Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
AIOSEC-41: Adding Keycloak DB and API DB password generation. (#4)
* Adding Keycloak DB and API DB password generation. Co-authored-by: Michael Schmid <michael@amazee.com>
- Loading branch information
Showing
11 changed files
with
358 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,151 @@ | ||
--- | ||
apiVersion: v1 | ||
kind: Template | ||
metadata: | ||
creationTimestamp: null | ||
name: lagoon-openshift-template-mariadb | ||
parameters: | ||
- name: SERVICE_NAME | ||
description: Name of this service | ||
required: true | ||
- name: SAFE_BRANCH | ||
description: Which branch this belongs to, special chars replaced with dashes | ||
required: true | ||
- name: SAFE_PROJECT | ||
description: Which project this belongs to, special chars replaced with dashes | ||
required: true | ||
- name: BRANCH | ||
description: Which branch this belongs to, original value | ||
required: true | ||
- name: PROJECT | ||
description: Which project this belongs to, original value | ||
required: true | ||
- name: LAGOON_GIT_SHA | ||
description: git hash sha of the current deployment | ||
required: true | ||
- name: SERVICE_ROUTER_URL | ||
description: URL of the Router for this service | ||
value: "" | ||
- name: OPENSHIFT_PROJECT | ||
description: Name of the Project that this service is in | ||
required: true | ||
- name: REGISTRY | ||
description: Registry where Images are pushed to | ||
required: true | ||
- name: DEPLOYMENT_STRATEGY | ||
description: Strategy of Deploymentconfig | ||
value: "Recreate" | ||
- name: SERVICE_IMAGE | ||
description: Pullable image of service | ||
required: true | ||
- name: CRONJOBS | ||
description: Oneline of Cronjobs | ||
value: "" | ||
- name: PERSISTENT_STORAGE_SIZE | ||
description: Size of the Storage to request | ||
value: "5Gi" | ||
- name: ENVIRONMENT_TYPE | ||
description: production level of this environment | ||
value: 'production' | ||
objects: | ||
- apiVersion: v1 | ||
kind: PersistentVolumeClaim | ||
metadata: | ||
annotations: | ||
appuio.ch/backup: "false" | ||
name: ${SERVICE_NAME}-data | ||
spec: | ||
accessModes: | ||
- ReadWriteOnce | ||
resources: | ||
requests: | ||
storage: ${PERSISTENT_STORAGE_SIZE} | ||
- apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
creationTimestamp: null | ||
labels: | ||
service: ${SERVICE_NAME} | ||
branch: ${SAFE_BRANCH} | ||
project: ${SAFE_PROJECT} | ||
name: ${SERVICE_NAME} | ||
spec: | ||
ports: | ||
- name: 3306-tcp | ||
port: 3306 | ||
protocol: TCP | ||
targetPort: 3306 | ||
selector: | ||
service: ${SERVICE_NAME} | ||
status: | ||
loadBalancer: {} | ||
- apiVersion: v1 | ||
kind: DeploymentConfig | ||
metadata: | ||
creationTimestamp: null | ||
labels: | ||
service: ${SERVICE_NAME} | ||
branch: ${SAFE_BRANCH} | ||
project: ${SAFE_PROJECT} | ||
name: ${SERVICE_NAME} | ||
spec: | ||
replicas: 1 | ||
selector: | ||
service: ${SERVICE_NAME} | ||
strategy: | ||
type: ${DEPLOYMENT_STRATEGY} | ||
template: | ||
metadata: | ||
annotations: | ||
appuio.ch/backupcommand: /bin/sh -c "mysqldump --max-allowed-packet=500M --events --routines --quick --add-locks --no-autocommit --single-transaction --all-databases" | ||
backup.appuio.ch/file-extension: .${SERVICE_NAME}.sql | ||
creationTimestamp: null | ||
labels: | ||
service: ${SERVICE_NAME} | ||
branch: ${SAFE_BRANCH} | ||
project: ${SAFE_PROJECT} | ||
spec: | ||
volumes: | ||
- name: ${SERVICE_NAME}-data | ||
persistentVolumeClaim: | ||
claimName: ${SERVICE_NAME}-data | ||
priorityClassName: lagoon-priority-${ENVIRONMENT_TYPE} | ||
containers: | ||
- image: ${SERVICE_IMAGE} | ||
name: ${SERVICE_NAME} | ||
ports: | ||
- containerPort: 3306 | ||
protocol: TCP | ||
readinessProbe: | ||
tcpSocket: | ||
port: 3306 | ||
initialDelaySeconds: 15 | ||
timeoutSeconds: 1 | ||
livenessProbe: | ||
tcpSocket: | ||
port: 3306 | ||
initialDelaySeconds: 120 | ||
periodSeconds: 5 | ||
volumeMounts: | ||
- name: ${SERVICE_NAME}-data | ||
mountPath: /var/lib/mysql | ||
env: | ||
- name: SERVICE_NAME | ||
value: ${SERVICE_NAME} | ||
- name: CRONJOBS | ||
value: ${CRONJOBS} | ||
- name: MARIADB_PASSWORD | ||
valueFrom: | ||
secretKeyRef: | ||
name: api-db-password | ||
key: API_DB_PASSWORD | ||
envFrom: | ||
- configMapRef: | ||
name: lagoon-env | ||
resources: | ||
requests: | ||
cpu: 10m | ||
memory: 10Mi | ||
test: false | ||
triggers: | ||
- type: ConfigChange |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.