openshift/app.dc.yaml
---
apiVersion: v1
kind: Template
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: "${APP_NAME}-${JOB_NAME}"
app.kubernetes.io/managed-by: jenkins
app.kubernetes.io/name: nodejs
app.kubernetes.io/part-of: "${APP_NAME}-${JOB_NAME}"
app: "${APP_NAME}-${JOB_NAME}"
template: "${REPO_NAME}-app-dc-template"
metadata:
name: "${REPO_NAME}-app-dc"
objects:
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: "allow-${APP_NAME}-app-${JOB_NAME}-to-patroni-${JOB_NAME}-cluster"
spec:
# Allow app to talk to Patroni cluster
ingress:
- from:
- podSelector:
matchLabels:
app: "${APP_NAME}-${JOB_NAME}"
deploymentconfig: "${APP_NAME}-app-${JOB_NAME}"
role: app
ports:
- port: 5432
protocol: TCP
podSelector:
matchLabels:
cluster-name: "${JOB_NAME}"
statefulset: "patroni-${JOB_NAME}"
role: master
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: "allow-pre-hook-to-patroni-${JOB_NAME}-cluster"
spec:
# Allow app pre-hook pods to talk to Patroni cluster
ingress:
- from:
- podSelector:
matchLabels:
openshift.io/deployer-pod.type: hook-pre
ports:
- port: 5432
protocol: TCP
podSelector:
matchLabels:
cluster-name: "${JOB_NAME}"
statefulset: "patroni-${JOB_NAME}"
role: master
- apiVersion: v1
kind: DeploymentConfig
metadata:
annotations:
app.openshift.io/connects-to: '[{"apiVersion":"apps/v1","kind":"StatefulSet","name":"patroni-${JOB_NAME}"}]'
name: "${APP_NAME}-app-${JOB_NAME}"
spec:
replicas: 2
revisionHistoryLimit: 10
selector:
app: "${APP_NAME}-${JOB_NAME}"
deploymentconfig: "${APP_NAME}-app-${JOB_NAME}"
role: app
strategy:
type: Rolling
resources: {}
rollingParams:
timeoutSeconds: 600
pre:
failurePolicy: Abort
execNewPod:
command:
- npm
- run
- k8s:migrate:seed
containerName: "app"
env:
- name: NODE_ENV
value: production
- name: DB_DATABASE
valueFrom:
secretKeyRef:
key: app-db-name
name: "patroni-${JOB_NAME}-secret"
- name: DB_HOST
value: "patroni-${JOB_NAME}"
- name: DB_USERNAME
valueFrom:
secretKeyRef:
key: app-db-username
name: "patroni-${JOB_NAME}-secret"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
key: app-db-password
name: "patroni-${JOB_NAME}-secret"
- name: SERVER_BASEPATH
value: "${ROUTE_PATH}"
template:
metadata:
labels:
app: "${APP_NAME}-${JOB_NAME}"
deploymentconfig: "${APP_NAME}-app-${JOB_NAME}"
role: app
spec:
containers:
- name: app
image: "${IMAGE_REGISTRY}/${NAMESPACE}/${REPO_NAME}-app:${JOB_NAME}"
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: "${ROUTE_PATH}/api"
port: 8080
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 1
failureThreshold: 3
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
httpGet:
path: "${ROUTE_PATH}/api"
port: 8080
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 1
failureThreshold: 1
resources:
requests:
cpu: "${CPU_REQUEST}"
memory: "${MEMORY_REQUEST}"
limits:
cpu: "${CPU_LIMIT}"
memory: "${MEMORY_LIMIT}"
env:
- name: NODE_ENV
value: production
- name: DB_DATABASE
valueFrom:
secretKeyRef:
key: app-db-name
name: "patroni-${JOB_NAME}-secret"
- name: DB_HOST
value: "patroni-${JOB_NAME}"
- name: DB_USERNAME
valueFrom:
secretKeyRef:
key: app-db-username
name: "patroni-${JOB_NAME}-secret"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
key: app-db-password
name: "patroni-${JOB_NAME}-secret"
- name: FRONTEND_BASEPATH
value: "${ROUTE_PATH}"
- name: SERVER_BASEPATH
value: "${ROUTE_PATH}"
- name: SERVER_KC_CLIENTID
valueFrom:
secretKeyRef:
key: username
name: getok-keycloak-secret
- name: SERVER_KC_CLIENTSECRET
valueFrom:
secretKeyRef:
key: password
name: getok-keycloak-secret
- name: SC_CHES_USERNAME
valueFrom:
secretKeyRef:
key: username
name: getok-sc-ches-secret
- name: SC_CHES_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: getok-sc-ches-secret
- name: SC_GITHUB_TOKEN
valueFrom:
secretKeyRef:
key: personal-access-token
name: getok-sc-github-secret
- name: SC_KC_DEV_USERNAME
valueFrom:
secretKeyRef:
key: username
name: getok-sc-keycloak-dev-secret
- name: SC_KC_DEV_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: getok-sc-keycloak-dev-secret
- name: SC_KC_TEST_USERNAME
valueFrom:
secretKeyRef:
key: username
name: getok-sc-keycloak-test-secret
- name: SC_KC_TEST_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: getok-sc-keycloak-test-secret
- name: SC_KC_PROD_USERNAME
valueFrom:
secretKeyRef:
key: username
name: getok-sc-keycloak-prod-secret
- name: SC_KC_PROD_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: getok-sc-keycloak-prod-secret
envFrom:
- configMapRef:
name: getok-frontend-config
- configMapRef:
name: getok-sc-config
- configMapRef:
name: getok-server-config
restartPolicy: Always
terminationGracePeriodSeconds: 30
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- app
from:
kind: ImageStreamTag
name: "${REPO_NAME}-app:${JOB_NAME}"
namespace: "${NAMESPACE}"
type: ImageChange
- apiVersion: v1
kind: Service
metadata:
name: "${APP_NAME}-app-${JOB_NAME}"
spec:
ports:
- name: 8080-tcp
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: "${APP_NAME}-${JOB_NAME}"
deploymentconfig: "${APP_NAME}-app-${JOB_NAME}"
role: app
sessionAffinity: None
- apiVersion: v1
kind: Route
metadata:
name: "${APP_NAME}-app-${JOB_NAME}"
spec:
host: "${ROUTE_HOST}"
path: "${ROUTE_PATH}"
port:
targetPort: 8080-tcp
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
to:
kind: Service
name: "${APP_NAME}-app-${JOB_NAME}"
weight: 100
wildcardPolicy: None
parameters:
- name: APP_NAME
description: Application name
displayName: Application name
required: true
- name: ROUTE_HOST
description: The host the route will use to expose service outside cluster
displayName: Route host
required: true
- name: ROUTE_PATH
description: Configure the route path (ex. /pr-5 or /app), also used for FRONTEND_BASEPATH
displayName: Route path
required: true
- name: JOB_NAME
description: Job identifier (i.e. 'pr-5' OR 'master')
displayName: Job Branch Name
required: true
- name: IMAGE_REGISTRY
description: The base OpenShift docker registry
displayName: Docker Image Registry
required: true
value: image-registry.openshift-image-registry.svc:5000
- name: NAMESPACE
description: Target namespace reference (i.e. 'wfezkf-dev')
displayName: Target Namespace
required: true
- name: REPO_NAME
description: Application repository name
displayName: Repository Name
required: true
- name: CPU_LIMIT
description: Limit Peak CPU per pod (in millicores ex. 1000m)
displayName: CPU Limit
value: 250m
- name: CPU_REQUEST
description: Requested CPU per pod (in millicores ex. 500m)
displayName: CPU Request
value: 50m
- name: MEMORY_LIMIT
description: Limit Peak Memory per pod (in gigabytes Gi or megabytes Mi ex. 2Gi)
displayName: Memory Limit
value: 1Gi
- name: MEMORY_REQUEST
description: Requested Memory per pod (in gigabytes Gi or megabytes Mi ex. 500Mi)
displayName: Memory Request
value: 256Mi