate: expression name: ADMIN_PASSWORD required: true - name: ADMIN_USERNAME required: true value: admin - name: ADMIN_EMAIL - name: USER_SESSION_TTL - description: Admin Access Token with all scopes and write permissions for API access. from: '[a-z0-9]{16}' generate: expression name: ADMIN_ACCESS_TOKEN - description: The root name which Master Admin UI will be available at. name: MASTER_NAME required: true value: master - name: MASTER_USER required: true value: master - from: '[a-z0-9]{8}' generate: expression name: MASTER_PASSWORD required: true - from: '[a-z0-9]{8}' generate: expression name: MASTER_ACCESS_TOKEN required: true - description: reCAPTCHA site key (used in spam protection) name: RECAPTCHA_PUBLIC_KEY - description: reCAPTCHA secret key (used in spam protection) name: RECAPTCHA_PRIVATE_KEY - description: Define the external system-redis to connect to name: SYSTEM_REDIS_URL required: true value: redis://system-redis:6379/1 - description: Define the namespace to be used by System's Redis Database. The empty value means not namespaced name: SYSTEM_REDIS_NAMESPACE - description: Password for the Zync Database PostgreSQL connection user. displayName: Zync Database PostgreSQL Connection Password from: '[a-zA-Z0-9]{16}' generate: expression name: ZYNC_DATABASE_PASSWORD required: true - from: '[a-zA-Z0-9]{16}' generate: expression name: ZYNC_SECRET_KEY_BASE required: true - from: '[a-zA-Z0-9]{16}' generate: expression name: ZYNC_AUTHENTICATION_TOKEN required: true - description: Read Only Access Token that is APIcast going to use to download its configuration. from: '[a-z0-9]{8}' generate: expression name: APICAST_ACCESS_TOKEN required: true - description: Scope of the APIcast Management API. Can be disabled, status or debug. At least status required for health checks. name: APICAST_MANAGEMENT_API value: status - description: Turn on/off the OpenSSL peer verification when downloading the configuration. Can be set to true/false. name: APICAST_OPENSSL_VERIFY value: "false" - description: Enable logging response codes in APIcast. name: APICAST_RESPONSE_CODES value: "true" - description: The URL to point to APIcast policies registry management name: APICAST_REGISTRY_URL required: true value: http://apicast-staging:8090/policies