.openshift-applier/.gitignore
New file @@ -0,0 +1,2 @@ roles *.retry .openshift-applier/README.md
New file @@ -0,0 +1,14 @@ # OpenShift Applier for App This is an OpenShift applier inventory. I'm assuming you know how to do that, else see the CI/CD repo for docs. # Usage Right now limited to using ansible on your localhost. 1. `[.openshift-applier]$ ansible-galaxy install -r requirements.yml --roles-path=roles --f` 1. `[.openshift-applier]$ ansible-playbook apply.yml -i inventory/` See the inventory for the filter tag options. .openshift-applier/apply.yml
New file @@ -0,0 +1,10 @@ --- - name: Build and Deploy todolist-api hosts: app vars: ci_cd_namespace: <YOUR_NAME>-ci-cd dev_namespace: <YOUR_NAME>-dev test_namespace: <YOUR_NAME>-test tasks: - include_role: name: openshift-applier/roles/openshift-applier .openshift-applier/inventory/group_vars/all.yml
New file @@ -0,0 +1,42 @@ --- openshift_cluster_content: - object: app-builds content: - name: todolist-api-build template: "{{ playbook_dir }}/templates/todolist-api-deploy.yaml" params: "{{ playbook_dir }}/params/dev" namespace: "{{ ci_cd_namespace }}" tags: - build - object: deploy-dev content: - name: todolist-api template: "{{ playbook_dir }}/templates/todolist-api-deploy.yaml" params: "{{ playbook_dir }}/params/dev" namespace: "{{ dev_namespace }}" tags: - deploy - dev - name: todolist-api-db template: "{{ playbook_dir }}/templates/mongodb.yaml" params: "{{ playbook_dir }}/params/mongodb" namespace: "{{ dev_namespace }}" tags: - deploy - dev - object: deploy-test content: - name: todolist-api template: "{{ playbook_dir }}/templates/todolist-api-deploy.yaml" params: "{{ playbook_dir }}/params/test" namespace: "{{ test_namespace }}" tags: - deploy - test - name: todolist-api-db template: "{{ playbook_dir }}/templates/mongodb.yaml" params: "{{ playbook_dir }}/params/mongodb" namespace: "{{ test_namespace }}" tags: - deploy - test .openshift-applier/inventory/hosts
New file @@ -0,0 +1,2 @@ [app] localhost ansible_connection=local .openshift-applier/params/build
New file @@ -0,0 +1,2 @@ NAME=todolist-api BUILD_TAG=latest .openshift-applier/params/dev
New file @@ -0,0 +1,5 @@ PIPELINES_NAMESPACE=donal-ci-cd NAME=todolist-api DEPLOYER_USER=jenkins APP_TAG=latest NAMESPACE=donal-dev .openshift-applier/params/mongodb
New file @@ -0,0 +1,2 @@ VOLUME_CAPACITY=1Gi MONGODB_DATABASE=todolist .openshift-applier/params/test
New file @@ -0,0 +1,5 @@ PIPELINES_NAMESPACE=donal-ci-cd NAME=todolist-api DEPLOYER_USER=jenkins APP_TAG=latest NAMESPACE=donal-test .openshift-applier/requirements.yml
New file @@ -0,0 +1,8 @@ # This is the Ansible Galaxy requirements file to pull in the correct roles # to support the operation of CASL provisioning/runs. # From 'openshift-applier' - src: https://github.com/redhat-cop/openshift-applier scm: git version: v3.7.2 name: openshift-applier .openshift-applier/templates/mongodb.yml
New file @@ -0,0 +1,211 @@ --- kind: Template apiVersion: v1 metadata: name: mongodb-persistent annotations: openshift.io/display-name: MongoDB description: |- MongoDB database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md. NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template. iconClass: icon-mongodb tags: database,mongodb openshift.io/long-description: This template provides a standalone MongoDB server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service. openshift.io/provider-display-name: Red Hat, Inc. openshift.io/documentation-url: https://docs.openshift.org/latest/using_images/db_images/mongodb.html openshift.io/support-url: https://access.redhat.com message: |- The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}. Username: ${MONGODB_USER} Password: ${MONGODB_PASSWORD} Database Name: ${MONGODB_DATABASE} Connection URL: mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE} For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md. labels: template: mongodb-persistent-template objects: - kind: Secret apiVersion: v1 metadata: name: "${DATABASE_SERVICE_NAME}" annotations: template.openshift.io/expose-username: "{.data['database-user']}" template.openshift.io/expose-password: "{.data['database-password']}" template.openshift.io/expose-admin_password: "{.data['database-admin-password']}" template.openshift.io/expose-database_name: "{.data['database-name']}" stringData: database-user: "${MONGODB_USER}" database-password: "${MONGODB_PASSWORD}" database-admin-password: "${MONGODB_ADMIN_PASSWORD}" database-name: "${MONGODB_DATABASE}" - kind: Service apiVersion: v1 metadata: name: "${DATABASE_SERVICE_NAME}" annotations: template.openshift.io/expose-uri: mongodb://{.spec.clusterIP}:{.spec.ports[?(.name=="mongo")].port} spec: ports: - name: mongo protocol: TCP port: 27017 targetPort: 27017 nodePort: 0 selector: name: "${DATABASE_SERVICE_NAME}" type: ClusterIP sessionAffinity: None status: loadBalancer: {} - kind: PersistentVolumeClaim apiVersion: v1 metadata: name: "${DATABASE_SERVICE_NAME}" spec: accessModes: - ReadWriteOnce resources: requests: storage: "${VOLUME_CAPACITY}" - kind: DeploymentConfig apiVersion: v1 metadata: name: "${DATABASE_SERVICE_NAME}" annotations: template.alpha.openshift.io/wait-for-ready: 'true' spec: strategy: type: Recreate triggers: - type: ImageChange imageChangeParams: automatic: true containerNames: - mongodb from: kind: ImageStreamTag name: mongodb:${MONGODB_VERSION} namespace: "${NAMESPACE}" lastTriggeredImage: '' - type: ConfigChange replicas: 1 selector: name: "${DATABASE_SERVICE_NAME}" template: metadata: labels: name: "${DATABASE_SERVICE_NAME}" spec: containers: - name: mongodb image: " " ports: - containerPort: 27017 protocol: TCP readinessProbe: timeoutSeconds: 1 initialDelaySeconds: 3 exec: command: - "/bin/sh" - "-i" - "-c" - mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval="quit()" livenessProbe: timeoutSeconds: 1 initialDelaySeconds: 30 tcpSocket: port: 27017 env: - name: MONGODB_USER valueFrom: secretKeyRef: name: "${DATABASE_SERVICE_NAME}" key: database-user - name: MONGODB_PASSWORD valueFrom: secretKeyRef: name: "${DATABASE_SERVICE_NAME}" key: database-password - name: MONGODB_ADMIN_PASSWORD valueFrom: secretKeyRef: name: "${DATABASE_SERVICE_NAME}" key: database-admin-password - name: MONGODB_DATABASE valueFrom: secretKeyRef: name: "${DATABASE_SERVICE_NAME}" key: database-name resources: limits: memory: "${MEMORY_LIMIT}" volumeMounts: - name: "${DATABASE_SERVICE_NAME}-data" mountPath: "/var/lib/mongodb/data" terminationMessagePath: "/dev/termination-log" imagePullPolicy: IfNotPresent capabilities: {} securityContext: capabilities: {} privileged: false volumes: - name: "${DATABASE_SERVICE_NAME}-data" persistentVolumeClaim: claimName: "${DATABASE_SERVICE_NAME}" restartPolicy: Always dnsPolicy: ClusterFirst status: {} parameters: - name: MEMORY_LIMIT displayName: Memory Limit description: Maximum amount of memory the container can use. value: 512Mi required: true - name: NAMESPACE displayName: Namespace description: The OpenShift Namespace where the ImageStream resides. value: openshift - name: DATABASE_SERVICE_NAME displayName: Database Service Name description: The name of the OpenShift Service exposed for the database. value: mongodb required: true - name: MONGODB_USER displayName: MongoDB Connection Username description: Username for MongoDB user that will be used for accessing the database. value: username required: true - name: MONGODB_PASSWORD displayName: MongoDB Connection Password description: Password for the MongoDB connection user. value: password required: true - name: MONGODB_DATABASE displayName: MongoDB Database Name description: Name of the MongoDB database accessed. value: sampledb required: true - name: MONGODB_ADMIN_PASSWORD displayName: MongoDB Admin Password description: Password for the database admin user. generate: expression from: "[a-zA-Z0-9]{16}" required: true - name: VOLUME_CAPACITY displayName: Volume Capacity description: Volume space available for data, e.g. 512Mi, 2Gi. value: 1Gi required: true - name: MONGODB_VERSION displayName: Version of MongoDB Image description: Version of MongoDB image to be used (2.4, 2.6, 3.2 or latest). value: '3.2' required: true .openshift-applier/templates/todolist-api-build.yml
New file @@ -0,0 +1,54 @@ --- kind: Template apiVersion: v1 metadata: name: todolist-api-build annotations: openshift.io/display-name: S2I App Build Template description: S2I binary build config to create an image with your app baked in. iconClass: fa-cube tags: s2i objects: - apiVersion: v1 kind: BuildConfig metadata: labels: build: "${NAME}" name: "${NAME}" spec: nodeSelector: output: to: kind: ImageStreamTag name: "${NAME}:{BUILD_TAG}" postCommit: {} resources: {} runPolicy: Serial source: binary: {} type: Binary strategy: dockerStrategy: dockerfilePath: Dockerfile status: lastVersion: 1 - apiVersion: v1 kind: ImageStream metadata: labels: build: "${NAME}" name: "${NAME}" spec: {} parameters: - name: NAME displayName: Name description: The name assigned to all objects and the resulting imagestream. required: true value: s2i-app - name: BUILD_TAG displayName: Build Tag for Docker image description: The tag to apply to the Docker image being built. required: true value: latest labels: template: todolist-api-build-template .openshift-applier/templates/todolist-api-deploy.yml
New file @@ -0,0 +1,130 @@ --- kind: Template apiVersion: v1 metadata: name: todolist-api-deploy annotations: openshift.io/display-name: Static react js App Deploy Template description: A template to deploy your an App with a HTTP endpoint iconClass: icon-cube tags: http objects: - apiVersion: v1 kind: ImageStream metadata: labels: build: "${NAME}" name: "${NAME}" spec: {} - apiVersion: v1 kind: DeploymentConfig metadata: name: "${NAME}" labels: app: "${NAME}" spec: replicas: 1 selector: name: "${NAME}" strategy: activeDeadlineSeconds: 21600 resources: {} rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: creationTimestamp: labels: name: "${NAME}" spec: containers: - image: "docker-registry.default.svc:5000/${NAMESPACE}/${NAME}:${APP_TAG}" imagePullPolicy: Always name: "${NAME}" ports: - containerPort: 9000 protocol: TCP resources: {} terminationMessagePath: "/dev/termination-log" readinessProbe: httpGet: path: / port: 9000 initialDelaySeconds: 10 timeoutSeconds: 1 dnsPolicy: ClusterFirst restartPolicy: Always securityContext: {} terminationGracePeriodSeconds: 30 test: false triggers: [] - apiVersion: v1 kind: Service metadata: labels: name: "${NAME}" name: "${NAME}" spec: ports: - name: 9000-tcp port: 9000 protocol: TCP targetPort: 9000 selector: name: "${NAME}" sessionAffinity: None type: ClusterIP - apiVersion: v1 kind: Route metadata: labels: name: "${NAME}" name: "${NAME}" spec: port: targetPort: 9000-tcp to: kind: Service name: "${NAME}" weight: 100 wildcardPolicy: None - apiVersion: v1 kind: RoleBinding metadata: name: edit roleRef: name: edit subjects: - kind: ServiceAccount name: jenkins namespace: "${PIPELINES_NAMESPACE}" userNames: - system:serviceaccount:${PIPELINES_NAMESPACE}:${DEPLOYER_USER} parameters: - name: NAME displayName: Name description: The name assigned to all objects and the related imagestream. required: true - name: APP_TAG displayName: App Tag description: The tag of the image to use eg latest. required: true - name: NAMESPACE displayName: Docker image namespace description: The namespace of the image to use eg js-apps. required: true - name: DEPLOYER_USER displayName: Deployer User description: The name to the serviceaccount user for deploying apps eg jenkins required: true - name: PIPELINES_NAMESPACE displayName: Project/Namespace for Jenkins Pipelines description: The project/namespace where the Jenkins executing pipelines is deployed. required: true labels: template: todolist-api-deploy-template
