AMP 2.0

roles/openshift_examples/examples-sync.sh

@@ -7,8 +7,7 @@
 
 XPAAS_VERSION=ose-v1.3.6
 ORIGIN_VERSION=${1:-v3.6}
-RHAMP_TAG=1.0.0.GA
-RHAMP_TEMPLATE=https://raw.githubusercontent.com/3scale/rhamp-openshift-templates/${RHAMP_TAG}/apicast-gateway/apicast-gateway-template.yml
+RHAMP_TAG=2.0.0.GA
 EXAMPLES_BASE=$(pwd)/files/examples/${ORIGIN_VERSION}
 find ${EXAMPLES_BASE} -name '*.json' -delete
 TEMP=`mktemp -d`
@@ -17,9 +16,11 @@ pushd $TEMP
 wget https://github.com/openshift/origin/archive/master.zip -O origin-master.zip
 wget https://github.com/jboss-fuse/application-templates/archive/GA.zip -O fis-GA.zip
 wget https://github.com/jboss-openshift/application-templates/archive/${XPAAS_VERSION}.zip -O application-templates-master.zip
+wget https://github.com/3scale/rhamp-openshift-templates/archive/${RHAMP_TAG}.zip -O amp.zip
 unzip origin-master.zip
 unzip application-templates-master.zip
 unzip fis-GA.zip
+unzip amp.zip
 mv origin-master/examples/db-templates/* ${EXAMPLES_BASE}/db-templates/
 mv origin-master/examples/quickstarts/* ${EXAMPLES_BASE}/quickstart-templates/
 mv origin-master/examples/jenkins/jenkins-*template.json ${EXAMPLES_BASE}/quickstart-templates/
@@ -30,15 +31,11 @@ mv application-templates-${XPAAS_VERSION}/jboss-image-streams.json ${EXAMPLES_BA
 mv application-templates-GA/fis-image-streams.json ${EXAMPLES_BASE}/xpaas-streams/fis-image-streams.json
 mv application-templates-GA/quickstarts/* ${EXAMPLES_BASE}/xpaas-templates/
 find application-templates-${XPAAS_VERSION}/ -name '*.json' ! -wholename '*secret*' ! -wholename '*demo*' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \;
+find 3scale-amp-openshift-templates-${RHAMP_TAG}/ -name '*.yml' -exec mv {} ${EXAMPLES_BASE}/quickstart-templates/ \;
 popd
 
 wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/dotnet_imagestreams.json         -O ${EXAMPLES_BASE}/image-streams/dotnet_imagestreams.json
 wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-example.json           -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-example.json
 wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-pgsql-persistent.json    -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-pgsql-persistent.json
-wget ${RHAMP_TEMPLATE} -O ${EXAMPLES_BASE}/quickstart-templates/apicast-gateway-template.yml
-wget https://raw.githubusercontent.com/openshift/origin-metrics/master/metrics.yaml                            -O ../openshift_hosted_templates/files/${ORIGIN_VERSION}/origin/metrics-deployer.yaml
-wget https://raw.githubusercontent.com/openshift/origin-metrics/enterprise/metrics.yaml                        -O ../openshift_hosted_templates/files/${ORIGIN_VERSION}/enterprise/metrics-deployer.yaml
-wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/master/deployer/deployer.yaml       -O ../openshift_hosted_templates/files/${ORIGIN_VERSION}/origin/logging-deployer.yaml
-wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/enterprise/deployment/deployer.yaml -O ../openshift_hosted_templates/files/${ORIGIN_VERSION}/enterprise/logging-deployer.yaml
 
 git diff files/examples

roles/openshift_examples/files/examples/v3.6/quickstart-templates/apicast-gateway-template.yml

