Created
October 3, 2019 14:03
-
-
Save miguelsorianod/3958b5f86606f98ee5c2cd81fee1f147 to your computer and use it in GitHub Desktop.
3scale AMP 2.7.0 ER1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: template.openshift.io/v1 | |
kind: Template | |
message: Login on https://${TENANT_NAME}-admin.${WILDCARD_DOMAIN} as ${ADMIN_USERNAME}/${ADMIN_PASSWORD} | |
metadata: | |
annotations: | |
description: 3scale API Management main system | |
iconClass: icon-3scale | |
openshift.io/display-name: 3scale API Management | |
openshift.io/provider-display-name: Red Hat, Inc. | |
tags: integration, api management, 3scale | |
creationTimestamp: null | |
name: 3scale-api-management | |
objects: | |
- apiVersion: image.openshift.io/v1 | |
kind: ImageStream | |
metadata: | |
annotations: | |
openshift.io/display-name: AMP backend | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: backend | |
name: amp-backend | |
spec: | |
lookupPolicy: | |
local: false | |
tags: | |
- annotations: | |
openshift.io/display-name: amp-backend (latest) | |
from: | |
kind: ImageStreamTag | |
name: ${AMP_RELEASE} | |
generation: null | |
importPolicy: {} | |
name: latest | |
referencePolicy: | |
type: "" | |
- annotations: | |
openshift.io/display-name: amp-backend ${AMP_RELEASE} | |
from: | |
kind: DockerImage | |
name: ${AMP_BACKEND_IMAGE} | |
generation: null | |
importPolicy: | |
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} | |
name: ${AMP_RELEASE} | |
referencePolicy: | |
type: "" | |
status: | |
dockerImageRepository: "" | |
- apiVersion: image.openshift.io/v1 | |
kind: ImageStream | |
metadata: | |
annotations: | |
openshift.io/display-name: AMP Zync | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: zync | |
name: amp-zync | |
spec: | |
lookupPolicy: | |
local: false | |
tags: | |
- annotations: | |
openshift.io/display-name: AMP Zync (latest) | |
from: | |
kind: ImageStreamTag | |
name: ${AMP_RELEASE} | |
generation: null | |
importPolicy: {} | |
name: latest | |
referencePolicy: | |
type: "" | |
- annotations: | |
openshift.io/display-name: AMP Zync ${AMP_RELEASE} | |
from: | |
kind: DockerImage | |
name: ${AMP_ZYNC_IMAGE} | |
generation: null | |
importPolicy: | |
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} | |
name: ${AMP_RELEASE} | |
referencePolicy: | |
type: "" | |
status: | |
dockerImageRepository: "" | |
- apiVersion: image.openshift.io/v1 | |
kind: ImageStream | |
metadata: | |
annotations: | |
openshift.io/display-name: AMP APIcast | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: apicast | |
name: amp-apicast | |
spec: | |
lookupPolicy: | |
local: false | |
tags: | |
- annotations: | |
openshift.io/display-name: AMP APIcast (latest) | |
from: | |
kind: ImageStreamTag | |
name: ${AMP_RELEASE} | |
generation: null | |
importPolicy: {} | |
name: latest | |
referencePolicy: | |
type: "" | |
- annotations: | |
openshift.io/display-name: AMP APIcast ${AMP_RELEASE} | |
from: | |
kind: DockerImage | |
name: ${AMP_APICAST_IMAGE} | |
generation: null | |
importPolicy: | |
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} | |
name: ${AMP_RELEASE} | |
referencePolicy: | |
type: "" | |
status: | |
dockerImageRepository: "" | |
- apiVersion: image.openshift.io/v1 | |
kind: ImageStream | |
metadata: | |
annotations: | |
openshift.io/display-name: AMP System | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
name: amp-system | |
spec: | |
lookupPolicy: | |
local: false | |
tags: | |
- annotations: | |
openshift.io/display-name: AMP System (latest) | |
from: | |
kind: ImageStreamTag | |
name: ${AMP_RELEASE} | |
generation: null | |
importPolicy: {} | |
name: latest | |
referencePolicy: | |
type: "" | |
- annotations: | |
openshift.io/display-name: AMP system ${AMP_RELEASE} | |
from: | |
kind: DockerImage | |
name: ${AMP_SYSTEM_IMAGE} | |
generation: null | |
importPolicy: | |
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} | |
name: ${AMP_RELEASE} | |
referencePolicy: | |
type: "" | |
status: | |
dockerImageRepository: "" | |
- apiVersion: image.openshift.io/v1 | |
kind: ImageStream | |
metadata: | |
annotations: | |
openshift.io/display-name: Zync database PostgreSQL | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
name: zync-database-postgresql | |
spec: | |
lookupPolicy: | |
local: false | |
tags: | |
- annotations: | |
openshift.io/display-name: Zync PostgreSQL (latest) | |
from: | |
kind: ImageStreamTag | |
name: ${AMP_RELEASE} | |
generation: null | |
importPolicy: {} | |
name: latest | |
referencePolicy: | |
type: "" | |
- annotations: | |
openshift.io/display-name: Zync ${AMP_RELEASE} PostgreSQL | |
from: | |
kind: DockerImage | |
name: ${ZYNC_DATABASE_IMAGE} | |
generation: null | |
importPolicy: | |
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} | |
name: ${AMP_RELEASE} | |
referencePolicy: | |
type: "" | |
status: | |
dockerImageRepository: "" | |
- apiVersion: image.openshift.io/v1 | |
kind: ImageStream | |
metadata: | |
annotations: | |
openshift.io/display-name: System Memcached | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
name: system-memcached | |
spec: | |
lookupPolicy: | |
local: false | |
tags: | |
- annotations: | |
openshift.io/display-name: System Memcached (latest) | |
from: | |
kind: ImageStreamTag | |
name: ${AMP_RELEASE} | |
generation: null | |
importPolicy: {} | |
name: latest | |
referencePolicy: | |
type: "" | |
- annotations: | |
openshift.io/display-name: System ${AMP_RELEASE} Memcached | |
from: | |
kind: DockerImage | |
name: ${MEMCACHED_IMAGE} | |
generation: null | |
importPolicy: | |
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} | |
name: ${AMP_RELEASE} | |
referencePolicy: | |
type: "" | |
status: | |
dockerImageRepository: "" | |
- apiVersion: v1 | |
imagePullSecrets: | |
- name: threescale-registry-auth | |
kind: ServiceAccount | |
metadata: | |
creationTimestamp: null | |
name: amp | |
- apiVersion: image.openshift.io/v1 | |
kind: ImageStream | |
metadata: | |
annotations: | |
openshift.io/display-name: System MySQL | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
name: system-mysql | |
spec: | |
lookupPolicy: | |
local: false | |
tags: | |
- annotations: | |
openshift.io/display-name: System MySQL (latest) | |
from: | |
kind: ImageStreamTag | |
name: ${AMP_RELEASE} | |
generation: null | |
importPolicy: {} | |
name: latest | |
referencePolicy: | |
type: "" | |
- annotations: | |
openshift.io/display-name: System ${AMP_RELEASE} MySQL | |
from: | |
kind: DockerImage | |
name: ${SYSTEM_DATABASE_IMAGE} | |
generation: null | |
importPolicy: | |
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} | |
name: ${AMP_RELEASE} | |
referencePolicy: | |
type: "" | |
status: | |
dockerImageRepository: "" | |
- apiVersion: apps.openshift.io/v1 | |
kind: DeploymentConfig | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: backend | |
threescale_component_element: redis | |
name: backend-redis | |
spec: | |
replicas: 1 | |
selector: | |
deploymentConfig: backend-redis | |
strategy: | |
resources: {} | |
type: Recreate | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
deploymentConfig: backend-redis | |
threescale_component: backend | |
threescale_component_element: redis | |
spec: | |
containers: | |
- args: | |
- /etc/redis.d/redis.conf | |
- --daemonize | |
- "no" | |
command: | |
- /opt/rh/rh-redis32/root/usr/bin/redis-server | |
image: backend-redis:latest | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
initialDelaySeconds: 10 | |
periodSeconds: 10 | |
tcpSocket: | |
port: 6379 | |
name: backend-redis | |
readinessProbe: | |
exec: | |
command: | |
- container-entrypoint | |
- bash | |
- -c | |
- redis-cli set liveness-probe "`date`" | grep OK | |
initialDelaySeconds: 10 | |
periodSeconds: 30 | |
timeoutSeconds: 1 | |
resources: | |
limits: | |
cpu: "2" | |
memory: 32Gi | |
requests: | |
cpu: "1" | |
memory: 1Gi | |
volumeMounts: | |
- mountPath: /var/lib/redis/data | |
name: backend-redis-storage | |
- mountPath: /etc/redis.d/ | |
name: redis-config | |
serviceAccountName: amp | |
volumes: | |
- name: backend-redis-storage | |
persistentVolumeClaim: | |
claimName: backend-redis-storage | |
- configMap: | |
items: | |
- key: redis.conf | |
path: redis.conf | |
name: redis-config | |
name: redis-config | |
test: false | |
triggers: | |
- type: ConfigChange | |
- imageChangeParams: | |
automatic: true | |
containerNames: | |
- backend-redis | |
from: | |
kind: ImageStreamTag | |
name: backend-redis:latest | |
type: ImageChange | |
status: | |
availableReplicas: 0 | |
latestVersion: 0 | |
observedGeneration: 0 | |
replicas: 0 | |
unavailableReplicas: 0 | |
updatedReplicas: 0 | |
- apiVersion: v1 | |
kind: Service | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: backend | |
threescale_component_element: redis | |
name: backend-redis | |
spec: | |
ports: | |
- port: 6379 | |
protocol: TCP | |
targetPort: 6379 | |
selector: | |
deploymentConfig: backend-redis | |
status: | |
loadBalancer: {} | |
- apiVersion: v1 | |
data: | |
redis.conf: | | |
protected-mode no | |
port 6379 | |
timeout 0 | |
tcp-keepalive 300 | |
daemonize no | |
supervised no | |
loglevel notice | |
databases 16 | |
save 900 1 | |
save 300 10 | |
save 60 10000 | |
stop-writes-on-bgsave-error yes | |
rdbcompression yes | |
rdbchecksum yes | |
dbfilename dump.rdb | |
slave-serve-stale-data yes | |
slave-read-only yes | |
repl-diskless-sync no | |
repl-disable-tcp-nodelay no | |
appendonly yes | |
appendfilename "appendonly.aof" | |
appendfsync everysec | |
no-appendfsync-on-rewrite no | |
auto-aof-rewrite-percentage 100 | |
auto-aof-rewrite-min-size 64mb | |
aof-load-truncated yes | |
lua-time-limit 5000 | |
activerehashing no | |
aof-rewrite-incremental-fsync yes | |
dir /var/lib/redis/data | |
kind: ConfigMap | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: redis | |
name: redis-config | |
- apiVersion: v1 | |
kind: PersistentVolumeClaim | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: backend | |
threescale_component_element: redis | |
name: backend-redis-storage | |
spec: | |
accessModes: | |
- ReadWriteOnce | |
dataSource: null | |
resources: | |
requests: | |
storage: 1Gi | |
status: {} | |
- apiVersion: image.openshift.io/v1 | |
kind: ImageStream | |
metadata: | |
annotations: | |
openshift.io/display-name: Backend Redis | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: backend | |
name: backend-redis | |
spec: | |
lookupPolicy: | |
local: false | |
tags: | |
- annotations: | |
openshift.io/display-name: Backend Redis (latest) | |
from: | |
kind: ImageStreamTag | |
name: ${AMP_RELEASE} | |
generation: null | |
importPolicy: {} | |
name: latest | |
referencePolicy: | |
type: "" | |
- annotations: | |
openshift.io/display-name: Backend ${AMP_RELEASE} Redis | |
from: | |
kind: DockerImage | |
name: ${REDIS_IMAGE} | |
generation: null | |
importPolicy: | |
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} | |
name: ${AMP_RELEASE} | |
referencePolicy: | |
type: "" | |
status: | |
dockerImageRepository: "" | |
- apiVersion: apps.openshift.io/v1 | |
kind: DeploymentConfig | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: redis | |
name: system-redis | |
spec: | |
replicas: 1 | |
selector: | |
deploymentConfig: system-redis | |
strategy: | |
resources: {} | |
type: Recreate | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
deploymentConfig: system-redis | |
threescale_component: system | |
threescale_component_element: redis | |
spec: | |
containers: | |
- args: | |
- /etc/redis.d/redis.conf | |
- --daemonize | |
- "no" | |
command: | |
- /opt/rh/rh-redis32/root/usr/bin/redis-server | |
image: system-redis:latest | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
initialDelaySeconds: 10 | |
periodSeconds: 5 | |
tcpSocket: | |
port: 6379 | |
name: system-redis | |
readinessProbe: | |
exec: | |
command: | |
- container-entrypoint | |
- bash | |
- -c | |
- redis-cli set liveness-probe "`date`" | grep OK | |
initialDelaySeconds: 30 | |
periodSeconds: 10 | |
timeoutSeconds: 5 | |
resources: | |
limits: | |
cpu: 500m | |
memory: 32Gi | |
requests: | |
cpu: 150m | |
memory: 256Mi | |
terminationMessagePath: /dev/termination-log | |
volumeMounts: | |
- mountPath: /var/lib/redis/data | |
name: system-redis-storage | |
- mountPath: /etc/redis.d/ | |
name: redis-config | |
serviceAccountName: amp | |
volumes: | |
- name: system-redis-storage | |
persistentVolumeClaim: | |
claimName: system-redis-storage | |
- configMap: | |
items: | |
- key: redis.conf | |
path: redis.conf | |
name: redis-config | |
name: redis-config | |
test: false | |
triggers: | |
- type: ConfigChange | |
- imageChangeParams: | |
automatic: true | |
containerNames: | |
- system-redis | |
from: | |
kind: ImageStreamTag | |
name: system-redis:latest | |
type: ImageChange | |
