Skip to content

Instantly share code, notes, and snippets.

@gsaslis
Last active December 18, 2023 19:37
Show Gist options
  • Save gsaslis/015e3aa6ff283b3c4caedd9bc64f0c39 to your computer and use it in GitHub Desktop.
Save gsaslis/015e3aa6ff283b3c4caedd9bc64f0c39 to your computer and use it in GitHub Desktop.
Deploy 3scale API Management on Minishift

Installing 3scale on your Laptop

Pre-requisites

.or your desktop. Or a VM in the cloud. Or wherever it is you want to deploy 3scale to start exploring!
  • ❏ Minishift: 3scale is currently targeted for deployment on openshift, and minishift is the recommended development environment for that.

  • oc command-line tool [optional. you can also use the web-based interface.]

tl;dr

# you DO need the 6gb for minishift, instead of the default 4gb
minishift start --memory 6GB --cpus 2

# some coffee later

oc new-app \
   --param WILDCARD_DOMAIN="$(minishift ip).nip.io" \
   --param AMP_RELEASE=2.9.0 \
   -f https://raw.githubusercontent.com/3scale/3scale-operator/master/pkg/3scale/amp/auto-generated-templates/amp/amp-eval.yml


# some more coffee later, all pods should be blue in openshift project overview.
# Once that is done, you can proceed to login screen.

For more details and expected output, see sections below.

Start Minishift

3scale API Management comes with out of the box support for Openshift. To try this out locally, you can deploy 3scale on your laptop, using [Minishift](https://github.com/minishift/minishift).

You can start minishift with a simple minishift start. If your laptop can spare the extra CPUs, we recommend starting with:

18-12-17 16:42 ➜ minishift version
minishift v1.28.0+48e89ed

# even though 6gb / 2vcpus are ok, the experience will be much smoother with 8gb / 4vcpus

18-12-17 16:43 ➜  ~ minishift start --memory 8GB --cpus 4
-- Starting profile 'default'
-- Check if deprecated options are used ... OK
-- Checking if https://github.com is reachable ... OK
-- Checking if requested OpenShift version 'v3.11.0' is valid ... OK
-- Checking if requested OpenShift version 'v3.11.0' is supported ... OK
-- Checking if requested hypervisor 'xhyve' is supported on this platform ... OK
-- Checking if xhyve driver is installed ...
   Driver is available at /usr/local/bin/docker-machine-driver-xhyve
   Checking for setuid bit ... OK
-- Checking the ISO URL ... OK
-- Checking if provided oc flags are supported ... OK
-- Starting the OpenShift cluster using 'xhyve' hypervisor ...
-- Minishift VM will be configured with ...
   Memory:    8 GB
   vCPUs :    4
   Disk size: 20 GB
-- Starting Minishift VM ................ OK
-- Checking for IP address ... OK
-- Checking for nameservers ... OK
-- Checking if external host is reachable from the Minishift VM ...
   Pinging 8.8.8.8 ... OK
-- Checking HTTP connectivity from the VM ...
   Retrieving http://minishift.io/index.html ... OK
-- Checking if persistent storage volume is mounted ... OK
-- Checking available disk space ... 1% used OK
-- Writing current configuration for static assignment of IP address ... OK
   Importing 'openshift/origin-control-plane:v3.11.0' ....... OK
   Importing 'openshift/origin-docker-registry:v3.11.0' ... OK
   Importing 'openshift/origin-haproxy-router:v3.11.0' ... OK
-- OpenShift cluster will be configured with ...
   Version: v3.11.0
-- Copying oc binary from the OpenShift container image to VM ... OK
-- Starting OpenShift cluster .....................................................
Getting a Docker client ...
Checking if image openshift/origin-control-plane:v3.11.0 is available ...
Pulling image openshift/origin-cli:v3.11.0
E1217 15:45:09.043753    2303 helper.go:173] Reading docker config from /home/docker/.docker/config.json failed: open /home/docker/.docker/config.json: no such file or directory, will attempt to pull image docker.io/openshift/origin-cli:v3.11.0 anonymously
Pulled 1/4 layers, 30% complete
Pulled 2/4 layers, 51% complete
Pulled 3/4 layers, 85% complete
Pulled 4/4 layers, 100% complete
Extracting
Image pull complete
Pulling image openshift/origin-node:v3.11.0
E1217 15:45:22.263513    2303 helper.go:173] Reading docker config from /home/docker/.docker/config.json failed: open /home/docker/.docker/config.json: no such file or directory, will attempt to pull image docker.io/openshift/origin-node:v3.11.0 anonymously
Pulled 4/6 layers, 70% complete
Pulled 5/6 layers, 87% complete
Pulled 6/6 layers, 100% complete
Extracting
Image pull complete
Checking type of volume mount ...
Determining server IP ...
Using public hostname IP 192.168.64.11 as the host IP
Checking if OpenShift is already running ...
Checking for supported Docker version (=>1.22) ...
Checking if insecured registry is configured properly in Docker ...
Checking if required ports are available ...
Checking if OpenShift client is configured properly ...
Checking if image openshift/origin-control-plane:v3.11.0 is available ...
Starting OpenShift using openshift/origin-control-plane:v3.11.0 ...
I1217 15:45:41.248408    2303 config.go:40] Running "create-master-config"
I1217 15:45:43.459449    2303 config.go:46] Running "create-node-config"
I1217 15:45:44.215264    2303 flags.go:30] Running "create-kubelet-flags"
I1217 15:45:44.544826    2303 run_kubelet.go:49] Running "start-kubelet"
I1217 15:45:44.698794    2303 run_self_hosted.go:181] Waiting for the kube-apiserver to be ready ...
I1217 15:46:19.715355    2303 interface.go:26] Installing "kube-proxy" ...
I1217 15:46:19.715396    2303 interface.go:26] Installing "kube-dns" ...
I1217 15:46:19.715404    2303 interface.go:26] Installing "openshift-service-cert-signer-operator" ...
I1217 15:46:19.715409    2303 interface.go:26] Installing "openshift-apiserver" ...
I1217 15:46:19.715434    2303 apply_template.go:81] Installing "openshift-apiserver"
I1217 15:46:19.716239    2303 apply_template.go:81] Installing "kube-proxy"
I1217 15:46:19.716386    2303 apply_template.go:81] Installing "kube-dns"
I1217 15:46:19.717409    2303 apply_template.go:81] Installing "openshift-service-cert-signer-operator"
I1217 15:46:23.859466    2303 interface.go:41] Finished installing "kube-proxy" "kube-dns" "openshift-service-cert-signer-operator" "openshift-apiserver"
I1217 15:48:06.881759    2303 run_self_hosted.go:242] openshift-apiserver available
I1217 15:48:06.882223    2303 interface.go:26] Installing "openshift-controller-manager" ...
I1217 15:48:06.882250    2303 apply_template.go:81] Installing "openshift-controller-manager"
I1217 15:48:09.299053    2303 interface.go:41] Finished installing "openshift-controller-manager"
Adding default OAuthClient redirect URIs ...
Adding registry ...
Adding router ...
Adding persistent-volumes ...
Adding web-console ...
Adding centos-imagestreams ...
Adding sample-templates ...
I1217 15:48:09.316281    2303 interface.go:26] Installing "openshift-image-registry" ...
I1217 15:48:09.316288    2303 interface.go:26] Installing "openshift-router" ...
I1217 15:48:09.316292    2303 interface.go:26] Installing "persistent-volumes" ...
I1217 15:48:09.316299    2303 interface.go:26] Installing "openshift-web-console-operator" ...
I1217 15:48:09.316304    2303 interface.go:26] Installing "centos-imagestreams" ...
I1217 15:48:09.316307    2303 interface.go:26] Installing "sample-templates" ...
I1217 15:48:09.316341    2303 interface.go:26] Installing "sample-templates/postgresql" ...
I1217 15:48:09.316346    2303 interface.go:26] Installing "sample-templates/cakephp quickstart" ...
I1217 15:48:09.316350    2303 interface.go:26] Installing "sample-templates/dancer quickstart" ...
I1217 15:48:09.316354    2303 interface.go:26] Installing "sample-templates/django quickstart" ...
I1217 15:48:09.316357    2303 interface.go:26] Installing "sample-templates/sample pipeline" ...
I1217 15:48:09.316361    2303 interface.go:26] Installing "sample-templates/mongodb" ...
I1217 15:48:09.316364    2303 interface.go:26] Installing "sample-templates/mysql" ...
I1217 15:48:09.316368    2303 interface.go:26] Installing "sample-templates/nodejs quickstart" ...
I1217 15:48:09.316371    2303 interface.go:26] Installing "sample-templates/rails quickstart" ...
I1217 15:48:09.316376    2303 interface.go:26] Installing "sample-templates/jenkins pipeline ephemeral" ...
I1217 15:48:09.316379    2303 interface.go:26] Installing "sample-templates/mariadb" ...
I1217 15:48:09.316411    2303 apply_list.go:67] Installing "sample-templates/mariadb"
I1217 15:48:09.317392    2303 apply_template.go:81] Installing "openshift-web-console-operator"
I1217 15:48:09.317548    2303 apply_list.go:67] Installing "centos-imagestreams"
I1217 15:48:09.317633    2303 apply_list.go:67] Installing "sample-templates/postgresql"
I1217 15:48:09.317704    2303 apply_list.go:67] Installing "sample-templates/cakephp quickstart"
I1217 15:48:09.317771    2303 apply_list.go:67] Installing "sample-templates/dancer quickstart"
I1217 15:48:09.317834    2303 apply_list.go:67] Installing "sample-templates/django quickstart"
I1217 15:48:09.317901    2303 apply_list.go:67] Installing "sample-templates/sample pipeline"
I1217 15:48:09.317967    2303 apply_list.go:67] Installing "sample-templates/mongodb"
I1217 15:48:09.318048    2303 apply_list.go:67] Installing "sample-templates/mysql"
I1217 15:48:09.318113    2303 apply_list.go:67] Installing "sample-templates/nodejs quickstart"
I1217 15:48:09.318181    2303 apply_list.go:67] Installing "sample-templates/rails quickstart"
I1217 15:48:09.318291    2303 apply_list.go:67] Installing "sample-templates/jenkins pipeline ephemeral"
I1217 15:48:21.502383    2303 interface.go:41] Finished installing "sample-templates/postgresql" "sample-templates/cakephp quickstart" "sample-templates/dancer quickstart" "sample-templates/django quickstart" "sample-templates/sample pipeline" "sample-templates/mongodb" "sample-templates/mysql" "sample-templates/nodejs quickstart" "sample-templates/rails quickstart" "sample-templates/jenkins pipeline ephemeral" "sample-templates/mariadb"
I1217 15:48:45.145422    2303 interface.go:41] Finished installing "openshift-image-registry" "openshift-router" "persistent-volumes" "openshift-web-console-operator" "centos-imagestreams" "sample-templates"
Login to server ...
Creating initial project "myproject" ...
Server Information ...
OpenShift server started.