@@ -1,149 +0,0 @@
-apiVersion: v1
-kind: Template
-metadata:
-  creationTimestamp: null
-  name: 3scale-gateway
-  annotations:
-    description: "3scale API Gateway"
-    iconClass: "icon-load-balancer"
-    tags: "api,gateway,3scale"
-objects:
-- apiVersion: v1
-  kind: DeploymentConfig
-  metadata:
-    name: ${THREESCALE_GATEWAY_NAME}
-  spec:
-    replicas: 2
-    selector:
-      deploymentconfig: ${THREESCALE_GATEWAY_NAME}
-    strategy:
-      resources: {}
-      rollingParams:
-        intervalSeconds: 1
-        maxSurge: 25%
-        maxUnavailable: 25%
-        timeoutSeconds: 600
-        updatePeriodSeconds: 1
-      type: Rolling
-    template:
-      metadata:
-        labels:
-          deploymentconfig: ${THREESCALE_GATEWAY_NAME}
-      spec:
-        containers:
-        - env:
-          - name: THREESCALE_PORTAL_ENDPOINT
-            valueFrom:
-              secretKeyRef:
-                name: ${THREESCALE_PORTAL_ENDPOINT_SECRET}
-                key: password
-          - name: THREESCALE_CONFIG_FILE
-            value: ${THREESCALE_CONFIG_FILE}
-          - name: RESOLVER
-            value: ${RESOLVER}
-          - name: APICAST_SERVICES
-            value: ${APICAST_SERVICES}
-          - name: APICAST_MISSING_CONFIGURATION
-            value: ${MISSING_CONFIGURATION}
-          - name: APICAST_LOG_LEVEL
-            value: ${APICAST_LOG_LEVEL}
-          - name: APICAST_PATH_ROUTING_ENABLED
-            value: ${PATH_ROUTING}
-          - name: APICAST_RESPONSE_CODES
-            value: ${RESPONSE_CODES}
-          - name: APICAST_REQUEST_LOGS
-            value: ${REQUEST_LOGS}
-          - name: APICAST_RELOAD_CONFIG
-            value: ${APICAST_RELOAD_CONFIG}
-          image: ${THREESCALE_GATEWAY_IMAGE}
-          imagePullPolicy: Always
-          name: ${THREESCALE_GATEWAY_NAME}
-          livenessProbe:
-            httpGet:
-              path: /status/live
-              port: 8090
-            initialDelaySeconds: 10
-            timeoutSeconds: 1
-          readinessProbe:
-            httpGet:
-              path: /status/ready
-              port: 8090
-            initialDelaySeconds: 15
-            timeoutSeconds: 1
-          ports:
-          - containerPort: 8080
-            protocol: TCP
-          resources: {}
-          terminationMessagePath: /dev/termination-log
-        dnsPolicy: ClusterFirst
-        restartPolicy: Always
-        securityContext: {}
-        terminationGracePeriodSeconds: 30
-    triggers:
-    - type: ConfigChange
-  status: {}
-- apiVersion: v1
-  kind: Service
-  metadata:
-    creationTimestamp: null
-    name: ${THREESCALE_GATEWAY_NAME}
-  spec:
-    ports:
-    - name: 8080-tcp
-      port: 8080
-      protocol: TCP
-      targetPort: 8080
-    selector:
-      deploymentconfig: ${THREESCALE_GATEWAY_NAME}
-    sessionAffinity: None
-    type: ClusterIP
-  status:
-    loadBalancer: {}
-parameters:
-- description: "Name of the secret containing the THREESCALE_PORTAL_ENDPOINT with the access-token or provider key"
-  value: threescale-portal-endpoint-secret
-  name: THREESCALE_PORTAL_ENDPOINT_SECRET
-  required: true
-- description: "Path to saved JSON file with configuration for the gateway. Has to be injected to the docker image as read only volume."
-  value:
-  name: THREESCALE_CONFIG_FILE
-  required: false
-- description: "Name for the 3scale API Gateway"
-  value: threescalegw
-  name: THREESCALE_GATEWAY_NAME
-  required: true
-- description: "Docker image to use."
-  value: 'rhamp10/apicast-gateway:1.0.0-4'
-  name: THREESCALE_GATEWAY_IMAGE
-  required: true
-- description: "DNS Resolver for openresty, if empty it will be autodiscovered"
-  value:
-  name: RESOLVER
-  required: false
-- description: "Subset of services to run. Use comma separated list of service ids (eg. 42,1337)"
-  value:
-  name: APICAST_SERVICES
-  required: false
-- description: "What to do on missing or invalid configuration. Allowed values are: log, exit."
-  value: exit
-  required: false
-  name: MISSING_CONFIGURATION
-- description: "Log level. One of the following: debug, info, notice, warn, error, crit, alert, or emerg."
-  name: APICAST_LOG_LEVEL
-  required: false
-- description: "Enable path routing. Experimental feature."
-  name: PATH_ROUTING
-  required: false
-  value: "false"
-- description: "Enable traffic logging to 3scale. Includes whole request and response."
-  value: "false"
-  name: REQUEST_LOGS
-  required: false
-- description: "Enable logging response codes to 3scale."
-  value: "false"
-  name: RESPONSE_CODES
-  required: false
-- description: "Reload config on every request"
-  value: "false"
-  name: APICAST_RELOAD_CONFIG
-  required: false