status: | |
availableReplicas: 0 | |
latestVersion: 0 | |
observedGeneration: 0 | |
replicas: 0 | |
unavailableReplicas: 0 | |
updatedReplicas: 0 | |
- apiVersion: v1 | |
kind: PersistentVolumeClaim | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: redis | |
name: system-redis-storage | |
spec: | |
accessModes: | |
- ReadWriteOnce | |
dataSource: null | |
resources: | |
requests: | |
storage: 1Gi | |
status: {} | |
- apiVersion: v1 | |
kind: Service | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: redis | |
name: system-redis | |
spec: | |
ports: | |
- name: redis | |
port: 6379 | |
protocol: TCP | |
targetPort: 6379 | |
selector: | |
deploymentConfig: system-redis | |
status: | |
loadBalancer: {} | |
- apiVersion: image.openshift.io/v1 | |
kind: ImageStream | |
metadata: | |
annotations: | |
openshift.io/display-name: System Redis | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
name: system-redis | |
spec: | |
lookupPolicy: | |
local: false | |
tags: | |
- annotations: | |
openshift.io/display-name: System Redis (latest) | |
from: | |
kind: ImageStreamTag | |
name: ${AMP_RELEASE} | |
generation: null | |
importPolicy: {} | |
name: latest | |
referencePolicy: | |
type: "" | |
- annotations: | |
openshift.io/display-name: System ${AMP_RELEASE} Redis | |
from: | |
kind: DockerImage | |
name: ${REDIS_IMAGE} | |
generation: null | |
importPolicy: | |
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}} | |
name: ${AMP_RELEASE} | |
referencePolicy: | |
type: "" | |
status: | |
dockerImageRepository: "" | |
- apiVersion: apps.openshift.io/v1 | |
kind: DeploymentConfig | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: backend | |
threescale_component_element: cron | |
name: backend-cron | |
spec: | |
replicas: 1 | |
selector: | |
deploymentConfig: backend-cron | |
strategy: | |
resources: {} | |
rollingParams: | |
intervalSeconds: 1 | |
maxSurge: 25% | |
maxUnavailable: 25% | |
timeoutSeconds: 1200 | |
updatePeriodSeconds: 1 | |
type: Rolling | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
deploymentConfig: backend-cron | |
threescale_component: backend | |
threescale_component_element: cron | |
spec: | |
containers: | |
- args: | |
- backend-cron | |
env: | |
- name: CONFIG_REDIS_PROXY | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_URL | |
name: backend-redis | |
- name: CONFIG_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_HOSTS | |
name: backend-redis | |
- name: CONFIG_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_ROLE | |
name: backend-redis | |
- name: CONFIG_QUEUES_MASTER_NAME | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_QUEUES_URL | |
name: backend-redis | |
- name: CONFIG_QUEUES_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_QUEUES_SENTINEL_HOSTS | |
name: backend-redis | |
- name: CONFIG_QUEUES_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_QUEUES_SENTINEL_ROLE | |
name: backend-redis | |
- name: RACK_ENV | |
valueFrom: | |
configMapKeyRef: | |
key: RACK_ENV | |
name: backend-environment | |
image: amp-backend:latest | |
imagePullPolicy: IfNotPresent | |
name: backend-cron | |
resources: | |
limits: | |
cpu: 150m | |
memory: 80Mi | |
requests: | |
cpu: 50m | |
memory: 40Mi | |
initContainers: | |
- command: | |
- /opt/app/entrypoint.sh | |
- sh | |
- -c | |
- until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS; | |
done | |
env: | |
- name: CONFIG_REDIS_PROXY | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_URL | |
name: backend-redis | |
- name: CONFIG_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_HOSTS | |
name: backend-redis | |
- name: CONFIG_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_ROLE | |
name: backend-redis | |
- name: CONFIG_QUEUES_MASTER_NAME | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_QUEUES_URL | |
name: backend-redis | |
- name: CONFIG_QUEUES_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_QUEUES_SENTINEL_HOSTS | |
name: backend-redis | |
- name: CONFIG_QUEUES_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_QUEUES_SENTINEL_ROLE | |
name: backend-redis | |
- name: RACK_ENV | |
valueFrom: | |
configMapKeyRef: | |
key: RACK_ENV | |
name: backend-environment | |
- name: SLEEP_SECONDS | |
value: "1" | |
image: amp-backend:latest | |
name: backend-redis-svc | |
resources: {} | |
serviceAccountName: amp | |
test: false | |
triggers: | |
- type: ConfigChange | |
- imageChangeParams: | |
automatic: true | |
containerNames: | |
- backend-redis-svc | |
- backend-cron | |
from: | |
kind: ImageStreamTag | |
name: amp-backend:latest | |
type: ImageChange | |
status: | |
availableReplicas: 0 | |
latestVersion: 0 | |
observedGeneration: 0 | |
replicas: 0 | |
unavailableReplicas: 0 | |
updatedReplicas: 0 | |
- apiVersion: apps.openshift.io/v1 | |
kind: DeploymentConfig | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: backend | |
threescale_component_element: listener | |
name: backend-listener | |
spec: | |
replicas: 1 | |
selector: | |
deploymentConfig: backend-listener | |
strategy: | |
resources: {} | |
rollingParams: | |
intervalSeconds: 1 | |
maxSurge: 25% | |
maxUnavailable: 25% | |
timeoutSeconds: 600 | |
updatePeriodSeconds: 1 | |
type: Rolling | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
deploymentConfig: backend-listener | |
threescale_component: backend | |
threescale_component_element: listener | |
spec: | |
containers: | |
- args: | |
- bin/3scale_backend | |
- start | |
- -e | |
- production | |
- -p | |
- "3000" | |
- -x | |
- /dev/stdout | |
env: | |
- name: CONFIG_REDIS_PROXY | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_URL | |
name: backend-redis | |
- name: CONFIG_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_HOSTS | |
name: backend-redis | |
- name: CONFIG_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_ROLE | |
name: backend-redis | |
- name: CONFIG_QUEUES_MASTER_NAME | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_QUEUES_URL | |
name: backend-redis | |
- name: CONFIG_QUEUES_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_QUEUES_SENTINEL_HOSTS | |
name: backend-redis | |
- name: CONFIG_QUEUES_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_QUEUES_SENTINEL_ROLE | |
name: backend-redis | |
- name: RACK_ENV | |
valueFrom: | |
configMapKeyRef: | |
key: RACK_ENV | |
name: backend-environment | |
- name: PUMA_WORKERS | |
value: "16" | |
- name: CONFIG_INTERNAL_API_USER | |
valueFrom: | |
secretKeyRef: | |
key: username | |
name: backend-internal-api | |
- name: CONFIG_INTERNAL_API_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: password | |
name: backend-internal-api | |
image: amp-backend:latest | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
initialDelaySeconds: 30 | |
periodSeconds: 10 | |
tcpSocket: | |
port: 3000 | |
name: backend-listener | |
ports: | |
- containerPort: 3000 | |
protocol: TCP | |
readinessProbe: | |
httpGet: | |
path: /status | |
port: 3000 | |
initialDelaySeconds: 30 | |
timeoutSeconds: 5 | |
resources: | |
limits: | |
cpu: "1" | |
memory: 700Mi | |
requests: | |
cpu: 500m | |
memory: 550Mi | |
serviceAccountName: amp | |
test: false | |
triggers: | |
- type: ConfigChange | |
- imageChangeParams: | |
automatic: true | |
containerNames: | |
- backend-listener | |
from: | |
kind: ImageStreamTag | |
name: amp-backend:latest | |
type: ImageChange | |
status: | |
availableReplicas: 0 | |
latestVersion: 0 | |
observedGeneration: 0 | |
replicas: 0 | |
unavailableReplicas: 0 | |
updatedReplicas: 0 | |
- apiVersion: v1 | |
kind: Service | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: backend | |
threescale_component_element: listener | |
name: backend-listener | |
spec: | |
ports: | |
- name: http | |
port: 3000 | |
protocol: TCP | |
targetPort: 3000 | |
selector: | |
deploymentConfig: backend-listener | |
status: | |
loadBalancer: {} | |
- apiVersion: route.openshift.io/v1 | |
kind: Route | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: backend | |
name: backend | |
spec: | |
host: backend-${TENANT_NAME}.${WILDCARD_DOMAIN} | |
port: | |
targetPort: http | |
tls: | |
insecureEdgeTerminationPolicy: Allow | |
termination: edge | |
to: | |
kind: Service | |
name: backend-listener | |
weight: null | |
status: | |
ingress: null | |
- apiVersion: apps.openshift.io/v1 | |
kind: DeploymentConfig | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: backend | |
threescale_component_element: worker | |
name: backend-worker | |
spec: | |
replicas: 1 | |
selector: | |
deploymentConfig: backend-worker | |
strategy: | |
resources: {} | |
rollingParams: | |
intervalSeconds: 1 | |
maxSurge: 25% | |
maxUnavailable: 25% | |
timeoutSeconds: 1200 | |
updatePeriodSeconds: 1 | |
type: Rolling | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
deploymentConfig: backend-worker | |
threescale_component: backend | |
threescale_component_element: worker | |
spec: | |
containers: | |
- args: | |
- bin/3scale_backend_worker | |
- run | |
env: | |
- name: CONFIG_REDIS_PROXY | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_URL | |
name: backend-redis | |
- name: CONFIG_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_HOSTS | |
name: backend-redis | |
- name: CONFIG_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_ROLE | |
name: backend-redis | |
- name: CONFIG_QUEUES_MASTER_NAME | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_QUEUES_URL | |
name: backend-redis | |
- name: CONFIG_QUEUES_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_QUEUES_SENTINEL_HOSTS | |
name: backend-redis | |
- name: CONFIG_QUEUES_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_QUEUES_SENTINEL_ROLE | |
name: backend-redis | |
- name: RACK_ENV | |
valueFrom: | |
configMapKeyRef: | |
key: RACK_ENV | |
name: backend-environment | |
- name: CONFIG_EVENTS_HOOK | |
valueFrom: | |
secretKeyRef: | |
key: URL | |
name: system-events-hook | |
- name: CONFIG_EVENTS_HOOK_SHARED_SECRET | |
valueFrom: | |
secretKeyRef: | |
key: PASSWORD | |
name: system-events-hook | |
image: amp-backend:latest | |
imagePullPolicy: IfNotPresent | |
name: backend-worker | |
resources: | |
limits: | |
cpu: "1" | |
memory: 300Mi | |
requests: | |
cpu: 150m | |
memory: 50Mi | |
initContainers: | |
- command: | |
- /opt/app/entrypoint.sh | |
- sh | |
- -c | |
- until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS; | |
done | |
env: | |
- name: CONFIG_REDIS_PROXY | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_URL | |
name: backend-redis | |
- name: CONFIG_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_HOSTS | |
name: backend-redis | |
- name: CONFIG_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_ROLE | |
name: backend-redis | |
- name: CONFIG_QUEUES_MASTER_NAME | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_QUEUES_URL | |
name: backend-redis | |
- name: CONFIG_QUEUES_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_QUEUES_SENTINEL_HOSTS | |
name: backend-redis | |
- name: CONFIG_QUEUES_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_QUEUES_SENTINEL_ROLE | |
name: backend-redis | |
- name: RACK_ENV | |
valueFrom: | |
configMapKeyRef: | |
key: RACK_ENV | |
name: backend-environment | |
- name: SLEEP_SECONDS | |
value: "1" | |
image: amp-backend:latest | |
name: backend-redis-svc | |
resources: {} | |
serviceAccountName: amp | |
test: false | |
triggers: | |
- type: ConfigChange | |
- imageChangeParams: | |
automatic: true | |
containerNames: | |
- backend-redis-svc | |
- backend-worker | |
from: | |
kind: ImageStreamTag | |
name: amp-backend:latest | |
type: ImageChange | |
status: | |
availableReplicas: 0 | |
latestVersion: 0 | |
observedGeneration: 0 | |
replicas: 0 | |
unavailableReplicas: 0 | |
updatedReplicas: 0 | |
- apiVersion: v1 | |
data: | |
RACK_ENV: production | |
kind: ConfigMap | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: backend | |
name: backend-environment | |
- apiVersion: v1 | |
kind: Secret | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: backend | |
name: backend-internal-api | |
stringData: | |
password: ${SYSTEM_BACKEND_PASSWORD} | |
username: ${SYSTEM_BACKEND_USERNAME} | |
type: Opaque | |
- apiVersion: v1 | |
kind: Secret | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: backend | |
name: backend-redis | |
stringData: | |
REDIS_QUEUES_SENTINEL_HOSTS: "" | |
REDIS_QUEUES_SENTINEL_ROLE: "" | |
REDIS_QUEUES_URL: redis://backend-redis:6379/1 | |
REDIS_STORAGE_SENTINEL_HOSTS: "" | |
REDIS_STORAGE_SENTINEL_ROLE: "" | |
REDIS_STORAGE_URL: redis://backend-redis:6379/0 | |
type: Opaque | |
- apiVersion: v1 | |
kind: Secret | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: backend | |
name: backend-listener | |
stringData: | |
route_endpoint: https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN} | |
service_endpoint: http://backend-listener:3000 | |
type: Opaque | |
- apiVersion: apps.openshift.io/v1 | |
kind: DeploymentConfig | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: mysql | |
name: system-mysql | |
spec: | |
replicas: 1 | |
selector: | |
deploymentConfig: system-mysql | |
strategy: | |
resources: {} | |
type: Recreate | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
deploymentConfig: system-mysql | |
threescale_component: system | |
threescale_component_element: mysql | |
spec: | |
containers: | |
- env: | |
- name: MYSQL_USER | |
valueFrom: | |
secretKeyRef: | |
key: DB_USER | |
name: system-database | |
- name: MYSQL_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: DB_PASSWORD | |
name: system-database | |
- name: MYSQL_DATABASE | |
value: ${SYSTEM_DATABASE} | |
- name: MYSQL_ROOT_PASSWORD | |
value: ${SYSTEM_DATABASE_ROOT_PASSWORD} | |
- name: MYSQL_LOWER_CASE_TABLE_NAMES | |
value: "1" | |
- name: MYSQL_DEFAULTS_FILE | |
value: /etc/my-extra/my.cnf | |
image: system-mysql:latest | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
initialDelaySeconds: 30 | |
periodSeconds: 10 | |
tcpSocket: | |
port: 3306 | |
name: system-mysql | |
ports: | |
- containerPort: 3306 | |
protocol: TCP | |
readinessProbe: | |
exec: | |
command: | |
- /bin/sh | |
- -i | |
- -c | |
- MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE | |
-e 'SELECT 1' | |
initialDelaySeconds: 10 | |
periodSeconds: 30 | |
timeoutSeconds: 5 | |
resources: | |
limits: | |
memory: 2Gi | |
requests: | |
cpu: 250m | |
memory: 512Mi | |
volumeMounts: | |
- mountPath: /var/lib/mysql/data | |
name: mysql-storage | |
- mountPath: /etc/my-extra.d | |
name: mysql-extra-conf | |
- mountPath: /etc/my-extra | |
name: mysql-main-conf | |
serviceAccountName: amp | |
volumes: | |
- name: mysql-storage | |
persistentVolumeClaim: | |
claimName: mysql-storage | |
- configMap: | |
name: mysql-extra-conf | |
name: mysql-extra-conf | |
- configMap: | |
name: mysql-main-conf | |
name: mysql-main-conf | |
test: false | |
triggers: | |
- type: ConfigChange | |
- imageChangeParams: | |
automatic: true | |
containerNames: | |
- system-mysql | |
from: | |
kind: ImageStreamTag | |
name: system-mysql:latest | |
type: ImageChange | |
status: | |
availableReplicas: 0 | |
latestVersion: 0 | |
observedGeneration: 0 | |
replicas: 0 | |
unavailableReplicas: 0 | |
updatedReplicas: 0 | |
- apiVersion: v1 | |
kind: Service | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: mysql | |
name: system-mysql | |
spec: | |
ports: | |
- name: system-mysql | |
port: 3306 | |
protocol: TCP | |
targetPort: 3306 | |
selector: | |
deploymentConfig: system-mysql | |
status: | |
loadBalancer: {} | |
- apiVersion: v1 | |
data: | |
my.cnf: | | |
!include /etc/my.cnf | |
!includedir /etc/my-extra.d | |
kind: ConfigMap | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: mysql | |
name: mysql-main-conf | |
- apiVersion: v1 | |
data: | |
mysql-charset.cnf: | | |
[client] | |
default-character-set = utf8 | |
[mysql] | |
default-character-set = utf8 | |
[mysqld] | |
character-set-server = utf8 | |
collation-server = utf8_unicode_ci | |
kind: ConfigMap | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: mysql | |
name: mysql-extra-conf | |
- apiVersion: v1 | |
kind: PersistentVolumeClaim | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: mysql | |
name: mysql-storage | |
spec: | |
accessModes: | |
- ReadWriteOnce | |
dataSource: null | |
resources: | |
requests: | |
storage: 1Gi | |
status: {} | |
- apiVersion: v1 | |
kind: Secret | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
name: system-database | |
stringData: | |
DB_PASSWORD: ${SYSTEM_DATABASE_PASSWORD} | |
DB_USER: ${SYSTEM_DATABASE_USER} | |
URL: mysql2://root:${SYSTEM_DATABASE_ROOT_PASSWORD}@system-mysql/${SYSTEM_DATABASE} | |
type: Opaque | |
- apiVersion: apps.openshift.io/v1 | |
kind: DeploymentConfig | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: memcache | |
name: system-memcache | |
spec: | |
replicas: 1 | |
selector: | |
deploymentConfig: system-memcache | |
strategy: | |
resources: {} | |
rollingParams: | |
intervalSeconds: 1 | |
maxSurge: 25% | |
maxUnavailable: 25% | |
timeoutSeconds: 600 | |
updatePeriodSeconds: 1 | |
type: Rolling | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
deploymentConfig: system-memcache | |
threescale_component: system | |
threescale_component_element: memcache | |
spec: | |
containers: | |
- command: | |
- memcached | |
- -m | |
- "64" | |
image: system-memcached:latest | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
initialDelaySeconds: 10 | |
periodSeconds: 10 | |
tcpSocket: | |
port: 11211 | |
name: memcache | |
ports: | |
- containerPort: 11211 | |
protocol: TCP | |
readinessProbe: | |
exec: | |
command: | |
- sh | |
- -c | |
- echo version | nc $HOSTNAME 11211 | grep VERSION | |
initialDelaySeconds: 10 | |
periodSeconds: 30 | |
timeoutSeconds: 5 | |
resources: | |
limits: | |
cpu: 250m | |
memory: 96Mi | |
requests: | |
cpu: 50m | |
memory: 64Mi | |
serviceAccountName: amp | |
test: false | |
triggers: | |
- type: ConfigChange | |
- imageChangeParams: | |
automatic: true | |
containerNames: | |
- memcache | |
from: | |
kind: ImageStreamTag | |
name: system-memcached:latest | |
type: ImageChange | |
status: | |
availableReplicas: 0 | |
latestVersion: 0 | |
observedGeneration: 0 | |
replicas: 0 | |
unavailableReplicas: 0 | |
updatedReplicas: 0 | |
- apiVersion: v1 | |
kind: PersistentVolumeClaim | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: app | |
name: system-storage | |
spec: | |
accessModes: | |
- ReadWriteMany | |
dataSource: null | |
resources: | |
requests: | |
storage: 100Mi | |
storageClassName: ${{RWX_STORAGE_CLASS}} | |
status: {} | |
- apiVersion: v1 | |
kind: Service | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: provider-ui | |
name: system-provider | |
spec: | |
ports: | |
- name: http | |
port: 3000 | |
protocol: TCP | |
targetPort: provider | |
selector: | |
deploymentConfig: system-app | |
status: | |
loadBalancer: {} | |
- apiVersion: v1 | |
kind: Service | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: master-ui | |
name: system-master | |
spec: | |
ports: | |
- name: http | |
port: 3000 | |
protocol: TCP | |
targetPort: master | |
selector: | |
deploymentConfig: system-app | |
status: | |
loadBalancer: {} | |
- apiVersion: v1 | |
kind: Service | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: developer-ui | |
name: system-developer | |
spec: | |
ports: | |
- name: http | |
port: 3000 | |
protocol: TCP | |
targetPort: developer | |
selector: | |
deploymentConfig: system-app | |
status: | |
loadBalancer: {} | |
- apiVersion: v1 | |
kind: Service | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: sphinx | |
name: system-sphinx | |
spec: | |
ports: | |
- name: sphinx | |
port: 9306 | |
protocol: TCP | |
targetPort: 9306 | |
selector: | |
deploymentConfig: system-sphinx | |
status: | |
loadBalancer: {} | |
- apiVersion: v1 | |
kind: Service | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: memcache | |
name: system-memcache | |
spec: | |
ports: | |
- name: memcache | |
port: 11211 | |
protocol: TCP | |
targetPort: 11211 | |
selector: | |
deploymentConfig: system-memcache | |
status: | |
loadBalancer: {} | |
- apiVersion: v1 | |
data: | |
rolling_updates.yml: | | |
production: {} | |
service_discovery.yml: | | |
production: | |
enabled: <%= cluster_token_file_exists = File.exists?(cluster_token_file_path = '/var/run/secrets/kubernetes.io/serviceaccount/token') %> | |
server_scheme: 'https' | |
server_host: 'kubernetes.default.svc.cluster.local' | |
server_port: 443 | |
bearer_token: "<%= File.read(cluster_token_file_path) if cluster_token_file_exists %>" | |
authentication_method: service_account # can be service_account|oauth | |
oauth_server_type: builtin # can be builtin|rh_sso | |
client_id: | |
client_secret: | |
timeout: 1 | |
open_timeout: 1 | |
max_retry: 5 | |
verify_ssl: <%= OpenSSL::SSL::VERIFY_NONE %> # 0 | |
zync.yml: | | |
production: | |
endpoint: 'http://zync:8080' | |
authentication: | |
token: "<%= ENV.fetch('ZYNC_AUTHENTICATION_TOKEN') %>" | |
connect_timeout: 5 | |
send_timeout: 5 | |
receive_timeout: 10 | |
root_url: | |
kind: ConfigMap | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
name: system | |
- apiVersion: v1 | |
data: | |
address: "" | |
authentication: "" | |
domain: "" | |
openssl.verify.mode: "" | |
password: "" | |
port: "" | |
username: "" | |
kind: ConfigMap | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: smtp | |
name: smtp | |
- apiVersion: v1 | |
data: | |
AMP_RELEASE: ${AMP_RELEASE} | |
APICAST_REGISTRY_URL: ${APICAST_REGISTRY_URL} | |
FORCE_SSL: "true" | |
PROVIDER_PLAN: enterprise | |
RAILS_ENV: production | |
RAILS_LOG_LEVEL: info | |
RAILS_LOG_TO_STDOUT: "true" | |
SSL_CERT_DIR: /etc/pki/tls/certs | |
THINKING_SPHINX_PORT: "9306" | |
THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE: VERIFY_NONE | |
THREESCALE_SUPERDOMAIN: ${WILDCARD_DOMAIN} | |
kind: ConfigMap | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
name: system-environment | |
- apiVersion: apps.openshift.io/v1 | |
kind: DeploymentConfig | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: app | |
name: system-app | |
spec: | |
replicas: 1 | |
selector: | |
deploymentConfig: system-app | |
strategy: | |
resources: {} | |
rollingParams: | |
intervalSeconds: 1 | |
maxSurge: 25% | |
maxUnavailable: 25% | |
post: | |
execNewPod: | |
command: | |
- bash | |
- -c | |
- bundle exec rake boot openshift:post_deploy | |
containerName: system-master | |
failurePolicy: Abort | |
pre: | |
execNewPod: | |
command: | |
- bash | |
- -c | |
- bundle exec rake boot openshift:deploy MASTER_ACCESS_TOKEN="${MASTER_ACCESS_TOKEN}" | |
containerName: system-master | |
env: | |
- name: AMP_RELEASE | |
valueFrom: | |
configMapKeyRef: | |
key: AMP_RELEASE | |
name: system-environment | |
- name: APICAST_REGISTRY_URL | |
valueFrom: | |
configMapKeyRef: | |
key: APICAST_REGISTRY_URL | |
name: system-environment | |
- name: FORCE_SSL | |
valueFrom: | |
configMapKeyRef: | |
key: FORCE_SSL | |
name: system-environment | |
- name: PROVIDER_PLAN | |
valueFrom: | |
configMapKeyRef: | |
key: PROVIDER_PLAN | |
name: system-environment | |
- name: RAILS_ENV | |
valueFrom: | |
configMapKeyRef: | |
key: RAILS_ENV | |
name: system-environment | |
- name: RAILS_LOG_LEVEL | |
valueFrom: | |
configMapKeyRef: | |
key: RAILS_LOG_LEVEL | |
name: system-environment | |
- name: RAILS_LOG_TO_STDOUT | |
valueFrom: | |
configMapKeyRef: | |
key: RAILS_LOG_TO_STDOUT | |
name: system-environment | |
- name: SSL_CERT_DIR | |
valueFrom: | |
configMapKeyRef: | |
key: SSL_CERT_DIR | |
name: system-environment | |
- name: THINKING_SPHINX_PORT | |
valueFrom: | |
configMapKeyRef: | |
key: THINKING_SPHINX_PORT | |
name: system-environment | |
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE | |
valueFrom: | |
configMapKeyRef: | |
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE | |
name: system-environment | |
- name: THREESCALE_SUPERDOMAIN | |
valueFrom: | |
configMapKeyRef: | |
key: THREESCALE_SUPERDOMAIN | |
name: system-environment | |
- name: DATABASE_URL | |
valueFrom: | |
secretKeyRef: | |
key: URL | |
name: system-database | |
- name: MASTER_DOMAIN | |
valueFrom: | |
secretKeyRef: | |
key: MASTER_DOMAIN | |
name: system-seed | |
- name: MASTER_USER | |
valueFrom: | |
secretKeyRef: | |
key: MASTER_USER | |
name: system-seed | |
- name: MASTER_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: MASTER_PASSWORD | |
name: system-seed | |
- name: ADMIN_ACCESS_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_ACCESS_TOKEN | |
name: system-seed | |
- name: USER_LOGIN | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_USER | |
name: system-seed | |
- name: USER_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_PASSWORD | |
name: system-seed | |
- name: USER_EMAIL | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_EMAIL | |
name: system-seed | |
- name: TENANT_NAME | |
valueFrom: | |
secretKeyRef: | |
key: TENANT_NAME | |
name: system-seed | |
- name: THINKING_SPHINX_ADDRESS | |
value: system-sphinx | |
- name: THINKING_SPHINX_CONFIGURATION_FILE | |
value: /tmp/sphinx.conf | |
- name: EVENTS_SHARED_SECRET | |
valueFrom: | |
secretKeyRef: | |
key: PASSWORD | |
name: system-events-hook | |
- name: RECAPTCHA_PUBLIC_KEY | |
valueFrom: | |
secretKeyRef: | |
key: PUBLIC_KEY | |
name: system-recaptcha | |
- name: RECAPTCHA_PRIVATE_KEY | |
valueFrom: | |
secretKeyRef: | |
key: PRIVATE_KEY | |
name: system-recaptcha | |
- name: SECRET_KEY_BASE | |
valueFrom: | |
secretKeyRef: | |
key: SECRET_KEY_BASE | |
name: system-app | |
- name: MEMCACHE_SERVERS | |
valueFrom: | |
secretKeyRef: | |
key: SERVERS | |
name: system-memcache | |
- name: REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: URL | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_URL | |
name: system-redis | |
- name: REDIS_NAMESPACE | |
valueFrom: | |
secretKeyRef: | |
key: NAMESPACE | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_NAMESPACE | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_NAMESPACE | |
name: system-redis | |
- name: REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: SENTINEL_HOSTS | |
name: system-redis | |
- name: REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: SENTINEL_ROLE | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_SENTINEL_HOSTS | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_SENTINEL_ROLE | |
name: system-redis | |
- name: BACKEND_REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_URL | |
name: backend-redis | |
- name: BACKEND_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_HOSTS | |
name: backend-redis | |
- name: BACKEND_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_ROLE | |
name: backend-redis | |
- name: APICAST_BACKEND_ROOT_ENDPOINT | |
valueFrom: | |
secretKeyRef: | |
key: route_endpoint | |
name: backend-listener | |
- name: BACKEND_ROUTE | |
valueFrom: | |
secretKeyRef: | |
key: route_endpoint | |
name: backend-listener | |
- name: SMTP_ADDRESS | |
valueFrom: | |
configMapKeyRef: | |
key: address | |
name: smtp | |
- name: SMTP_USER_NAME | |
valueFrom: | |
configMapKeyRef: | |
key: username | |
name: smtp | |
- name: SMTP_PASSWORD | |
valueFrom: | |
configMapKeyRef: | |
key: password | |
name: smtp | |
- name: SMTP_DOMAIN | |
valueFrom: | |
configMapKeyRef: | |
key: domain | |
name: smtp | |
- name: SMTP_PORT | |
valueFrom: | |
configMapKeyRef: | |
key: port | |
name: smtp | |
- name: SMTP_AUTHENTICATION | |
valueFrom: | |
configMapKeyRef: | |
key: authentication | |
name: smtp | |
- name: SMTP_OPENSSL_VERIFY_MODE | |
valueFrom: | |
configMapKeyRef: | |
key: openssl.verify.mode | |
name: smtp | |
- name: APICAST_ACCESS_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ACCESS_TOKEN | |
name: system-master-apicast | |
- name: ZYNC_AUTHENTICATION_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ZYNC_AUTHENTICATION_TOKEN | |
name: zync | |
- name: CONFIG_INTERNAL_API_USER | |
valueFrom: | |
secretKeyRef: | |
key: username | |
name: backend-internal-api | |
- name: CONFIG_INTERNAL_API_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: password | |
name: backend-internal-api | |
volumes: | |
- system-storage | |
failurePolicy: Retry | |
timeoutSeconds: 1200 | |
updatePeriodSeconds: 1 | |
type: Rolling | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
deploymentConfig: system-app | |
threescale_component: system | |
threescale_component_element: app | |
spec: | |
containers: | |
- args: | |
- env | |
- TENANT_MODE=master | |
- PORT=3002 | |
- container-entrypoint | |
- bundle | |
- exec | |
- unicorn | |
- -c | |
- config/unicorn.rb | |
env: | |
- name: AMP_RELEASE | |
valueFrom: | |
configMapKeyRef: | |
key: AMP_RELEASE | |
name: system-environment | |
- name: APICAST_REGISTRY_URL | |
valueFrom: | |
configMapKeyRef: | |
key: APICAST_REGISTRY_URL | |
name: system-environment | |
- name: FORCE_SSL | |
valueFrom: | |
configMapKeyRef: | |
key: FORCE_SSL | |
name: system-environment | |
- name: PROVIDER_PLAN | |
valueFrom: | |
configMapKeyRef: | |
key: PROVIDER_PLAN | |
name: system-environment | |
- name: RAILS_ENV | |
valueFrom: | |
configMapKeyRef: | |
key: RAILS_ENV | |
name: system-environment | |
- name: RAILS_LOG_LEVEL | |
valueFrom: | |
configMapKeyRef: | |
key: RAILS_LOG_LEVEL | |
name: system-environment | |
- name: RAILS_LOG_TO_STDOUT | |
valueFrom: | |
configMapKeyRef: | |
key: RAILS_LOG_TO_STDOUT | |
name: system-environment | |
- name: SSL_CERT_DIR | |
valueFrom: | |
configMapKeyRef: | |
key: SSL_CERT_DIR | |
name: system-environment | |
- name: THINKING_SPHINX_PORT | |
valueFrom: | |
configMapKeyRef: | |
key: THINKING_SPHINX_PORT | |
name: system-environment | |
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE | |
valueFrom: | |
configMapKeyRef: | |
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE | |
name: system-environment | |
- name: THREESCALE_SUPERDOMAIN | |
valueFrom: | |
configMapKeyRef: | |
key: THREESCALE_SUPERDOMAIN | |
name: system-environment | |
- name: DATABASE_URL | |
valueFrom: | |
secretKeyRef: | |
key: URL | |
name: system-database | |
- name: MASTER_DOMAIN | |
valueFrom: | |
secretKeyRef: | |
key: MASTER_DOMAIN | |
name: system-seed | |
- name: MASTER_USER | |
valueFrom: | |
secretKeyRef: | |
key: MASTER_USER | |
name: system-seed | |
- name: MASTER_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: MASTER_PASSWORD | |
name: system-seed | |
- name: ADMIN_ACCESS_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_ACCESS_TOKEN | |
name: system-seed | |
- name: USER_LOGIN | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_USER | |
name: system-seed | |
- name: USER_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_PASSWORD | |
name: system-seed | |
- name: USER_EMAIL | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_EMAIL | |
name: system-seed | |
- name: TENANT_NAME | |
valueFrom: | |
secretKeyRef: | |
key: TENANT_NAME | |
name: system-seed | |
- name: THINKING_SPHINX_ADDRESS | |
value: system-sphinx | |
- name: THINKING_SPHINX_CONFIGURATION_FILE | |
value: /tmp/sphinx.conf | |
- name: EVENTS_SHARED_SECRET | |
valueFrom: | |
secretKeyRef: | |
key: PASSWORD | |
name: system-events-hook | |
- name: RECAPTCHA_PUBLIC_KEY | |
valueFrom: | |
secretKeyRef: | |
key: PUBLIC_KEY | |
name: system-recaptcha | |
- name: RECAPTCHA_PRIVATE_KEY | |
valueFrom: | |
secretKeyRef: | |
key: PRIVATE_KEY | |
name: system-recaptcha | |
- name: SECRET_KEY_BASE | |
valueFrom: | |
secretKeyRef: | |
key: SECRET_KEY_BASE | |
name: system-app | |
- name: MEMCACHE_SERVERS | |
valueFrom: | |
secretKeyRef: | |
key: SERVERS | |
name: system-memcache | |
- name: REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: URL | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_URL | |
name: system-redis | |
- name: REDIS_NAMESPACE | |
valueFrom: | |
secretKeyRef: | |
key: NAMESPACE | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_NAMESPACE | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_NAMESPACE | |
name: system-redis | |
- name: REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: SENTINEL_HOSTS | |
name: system-redis | |
- name: REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: SENTINEL_ROLE | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_SENTINEL_HOSTS | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_SENTINEL_ROLE | |
name: system-redis | |
- name: BACKEND_REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_URL | |
name: backend-redis | |
- name: BACKEND_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_HOSTS | |
name: backend-redis | |
- name: BACKEND_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_ROLE | |
name: backend-redis | |
- name: APICAST_BACKEND_ROOT_ENDPOINT | |
valueFrom: | |
secretKeyRef: | |
key: route_endpoint | |
name: backend-listener | |
- name: BACKEND_ROUTE | |
valueFrom: | |
secretKeyRef: | |
key: route_endpoint | |
name: backend-listener | |
- name: SMTP_ADDRESS | |
valueFrom: | |
configMapKeyRef: | |
key: address | |
name: smtp | |
- name: SMTP_USER_NAME | |
valueFrom: | |
configMapKeyRef: | |
key: username | |
name: smtp | |
- name: SMTP_PASSWORD | |
valueFrom: | |
configMapKeyRef: | |
key: password | |
name: smtp | |
- name: SMTP_DOMAIN | |
valueFrom: | |
configMapKeyRef: | |
key: domain | |
name: smtp | |
- name: SMTP_PORT | |
valueFrom: | |
configMapKeyRef: | |
key: port | |
name: smtp | |
- name: SMTP_AUTHENTICATION | |
valueFrom: | |
configMapKeyRef: | |
key: authentication | |
name: smtp | |
- name: SMTP_OPENSSL_VERIFY_MODE | |
valueFrom: | |
configMapKeyRef: | |
key: openssl.verify.mode | |
name: smtp | |
- name: APICAST_ACCESS_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ACCESS_TOKEN | |
name: system-master-apicast | |
- name: ZYNC_AUTHENTICATION_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ZYNC_AUTHENTICATION_TOKEN | |
name: zync | |
- name: CONFIG_INTERNAL_API_USER | |
valueFrom: | |
secretKeyRef: | |
key: username | |
name: backend-internal-api | |
- name: CONFIG_INTERNAL_API_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: password | |
name: backend-internal-api | |
image: amp-system:latest | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
failureThreshold: 40 | |
initialDelaySeconds: 40 | |
periodSeconds: 10 | |
tcpSocket: | |
port: master | |
timeoutSeconds: 10 | |
name: system-master | |
ports: | |
- containerPort: 3002 | |
name: master | |
protocol: TCP | |
readinessProbe: | |
failureThreshold: 10 | |
httpGet: | |
httpHeaders: | |
- name: X-Forwarded-Proto | |
value: https | |
path: /check.txt | |
port: master | |
scheme: HTTP | |
initialDelaySeconds: 60 | |
periodSeconds: 30 | |
timeoutSeconds: 10 | |
resources: | |
limits: | |
cpu: "1" | |
memory: 800Mi | |
requests: | |
cpu: 50m | |
memory: 600Mi | |
volumeMounts: | |
- mountPath: /opt/system/public/system | |
name: system-storage | |
- mountPath: /opt/system-extra-configs | |
name: system-config | |
- args: | |
- env | |
- TENANT_MODE=provider | |
- PORT=3000 | |
- container-entrypoint | |
- bundle | |
- exec | |
- unicorn | |
- -c | |
- config/unicorn.rb | |
env: | |
- name: AMP_RELEASE | |
valueFrom: | |
configMapKeyRef: | |
key: AMP_RELEASE | |
name: system-environment | |
- name: APICAST_REGISTRY_URL | |
valueFrom: | |
configMapKeyRef: | |
key: APICAST_REGISTRY_URL | |
name: system-environment | |
- name: FORCE_SSL | |
valueFrom: | |
configMapKeyRef: | |
key: FORCE_SSL | |
name: system-environment | |
- name: PROVIDER_PLAN | |
valueFrom: | |
configMapKeyRef: | |
key: PROVIDER_PLAN | |
name: system-environment | |
- name: RAILS_ENV | |
valueFrom: | |
configMapKeyRef: | |
key: RAILS_ENV | |
name: system-environment | |
- name: RAILS_LOG_LEVEL | |
valueFrom: | |
configMapKeyRef: | |
key: RAILS_LOG_LEVEL | |
name: system-environment | |
- name: RAILS_LOG_TO_STDOUT | |
valueFrom: | |
configMapKeyRef: | |
key: RAILS_LOG_TO_STDOUT | |
name: system-environment | |
- name: SSL_CERT_DIR | |
valueFrom: | |
configMapKeyRef: | |
key: SSL_CERT_DIR | |
name: system-environment | |
- name: THINKING_SPHINX_PORT | |
valueFrom: | |
configMapKeyRef: | |
key: THINKING_SPHINX_PORT | |
name: system-environment | |
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE | |
valueFrom: | |
configMapKeyRef: | |
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE | |
name: system-environment | |
- name: THREESCALE_SUPERDOMAIN | |
valueFrom: | |
configMapKeyRef: | |
key: THREESCALE_SUPERDOMAIN | |
name: system-environment | |
- name: DATABASE_URL | |
valueFrom: | |
secretKeyRef: | |
key: URL | |
name: system-database | |
- name: MASTER_DOMAIN | |
valueFrom: | |
secretKeyRef: | |
key: MASTER_DOMAIN | |
name: system-seed | |
- name: MASTER_USER | |
valueFrom: | |
secretKeyRef: | |
key: MASTER_USER | |
name: system-seed | |
- name: MASTER_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: MASTER_PASSWORD | |
name: system-seed | |
- name: ADMIN_ACCESS_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_ACCESS_TOKEN | |
name: system-seed | |
- name: USER_LOGIN | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_USER | |
name: system-seed | |
- name: USER_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_PASSWORD | |
name: system-seed | |
- name: USER_EMAIL | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_EMAIL | |
name: system-seed | |
- name: TENANT_NAME | |
valueFrom: | |
secretKeyRef: | |
key: TENANT_NAME | |
name: system-seed | |
- name: THINKING_SPHINX_ADDRESS | |
value: system-sphinx | |
- name: THINKING_SPHINX_CONFIGURATION_FILE | |
value: /tmp/sphinx.conf | |
- name: EVENTS_SHARED_SECRET | |
valueFrom: | |
secretKeyRef: | |
key: PASSWORD | |
name: system-events-hook | |
- name: RECAPTCHA_PUBLIC_KEY | |
valueFrom: | |
secretKeyRef: | |
key: PUBLIC_KEY | |
name: system-recaptcha | |
- name: RECAPTCHA_PRIVATE_KEY | |
valueFrom: | |
secretKeyRef: | |
key: PRIVATE_KEY | |
name: system-recaptcha | |
- name: SECRET_KEY_BASE | |
valueFrom: | |
secretKeyRef: | |
key: SECRET_KEY_BASE | |
name: system-app | |
- name: MEMCACHE_SERVERS | |
valueFrom: | |
secretKeyRef: | |
key: SERVERS | |
name: system-memcache | |
- name: REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: URL | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_URL | |
name: system-redis | |
- name: REDIS_NAMESPACE | |
valueFrom: | |
secretKeyRef: | |
key: NAMESPACE | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_NAMESPACE | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_NAMESPACE | |
name: system-redis | |
- name: REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: SENTINEL_HOSTS | |
name: system-redis | |
- name: REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: SENTINEL_ROLE | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_SENTINEL_HOSTS | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_SENTINEL_ROLE | |
name: system-redis | |
- name: BACKEND_REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_URL | |
name: backend-redis | |
- name: BACKEND_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_HOSTS | |
name: backend-redis | |
- name: BACKEND_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_ROLE | |
name: backend-redis | |
- name: APICAST_BACKEND_ROOT_ENDPOINT | |
valueFrom: | |
secretKeyRef: | |
key: route_endpoint | |
name: backend-listener | |
- name: BACKEND_ROUTE | |
valueFrom: | |
secretKeyRef: | |
key: route_endpoint | |
name: backend-listener | |
- name: SMTP_ADDRESS | |
valueFrom: | |
configMapKeyRef: | |
key: address | |
name: smtp | |
- name: SMTP_USER_NAME | |
valueFrom: | |
configMapKeyRef: | |
key: username | |
name: smtp | |
- name: SMTP_PASSWORD | |
valueFrom: | |
configMapKeyRef: | |
key: password | |
name: smtp | |
- name: SMTP_DOMAIN | |
valueFrom: | |
configMapKeyRef: | |
key: domain | |
name: smtp | |
- name: SMTP_PORT | |
valueFrom: | |
configMapKeyRef: | |
key: port | |
name: smtp | |
- name: SMTP_AUTHENTICATION | |
valueFrom: | |
configMapKeyRef: | |
key: authentication | |
name: smtp | |
- name: SMTP_OPENSSL_VERIFY_MODE | |
valueFrom: | |
configMapKeyRef: | |
key: openssl.verify.mode | |
name: smtp | |
- name: APICAST_ACCESS_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ACCESS_TOKEN | |
name: system-master-apicast | |
- name: ZYNC_AUTHENTICATION_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ZYNC_AUTHENTICATION_TOKEN | |
name: zync | |
- name: CONFIG_INTERNAL_API_USER | |
valueFrom: | |
secretKeyRef: | |
key: username | |
name: backend-internal-api | |
- name: CONFIG_INTERNAL_API_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: password | |
name: backend-internal-api | |
image: amp-system:latest | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
failureThreshold: 40 | |
initialDelaySeconds: 40 | |
periodSeconds: 10 | |
tcpSocket: | |
port: provider | |
timeoutSeconds: 10 | |
name: system-provider | |
ports: | |
- containerPort: 3000 | |
name: provider | |
protocol: TCP | |
readinessProbe: | |
failureThreshold: 10 | |
httpGet: | |
httpHeaders: | |
- name: X-Forwarded-Proto | |
value: https | |
path: /check.txt | |
port: provider | |
scheme: HTTP | |
initialDelaySeconds: 60 | |
periodSeconds: 30 | |
timeoutSeconds: 10 | |
resources: | |
limits: | |
cpu: "1" | |
memory: 800Mi | |
requests: | |
cpu: 50m | |
memory: 600Mi | |
volumeMounts: | |
- mountPath: /opt/system/public/system | |
name: system-storage | |
- mountPath: /opt/system-extra-configs | |
name: system-config | |
- args: | |
- env | |
- PORT=3001 | |
- container-entrypoint | |
- bundle | |
- exec | |
- unicorn | |
- -c | |
- config/unicorn.rb | |
env: | |
- name: AMP_RELEASE | |
valueFrom: | |
configMapKeyRef: | |
key: AMP_RELEASE | |
name: system-environment | |
- name: APICAST_REGISTRY_URL | |
valueFrom: | |
configMapKeyRef: | |
key: APICAST_REGISTRY_URL | |
name: system-environment | |
- name: FORCE_SSL | |
valueFrom: | |
configMapKeyRef: | |
key: FORCE_SSL | |
name: system-environment | |
- name: PROVIDER_PLAN | |
valueFrom: | |
configMapKeyRef: | |
key: PROVIDER_PLAN | |
name: system-environment | |
- name: RAILS_ENV | |
valueFrom: | |
configMapKeyRef: | |
key: RAILS_ENV | |
name: system-environment | |
- name: RAILS_LOG_LEVEL | |
valueFrom: | |
configMapKeyRef: | |
key: RAILS_LOG_LEVEL | |
name: system-environment | |
- name: RAILS_LOG_TO_STDOUT | |
valueFrom: | |
configMapKeyRef: | |
key: RAILS_LOG_TO_STDOUT | |
name: system-environment | |
- name: SSL_CERT_DIR | |
valueFrom: | |
configMapKeyRef: | |
key: SSL_CERT_DIR | |
name: system-environment | |
- name: THINKING_SPHINX_PORT | |
valueFrom: | |
configMapKeyRef: | |
key: THINKING_SPHINX_PORT | |
name: system-environment | |
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE | |
valueFrom: | |
configMapKeyRef: | |
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE | |
name: system-environment | |
- name: THREESCALE_SUPERDOMAIN | |
valueFrom: | |
configMapKeyRef: | |
key: THREESCALE_SUPERDOMAIN | |
name: system-environment | |
- name: DATABASE_URL | |
valueFrom: | |
secretKeyRef: | |
key: URL | |
name: system-database | |
- name: MASTER_DOMAIN | |
valueFrom: | |
secretKeyRef: | |
key: MASTER_DOMAIN | |
name: system-seed | |
- name: MASTER_USER | |
valueFrom: | |
secretKeyRef: | |
key: MASTER_USER | |
name: system-seed | |
- name: MASTER_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: MASTER_PASSWORD | |
name: system-seed | |
- name: ADMIN_ACCESS_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_ACCESS_TOKEN | |
name: system-seed | |
- name: USER_LOGIN | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_USER | |
name: system-seed | |
- name: USER_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_PASSWORD | |
name: system-seed | |
- name: USER_EMAIL | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_EMAIL | |
name: system-seed | |
- name: TENANT_NAME | |
valueFrom: | |
secretKeyRef: | |
key: TENANT_NAME | |
name: system-seed | |
- name: THINKING_SPHINX_ADDRESS | |
value: system-sphinx | |
- name: THINKING_SPHINX_CONFIGURATION_FILE | |
value: /tmp/sphinx.conf | |
- name: EVENTS_SHARED_SECRET | |
valueFrom: | |
secretKeyRef: | |
key: PASSWORD | |
name: system-events-hook | |
- name: RECAPTCHA_PUBLIC_KEY | |
valueFrom: | |
secretKeyRef: | |
key: PUBLIC_KEY | |
name: system-recaptcha | |
- name: RECAPTCHA_PRIVATE_KEY | |
valueFrom: | |
secretKeyRef: | |
key: PRIVATE_KEY | |
name: system-recaptcha | |
- name: SECRET_KEY_BASE | |
valueFrom: | |
secretKeyRef: | |
key: SECRET_KEY_BASE | |
name: system-app | |
- name: MEMCACHE_SERVERS | |
valueFrom: | |
secretKeyRef: | |
key: SERVERS | |
name: system-memcache | |
- name: REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: URL | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_URL | |
name: system-redis | |
- name: REDIS_NAMESPACE | |
valueFrom: | |
secretKeyRef: | |
key: NAMESPACE | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_NAMESPACE | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_NAMESPACE | |
name: system-redis | |
- name: REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: SENTINEL_HOSTS | |
name: system-redis | |
- name: REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: SENTINEL_ROLE | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_SENTINEL_HOSTS | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_SENTINEL_ROLE | |
name: system-redis | |
- name: BACKEND_REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_URL | |
name: backend-redis | |
- name: BACKEND_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_HOSTS | |
name: backend-redis | |
- name: BACKEND_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_ROLE | |
name: backend-redis | |
- name: APICAST_BACKEND_ROOT_ENDPOINT | |
valueFrom: | |
secretKeyRef: | |
key: route_endpoint | |
name: backend-listener | |
- name: BACKEND_ROUTE | |
valueFrom: | |
secretKeyRef: | |
key: route_endpoint | |
name: backend-listener | |
- name: SMTP_ADDRESS | |
valueFrom: | |
configMapKeyRef: | |
key: address | |
name: smtp | |
- name: SMTP_USER_NAME | |
valueFrom: | |
configMapKeyRef: | |
key: username | |
name: smtp | |
- name: SMTP_PASSWORD | |
valueFrom: | |
configMapKeyRef: | |
key: password | |
name: smtp | |
- name: SMTP_DOMAIN | |
valueFrom: | |
configMapKeyRef: | |
key: domain | |
name: smtp | |
- name: SMTP_PORT | |
valueFrom: | |
configMapKeyRef: | |
key: port | |
name: smtp | |
- name: SMTP_AUTHENTICATION | |
valueFrom: | |
configMapKeyRef: | |
key: authentication | |
name: smtp | |
- name: SMTP_OPENSSL_VERIFY_MODE | |
valueFrom: | |
configMapKeyRef: | |
key: openssl.verify.mode | |
name: smtp | |
- name: APICAST_ACCESS_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ACCESS_TOKEN | |
name: system-master-apicast | |
- name: ZYNC_AUTHENTICATION_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ZYNC_AUTHENTICATION_TOKEN | |
name: zync | |
- name: CONFIG_INTERNAL_API_USER | |
valueFrom: | |
secretKeyRef: | |
key: username | |
name: backend-internal-api | |
- name: CONFIG_INTERNAL_API_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: password | |
name: backend-internal-api | |
image: amp-system:latest | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
failureThreshold: 40 | |
initialDelaySeconds: 40 | |
periodSeconds: 10 | |
tcpSocket: | |
port: developer | |
timeoutSeconds: 10 | |
name: system-developer | |
ports: | |
- containerPort: 3001 | |
name: developer | |
protocol: TCP | |
readinessProbe: | |
failureThreshold: 10 | |
httpGet: | |
httpHeaders: | |
- name: X-Forwarded-Proto | |
value: https | |
path: /check.txt | |
port: developer | |
scheme: HTTP | |
initialDelaySeconds: 60 | |
periodSeconds: 30 | |
timeoutSeconds: 10 | |
resources: | |
limits: | |
cpu: "1" | |
memory: 800Mi | |
requests: | |
cpu: 50m | |
memory: 600Mi | |
volumeMounts: | |
- mountPath: /opt/system/public/system | |
name: system-storage | |
readOnly: true | |
- mountPath: /opt/system-extra-configs | |
name: system-config | |
serviceAccountName: amp | |
volumes: | |
- name: system-storage | |
persistentVolumeClaim: | |
claimName: system-storage | |
- configMap: | |
items: | |
- key: zync.yml | |
path: zync.yml | |
- key: rolling_updates.yml | |
path: rolling_updates.yml | |
- key: service_discovery.yml | |
path: service_discovery.yml | |
name: system | |
name: system-config | |
test: false | |
triggers: | |
- type: ConfigChange | |
- imageChangeParams: | |
automatic: true | |
containerNames: | |
- system-provider | |
- system-developer | |
- system-master | |
from: | |
kind: ImageStreamTag | |
name: amp-system:latest | |
type: ImageChange | |
status: | |
availableReplicas: 0 | |
latestVersion: 0 | |
observedGeneration: 0 | |
replicas: 0 | |
unavailableReplicas: 0 | |
updatedReplicas: 0 | |
- apiVersion: apps.openshift.io/v1 | |
kind: DeploymentConfig | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: sidekiq | |
name: system-sidekiq | |
spec: | |
replicas: 1 | |
selector: | |
deploymentConfig: system-sidekiq | |
strategy: | |
resources: {} | |
rollingParams: | |
intervalSeconds: 1 | |
maxSurge: 25% | |
maxUnavailable: 25% | |
timeoutSeconds: 1200 | |
updatePeriodSeconds: 1 | |
type: Rolling | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
deploymentConfig: system-sidekiq | |
threescale_component: system | |
threescale_component_element: sidekiq | |
spec: | |
containers: | |
- args: | |
- rake | |
- sidekiq:worker | |
- RAILS_MAX_THREADS=25 | |
env: | |
- name: AMP_RELEASE | |
valueFrom: | |
configMapKeyRef: | |
key: AMP_RELEASE | |
name: system-environment | |
- name: APICAST_REGISTRY_URL | |
valueFrom: | |
configMapKeyRef: | |
key: APICAST_REGISTRY_URL | |
name: system-environment | |
- name: FORCE_SSL | |
valueFrom: | |
configMapKeyRef: | |
key: FORCE_SSL | |
name: system-environment | |
- name: PROVIDER_PLAN | |
valueFrom: | |
configMapKeyRef: | |
key: PROVIDER_PLAN | |
name: system-environment | |
- name: RAILS_ENV | |
valueFrom: | |
configMapKeyRef: | |
key: RAILS_ENV | |
name: system-environment | |
- name: RAILS_LOG_LEVEL | |
valueFrom: | |
configMapKeyRef: | |
key: RAILS_LOG_LEVEL | |
name: system-environment | |
- name: RAILS_LOG_TO_STDOUT | |
valueFrom: | |
configMapKeyRef: | |
key: RAILS_LOG_TO_STDOUT | |
name: system-environment | |
- name: SSL_CERT_DIR | |
valueFrom: | |
configMapKeyRef: | |
key: SSL_CERT_DIR | |
name: system-environment | |
- name: THINKING_SPHINX_PORT | |
valueFrom: | |
configMapKeyRef: | |
key: THINKING_SPHINX_PORT | |
name: system-environment | |
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE | |
valueFrom: | |
configMapKeyRef: | |
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE | |
name: system-environment | |
- name: THREESCALE_SUPERDOMAIN | |
valueFrom: | |
configMapKeyRef: | |
key: THREESCALE_SUPERDOMAIN | |
name: system-environment | |
- name: DATABASE_URL | |
valueFrom: | |
secretKeyRef: | |
key: URL | |
name: system-database | |
- name: MASTER_DOMAIN | |
valueFrom: | |
secretKeyRef: | |
key: MASTER_DOMAIN | |
name: system-seed | |
- name: MASTER_USER | |
valueFrom: | |
secretKeyRef: | |
key: MASTER_USER | |
name: system-seed | |
- name: MASTER_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: MASTER_PASSWORD | |
name: system-seed | |
- name: ADMIN_ACCESS_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_ACCESS_TOKEN | |
name: system-seed | |
- name: USER_LOGIN | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_USER | |
name: system-seed | |
- name: USER_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_PASSWORD | |
