apiVersion: v1
kind: Template
metadata:
  name: "3scale-apicast"
  annotations:

parameters:

# Options:
#  community master APIcast :   quay.io/3scale/apicast:master   
- name: APICAST_IMAGE_URL
  description: "URL of APIcast image"
  required: true
  value: "registry.redhat.io/3scale-amp26/apicast-gateway:1.15"
  

# examples:
#  curl -k https://${ADMIN_ACCESS_TOKEN}@${ADMIN_DOMAIN}/admin/api/services.json                                              :   domain specific services
#  curl -k https://${ADMIN_ACCESS_TOKEN}@${ADMIN_DOMAIN}/admin/api/nginx/spec.json                                            :   domain specific services
#  curl -k https://6k5js65s@jb-master-admin.apps.dev39.openshift.opentlc.com/master/api/proxy/configs/production.json         :   master  (out of the box apicast) : route
#  curl -k http://151jtbt2@system-master.3scale-mt-adm0:3000/master/api/proxy/configs/production.json                         :   master  (out of the box apicast) : service
- name: THREESCALE_AMP_NAMESPACE
  description: "Name of the OCP namespace where 3scale AMP is installed"
  required: true
  value: "3scale-mt-adm0"

- name: THREESCALE_PORTAL_ENDPOINT
  description: 3scale URL used by apicast to poll for proxy configs
  required: true

# SAMPLE CURL when value set to debug:  oc rsh stage-apicast-676bfb47db-g2f7h curl localhost:8090/config | python -m json.tool
- name: APICAST_MANAGEMENT_API
  description: "Scope of the APIcast Management API. Can be disabled, status or debug. At least status required for health checks."
  required: false
  value: "status"

- name: APICAST_OPENSSL_VERIFY
  description: "Turn on/off the OpenSSL peer verification when downloading the configuration. Can be set to true/false."
  required: false
  value: "false"
- name: APICAST_CONFIGURATION_LOADER
  description: "valid values:  lazy / boot"
  required: true
  value: "boot"
- name: APICAST_RESPONSE_CODES
  description: "Enable logging response codes in APIcast."
  value: "true"
  required: false
- name: APP_NAME
  description: "Name of OCP resources"
  required: true
- name: ROUTE_NAME
  description: "Name of the OCP route that exposes this apicast service"
  required: true
- name: WILDCARD_DOMAIN
  description: Root domain for the wildcard routes. Eg. example.com will generate 3scale-admin.example.com.
  required: true
- name: THREESCALE_DEPLOYMENT_ENV
  description: "valid values: staging / production"
  required: true
- name: APICAST_CPU_LIMIT
  description: "APICAST CPU LIMIT"
  value: "300m"
  required: true
- name: APICAST_CONFIGURATION_CACHE
  description: "APICAST CONFIGURATION CACHE"
  value: '300'
  required: true

objects:

- apiVersion: v1
  kind: Service
  metadata:
    name: ${APP_NAME}
    labels:
      app: ${APP_NAME}
  spec:
    ports:
    - name: gateway
      port: 8080
      protocol: TCP
      targetPort: 8080
    - name: management
      port: 8090
      protocol: TCP
      targetPort: 8090
    selector:
      app: ${APP_NAME}

- apiVersion: v1
  kind: Route
  metadata:
    name: ${ROUTE_NAME}
    labels:
      app: ${APP_NAME}
  spec:
    host: ${ROUTE_NAME}.${WILDCARD_DOMAIN}
    to:
      kind: Service
      name: ${APP_NAME}
    port:
      targetPort: gateway
    tls:
      termination: edge
      insecureEdgeTerminationPolicy: Allow

- apiVersion: v1
  imagePullSecrets:
  - name: threescale-registry-auth
  kind: ServiceAccount
  metadata:
    creationTimestamp: null
    name: gw-sa

- apiVersion: extensions/v1beta1 
  kind: Deployment
  metadata:
    name: ${APP_NAME}
    labels:
      app: ${APP_NAME}
  spec:
    paused: true
    replicas: 1
    strategy:
      rollingParams:
        intervalSeconds: 1
        maxSurge: 25%
        maxUnavailable: 25%
        timeoutSeconds: 1800
        updatePeriodSeconds: 1
      type: RollingUpdate
    template:
      metadata:
        labels:
          app: ${APP_NAME}
      spec:

        # As of 3scale 2.6, now needed to pull from registry.redhat.io
        serviceAccountName: gw-sa

        containers:
        - env:
  
          - name: THREESCALE_PORTAL_ENDPOINT
            value: "${THREESCALE_PORTAL_ENDPOINT}"
          - name: APICAST_CONFIGURATION_LOADER
            value: "${APICAST_CONFIGURATION_LOADER}"
          - name: APICAST_CONFIGURATION_CACHE
            value: "${APICAST_CONFIGURATION_CACHE}"
          - name: THREESCALE_DEPLOYMENT_ENV
            value: "${THREESCALE_DEPLOYMENT_ENV}"
          - name: APICAST_MANAGEMENT_API
            value: "${APICAST_MANAGEMENT_API}"
          - name: OPENSSL_VERIFY
            value: '${APICAST_OPENSSL_VERIFY}'
          - name: APICAST_RESPONSE_CODES
            value: '${APICAST_RESPONSE_CODES}'
          - name: APICAST_LOG_LEVEL
            value: info
          image: ${APICAST_IMAGE_URL}
          imagePullPolicy: IfNotPresent
          name: ${APP_NAME}
          resources:
            # JA Bride:  Dropping for non-production deployment
            limits:
              cpu: ${APICAST_CPU_LIMIT}
              memory: 128Mi
            requests:
              cpu: 100m
              memory: 32Mi
          livenessProbe:
            httpGet:
              path: /status/live
              port: 8090
            initialDelaySeconds: 10
            timeoutSeconds: 5
            periodSeconds: 10
          readinessProbe:
            httpGet:
              path: /status/ready
              port: 8090
            initialDelaySeconds: 15
            timeoutSeconds: 5
            periodSeconds: 30
          ports:
          - containerPort: 8080
            protocol: TCP
          - containerPort: 8090
            protocol: TCP