roles/openshift_examples/files/examples/v3.6/quickstart-templates/apicast.yml

@@ -0,0 +1,157 @@
+apiVersion: v1
+kind: Template
+metadata:
+  name: 3scale-gateway
+  annotations:
+    description: "3scale API Gateway"
+    iconClass: "icon-load-balancer"
+    tags: "api,gateway,3scale"
+objects:
+
+- apiVersion: v1
+  kind: DeploymentConfig
+  metadata:
+    name: "${APICAST_NAME}"
+  spec:
+    replicas: 2
+    selector:
+      deploymentconfig: "${APICAST_NAME}"
+    strategy:
+      type: Rolling
+    template:
+      metadata:
+        labels:
+          deploymentconfig: "${APICAST_NAME}"
+      spec:
+        containers:
+        - env:
+          - name: THREESCALE_PORTAL_ENDPOINT
+            valueFrom:
+              secretKeyRef:
+                name: "${CONFIGURATION_URL_SECRET}"
+                key: password
+          - name: THREESCALE_CONFIG_FILE
+            value: "${CONFIGURATION_FILE_PATH}"
+          - name: THREESCALE_DEPLOYMENT_ENV
+            value: "${DEPLOYMENT_ENVIRONMENT}"
+          - name: RESOLVER
+            value: "${RESOLVER}"
+          - name: APICAST_SERVICES
+            value: "${SERVICES_LIST}"
+          - name: APICAST_CONFIGURATION_LOADER
+            value: "${CONFIGURATION_LOADER}"
+          - name: APICAST_LOG_LEVEL
+            value: "${LOG_LEVEL}"
+          - name: APICAST_PATH_ROUTING_ENABLED
+            value: "${PATH_ROUTING}"
+          - name: APICAST_RESPONSE_CODES
+            value: "${RESPONSE_CODES}"
+          - name: APICAST_CONFIGURATION_CACHE
+            value: "${CONFIGURATION_CACHE}"
+          - name: REDIS_URL
+            value: "${REDIS_URL}"
+          - name: APICAST_MANAGEMENT_API
+            value: "${MANAGEMENT_API}"
+          - name: OPENSSL_VERIFY
+            value: "${OPENSSL_VERIFY}"
+          image: 3scale-amp20/apicast-gateway:1.0-3
+          imagePullPolicy: IfNotPresent
+          name: "${APICAST_NAME}"
+          livenessProbe:
+            httpGet:
+              path: /status/live
+              port: management
+            initialDelaySeconds: 10
+            timeoutSeconds: 1
+          readinessProbe:
+            httpGet:
+              path: /status/ready
+              port: management
+            initialDelaySeconds: 15
+            timeoutSeconds: 1
+          ports:
+          - name: proxy
+            containerPort: 8080
+            protocol: TCP
+          - name: management
+            containerPort: 8090
+            protocol: TCP
+    triggers:
+    - type: ConfigChange
+
+- apiVersion: v1
+  kind: Service
+  metadata:
+    name: "${APICAST_NAME}"
+  spec:
+    ports:
+    - name: proxy
+      port: 8080
+      protocol: TCP
+      targetPort: 8080
+    - name: management
+      port: 8090
+      protocol: TCP
+      targetPort: 8090
+    selector:
+      deploymentconfig: "${APICAST_NAME}"
+
+parameters:
+- name: AMP_RELEASE
+  description: "AMP release tag."
+  value: 2.0.0-CR2-redhat-1
+  required: true
+- description: "Name of the secret containing the THREESCALE_PORTAL_ENDPOINT with the access-token or provider key"
+  value: apicast-configuration-url-secret
+  name: CONFIGURATION_URL_SECRET
+  required: true
+- description: "Path to saved JSON file with configuration for the gateway. Has to be injected to the docker image as read only volume."
+  value:
+  name: CONFIGURATION_FILE_PATH
+  required: false
+- description: "Deployment environment. Can be sandbox or production."
+  value: production
+  name: DEPLOYMENT_ENVIRONMENT
+  required: true
+- description: "Name for the 3scale API Gateway"
+  value: apicast
+  name: APICAST_NAME
+  required: true
+- description: "DNS Resolver for openresty, if empty it will be autodiscovered"
+  value:
+  name: RESOLVER
+  required: false
+- description: "Subset of services to run. Use comma separated list of service ids (eg. 42,1337)"
+  value:
+  name: SERVICES_LIST
+  required: false
+- name: CONFIGURATION_LOADER
+  description: "When to load configuration. If on gateway start or incoming request. Allowed values are: lazy, boot."
+  value: boot
+  required: false
+- description: "Log level. One of the following: debug, info, notice, warn, error, crit, alert, or emerg."
+  name: LOG_LEVEL
+  required: false
+- description: "Enable path routing. Experimental feature."
+  name: PATH_ROUTING
+  required: false
+  value: "false"
+- description: "Enable logging response codes to 3scale."
+  value: "false"
+  name: RESPONSE_CODES
+  required: false
+- name: CONFIGURATION_CACHE
+  description: "For how long to cache the downloaded configuration in seconds. Can be left empty, 0 or greater than 60."
+  value: ""
+  required: false
+- description: "Redis URL. Required for OAuth2 integration. ex: redis://PASSWORD@127.0.0.1:6379/0"
+  name: REDIS_URL
+  required: false
+- name: MANAGEMENT_API
+  description: "Scope of the Management API. Can be disabled, status or debug. At least status required for health checks."
+  required: false
+  value: "status"
+- name: OPENSSL_VERIFY
+  description: "Turn on/off the OpenSSL peer verification. Can be set to true/false."
+  required: true
+  value: "false"