name: system-seed | |
- name: USER_EMAIL | |
valueFrom: | |
secretKeyRef: | |
key: ADMIN_EMAIL | |
name: system-seed | |
- name: TENANT_NAME | |
valueFrom: | |
secretKeyRef: | |
key: TENANT_NAME | |
name: system-seed | |
- name: THINKING_SPHINX_ADDRESS | |
value: system-sphinx | |
- name: THINKING_SPHINX_CONFIGURATION_FILE | |
value: /tmp/sphinx.conf | |
- name: EVENTS_SHARED_SECRET | |
valueFrom: | |
secretKeyRef: | |
key: PASSWORD | |
name: system-events-hook | |
- name: RECAPTCHA_PUBLIC_KEY | |
valueFrom: | |
secretKeyRef: | |
key: PUBLIC_KEY | |
name: system-recaptcha | |
- name: RECAPTCHA_PRIVATE_KEY | |
valueFrom: | |
secretKeyRef: | |
key: PRIVATE_KEY | |
name: system-recaptcha | |
- name: SECRET_KEY_BASE | |
valueFrom: | |
secretKeyRef: | |
key: SECRET_KEY_BASE | |
name: system-app | |
- name: MEMCACHE_SERVERS | |
valueFrom: | |
secretKeyRef: | |
key: SERVERS | |
name: system-memcache | |
- name: REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: URL | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_URL | |
name: system-redis | |
- name: REDIS_NAMESPACE | |
valueFrom: | |
secretKeyRef: | |
key: NAMESPACE | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_NAMESPACE | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_NAMESPACE | |
name: system-redis | |
- name: REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: SENTINEL_HOSTS | |
name: system-redis | |
- name: REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: SENTINEL_ROLE | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_SENTINEL_HOSTS | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_SENTINEL_ROLE | |
name: system-redis | |
- name: BACKEND_REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_URL | |
name: backend-redis | |
- name: BACKEND_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_HOSTS | |
name: backend-redis | |
- name: BACKEND_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: REDIS_STORAGE_SENTINEL_ROLE | |
name: backend-redis | |
- name: APICAST_BACKEND_ROOT_ENDPOINT | |
valueFrom: | |
secretKeyRef: | |
key: route_endpoint | |
name: backend-listener | |
- name: BACKEND_ROUTE | |
valueFrom: | |
secretKeyRef: | |
key: route_endpoint | |
name: backend-listener | |
- name: SMTP_ADDRESS | |
valueFrom: | |
configMapKeyRef: | |
key: address | |
name: smtp | |
- name: SMTP_USER_NAME | |
valueFrom: | |
configMapKeyRef: | |
key: username | |
name: smtp | |
- name: SMTP_PASSWORD | |
valueFrom: | |
configMapKeyRef: | |
key: password | |
name: smtp | |
- name: SMTP_DOMAIN | |
valueFrom: | |
configMapKeyRef: | |
key: domain | |
name: smtp | |
- name: SMTP_PORT | |
valueFrom: | |
configMapKeyRef: | |
key: port | |
name: smtp | |
- name: SMTP_AUTHENTICATION | |
valueFrom: | |
configMapKeyRef: | |
key: authentication | |
name: smtp | |
- name: SMTP_OPENSSL_VERIFY_MODE | |
valueFrom: | |
configMapKeyRef: | |
key: openssl.verify.mode | |
name: smtp | |
- name: APICAST_ACCESS_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ACCESS_TOKEN | |
name: system-master-apicast | |
- name: ZYNC_AUTHENTICATION_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ZYNC_AUTHENTICATION_TOKEN | |
name: zync | |
- name: CONFIG_INTERNAL_API_USER | |
valueFrom: | |
secretKeyRef: | |
key: username | |
name: backend-internal-api | |
- name: CONFIG_INTERNAL_API_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: password | |
name: backend-internal-api | |
image: amp-system:latest | |
imagePullPolicy: IfNotPresent | |
name: system-sidekiq | |
resources: | |
limits: | |
cpu: "1" | |
memory: 2Gi | |
requests: | |
cpu: 100m | |
memory: 500Mi | |
volumeMounts: | |
- mountPath: /opt/system/public/system | |
name: system-storage | |
- mountPath: /tmp | |
name: system-tmp | |
- mountPath: /opt/system-extra-configs | |
name: system-config | |
initContainers: | |
- command: | |
- bash | |
- -c | |
- bundle exec sh -c "until rake boot:redis && curl --output /dev/null --silent | |
--fail --head http://system-master:3000/status; do sleep $SLEEP_SECONDS; | |
done" | |
env: | |
- name: REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: URL | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_URL | |
name: system-redis | |
- name: REDIS_NAMESPACE | |
valueFrom: | |
secretKeyRef: | |
key: NAMESPACE | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_NAMESPACE | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_NAMESPACE | |
name: system-redis | |
- name: REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: SENTINEL_HOSTS | |
name: system-redis | |
- name: REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: SENTINEL_ROLE | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_SENTINEL_HOSTS | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_SENTINEL_ROLE | |
name: system-redis | |
- name: SLEEP_SECONDS | |
value: "1" | |
image: amp-system:latest | |
name: check-svc | |
resources: {} | |
serviceAccountName: amp | |
volumes: | |
- emptyDir: | |
medium: Memory | |
name: system-tmp | |
- name: system-storage | |
persistentVolumeClaim: | |
claimName: system-storage | |
- configMap: | |
items: | |
- key: zync.yml | |
path: zync.yml | |
- key: rolling_updates.yml | |
path: rolling_updates.yml | |
- key: service_discovery.yml | |
path: service_discovery.yml | |
name: system | |
name: system-config | |
test: false | |
triggers: | |
- type: ConfigChange | |
- imageChangeParams: | |
automatic: true | |
containerNames: | |
- check-svc | |
- system-sidekiq | |
from: | |
kind: ImageStreamTag | |
name: amp-system:latest | |
type: ImageChange | |
status: | |
availableReplicas: 0 | |
latestVersion: 0 | |
observedGeneration: 0 | |
replicas: 0 | |
unavailableReplicas: 0 | |
updatedReplicas: 0 | |
- apiVersion: apps.openshift.io/v1 | |
kind: DeploymentConfig | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
threescale_component_element: sphinx | |
name: system-sphinx | |
spec: | |
replicas: 1 | |
selector: | |
deploymentConfig: system-sphinx | |
strategy: | |
resources: {} | |
rollingParams: | |
intervalSeconds: 1 | |
maxSurge: 25% | |
maxUnavailable: 25% | |
timeoutSeconds: 1200 | |
updatePeriodSeconds: 1 | |
type: Rolling | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
deploymentConfig: system-sphinx | |
threescale_component: system | |
threescale_component_element: sphinx | |
spec: | |
containers: | |
- args: | |
- rake | |
- openshift:thinking_sphinx:start | |
env: | |
- name: RAILS_ENV | |
valueFrom: | |
configMapKeyRef: | |
key: RAILS_ENV | |
name: system-environment | |
- name: DATABASE_URL | |
valueFrom: | |
secretKeyRef: | |
key: URL | |
name: system-database | |
- name: THINKING_SPHINX_ADDRESS | |
value: 0.0.0.0 | |
- name: THINKING_SPHINX_CONFIGURATION_FILE | |
value: db/sphinx/production.conf | |
- name: THINKING_SPHINX_PID_FILE | |
value: db/sphinx/searchd.pid | |
- name: DELTA_INDEX_INTERVAL | |
value: "5" | |
- name: FULL_REINDEX_INTERVAL | |
value: "60" | |
- name: REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: URL | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_URL | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_URL | |
name: system-redis | |
- name: REDIS_NAMESPACE | |
valueFrom: | |
secretKeyRef: | |
key: NAMESPACE | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_NAMESPACE | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_NAMESPACE | |
name: system-redis | |
- name: REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: SENTINEL_HOSTS | |
name: system-redis | |
- name: REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: SENTINEL_ROLE | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_SENTINEL_HOSTS | |
name: system-redis | |
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE | |
valueFrom: | |
secretKeyRef: | |
key: MESSAGE_BUS_SENTINEL_ROLE | |
name: system-redis | |
image: amp-system:latest | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
initialDelaySeconds: 60 | |
periodSeconds: 10 | |
tcpSocket: | |
port: 9306 | |
name: system-sphinx | |
resources: | |
limits: | |
cpu: "1" | |
memory: 512Mi | |
requests: | |
cpu: 80m | |
memory: 250Mi | |
volumeMounts: | |
- mountPath: /opt/system/db/sphinx | |
name: system-sphinx-database | |
initContainers: | |
- command: | |
- sh | |
- -c | |
- until $(curl --output /dev/null --silent --fail --head http://system-master:3000/status); | |
do sleep $SLEEP_SECONDS; done | |
env: | |
- name: SLEEP_SECONDS | |
value: "1" | |
image: amp-system:latest | |
name: system-master-svc | |
resources: {} | |
serviceAccountName: amp | |
volumes: | |
- emptyDir: {} | |
name: system-sphinx-database | |
test: false | |
triggers: | |
- type: ConfigChange | |
- imageChangeParams: | |
automatic: true | |
containerNames: | |
- system-master-svc | |
- system-sphinx | |
from: | |
kind: ImageStreamTag | |
name: amp-system:latest | |
type: ImageChange | |
status: | |
availableReplicas: 0 | |
latestVersion: 0 | |
observedGeneration: 0 | |
replicas: 0 | |
unavailableReplicas: 0 | |
updatedReplicas: 0 | |
- apiVersion: v1 | |
kind: Secret | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
name: system-events-hook | |
stringData: | |
PASSWORD: ${SYSTEM_BACKEND_SHARED_SECRET} | |
URL: http://system-master:3000/master/events/import | |
type: Opaque | |
- apiVersion: v1 | |
kind: Secret | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
name: system-redis | |
stringData: | |
MESSAGE_BUS_NAMESPACE: ${SYSTEM_MESSAGE_BUS_REDIS_NAMESPACE} | |
MESSAGE_BUS_SENTINEL_HOSTS: "" | |
MESSAGE_BUS_SENTINEL_ROLE: "" | |
MESSAGE_BUS_URL: ${SYSTEM_MESSAGE_BUS_REDIS_URL} | |
NAMESPACE: ${SYSTEM_REDIS_NAMESPACE} | |
SENTINEL_HOSTS: "" | |
SENTINEL_ROLE: "" | |
URL: ${SYSTEM_REDIS_URL} | |
type: Opaque | |
- apiVersion: v1 | |
kind: Secret | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
name: system-master-apicast | |
stringData: | |
ACCESS_TOKEN: ${APICAST_ACCESS_TOKEN} | |
BASE_URL: http://${APICAST_ACCESS_TOKEN}@system-master:3000 | |
PROXY_CONFIGS_ENDPOINT: http://${APICAST_ACCESS_TOKEN}@system-master:3000/master/api/proxy/configs | |
type: Opaque | |
- apiVersion: v1 | |
kind: Secret | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
name: system-seed | |
stringData: | |
ADMIN_ACCESS_TOKEN: ${ADMIN_ACCESS_TOKEN} | |
ADMIN_EMAIL: ${ADMIN_EMAIL} | |
ADMIN_PASSWORD: ${ADMIN_PASSWORD} | |
ADMIN_USER: ${ADMIN_USERNAME} | |
MASTER_ACCESS_TOKEN: ${MASTER_ACCESS_TOKEN} | |
MASTER_DOMAIN: ${MASTER_NAME} | |
MASTER_PASSWORD: ${MASTER_PASSWORD} | |
MASTER_USER: ${MASTER_USER} | |
TENANT_NAME: ${TENANT_NAME} | |
type: Opaque | |
- apiVersion: v1 | |
kind: Secret | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
name: system-recaptcha | |
stringData: | |
PRIVATE_KEY: ${RECAPTCHA_PRIVATE_KEY} | |
PUBLIC_KEY: ${RECAPTCHA_PUBLIC_KEY} | |
type: Opaque | |
- apiVersion: v1 | |
kind: Secret | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
name: system-app | |
stringData: | |
SECRET_KEY_BASE: ${SYSTEM_APP_SECRET_KEY_BASE} | |
type: Opaque | |
- apiVersion: v1 | |
kind: Secret | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: system | |
name: system-memcache | |
stringData: | |
SERVERS: system-memcache:11211 | |
type: Opaque | |
- apiVersion: rbac.authorization.k8s.io/v1 | |
kind: Role | |
metadata: | |
creationTimestamp: null | |
name: zync-que-role | |
rules: | |
- apiGroups: | |
- apps.openshift.io | |
resources: | |
- deploymentconfigs | |
verbs: | |
- get | |
- list | |
- apiGroups: | |
- "" | |
resources: | |
- pods | |
- replicationcontrollers | |
verbs: | |
- get | |
- list | |
- apiGroups: | |
- route.openshift.io | |
resources: | |
- routes | |
verbs: | |
- get | |
- list | |
- create | |
- delete | |
- patch | |
- update | |
- apiGroups: | |
- route.openshift.io | |
resources: | |
- routes/status | |
verbs: | |
- get | |
- apiGroups: | |
- route.openshift.io | |
resources: | |
- routes/custom-host | |
verbs: | |
- create | |
- apiVersion: v1 | |
imagePullSecrets: | |
- name: threescale-registry-auth | |
kind: ServiceAccount | |
metadata: | |
creationTimestamp: null | |
name: zync-que-sa | |
- apiVersion: rbac.authorization.k8s.io/v1 | |
kind: RoleBinding | |
metadata: | |
creationTimestamp: null | |
name: zync-que-rolebinding | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: Role | |
name: zync-que-role | |
subjects: | |
- kind: ServiceAccount | |
name: zync-que-sa | |
- apiVersion: apps.openshift.io/v1 | |
kind: DeploymentConfig | |
metadata: | |
annotations: | |
prometheus.io/port: "9393" | |
prometheus.io/scrape: "true" | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: zync | |
name: zync | |
spec: | |
replicas: 1 | |
selector: | |
deploymentConfig: zync | |
strategy: | |
resources: {} | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
deploymentConfig: zync | |
threescale_component: zync | |
spec: | |
containers: | |
- env: | |
- name: RAILS_LOG_TO_STDOUT | |
value: "true" | |
- name: RAILS_ENV | |
value: production | |
- name: DATABASE_URL | |
valueFrom: | |
secretKeyRef: | |
key: DATABASE_URL | |
name: zync | |
- name: SECRET_KEY_BASE | |
valueFrom: | |
secretKeyRef: | |
key: SECRET_KEY_BASE | |
name: zync | |
- name: ZYNC_AUTHENTICATION_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ZYNC_AUTHENTICATION_TOKEN | |
name: zync | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
image: amp-zync:latest | |
livenessProbe: | |
failureThreshold: 10 | |
httpGet: | |
path: /status/live | |
port: 8080 | |
scheme: HTTP | |
initialDelaySeconds: 10 | |
periodSeconds: 10 | |
successThreshold: 1 | |
timeoutSeconds: 60 | |
name: zync | |
ports: | |
- containerPort: 8080 | |
protocol: TCP | |
readinessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /status/ready | |
port: 8080 | |
scheme: HTTP | |
initialDelaySeconds: 100 | |
periodSeconds: 10 | |
successThreshold: 1 | |
timeoutSeconds: 10 | |
resources: | |
limits: | |
cpu: "1" | |
memory: 512Mi | |
requests: | |
cpu: 150m | |
memory: 250M | |
initContainers: | |
- command: | |
- bash | |
- -c | |
- bundle exec sh -c "until rake boot:db; do sleep $SLEEP_SECONDS; done" | |
env: | |
- name: SLEEP_SECONDS | |
value: "1" | |
- name: DATABASE_URL | |
valueFrom: | |
secretKeyRef: | |
key: DATABASE_URL | |
name: zync | |
image: amp-zync:latest | |
name: zync-db-svc | |
resources: {} | |
serviceAccountName: amp | |
test: false | |
triggers: | |
- type: ConfigChange | |
- imageChangeParams: | |
automatic: true | |
containerNames: | |
- zync-db-svc | |
- zync | |
from: | |
kind: ImageStreamTag | |
name: amp-zync:latest | |
type: ImageChange | |
status: | |
availableReplicas: 0 | |
latestVersion: 0 | |
observedGeneration: 0 | |
replicas: 0 | |
unavailableReplicas: 0 | |
updatedReplicas: 0 | |
- apiVersion: apps.openshift.io/v1 | |
kind: DeploymentConfig | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: zync | |
name: zync-que | |
spec: | |
replicas: 1 | |
selector: | |
deploymentConfig: zync-que | |
strategy: | |
resources: {} | |
rollingParams: | |
intervalSeconds: 1 | |
maxSurge: 25% | |
maxUnavailable: 25% | |
timeoutSeconds: 600 | |
updatePeriodSeconds: 1 | |
type: Rolling | |
template: | |
metadata: | |
annotations: | |
prometheus.io/port: "9394" | |
prometheus.io/scrape: "true" | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
deploymentConfig: zync-que | |
spec: | |
containers: | |
- args: | |
- -c | |
- bundle exec rake 'que[--worker-count 10]' | |
command: | |
- /usr/bin/bash | |
env: | |
- name: RAILS_LOG_TO_STDOUT | |
value: "true" | |
- name: RAILS_ENV | |
value: production | |
- name: DATABASE_URL | |
valueFrom: | |
secretKeyRef: | |
key: DATABASE_URL | |
name: zync | |
- name: SECRET_KEY_BASE | |
valueFrom: | |
secretKeyRef: | |
key: SECRET_KEY_BASE | |
name: zync | |
- name: ZYNC_AUTHENTICATION_TOKEN | |
valueFrom: | |
secretKeyRef: | |
key: ZYNC_AUTHENTICATION_TOKEN | |
name: zync | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
image: amp-zync:latest | |
imagePullPolicy: Always | |
livenessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /metrics | |
port: 9394 | |
scheme: HTTP | |
initialDelaySeconds: 10 | |
periodSeconds: 10 | |
successThreshold: 1 | |
timeoutSeconds: 60 | |
name: que | |
ports: | |
- containerPort: 9394 | |
name: metrics | |
protocol: TCP | |
resources: | |
limits: | |
cpu: "1" | |
memory: 512Mi | |
requests: | |
cpu: 250m | |
memory: 250M | |
restartPolicy: Always | |
serviceAccountName: zync-que-sa | |
terminationGracePeriodSeconds: 30 | |
test: false | |
triggers: | |
- type: ConfigChange | |
- imageChangeParams: | |
automatic: true | |
containerNames: | |
- que | |
from: | |
kind: ImageStreamTag | |
name: amp-zync:latest | |
type: ImageChange | |
status: | |
availableReplicas: 0 | |
latestVersion: 0 | |
observedGeneration: 0 | |
replicas: 0 | |
unavailableReplicas: 0 | |
updatedReplicas: 0 | |
- apiVersion: apps.openshift.io/v1 | |
kind: DeploymentConfig | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: zync | |
threescale_component_element: database | |
name: zync-database | |
spec: | |
replicas: 1 | |
selector: | |
deploymentConfig: zync-database | |
strategy: | |
resources: {} | |
type: Recreate | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
deploymentConfig: zync-database | |
threescale_component: zync | |
threescale_component_element: database | |
spec: | |
containers: | |
- env: | |
- name: POSTGRESQL_USER | |
value: zync | |
- name: POSTGRESQL_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: ZYNC_DATABASE_PASSWORD | |
name: zync | |
- name: POSTGRESQL_DATABASE | |
value: zync_production | |
image: ' ' | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
initialDelaySeconds: 30 | |
tcpSocket: | |
port: 5432 | |
timeoutSeconds: 1 | |
name: postgresql | |
ports: | |
- containerPort: 5432 | |
protocol: TCP | |
readinessProbe: | |
exec: | |
command: | |
- /bin/sh | |
- -i | |
- -c | |
- psql -h 127.0.0.1 -U zync -q -d zync_production -c 'SELECT 1' | |
initialDelaySeconds: 5 | |
timeoutSeconds: 1 | |
resources: | |
limits: | |
cpu: 250m | |
memory: 2G | |
requests: | |
cpu: 50m | |
memory: 250M | |
volumeMounts: | |
- mountPath: /var/lib/pgsql/data | |
name: zync-database-data | |
restartPolicy: Always | |
serviceAccountName: amp | |
volumes: | |
- emptyDir: {} | |
name: zync-database-data | |
test: false | |
triggers: | |
- type: ConfigChange | |
- imageChangeParams: | |
automatic: true | |
containerNames: | |
- postgresql | |
from: | |
kind: ImageStreamTag | |
name: zync-database-postgresql:latest | |
type: ImageChange | |
status: | |
availableReplicas: 0 | |
latestVersion: 0 | |
observedGeneration: 0 | |
replicas: 0 | |
unavailableReplicas: 0 | |
updatedReplicas: 0 | |
- apiVersion: v1 | |
kind: Service | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: zync | |
name: zync | |
spec: | |
ports: | |
- name: 8080-tcp | |
port: 8080 | |
protocol: TCP | |
targetPort: 8080 | |
selector: | |
deploymentConfig: zync | |
status: | |
loadBalancer: {} | |
- apiVersion: v1 | |
kind: Service | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: zync | |
threescale_component_element: database | |
name: zync-database | |
spec: | |
ports: | |
- name: postgresql | |
port: 5432 | |
protocol: TCP | |
targetPort: 5432 | |
selector: | |
deploymentConfig: zync-database | |
status: | |
loadBalancer: {} | |
- apiVersion: v1 | |
kind: Secret | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: zync | |
name: zync | |
stringData: | |
DATABASE_URL: postgresql://zync:${ZYNC_DATABASE_PASSWORD}@zync-database:5432/zync_production | |
SECRET_KEY_BASE: ${ZYNC_SECRET_KEY_BASE} | |
ZYNC_AUTHENTICATION_TOKEN: ${ZYNC_AUTHENTICATION_TOKEN} | |
ZYNC_DATABASE_PASSWORD: ${ZYNC_DATABASE_PASSWORD} | |
type: Opaque | |
- apiVersion: apps.openshift.io/v1 | |
kind: DeploymentConfig | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: apicast | |
threescale_component_element: staging | |
name: apicast-staging | |
spec: | |
replicas: 1 | |
selector: | |
deploymentConfig: apicast-staging | |
strategy: | |
resources: {} | |
rollingParams: | |
intervalSeconds: 1 | |
maxSurge: 25% | |
maxUnavailable: 25% | |
timeoutSeconds: 1800 | |
updatePeriodSeconds: 1 | |
type: Rolling | |
template: | |
metadata: | |
annotations: | |
prometheus.io/port: "9421" | |
prometheus.io/scrape: "true" | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
deploymentConfig: apicast-staging | |
threescale_component: apicast | |
threescale_component_element: staging | |
spec: | |
containers: | |
- env: | |
- name: THREESCALE_PORTAL_ENDPOINT | |
valueFrom: | |
secretKeyRef: | |
key: PROXY_CONFIGS_ENDPOINT | |
name: system-master-apicast | |
- name: BACKEND_ENDPOINT_OVERRIDE | |
valueFrom: | |
secretKeyRef: | |
key: service_endpoint | |
name: backend-listener | |
- name: APICAST_MANAGEMENT_API | |
valueFrom: | |
configMapKeyRef: | |
key: APICAST_MANAGEMENT_API | |
name: apicast-environment | |
- name: OPENSSL_VERIFY | |
valueFrom: | |
configMapKeyRef: | |
key: OPENSSL_VERIFY | |
name: apicast-environment | |
- name: APICAST_RESPONSE_CODES | |
valueFrom: | |
configMapKeyRef: | |
key: APICAST_RESPONSE_CODES | |
name: apicast-environment | |
- name: APICAST_CONFIGURATION_LOADER | |
value: lazy | |
- name: APICAST_CONFIGURATION_CACHE | |
value: "0" | |
- name: THREESCALE_DEPLOYMENT_ENV | |
value: staging | |
image: amp-apicast:latest | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
httpGet: | |
path: /status/live | |
port: 8090 | |
initialDelaySeconds: 10 | |
periodSeconds: 10 | |
timeoutSeconds: 5 | |
name: apicast-staging | |
ports: | |
- containerPort: 8080 | |
protocol: TCP | |
- containerPort: 8090 | |
protocol: TCP | |
- containerPort: 9421 | |
name: metrics | |
protocol: TCP | |
readinessProbe: | |
httpGet: | |
path: /status/ready | |
port: 8090 | |
initialDelaySeconds: 15 | |
periodSeconds: 30 | |
timeoutSeconds: 5 | |
resources: | |
limits: | |
cpu: 100m | |
memory: 128Mi | |
requests: | |
cpu: 50m | |
memory: 64Mi | |
serviceAccountName: amp | |
test: false | |
triggers: | |
- type: ConfigChange | |
- imageChangeParams: | |
automatic: true | |
containerNames: | |
- apicast-staging | |
from: | |
kind: ImageStreamTag | |
name: amp-apicast:latest | |
type: ImageChange | |
status: | |
availableReplicas: 0 | |
latestVersion: 0 | |
observedGeneration: 0 | |
replicas: 0 | |
unavailableReplicas: 0 | |
updatedReplicas: 0 | |
- apiVersion: apps.openshift.io/v1 | |
kind: DeploymentConfig | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: apicast | |
threescale_component_element: production | |
name: apicast-production | |
spec: | |
replicas: 1 | |
selector: | |
deploymentConfig: apicast-production | |
strategy: | |
resources: {} | |
rollingParams: | |
intervalSeconds: 1 | |
maxSurge: 25% | |
maxUnavailable: 25% | |
timeoutSeconds: 1800 | |
updatePeriodSeconds: 1 | |
type: Rolling | |
template: | |
metadata: | |
annotations: | |
prometheus.io/port: "9421" | |
prometheus.io/scrape: "true" | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
deploymentConfig: apicast-production | |
threescale_component: apicast | |
threescale_component_element: production | |
spec: | |
containers: | |
- env: | |
- name: THREESCALE_PORTAL_ENDPOINT | |
valueFrom: | |
secretKeyRef: | |
key: PROXY_CONFIGS_ENDPOINT | |
name: system-master-apicast | |
- name: BACKEND_ENDPOINT_OVERRIDE | |
valueFrom: | |
secretKeyRef: | |
key: service_endpoint | |
name: backend-listener | |
- name: APICAST_MANAGEMENT_API | |
valueFrom: | |
configMapKeyRef: | |
key: APICAST_MANAGEMENT_API | |
name: apicast-environment | |
- name: OPENSSL_VERIFY | |
valueFrom: | |
configMapKeyRef: | |
key: OPENSSL_VERIFY | |
name: apicast-environment | |
- name: APICAST_RESPONSE_CODES | |
valueFrom: | |
configMapKeyRef: | |
key: APICAST_RESPONSE_CODES | |
name: apicast-environment | |
- name: APICAST_CONFIGURATION_LOADER | |
value: boot | |
- name: APICAST_CONFIGURATION_CACHE | |
value: "300" | |
- name: THREESCALE_DEPLOYMENT_ENV | |
value: production | |
image: amp-apicast:latest | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
httpGet: | |
path: /status/live | |
port: 8090 | |
initialDelaySeconds: 10 | |
periodSeconds: 10 | |
timeoutSeconds: 5 | |
name: apicast-production | |
ports: | |
- containerPort: 8080 | |
protocol: TCP | |
- containerPort: 8090 | |
protocol: TCP | |
- containerPort: 9421 | |
name: metrics | |
protocol: TCP | |
readinessProbe: | |
httpGet: | |
path: /status/ready | |
port: 8090 | |
initialDelaySeconds: 15 | |
periodSeconds: 30 | |
timeoutSeconds: 5 | |
resources: | |
limits: | |
cpu: "1" | |
memory: 128Mi | |
requests: | |
cpu: 500m | |
memory: 64Mi | |
initContainers: | |
- command: | |
- sh | |
- -c | |
- until $(curl --output /dev/null --silent --fail --head http://system-master:3000/status); | |
do sleep $SLEEP_SECONDS; done | |
env: | |
- name: SLEEP_SECONDS | |
value: "1" | |
image: amp-apicast:latest | |
name: system-master-svc | |
resources: {} | |
serviceAccountName: amp | |
test: false | |
triggers: | |
- type: ConfigChange | |
- imageChangeParams: | |
automatic: true | |
containerNames: | |
- system-master-svc | |
- apicast-production | |
from: | |
kind: ImageStreamTag | |
name: amp-apicast:latest | |
type: ImageChange | |
status: | |
availableReplicas: 0 | |
latestVersion: 0 | |
observedGeneration: 0 | |
replicas: 0 | |
unavailableReplicas: 0 | |
updatedReplicas: 0 | |
- apiVersion: v1 | |
kind: Service | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: apicast | |
threescale_component_element: staging | |
name: apicast-staging | |
spec: | |
ports: | |
- name: gateway | |
port: 8080 | |
protocol: TCP | |
targetPort: 8080 | |
- name: management | |
port: 8090 | |
protocol: TCP | |
targetPort: 8090 | |
selector: | |
deploymentConfig: apicast-staging | |
status: | |
loadBalancer: {} | |
- apiVersion: v1 | |
kind: Service | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: apicast | |
threescale_component_element: production | |
name: apicast-production | |
spec: | |
ports: | |
- name: gateway | |
port: 8080 | |
protocol: TCP | |
targetPort: 8080 | |
- name: management | |
port: 8090 | |
protocol: TCP | |
targetPort: 8090 | |
selector: | |
deploymentConfig: apicast-production | |
status: | |
loadBalancer: {} | |
- apiVersion: v1 | |
data: | |
APICAST_MANAGEMENT_API: ${APICAST_MANAGEMENT_API} | |
APICAST_RESPONSE_CODES: ${APICAST_RESPONSE_CODES} | |
OPENSSL_VERIFY: ${APICAST_OPENSSL_VERIFY} | |
kind: ConfigMap | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: ${APP_LABEL} | |
threescale_component: apicast | |
name: apicast-environment | |
parameters: | |
- description: AMP release tag. | |
name: AMP_RELEASE | |
required: true | |
value: "2.7" | |
- description: Used for object app labels | |
name: APP_LABEL | |
required: true | |
value: 3scale-api-management | |
- description: Tenant name under the root that Admin UI will be available with -admin | |
suffix. | |
name: TENANT_NAME | |
required: true | |
value: 3scale | |
- description: The Storage Class to be used by ReadWriteMany PVCs | |
name: RWX_STORAGE_CLASS | |
value: "null" | |
- name: AMP_BACKEND_IMAGE | |
required: true | |
value: registry.redhat.io/3scale-amp2/backend-rhel7:3scale2.7 | |
- name: AMP_ZYNC_IMAGE | |
required: true | |
value: registry.redhat.io/3scale-amp2/zync-rhel7:3scale2.7 | |
- name: AMP_APICAST_IMAGE | |
required: true | |
value: registry.redhat.io/3scale-amp2/apicast-gateway-rhel7:3scale2.7 | |
- name: AMP_SYSTEM_IMAGE | |
required: true | |
value: registry.redhat.io/3scale-amp2/system-rhel7:3scale2.7 | |
- description: Zync's PostgreSQL image to use | |
name: ZYNC_DATABASE_IMAGE | |
required: true | |
value: registry.redhat.io/rhscl/postgresql-10-rhel7 | |
- description: Memcached image to use | |
name: MEMCACHED_IMAGE | |
required: true | |
value: registry.redhat.io/3scale-amp2/memcached-rhel7:3scale2.7 | |
- description: Set to true if the server may bypass certificate verification or connect | |
directly over HTTP during image import. | |
name: IMAGESTREAM_TAG_IMPORT_INSECURE | |
required: true | |
value: "false" | |
- description: System MySQL image to use | |
name: SYSTEM_DATABASE_IMAGE | |
required: true | |
value: registry.redhat.io/rhscl/mysql-57-rhel7:5.7 | |
- description: Redis image to use | |
name: REDIS_IMAGE | |
required: true | |
value: registry.redhat.io/rhscl/redis-32-rhel7:3.2 | |
- description: Username for System's MySQL user that will be used for accessing the | |
database. | |
displayName: System MySQL User | |
name: SYSTEM_DATABASE_USER | |
required: true | |
value: mysql | |
- description: Password for the System's MySQL user. | |
displayName: System MySQL Password | |
from: '[a-z0-9]{8}' | |
generate: expression | |
name: SYSTEM_DATABASE_PASSWORD | |
required: true | |
- description: Name of the System's MySQL database accessed. | |
displayName: System MySQL Database Name | |
name: SYSTEM_DATABASE | |
required: true | |
value: system | |
- description: Password for Root user. | |
displayName: System MySQL Root password. | |
from: '[a-z0-9]{8}' | |
generate: expression | |
name: SYSTEM_DATABASE_ROOT_PASSWORD | |
required: true | |
- description: Root domain for the wildcard routes. Eg. example.com will generate | |
3scale-admin.example.com. | |
name: WILDCARD_DOMAIN | |
required: true | |
- description: Internal 3scale API username for internal 3scale api auth. | |
name: SYSTEM_BACKEND_USERNAME | |
required: true | |
value: 3scale_api_user | |
- description: Internal 3scale API password for internal 3scale api auth. | |
from: '[a-z0-9]{8}' | |
generate: expression | |
name: SYSTEM_BACKEND_PASSWORD | |
required: true | |
- description: Shared secret to import events from backend to system. | |
from: '[a-z0-9]{8}' | |
generate: expression | |
name: SYSTEM_BACKEND_SHARED_SECRET | |
required: true | |
- description: System application secret key base | |
from: '[a-f0-9]{128}' | |
generate: expression | |
name: SYSTEM_APP_SECRET_KEY_BASE | |
required: true | |
- from: '[a-z0-9]{8}' | |
generate: expression | |
name: ADMIN_PASSWORD | |
required: true | |
- name: ADMIN_USERNAME | |
required: true | |
value: admin | |
- name: ADMIN_EMAIL | |
- description: Admin Access Token with all scopes and write permissions for API access. | |
from: '[a-z0-9]{16}' | |
generate: expression | |
name: ADMIN_ACCESS_TOKEN | |
- description: The root name which Master Admin UI will be available at. | |
name: MASTER_NAME | |
required: true | |
value: master | |
- name: MASTER_USER | |
required: true | |
value: master | |
- from: '[a-z0-9]{8}' | |
generate: expression | |
name: MASTER_PASSWORD | |
required: true | |
- from: '[a-z0-9]{8}' | |
generate: expression | |
name: MASTER_ACCESS_TOKEN | |
required: true | |
- description: reCAPTCHA site key (used in spam protection) | |
name: RECAPTCHA_PUBLIC_KEY | |
- description: reCAPTCHA secret key (used in spam protection) | |
name: RECAPTCHA_PRIVATE_KEY | |
- description: Define the external system-redis to connect to | |
name: SYSTEM_REDIS_URL | |
required: true | |
value: redis://system-redis:6379/1 | |
- description: Define the external system-redis message bus to connect to. By default | |
the same value as SYSTEM_REDIS_URL but with the logical database incremented by | |
1 and the result applied mod 16 | |
name: SYSTEM_MESSAGE_BUS_REDIS_URL | |
- description: Define the namespace to be used by System's Redis Database. The empty | |
value means not namespaced | |
name: SYSTEM_REDIS_NAMESPACE | |
- description: Define the namespace to be used by System's Message Bus Redis Database. | |
The empty value means not namespaced | |
name: SYSTEM_MESSAGE_BUS_REDIS_NAMESPACE | |
- description: Password for the Zync Database PostgreSQL connection user. | |
displayName: Zync Database PostgreSQL Connection Password | |
from: '[a-zA-Z0-9]{16}' | |
generate: expression | |
name: ZYNC_DATABASE_PASSWORD | |
required: true | |
- from: '[a-zA-Z0-9]{16}' | |
generate: expression | |
name: ZYNC_SECRET_KEY_BASE | |
required: true | |
- from: '[a-zA-Z0-9]{16}' | |
generate: expression | |
name: ZYNC_AUTHENTICATION_TOKEN | |
required: true | |
- description: Read Only Access Token that is APIcast going to use to download its | |
configuration. | |
from: '[a-z0-9]{8}' | |
generate: expression | |
name: APICAST_ACCESS_TOKEN | |
required: true | |
- description: Scope of the APIcast Management API. Can be disabled, status or debug. | |
At least status required for health checks. | |
name: APICAST_MANAGEMENT_API | |
value: status | |
- description: Turn on/off the OpenSSL peer verification when downloading the configuration. | |
Can be set to true/false. | |
name: APICAST_OPENSSL_VERIFY | |
value: "false" | |
- description: Enable logging response codes in APIcast. | |
name: APICAST_RESPONSE_CODES | |
value: "true" | |
- description: The URL to point to APIcast policies registry management | |
name: APICAST_REGISTRY_URL | |
required: true | |
value: http://apicast-staging:8090/policies |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Template | |
metadata: | |
name: 3scale-gateway | |
annotations: | |
openshift.io/documentation-url: https://access.redhat.com/documentation/en-us/red_hat_3scale/2.saas/html/deployment_options/apicast-openshift | |
openshift.io/display-name: 3scale APIcast API Gateway | |
openshift.io/provider-display-name: Red Hat, Inc. | |
iconClass: icon-3scale | |
description: >- | |
3scale's APIcast is an NGINX based API gateway used to integrate your internal and external | |
API services with 3scale's API Management Platform. It supports OpenID connect to integrate | |
with external Identity Providers such as Red Hat Single Sign On, for API traffic authentication | |
tags: api,gateway,3scale | |
objects: | |
- apiVersion: v1 | |
kind: DeploymentConfig | |
metadata: | |
name: "${APICAST_NAME}" | |
spec: | |
replicas: 1 | |
selector: | |
deploymentconfig: "${APICAST_NAME}" | |
strategy: | |
type: Rolling | |
template: | |
metadata: | |
labels: | |
deploymentconfig: "${APICAST_NAME}" | |
annotations: | |
prometheus.io/scrape: 'true' | |
prometheus.io/port: '9421' | |
spec: | |
containers: | |
- env: | |
- name: THREESCALE_PORTAL_ENDPOINT | |
valueFrom: | |
secretKeyRef: | |
name: "${CONFIGURATION_URL_SECRET}" | |
key: password | |
- name: THREESCALE_CONFIG_FILE | |
value: "${CONFIGURATION_FILE_PATH}" | |
- name: THREESCALE_DEPLOYMENT_ENV | |
value: "${DEPLOYMENT_ENVIRONMENT}" | |
- name: RESOLVER | |
value: "${RESOLVER}" | |
- name: APICAST_SERVICES_LIST | |
value: "${SERVICES_LIST}" | |
- name: APICAST_CONFIGURATION_LOADER | |
value: "${CONFIGURATION_LOADER}" | |
- name: APICAST_LOG_LEVEL | |
value: "${LOG_LEVEL}" | |
- name: APICAST_PATH_ROUTING | |
value: "${PATH_ROUTING}" | |
- name: APICAST_RESPONSE_CODES | |
value: "${RESPONSE_CODES}" | |
- name: APICAST_CONFIGURATION_CACHE | |
value: "${CONFIGURATION_CACHE}" | |
- name: REDIS_URL | |
value: "${REDIS_URL}" | |
- name: APICAST_MANAGEMENT_API | |
value: "${MANAGEMENT_API}" | |
- name: OPENSSL_VERIFY | |
value: "${OPENSSL_VERIFY}" | |
image: ${AMP_APICAST_IMAGE} | |
imagePullPolicy: IfNotPresent | |
name: "${APICAST_NAME}" | |
livenessProbe: | |
httpGet: | |
path: /status/live | |
port: management | |
initialDelaySeconds: 10 | |
timeoutSeconds: 1 | |
readinessProbe: | |
httpGet: | |
path: /status/ready | |
port: management | |
initialDelaySeconds: 15 | |
timeoutSeconds: 1 | |
ports: | |
- name: proxy | |
containerPort: 8080 | |
protocol: TCP | |
- name: management | |
containerPort: 8090 | |
protocol: TCP | |
- name: metrics | |
containerPort: 9421 | |
protocol: TCP | |
resources: | |
limits: | |
cpu: '1' | |
memory: 128Mi | |
requests: | |
cpu: 500m | |
memory: 64Mi | |
triggers: | |
- type: ConfigChange | |
- apiVersion: v1 | |
kind: Service | |
metadata: | |
name: "${APICAST_NAME}" | |
spec: | |
ports: | |
- name: proxy | |
port: 8080 | |
protocol: TCP | |
targetPort: 8080 | |
- name: management | |
port: 8090 | |
protocol: TCP | |
targetPort: 8090 | |
selector: | |
deploymentconfig: "${APICAST_NAME}" | |
parameters: | |
- name: AMP_RELEASE | |
description: "AMP release tag." | |
value: "2.7.0" | |
required: true | |
- name: AMP_APICAST_IMAGE | |
value: "registry.redhat.io/3scale-amp2/apicast-gateway-rhel7:3scale2.7" | |
required: true | |
- description: "Name of the secret containing the THREESCALE_PORTAL_ENDPOINT with the access-token or provider key" | |
value: apicast-configuration-url-secret | |
name: CONFIGURATION_URL_SECRET | |
required: true | |
- description: "Path to saved JSON file with configuration for the gateway. Has to be injected to the container image as read only volume." | |
value: | |
name: CONFIGURATION_FILE_PATH | |
required: false | |
- description: "Deployment environment. Can be staging or production." | |
value: production | |
name: DEPLOYMENT_ENVIRONMENT | |
required: true | |
- description: "Name for the 3scale API Gateway" | |
value: apicast | |
name: APICAST_NAME | |
required: true | |
- description: "DNS Resolver for openresty, if empty it will be autodiscovered" | |
value: | |
name: RESOLVER | |
required: false | |
- description: "Subset of services to run. Use comma separated list of service ids (eg. 42,1337)" | |
value: | |
name: SERVICES_LIST | |
required: false | |
- name: CONFIGURATION_LOADER | |
description: "When to load configuration. If on gateway start or incoming request. Allowed values are: lazy, boot." | |
value: boot | |
required: false | |
- description: "Log level. One of the following: debug, info, notice, warn, error, crit, alert, or emerg." | |
name: LOG_LEVEL | |
required: false | |
- description: "Enable path routing. Experimental feature." | |
name: PATH_ROUTING | |
required: false | |
value: "false" | |
- description: "Enable logging response codes to 3scale." | |
value: "false" | |
name: RESPONSE_CODES | |
required: false | |
- name: CONFIGURATION_CACHE | |
description: "For how long to cache the downloaded configuration in seconds. Can be left empty, 0 or greater than 60." | |
value: "" | |
required: false | |
- description: "Redis URL. Required for OAuth2 integration. ex: redis://[email protected]:6379/0" | |
name: REDIS_URL | |
required: false | |
- name: MANAGEMENT_API | |
description: "Scope of the Management API. Can be disabled, status or debug. At least status required for health checks." | |
required: false | |
value: "status" | |
- name: OPENSSL_VERIFY | |
description: "Turn on/off the OpenSSL peer verification. Can be set to true/false." | |
required: true | |
value: "false" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment