| |
@@ -0,0 +1,227 @@
|
| |
+
|
| |
+ # Template to produce a new test environment in OpenShift. Uses OpenID Connect
|
| |
+ # against iddev.fedorainfracloud.org for authentication, and ephemeral storage
|
| |
+ # for Postgres data.
|
| |
+ #
|
| |
+ # To create an environment from the template, process and apply it:
|
| |
+ # oc process -f openshift/waiverdb-test-template.yaml -p TEST_ID=123 -p WAIVERDB_APP_VERSION=0.1.2.dev24-git.94c0119 | oc apply -f -
|
| |
+ # To clean up the environment, use a selector on the environment label:
|
| |
+ # oc delete dc,deploy,pod,configmap,secret,svc,route -l environment=test-123
|
| |
+
|
| |
+ ---
|
| |
+ apiVersion: v1
|
| |
+ kind: Template
|
| |
+ metadata:
|
| |
+ name: waiverdb-test-template
|
| |
+ parameters:
|
| |
+ - name: TEST_ID
|
| |
+ displayName: Test id
|
| |
+ description: Short unique identifier for this test run (e.g. Jenkins job number)
|
| |
+ required: true
|
| |
+ - name: WAIVERDB_APP_VERSION
|
| |
+ displayName: WaiverDB application version
|
| |
+ description: Python version of the WaiverDB application being tested
|
| |
+ required: true
|
| |
+ - name: FLASK_SECRET_KEY
|
| |
+ displayName: Flask secret key
|
| |
+ generate: expression
|
| |
+ from: "[\\w]{32}"
|
| |
+ - name: DATABASE_PASSWORD
|
| |
+ displayName: Database password
|
| |
+ generate: expression
|
| |
+ from: "[\\w]{32}"
|
| |
+ objects:
|
| |
+ - apiVersion: v1
|
| |
+ kind: Secret
|
| |
+ metadata:
|
| |
+ name: "waiverdb-test-${TEST_ID}-secret"
|
| |
+ labels:
|
| |
+ environment: "test-${TEST_ID}"
|
| |
+ stringData:
|
| |
+ flask-secret-key: "${FLASK_SECRET_KEY}"
|
| |
+ database-password: "${DATABASE_PASSWORD}"
|
| |
+ # This is the same non-secret config we have committed
|
| |
+ # as conf/client_secrets.json for using in dev environments.
|
| |
+ client_secrets.json: |-
|
| |
+ {"web": {
|
| |
+ "redirect_uris": ["http://localhost:8080/"],
|
| |
+ "token_uri": "https://iddev.fedorainfracloud.org/openidc/Token",
|
| |
+ "auth_uri": "https://iddev.fedorainfracloud.org/openidc/Authorization",
|
| |
+ "client_id": "D-e69a1ac7-30fa-4d18-9001-7468c4f34c3c",
|
| |
+ "client_secret": "qgz8Bzjg6nO7JWCXoB0o8L49KfI5atLF",
|
| |
+ "userinfo_uri": "https://iddev.fedorainfracloud.org/openidc/UserInfo",
|
| |
+ "token_introspection_uri": "https://iddev.fedorainfracloud.org/openidc/TokenInfo"}}
|
| |
+ - apiVersion: v1
|
| |
+ kind: ConfigMap
|
| |
+ metadata:
|
| |
+ name: "waiverdb-test-${TEST_ID}-configmap"
|
| |
+ labels:
|
| |
+ environment: "test-${TEST_ID}"
|
| |
+ data:
|
| |
+ settings.py: |-
|
| |
+ DATABASE_URI = 'postgresql+psycopg2://waiverdb@waiverdb-test-${TEST_ID}-database:5432/waiverdb'
|
| |
+ PORT = 8080
|
| |
+ AUTH_METHOD = 'OIDC'
|
| |
+ OIDC_CLIENT_SECRETS = '/etc/secret/client_secrets.json'
|
| |
+ - apiVersion: v1
|
| |
+ kind: Service
|
| |
+ metadata:
|
| |
+ name: "waiverdb-test-${TEST_ID}-database"
|
| |
+ labels:
|
| |
+ environment: "test-${TEST_ID}"
|
| |
+ spec:
|
| |
+ selector:
|
| |
+ environment: "test-${TEST_ID}"
|
| |
+ service: database
|
| |
+ ports:
|
| |
+ - name: postgresql
|
| |
+ port: 5432
|
| |
+ targetPort: 5432
|
| |
+ - apiVersion: v1
|
| |
+ kind: DeploymentConfig
|
| |
+ metadata:
|
| |
+ name: "waiverdb-test-${TEST_ID}-database"
|
| |
+ labels:
|
| |
+ environment: "test-${TEST_ID}"
|
| |
+ service: database
|
| |
+ spec:
|
| |
+ replicas: 1
|
| |
+ strategy:
|
| |
+ type: Recreate
|
| |
+ selector:
|
| |
+ environment: "test-${TEST_ID}"
|
| |
+ service: database
|
| |
+ template:
|
| |
+ metadata:
|
| |
+ labels:
|
| |
+ environment: "test-${TEST_ID}"
|
| |
+ service: database
|
| |
+ spec:
|
| |
+ containers:
|
| |
+ - name: postgresql
|
| |
+ image: registry.access.redhat.com/rhscl/postgresql-95-rhel7:latest