The server is accessible via web console at:
    https://192.168.64.11:8443/console

You are logged in as:
    User:     developer
    Password: <any value>

To login as administrator:
    oc login -u system:admin

Install 3scale

18-12-17 16:48 ➜  ~ oc new-app \
   --param WILDCARD_DOMAIN="$(minishift ip).nip.io" \
   --param AMP_RELEASE=2.9.0 \
   -f https://raw.githubusercontent.com/3scale/3scale-operator/master/pkg/3scale/amp/auto-generated-templates/amp/amp-eval.yml

--> Deploying template "myproject/3scale-api-management-eval" for "https://raw.githubusercontent.com/3scale/3scale-operator/master/pkg/3scale/amp/auto-generated-templates/amp/amp-eval.yml" to project myproject

     3scale API Management
     ---------
     3scale API Management main system (Evaluation)

     Login on https://3scale-admin.192.168.64.11.nip.io as admin/rwuf81wc

     * With parameters:
        * AMP_RELEASE=2.9.0
        * APP_LABEL=3scale-api-management
        * TENANT_NAME=3scale
        * RWX_STORAGE_CLASS=null
        * AMP_BACKEND_IMAGE=quay.io/3scale/apisonator:nightly
        * AMP_ZYNC_IMAGE=quay.io/3scale/zync:nightly
        * AMP_APICAST_IMAGE=quay.io/3scale/apicast:nightly
        * AMP_ROUTER_IMAGE=quay.io/3scale/wildcard-router:nightly
        * AMP_SYSTEM_IMAGE=quay.io/3scale/porta:nightly
        * POSTGRESQL_IMAGE=registry.access.redhat.com/rhscl/postgresql-95-rhel7:9.5
        * MYSQL_IMAGE=registry.access.redhat.com/rhscl/mysql-57-rhel7:5.7
        * MEMCACHED_IMAGE=registry.access.redhat.com/3scale-amp20/memcached
        * IMAGESTREAM_TAG_IMPORT_INSECURE=false
        * REDIS_IMAGE=registry.access.redhat.com/rhscl/redis-32-rhel7:3.2
        * MySQL User=mysql
        * MySQL Password=d5j6ygk0 # generated
        * MySQL Database Name=system
        * MySQL Root password.=681o0lbb # generated
        * SYSTEM_BACKEND_USERNAME=3scale_api_user
        * SYSTEM_BACKEND_PASSWORD=uxafkjxt # generated
        * SYSTEM_BACKEND_SHARED_SECRET=adef2jld # generated
        * SYSTEM_APP_SECRET_KEY_BASE=b8702432ac80706245aa762e25aa2aca84a63280c40751d0d56b44c7cb62386263aba4b7acde63c026274147bc48318caccced160be24753d11db0b215db7bd1 # generated
        * ADMIN_PASSWORD=rwuf81wc # generated
        * ADMIN_USERNAME=admin
        * ADMIN_ACCESS_TOKEN=wia33mqtmlorcps3 # generated
        * MASTER_NAME=master
        * MASTER_USER=master
        * MASTER_PASSWORD=asabd8ck # generated
        * MASTER_ACCESS_TOKEN=j33u32g8 # generated
        * RECAPTCHA_PUBLIC_KEY=
        * RECAPTCHA_PRIVATE_KEY=
        * PostgreSQL Connection Password=mCwhGWL1yYCCGeOr # generated
        * ZYNC_SECRET_KEY_BASE=5QJGu5NoQnTq5LuF # generated
        * ZYNC_AUTHENTICATION_TOKEN=xL3iTF2yIX2Qj30u # generated
        * APICAST_ACCESS_TOKEN=v4tpbdfa # generated
        * APICAST_MANAGEMENT_API=status
        * APICAST_OPENSSL_VERIFY=false
        * APICAST_RESPONSE_CODES=true
        * APICAST_REGISTRY_URL=http://apicast-staging:8090/policies
        * WILDCARD_DOMAIN=192.168.64.11.nip.io
        * WILDCARD_POLICY=None

--> Creating resources ...
    imagestream "amp-backend" created
    imagestream "amp-zync" created
    imagestream "amp-apicast" created
    imagestream "amp-wildcard-router" created
    imagestream "amp-system" created
    imagestream "postgresql" created
    serviceaccount "amp" created
    deploymentconfig "backend-redis" created
    service "backend-redis" created
    configmap "redis-config" created
    persistentvolumeclaim "backend-redis-storage" created
    deploymentconfig "system-redis" created
    persistentvolumeclaim "system-redis-storage" created
    deploymentconfig "backend-cron" created
    deploymentconfig "backend-listener" created
    service "backend-listener" created
    route "backend" created
    deploymentconfig "backend-worker" created
    configmap "backend-environment" created
    secret "backend-internal-api" created
    secret "backend-redis" created
    secret "backend-listener" created
    deploymentconfig "system-mysql" created
    configmap "mysql-main-conf" created
    configmap "mysql-extra-conf" created
    persistentvolumeclaim "mysql-storage" created
    deploymentconfig "system-memcache" created
    persistentvolumeclaim "system-storage" created
    service "system-provider" created
    service "system-master" created
    service "system-developer" created
    route "system-provider-admin" created
    route "system-master" created
    route "system-developer" created
    service "system-mysql" created
    service "system-redis" created
    service "system-sphinx" created
    service "system-memcache" created
    configmap "system" created
    configmap "smtp" created
    configmap "system-environment" created
    deploymentconfig "system-app" created
    deploymentconfig "system-sidekiq" created
    deploymentconfig "system-sphinx" created
    secret "system-events-hook" created
    secret "system-redis" created
    secret "system-master-apicast" created
    secret "system-database" created
    secret "system-seed" created
    secret "system-recaptcha" created
    secret "system-app" created
    secret "system-memcache" created
    deploymentconfig "zync" created
    deploymentconfig "zync-database" created
    service "zync" created
    service "zync-database" created
    secret "zync" created
    deploymentconfig "apicast-staging" created
    deploymentconfig "apicast-production" created
    service "apicast-staging" created
    service "apicast-production" created
    route "api-apicast-staging" created
    route "api-apicast-production" created
    configmap "apicast-environment" created
    secret "apicast-redis" created
    deploymentconfig "apicast-wildcard-router" created
    service "apicast-wildcard-router" created
    route "apicast-wildcard-router" created
--> Success
    Access your application via route 'backend-3scale.192.168.64.11.nip.io'
    Access your application via route '3scale-admin.192.168.64.11.nip.io'
    Access your application via route 'master.192.168.64.11.nip.io'
    Access your application via route '3scale.192.168.64.11.nip.io'
    Access your application via route 'api-3scale-apicast-staging.192.168.64.11.nip.io'
    Access your application via route 'api-3scale-apicast-production.192.168.64.11.nip.io'
    Access your application via route 'apicast-wildcard.192.168.64.11.nip.io'
    Run 'oc status' to view your app.