roles/openshift_examples/files/examples/v3.6/quickstart-templates/dancer-mysql-persistent.json

@@ -147,6 +147,9 @@
         }
       },
       "spec": {
+        "strategy": {
+          "type": "Recreate"
+        },
         "triggers": [
           {
             "type": "ImageChange",

roles/openshift_examples/files/examples/v3.6/quickstart-templates/dancer-mysql.json

@@ -147,6 +147,9 @@
         }
       },
       "spec": {
+        "strategy": {
+          "type": "Recreate"
+        },
         "triggers": [
           {
             "type": "ImageChange",

roles/openshift_examples/files/examples/v3.6/quickstart-templates/django-postgresql-persistent.json

@@ -148,7 +148,7 @@
       },
       "spec": {
         "strategy": {
-          "type": "Rolling"
+          "type": "Recreate"
         },
         "triggers": [
           {

roles/openshift_examples/files/examples/v3.6/quickstart-templates/django-postgresql.json

@@ -148,7 +148,7 @@
       },
       "spec": {
         "strategy": {
-          "type": "Rolling"
+          "type": "Recreate"
         },
         "triggers": [
           {

roles/openshift_examples/files/examples/v3.6/quickstart-templates/nodejs-mongodb-persistent.json

@@ -154,7 +154,7 @@
       },
       "spec": {
         "strategy": {
-          "type": "Rolling"
+          "type": "Recreate"
         },
         "triggers": [
           {

roles/openshift_examples/files/examples/v3.6/quickstart-templates/nodejs-mongodb.json

@@ -154,7 +154,7 @@
       },
       "spec": {
         "strategy": {
-          "type": "Rolling"
+          "type": "Recreate"
         },
         "triggers": [
           {

roles/openshift_examples/files/examples/v3.6/quickstart-templates/pvc.yml

@@ -0,0 +1,49 @@
+apiVersion: v1
+kind: Template
+metadata:
+  name: "amp-pvc"
+objects:
+
+- apiVersion: "v1"
+  kind: "PersistentVolumeClaim"
+  metadata:
+    name: "system-storage"
+  spec:
+    accessModes:
+      - "ReadWriteMany"
+    resources:
+      requests:
+        storage: "100Mi"
+
+- apiVersion: "v1"
+  kind: "PersistentVolumeClaim"
+  metadata:
+    name: "mysql-storage"
+  spec:
+    accessModes:
+      - "ReadWriteOnce"
+    resources:
+      requests:
+        storage: "1Gi"
+
+- apiVersion: "v1"
+  kind: "PersistentVolumeClaim"
+  metadata:
+    name: "system-redis-storage"
+  spec:
+    accessModes:
+      - "ReadWriteOnce"
+    resources:
+      requests:
+        storage: "1Gi"
+
+- apiVersion: "v1"
+  kind: "PersistentVolumeClaim"
+  metadata:
+    name: "backend-redis-storage"
+  spec:
+    accessModes:
+      - "ReadWriteOnce"
+    resources:
+      requests:
+        storage: "1Gi"

roles/openshift_examples/files/examples/v3.6/quickstart-templates/wildcard.yml

@@ -0,0 +1,158 @@
+apiVersion: v1
+kind: Template
+metadata:
+  name: "amp-apicast-wildcard-router"
+objects:
+
+- apiVersion: v1
+  kind: DeploymentConfig
+  metadata:
+    name: apicast-router
+  spec:
+    replicas: 1
+    selector:
+      deploymentconfig: apicast-router
+    strategy:
+      type: Rolling
+    template:
+      metadata:
+        labels:
+          deploymentconfig: apicast-router
+      spec:
+        volumes:
+        - name: apicast-router-config
+          configMap:
+            name: apicast-router-config
+            items:
+            - key: router.conf
+              path: router.conf
+        containers:
+        - env:
+          - name: APICAST_CONFIGURATION_LOADER
+            value: "lazy"
+          - name: APICAST_CONFIGURATION_CACHE
+            value: "0"
+          image: 3scale-amp20/apicast-gateway:1.0-3
+          imagePullPolicy: IfNotPresent
+          name: apicast-router
+          command: ['bin/apicast']
+          livenessProbe:
+            tcpSocket:
+              port: router
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /status/ready
+              port: management
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+            periodSeconds: 30
+          volumeMounts:
+          - name: apicast-router-config
+            mountPath: /opt/app-root/src/sites.d/
+            readOnly: true
+          ports:
+          - containerPort: 8082
+            name: router
+            protocol: TCP
+          - containerPort: 8090
+            name: management
+            protocol: TCP
+    triggers:
+    - type: ConfigChange
+
+- apiVersion: v1
+  kind: Service
+  metadata:
+    name: apicast-router
+  spec:
+    ports:
+    - name: router
+      port: 80
+      protocol: TCP
+      targetPort: router
+    selector:
+      deploymentconfig: apicast-router
+
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: apicast-router-config
+  data:
+    router.conf: |-
+      upstream wildcard {
+        server 0.0.0.1:1;
+
+        balancer_by_lua_block {
+          local round_robin = require 'resty.balancer.round_robin'
+          local balancer = round_robin.new()
+          local peers = balancer:peers(ngx.ctx.apicast)
+
+          local peer, err = balancer:set_peer(peers)
+
+          if not peer then
+            ngx.status = ngx.HTTP_SERVICE_UNAVAILABLE
+            ngx.log(ngx.ERR, "failed to set current backend peer: ", err)
+            ngx.exit(ngx.status)
+          end
+        }
+
+        keepalive 1024;
+      }
+
+      server {
+        listen 8082;
+        server_name ~-(?<apicast>apicast-(staging|production))\.;
+        access_log /dev/stdout combined;
+
+        location / {
+          access_by_lua_block {
+            local resolver = require('resty.resolver'):instance()
+            local servers = resolver:get_servers(ngx.var.apicast, { port = 8080 })
+
+            if #servers == 0 then
+              ngx.status = ngx.HTTP_BAD_GATEWAY
+              ngx.exit(ngx.HTTP_OK)
+            end
+
+            ngx.ctx.apicast = servers
+          }
+          proxy_http_version 1.1;
+          proxy_pass $scheme://wildcard;
+          proxy_set_header Host $host;
+          proxy_set_header Connection "";
+        }
+      }
+
+- apiVersion: v1
+  kind: Route
+  metadata:
+    name: apicast-wildcard-router
+    labels:
+      app: apicast-wildcard-router
+  spec:
+    host: apicast-${TENANT_NAME}.${WILDCARD_DOMAIN}
+    to:
+      kind: Service
+      name: apicast-router
+    port:
+      targetPort: router
+    wildcardPolicy: Subdomain
+    tls:
+      termination: edge
+      insecureEdgeTerminationPolicy: Allow
+
+parameters:
+- name: AMP_RELEASE
+  description: "AMP release tag."
+  value: 2.0.0-CR2-redhat-1
+  required: true
+- name: WILDCARD_DOMAIN
+  description: Root domain for the wildcard routes. Eg. example.com will generate 3scale-admin.example.com.
+  required: true
+- name: TENANT_NAME
+  description: "Domain name under the root that Admin UI will be available with -admin suffix."
+  required: true
+  value: "3scale"