|
| |
+ imagePullPolicy: Always
|
| |
+ ports:
|
| |
+ - containerPort: 5432
|
| |
+ readinessProbe:
|
| |
+ timeoutSeconds: 1
|
| |
+ initialDelaySeconds: 5
|
| |
+ exec:
|
| |
+ command: [ /bin/sh, -i, -c, "psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1'" ]
|
| |
+ livenessProbe:
|
| |
+ timeoutSeconds: 1
|
| |
+ initialDelaySeconds: 30
|
| |
+ tcpSocket:
|
| |
+ port: 5432
|
| |
+ env:
|
| |
+ - name: POSTGRESQL_USER
|
| |
+ value: waiverdb
|
| |
+ - name: POSTGRESQL_PASSWORD
|
| |
+ valueFrom:
|
| |
+ secretKeyRef:
|
| |
+ name: "waiverdb-test-${TEST_ID}-secret"
|
| |
+ key: database-password
|
| |
+ - name: POSTGRESQL_DATABASE
|
| |
+ value: waiverdb
|
| |
+ triggers:
|
| |
+ - type: ConfigChange
|
| |
+ - apiVersion: v1
|
| |
+ kind: Service
|
| |
+ metadata:
|
| |
+ name: "waiverdb-test-${TEST_ID}-web"
|
| |
+ labels:
|
| |
+ environment: "test-${TEST_ID}"
|
| |
+ annotations:
|
| |
+ service.alpha.openshift.io/dependencies: |-
|
| |
+ [{"name": "waiverdb-test-${TEST_ID}-database", "kind": "Service"}]
|
| |
+ spec:
|
| |
+ selector:
|
| |
+ environment: "test-${TEST_ID}"
|
| |
+ service: web
|
| |
+ ports:
|
| |
+ - name: web
|
| |
+ port: 8080
|
| |
+ targetPort: 8080
|
| |
+ - apiVersion: v1
|
| |
+ kind: Route
|
| |
+ metadata:
|
| |
+ name: "waiverdb-test-${TEST_ID}-web"
|
| |
+ labels:
|
| |
+ environment: "test-${TEST_ID}"
|
| |
+ spec:
|
| |
+ port:
|
| |
+ targetPort: web
|
| |
+ to:
|
| |
+ kind: Service
|
| |
+ name: "waiverdb-test-${TEST_ID}-web"
|
| |
+ tls:
|
| |
+ termination: edge
|
| |
+ insecureEdgeTerminationPolicy: Redirect
|
| |
+ - apiVersion: v1
|
| |
+ kind: DeploymentConfig
|
| |
+ metadata:
|
| |
+ name: "waiverdb-test-${TEST_ID}-web"
|
| |
+ labels:
|
| |
+ environment: "test-${TEST_ID}"
|
| |
+ service: web
|
| |
+ spec:
|
| |
+ replicas: 2
|
| |
+ selector:
|
| |
+ environment: "test-${TEST_ID}"
|
| |
+ service: web
|
| |
+ template:
|
| |
+ metadata:
|
| |
+ labels:
|
| |
+ environment: "test-${TEST_ID}"
|
| |
+ service: web
|
| |
+ spec:
|
| |
+ containers:
|
| |
+ - name: web
|
| |
+ image: "docker-registry.engineering.redhat.com/factory2/waiverdb:${WAIVERDB_APP_VERSION}"
|
| |
+ ports:
|
| |
+ - containerPort: 8080
|
| |
+ volumeMounts:
|
| |
+ - name: config-volume
|
| |
+ mountPath: /etc/waiverdb
|
| |
+ readOnly: true
|
| |
+ - name: secret-volume
|
| |
+ mountPath: /etc/secret
|
| |
+ readOnly: true
|
| |
+ env:
|
| |
+ - name: DATABASE_PASSWORD
|
| |
+ valueFrom:
|
| |
+ secretKeyRef:
|
| |
+ name: "waiverdb-test-${TEST_ID}-secret"
|
| |
+ key: database-password
|
| |
+ - name: SECRET_KEY
|
| |
+ valueFrom:
|
| |
+ secretKeyRef:
|
| |
+ name: "waiverdb-test-${TEST_ID}-secret"
|
| |
+ key: flask-secret-key
|
| |
+ readinessProbe:
|
| |
+ timeoutSeconds: 1
|
| |
+ initialDelaySeconds: 5
|
| |
+ httpGet:
|
| |
+ path: /healthcheck
|
| |
+ port: 8080
|
| |
+ livenessProbe:
|
| |
+ timeoutSeconds: 1
|
| |
+ initialDelaySeconds: 30
|
| |
+ httpGet:
|
| |
+ path: /healthcheck
|
| |
+ port: 8080
|
| |
+ # Limit to 384MB memory. This is probably *not* enough but it is
|
| |
+ # necessary in the current environment to allow for 2 replicas and
|
| |
+ # rolling updates, without hitting the (very aggressive) memory quota.
|
| |
+ resources:
|
| |
+ limits:
|
| |
+ memory: 384Mi
|
| |
+ volumes:
|
| |
+ - name: config-volume
|
| |
+ configMap:
|
| |
+ name: "waiverdb-test-${TEST_ID}-configmap"
|
| |
+ - name: secret-volume
|
| |
+ secret:
|
| |
+ secretName: "waiverdb-test-${TEST_ID}-secret"
|
| |
+ triggers:
|
| |
+ - type: ConfigChange
|
| |
This PR has some fixes necessary to get the application running in OpenShift, and the first start towards deploying a Waiverdb test environment inside OpenShift and running tests against it.