Access 3scale admin dashboard

Login at https://3scale-admin.$(minishift ip).nip.io/

  • Username: admin

  • Password: Get password from above output (look for ADMIN_PASSWORD).

apiVersion: template.openshift.io/v1
kind: Template
message: Login on https://${TENANT_NAME}-admin.${WILDCARD_DOMAIN} as ${ADMIN_USERNAME}/${ADMIN_PASSWORD}
metadata:
annotations:
description: 3scale API Management main system (Evaluation)
iconClass: icon-3scale
openshift.io/display-name: 3scale API Management
openshift.io/provider-display-name: Red Hat, Inc.
tags: integration, api management, 3scale
creationTimestamp: null
name: 3scale-api-management-eval
objects:
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP backend
creationTimestamp: null
labels:
3scale.component: backend
app: ${APP_LABEL}
name: amp-backend
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: amp-backend (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: amp-backend ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_BACKEND_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP Zync
creationTimestamp: null
labels:
3scale.component: zync
app: ${APP_LABEL}
name: amp-zync
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: AMP Zync (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: AMP Zync ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_ZYNC_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP APIcast
creationTimestamp: null
labels:
3scale.component: apicast
app: ${APP_LABEL}
name: amp-apicast
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: AMP APIcast (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: AMP APIcast ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_APICAST_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP APIcast Wildcard Router
creationTimestamp: null
labels:
3scale.component: wildcard-router
app: ${APP_LABEL}
name: amp-wildcard-router
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: AMP APIcast Wildcard Router (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: AMP APIcast Wildcard Router ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_ROUTER_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP System
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: amp-system
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: AMP System (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: AMP system ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_SYSTEM_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: postgresql
app: ${APP_LABEL}
name: postgresql
spec:
lookupPolicy:
local: false
tags:
- annotations: null
from:
kind: DockerImage
name: ${POSTGRESQL_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: "9.5"
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: v1
imagePullSecrets:
- name: quay-auth
kind: ServiceAccount
metadata:
creationTimestamp: null
name: amp
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: backend
3scale.component-element: redis
app: ${APP_LABEL}
name: backend-redis
spec:
ports:
- port: 6379
protocol: TCP
targetPort: 6379
selector:
deploymentConfig: system-redis
status:
loadBalancer: {}
- apiVersion: v1
data:
redis.conf: |
protected-mode no
port 6379
timeout 0
tcp-keepalive 300
daemonize no
supervised no
loglevel notice
databases 16
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
slave-serve-stale-data yes
slave-read-only yes
repl-diskless-sync no
repl-disable-tcp-nodelay no
appendonly yes
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
lua-time-limit 5000
activerehashing no
aof-rewrite-incremental-fsync yes
dir /var/lib/redis/data
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: redis
app: ${APP_LABEL}
name: redis-config
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: redis
app: ${APP_LABEL}
name: system-redis
spec:
replicas: 1
selector:
deploymentConfig: system-redis
strategy:
resources: {}
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: redis
app: ${APP_LABEL}
deploymentConfig: system-redis
spec:
containers:
- args:
- /etc/redis.d/redis.conf
- --daemonize
- "no"
command:
- /opt/rh/rh-redis32/root/usr/bin/redis-server
image: ${REDIS_IMAGE}
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 5
tcpSocket:
port: 6379
name: system-redis
readinessProbe:
exec:
command:
- container-entrypoint
- bash
- -c
- redis-cli set liveness-probe "`date`" | grep OK
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
resources: {}
terminationMessagePath: /dev/termination-log
volumeMounts:
- mountPath: /var/lib/redis/data
name: system-redis-storage
- mountPath: /etc/redis.d/
name: redis-config
serviceAccountName: amp
volumes:
- name: system-redis-storage
persistentVolumeClaim:
claimName: system-redis-storage
- configMap:
items:
- key: redis.conf
path: redis.conf
name: redis-config
name: redis-config
test: false
triggers:
- type: ConfigChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: redis
app: ${APP_LABEL}
name: system-redis-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
status: {}
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: backend
3scale.component-element: cron
app: ${APP_LABEL}
name: backend-cron
spec:
replicas: 1
selector:
deploymentConfig: backend-cron
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
3scale.component: backend
3scale.component-element: cron
app: ${APP_LABEL}
deploymentConfig: backend-cron
spec:
containers:
- args:
- backend-cron
env:
- name: CONFIG_REDIS_PROXY
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_ROLE
name: backend-redis
- name: RACK_ENV
valueFrom:
configMapKeyRef:
key: RACK_ENV
name: backend-environment
image: amp-backend:latest
imagePullPolicy: IfNotPresent
name: backend-cron
resources: {}
initContainers:
- command:
- /opt/app/entrypoint.sh
- sh
- -c
- until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS;
done
env:
- name: SLEEP_SECONDS
value: "1"
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
image: amp-backend:latest
name: backend-redis-svc
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- backend-redis-svc
- backend-cron
from:
kind: ImageStreamTag
name: amp-backend:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: backend
3scale.component-element: listener
app: ${APP_LABEL}
name: backend-listener
spec:
replicas: 1
selector:
deploymentConfig: backend-listener
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 600
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
3scale.component: backend
3scale.component-element: listener
app: ${APP_LABEL}
deploymentConfig: backend-listener
spec:
containers:
- args:
- bin/3scale_backend
- start
- -e
- production
- -p
- "3000"
- -x
- /dev/stdout
env:
- name: CONFIG_REDIS_PROXY
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_ROLE
name: backend-redis
- name: RACK_ENV
valueFrom:
configMapKeyRef:
key: RACK_ENV
name: backend-environment
- name: PUMA_WORKERS
value: "16"
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-backend:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
tcpSocket:
port: 3000
name: backend-listener
ports:
- containerPort: 3000
protocol: TCP
readinessProbe:
httpGet:
path: /status
port: 3000
initialDelaySeconds: 30
timeoutSeconds: 5
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- backend-listener
from:
kind: ImageStreamTag
name: amp-backend:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: backend
3scale.component-element: listener
app: ${APP_LABEL}
name: backend-listener
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: 3000
selector:
deploymentConfig: backend-listener
status:
loadBalancer: {}
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
creationTimestamp: null
labels:
3scale.component: backend
app: ${APP_LABEL}
name: backend
spec:
host: backend-${TENANT_NAME}.${WILDCARD_DOMAIN}
port:
targetPort: http
tls:
insecureEdgeTerminationPolicy: Allow
termination: edge
to:
kind: Service
name: backend-listener
weight: null
status:
ingress: null
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: backend
3scale.component-element: worker
app: ${APP_LABEL}
name: backend-worker
spec:
replicas: 1
selector:
deploymentConfig: backend-worker
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
3scale.component: backend
3scale.component-element: worker
app: ${APP_LABEL}
deploymentConfig: backend-worker
spec:
containers:
- args:
- bin/3scale_backend_worker
- run
env:
- name: CONFIG_REDIS_PROXY
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_ROLE
name: backend-redis
- name: RACK_ENV
valueFrom:
configMapKeyRef:
key: RACK_ENV
name: backend-environment
- name: CONFIG_EVENTS_HOOK
valueFrom:
secretKeyRef:
key: URL
name: system-events-hook
- name: CONFIG_EVENTS_HOOK_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
image: amp-backend:latest
