Skip to content

Commit

Permalink
Merge pull request #476 from Victoremepunto/add-mpp-templates
Browse files Browse the repository at this point in the history 
Add mpp templates
  • Loading branch information
@LightOfHeaven1994
LightOfHeaven1994 authored Feb 14, 2024
2 parents e9e9c21 + 7085f15 commit 3afdd69
Show file tree
Hide file tree
Showing 7 changed files with 785 additions and 211 deletions.
7 changes: 6 additions & 1 deletion ocp-templates/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ OpenShift templates are provided for each microservice that makes up ibutsu-serv
parameters are the same from template-to-template, they are kept separate for maintainability and
readability.

There are two sets of templates for the microservices: ``stage`` and ``prod``.
There are three sets of templates for the microservices: ``stage`` and ``prod`` and ``mpp``.

The supported template set is ``mpp``, it has been updated to support Deployment objects (compared to the deprecated DeploymentConfigs used in the other sets).

## Stage
The stage templates are set up to use the images at [quay.io/organization/ibutsu](https://quay.io/organization/ibutsu) that are tagged with
Expand All @@ -16,6 +18,9 @@ The prod templates are set up to use the images at [quay.io/organization/ibutsu]
``latest``. These images are built and tagged as ``latest`` on every release of Ibutsu. These are meant to deploy the production instance of Ibutsu. The templates include some extra things like database
backups and vacuums.

## Mpp
The MPP templates are meant to be used on an v4 Openshift cluster

Note: the ``jobs`` directory contains cronjobs and jobs to vacuum and backup the database. Both of these
are included in the `prod/postgres.yaml` template.

Expand Down
219 changes: 122 additions & 97 deletions ocp-templates/app-interface/backend.yaml → ocp-templates/mpp/backend.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Template for Ibutsu backend in AppInterface
# Template for Ibutsu backend
kind: Template
apiVersion: template.openshift.io/v1
metadata:
Expand All @@ -7,23 +7,25 @@ metadata:
# Backend
# ===============================================
objects:
- kind: DeploymentConfig
apiVersion: v1
- kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app: ${APP_NAME}
name: ibutsu-backend
namespace: ${NAMESPACE}
annotations:
image.openshift.io/triggers: >-
[{"from":{"kind":"ImageStreamTag","name":"ibutsu-backend:latest","namespace":"${NAMESPACE}"},"fieldPath":"spec.template.spec.containers[?(@.name==\"container\")].image","pause":"true"}]
spec:
replicas: 1
selector:
deploymentConfig: ibutsu-backend
matchLabels:
app: ibutsu-backend
strategy:
type: Rolling
type: RollingUpdate
template:
metadata:
labels:
app: ${APP_NAME}
deploymentConfig: ibutsu-backend
app: ibutsu-backend
spec:
containers:
- env:
Expand All @@ -36,106 +38,76 @@ objects:
- name: HAS_FRONTEND
value: "false"
- name: POSTGRESQL_HOST
valueFrom:
secretKeyRef:
key: db.host
name: ibutsu-db
value: postgresql.${NAMESPACE}.svc
- name: POSTGRESQL_PORT
valueFrom:
secretKeyRef:
key: db.port
name: ibutsu-db
value: "5432"
- name: POSTGRESQL_USER
valueFrom:
secretKeyRef:
key: db.user
name: ibutsu-db
key: database-user
name: postgresql
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
key: db.password
name: ibutsu-db
key: database-password
name: postgresql
- name: POSTGRESQL_DATABASE
valueFrom:
secretKeyRef:
key: db.name
name: ibutsu-db
key: database-name
name: postgresql
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: db.password
key: database-password
name: redis
optional: true
- name: REDIS_HOSTNAME
- name: CELERY_BROKER_URL
value: redis://:${REDIS_PASSWORD}@redis.${NAMESPACE}.svc
- name: CELERY_RESULT_BACKEND
value: redis://:${REDIS_PASSWORD}@redis.${NAMESPACE}.svc
- name: FRONTEND_URL
value: ${FRONTEND_ROUTE}
- name: BACKEND_URL
value: ${BACKEND_ROUTE}
- name: KEYCLOAK_BASE_URL
valueFrom:
secretKeyRef:
key: db.endpoint
name: redis
- name: REDIS_PORT
name: keycloak-auth
key: base_url
- name: KEYCLOAK_REALM
valueFrom:
secretKeyRef:
key: db.port
name: redis
- name: JWT_SECRET
name: keycloak-auth
key: realm
- name: KEYCLOAK_CLIENT_ID
valueFrom:
secretKeyRef:
key: value
name: jwt-secret
- name: IBUTSU_SUPERADMIN_PASSWORD
name: keycloak-auth
key: client_id
- name: KEYCLOAK_ICON
valueFrom:
secretKeyRef:
key: password
name: ibutsu-superadmin
- name: IBUTSU_SUPERADMIN_NAME
name: keycloak-auth
key: icon
- name: KEYCLOAK_NAME
valueFrom:
secretKeyRef:
name: keycloak-auth
key: name
name: ibutsu-superadmin
- name: IBUTSU_SUPERADMIN_EMAIL
valueFrom:
secretKeyRef:
key: email
name: ibutsu-superadmin
- name: CELERY_BROKER_URL
valueFrom:
secretKeyRef:
key: broker-url
name: ibutsu-celery
- name: CELERY_RESULT_BACKEND
valueFrom:
secretKeyRef:
key: result-backend
name: ibutsu-celery
- name: FRONTEND_URL
value: https://${FRONTEND_ROUTE}
- name: BACKEND_URL
value: https://${BACKEND_ROUTE}
- name: KEYCLOAK_BASE_URL
value: ${KEYCLOAK_BASE_URL}
- name: KEYCLOAK_CLIENT_ID
value: ${KEYCLOAK_CLIENT_ID}
- name: KEYCLOAK_REALM
value: ${KEYCLOAK_REALM}
- name: KEYCLOAK_NAME
value: ${KEYCLOAK_NAME}
- name: KEYCLOAK_ICON
value: ${KEYCLOAK_ICON}
- name: KEYCLOAK_VERIFY_SSL
value: ${KEYCLOAK_VERIFY_SSL}
- name: USER_LOGIN_ENABLED
value: ${USER_LOGIN_ENABLED}
image: quay.io/ibutsu/backend:${IMAGE_TAG}
imagePullPolicy: IfNotPresent
imagePullPolicy: Always
image: ibutsu-backend:latest
livenessProbe:
failureThreshold: 3
httpGet:
path: /
port: 8080
scheme: HTTP
initialDelaySeconds: 0
periodSeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 20
timeoutSeconds: 1
name: ibutsu-backend
ports:
- containerPort: 8080
Expand All @@ -147,48 +119,95 @@ objects:
port: 8080
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 20
timeoutSeconds: 1
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
triggers:
- imageChangeParams:
automatic: true
containerNames:
- ibutsu-backend
from:
kind: ImageStreamTag
name: ibutsu-backend:latest
namespace: ${NAMESPACE}
type: ImageChange
- type: ConfigChange
# -----------------------------------------------
- kind: Service
apiVersion: v1
- apiVersion: v1
kind: Service
metadata:
labels:
app: ${APP_NAME}
name: ibutsu-backend
namespace: ${NAMESPACE}
spec:
ports:
- port: 8080
targetPort: 8080
selector:
deploymentConfig: ibutsu-backend
# -----------------------------------------------
- kind: Route
apiVersion: v1
app: ibutsu-backend
- apiVersion: v1
kind: Route
metadata:
annotations:
description: A route to the backend
labels:
app: ${APP_NAME}
shard: internal
name: ibutsu-backend
annotations:
description: "A route to the backend"
namespace: ${NAMESPACE}
spec:
host: ${BACKEND_ROUTE}
to:
kind: Service
name: ibutsu-backend
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
port:
targetPort: 8080
to:
kind: Service
name: ibutsu-backend
- kind: Secret
apiVersion: v1
metadata:
name: jwt-secret
namespace: ${NAMESPACE}
type: opaque
stringData:
value: ${JWT_SECRET}
- kind: Secret
apiVersion: v1
metadata:
name: keycloak-auth
namespace: ${NAMESPACE}
type: opaque
stringData:
base_url: ${KEYCLOAK_BASE_URL}
client_id: ${KEYCLOAK_CLIENT_ID}
icon: ${KEYCLOAK_ICON}
name: ${KEYCLOAK_NAME}
realm: ${KEYCLOAK_REALM}
- apiVersion: v1
kind: ImageStream
metadata:
annotations:
description: The backend of Ibutsu server
openshift.io/image.insecureRepository: "true"
name: ibutsu-backend
namespace: ${NAMESPACE}
spec:
lookupPolicy:
local: true
tags:
- from:
kind: DockerImage
name: quay.io/ibutsu/backend:latest
importPolicy:
scheduled: true
name: latest

# ===============================================
# Parameters
# ===============================================
Expand Down Expand Up @@ -229,10 +248,16 @@ parameters:
displayName: Icon shown in UI
description: The icon shown in the UI when logging in
value: keycloak
- name: KEYCLOAK_VERIFY_SSL
displayName: Verify SSL
description: "Whether to verify the SSL certificate. WARNING: setting this to false is insecure!"
value: "true"
- name: IMAGE_TAG
displayName: Image Tag
description: The tag for the container image
- name: REDIS_PASSWORD
displayName: Redis password
description: The Redis instance's password
required: true
- name: NAMESPACE
displayName: Namespace
description: The namespace for all of the images, applications, etc.
required: true
- name: JWT_SECRET
displayName: Secret for generating jwt tokens
description: Random secret for generating jwt tokens
generate: expression
from: '[\w]{16}'
Loading

0 comments on commit 3afdd69

Please sign in to comment.