From 7d14bc488f1c31ebf5b9c3c584a247a354679ce5 Mon Sep 17 00:00:00 2001 From: Phil Elson Date: Wed, 14 Jul 2021 12:16:47 +0200 Subject: [PATCH] Tests passing for OpenShift config checking on the test-cara instance. --- README.md | 8 +- app-config/openshift/buildconfig.yaml | 128 ++++++++ ...application.yaml => deploymentconfig.yaml} | 277 ++++++++---------- app-config/openshift/imagestreams.yaml | 36 +++ app-config/openshift/route.yaml | 4 + app-config/openshift/services.yaml | 14 +- 6 files changed, 307 insertions(+), 160 deletions(-) create mode 100644 app-config/openshift/buildconfig.yaml rename app-config/openshift/{application.yaml => deploymentconfig.yaml} (57%) create mode 100644 app-config/openshift/imagestreams.yaml diff --git a/README.md b/README.md index 3a036087..692c3ae6 100644 --- a/README.md +++ b/README.md @@ -258,11 +258,15 @@ If you need to **update** existing configuration, then modify this repository an ```console $ cd app-config/openshift -$ oc process -f application.yaml --param PROJECT_NAME='test-cara' --param GIT_BRANCH='live/test-cara' | oc replace -f - + $ oc process -f configmap.yaml | oc replace -f - $ oc process -f services.yaml | oc replace -f - $ oc process -f route.yaml --param HOST='test-cara.web.cern.ch' | oc replace -f - +$ oc process -f imagestreams.yaml | oc replace -f - +$ oc process -f buildconfig.yaml --param GIT_BRANCH='live/test-cara' | oc replace -f - +$ oc process -f deploymentconfig.yaml --param PROJECT_NAME='test-cara' | oc replace -f - ``` -Be aware that if you change/replace the **route** of the PROD instance, it will loose the annotation to be exposed outside CERN (not committed in this repo). +Be aware that if you change/replace the **route** of the PROD instance, +it will lose the annotation to be exposed outside CERN (not committed in this repo). diff --git a/app-config/openshift/buildconfig.yaml b/app-config/openshift/buildconfig.yaml new file mode 100644 index 00000000..0018b9a3 --- /dev/null +++ b/app-config/openshift/buildconfig.yaml @@ -0,0 +1,128 @@ +--- + kind: "Template" + apiVersion: "v1" + metadata: + name: "cara-application" + creationTimestamp: null + annotations: + description: "CARA build config OpenShift template." + tags: "cara-application" + labels: + template: "cara-application" + objects: + - + kind: BuildConfig + apiVersion: v1 + metadata: + name: auth-service + labels: + template: "cara-application" + spec: + source: + type: Git + git: + ref: ${GIT_BRANCH} + uri: ${GIT_REPO} + contextDir: app-config/auth-service + sourceSecret: + name: sshdeploykey + postCommit: {} + resources: {} + runPolicy: Serial + output: + to: + kind: ImageStreamTag + name: 'auth-service:latest' + strategy: + sourceStrategy: + from: + kind: ImageStreamTag + name: 'python:3.6' + namespace: openshift + type: Source + triggers: + - imageChange: {} + type: ImageChange + - generic: + secretReference: + name: gitlab-cara-webhook-secret + type: Generic + nodeSelector: null + - + kind: BuildConfig + apiVersion: v1 + metadata: + name: cara-router + labels: + template: "cara-application" + spec: + source: + type: Git + git: + ref: ${GIT_BRANCH} + uri: ${GIT_REPO} + contextDir: app-config/nginx + sourceSecret: + name: sshdeploykey + postCommit: {} + resources: {} + runPolicy: Serial + output: + to: + kind: ImageStreamTag + name: 'cara-router:latest' + strategy: + sourceStrategy: + from: + kind: ImageStreamTag + name: 'nginx:1.12' + namespace: openshift + type: Source + triggers: + - generic: + secretReference: + name: gitlab-cara-webhook-secret + type: Generic + nodeSelector: null + - + kind: BuildConfig + apiVersion: v1 + metadata: + name: cara-webservice + labels: + template: "cara-application" + spec: + source: + type: Git + git: + ref: ${GIT_BRANCH} + uri: ${GIT_REPO} + sourceSecret: + name: sshdeploykey + postCommit: {} + resources: {} + runPolicy: Serial + output: + to: + kind: ImageStreamTag + name: 'cara-webservice:latest' + strategy: + sourceStrategy: + from: + kind: ImageStreamTag + name: 'python:3.6' + namespace: openshift + type: Source + triggers: + - generic: + secretReference: + name: gitlab-cara-webhook-secret + type: Generic + nodeSelector: null + parameters: + - name: GIT_REPO + description: The GIT repo URL + value: 'ssh://git@gitlab.cern.ch:7999/cara/cara.git' + - name: GIT_BRANCH + description: The name of the GIT branch to use when building the app, e.g. `live/test-cara` in TEST, `master` in prod + required: true diff --git a/app-config/openshift/application.yaml b/app-config/openshift/deploymentconfig.yaml similarity index 57% rename from app-config/openshift/application.yaml rename to app-config/openshift/deploymentconfig.yaml index 6d6f2c32..79b3611d 100644 --- a/app-config/openshift/application.yaml +++ b/app-config/openshift/deploymentconfig.yaml @@ -3,161 +3,26 @@ apiVersion: "v1" metadata: name: "cara-application" - creationTimestamp: null annotations: description: "CARA application OpenShift template." tags: "cara-application" labels: template: "cara-application" objects: - - - kind: BuildConfig - apiVersion: v1 - metadata: - name: auth-service - spec: - source: - git: - ref: ${GIT_BRANCH} - uri: ${GIT_REPO} - contextDir: app-config/auth-service - sourceSecret: - name: sshdeploykey - output: - to: - kind: ImageStreamTag - name: 'auth-service:latest' - strategy: - sourceStrategy: - from: - kind: ImageStreamTag - name: 'python:3.6' - namespace: openshift - type: Source - triggers: - - imageChange: - type: ImageChange - - generic: - secretReference: - name: gitlab-cara-webhook-secret - type: Generic - - - kind: ImageStream - apiVersion: v1 - metadata: - name: auth-service - - - kind: BuildConfig - apiVersion: v1 - metadata: - name: cara-router - spec: - source: - git: - ref: ${GIT_BRANCH} - uri: ${GIT_REPO} - contextDir: app-config/nginx - sourceSecret: - name: sshdeploykey - output: - to: - kind: ImageStreamTag - name: 'cara-router:latest' - strategy: - sourceStrategy: - from: - kind: ImageStreamTag - name: 'nginx:1.12' - namespace: openshift - type: Source - triggers: - - generic: - secretReference: - name: gitlab-cara-webhook-secret - type: Generic - - - kind: ImageStream - apiVersion: v1 - metadata: - name: cara-app - - - kind: BuildConfig - apiVersion: v1 - metadata: - name: cara-router - spec: - source: - git: - ref: ${GIT_BRANCH} - uri: ${GIT_REPO} - contextDir: app-config/nginx - sourceSecret: - name: sshdeploykey - output: - to: - kind: ImageStreamTag - name: 'cara-router:latest' - strategy: - sourceStrategy: - from: - kind: ImageStreamTag - name: 'nginx:1.12' - namespace: openshift - type: Source - triggers: - - generic: - secretReference: - name: gitlab-cara-webhook-secret - type: Generic - - - kind: ImageStream - apiVersion: v1 - metadata: - name: cara-router - - - kind: BuildConfig - apiVersion: v1 - metadata: - name: cara-webservice - spec: - source: - git: - ref: ${GIT_BRANCH} - uri: ${GIT_REPO} - sourceSecret: - name: sshdeploykey - output: - to: - kind: ImageStreamTag - name: 'cara-webservice:latest' - strategy: - sourceStrategy: - from: - kind: ImageStreamTag - name: 'python:3.6' - namespace: openshift - type: Source - triggers: - - generic: - secretReference: - name: gitlab-cara-webhook-secret - type: Generic - - - kind: ImageStream - apiVersion: v1 - metadata: - name: cara-webservice - apiVersion: v1 kind: DeploymentConfig metadata: name: auth-service + labels: + app: auth-service spec: - replicas;: 1 + replicas: 1 template: metadata: labels: app: auth-service + deploymentconfig: auth-service spec: containers: - name: auth-service @@ -165,11 +30,33 @@ ports: - containerPort: 8080 protocol: TCP - - envFrom: - - configMapRef: - name: auth-service - - secretRef: - name: auth-service-secrets + envFrom: + - configMapRef: + name: auth-service + - secretRef: + name: auth-service-secrets + imagePullPolicy: Always + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: { } + terminationGracePeriodSeconds: 30 + strategy: + activeDeadlineSeconds: 21600 + resources: { } + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + test: false + selector: + deploymentconfig: auth-service triggers: - type: ConfigChange - type: ImageChange @@ -187,7 +74,7 @@ metadata: name: cara-app spec: - replicas;: 1 + replicas: 1 template: metadata: labels: @@ -202,6 +89,28 @@ ports: - containerPort: 8080 protocol: TCP + imagePullPolicy: Always + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: { } + terminationGracePeriodSeconds: 30 + strategy: + activeDeadlineSeconds: 21600 + resources: { } + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + test: false + selector: + app: cara-app triggers: - type: ConfigChange - type: ImageChange @@ -219,7 +128,7 @@ metadata: name: cara-router spec: - replicas;: 1 + replicas: 1 template: metadata: labels: @@ -233,6 +142,28 @@ protocol: TCP - containerPort: 8443 protocol: TCP + imagePullPolicy: Always + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: { } + terminationGracePeriodSeconds: 30 + strategy: + activeDeadlineSeconds: 21600 + resources: { } + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + test: false + selector: + app: cara-router triggers: - type: ConfigChange - type: ImageChange @@ -251,7 +182,7 @@ metadata: name: cara-webservice spec: - replicas;: 1 + replicas: 1 template: metadata: labels: @@ -275,6 +206,28 @@ ports: - containerPort: 8080 protocol: TCP + imagePullPolicy: Always + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: { } + terminationGracePeriodSeconds: 30 + strategy: + activeDeadlineSeconds: 21600 + resources: { } + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + test: false + selector: + app: cara-webservice triggers: - type: ConfigChange - type: ImageChange @@ -293,7 +246,7 @@ metadata: name: cara-calculator-open spec: - replicas;: 1 + replicas: 1 template: metadata: labels: @@ -310,6 +263,28 @@ ports: - containerPort: 8080 protocol: TCP + imagePullPolicy: Always + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: { } + terminationGracePeriodSeconds: 30 + strategy: + activeDeadlineSeconds: 21600 + resources: { } + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + test: false + selector: + app: cara-calculator-open triggers: - type: ConfigChange - type: ImageChange @@ -327,9 +302,3 @@ - name: PROJECT_NAME description: The name of this project, e.g. test-cara required: true - - name: GIT_REPO - description: The GIT repo URL - value: 'ssh://git@gitlab.cern.ch:7999/cara/cara.git' - - name: GIT_BRANCH - description: The name of the GIT branch to use when building the app, e.g. `live/test-cara` in TEST, `master` in prod - required: true diff --git a/app-config/openshift/imagestreams.yaml b/app-config/openshift/imagestreams.yaml new file mode 100644 index 00000000..26754cd4 --- /dev/null +++ b/app-config/openshift/imagestreams.yaml @@ -0,0 +1,36 @@ +--- + kind: "Template" + apiVersion: "v1" + metadata: + name: "cara-imagestreams" + creationTimestamp: null + annotations: + description: "CARA imagestreams OpenShift template." + tags: "cara-imagestreams" + labels: + template: "cara-application" + objects: + - + kind: ImageStream + apiVersion: v1 + metadata: + name: auth-service + spec: + lookupPolicy: + local: False + - + kind: ImageStream + apiVersion: v1 + metadata: + name: cara-router + spec: + lookupPolicy: + local: False + - + kind: ImageStream + apiVersion: v1 + metadata: + name: cara-webservice + spec: + lookupPolicy: + local: False diff --git a/app-config/openshift/route.yaml b/app-config/openshift/route.yaml index 076ac656..70874b9b 100644 --- a/app-config/openshift/route.yaml +++ b/app-config/openshift/route.yaml @@ -15,6 +15,8 @@ kind: Route metadata: name: cara-route + labels: + app: "cara-route" spec: host: ${HOST} port: @@ -25,6 +27,8 @@ to: kind: Service name: cara-router + weight: 100 + wildcardPolicy: None parameters: - name: HOST diff --git a/app-config/openshift/services.yaml b/app-config/openshift/services.yaml index a8c0c4fe..73b53a07 100644 --- a/app-config/openshift/services.yaml +++ b/app-config/openshift/services.yaml @@ -25,6 +25,8 @@ targetPort: 8080 selector: deploymentconfig: auth-service + sessionAffinity: 'None' + type: 'ClusterIP' - apiVersion: v1 kind: Service @@ -40,6 +42,8 @@ targetPort: 8080 selector: deploymentconfig: cara-app + sessionAffinity: 'None' + type: 'ClusterIP' - apiVersion: v1 kind: Service @@ -53,12 +57,10 @@ port: 8080 protocol: TCP targetPort: 8080 - - name: 8443-tcp - port: 8443 - protocol: TCP - targetPort: 8443 selector: deploymentconfig: cara-router + sessionAffinity: 'None' + type: 'ClusterIP' - apiVersion: v1 kind: Service @@ -74,6 +76,8 @@ targetPort: 8080 selector: deploymentconfig: cara-webservice + sessionAffinity: 'None' + type: 'ClusterIP' - apiVersion: v1 kind: Service @@ -89,3 +93,5 @@ targetPort: 8080 selector: deploymentconfig: cara-calculator-open + sessionAffinity: 'None' + type: 'ClusterIP'