imagePullPolicy: IfNotPresent
name: backend-worker
resources: {}
initContainers:
- command:
- /opt/app/entrypoint.sh
- sh
- -c
- until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS;
done
env:
- name: SLEEP_SECONDS
value: "1"
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
image: amp-backend:latest
name: backend-redis-svc
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- backend-redis-svc
- backend-worker
from:
kind: ImageStreamTag
name: amp-backend:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
data:
RACK_ENV: production
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
3scale.component: backend
app: ${APP_LABEL}
name: backend-environment
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: backend
app: ${APP_LABEL}
name: backend-internal-api
stringData:
password: ${SYSTEM_BACKEND_PASSWORD}
username: ${SYSTEM_BACKEND_USERNAME}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: backend
app: ${APP_LABEL}
name: backend-redis
stringData:
REDIS_QUEUES_SENTINEL_HOSTS: ""
REDIS_QUEUES_SENTINEL_ROLE: ""
REDIS_QUEUES_URL: redis://backend-redis:6379/${BACKEND_REDIS_DB_NUMBER_QUEUES}
REDIS_STORAGE_SENTINEL_HOSTS: ""
REDIS_STORAGE_SENTINEL_ROLE: ""
REDIS_STORAGE_URL: redis://backend-redis:6379/${BACKEND_REDIS_DB_NUMBER_STORAGE}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: backend
app: ${APP_LABEL}
name: backend-listener
stringData:
route_endpoint: https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}
service_endpoint: http://backend-listener:3000
type: Opaque
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: mysql
app: ${APP_LABEL}
name: system-mysql
spec:
replicas: 1
selector:
deploymentConfig: system-mysql
strategy:
resources: {}
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: mysql
app: ${APP_LABEL}
deploymentConfig: system-mysql
spec:
containers:
- env:
- name: MYSQL_USER
value: ${MYSQL_USER}
- name: MYSQL_PASSWORD
value: ${MYSQL_PASSWORD}
- name: MYSQL_DATABASE
value: ${MYSQL_DATABASE}
- name: MYSQL_ROOT_PASSWORD
value: ${MYSQL_ROOT_PASSWORD}
- name: MYSQL_LOWER_CASE_TABLE_NAMES
value: "1"
- name: MYSQL_DEFAULTS_FILE
value: /etc/my-extra/my.cnf
image: ${MYSQL_IMAGE}
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
tcpSocket:
port: 3306
name: system-mysql
ports:
- containerPort: 3306
protocol: TCP
readinessProbe:
exec:
command:
- /bin/sh
- -i
- -c
- MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE
-e 'SELECT 1'
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 5
resources: {}
volumeMounts:
- mountPath: /var/lib/mysql/data
name: mysql-storage
- mountPath: /etc/my-extra.d
name: mysql-extra-conf
- mountPath: /etc/my-extra
name: mysql-main-conf
volumes:
- name: mysql-storage
persistentVolumeClaim:
claimName: mysql-storage
- configMap:
name: mysql-extra-conf
name: mysql-extra-conf
- configMap:
name: mysql-main-conf
name: mysql-main-conf
test: false
triggers:
- type: ConfigChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
data:
my.cnf: |
!include /etc/my.cnf
!includedir /etc/my-extra.d
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: mysql
app: ${APP_LABEL}
name: mysql-main-conf
- apiVersion: v1
data:
mysql-charset.cnf: |
[client]
default-character-set = utf8
[mysql]
default-character-set = utf8
[mysqld]
character-set-server = utf8
collation-server = utf8_unicode_ci
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: mysql
app: ${APP_LABEL}
name: mysql-extra-conf
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: mysql
app: ${APP_LABEL}
name: mysql-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
status: {}
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: app
app: ${APP_LABEL}
name: system-storage
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Mi
storageClassName: ${{RWX_STORAGE_CLASS}}
status: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: provider-ui
app: ${APP_LABEL}
name: system-provider
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: provider
selector:
deploymentConfig: system-app
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: master-ui
app: ${APP_LABEL}
name: system-master
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: master
selector:
deploymentConfig: system-app
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: developer-ui
app: ${APP_LABEL}
name: system-developer
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: developer
selector:
deploymentConfig: system-app
status:
loadBalancer: {}
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: provider-ui
app: ${APP_LABEL}
name: system-provider-admin
spec:
host: ${TENANT_NAME}-admin.${WILDCARD_DOMAIN}
port:
targetPort: http
tls:
insecureEdgeTerminationPolicy: Allow
termination: edge
to:
kind: Service
name: system-provider
weight: null
status:
ingress: null
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: master-ui
app: ${APP_LABEL}
name: system-master
spec:
host: ${MASTER_NAME}.${WILDCARD_DOMAIN}
port:
targetPort: http
tls:
insecureEdgeTerminationPolicy: Allow
termination: edge
to:
kind: Service
name: system-master
weight: null
status:
ingress: null
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: developer-ui
app: ${APP_LABEL}
name: system-developer
spec:
host: ${TENANT_NAME}.${WILDCARD_DOMAIN}
port:
targetPort: http
tls:
insecureEdgeTerminationPolicy: Allow
termination: edge
to:
kind: Service
name: system-developer
weight: null
status:
ingress: null
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: mysql
app: ${APP_LABEL}
name: system-mysql
spec:
ports:
- name: system-mysql
port: 3306
protocol: TCP
targetPort: 3306
selector:
deploymentConfig: system-mysql
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: redis
app: ${APP_LABEL}
name: system-redis
spec:
ports:
- name: redis
port: 6379
protocol: TCP
targetPort: 6379
selector:
deploymentConfig: system-redis
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: sphinx
app: ${APP_LABEL}
name: system-sphinx
spec:
ports:
- name: sphinx
port: 9306
protocol: TCP
targetPort: 9306
selector:
deploymentConfig: system-sphinx
status:
loadBalancer: {}
- apiVersion: v1
data:
rolling_updates.yml: |
production:
old_charts: false
new_provider_documentation: false
proxy_pro: false
instant_bill_plan_change: false
service_permissions: true
async_apicast_deploy: false
duplicate_application_id: true
duplicate_user_key: true
plan_changes_wizard: false
require_cc_on_signup: false
apicast_per_service: true
new_notification_system: true
cms_api: false
apicast_v2: true
forum: false
published_service_plan_signup: true
apicast_oidc: true
policies: true
proxy_private_base_path: true
service_discovery.yml: |
production:
enabled: <%= cluster_token_file_exists = File.exists?(cluster_token_file_path = '/var/run/secrets/kubernetes.io/serviceaccount/token') %>
server_scheme: 'https'
server_host: 'kubernetes.default.svc.cluster.local'
server_port: 443
bearer_token: "<%= File.read(cluster_token_file_path) if cluster_token_file_exists %>"
authentication_method: service_account # can be service_account|oauth
oauth_server_type: builtin # can be builtin|rh_sso
client_id:
client_secret:
timeout: 1
open_timeout: 1
max_retry: 5
verify_ssl: <%= OpenSSL::SSL::VERIFY_NONE %> # 0
zync.yml: |
production:
endpoint: 'http://zync:8080'
authentication:
token: "<%= ENV.fetch('ZYNC_AUTHENTICATION_TOKEN') %>"
connect_timeout: 5
send_timeout: 5
receive_timeout: 10
root_url:
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system
- apiVersion: v1
data:
address: ""
authentication: ""
domain: ""
openssl.verify.mode: ""
password: ""
port: ""
username: ""
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: smtp
app: ${APP_LABEL}
name: smtp
- apiVersion: v1
data:
AMP_RELEASE: ${AMP_RELEASE}
APICAST_REGISTRY_URL: ${APICAST_REGISTRY_URL}
FORCE_SSL: "true"
PROVIDER_PLAN: enterprise
RAILS_ENV: production
RAILS_LOG_LEVEL: info
RAILS_LOG_TO_STDOUT: "true"
SSL_CERT_DIR: /etc/pki/tls/certs
THINKING_SPHINX_PORT: "9306"
THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE: VERIFY_NONE
THREESCALE_SUPERDOMAIN: ${WILDCARD_DOMAIN}
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system-environment
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: app
app: ${APP_LABEL}
name: system-app
spec:
replicas: 1
selector:
deploymentConfig: system-app
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
post:
execNewPod:
command:
- bash
- -c
- bundle exec rake boot openshift:post_deploy
containerName: system-master
failurePolicy: Abort
pre:
execNewPod:
command:
- bash
- -c
- bundle exec rake boot openshift:deploy MASTER_ACCESS_TOKEN="${MASTER_ACCESS_TOKEN}"
containerName: system-master
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
configMapKeyRef:
key: address
name: smtp
- name: SMTP_USER_NAME
valueFrom:
configMapKeyRef:
key: username
name: smtp
- name: SMTP_PASSWORD
valueFrom:
configMapKeyRef:
key: password
name: smtp
- name: SMTP_DOMAIN
valueFrom:
configMapKeyRef:
key: domain
name: smtp
- name: SMTP_PORT
valueFrom:
configMapKeyRef:
key: port
name: smtp
- name: SMTP_AUTHENTICATION
valueFrom:
configMapKeyRef:
key: authentication
name: smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: openssl.verify.mode
name: smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
volumes:
- system-storage
failurePolicy: Retry
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: app
app: ${APP_LABEL}
deploymentConfig: system-app
spec:
containers:
- args:
- env
- TENANT_MODE=master
- PORT=3002
- container-entrypoint
- bundle
- exec
- unicorn
- -c
- config/unicorn.rb
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
configMapKeyRef:
key: address
name: smtp
- name: SMTP_USER_NAME
valueFrom:
configMapKeyRef:
key: username
name: smtp
- name: SMTP_PASSWORD
valueFrom:
configMapKeyRef:
key: password
name: smtp
- name: SMTP_DOMAIN
valueFrom:
configMapKeyRef:
key: domain
name: smtp
- name: SMTP_PORT
valueFrom:
configMapKeyRef:
key: port
name: smtp
- name: SMTP_AUTHENTICATION
valueFrom:
configMapKeyRef:
key: authentication
name: smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: openssl.verify.mode
name: smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-system:latest
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 40
initialDelaySeconds: 40
periodSeconds: 10
tcpSocket:
port: master
timeoutSeconds: 10
name: system-master
ports:
- containerPort: 3002
name: master
protocol: TCP
readinessProbe:
failureThreshold: 10
httpGet:
httpHeaders:
- name: X-Forwarded-Proto
value: https
path: /check.txt
port: master
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
resources: {}
volumeMounts:
- mountPath: /opt/system/public/system
name: system-storage
- mountPath: /opt/system-extra-configs
name: system-config
- args:
- env
- TENANT_MODE=provider
- PORT=3000
- container-entrypoint
- bundle
- exec
- unicorn
- -c
- config/unicorn.rb
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
configMapKeyRef:
key: address
name: smtp
- name: SMTP_USER_NAME
valueFrom:
configMapKeyRef:
key: username
name: smtp
- name: SMTP_PASSWORD
valueFrom:
configMapKeyRef:
key: password
name: smtp
- name: SMTP_DOMAIN
valueFrom:
configMapKeyRef:
key: domain
name: smtp
- name: SMTP_PORT
valueFrom:
configMapKeyRef:
key: port
name: smtp
- name: SMTP_AUTHENTICATION
valueFrom:
configMapKeyRef:
key: authentication
name: smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: openssl.verify.mode
name: smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-system:latest
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 40
initialDelaySeconds: 40
periodSeconds: 10
tcpSocket:
port: provider
timeoutSeconds: 10
name: system-provider
ports:
- containerPort: 3000
name: provider
protocol: TCP
readinessProbe:
failureThreshold: 10
httpGet:
httpHeaders:
- name: X-Forwarded-Proto
value: https
path: /check.txt
port: provider
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
resources: {}
volumeMounts:
- mountPath: /opt/system/public/system
name: system-storage
- mountPath: /opt/system-extra-configs
name: system-config
- args:
- env
- PORT=3001
- container-entrypoint
- bundle
- exec
- unicorn
- -c
- config/unicorn.rb
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
configMapKeyRef:
key: address
name: smtp
- name: SMTP_USER_NAME
valueFrom:
configMapKeyRef:
key: username
name: smtp
- name: SMTP_PASSWORD
valueFrom:
configMapKeyRef:
key: password
name: smtp
- name: SMTP_DOMAIN
valueFrom:
configMapKeyRef:
key: domain
name: smtp
- name: SMTP_PORT
valueFrom:
configMapKeyRef:
key: port
name: smtp
- name: SMTP_AUTHENTICATION
valueFrom:
configMapKeyRef:
key: authentication
name: smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: openssl.verify.mode
name: smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-system:latest
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 40
initialDelaySeconds: 40
periodSeconds: 10
tcpSocket:
port: developer
timeoutSeconds: 10
name: system-developer
ports:
- containerPort: 3001
name: developer
protocol: TCP
readinessProbe:
failureThreshold: 10
httpGet:
httpHeaders:
- name: X-Forwarded-Proto
value: https
path: /check.txt
port: developer
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
resources: {}
volumeMounts:
- mountPath: /opt/system/public/system
name: system-storage
readOnly: true
- mountPath: /opt/system-extra-configs
name: system-config
serviceAccountName: amp
volumes:
- name: system-storage
persistentVolumeClaim:
claimName: system-storage
- configMap:
items:
- key: zync.yml
path: zync.yml
- key: rolling_updates.yml
path: rolling_updates.yml
- key: service_discovery.yml
path: service_discovery.yml
name: system
name: system-config
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- system-provider
- system-developer
- system-master
from:
kind: ImageStreamTag
name: amp-system:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: sidekiq
app: ${APP_LABEL}
name: system-sidekiq
spec:
replicas: 1
selector:
deploymentConfig: system-sidekiq
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: sidekiq
app: ${APP_LABEL}
deploymentConfig: system-sidekiq
spec:
containers:
- args:
- rake
- sidekiq:worker
- RAILS_MAX_THREADS=25
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
configMapKeyRef:
key: address
name: smtp
- name: SMTP_USER_NAME
valueFrom:
configMapKeyRef:
key: username
name: smtp
- name: SMTP_PASSWORD
valueFrom:
configMapKeyRef:
key: password
name: smtp
- name: SMTP_DOMAIN
valueFrom:
configMapKeyRef:
key: domain
name: smtp
- name: SMTP_PORT
valueFrom:
configMapKeyRef:
key: port
name: smtp
- name: SMTP_AUTHENTICATION
valueFrom:
configMapKeyRef:
key: authentication
name: smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: openssl.verify.mode
name: smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-system:latest
imagePullPolicy: IfNotPresent
name: system-sidekiq
resources: {}
volumeMounts:
- mountPath: /opt/system/public/system
name: system-storage
- mountPath: /tmp
name: system-tmp
- mountPath: /opt/system-extra-configs
name: system-config
initContainers:
- command:
- bash
- -c
- bundle exec sh -c "until rake boot:redis && curl --output /dev/null --silent
--fail --head http://system-master:3000/status; do sleep $SLEEP_SECONDS;
done"
env:
- name: SLEEP_SECONDS
value: "1"
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
image: amp-system:latest
name: check-svc
resources: {}
serviceAccountName: amp
volumes:
- emptyDir:
medium: Memory
name: system-tmp
- name: system-storage
persistentVolumeClaim:
claimName: system-storage
- configMap:
items:
- key: zync.yml
path: zync.yml
- key: rolling_updates.yml
path: rolling_updates.yml
- key: service_discovery.yml
path: service_discovery.yml
name: system
name: system-config
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- check-svc
- system-sidekiq
from:
kind: ImageStreamTag
name: amp-system:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: sphinx
app: ${APP_LABEL}
name: system-sphinx
spec:
replicas: 1
selector:
deploymentConfig: system-sphinx
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: sphinx
app: ${APP_LABEL}
deploymentConfig: system-sphinx
spec:
containers:
- args:
- rake
- openshift:thinking_sphinx:start
env:
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: THINKING_SPHINX_ADDRESS
value: 0.0.0.0
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: db/sphinx/production.conf
- name: THINKING_SPHINX_PID_FILE
value: db/sphinx/searchd.pid
- name: DELTA_INDEX_INTERVAL
value: "5"
- name: FULL_REINDEX_INTERVAL
value: "60"
image: amp-system:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 60
periodSeconds: 10
tcpSocket:
port: 9306
name: system-sphinx
resources: {}
volumeMounts:
- mountPath: /opt/system/db/sphinx
name: system-sphinx-database
initContainers:
- command:
- sh
- -c
- until $(curl --output /dev/null --silent --fail --head http://system-master:3000/status);
do sleep $SLEEP_SECONDS; done
env:
- name: SLEEP_SECONDS
value: "1"
image: amp-system:latest
name: system-master-svc
resources: {}
serviceAccountName: amp
volumes:
- emptyDir: {}
name: system-sphinx-database
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- system-master-svc
- system-sphinx
from:
kind: ImageStreamTag
name: amp-system:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system-events-hook
stringData:
PASSWORD: ${SYSTEM_BACKEND_SHARED_SECRET}
URL: http://system-master:3000/master/events/import
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system-redis
stringData:
URL: redis://system-redis:6379/${SYSTEM_REDIS_DB_NUMBER_PRODUCTION}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system-master-apicast
stringData:
ACCESS_TOKEN: ${APICAST_ACCESS_TOKEN}
BASE_URL: http://${APICAST_ACCESS_TOKEN}@system-master:3000
PROXY_CONFIGS_ENDPOINT: http://${APICAST_ACCESS_TOKEN}@system-master:3000/master/api/proxy/configs
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system-database
stringData:
URL: mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system-seed
stringData:
ADMIN_ACCESS_TOKEN: ${ADMIN_ACCESS_TOKEN}
ADMIN_PASSWORD: ${ADMIN_PASSWORD}
ADMIN_USER: ${ADMIN_USERNAME}
MASTER_DOMAIN: ${MASTER_NAME}
MASTER_PASSWORD: ${MASTER_PASSWORD}
MASTER_USER: ${MASTER_USER}
TENANT_NAME: ${TENANT_NAME}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system-recaptcha
stringData:
PRIVATE_KEY: ${RECAPTCHA_PRIVATE_KEY}
PUBLIC_KEY: ${RECAPTCHA_PUBLIC_KEY}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system-app
stringData:
SECRET_KEY_BASE: ${SYSTEM_APP_SECRET_KEY_BASE}
type: Opaque
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: zync
app: ${APP_LABEL}
name: zync
spec:
replicas: 1
selector:
deploymentConfig: zync
strategy:
resources: {}
template:
metadata:
creationTimestamp: null
labels:
3scale.component: zync
app: ${APP_LABEL}
deploymentConfig: zync
spec:
containers:
- env:
- name: RAILS_LOG_TO_STDOUT
value: "true"
- name: RAILS_ENV
value: production
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: DATABASE_URL
name: zync
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: zync
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
image: amp-zync:latest
livenessProbe:
failureThreshold: 10
httpGet:
path: /status/live
port: 8080
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 60
name: zync
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /status/ready
port: 8080
scheme: HTTP
initialDelaySeconds: 100
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources: {}
initContainers:
- command:
- bash
- -c
- bundle exec sh -c "until rake boot:db; do sleep $SLEEP_SECONDS; done"
env:
- name: SLEEP_SECONDS
value: "1"
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: DATABASE_URL
name: zync
image: amp-zync:latest
name: zync-db-svc
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- zync-db-svc
- zync
from:
kind: ImageStreamTag
name: amp-zync:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: zync
3scale.component-element: database
app: ${APP_LABEL}
name: zync-database
spec:
replicas: 1
selector:
deploymentConfig: zync-database
strategy:
resources: {}
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
3scale.component: zync
3scale.component-element: database
app: ${APP_LABEL}
deploymentConfig: zync-database
spec:
containers:
- env:
- name: POSTGRESQL_USER
value: zync
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
key: ZYNC_DATABASE_PASSWORD
name: zync
- name: POSTGRESQL_DATABASE
value: zync_production
image: ' '
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 30
tcpSocket:
port: 5432
timeoutSeconds: 1
name: postgresql
ports:
- containerPort: 5432
protocol: TCP
readinessProbe:
exec:
command:
- /bin/sh
- -i
- -c
- psql -h 127.0.0.1 -U zync -q -d zync_production -c 'SELECT 1'
initialDelaySeconds: 5
timeoutSeconds: 1
resources: {}
volumeMounts:
- mountPath: /var/lib/pgsql/data
name: zync-database-data
restartPolicy: Always
volumes:
- emptyDir: {}
name: zync-database-data
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- postgresql
from:
kind: ImageStreamTag
name: postgresql:9.5
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: zync
app: ${APP_LABEL}
name: zync
spec:
ports:
- name: 8080-tcp
port: 8080
protocol: TCP
targetPort: 8080
selector:
deploymentConfig: zync
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: zync
3scale.component-element: database
app: ${APP_LABEL}
name: zync-database
spec:
ports:
- name: postgresql
port: 5432
protocol: TCP
targetPort: 5432
selector:
deploymentConfig: zync-database
status:
loadBalancer: {}
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: zync
app: ${APP_LABEL}
name: zync
stringData:
DATABASE_URL: postgresql://zync:${ZYNC_DATABASE_PASSWORD}@zync-database:5432/zync_production
SECRET_KEY_BASE: ${ZYNC_SECRET_KEY_BASE}
ZYNC_AUTHENTICATION_TOKEN: ${ZYNC_AUTHENTICATION_TOKEN}
ZYNC_DATABASE_PASSWORD: ${ZYNC_DATABASE_PASSWORD}
type: Opaque
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: apicast
3scale.component-element: staging
app: ${APP_LABEL}
name: apicast-staging
spec:
replicas: 1
selector:
deploymentConfig: apicast-staging
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1800
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
annotations:
prometheus.io/port: "9421"
prometheus.io/scrape: "true"
creationTimestamp: null
labels:
3scale.component: apicast
3scale.component-element: staging
app: ${APP_LABEL}
deploymentConfig: apicast-staging
spec:
containers:
- env:
- name: THREESCALE_PORTAL_ENDPOINT
valueFrom:
secretKeyRef:
key: PROXY_CONFIGS_ENDPOINT
name: system-master-apicast
- name: BACKEND_ENDPOINT_OVERRIDE
valueFrom:
secretKeyRef:
key: service_endpoint
name: backend-listener
- name: APICAST_MANAGEMENT_API
valueFrom:
configMapKeyRef:
key: APICAST_MANAGEMENT_API
name: apicast-environment
- name: OPENSSL_VERIFY
valueFrom:
configMapKeyRef:
key: OPENSSL_VERIFY
name: apicast-environment
- name: APICAST_RESPONSE_CODES
valueFrom:
configMapKeyRef:
key: APICAST_RESPONSE_CODES
name: apicast-environment
- name: APICAST_CONFIGURATION_LOADER
value: lazy
- name: APICAST_CONFIGURATION_CACHE
value: "0"
- name: THREESCALE_DEPLOYMENT_ENV
value: staging
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: STAGING_URL
name: apicast-redis
image: amp-apicast:latest
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /status/live
port: 8090
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
name: apicast-staging
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8090
protocol: TCP
- containerPort: 9421
name: metrics
protocol: TCP
readinessProbe:
httpGet:
path: /status/ready
port: 8090
initialDelaySeconds: 15
periodSeconds: 30
timeoutSeconds: 5
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- apicast-staging
from:
kind: ImageStreamTag
name: amp-apicast:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: apicast
3scale.component-element: production
app: ${APP_LABEL}
name: apicast-production
spec:
replicas: 1
selector:
deploymentConfig: apicast-production
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1800
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
annotations:
prometheus.io/port: "9421"
prometheus.io/scrape: "true"
creationTimestamp: null
labels:
3scale.component: apicast
3scale.component-element: production
app: ${APP_LABEL}
deploymentConfig: apicast-production
spec:
containers:
- env:
- name: THREESCALE_PORTAL_ENDPOINT
valueFrom:
secretKeyRef:
key: PROXY_CONFIGS_ENDPOINT
name: system-master-apicast
- name: BACKEND_ENDPOINT_OVERRIDE
valueFrom:
secretKeyRef:
key: service_endpoint
name: backend-listener
- name: APICAST_MANAGEMENT_API
valueFrom:
configMapKeyRef:
key: APICAST_MANAGEMENT_API
name: apicast-environment
- name: OPENSSL_VERIFY
valueFrom:
configMapKeyRef:
key: OPENSSL_VERIFY
name: apicast-environment
- name: APICAST_RESPONSE_CODES
valueFrom:
configMapKeyRef:
key: APICAST_RESPONSE_CODES
name: apicast-environment
- name: APICAST_CONFIGURATION_LOADER
value: boot
- name: APICAST_CONFIGURATION_CACHE
value: "300"
- name: THREESCALE_DEPLOYMENT_ENV
value: production
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: PRODUCTION_URL
name: apicast-redis
image: amp-apicast:latest
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /status/live
port: 8090
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
name: apicast-production
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8090
protocol: TCP
- containerPort: 9421
name: metrics
protocol: TCP
readinessProbe:
httpGet:
path: /status/ready
port: 8090
initialDelaySeconds: 15
periodSeconds: 30
timeoutSeconds: 5
resources: {}
initContainers:
- command:
- sh
- -c
- until $(curl --output /dev/null --silent --fail --head http://system-master:3000/status);
do sleep $SLEEP_SECONDS; done
env:
- name: SLEEP_SECONDS
value: "1"
image: amp-apicast:latest
name: system-master-svc
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- system-master-svc
- apicast-production
from:
kind: ImageStreamTag
name: amp-apicast:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: apicast
3scale.component-element: staging
app: ${APP_LABEL}
name: apicast-staging
spec:
ports:
- name: gateway
port: 8080
protocol: TCP
targetPort: 8080
- name: management
port: 8090
protocol: TCP
targetPort: 8090
selector:
deploymentConfig: apicast-staging
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: apicast
