Skip to content

Instantly share code, notes, and snippets.

@tommeramber

tommeramber/amp-postgresql-fixed.yml

Last active February 9, 2021 12:31
Show Gist options
  • Save tommeramber/4ea1a3616203bf1e0099f1e546f656e7 to your computer and use it in GitHub Desktop.
Save tommeramber/4ea1a3616203bf1e0099f1e546f656e7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
amp-postgresql-fixed.yml
apiVersion: template.openshift.io/v1
kind: Template
message: Login on https://${TENANT_NAME}-admin.${WILDCARD_DOMAIN} as ${ADMIN_USERNAME}/${ADMIN_PASSWORD}
metadata:
annotations:
description: 3scale API Management main system with PostgreSQL as System's database
iconClass: icon-3scale
openshift.io/display-name: 3scale API Management
openshift.io/provider-display-name: Red Hat, Inc.
tags: integration, api management, 3scale
creationTimestamp: null
name: 3scale-api-management-postgresql
objects:
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP backend
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
name: amp-backend
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: amp-backend ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_BACKEND_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP Zync
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: zync
name: amp-zync
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: AMP Zync ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_ZYNC_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP APIcast
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: apicast
name: amp-apicast
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: AMP APIcast ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_APICAST_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP System
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: amp-system
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: AMP system ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_SYSTEM_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: Zync database PostgreSQL
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: zync-database-postgresql
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: Zync ${AMP_RELEASE} PostgreSQL
from:
kind: DockerImage
name: ${ZYNC_DATABASE_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: System Memcached
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-memcached
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: System ${AMP_RELEASE} Memcached
from:
kind: DockerImage
name: ${MEMCACHED_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: v1
imagePullSecrets:
- name: threescale-registry-auth
kind: ServiceAccount
metadata:
creationTimestamp: null
name: amp
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: System database
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-postgresql
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: System ${AMP_RELEASE} PostgreSQL
from:
kind: DockerImage
name: ${SYSTEM_DATABASE_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
threescale_component_element: redis
name: backend-redis
spec:
replicas: 1
selector:
deploymentConfig: backend-redis
strategy:
resources: {}
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: backend-redis
threescale_component: backend
threescale_component_element: redis
spec:
containers:
- args:
- /etc/redis.d/redis.conf
- --daemonize
- "no"
command:
- /opt/rh/rh-redis32/root/usr/bin/redis-server
image: backend-redis:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 10
tcpSocket:
port: 6379
name: backend-redis
readinessProbe:
exec:
command:
- container-entrypoint
- bash
- -c
- redis-cli set liveness-probe "`date`" | grep OK
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 1
resources:
limits:
cpu: "2"
memory: 32Gi
requests:
cpu: "1"
memory: 1Gi
volumeMounts:
- mountPath: /var/lib/redis/data
name: backend-redis-storage
- mountPath: /etc/redis.d/
name: redis-config
serviceAccountName: amp
volumes:
- name: backend-redis-storage
persistentVolumeClaim:
claimName: backend-redis-storage
- configMap:
items:
- key: redis.conf
path: redis.conf
name: redis-config
name: redis-config
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- backend-redis
from:
kind: ImageStreamTag
name: backend-redis:${AMP_RELEASE}
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
threescale_component_element: redis
name: backend-redis
spec:
ports:
- port: 6379
protocol: TCP
targetPort: 6379
selector:
deploymentConfig: backend-redis
status:
loadBalancer: {}
- apiVersion: v1
data:
redis.conf: |
protected-mode no
port 6379
timeout 0
tcp-keepalive 300
daemonize no
supervised no
loglevel notice
databases 16
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
slave-serve-stale-data yes
slave-read-only yes
repl-diskless-sync no
repl-disable-tcp-nodelay no
appendonly yes
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
lua-time-limit 5000
activerehashing no
aof-rewrite-incremental-fsync yes
dir /var/lib/redis/data
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: redis
name: redis-config
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
threescale_component_element: redis
name: backend-redis-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
status: {}
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: Backend Redis
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
name: backend-redis
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: Backend ${AMP_RELEASE} Redis
from:
kind: DockerImage
name: ${REDIS_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: redis
name: system-redis
spec:
replicas: 1
selector:
deploymentConfig: system-redis
strategy:
resources: {}
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: system-redis
threescale_component: system
threescale_component_element: redis
spec:
containers:
- args:
- /etc/redis.d/redis.conf
- --daemonize
- "no"
command:
- /opt/rh/rh-redis32/root/usr/bin/redis-server
image: system-redis:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 5
tcpSocket:
port: 6379
name: system-redis
readinessProbe:
exec:
command:
- container-entrypoint
- bash
- -c
- redis-cli set liveness-probe "`date`" | grep OK
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
resources:
limits:
cpu: 500m
memory: 32Gi
requests:
cpu: 150m
memory: 256Mi
terminationMessagePath: /dev/termination-log
volumeMounts:
- mountPath: /var/lib/redis/data
name: system-redis-storage
- mountPath: /etc/redis.d/
name: redis-config
serviceAccountName: amp
volumes:
- name: system-redis-storage
persistentVolumeClaim:
claimName: system-redis-storage
- configMap:
items:
- key: redis.conf
path: redis.conf
name: redis-config
name: redis-config
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- system-redis
from:
kind: ImageStreamTag
name: system-redis:${AMP_RELEASE}
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: redis
name: system-redis-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
status: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: redis
name: system-redis
spec:
ports:
- name: redis
port: 6379
protocol: TCP
targetPort: 6379
selector:
deploymentConfig: system-redis
status:
loadBalancer: {}
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: System Redis
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-redis
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: System ${AMP_RELEASE} Redis
from:
kind: DockerImage
name: ${REDIS_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
threescale_component_element: cron
name: backend-cron
spec:
replicas: 1
selector:
deploymentConfig: backend-cron
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: backend-cron
threescale_component: backend
threescale_component_element: cron
spec:
containers:
- args:
- backend-cron
env:
- name: CONFIG_REDIS_PROXY
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_ROLE
name: backend-redis
- name: RACK_ENV
valueFrom:
configMapKeyRef:
key: RACK_ENV
name: backend-environment
image: amp-backend:latest
imagePullPolicy: IfNotPresent
name: backend-cron
resources:
limits:
cpu: 150m
memory: 80Mi
requests:
cpu: 50m
memory: 40Mi
initContainers:
- command:
- /opt/app/entrypoint.sh
- sh
- -c
- until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS;
done
env:
- name: CONFIG_REDIS_PROXY
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_ROLE
name: backend-redis
- name: RACK_ENV
valueFrom:
configMapKeyRef:
key: RACK_ENV
name: backend-environment
- name: SLEEP_SECONDS
value: "1"
image: amp-backend:latest
name: backend-redis-svc
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- backend-redis-svc
- backend-cron
from:
kind: ImageStreamTag
name: amp-backend:${AMP_RELEASE}
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
threescale_component_element: listener
name: backend-listener
spec:
replicas: 1
selector:
deploymentConfig: backend-listener
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 600
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: backend-listener
threescale_component: backend
threescale_component_element: listener
spec:
containers:
- args:
- bin/3scale_backend
- start
- -e
- production
- -p
- "3000"
- -x
- /dev/stdout
env:
- name: CONFIG_REDIS_PROXY
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_ROLE
name: backend-redis
- name: RACK_ENV
valueFrom:
configMapKeyRef:
key: RACK_ENV
name: backend-environment
- name: PUMA_WORKERS
value: "16"
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-backend:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
tcpSocket:
port: 3000
name: backend-listener
ports:
- containerPort: 3000
protocol: TCP
readinessProbe:
httpGet:
path: /status
port: 3000
initialDelaySeconds: 30
timeoutSeconds: 5
resources:
limits:
cpu: "1"
memory: 700Mi
requests:
cpu: 500m
memory: 550Mi
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- backend-listener
from:
kind: ImageStreamTag
name: amp-backend:${AMP_RELEASE}
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
threescale_component_element: listener
name: backend-listener
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: 3000
selector:
deploymentConfig: backend-listener
status:
loadBalancer: {}
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
name: backend
spec:
host: backend-${TENANT_NAME}.${WILDCARD_DOMAIN}
port:
targetPort: http
tls:
insecureEdgeTerminationPolicy: Allow
termination: edge
to:
kind: Service
name: backend-listener
weight: null
status:
ingress: null
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
threescale_component_element: worker
name: backend-worker
spec:
replicas: 1
selector:
deploymentConfig: backend-worker
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: backend-worker
threescale_component: backend
threescale_component_element: worker
spec:
containers:
- args:registry.redhat.io/rhel8/postgresql-10:latest
- bin/3scale_backend_worker
- run
env:
- name: CONFIG_REDIS_PROXY
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_ROLE
name: backend-redis
- name: RACK_ENV
valueFrom:
configMapKeyRef:
key: RACK_ENV
name: backend-environment
- name: CONFIG_EVENTS_HOOK
valueFrom:
secretKeyRef:
key: URL
name: system-events-hook
- name: CONFIG_EVENTS_HOOK_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
image: amp-backend:latest
imagePullPolicy: IfNotPresent
name: backend-worker
resources:
limits:
cpu: "1"
memory: 300Mi
requests:
cpu: 150m
memory: 50Mi
initContainers:
- command:
- /opt/app/entrypoint.sh
- sh
- -c
- until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS;
done
env:
- name: CONFIG_REDIS_PROXY
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_ROLE
name: backend-redis
- name: RACK_ENV
valueFrom:
configMapKeyRef:
key: RACK_ENV
name: backend-environment
- name: SLEEP_SECONDS
value: "1"
image: amp-backend:latest
name: backend-redis-svc
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- backend-redis-svc
- backend-worker
from:
kind: ImageStreamTag
name: amp-backend:${AMP_RELEASE}
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
data:
RACK_ENV: production
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
name: backend-environment
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
name: backend-internal-api
stringData:
password: ${SYSTEM_BACKEND_PASSWORD}
username: ${SYSTEM_BACKEND_USERNAME}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
name: backend-redis
stringData:
REDIS_QUEUES_SENTINEL_HOSTS: ""
REDIS_QUEUES_SENTINEL_ROLE: ""
REDIS_QUEUES_URL: redis://backend-redis:6379/1
REDIS_STORAGE_SENTINEL_HOSTS: ""
REDIS_STORAGE_SENTINEL_ROLE: ""
REDIS_STORAGE_URL: redis://backend-redis:6379/0
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: backend
name: backend-listener
stringData:
route_endpoint: https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}
service_endpoint: http://backend-listener:3000
type: Opaque
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: postgresql
name: system-postgresql
spec:
replicas: 1
selector:
deploymentConfig: system-postgresql
strategy:
resources: {}
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: system-postgresql
threescale_component: system
threescale_component_element: postgresql
spec:
containers:
- env:
- name: POSTGRESQL_USER
valueFrom:
secretKeyRef:
key: DB_USER
name: system-database
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
key: DB_PASSWORD
name: system-database
- name: POSTGRESQL_DATABASE
value: ${SYSTEM_DATABASE}
image: system-postgresql:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 120
periodSeconds: 30
tcpSocket:
port: 5432
name: system-postgresql
ports:
- containerPort: 5432
protocol: TCP
readinessProbe:
exec:
command:
- /bin/sh
- -i
- -c
- psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c
'SELECT 1'
initialDelaySeconds: 120
periodSeconds: 30
timeoutSeconds: 5
resources:
limits:
memory: 2Gi
requests:
cpu: 250m
memory: 512Mi
volumeMounts:
- mountPath: /var/lib/pgsql/data
name: postgresql-data
serviceAccountName: amp
volumes:
- name: postgresql-data
persistentVolumeClaim:
claimName: postgresql-data
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- system-postgresql
from:
kind: ImageStreamTag
name: system-postgresql:${AMP_RELEASE}
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: postgresql
name: system-postgresql
spec:
ports:
- name: system-postgresql
port: 5432
protocol: TCP
targetPort: 5432
selector:
deploymentConfig: system-postgresql
status:
loadBalancer: {}
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: postgresql
name: postgresql-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
status: {}
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-database
stringData:
DB_PASSWORD: ${SYSTEM_DATABASE_PASSWORD}
DB_USER: ${SYSTEM_DATABASE_USER}
URL: postgresql://${SYSTEM_DATABASE_USER}:${SYSTEM_DATABASE_PASSWORD}@system-postgresql/${SYSTEM_DATABASE}
type: Opaque
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: memcache
name: system-memcache
spec:
replicas: 1
selector:
deploymentConfig: system-memcache
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 600
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: system-memcache
threescale_component: system
threescale_component_element: memcache
spec:
containers:
- command:
- memcached
- -m
- "64"
image: system-memcached:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 10
tcpSocket:
port: 11211
name: memcache
ports:
- containerPort: 11211
protocol: TCP
readinessProbe:
exec:
command:
- sh
- -c
- echo version | nc $HOSTNAME 11211 | grep VERSION
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 5
resources:
limits:
cpu: 250m
memory: 96Mi
requests:
cpu: 50m
memory: 64Mi
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- memcache
from:
kind: ImageStreamTag
name: system-memcached:${AMP_RELEASE}
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: app
name: system-storage
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Mi
storageClassName: ${{RWX_STORAGE_CLASS}}
status: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: provider-ui
name: system-provider
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: provider
selector:
deploymentConfig: system-app
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: master-ui
name: system-master
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: master
selector:
deploymentConfig: system-app
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: developer-ui
name: system-developer
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: developer
selector:
deploymentConfig: system-app
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: sphinx
name: system-sphinx
spec:
ports:
- name: sphinx
port: 9306
protocol: TCP
targetPort: 9306
selector:
deploymentConfig: system-sphinx
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: memcache
name: system-memcache
spec:
ports:
- name: memcache
port: 11211
protocol: TCP
targetPort: 11211
selector:
deploymentConfig: system-memcache
status:
loadBalancer: {}
- apiVersion: v1
data:
rolling_updates.yml: |
production: {}
service_discovery.yml: |
production:
enabled: <%= cluster_token_file_exists = File.exists?(cluster_token_file_path = '/var/run/secrets/kubernetes.io/serviceaccount/token') %>
server_scheme: 'https'
server_host: 'kubernetes.default.svc.cluster.local'
server_port: 443
bearer_token: "<%= File.read(cluster_token_file_path) if cluster_token_file_exists %>"
authentication_method: service_account # can be service_account|oauth
oauth_server_type: builtin # can be builtin|rh_sso
client_id:
client_secret:
timeout: 1
open_timeout: 1
max_retry: 5
verify_ssl: <%= OpenSSL::SSL::VERIFY_NONE %> # 0
zync.yml: |
production:
endpoint: 'http://zync:8080'
authentication:
token: "<%= ENV.fetch('ZYNC_AUTHENTICATION_TOKEN') %>"
connect_timeout: 5
send_timeout: 5
receive_timeout: 10
root_url:
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: smtp
name: system-smtp
stringData:
address: ""
authentication: ""
domain: ""
openssl.verify.mode: ""
password: ""
port: ""
username: ""
- apiVersion: v1
data:
AMP_RELEASE: ${AMP_RELEASE}
APICAST_REGISTRY_URL: ${APICAST_REGISTRY_URL}
FORCE_SSL: "true"
PROVIDER_PLAN: enterprise
RAILS_ENV: production
RAILS_LOG_LEVEL: info
RAILS_LOG_TO_STDOUT: "true"
SSL_CERT_DIR: /etc/pki/tls/certs
THINKING_SPHINX_PORT: "9306"
THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE: VERIFY_NONE
THREESCALE_SUPERDOMAIN: ${WILDCARD_DOMAIN}
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-environment
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: app
name: system-app
spec:
replicas: 1
selector:
deploymentConfig: system-app
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
post:
execNewPod:
command:
- bash
- -c
- bundle exec rake boot openshift:post_deploy
containerName: system-master
failurePolicy: Abort
pre:
execNewPod:
command:
- bash
- -c
- bundle exec rake boot openshift:deploy
containerName: system-master
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: USER_EMAIL
valueFrom:
secretKeyRef:
key: ADMIN_EMAIL
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: MEMCACHE_SERVERS
valueFrom:
secretKeyRef:
key: SERVERS
name: system-memcache
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: MESSAGE_BUS_REDIS_URL
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_URL
name: system-redis
- name: REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: NAMESPACE
name: system-redis
- name: MESSAGE_BUS_REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_NAMESPACE
name: system-redis
- name: REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: SENTINEL_HOSTS
name: system-redis
- name: REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: SENTINEL_ROLE
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_HOSTS
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_ROLE
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
secretKeyRef:
key: address
name: system-smtp
- name: SMTP_USER_NAME
valueFrom:
secretKeyRef:
key: username
name: system-smtp
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: system-smtp
- name: SMTP_DOMAIN
valueFrom:
secretKeyRef:
key: domain
name: system-smtp
- name: SMTP_PORT
valueFrom:
secretKeyRef:
key: port
name: system-smtp
- name: SMTP_AUTHENTICATION
valueFrom:
secretKeyRef:
key: authentication
name: system-smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
secretKeyRef:
key: openssl.verify.mode
name: system-smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
- name: MASTER_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: MASTER_ACCESS_TOKEN
name: system-seed
volumes:
- system-storage
failurePolicy: Retry
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: system-app
threescale_component: system
threescale_component_element: app
spec:
containers:
- args:
- env
- TENANT_MODE=master
- PORT=3002
- container-entrypoint
- bundle
- exec
- unicorn
- -c
- config/unicorn.rb
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: USER_EMAIL
valueFrom:
secretKeyRef:
key: ADMIN_EMAIL
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: MEMCACHE_SERVERS
valueFrom:
secretKeyRef:
key: SERVERS
name: system-memcache
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: MESSAGE_BUS_REDIS_URL
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_URL
name: system-redis
- name: REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: NAMESPACE
name: system-redis
- name: MESSAGE_BUS_REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_NAMESPACE
name: system-redis
- name: REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: SENTINEL_HOSTS
name: system-redis
- name: REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: SENTINEL_ROLE
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_HOSTS
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_ROLE
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
secretKeyRef:
key: address
name: system-smtp
- name: SMTP_USER_NAME
valueFrom:
secretKeyRef:
key: username
name: system-smtp
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: system-smtp
- name: SMTP_DOMAIN
valueFrom:
secretKeyRef:
key: domain
name: system-smtp
- name: SMTP_PORT
valueFrom:
secretKeyRef:
key: port
name: system-smtp
- name: SMTP_AUTHENTICATION
valueFrom:
secretKeyRef:
key: authentication
name: system-smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
secretKeyRef:
key: openssl.verify.mode
name: system-smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-system:latest
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 40
initialDelaySeconds: 40
periodSeconds: 10
tcpSocket:
port: master
timeoutSeconds: 10
name: system-master
ports:
- containerPort: 3002
name: master
protocol: TCP
readinessProbe:
failureThreshold: 10
httpGet:
httpHeaders:
- name: X-Forwarded-Proto
value: https
path: /check.txt
port: master
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
resources:
limits:
cpu: "1"
memory: 800Mi
requests:
cpu: 50m
memory: 600Mi
volumeMounts:
- mountPath: /opt/system/public/system
name: system-storage
- mountPath: /opt/system-extra-configs
name: system-config
- args:
- env
- TENANT_MODE=provider
- PORT=3000
- container-entrypoint
- bundle
- exec
- unicorn
- -c
- config/unicorn.rb
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: USER_EMAIL
valueFrom:
secretKeyRef:
key: ADMIN_EMAIL
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: MEMCACHE_SERVERS
valueFrom:
secretKeyRef:
key: SERVERS
name: system-memcache
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: MESSAGE_BUS_REDIS_URL
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_URL
name: system-redis
- name: REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: NAMESPACE
name: system-redis
- name: MESSAGE_BUS_REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_NAMESPACE
name: system-redis
- name: REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: SENTINEL_HOSTS
name: system-redis
- name: REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: SENTINEL_ROLE
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_HOSTS
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_ROLE
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
secretKeyRef:
key: address
name: system-smtp
- name: SMTP_USER_NAME
valueFrom:
secretKeyRef:
key: username
name: system-smtp
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: system-smtp
- name: SMTP_DOMAIN
valueFrom:
secretKeyRef:
key: domain
name: system-smtp
- name: SMTP_PORT
valueFrom:
secretKeyRef:
key: port
name: system-smtp
- name: SMTP_AUTHENTICATION
valueFrom:
secretKeyRef:
key: authentication
name: system-smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
secretKeyRef:
key: openssl.verify.mode
name: system-smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-system:latest
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 40
initialDelaySeconds: 40
periodSeconds: 10
tcpSocket:
port: provider
timeoutSeconds: 10
name: system-provider
ports:
- containerPort: 3000
name: provider
protocol: TCP
readinessProbe:
failureThreshold: 10
httpGet:
httpHeaders:
- name: X-Forwarded-Proto
value: https
path: /check.txt
port: provider
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
resources:
limits:
cpu: "1"
memory: 800Mi
requests:
cpu: 50m
memory: 600Mi
volumeMounts:
- mountPath: /opt/system/public/system
name: system-storage
- mountPath: /opt/system-extra-configs
name: system-config
- args:
- env
- PORT=3001
- container-entrypoint
- bundle
- exec
- unicorn
- -c
- config/unicorn.rb
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: USER_EMAIL
valueFrom:
secretKeyRef:
key: ADMIN_EMAIL
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: MEMCACHE_SERVERS
valueFrom:
secretKeyRef:
key: SERVERS
name: system-memcache
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: MESSAGE_BUS_REDIS_URL
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_URL
name: system-redis
- name: REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: NAMESPACE
name: system-redis
- name: MESSAGE_BUS_REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_NAMESPACE
name: system-redis
- name: REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: SENTINEL_HOSTS
name: system-redis
- name: REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: SENTINEL_ROLE
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_HOSTS
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_ROLE
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
secretKeyRef:
key: address
name: system-smtp
- name: SMTP_USER_NAME
valueFrom:
secretKeyRef:
key: username
name: system-smtp
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: system-smtp
- name: SMTP_DOMAIN
valueFrom:
secretKeyRef:
key: domain
name: system-smtp
- name: SMTP_PORT
valueFrom:
secretKeyRef:
key: port
name: system-smtp
- name: SMTP_AUTHENTICATION
valueFrom:
secretKeyRef:
key: authentication
name: system-smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
secretKeyRef:
key: openssl.verify.mode
name: system-smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-system:latest
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 40
initialDelaySeconds: 40
periodSeconds: 10
tcpSocket:
port: developer
timeoutSeconds: 10
name: system-developer
ports:
- containerPort: 3001
name: developer
protocol: TCP
readinessProbe:
failureThreshold: 10
httpGet:
httpHeaders:
- name: X-Forwarded-Proto
value: https
path: /check.txt
port: developer
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
resources:
limits:
cpu: "1"
memory: 800Mi
requests:
cpu: 50m
memory: 600Mi
volumeMounts:
- mountPath: /opt/system/public/system
name: system-storage
readOnly: true
- mountPath: /opt/system-extra-configs
name: system-config
serviceAccountName: amp
volumes:
- name: system-storage
persistentVolumeClaim:
claimName: system-storage
- configMap:
items:
- key: zync.yml
path: zync.yml
- key: rolling_updates.yml
path: rolling_updates.yml
- key: service_discovery.yml
path: service_discovery.yml
name: system
name: system-config
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- system-provider
- system-developer
- system-master
from:
kind: ImageStreamTag
name: amp-system:${AMP_RELEASE}
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: sidekiq
name: system-sidekiq
spec:
replicas: 1
selector:
deploymentConfig: system-sidekiq
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: system-sidekiq
threescale_component: system
threescale_component_element: sidekiq
spec:
containers:
- args:
- rake
- sidekiq:worker
- RAILS_MAX_THREADS=25
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: USER_EMAIL
valueFrom:
secretKeyRef:
key: ADMIN_EMAIL
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: MEMCACHE_SERVERS
valueFrom:
secretKeyRef:
key: SERVERS
name: system-memcache
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: MESSAGE_BUS_REDIS_URL
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_URL
name: system-redis
- name: REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: NAMESPACE
name: system-redis
- name: MESSAGE_BUS_REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_NAMESPACE
name: system-redis
- name: REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: SENTINEL_HOSTS
name: system-redis
- name: REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: SENTINEL_ROLE
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_HOSTS
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_ROLE
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: BACKEND_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
secretKeyRef:
key: address
name: system-smtp
- name: SMTP_USER_NAME
valueFrom:
secretKeyRef:
key: username
name: system-smtp
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: system-smtp
- name: SMTP_DOMAIN
valueFrom:
secretKeyRef:
key: domain
name: system-smtp
- name: SMTP_PORT
valueFrom:
secretKeyRef:
key: port
name: system-smtp
- name: SMTP_AUTHENTICATION
valueFrom:
secretKeyRef:
key: authentication
name: system-smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
secretKeyRef:
key: openssl.verify.mode
name: system-smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-system:latest
imagePullPolicy: IfNotPresent
name: system-sidekiq
resources:
limits:
cpu: "1"
memory: 2Gi
requests:
cpu: 100m
memory: 500Mi
volumeMounts:
- mountPath: /opt/system/public/system
name: system-storage
- mountPath: /tmp
name: system-tmp
- mountPath: /opt/system-extra-configs
name: system-config
initContainers:
- command:
- bash
- -c
- bundle exec sh -c "until rake boot:redis && curl --output /dev/null --silent
--fail --head http://system-master:3000/status; do sleep $SLEEP_SECONDS;
done"
env:
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: MESSAGE_BUS_REDIS_URL
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_URL
name: system-redis
- name: REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: NAMESPACE
name: system-redis
- name: MESSAGE_BUS_REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_NAMESPACE
name: system-redis
- name: REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: SENTINEL_HOSTS
name: system-redis
- name: REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: SENTINEL_ROLE
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_HOSTS
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_ROLE
name: system-redis
- name: SLEEP_SECONDS
value: "1"
image: amp-system:latest
name: check-svc
resources: {}
serviceAccountName: amp
volumes:
- emptyDir:
medium: Memory
name: system-tmp
- name: system-storage
persistentVolumeClaim:
claimName: system-storage
- configMap:
items:
- key: zync.yml
path: zync.yml
- key: rolling_updates.yml
path: rolling_updates.yml
- key: service_discovery.yml
path: service_discovery.yml
name: system
name: system-config
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- check-svc
- system-sidekiq
from:
kind: ImageStreamTag
name: amp-system:${AMP_RELEASE}
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
threescale_component_element: sphinx
name: system-sphinx
spec:
replicas: 1
selector:
deploymentConfig: system-sphinx
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: system-sphinx
threescale_component: system
threescale_component_element: sphinx
spec:
containers:
- args:
- rake
- openshift:thinking_sphinx:start
env:
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: THINKING_SPHINX_ADDRESS
value: 0.0.0.0
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: db/sphinx/production.conf
- name: THINKING_SPHINX_PID_FILE
value: db/sphinx/searchd.pid
- name: DELTA_INDEX_INTERVAL
value: "5"
- name: FULL_REINDEX_INTERVAL
value: "60"
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: MESSAGE_BUS_REDIS_URL
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_URL
name: system-redis
- name: REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: NAMESPACE
name: system-redis
- name: MESSAGE_BUS_REDIS_NAMESPACE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_NAMESPACE
name: system-redis
- name: REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: SENTINEL_HOSTS
name: system-redis
- name: REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: SENTINEL_ROLE
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_HOSTS
name: system-redis
- name: MESSAGE_BUS_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: MESSAGE_BUS_SENTINEL_ROLE
name: system-redis
image: amp-system:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 60
periodSeconds: 10
tcpSocket:
port: 9306
name: system-sphinx
resources:
limits:
cpu: "1"
memory: 512Mi
requests:
cpu: 80m
memory: 250Mi
volumeMounts:
- mountPath: /opt/system/db/sphinx
name: system-sphinx-database
initContainers:
- command:
- sh
- -c
- until $(curl --output /dev/null --silent --fail --head http://system-master:3000/status);
do sleep $SLEEP_SECONDS; done
env:
- name: SLEEP_SECONDS
value: "1"
image: amp-system:latest
name: system-master-svc
resources: {}
serviceAccountName: amp
volumes:
- emptyDir: {}
name: system-sphinx-database
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- system-master-svc
- system-sphinx
from:
kind: ImageStreamTag
name: amp-system:${AMP_RELEASE}
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-events-hook
stringData:
PASSWORD: ${SYSTEM_BACKEND_SHARED_SECRET}
URL: http://system-master:3000/master/events/import
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-redis
stringData:
MESSAGE_BUS_NAMESPACE: ${SYSTEM_MESSAGE_BUS_REDIS_NAMESPACE}
MESSAGE_BUS_SENTINEL_HOSTS: ""
MESSAGE_BUS_SENTINEL_ROLE: ""
MESSAGE_BUS_URL: ${SYSTEM_MESSAGE_BUS_REDIS_URL}
NAMESPACE: ${SYSTEM_REDIS_NAMESPACE}
SENTINEL_HOSTS: ""
SENTINEL_ROLE: ""
URL: ${SYSTEM_REDIS_URL}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-master-apicast
stringData:
ACCESS_TOKEN: ${APICAST_ACCESS_TOKEN}
PROXY_CONFIGS_ENDPOINT: http://${APICAST_ACCESS_TOKEN}@system-master:3000/master/api/proxy/configs
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-seed
stringData:
ADMIN_ACCESS_TOKEN: ${ADMIN_ACCESS_TOKEN}
ADMIN_EMAIL: ${ADMIN_EMAIL}
ADMIN_PASSWORD: ${ADMIN_PASSWORD}
ADMIN_USER: ${ADMIN_USERNAME}
MASTER_ACCESS_TOKEN: ${MASTER_ACCESS_TOKEN}
MASTER_DOMAIN: ${MASTER_NAME}
MASTER_PASSWORD: ${MASTER_PASSWORD}
MASTER_USER: ${MASTER_USER}
TENANT_NAME: ${TENANT_NAME}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-recaptcha
stringData:
PRIVATE_KEY: ${RECAPTCHA_PRIVATE_KEY}
PUBLIC_KEY: ${RECAPTCHA_PUBLIC_KEY}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-app
stringData:
SECRET_KEY_BASE: ${SYSTEM_APP_SECRET_KEY_BASE}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: system
name: system-memcache
stringData:
SERVERS: system-memcache:11211
type: Opaque
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: zync-que-role
rules:
- apiGroups:
- apps.openshift.io
resources:
- deploymentconfigs
verbs:
- get
- list
- apiGroups:
- ""
resources:
- pods
- replicationcontrollers
verbs:
- get
- list
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- get
- list
- create
- delete
- patch
- update
- apiGroups:
- route.openshift.io
resources:
- routes/status
verbs:
- get
- apiGroups:
- route.openshift.io
resources:
- routes/custom-host
verbs:
- create
- apiVersion: v1
imagePullSecrets:
- name: threescale-registry-auth
kind: ServiceAccount
metadata:
creationTimestamp: null
name: zync-que-sa
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: null
name: zync-que-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: zync-que-role
subjects:
- kind: ServiceAccount
name: zync-que-sa
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
annotations:
prometheus.io/port: "9393"
prometheus.io/scrape: "true"
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: zync
name: zync
spec:
replicas: 1
selector:
deploymentConfig: zync
strategy:
resources: {}
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: zync
threescale_component: zync
spec:
containers:
- env:
- name: RAILS_LOG_TO_STDOUT
value: "true"
- name: RAILS_ENV
value: production
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: DATABASE_URL
name: zync
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: zync
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: amp-zync:latest
livenessProbe:
failureThreshold: 10
httpGet:
path: /status/live
port: 8080
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 60
name: zync
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /status/ready
port: 8080
scheme: HTTP
initialDelaySeconds: 100
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
limits:
cpu: "1"
memory: 512Mi
requests:
cpu: 150m
memory: 250M
initContainers:
- command:
- bash
- -c
- bundle exec sh -c "until rake boot:db; do sleep $SLEEP_SECONDS; done"
env:
- name: SLEEP_SECONDS
value: "1"
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: DATABASE_URL
name: zync
image: amp-zync:latest
name: zync-db-svc
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- zync-db-svc
- zync
from:
kind: ImageStreamTag
name: amp-zync:${AMP_RELEASE}
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: zync
name: zync-que
spec:
replicas: 1
selector:
deploymentConfig: zync-que
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 600
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
annotations:
prometheus.io/port: "9394"
prometheus.io/scrape: "true"
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: zync-que
spec:
containers:
- args:
- -c
- bundle exec rake 'que[--worker-count 10]'
command:
- /usr/bin/bash
env:
- name: RAILS_LOG_TO_STDOUT
value: "true"
- name: RAILS_ENV
value: production
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: DATABASE_URL
name: zync
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: zync
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: amp-zync:latest
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
httpGet:
path: /metrics
port: 9394
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 60
name: que
ports:
- containerPort: 9394
name: metrics
protocol: TCP
resources:
limits:
cpu: "1"
memory: 512Mi
requests:
cpu: 250m
memory: 250M
restartPolicy: Always
serviceAccountName: zync-que-sa
terminationGracePeriodSeconds: 30
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- que
from:
kind: ImageStreamTag
name: amp-zync:${AMP_RELEASE}
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: zync
threescale_component_element: database
name: zync-database
spec:
replicas: 1
selector:
deploymentConfig: zync-database
strategy:
resources: {}
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: zync-database
threescale_component: zync
threescale_component_element: database
spec:
containers:
- env:
- name: POSTGRESQL_USER
value: zync
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
key: ZYNC_DATABASE_PASSWORD
name: zync
- name: POSTGRESQL_DATABASE
value: zync_production
image: ' '
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 30
tcpSocket:
port: 5432
timeoutSeconds: 1
name: postgresql
ports:
- containerPort: 5432
protocol: TCP
readinessProbe:
exec:
command:
- /bin/sh
- -i
- -c
- psql -h 127.0.0.1 -U zync -q -d zync_production -c 'SELECT 1'
initialDelaySeconds: 5
timeoutSeconds: 1
resources:
limits:
cpu: 250m
memory: 2G
requests:
cpu: 50m
memory: 250M
volumeMounts:
- mountPath: /var/lib/pgsql/data
name: zync-database-data
restartPolicy: Always
serviceAccountName: amp
volumes:
- emptyDir: {}
name: zync-database-data
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- postgresql
from:
kind: ImageStreamTag
name: zync-database-postgresql:${AMP_RELEASE}
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: zync
name: zync
spec:
ports:
- name: 8080-tcp
port: 8080
protocol: TCP
targetPort: 8080
selector:
deploymentConfig: zync
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: zync
threescale_component_element: database
name: zync-database
spec:
ports:
- name: postgresql
port: 5432
protocol: TCP
targetPort: 5432
selector:
deploymentConfig: zync-database
status:
loadBalancer: {}
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: zync
name: zync
stringData:
DATABASE_URL: postgresql://zync:${ZYNC_DATABASE_PASSWORD}@zync-database:5432/zync_production
SECRET_KEY_BASE: ${ZYNC_SECRET_KEY_BASE}
ZYNC_AUTHENTICATION_TOKEN: ${ZYNC_AUTHENTICATION_TOKEN}
ZYNC_DATABASE_PASSWORD: ${ZYNC_DATABASE_PASSWORD}
type: Opaque
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: apicast
threescale_component_element: staging
name: apicast-staging
spec:
replicas: 1
selector:
deploymentConfig: apicast-staging
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1800
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
annotations:
prometheus.io/port: "9421"
prometheus.io/scrape: "true"
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: apicast-staging
threescale_component: apicast
threescale_component_element: staging
spec:
containers:
- env:
- name: THREESCALE_PORTAL_ENDPOINT
valueFrom:
secretKeyRef:
key: PROXY_CONFIGS_ENDPOINT
name: system-master-apicast
- name: BACKEND_ENDPOINT_OVERRIDE
valueFrom:
secretKeyRef:
key: service_endpoint
name: backend-listener
- name: APICAST_MANAGEMENT_API
valueFrom:
configMapKeyRef:
key: APICAST_MANAGEMENT_API
name: apicast-environment
- name: OPENSSL_VERIFY
valueFrom:
configMapKeyRef:
key: OPENSSL_VERIFY
name: apicast-environment
- name: APICAST_RESPONSE_CODES
valueFrom:
configMapKeyRef:
key: APICAST_RESPONSE_CODES
name: apicast-environment
- name: APICAST_CONFIGURATION_LOADER
value: lazy
- name: APICAST_CONFIGURATION_CACHE
value: "0"
- name: THREESCALE_DEPLOYMENT_ENV
value: staging
image: amp-apicast:latest
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /status/live
port: 8090
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
name: apicast-staging
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8090
protocol: TCP
- containerPort: 9421
name: metrics
protocol: TCP
readinessProbe:
httpGet:
path: /status/ready
port: 8090
initialDelaySeconds: 15
periodSeconds: 30
timeoutSeconds: 5
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- apicast-staging
from:
kind: ImageStreamTag
name: amp-apicast:${AMP_RELEASE}
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: apicast
threescale_component_element: production
name: apicast-production
spec:
replicas: 1
selector:
deploymentConfig: apicast-production
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1800
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
annotations:
prometheus.io/port: "9421"
prometheus.io/scrape: "true"
creationTimestamp: null
labels:
app: ${APP_LABEL}
deploymentConfig: apicast-production
threescale_component: apicast
threescale_component_element: production
spec:
containers:
- env:
- name: THREESCALE_PORTAL_ENDPOINT
valueFrom:
secretKeyRef:
key: PROXY_CONFIGS_ENDPOINT
name: system-master-apicast
- name: BACKEND_ENDPOINT_OVERRIDE
valueFrom:
secretKeyRef:
key: service_endpoint
name: backend-listener
- name: APICAST_MANAGEMENT_API
valueFrom:
configMapKeyRef:
key: APICAST_MANAGEMENT_API
name: apicast-environment
- name: OPENSSL_VERIFY
valueFrom:
configMapKeyRef:
key: OPENSSL_VERIFY
name: apicast-environment
- name: APICAST_RESPONSE_CODES
valueFrom:
configMapKeyRef:
key: APICAST_RESPONSE_CODES
name: apicast-environment
- name: APICAST_CONFIGURATION_LOADER
value: boot
- name: APICAST_CONFIGURATION_CACHE
value: "300"
- name: THREESCALE_DEPLOYMENT_ENV
value: production
image: amp-apicast:latest
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /status/live
port: 8090
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
name: apicast-production
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8090
protocol: TCP
- containerPort: 9421
name: metrics
protocol: TCP
readinessProbe:
httpGet:
path: /status/ready
port: 8090
initialDelaySeconds: 15
periodSeconds: 30
timeoutSeconds: 5
resources:
limits:
cpu: "1"
memory: 128Mi
requests:
cpu: 500m
memory: 64Mi
initContainers:
- command:
- sh
- -c
- until $(curl --output /dev/null --silent --fail --head http://system-master:3000/status);
do sleep $SLEEP_SECONDS; done
env:
- name: SLEEP_SECONDS
value: "1"
image: amp-apicast:latest
name: system-master-svc
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- system-master-svc
- apicast-production
from:
kind: ImageStreamTag
name: amp-apicast:${AMP_RELEASE}
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: apicast
threescale_component_element: staging
name: apicast-staging
spec:
ports:
- name: gateway
port: 8080
protocol: TCP
targetPort: 8080
- name: management
port: 8090
protocol: TCP
targetPort: 8090
selector:
deploymentConfig: apicast-staging
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: apicast
threescale_component_element: production
name: apicast-production
spec:
ports:
- name: gateway
port: 8080
protocol: TCP
targetPort: 8080
- name: management
port: 8090
protocol: TCP
targetPort: 8090
selector:
deploymentConfig: apicast-production
status:
loadBalancer: {}
- apiVersion: v1
data:
APICAST_MANAGEMENT_API: ${APICAST_MANAGEMENT_API}
APICAST_RESPONSE_CODES: ${APICAST_RESPONSE_CODES}
OPENSSL_VERIFY: ${APICAST_OPENSSL_VERIFY}
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
app: ${APP_LABEL}
threescale_component: apicast
name: apicast-environment
parameters:
- description: AMP release tag.
name: AMP_RELEASE
required: true
value: "2.9"
- description: Used for object app labels
name: APP_LABEL
required: true
value: 3scale-api-management
- description: Tenant name under the root that Admin UI will be available with -admin
suffix.
name: TENANT_NAME
required: true
value: 3scale
- description: The Storage Class to be used by ReadWriteMany PVCs
name: RWX_STORAGE_CLASS
value: "null"
- name: AMP_BACKEND_IMAGE
required: true
value: registry.redhat.io/3scale-amp2/backend-rhel7:3scale2.9
- name: AMP_ZYNC_IMAGE
required: true
value: registry.redhat.io/3scale-amp2/zync-rhel7:3scale2.9
- name: AMP_APICAST_IMAGE
required: true
value: registry.redhat.io/3scale-amp2/apicast-gateway-rhel8:3scale2.9
- name: AMP_SYSTEM_IMAGE
required: true
value: registry.redhat.io/3scale-amp2/system-rhel7:3scale2.9
- description: Zync's PostgreSQL image to use
name: ZYNC_DATABASE_IMAGE
required: true
value: registry.redhat.io/rhscl/postgresql-10-rhel7
- description: Memcached image to use
name: MEMCACHED_IMAGE
required: true
value: registry.redhat.io/3scale-amp2/memcached-rhel7:3scale2.9
- description: Set to true if the server may bypass certificate verification or connect
directly over HTTP during image import.
name: IMAGESTREAM_TAG_IMPORT_INSECURE
required: true
value: "false"
- description: System PostgreSQL image to use
name: SYSTEM_DATABASE_IMAGE
required: true
value: registry.redhat.io/rhel8/postgresql-10:latest
- description: Redis image to use
name: REDIS_IMAGE
required: true
value: registry.redhat.io/rhscl/redis-32-rhel7:3.2
- description: Username for PostgreSQL user that will be used for accessing the database.
displayName: System PostgreSQL User
name: SYSTEM_DATABASE_USER
required: true
value: system
- description: Password for the System's PostgreSQL user.
displayName: System PostgreSQL Password
from: '[a-z0-9]{8}'
generate: expression
name: SYSTEM_DATABASE_PASSWORD
required: true
- description: Name of the System's PostgreSQL database accessed.
displayName: System PostgreSQL Database Name
name: SYSTEM_DATABASE
required: true
value: system
- description: Root domain for the wildcard routes. Eg. example.com will generate
3scale-admin.example.com.
name: WILDCARD_DOMAIN
required: true
- description: Internal 3scale API username for internal 3scale api auth.
name: SYSTEM_BACKEND_USERNAME
required: true
value: 3scale_api_user
- description: Internal 3scale API password for internal 3scale api auth.
from: '[a-z0-9]{8}'
generate: expression
name: SYSTEM_BACKEND_PASSWORD
required: true
- description: Shared secret to import events from backend to system.
from: '[a-z0-9]{8}'
generate: expression
name: SYSTEM_BACKEND_SHARED_SECRET
required: true
- description: System application secret key base
from: '[a-f0-9]{128}'
generate: expression
name: SYSTEM_APP_SECRET_KEY_BASE
required: true
- from: '[a-z0-9]{8}'
generate: expression
name: ADMIN_PASSWORD
required: true
- name: ADMIN_USERNAME
required: true
value: admin
- name: ADMIN_EMAIL
- description: Admin Access Token with all scopes and write permissions for API access.
from: '[a-z0-9]{16}'
generate: expression
name: ADMIN_ACCESS_TOKEN
- description: The root name which Master Admin UI will be available at.
name: MASTER_NAME
required: true
value: master
- name: MASTER_USER
required: true
value: master
- from: '[a-z0-9]{8}'
generate: expression
name: MASTER_PASSWORD
required: true
- from: '[a-z0-9]{8}'
generate: expression
name: MASTER_ACCESS_TOKEN
required: true
- description: reCAPTCHA site key (used in spam protection)
name: RECAPTCHA_PUBLIC_KEY
- description: reCAPTCHA secret key (used in spam protection)
name: RECAPTCHA_PRIVATE_KEY
- description: Define the external system-redis to connect to
name: SYSTEM_REDIS_URL
required: true
value: redis://system-redis:6379/1
- description: Define the external system-redis message bus to connect to. By default
the same value as SYSTEM_REDIS_URL but with the logical database incremented by
1 and the result applied mod 16
name: SYSTEM_MESSAGE_BUS_REDIS_URL
- description: Define the namespace to be used by System's Redis Database. The empty
value means not namespaced
name: SYSTEM_REDIS_NAMESPACE
- description: Define the namespace to be used by System's Message Bus Redis Database.
The empty value means not namespaced
name: SYSTEM_MESSAGE_BUS_REDIS_NAMESPACE
- description: Password for the Zync Database PostgreSQL connection user.
displayName: Zync Database PostgreSQL Connection Password
from: '[a-zA-Z0-9]{16}'
generate: expression
name: ZYNC_DATABASE_PASSWORD
required: true
- from: '[a-zA-Z0-9]{16}'
generate: expression
name: ZYNC_SECRET_KEY_BASE
required: true
- from: '[a-zA-Z0-9]{16}'
generate: expression
name: ZYNC_AUTHENTICATION_TOKEN
required: true
- description: Read Only Access Token that is APIcast going to use to download its
configuration.
from: '[a-z0-9]{8}'
generate: expression
name: APICAST_ACCESS_TOKEN
required: true
- description: Scope of the APIcast Management API. Can be disabled, status or debug.
At least status required for health checks.
name: APICAST_MANAGEMENT_API
value: status
- description: Turn on/off the OpenSSL peer verification when downloading the configuration.
Can be set to true/false.
name: APICAST_OPENSSL_VERIFY
value: "false"
- description: Enable logging response codes in APIcast.
name: APICAST_RESPONSE_CODES
value: "true"
- description: The URL to point to APIcast policies registry management
name: APICAST_REGISTRY_URL
required: true
value: http://apicast-staging:8090/policies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment