Skip to content

Instantly share code, notes, and snippets.

@gsaslis
Last active December 18, 2023 19:37
Show Gist options
  • Save gsaslis/015e3aa6ff283b3c4caedd9bc64f0c39 to your computer and use it in GitHub Desktop.
Save gsaslis/015e3aa6ff283b3c4caedd9bc64f0c39 to your computer and use it in GitHub Desktop.
Deploy 3scale API Management on Minishift

Installing 3scale on your Laptop

Pre-requisites

.or your desktop. Or a VM in the cloud. Or wherever it is you want to deploy 3scale to start exploring!
  • ❏ Minishift: 3scale is currently targeted for deployment on openshift, and minishift is the recommended development environment for that.

  • oc command-line tool [optional. you can also use the web-based interface.]

tl;dr

# you DO need the 6gb for minishift, instead of the default 4gb
minishift start --memory 6GB --cpus 2

# some coffee later

oc new-app \
   --param WILDCARD_DOMAIN="$(minishift ip).nip.io" \
   --param AMP_RELEASE=2.9.0 \
   -f https://raw.githubusercontent.com/3scale/3scale-operator/master/pkg/3scale/amp/auto-generated-templates/amp/amp-eval.yml


# some more coffee later, all pods should be blue in openshift project overview.
# Once that is done, you can proceed to login screen.

For more details and expected output, see sections below.

Start Minishift

3scale API Management comes with out of the box support for Openshift. To try this out locally, you can deploy 3scale on your laptop, using [Minishift](https://github.com/minishift/minishift).

You can start minishift with a simple minishift start. If your laptop can spare the extra CPUs, we recommend starting with:

18-12-17 16:42 ➜ minishift version
minishift v1.28.0+48e89ed

# even though 6gb / 2vcpus are ok, the experience will be much smoother with 8gb / 4vcpus

18-12-17 16:43 ➜  ~ minishift start --memory 8GB --cpus 4
-- Starting profile 'default'
-- Check if deprecated options are used ... OK
-- Checking if https://github.com is reachable ... OK
-- Checking if requested OpenShift version 'v3.11.0' is valid ... OK
-- Checking if requested OpenShift version 'v3.11.0' is supported ... OK
-- Checking if requested hypervisor 'xhyve' is supported on this platform ... OK
-- Checking if xhyve driver is installed ...
   Driver is available at /usr/local/bin/docker-machine-driver-xhyve
   Checking for setuid bit ... OK
-- Checking the ISO URL ... OK
-- Checking if provided oc flags are supported ... OK
-- Starting the OpenShift cluster using 'xhyve' hypervisor ...
-- Minishift VM will be configured with ...
   Memory:    8 GB
   vCPUs :    4
   Disk size: 20 GB
-- Starting Minishift VM ................ OK
-- Checking for IP address ... OK
-- Checking for nameservers ... OK
-- Checking if external host is reachable from the Minishift VM ...
   Pinging 8.8.8.8 ... OK
-- Checking HTTP connectivity from the VM ...
   Retrieving http://minishift.io/index.html ... OK
-- Checking if persistent storage volume is mounted ... OK
-- Checking available disk space ... 1% used OK
-- Writing current configuration for static assignment of IP address ... OK
   Importing 'openshift/origin-control-plane:v3.11.0' ....... OK
   Importing 'openshift/origin-docker-registry:v3.11.0' ... OK
   Importing 'openshift/origin-haproxy-router:v3.11.0' ... OK
-- OpenShift cluster will be configured with ...
   Version: v3.11.0
-- Copying oc binary from the OpenShift container image to VM ... OK
-- Starting OpenShift cluster .....................................................
Getting a Docker client ...
Checking if image openshift/origin-control-plane:v3.11.0 is available ...
Pulling image openshift/origin-cli:v3.11.0
E1217 15:45:09.043753    2303 helper.go:173] Reading docker config from /home/docker/.docker/config.json failed: open /home/docker/.docker/config.json: no such file or directory, will attempt to pull image docker.io/openshift/origin-cli:v3.11.0 anonymously
Pulled 1/4 layers, 30% complete
Pulled 2/4 layers, 51% complete
Pulled 3/4 layers, 85% complete
Pulled 4/4 layers, 100% complete
Extracting
Image pull complete
Pulling image openshift/origin-node:v3.11.0
E1217 15:45:22.263513    2303 helper.go:173] Reading docker config from /home/docker/.docker/config.json failed: open /home/docker/.docker/config.json: no such file or directory, will attempt to pull image docker.io/openshift/origin-node:v3.11.0 anonymously
Pulled 4/6 layers, 70% complete
Pulled 5/6 layers, 87% complete
Pulled 6/6 layers, 100% complete
Extracting
Image pull complete
Checking type of volume mount ...
Determining server IP ...
Using public hostname IP 192.168.64.11 as the host IP
Checking if OpenShift is already running ...
Checking for supported Docker version (=>1.22) ...
Checking if insecured registry is configured properly in Docker ...
Checking if required ports are available ...
Checking if OpenShift client is configured properly ...
Checking if image openshift/origin-control-plane:v3.11.0 is available ...
Starting OpenShift using openshift/origin-control-plane:v3.11.0 ...
I1217 15:45:41.248408    2303 config.go:40] Running "create-master-config"
I1217 15:45:43.459449    2303 config.go:46] Running "create-node-config"
I1217 15:45:44.215264    2303 flags.go:30] Running "create-kubelet-flags"
I1217 15:45:44.544826    2303 run_kubelet.go:49] Running "start-kubelet"
I1217 15:45:44.698794    2303 run_self_hosted.go:181] Waiting for the kube-apiserver to be ready ...
I1217 15:46:19.715355    2303 interface.go:26] Installing "kube-proxy" ...
I1217 15:46:19.715396    2303 interface.go:26] Installing "kube-dns" ...
I1217 15:46:19.715404    2303 interface.go:26] Installing "openshift-service-cert-signer-operator" ...
I1217 15:46:19.715409    2303 interface.go:26] Installing "openshift-apiserver" ...
I1217 15:46:19.715434    2303 apply_template.go:81] Installing "openshift-apiserver"
I1217 15:46:19.716239    2303 apply_template.go:81] Installing "kube-proxy"
I1217 15:46:19.716386    2303 apply_template.go:81] Installing "kube-dns"
I1217 15:46:19.717409    2303 apply_template.go:81] Installing "openshift-service-cert-signer-operator"
I1217 15:46:23.859466    2303 interface.go:41] Finished installing "kube-proxy" "kube-dns" "openshift-service-cert-signer-operator" "openshift-apiserver"
I1217 15:48:06.881759    2303 run_self_hosted.go:242] openshift-apiserver available
I1217 15:48:06.882223    2303 interface.go:26] Installing "openshift-controller-manager" ...
I1217 15:48:06.882250    2303 apply_template.go:81] Installing "openshift-controller-manager"
I1217 15:48:09.299053    2303 interface.go:41] Finished installing "openshift-controller-manager"
Adding default OAuthClient redirect URIs ...
Adding registry ...
Adding router ...
Adding persistent-volumes ...
Adding web-console ...
Adding centos-imagestreams ...
Adding sample-templates ...
I1217 15:48:09.316281    2303 interface.go:26] Installing "openshift-image-registry" ...
I1217 15:48:09.316288    2303 interface.go:26] Installing "openshift-router" ...
I1217 15:48:09.316292    2303 interface.go:26] Installing "persistent-volumes" ...
I1217 15:48:09.316299    2303 interface.go:26] Installing "openshift-web-console-operator" ...
I1217 15:48:09.316304    2303 interface.go:26] Installing "centos-imagestreams" ...
I1217 15:48:09.316307    2303 interface.go:26] Installing "sample-templates" ...
I1217 15:48:09.316341    2303 interface.go:26] Installing "sample-templates/postgresql" ...
I1217 15:48:09.316346    2303 interface.go:26] Installing "sample-templates/cakephp quickstart" ...
I1217 15:48:09.316350    2303 interface.go:26] Installing "sample-templates/dancer quickstart" ...
I1217 15:48:09.316354    2303 interface.go:26] Installing "sample-templates/django quickstart" ...
I1217 15:48:09.316357    2303 interface.go:26] Installing "sample-templates/sample pipeline" ...
I1217 15:48:09.316361    2303 interface.go:26] Installing "sample-templates/mongodb" ...
I1217 15:48:09.316364    2303 interface.go:26] Installing "sample-templates/mysql" ...
I1217 15:48:09.316368    2303 interface.go:26] Installing "sample-templates/nodejs quickstart" ...
I1217 15:48:09.316371    2303 interface.go:26] Installing "sample-templates/rails quickstart" ...
I1217 15:48:09.316376    2303 interface.go:26] Installing "sample-templates/jenkins pipeline ephemeral" ...
I1217 15:48:09.316379    2303 interface.go:26] Installing "sample-templates/mariadb" ...
I1217 15:48:09.316411    2303 apply_list.go:67] Installing "sample-templates/mariadb"
I1217 15:48:09.317392    2303 apply_template.go:81] Installing "openshift-web-console-operator"
I1217 15:48:09.317548    2303 apply_list.go:67] Installing "centos-imagestreams"
I1217 15:48:09.317633    2303 apply_list.go:67] Installing "sample-templates/postgresql"
I1217 15:48:09.317704    2303 apply_list.go:67] Installing "sample-templates/cakephp quickstart"
I1217 15:48:09.317771    2303 apply_list.go:67] Installing "sample-templates/dancer quickstart"
I1217 15:48:09.317834    2303 apply_list.go:67] Installing "sample-templates/django quickstart"
I1217 15:48:09.317901    2303 apply_list.go:67] Installing "sample-templates/sample pipeline"
I1217 15:48:09.317967    2303 apply_list.go:67] Installing "sample-templates/mongodb"
I1217 15:48:09.318048    2303 apply_list.go:67] Installing "sample-templates/mysql"
I1217 15:48:09.318113    2303 apply_list.go:67] Installing "sample-templates/nodejs quickstart"
I1217 15:48:09.318181    2303 apply_list.go:67] Installing "sample-templates/rails quickstart"
I1217 15:48:09.318291    2303 apply_list.go:67] Installing "sample-templates/jenkins pipeline ephemeral"
I1217 15:48:21.502383    2303 interface.go:41] Finished installing "sample-templates/postgresql" "sample-templates/cakephp quickstart" "sample-templates/dancer quickstart" "sample-templates/django quickstart" "sample-templates/sample pipeline" "sample-templates/mongodb" "sample-templates/mysql" "sample-templates/nodejs quickstart" "sample-templates/rails quickstart" "sample-templates/jenkins pipeline ephemeral" "sample-templates/mariadb"
I1217 15:48:45.145422    2303 interface.go:41] Finished installing "openshift-image-registry" "openshift-router" "persistent-volumes" "openshift-web-console-operator" "centos-imagestreams" "sample-templates"
Login to server ...
Creating initial project "myproject" ...
Server Information ...
OpenShift server started.

The server is accessible via web console at:
    https://192.168.64.11:8443/console

You are logged in as:
    User:     developer
    Password: <any value>

To login as administrator:
    oc login -u system:admin

Install 3scale

18-12-17 16:48 ➜  ~ oc new-app \
   --param WILDCARD_DOMAIN="$(minishift ip).nip.io" \
   --param AMP_RELEASE=2.9.0 \
   -f https://raw.githubusercontent.com/3scale/3scale-operator/master/pkg/3scale/amp/auto-generated-templates/amp/amp-eval.yml

--> Deploying template "myproject/3scale-api-management-eval" for "https://raw.githubusercontent.com/3scale/3scale-operator/master/pkg/3scale/amp/auto-generated-templates/amp/amp-eval.yml" to project myproject

     3scale API Management
     ---------
     3scale API Management main system (Evaluation)

     Login on https://3scale-admin.192.168.64.11.nip.io as admin/rwuf81wc

     * With parameters:
        * AMP_RELEASE=2.9.0
        * APP_LABEL=3scale-api-management
        * TENANT_NAME=3scale
        * RWX_STORAGE_CLASS=null
        * AMP_BACKEND_IMAGE=quay.io/3scale/apisonator:nightly
        * AMP_ZYNC_IMAGE=quay.io/3scale/zync:nightly
        * AMP_APICAST_IMAGE=quay.io/3scale/apicast:nightly
        * AMP_ROUTER_IMAGE=quay.io/3scale/wildcard-router:nightly
        * AMP_SYSTEM_IMAGE=quay.io/3scale/porta:nightly
        * POSTGRESQL_IMAGE=registry.access.redhat.com/rhscl/postgresql-95-rhel7:9.5
        * MYSQL_IMAGE=registry.access.redhat.com/rhscl/mysql-57-rhel7:5.7
        * MEMCACHED_IMAGE=registry.access.redhat.com/3scale-amp20/memcached
        * IMAGESTREAM_TAG_IMPORT_INSECURE=false
        * REDIS_IMAGE=registry.access.redhat.com/rhscl/redis-32-rhel7:3.2
        * MySQL User=mysql
        * MySQL Password=d5j6ygk0 # generated
        * MySQL Database Name=system
        * MySQL Root password.=681o0lbb # generated
        * SYSTEM_BACKEND_USERNAME=3scale_api_user
        * SYSTEM_BACKEND_PASSWORD=uxafkjxt # generated
        * SYSTEM_BACKEND_SHARED_SECRET=adef2jld # generated
        * SYSTEM_APP_SECRET_KEY_BASE=b8702432ac80706245aa762e25aa2aca84a63280c40751d0d56b44c7cb62386263aba4b7acde63c026274147bc48318caccced160be24753d11db0b215db7bd1 # generated
        * ADMIN_PASSWORD=rwuf81wc # generated
        * ADMIN_USERNAME=admin
        * ADMIN_ACCESS_TOKEN=wia33mqtmlorcps3 # generated
        * MASTER_NAME=master
        * MASTER_USER=master
        * MASTER_PASSWORD=asabd8ck # generated
        * MASTER_ACCESS_TOKEN=j33u32g8 # generated
        * RECAPTCHA_PUBLIC_KEY=
        * RECAPTCHA_PRIVATE_KEY=
        * PostgreSQL Connection Password=mCwhGWL1yYCCGeOr # generated
        * ZYNC_SECRET_KEY_BASE=5QJGu5NoQnTq5LuF # generated
        * ZYNC_AUTHENTICATION_TOKEN=xL3iTF2yIX2Qj30u # generated
        * APICAST_ACCESS_TOKEN=v4tpbdfa # generated
        * APICAST_MANAGEMENT_API=status
        * APICAST_OPENSSL_VERIFY=false
        * APICAST_RESPONSE_CODES=true
        * APICAST_REGISTRY_URL=http://apicast-staging:8090/policies
        * WILDCARD_DOMAIN=192.168.64.11.nip.io
        * WILDCARD_POLICY=None

--> Creating resources ...
    imagestream "amp-backend" created
    imagestream "amp-zync" created
    imagestream "amp-apicast" created
    imagestream "amp-wildcard-router" created
    imagestream "amp-system" created
    imagestream "postgresql" created
    serviceaccount "amp" created
    deploymentconfig "backend-redis" created
    service "backend-redis" created
    configmap "redis-config" created
    persistentvolumeclaim "backend-redis-storage" created
    deploymentconfig "system-redis" created
    persistentvolumeclaim "system-redis-storage" created
    deploymentconfig "backend-cron" created
    deploymentconfig "backend-listener" created
    service "backend-listener" created
    route "backend" created
    deploymentconfig "backend-worker" created
    configmap "backend-environment" created
    secret "backend-internal-api" created
    secret "backend-redis" created
    secret "backend-listener" created
    deploymentconfig "system-mysql" created
    configmap "mysql-main-conf" created
    configmap "mysql-extra-conf" created
    persistentvolumeclaim "mysql-storage" created
    deploymentconfig "system-memcache" created
    persistentvolumeclaim "system-storage" created
    service "system-provider" created
    service "system-master" created
    service "system-developer" created
    route "system-provider-admin" created
    route "system-master" created
    route "system-developer" created
    service "system-mysql" created
    service "system-redis" created
    service "system-sphinx" created
    service "system-memcache" created
    configmap "system" created
    configmap "smtp" created
    configmap "system-environment" created
    deploymentconfig "system-app" created
    deploymentconfig "system-sidekiq" created
    deploymentconfig "system-sphinx" created
    secret "system-events-hook" created
    secret "system-redis" created
    secret "system-master-apicast" created
    secret "system-database" created
    secret "system-seed" created
    secret "system-recaptcha" created
    secret "system-app" created
    secret "system-memcache" created
    deploymentconfig "zync" created
    deploymentconfig "zync-database" created
    service "zync" created
    service "zync-database" created
    secret "zync" created
    deploymentconfig "apicast-staging" created
    deploymentconfig "apicast-production" created
    service "apicast-staging" created
    service "apicast-production" created
    route "api-apicast-staging" created
    route "api-apicast-production" created
    configmap "apicast-environment" created
    secret "apicast-redis" created
    deploymentconfig "apicast-wildcard-router" created
    service "apicast-wildcard-router" created
    route "apicast-wildcard-router" created
--> Success
    Access your application via route 'backend-3scale.192.168.64.11.nip.io'
    Access your application via route '3scale-admin.192.168.64.11.nip.io'
    Access your application via route 'master.192.168.64.11.nip.io'
    Access your application via route '3scale.192.168.64.11.nip.io'
    Access your application via route 'api-3scale-apicast-staging.192.168.64.11.nip.io'
    Access your application via route 'api-3scale-apicast-production.192.168.64.11.nip.io'
    Access your application via route 'apicast-wildcard.192.168.64.11.nip.io'
    Run 'oc status' to view your app.

Access 3scale admin dashboard

Login at https://3scale-admin.$(minishift ip).nip.io/

  • Username: admin

  • Password: Get password from above output (look for ADMIN_PASSWORD).

apiVersion: template.openshift.io/v1
kind: Template
message: Login on https://${TENANT_NAME}-admin.${WILDCARD_DOMAIN} as ${ADMIN_USERNAME}/${ADMIN_PASSWORD}
metadata:
annotations:
description: 3scale API Management main system (Evaluation)
iconClass: icon-3scale
openshift.io/display-name: 3scale API Management
openshift.io/provider-display-name: Red Hat, Inc.
tags: integration, api management, 3scale
creationTimestamp: null
name: 3scale-api-management-eval
objects:
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP backend
creationTimestamp: null
labels:
3scale.component: backend
app: ${APP_LABEL}
name: amp-backend
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: amp-backend (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: amp-backend ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_BACKEND_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP Zync
creationTimestamp: null
labels:
3scale.component: zync
app: ${APP_LABEL}
name: amp-zync
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: AMP Zync (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: AMP Zync ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_ZYNC_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP APIcast
creationTimestamp: null
labels:
3scale.component: apicast
app: ${APP_LABEL}
name: amp-apicast
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: AMP APIcast (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: AMP APIcast ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_APICAST_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP APIcast Wildcard Router
creationTimestamp: null
labels:
3scale.component: wildcard-router
app: ${APP_LABEL}
name: amp-wildcard-router
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: AMP APIcast Wildcard Router (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: AMP APIcast Wildcard Router ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_ROUTER_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/display-name: AMP System
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: amp-system
spec:
lookupPolicy:
local: false
tags:
- annotations:
openshift.io/display-name: AMP System (latest)
from:
kind: ImageStreamTag
name: ${AMP_RELEASE}
generation: null
importPolicy: {}
name: latest
referencePolicy:
type: ""
- annotations:
openshift.io/display-name: AMP system ${AMP_RELEASE}
from:
kind: DockerImage
name: ${AMP_SYSTEM_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: ${AMP_RELEASE}
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: postgresql
app: ${APP_LABEL}
name: postgresql
spec:
lookupPolicy:
local: false
tags:
- annotations: null
from:
kind: DockerImage
name: ${POSTGRESQL_IMAGE}
generation: null
importPolicy:
insecure: ${{IMAGESTREAM_TAG_IMPORT_INSECURE}}
name: "9.5"
referencePolicy:
type: ""
status:
dockerImageRepository: ""
- apiVersion: v1
imagePullSecrets:
- name: quay-auth
kind: ServiceAccount
metadata:
creationTimestamp: null
name: amp
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: backend
3scale.component-element: redis
app: ${APP_LABEL}
name: backend-redis
spec:
ports:
- port: 6379
protocol: TCP
targetPort: 6379
selector:
deploymentConfig: system-redis
status:
loadBalancer: {}
- apiVersion: v1
data:
redis.conf: |
protected-mode no
port 6379
timeout 0
tcp-keepalive 300
daemonize no
supervised no
loglevel notice
databases 16
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
slave-serve-stale-data yes
slave-read-only yes
repl-diskless-sync no
repl-disable-tcp-nodelay no
appendonly yes
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
lua-time-limit 5000
activerehashing no
aof-rewrite-incremental-fsync yes
dir /var/lib/redis/data
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: redis
app: ${APP_LABEL}
name: redis-config
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: redis
app: ${APP_LABEL}
name: system-redis
spec:
replicas: 1
selector:
deploymentConfig: system-redis
strategy:
resources: {}
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: redis
app: ${APP_LABEL}
deploymentConfig: system-redis
spec:
containers:
- args:
- /etc/redis.d/redis.conf
- --daemonize
- "no"
command:
- /opt/rh/rh-redis32/root/usr/bin/redis-server
image: ${REDIS_IMAGE}
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 5
tcpSocket:
port: 6379
name: system-redis
readinessProbe:
exec:
command:
- container-entrypoint
- bash
- -c
- redis-cli set liveness-probe "`date`" | grep OK
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
resources: {}
terminationMessagePath: /dev/termination-log
volumeMounts:
- mountPath: /var/lib/redis/data
name: system-redis-storage
- mountPath: /etc/redis.d/
name: redis-config
serviceAccountName: amp
volumes:
- name: system-redis-storage
persistentVolumeClaim:
claimName: system-redis-storage
- configMap:
items:
- key: redis.conf
path: redis.conf
name: redis-config
name: redis-config
test: false
triggers:
- type: ConfigChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: redis
app: ${APP_LABEL}
name: system-redis-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
status: {}
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: backend
3scale.component-element: cron
app: ${APP_LABEL}
name: backend-cron
spec:
replicas: 1
selector:
deploymentConfig: backend-cron
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
3scale.component: backend
3scale.component-element: cron
app: ${APP_LABEL}
deploymentConfig: backend-cron
spec:
containers:
- args:
- backend-cron
env:
- name: CONFIG_REDIS_PROXY
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_ROLE
name: backend-redis
- name: RACK_ENV
valueFrom:
configMapKeyRef:
key: RACK_ENV
name: backend-environment
image: amp-backend:latest
imagePullPolicy: IfNotPresent
name: backend-cron
resources: {}
initContainers:
- command:
- /opt/app/entrypoint.sh
- sh
- -c
- until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS;
done
env:
- name: SLEEP_SECONDS
value: "1"
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
image: amp-backend:latest
name: backend-redis-svc
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- backend-redis-svc
- backend-cron
from:
kind: ImageStreamTag
name: amp-backend:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: backend
3scale.component-element: listener
app: ${APP_LABEL}
name: backend-listener
spec:
replicas: 1
selector:
deploymentConfig: backend-listener
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 600
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
3scale.component: backend
3scale.component-element: listener
app: ${APP_LABEL}
deploymentConfig: backend-listener
spec:
containers:
- args:
- bin/3scale_backend
- start
- -e
- production
- -p
- "3000"
- -x
- /dev/stdout
env:
- name: CONFIG_REDIS_PROXY
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_ROLE
name: backend-redis
- name: RACK_ENV
valueFrom:
configMapKeyRef:
key: RACK_ENV
name: backend-environment
- name: PUMA_WORKERS
value: "16"
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-backend:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
tcpSocket:
port: 3000
name: backend-listener
ports:
- containerPort: 3000
protocol: TCP
readinessProbe:
httpGet:
path: /status
port: 3000
initialDelaySeconds: 30
timeoutSeconds: 5
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- backend-listener
from:
kind: ImageStreamTag
name: amp-backend:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: backend
3scale.component-element: listener
app: ${APP_LABEL}
name: backend-listener
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: 3000
selector:
deploymentConfig: backend-listener
status:
loadBalancer: {}
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
creationTimestamp: null
labels:
3scale.component: backend
app: ${APP_LABEL}
name: backend
spec:
host: backend-${TENANT_NAME}.${WILDCARD_DOMAIN}
port:
targetPort: http
tls:
insecureEdgeTerminationPolicy: Allow
termination: edge
to:
kind: Service
name: backend-listener
weight: null
status:
ingress: null
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: backend
3scale.component-element: worker
app: ${APP_LABEL}
name: backend-worker
spec:
replicas: 1
selector:
deploymentConfig: backend-worker
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
3scale.component: backend
3scale.component-element: worker
app: ${APP_LABEL}
deploymentConfig: backend-worker
spec:
containers:
- args:
- bin/3scale_backend_worker
- run
env:
- name: CONFIG_REDIS_PROXY
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_REDIS_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_SENTINEL_ROLE
name: backend-redis
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_HOSTS
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_HOSTS
name: backend-redis
- name: CONFIG_QUEUES_SENTINEL_ROLE
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_SENTINEL_ROLE
name: backend-redis
- name: RACK_ENV
valueFrom:
configMapKeyRef:
key: RACK_ENV
name: backend-environment
- name: CONFIG_EVENTS_HOOK
valueFrom:
secretKeyRef:
key: URL
name: system-events-hook
- name: CONFIG_EVENTS_HOOK_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
image: amp-backend:latest
imagePullPolicy: IfNotPresent
name: backend-worker
resources: {}
initContainers:
- command:
- /opt/app/entrypoint.sh
- sh
- -c
- until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS;
done
env:
- name: SLEEP_SECONDS
value: "1"
- name: CONFIG_QUEUES_MASTER_NAME
valueFrom:
secretKeyRef:
key: REDIS_QUEUES_URL
name: backend-redis
image: amp-backend:latest
name: backend-redis-svc
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- backend-redis-svc
- backend-worker
from:
kind: ImageStreamTag
name: amp-backend:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
data:
RACK_ENV: production
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
3scale.component: backend
app: ${APP_LABEL}
name: backend-environment
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: backend
app: ${APP_LABEL}
name: backend-internal-api
stringData:
password: ${SYSTEM_BACKEND_PASSWORD}
username: ${SYSTEM_BACKEND_USERNAME}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: backend
app: ${APP_LABEL}
name: backend-redis
stringData:
REDIS_QUEUES_SENTINEL_HOSTS: ""
REDIS_QUEUES_SENTINEL_ROLE: ""
REDIS_QUEUES_URL: redis://backend-redis:6379/${BACKEND_REDIS_DB_NUMBER_QUEUES}
REDIS_STORAGE_SENTINEL_HOSTS: ""
REDIS_STORAGE_SENTINEL_ROLE: ""
REDIS_STORAGE_URL: redis://backend-redis:6379/${BACKEND_REDIS_DB_NUMBER_STORAGE}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: backend
app: ${APP_LABEL}
name: backend-listener
stringData:
route_endpoint: https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}
service_endpoint: http://backend-listener:3000
type: Opaque
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: mysql
app: ${APP_LABEL}
name: system-mysql
spec:
replicas: 1
selector:
deploymentConfig: system-mysql
strategy:
resources: {}
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: mysql
app: ${APP_LABEL}
deploymentConfig: system-mysql
spec:
containers:
- env:
- name: MYSQL_USER
value: ${MYSQL_USER}
- name: MYSQL_PASSWORD
value: ${MYSQL_PASSWORD}
- name: MYSQL_DATABASE
value: ${MYSQL_DATABASE}
- name: MYSQL_ROOT_PASSWORD
value: ${MYSQL_ROOT_PASSWORD}
- name: MYSQL_LOWER_CASE_TABLE_NAMES
value: "1"
- name: MYSQL_DEFAULTS_FILE
value: /etc/my-extra/my.cnf
image: ${MYSQL_IMAGE}
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
tcpSocket:
port: 3306
name: system-mysql
ports:
- containerPort: 3306
protocol: TCP
readinessProbe:
exec:
command:
- /bin/sh
- -i
- -c
- MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE
-e 'SELECT 1'
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 5
resources: {}
volumeMounts:
- mountPath: /var/lib/mysql/data
name: mysql-storage
- mountPath: /etc/my-extra.d
name: mysql-extra-conf
- mountPath: /etc/my-extra
name: mysql-main-conf
volumes:
- name: mysql-storage
persistentVolumeClaim:
claimName: mysql-storage
- configMap:
name: mysql-extra-conf
name: mysql-extra-conf
- configMap:
name: mysql-main-conf
name: mysql-main-conf
test: false
triggers:
- type: ConfigChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
data:
my.cnf: |
!include /etc/my.cnf
!includedir /etc/my-extra.d
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: mysql
app: ${APP_LABEL}
name: mysql-main-conf
- apiVersion: v1
data:
mysql-charset.cnf: |
[client]
default-character-set = utf8
[mysql]
default-character-set = utf8
[mysqld]
character-set-server = utf8
collation-server = utf8_unicode_ci
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: mysql
app: ${APP_LABEL}
name: mysql-extra-conf
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: mysql
app: ${APP_LABEL}
name: mysql-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
status: {}
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: app
app: ${APP_LABEL}
name: system-storage
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Mi
storageClassName: ${{RWX_STORAGE_CLASS}}
status: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: provider-ui
app: ${APP_LABEL}
name: system-provider
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: provider
selector:
deploymentConfig: system-app
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: master-ui
app: ${APP_LABEL}
name: system-master
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: master
selector:
deploymentConfig: system-app
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: developer-ui
app: ${APP_LABEL}
name: system-developer
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: developer
selector:
deploymentConfig: system-app
status:
loadBalancer: {}
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: provider-ui
app: ${APP_LABEL}
name: system-provider-admin
spec:
host: ${TENANT_NAME}-admin.${WILDCARD_DOMAIN}
port:
targetPort: http
tls:
insecureEdgeTerminationPolicy: Allow
termination: edge
to:
kind: Service
name: system-provider
weight: null
status:
ingress: null
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: master-ui
app: ${APP_LABEL}
name: system-master
spec:
host: ${MASTER_NAME}.${WILDCARD_DOMAIN}
port:
targetPort: http
tls:
insecureEdgeTerminationPolicy: Allow
termination: edge
to:
kind: Service
name: system-master
weight: null
status:
ingress: null
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: developer-ui
app: ${APP_LABEL}
name: system-developer
spec:
host: ${TENANT_NAME}.${WILDCARD_DOMAIN}
port:
targetPort: http
tls:
insecureEdgeTerminationPolicy: Allow
termination: edge
to:
kind: Service
name: system-developer
weight: null
status:
ingress: null
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: mysql
app: ${APP_LABEL}
name: system-mysql
spec:
ports:
- name: system-mysql
port: 3306
protocol: TCP
targetPort: 3306
selector:
deploymentConfig: system-mysql
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: redis
app: ${APP_LABEL}
name: system-redis
spec:
ports:
- name: redis
port: 6379
protocol: TCP
targetPort: 6379
selector:
deploymentConfig: system-redis
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: sphinx
app: ${APP_LABEL}
name: system-sphinx
spec:
ports:
- name: sphinx
port: 9306
protocol: TCP
targetPort: 9306
selector:
deploymentConfig: system-sphinx
status:
loadBalancer: {}
- apiVersion: v1
data:
rolling_updates.yml: |
production:
old_charts: false
new_provider_documentation: false
proxy_pro: false
instant_bill_plan_change: false
service_permissions: true
async_apicast_deploy: false
duplicate_application_id: true
duplicate_user_key: true
plan_changes_wizard: false
require_cc_on_signup: false
apicast_per_service: true
new_notification_system: true
cms_api: false
apicast_v2: true
forum: false
published_service_plan_signup: true
apicast_oidc: true
policies: true
proxy_private_base_path: true
service_discovery.yml: |
production:
enabled: <%= cluster_token_file_exists = File.exists?(cluster_token_file_path = '/var/run/secrets/kubernetes.io/serviceaccount/token') %>
server_scheme: 'https'
server_host: 'kubernetes.default.svc.cluster.local'
server_port: 443
bearer_token: "<%= File.read(cluster_token_file_path) if cluster_token_file_exists %>"
authentication_method: service_account # can be service_account|oauth
oauth_server_type: builtin # can be builtin|rh_sso
client_id:
client_secret:
timeout: 1
open_timeout: 1
max_retry: 5
verify_ssl: <%= OpenSSL::SSL::VERIFY_NONE %> # 0
zync.yml: |
production:
endpoint: 'http://zync:8080'
authentication:
token: "<%= ENV.fetch('ZYNC_AUTHENTICATION_TOKEN') %>"
connect_timeout: 5
send_timeout: 5
receive_timeout: 10
root_url:
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system
- apiVersion: v1
data:
address: ""
authentication: ""
domain: ""
openssl.verify.mode: ""
password: ""
port: ""
username: ""
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: smtp
app: ${APP_LABEL}
name: smtp
- apiVersion: v1
data:
AMP_RELEASE: ${AMP_RELEASE}
APICAST_REGISTRY_URL: ${APICAST_REGISTRY_URL}
FORCE_SSL: "true"
PROVIDER_PLAN: enterprise
RAILS_ENV: production
RAILS_LOG_LEVEL: info
RAILS_LOG_TO_STDOUT: "true"
SSL_CERT_DIR: /etc/pki/tls/certs
THINKING_SPHINX_PORT: "9306"
THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE: VERIFY_NONE
THREESCALE_SUPERDOMAIN: ${WILDCARD_DOMAIN}
kind: ConfigMap
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system-environment
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: app
app: ${APP_LABEL}
name: system-app
spec:
replicas: 1
selector:
deploymentConfig: system-app
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
post:
execNewPod:
command:
- bash
- -c
- bundle exec rake boot openshift:post_deploy
containerName: system-master
failurePolicy: Abort
pre:
execNewPod:
command:
- bash
- -c
- bundle exec rake boot openshift:deploy MASTER_ACCESS_TOKEN="${MASTER_ACCESS_TOKEN}"
containerName: system-master
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
configMapKeyRef:
key: address
name: smtp
- name: SMTP_USER_NAME
valueFrom:
configMapKeyRef:
key: username
name: smtp
- name: SMTP_PASSWORD
valueFrom:
configMapKeyRef:
key: password
name: smtp
- name: SMTP_DOMAIN
valueFrom:
configMapKeyRef:
key: domain
name: smtp
- name: SMTP_PORT
valueFrom:
configMapKeyRef:
key: port
name: smtp
- name: SMTP_AUTHENTICATION
valueFrom:
configMapKeyRef:
key: authentication
name: smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: openssl.verify.mode
name: smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
volumes:
- system-storage
failurePolicy: Retry
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: app
app: ${APP_LABEL}
deploymentConfig: system-app
spec:
containers:
- args:
- env
- TENANT_MODE=master
- PORT=3002
- container-entrypoint
- bundle
- exec
- unicorn
- -c
- config/unicorn.rb
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
configMapKeyRef:
key: address
name: smtp
- name: SMTP_USER_NAME
valueFrom:
configMapKeyRef:
key: username
name: smtp
- name: SMTP_PASSWORD
valueFrom:
configMapKeyRef:
key: password
name: smtp
- name: SMTP_DOMAIN
valueFrom:
configMapKeyRef:
key: domain
name: smtp
- name: SMTP_PORT
valueFrom:
configMapKeyRef:
key: port
name: smtp
- name: SMTP_AUTHENTICATION
valueFrom:
configMapKeyRef:
key: authentication
name: smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: openssl.verify.mode
name: smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-system:latest
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 40
initialDelaySeconds: 40
periodSeconds: 10
tcpSocket:
port: master
timeoutSeconds: 10
name: system-master
ports:
- containerPort: 3002
name: master
protocol: TCP
readinessProbe:
failureThreshold: 10
httpGet:
httpHeaders:
- name: X-Forwarded-Proto
value: https
path: /check.txt
port: master
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
resources: {}
volumeMounts:
- mountPath: /opt/system/public/system
name: system-storage
- mountPath: /opt/system-extra-configs
name: system-config
- args:
- env
- TENANT_MODE=provider
- PORT=3000
- container-entrypoint
- bundle
- exec
- unicorn
- -c
- config/unicorn.rb
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
configMapKeyRef:
key: address
name: smtp
- name: SMTP_USER_NAME
valueFrom:
configMapKeyRef:
key: username
name: smtp
- name: SMTP_PASSWORD
valueFrom:
configMapKeyRef:
key: password
name: smtp
- name: SMTP_DOMAIN
valueFrom:
configMapKeyRef:
key: domain
name: smtp
- name: SMTP_PORT
valueFrom:
configMapKeyRef:
key: port
name: smtp
- name: SMTP_AUTHENTICATION
valueFrom:
configMapKeyRef:
key: authentication
name: smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: openssl.verify.mode
name: smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-system:latest
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 40
initialDelaySeconds: 40
periodSeconds: 10
tcpSocket:
port: provider
timeoutSeconds: 10
name: system-provider
ports:
- containerPort: 3000
name: provider
protocol: TCP
readinessProbe:
failureThreshold: 10
httpGet:
httpHeaders:
- name: X-Forwarded-Proto
value: https
path: /check.txt
port: provider
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
resources: {}
volumeMounts:
- mountPath: /opt/system/public/system
name: system-storage
- mountPath: /opt/system-extra-configs
name: system-config
- args:
- env
- PORT=3001
- container-entrypoint
- bundle
- exec
- unicorn
- -c
- config/unicorn.rb
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
configMapKeyRef:
key: address
name: smtp
- name: SMTP_USER_NAME
valueFrom:
configMapKeyRef:
key: username
name: smtp
- name: SMTP_PASSWORD
valueFrom:
configMapKeyRef:
key: password
name: smtp
- name: SMTP_DOMAIN
valueFrom:
configMapKeyRef:
key: domain
name: smtp
- name: SMTP_PORT
valueFrom:
configMapKeyRef:
key: port
name: smtp
- name: SMTP_AUTHENTICATION
valueFrom:
configMapKeyRef:
key: authentication
name: smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: openssl.verify.mode
name: smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-system:latest
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 40
initialDelaySeconds: 40
periodSeconds: 10
tcpSocket:
port: developer
timeoutSeconds: 10
name: system-developer
ports:
- containerPort: 3001
name: developer
protocol: TCP
readinessProbe:
failureThreshold: 10
httpGet:
httpHeaders:
- name: X-Forwarded-Proto
value: https
path: /check.txt
port: developer
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
resources: {}
volumeMounts:
- mountPath: /opt/system/public/system
name: system-storage
readOnly: true
- mountPath: /opt/system-extra-configs
name: system-config
serviceAccountName: amp
volumes:
- name: system-storage
persistentVolumeClaim:
claimName: system-storage
- configMap:
items:
- key: zync.yml
path: zync.yml
- key: rolling_updates.yml
path: rolling_updates.yml
- key: service_discovery.yml
path: service_discovery.yml
name: system
name: system-config
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- system-provider
- system-developer
- system-master
from:
kind: ImageStreamTag
name: amp-system:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: sidekiq
app: ${APP_LABEL}
name: system-sidekiq
spec:
replicas: 1
selector:
deploymentConfig: system-sidekiq
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: sidekiq
app: ${APP_LABEL}
deploymentConfig: system-sidekiq
spec:
containers:
- args:
- rake
- sidekiq:worker
- RAILS_MAX_THREADS=25
env:
- name: AMP_RELEASE
valueFrom:
configMapKeyRef:
key: AMP_RELEASE
name: system-environment
- name: APICAST_REGISTRY_URL
valueFrom:
configMapKeyRef:
key: APICAST_REGISTRY_URL
name: system-environment
- name: FORCE_SSL
valueFrom:
configMapKeyRef:
key: FORCE_SSL
name: system-environment
- name: PROVIDER_PLAN
valueFrom:
configMapKeyRef:
key: PROVIDER_PLAN
name: system-environment
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: RAILS_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: RAILS_LOG_LEVEL
name: system-environment
- name: RAILS_LOG_TO_STDOUT
valueFrom:
configMapKeyRef:
key: RAILS_LOG_TO_STDOUT
name: system-environment
- name: SSL_CERT_DIR
valueFrom:
configMapKeyRef:
key: SSL_CERT_DIR
name: system-environment
- name: THINKING_SPHINX_PORT
valueFrom:
configMapKeyRef:
key: THINKING_SPHINX_PORT
name: system-environment
- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
name: system-environment
- name: THREESCALE_SUPERDOMAIN
valueFrom:
configMapKeyRef:
key: THREESCALE_SUPERDOMAIN
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: MASTER_DOMAIN
valueFrom:
secretKeyRef:
key: MASTER_DOMAIN
name: system-seed
- name: MASTER_USER
valueFrom:
secretKeyRef:
key: MASTER_USER
name: system-seed
- name: MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: MASTER_PASSWORD
name: system-seed
- name: ADMIN_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ADMIN_ACCESS_TOKEN
name: system-seed
- name: USER_LOGIN
valueFrom:
secretKeyRef:
key: ADMIN_USER
name: system-seed
- name: USER_PASSWORD
valueFrom:
secretKeyRef:
key: ADMIN_PASSWORD
name: system-seed
- name: TENANT_NAME
valueFrom:
secretKeyRef:
key: TENANT_NAME
name: system-seed
- name: THINKING_SPHINX_ADDRESS
value: system-sphinx
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: /tmp/sphinx.conf
- name: EVENTS_SHARED_SECRET
valueFrom:
secretKeyRef:
key: PASSWORD
name: system-events-hook
- name: RECAPTCHA_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: PUBLIC_KEY
name: system-recaptcha
- name: RECAPTCHA_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: PRIVATE_KEY
name: system-recaptcha
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: system-app
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
- name: BACKEND_REDIS_URL
valueFrom:
secretKeyRef:
key: REDIS_STORAGE_URL
name: backend-redis
- name: APICAST_BACKEND_ROOT_ENDPOINT
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: BACKEND_ROUTE
valueFrom:
secretKeyRef:
key: route_endpoint
name: backend-listener
- name: SMTP_ADDRESS
valueFrom:
configMapKeyRef:
key: address
name: smtp
- name: SMTP_USER_NAME
valueFrom:
configMapKeyRef:
key: username
name: smtp
- name: SMTP_PASSWORD
valueFrom:
configMapKeyRef:
key: password
name: smtp
- name: SMTP_DOMAIN
valueFrom:
configMapKeyRef:
key: domain
name: smtp
- name: SMTP_PORT
valueFrom:
configMapKeyRef:
key: port
name: smtp
- name: SMTP_AUTHENTICATION
valueFrom:
configMapKeyRef:
key: authentication
name: smtp
- name: SMTP_OPENSSL_VERIFY_MODE
valueFrom:
configMapKeyRef:
key: openssl.verify.mode
name: smtp
- name: APICAST_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: ACCESS_TOKEN
name: system-master-apicast
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
- name: CONFIG_INTERNAL_API_USER
valueFrom:
secretKeyRef:
key: username
name: backend-internal-api
- name: CONFIG_INTERNAL_API_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: backend-internal-api
image: amp-system:latest
imagePullPolicy: IfNotPresent
name: system-sidekiq
resources: {}
volumeMounts:
- mountPath: /opt/system/public/system
name: system-storage
- mountPath: /tmp
name: system-tmp
- mountPath: /opt/system-extra-configs
name: system-config
initContainers:
- command:
- bash
- -c
- bundle exec sh -c "until rake boot:redis && curl --output /dev/null --silent
--fail --head http://system-master:3000/status; do sleep $SLEEP_SECONDS;
done"
env:
- name: SLEEP_SECONDS
value: "1"
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: URL
name: system-redis
image: amp-system:latest
name: check-svc
resources: {}
serviceAccountName: amp
volumes:
- emptyDir:
medium: Memory
name: system-tmp
- name: system-storage
persistentVolumeClaim:
claimName: system-storage
- configMap:
items:
- key: zync.yml
path: zync.yml
- key: rolling_updates.yml
path: rolling_updates.yml
- key: service_discovery.yml
path: service_discovery.yml
name: system
name: system-config
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- check-svc
- system-sidekiq
from:
kind: ImageStreamTag
name: amp-system:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: sphinx
app: ${APP_LABEL}
name: system-sphinx
spec:
replicas: 1
selector:
deploymentConfig: system-sphinx
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1200
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
3scale.component: system
3scale.component-element: sphinx
app: ${APP_LABEL}
deploymentConfig: system-sphinx
spec:
containers:
- args:
- rake
- openshift:thinking_sphinx:start
env:
- name: RAILS_ENV
valueFrom:
configMapKeyRef:
key: RAILS_ENV
name: system-environment
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: URL
name: system-database
- name: THINKING_SPHINX_ADDRESS
value: 0.0.0.0
- name: THINKING_SPHINX_CONFIGURATION_FILE
value: db/sphinx/production.conf
- name: THINKING_SPHINX_PID_FILE
value: db/sphinx/searchd.pid
- name: DELTA_INDEX_INTERVAL
value: "5"
- name: FULL_REINDEX_INTERVAL
value: "60"
image: amp-system:latest
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 60
periodSeconds: 10
tcpSocket:
port: 9306
name: system-sphinx
resources: {}
volumeMounts:
- mountPath: /opt/system/db/sphinx
name: system-sphinx-database
initContainers:
- command:
- sh
- -c
- until $(curl --output /dev/null --silent --fail --head http://system-master:3000/status);
do sleep $SLEEP_SECONDS; done
env:
- name: SLEEP_SECONDS
value: "1"
image: amp-system:latest
name: system-master-svc
resources: {}
serviceAccountName: amp
volumes:
- emptyDir: {}
name: system-sphinx-database
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- system-master-svc
- system-sphinx
from:
kind: ImageStreamTag
name: amp-system:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system-events-hook
stringData:
PASSWORD: ${SYSTEM_BACKEND_SHARED_SECRET}
URL: http://system-master:3000/master/events/import
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system-redis
stringData:
URL: redis://system-redis:6379/${SYSTEM_REDIS_DB_NUMBER_PRODUCTION}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system-master-apicast
stringData:
ACCESS_TOKEN: ${APICAST_ACCESS_TOKEN}
BASE_URL: http://${APICAST_ACCESS_TOKEN}@system-master:3000
PROXY_CONFIGS_ENDPOINT: http://${APICAST_ACCESS_TOKEN}@system-master:3000/master/api/proxy/configs
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system-database
stringData:
URL: mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system-seed
stringData:
ADMIN_ACCESS_TOKEN: ${ADMIN_ACCESS_TOKEN}
ADMIN_PASSWORD: ${ADMIN_PASSWORD}
ADMIN_USER: ${ADMIN_USERNAME}
MASTER_DOMAIN: ${MASTER_NAME}
MASTER_PASSWORD: ${MASTER_PASSWORD}
MASTER_USER: ${MASTER_USER}
TENANT_NAME: ${TENANT_NAME}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system-recaptcha
stringData:
PRIVATE_KEY: ${RECAPTCHA_PRIVATE_KEY}
PUBLIC_KEY: ${RECAPTCHA_PUBLIC_KEY}
type: Opaque
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: system
app: ${APP_LABEL}
name: system-app
stringData:
SECRET_KEY_BASE: ${SYSTEM_APP_SECRET_KEY_BASE}
type: Opaque
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: zync
app: ${APP_LABEL}
name: zync
spec:
replicas: 1
selector:
deploymentConfig: zync
strategy:
resources: {}
template:
metadata:
creationTimestamp: null
labels:
3scale.component: zync
app: ${APP_LABEL}
deploymentConfig: zync
spec:
containers:
- env:
- name: RAILS_LOG_TO_STDOUT
value: "true"
- name: RAILS_ENV
value: production
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: DATABASE_URL
name: zync
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
key: SECRET_KEY_BASE
name: zync
- name: ZYNC_AUTHENTICATION_TOKEN
valueFrom:
secretKeyRef:
key: ZYNC_AUTHENTICATION_TOKEN
name: zync
image: amp-zync:latest
livenessProbe:
failureThreshold: 10
httpGet:
path: /status/live
port: 8080
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 60
name: zync
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /status/ready
port: 8080
scheme: HTTP
initialDelaySeconds: 100
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources: {}
initContainers:
- command:
- bash
- -c
- bundle exec sh -c "until rake boot:db; do sleep $SLEEP_SECONDS; done"
env:
- name: SLEEP_SECONDS
value: "1"
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: DATABASE_URL
name: zync
image: amp-zync:latest
name: zync-db-svc
resources: {}
serviceAccountName: amp
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- zync-db-svc
- zync
from:
kind: ImageStreamTag
name: amp-zync:latest
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: zync
3scale.component-element: database
app: ${APP_LABEL}
name: zync-database
spec:
replicas: 1
selector:
deploymentConfig: zync-database
strategy:
resources: {}
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
3scale.component: zync
3scale.component-element: database
app: ${APP_LABEL}
deploymentConfig: zync-database
spec:
containers:
- env:
- name: POSTGRESQL_USER
value: zync
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
key: ZYNC_DATABASE_PASSWORD
name: zync
- name: POSTGRESQL_DATABASE
value: zync_production
image: ' '
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 30
tcpSocket:
port: 5432
timeoutSeconds: 1
name: postgresql
ports:
- containerPort: 5432
protocol: TCP
readinessProbe:
exec:
command:
- /bin/sh
- -i
- -c
- psql -h 127.0.0.1 -U zync -q -d zync_production -c 'SELECT 1'
initialDelaySeconds: 5
timeoutSeconds: 1
resources: {}
volumeMounts:
- mountPath: /var/lib/pgsql/data
name: zync-database-data
restartPolicy: Always
volumes:
- emptyDir: {}
name: zync-database-data
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- postgresql
from:
kind: ImageStreamTag
name: postgresql:9.5
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: zync
app: ${APP_LABEL}
name: zync
spec:
ports:
- name: 8080-tcp
port: 8080
protocol: TCP
targetPort: 8080
selector:
deploymentConfig: zync
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
3scale.component: zync
3scale.component-element: database
app: ${APP_LABEL}
name: zync-database
spec:
ports:
- name: postgresql
port: 5432
protocol: TCP
targetPort: 5432
selector:
deploymentConfig: zync-database
status:
loadBalancer: {}
- apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
labels:
3scale.component: zync
app: ${APP_LABEL}
name: zync
stringData:
DATABASE_URL: postgresql://zync:${ZYNC_DATABASE_PASSWORD}@zync-database:5432/zync_production
SECRET_KEY_BASE: ${ZYNC_SECRET_KEY_BASE}
ZYNC_AUTHENTICATION_TOKEN: ${ZYNC_AUTHENTICATION_TOKEN}
ZYNC_DATABASE_PASSWORD: ${ZYNC_DATABASE_PASSWORD}
type: Opaque
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
labels:
3scale.component: apicast
3scale.component-element: staging
app: ${APP_LABEL}
name: apicast-staging
spec:
replicas: 1
selector:
deploymentConfig: apicast-staging
strategy:
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 1800
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
annotations:
prometheus.io/port: "9421"
prometheus.io/scrape: "true"
creationTimestamp: null
labels:
3scale.component: apicast
3scale.component-element: staging
app: ${APP_LABEL}
deploymentConfig: apicast-staging
spec:
containers:
- env:
- name: THREESCALE_PORTAL_ENDPOINT
valueFrom:
secretKeyRef:
key: PROXY_CONFIGS_ENDPOINT
name: system-master-apicast
- name: BACKEND_ENDPOINT_OVERRIDE
valueFrom:
secretKeyRef:
key: service_endpoint
name: backend-listener
- name: APICAST_MANAGEMENT_API
valueFrom:
configMapKeyRef:
key: APICAST_MANAGEMENT_API
name: apicast-environment
- name: OPENSSL_VERIFY
valueFrom:
configMapKeyRef:
key: OPENSSL_VERIFY
name: apicast-environment
- name: APICAST_RESPONSE_CODES
valueFrom:
configMapKeyRef:
key: APICAST_RESPONSE_CODES
name: apicast-environment
- name: APICAST_CONFIGURATION_LOADER
value: lazy
- name: APICAST_CONFIGURATION_CACHE
value: "0"
- name: THREESCALE_DEPLOYMENT_ENV
value: staging
- name: REDIS_URL
valueFrom:
secretKeyRef:
key: STAGING_URL
name: apicast-redis
image: amp-apicast:latest
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /status/live
port: 8090
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
name: apicast-staging
ports:
- containerPort: 8080