diff --git a/openshift/01-apicast-cloud-hosted-imagestream.yml b/openshift/01-apicast-cloud-hosted-imagestream.yml new file mode 100644 index 0000000..17dca6e --- /dev/null +++ b/openshift/01-apicast-cloud-hosted-imagestream.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ImageStream +metadata: + name: apicast-cloud-hosted + labels: + app: apicast-cloud-hosted +spec: + tags: + - name: latest + annotations: + openshift.io/display-name: APIcast Cloud Hosted (latest) + from: + kind: ImageStreamTag + name: latest diff --git a/openshift/02-apicast-builder-imagestream.yml b/openshift/02-apicast-builder-imagestream.yml new file mode 100644 index 0000000..e80744c --- /dev/null +++ b/openshift/02-apicast-builder-imagestream.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ImageStream +metadata: + name: apicast + labels: + app: apicast +spec: + tags: + - name: master-builder + from: + kind: DockerImage + name: quay.io/3scale/apicast:master-builder + importPolicy: + scheduled: true diff --git a/openshift/BuildConfig.yml b/openshift/03-build-config.yml similarity index 62% rename from openshift/BuildConfig.yml rename to openshift/03-build-config.yml index be9f7b0..3853350 100644 --- a/openshift/BuildConfig.yml +++ b/openshift/03-build-config.yml @@ -1,4 +1,4 @@ -apiVersion: build.openshift.io/v1 +apiVersion: v1 kind: BuildConfig metadata: labels: @@ -9,16 +9,14 @@ spec: nodeSelector: null postCommit: args: - - '--dev' - - '--daemon' + - '--test' + - '--lazy' command: - bin/apicast output: - pushSecret: - name: quay to: - kind: DockerImage - name: 'quay.io/3scale/apicast-cloud-hosted:apicast-master' + kind: ImageStreamTag + name: apicast-cloud-hosted:latest source: contextDir: /apicast git: @@ -31,5 +29,5 @@ spec: sourceStrategy: forcePull: true from: - kind: DockerImage - name: 'quay.io/3scale/apicast:master-builder' + kind: ImageStreamTag + name: apicast:master-builder diff --git a/openshift/template.yml b/openshift/04-deployment-template.yml similarity index 63% rename from openshift/template.yml rename to openshift/04-deployment-template.yml index dbd57e6..21f3b10 100644 --- a/openshift/template.yml +++ b/openshift/04-deployment-template.yml @@ -1,23 +1,23 @@ apiVersion: v1 kind: Template metadata: - name: "apicast-cloud-hosted" + name: "apicast-cloud-hosted-deployment" objects: - apiVersion: v1 kind: DeploymentConfig metadata: - name: apicast-mapping-service + name: apicast-mapping-service-${RELEASE_REF} spec: replicas: 1 selector: - deploymentconfig: apicast-mapping-service + deploymentconfig: apicast-mapping-service-${RELEASE_REF} strategy: type: Rolling template: metadata: labels: - deploymentconfig: apicast-mapping-service + deploymentconfig: apicast-mapping-service-${RELEASE_REF} spec: containers: - name: apicast-mapping-service @@ -50,23 +50,30 @@ objects: - containerPort: 8090 name: management protocol: TCP + resources: + limits: + cpu: '1' + memory: 128Mi + requests: + cpu: 500m + memory: 64Mi triggers: - type: ConfigChange - apiVersion: v1 kind: DeploymentConfig metadata: - name: apicast + name: apicast-${RELEASE_REF} spec: replicas: 1 selector: - deploymentconfig: apicast + deploymentconfig: apicast-${RELEASE_REF} strategy: type: Rolling template: metadata: labels: - deploymentconfig: apicast + deploymentconfig: apicast-${RELEASE_REF} spec: containers: - env: @@ -77,8 +84,10 @@ objects: - name: THREESCALE_DEPLOYMENT_ENV value: "${ENVIRONMENT}" - name: THREESCALE_PORTAL_ENDPOINT - value: "http://apicast-mapping-service/config" - image: "${APICAST_IMAGE}" + value: "http://apicast-mapping-service-${RELEASE_REF}/config" + - name: APICAST_OIDC_LOG_LEVEL + value: "notice" + image: apicast-cloud-hosted:${RELEASE_REF} imagePullPolicy: IfNotPresent name: apicast livenessProbe: @@ -101,13 +110,30 @@ objects: - containerPort: 8090 name: management protocol: TCP + - containerPort: 9421 + name: metrics + protocol: TCP + resources: + limits: + cpu: '1' + memory: 128Mi + requests: + cpu: 500m + memory: 64Mi triggers: - - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - apicast + from: + kind: ImageStreamTag + name: apicast-cloud-hosted:${RELEASE_REF} - apiVersion: v1 kind: Service metadata: - name: apicast-mapping-service + name: apicast-mapping-service-${RELEASE_REF} spec: ports: - name: mapping @@ -115,15 +141,15 @@ objects: protocol: TCP targetPort: mapping selector: - deploymentconfig: apicast-mapping-service + deploymentconfig: apicast-mapping-service-${RELEASE_REF} - apiVersion: v1 kind: Service metadata: - name: apicast + name: apicast-${RELEASE_REF} annotations: service.alpha.openshift.io/dependencies: |- - [{"name": "apicast-mapping-service", "kind": "Service"}] + [{"name": "apicast-mapping-service-${RELEASE_REF}", "kind": "Service"}] spec: ports: - name: proxy @@ -135,28 +161,31 @@ objects: port: 8090 targetPort: management selector: - deploymentconfig: apicast + deploymentconfig: apicast-${RELEASE_REF} - apiVersion: v1 - kind: Route + kind: Service metadata: - name: apicast-router - labels: - app: apicast-router + name: apicast-metrics-${RELEASE_REF} + annotations: + prometheus.io/scrape: 'true' + prometheus.io/path: '/metrics' + prometheus.io/port: '9421' spec: - host: apicast.${ENVIRONMENT}.gw.apicast.io - to: - kind: Service - name: apicast - port: - targetPort: proxy - wildcardPolicy: Subdomain - tls: - termination: edge - insecureEdgeTerminationPolicy: Allow + ports: + - name: metrics + protocol: TCP + port: 9421 + targetPort: metrics + selector: + deploymentconfig: apicast-${RELEASE_REF} parameters: +- description: "Release version reference" + name: RELEASE_REF + required: true + - description: "Deployment environment. `staging` or `production`" name: ENVIRONMENT required: true @@ -168,14 +197,10 @@ parameters: - name: MAPPING_SERVICE_IMAGE description: "Mapping Service image name. Used to discover proxy configurations." required: true - value: "quay.io/3scale/apicast-cloud-hosted:mapping-service-v3.0.0-cloud1" - -- name: APICAST_IMAGE - description: "APIcast image name." - required: true - value: "quay.io/3scale/apicast-cloud-hosted:apicast-v3.0.0-cloud1" + value: "quay.io/3scale/apicast-cloud-hosted:mapping-service-master" - name: MASTER_ACCESS_TOKEN_SECRET description: "Secret name that containts System Master Access Token password" required: true value: 'master-access-token-secret' + diff --git a/openshift/05-routes.yml b/openshift/05-routes.yml new file mode 100644 index 0000000..e14a1a2 --- /dev/null +++ b/openshift/05-routes.yml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: Template +metadata: + name: "apicast-cloud-hosted" +objects: + +- apiVersion: v1 + kind: Route + metadata: + name: apicast-router + labels: + app: apicast-router + spec: + host: apicast.${ENVIRONMENT}.gw.apicast.io + to: + kind: Service + name: apicast + port: + targetPort: proxy + wildcardPolicy: Subdomain + tls: + termination: edge + insecureEdgeTerminationPolicy: Allow + +- apiVersion: v1 + kind: Route + metadata: + name: apicast-${ENVIRONMENT}-policies + spec: + host: apicast.${ENVIRONMENT}.${WILDCARD_DOMAIN} + path: /policies + to: + kind: Service + name: apicast + port: + targetPort: management + wildcardPolicy: None + tls: + termination: edge + +parameters: + +- description: "Deployment environment. `staging` or `production`" + name: ENVIRONMENT + required: true + +- description: "Openshift Cluster Wildcard Domain" + name: WILDCARD_DOMAIN + required: true diff --git a/openshift/Makefile b/openshift/Makefile new file mode 100644 index 0000000..b87b2b4 --- /dev/null +++ b/openshift/Makefile @@ -0,0 +1,28 @@ +.PHONY: all imagestream buildconfig deploy route help +.DEFAULT_GOAL := help + +MKFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST))) +THISDIR_PATH := $(patsubst %/,%,$(abspath $(dir $(MKFILE_PATH)))) + +all: imagestream buildconfig deploy route + +imagestream: ## Create the Imagestreams (APIcast and Builder APICast). + oc create -f $(THISDIR_PATH)/01-apicast-cloud-hosted-imagestream.yml + oc create -f $(THISDIR_PATH)/02-apicast-builder-imagestream.yml + +buildconfig: ## Create the BuildConfig. + oc create -f $(THISDIR_PATH)/03-build-config.yml + +deploy: ## Create the BuildConfig. Parameters: RELEASE_REF, ENVIRONMENT, CACHE_TTL. + oc new-app -f $(THISDIR_PATH)/04-deployment-template.yml \ + -p RELEASE_REF=${RELEASE_REF} \ + -p ENVIRONMENT=${ENVIRONMENT} \ + -p CACHE_TTL=${CACHE_TTL} + +route: ## Create the Routes.Parameters: WILDCARD_DOMAIN, ENVIRONMENT. + oc new-app -f $(THISDIR_PATH)/05-routes.yml \ + -p ENVIRONMENT=${ENVIRONMENT} \ + -p WILDCARD_DOMAIN=${WILDCARD_DOMAIN} + +help: ## Print this help + @awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST) \ No newline at end of file diff --git a/openshift/README.md b/openshift/README.md index 24d3018..10b3b91 100644 --- a/openshift/README.md +++ b/openshift/README.md @@ -5,4 +5,7 @@ 1. `oc create -f secret.yml` 1. `oc secrets add serviceaccount/default secrets/3scale-openshift-pull-secret --for=pull` 1. `oc secret new-basicauth master-access-token-secret --password=MASTER_ACCESS_TOKEN` -1. `oc new-app -f openshift/template.yml` (with `-p ENVIRONMENT=production -p CACHE_TTL=300` for production or `-p ENVIRONMENT=staging -p CACHE_TTL=0` for staging) +1. `make imagestream` to deploy the imageStreams (Apicast Cloud Hosted and Apicast Builder) +1. `make buildconfig` to create the BuildConfig +1. `make deploy RELEASE_REF=release_number ENVIRONMENT=staging CACHE_TTL=0` - (with `ENVIRONMENT=production CACHE_TTL=300` for production or `ENVIRONMENT=staging CACHE_TTL=0` for staging) +1. `make route ENVIRONMENT=staging WILDCARD_DOMAIN=cluster.wildcard.domain.com` - Wildcard Domain Concatenation: `apicast.${ENVIRONMENT}.${WILDCARD_DOMAIN}`