3scale.component-element: production
app: ${APP_LABEL}
name: apicast-production
spec:
ports:
- name: gateway
port: 8080
protocol: TCP
targetPort: 8080
- name: management
port: 8090
protocol: TCP
targetPort: 8090
selector:
deploymentConfig: apicast-production
status:
loadBalancer: {}
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
creationTimestamp: null
labels:
3scale.component: apicast
3scale.component-element: staging
app: ${APP_LABEL}
name: api-apicast-staging
spec:
host: api-${TENANT_NAME}-apicast-staging.${WILDCARD_DOMAIN}
port:
targetPort: gateway
tls:
insecureEdgeTerminationPolicy: Allow
termination: edge
to:
kind: Service
name: apicast-staging
weight: null
status:
ingress: null
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
creationTimestamp: null
labels:
3scale.component: apicast
3scale.component-element: production
app: ${APP_LABEL}
name: api-apicast-production
spec:
host: api-${TENANT_NAME}-apicast-production.${WILDCARD_DOMAIN}
port:
targetPort: gateway
tls:
insecureEdgeTerminationPolicy: Allow
termination: edge
to:
kind: Service
name: apicast-production
weight: null
status:
ingress: null
- apiVersion: v1
data:
APICAST_MANAGEMENT_API: ${APICAST_MANAGEMENT_API}
APICAST_RESPONSE_CODES: ${APICAST_RESPONSE_CODES}
OPENSSL_VERIFY: ${APICAST_OPENSSL_VERIFY}
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
3scale.component: apicast
app: ${APP_LABEL}
name: apicast-environment
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: apicast
app: ${APP_LABEL}
name: apicast-redis
stringData:
PRODUCTION_URL: redis://system-redis:6379/${SYSTEM_REDIS_DB_NUMBER_PRODUCTION}
STAGING_URL: redis://system-redis:6379/${SYSTEM_REDIS_DB_NUMBER_STAGING}
type: Opaque
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: apicast
3scale.component-element: wildcard-router
app: ${APP_LABEL}
name: apicast-wildcard-router
spec:
replicas: 1
selector:
deploymentConfig: apicast-wildcard-router
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1800
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
3scale.component: apicast
3scale.component-element: wildcard-router
app: ${APP_LABEL}
deploymentConfig: apicast-wildcard-router
spec:
containers:
- env:
- name: API_HOST
valueFrom:
secretKeyRef:
key: BASE_URL
name: system-master-apicast
image: amp-wildcard-router:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
tcpSocket:
port: http
name: apicast-wildcard-router
ports:
- containerPort: 8080
name: http
protocol: TCP
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- apicast-wildcard-router
from:
kind: ImageStreamTag
name: amp-wildcard-router:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: apicast
3scale.component-element: wildcard-router
app: ${APP_LABEL}
name: apicast-wildcard-router
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: http
selector:
deploymentConfig: apicast-wildcard-router
status:
loadBalancer: {}
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
creationTimestamp: null
labels:
3scale.component: apicast
3scale.component-element: wildcard-router
app: ${APP_LABEL}
name: apicast-wildcard-router
spec:
host: apicast-wildcard.${WILDCARD_DOMAIN}
port:
targetPort: http
tls:
insecureEdgeTerminationPolicy: Allow
termination: edge
to:
kind: Service
name: apicast-wildcard-router
weight: null
wildcardPolicy: ${WILDCARD_POLICY}
status:
ingress: null
parameters:
- description: AMP release tag.
name: AMP_RELEASE
required: true
value: 2.4.0
- description: Used for object app labels
name: APP_LABEL
required: true
value: 3scale-api-management
- description: Tenant name under the root that Admin UI will be available with -admin
suffix.
name: TENANT_NAME
required: true
value: 3scale
- description: The Storage Class to be used by ReadWriteMany PVCs
name: RWX_STORAGE_CLASS
value: "null"
- name: AMP_BACKEND_IMAGE
required: true
value: quay.io/3scale/apisonator:nightly
- name: AMP_ZYNC_IMAGE
required: true
value: quay.io/3scale/zync:nightly
- name: AMP_APICAST_IMAGE
required: true
value: quay.io/3scale/apicast:nightly
- name: AMP_ROUTER_IMAGE
required: true
value: quay.io/3scale/wildcard-router:nightly
- name: AMP_SYSTEM_IMAGE
required: true
value: quay.io/3scale/porta:nightly
- description: Postgresql image to use
name: POSTGRESQL_IMAGE
required: true
value: registry.access.redhat.com/rhscl/postgresql-95-rhel7:9.5
- description: Mysql image to use
name: MYSQL_IMAGE
required: true
value: registry.access.redhat.com/rhscl/mysql-57-rhel7:5.7
- description: Set to true if the server may bypass certificate verification or connect
directly over HTTP during image import.
name: IMAGESTREAM_TAG_IMPORT_INSECURE
required: true
value: "false"
- description: Redis image to use
name: REDIS_IMAGE
required: true
value: registry.access.redhat.com/rhscl/redis-32-rhel7:3.2
- description: Username for MySQL user that will be used for accessing the database.
displayName: MySQL User
name: MYSQL_USER
required: true
value: mysql
- description: Password for the MySQL user.
displayName: MySQL Password
from: '[a-z0-9]{8}'
generate: expression
name: MYSQL_PASSWORD
required: true
- description: Name of the MySQL database accessed.
displayName: MySQL Database Name
name: MYSQL_DATABASE
required: true
value: system
- description: Password for Root user.
displayName: MySQL Root password.
from: '[a-z0-9]{8}'
generate: expression
name: MYSQL_ROOT_PASSWORD
required: true
- description: Internal 3scale API username for internal 3scale api auth.
name: SYSTEM_BACKEND_USERNAME
required: true
value: 3scale_api_user
- description: Internal 3scale API password for internal 3scale api auth.
from: '[a-z0-9]{8}'
generate: expression
name: SYSTEM_BACKEND_PASSWORD
required: true
- description: Shared secret to import events from backend to system.
from: '[a-z0-9]{8}'
generate: expression
name: SYSTEM_BACKEND_SHARED_SECRET
required: true
- description: System application secret key base
from: '[a-f0-9]{128}'
generate: expression
name: SYSTEM_APP_SECRET_KEY_BASE
required: true
- from: '[a-z0-9]{8}'
generate: expression
name: ADMIN_PASSWORD
required: true
- name: ADMIN_USERNAME
required: true
value: admin
- description: Admin Access Token with all scopes and write permissions for API access.
from: '[a-z0-9]{16}'
generate: expression
name: ADMIN_ACCESS_TOKEN
- description: The root name which Master Admin UI will be available at.
name: MASTER_NAME
required: true
value: master
- name: MASTER_USER
required: true
value: master
- from: '[a-z0-9]{8}'
generate: expression
name: MASTER_PASSWORD
required: true
- from: '[a-z0-9]{8}'
generate: expression
name: MASTER_ACCESS_TOKEN
required: true
- description: reCAPTCHA site key (used in spam protection)
name: RECAPTCHA_PUBLIC_KEY
- description: reCAPTCHA secret key (used in spam protection)
name: RECAPTCHA_PRIVATE_KEY
- description: Password for the PostgreSQL connection user.
displayName: PostgreSQL Connection Password
from: '[a-zA-Z0-9]{16}'
generate: expression
name: ZYNC_DATABASE_PASSWORD
required: true
- from: '[a-zA-Z0-9]{16}'
generate: expression
name: ZYNC_SECRET_KEY_BASE
required: true
- from: '[a-zA-Z0-9]{16}'
generate: expression
name: ZYNC_AUTHENTICATION_TOKEN
required: true
- description: Read Only Access Token that is APIcast going to use to download its
configuration.
from: '[a-z0-9]{8}'
generate: expression
name: APICAST_ACCESS_TOKEN
required: true
- description: Scope of the APIcast Management API. Can be disabled, status or debug.
At least status required for health checks.
name: APICAST_MANAGEMENT_API
value: status
- description: Turn on/off the OpenSSL peer verification when downloading the configuration.
Can be set to true/false.
name: APICAST_OPENSSL_VERIFY
value: "false"
- description: Enable logging response codes in APIcast.
name: APICAST_RESPONSE_CODES
value: "true"
- description: The URL to point to APIcast policies registry management
name: APICAST_REGISTRY_URL
required: true
value: http://apicast-staging:8090/policies
- description: Root domain for the wildcard routes. Eg. example.com will generate
3scale-admin.example.com.
name: WILDCARD_DOMAIN
required: true
- description: Use "Subdomain" to create a wildcard route for apicast wildcard router
name: WILDCARD_POLICY
required: true
value: None
- description: Redis Database name for system
name: SYSTEM_REDIS_DB_NUMBER_PRODUCTION
required: true
value: "1"
- description: Redis Database name for system
name: SYSTEM_REDIS_DB_NUMBER_STAGING
required: true
value: "2"
- description: Redis Database name for backend queues
name: BACKEND_REDIS_DB_NUMBER_QUEUES
required: true
value: "3"
- description: Redis Database name for backend storage
name: BACKEND_REDIS_DB_NUMBER_STORAGE
required: true
value: "4"
@AlissonMittaraquis
Copy link

Helo.

First, thanks for sharing knowledge.

Now, when I created the application based on this yaml, some pods inicialized with error. I deployed them again, one by one, and worked fine, except for the 'apicast-production' pod.

The log shows this error:

2019/10/10 17:55:41 [emerg] 16#16: [lua] configuration_loader.lua:139: init(): failed to load configuration, exiting (code 1)
2019/10/10 17:55:42 [warn] 28#28: *2 [lua] remote_v2.lua:245: call(): failed to get list of services: invalid status: 404 (Not Found) url: http://system-master:3000/master/api/proxy/configs/admin/api/services.json , context: ngx.timer
ERROR: /opt/app-root/src/src/apicast/configuration_loader.lua:60: missing configuration
  stack traceback:
  /opt/app-root/src/src/apicast/configuration_loader.lua:60: in function 'boot'
  /opt/app-root/src/libexec/boot.lua:10: in function 'file_gen'
  init_worker_by_lua:49: in function <init_worker_by_lua:47>
  [C]: in function 'xpcall'
  init_worker_by_lua:56: in function <init_worker_by_lua:54>

Any idea how can i solve?

@gsaslis
Copy link
Author

gsaslis commented Oct 22, 2019

@atulsareen1: that looks like an issue having to do with minishift, not 3scale. I imagine there are some more logs somewhere with more information about this error message, but before you go log hunting, do try increasing memory / CPU available to minishift, in case it's simply a matter of insufficient resources for it to start up.

@gsaslis
Copy link
Author

gsaslis commented Oct 22, 2019

@AlissonMittaraquis that error looks like it has to do with apicast not finding the system-app deployed. Are you sure that has been deployed?

Could you also share the output from oc get pods and oc get dc ?

Also, it would be helpful if you could share the manual steps you did to get those pods running, as that might help us trace the issue.

@chinmaym7430
Copy link

@gsaslis I have successfully installed Minishift and 3Scale as per the instructions provided on this page. However, when I am trying to access the 3Scale admin dashboard via the URL printed in the terminal output, I am facing the following error:
image

Can you let me know what needs to be done regarding this?

@gsaslis
Copy link
Author

gsaslis commented Oct 31, 2019

Hi @chinmaym7430 ,

It would be helpful if you could also share the actual output in your terminal please.

In any case, the truth is that the template used in this gist is a little outdated. the current stable one is https://github.com/3scale/3scale-operator/blob/2.6-stable/pkg/3scale/amp/auto-generated-templates/amp/amp-eval.yml (even though that's not a little bit more demanding in terms of resources). I'll hopefully get some time to update this for 2.6 (and upcoming 2.7) soon enough.

@chinmaym7430
Copy link

@gsaslis,
Thank you for your help. I have now successfully installed Minishift and 3Scale applications.
I have a question regarding the memory usage of these systems. I have installed these on a Windows 10 desktop having 16GB memory and during the deployment of the 3Scale pods, around 95% of the memory is being consumed. This is leading to repeated failures of the pod deployments etc.
On a general basis, how much memory is optimum for the deployment on 3Scale on an Openshift cluster?

@gsaslis
Copy link
Author

gsaslis commented Nov 18, 2019

@chinmaym7430 fantastic - great to hear!

well, for the minimal template I had put together, I remember I had gotten this down to 6gb ram and just 2 vcpus, but the default templates required quite a bit more than that AFAIR.

I guess you are talking about deploying 3scale in production, and the answer to such questions always depends on the kind of traffic patterns that 3scale will have to service, the expected performance (throughput / latency) and so on, so there really isn't a single answer I could give you.

But you should be able to still start with that kind of spec I mentioned above and scale the various components up as you go along.

Please feel free to share more information on your scenario, so you might receive some more specific suggestions.

@clabautdidier
Copy link

I encounter this error:

oc new-app --param WILDCARD_DOMAIN="$(minishift ip).nip.io" --param AMP_RELEASE=2.4.0 -f https://raw.githubusercontent.com/3scale/3scale-operator/master/pkg/3scale/amp/auto-generated-templates/amp/amp-eval.yml
error: unable to load template file "https://raw.githubusercontent.com/3scale/3scale-operator/master/pkg/3scale/amp/auto-generated-templates/amp/amp-eval.yml": unable to recognize "https://raw.githubusercontent.com/3scale/3scale-operator/master/pkg/3scale/amp/auto-generated-templates/amp/amp-eval.yml": no matches for kind "Template" in version "template.openshift.io/v1"
error: unable to locate any template files with name "https://raw.githubusercontent.com/3scale/3scale-operator/master/pkg/3scale/amp/auto-generated-templates/amp/amp-eval.yml"

The 'oc new-app' command will match arguments to the following types:

  1. Images tagged into image streams in the current project or the 'openshift' project
    • if you don't specify a tag, we'll add ':latest'
  2. Images in the Docker Hub, on remote registries, or on the local Docker engine
  3. Templates in the current project or the 'openshift' project
  4. Git repository URLs or local paths that point to Git repositories

--allow-missing-images can be used to point to an image that does not exist yet.

See 'oc new-app -h' for examples.

My Minishift version is 1.34.2 on Windows 10

@gsaslis
Copy link
Author

gsaslis commented Sep 23, 2020

Hello @clabautdidier,

not sure if you've been able to work around this issue for now, but it seems to me there might be something wrong with either the oc version you are using?

at this point 3scale 2.4 is quite old (we are now on 3scale 2.9) so I would really recommend giving the 3scale Operator Quickstart Guides a try. ;)

Hope that helps!
And please feel free to let me know if you still have issues.

@jernejr
Copy link

jernejr commented Jan 18, 2021

at this point 3scale 2.4 is quite old (we are now on 3scale 2.9) so I would really recommend giving the 3scale Operator Quickstart Guides a try. ;)

Then might i suggest to update the instructions on https://3scale.github.io/use ;)

And i also struggle with the instructions. I wanted to install 3Scale on minikube just too poke around, but i get the pod/system-app-1-hook-pre is crash-looping due to an error about a self signed cert. Any hints?

@jernejr
Copy link

jernejr commented Jan 18, 2021

Ok. I figured it out. Just use: oc new-app --param WILDCARD_DOMAIN="$(minishift ip).nip.io" --param AMP_RELEASE=2.9.0 -f https://raw.githubusercontent.com/3scale/3scale-operator/master/pkg/3scale/amp/auto-generated-templates/amp/amp-eval.yml

Confirmed to work with: RHEL - Linux 4.18.0-240.10.1.el8_3.x86_64 and minishift v1.34.3+4b58f89

Maybe you really should update the instructions. ;)

@gsaslis
Copy link
Author

gsaslis commented Jan 22, 2021

Ok. I figured it out. Just use: oc new-app --param WILDCARD_DOMAIN="$(minishift ip).nip.io" --param AMP_RELEASE=2.9.0 -f https://raw.githubusercontent.com/3scale/3scale-operator/master/pkg/3scale/amp/auto-generated-templates/amp/amp-eval.yml

Confirmed to work with: RHEL - Linux 4.18.0-240.10.1.el8_3.x86_64 and minishift v1.34.3+4b58f89

Glad to hear you got it working in the end!

Maybe you really should update the instructions. ;)

Fair point!! : )

@bitgully
Copy link

bitgully commented Jan 24, 2021

I can confirm release 2.9.0 is working on Windows 10 Home (10.0.19041) | Oracle VirtualBox 6.1 (6.1.16 r140961) | Minishift v1.34.3+4b58f89.
However, Zync would only start after changing the 'amp-zync' image stream version from 'nightly' to 'nightly-20200720'.

@gsaslis
Copy link
Author

gsaslis commented Jan 25, 2021

Thanks for confirming and sharing that extra bit of info @bitgully!

Are you using the same version of the templates?

cc @eguzki @miguelsorianod

@arkenabd
Copy link

arkenabd commented Jul 2, 2021

Hello Sir,
I want to ask, is the route automatically generated only 1, it is https://backend-3scale.MINISHIFT_IP.nip.io ?
I only have that route, or I have to manually create another route for devportal and 3scale admin dashboard. And when I access the URL I get a page like the following:
image

I'm using minishift v1.34.3+4b58f89 and 3Scale 2.9 installed on Windows 10

@miguelsorianod
Copy link

miguelsorianod commented Jul 2, 2021

What 3scale version are you using? edit: I've just seen it's 3scale 2.9

The backend route should not be the only one being created. There should be several more available created automatically

@arkenabd
Copy link

arkenabd commented Jul 2, 2021

What 3scale version are you using? edit: I've just seen it's 3scale 2.9

The backend route should not be the only one being created. There should be several more available created automatically

where can i find the complete route list info or the yml file, i plan to create it manually one by one

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment