diff --git a/database/unity-database.yaml b/database/unity-database.yaml index 71221bc34..7de020eba 100644 --- a/database/unity-database.yaml +++ b/database/unity-database.yaml @@ -11,14 +11,14 @@ message: |- For more information about using this template, including OpenShift considerations, see the project readme.md and wiki documents. metadata: name: unity-database - # This template uses a separate parameter .env file to override the default values defined in this section. + # This template uses a separate parameter .env file to override the default values defined in this section. # Use command: oc process -f .\database\unity-database.yaml --param-file=.env | oc create -f - labels: template: unity-database annotations: description: |- PostgreSQL database service with persistent storage. - NOTE: Scaling to more than one replica is not supported. + NOTE: Scaling to more than one replica is not supported. iconClass: icon-postgresql openshift.io/display-name: PostgreSQL openshift.io/documentation-url: https://docs.okd.io/latest/using_images/db_images/postgresql.html @@ -44,6 +44,12 @@ parameters: name: DATABASE_SERVICE_NAME required: true value: unity-data-postgres +- description: The host exposed for the database. + displayName: Database Service Host + name: DATABASE_HOST + required: true + from: 'develop-crunchy-postgres-primary[a-zA-Z0-9]{6}-dev.svc' + generate: expression - description: The port exposed for the database. displayName: Database Service Port name: DATABASE_PORT @@ -122,7 +128,7 @@ parameters: value: 1024Mi # Template objects to instantiate the database. objects: -# Secrets +# Secrets - apiVersion: v1 kind: Secret metadata: @@ -136,7 +142,7 @@ objects: app.kubernetes.io/component: ${DATABASE_SERVICE_NAME} app.kubernetes.io/instance: ${DATABASE_SERVICE_NAME}-1 app.kubernetes.io/name: ${DATABASE_SERVICE_NAME} - app.kubernetes.io/part-of: ${APPLICATION_GROUP} + app.kubernetes.io/part-of: ${APPLICATION_GROUP} stringData: UNITY_POSTGRES_DB: ${POSTGRESQL_DATABASE} UNITY_POSTGRES_PASSWORD: ${POSTGRESQL_PASSWORD} @@ -154,7 +160,7 @@ objects: app.kubernetes.io/name: ${DATABASE_SERVICE_NAME} app.kubernetes.io/part-of: ${APPLICATION_GROUP} data: - UNITY_DB_HOST: ${DATABASE_SERVICE_NAME} + UNITY_DB_HOST: ${DATABASE_HOST} UNITY_DB_PORT: ${DATABASE_PORT} UNITY_TENANT_DB: ${UNITY_TENANT_DB} # Service @@ -169,7 +175,7 @@ objects: app.kubernetes.io/component: ${DATABASE_SERVICE_NAME} app.kubernetes.io/instance: ${DATABASE_SERVICE_NAME}-1 app.kubernetes.io/name: ${DATABASE_SERVICE_NAME} - app.kubernetes.io/part-of: ${APPLICATION_GROUP} + app.kubernetes.io/part-of: ${APPLICATION_GROUP} spec: ports: - name: ${DATABASE_SERVICE_NAME} @@ -316,4 +322,3 @@ objects: claimName: unity-data-backup strategy: type: Recreate - diff --git a/openshift/Readme.md b/openshift/Readme.md index a7a0aa0c7..248c3fdba 100644 --- a/openshift/Readme.md +++ b/openshift/Readme.md @@ -4,15 +4,21 @@ You can create the required templates using the web OpenShift console or the oc CLI. ``` +# Delete build templates +oc delete templates --all + +# Create build templates oc create -f $repository\database\unity-backup-cronjob.yaml oc create -f $repository\database\unity-database.yaml +oc create -f $repository\openshift\unity-imagestream.yaml +oc create -f $repository\openshift\unity-applicantportal-web.yaml oc create -f $repository\openshift\unity-grantmanager-dbmigrator-job.yaml -oc create -f $repository\openshift\unity-grantmanager-imagestream.yaml oc create -f $repository\openshift\unity-grantmanager-web.yaml oc create -f $repository\openshift\unity-networkpolicy.yaml oc create -f $repository\openshift\unity-rabbitmq.yaml oc create -f $repository\openshift\unity-s3-object-storage.yaml oc create -f $repository\openshift\unity-app-data-web.json +oc create -f $repository\openshift\unity-chefs-data-web.json oc create -f $repository\openshift\unity-metabase.yaml ``` @@ -20,33 +26,27 @@ oc create -f $repository\openshift\unity-metabase.yaml As a best practice, store copies of these files in a secure location. ``` -"S3.env" "database.env" "dbmigrator-job.env" "grantmanager-web.env" +"S3-storage.env" "metabase.env" "rabbitmq.env" ``` Use oc get templates to find all available parameters of a project template. ``` - oc get templates -NAME DESCRIPTION PARAMETERS OBJECTS -unity-app-data-build An example Nginx HTTP server and a reverse proxy (nginx) application that ser... 9 (all set) 1 -unity-app-data-web An example Nginx HTTP server and a reverse proxy (nginx) application that ser... 11 (1 blank) 3 -unity-grantmanager-buildconfig Template for building a DotNet application on OpenShift. 14 (all set) 1 -unity-grantmanager-imagestream Template for tracking of changes in the application image. 2 (all set) 1 -unity-networkpolicy Template for communications rules in OpenShift. 2 (all set) 3 - NAME DESCRIPTION PARAMETERS OBJECTS unity-app-data-web An example Nginx HTTP server and a reverse proxy (nginx) application that ser... 11 (1 blank) 3 +unity-applicantportal-web Template for running a DotNet web application on OpenShift. 17 (1 generated) 5 unity-backup-cronjob Template for running a recurring backup script in OpenShift. 16 (1 generated) 1 -unity-database PostgreSQL database service, with persistent storage.... 17 (1 generated) 6 -unity-grantmanager-dbmigrator-job Template for running a dotnet console application once in OpenShift. 9 (1 generated) 1 -unity-grantmanager-imagestream Template for tracking of changes in the application image. 2 (all set) 1 -unity-grantmanager-web Template for running a DotNet web application on OpenShift. 41 (1 blank) 6 -unity-metabase Template for running a DotNet web application on OpenShift. 15 (1 generated) 4 +unity-chefs-data-web An example Nginx HTTP server and a reverse proxy (nginx) application that ser... 4 (all set) 1 +unity-database PostgreSQL database service with persistent storage.... 18 (1 generated) 6 +unity-grantmanager-dbmigrator-job Template for running a dotnet console application once in OpenShift. 12 (1 generated) 1 +unity-grantmanager-web Template for running a DotNet web application on OpenShift. 42 (1 blank) 6 +unity-imagestream Template for tracking of changes in the application image. 2 (all set) 1 +unity-metabase Template for running a DotNet web application on OpenShift. 19 (1 generated) 4 unity-networkpolicy Template for communications rules in OpenShift. 2 (all set) 3 unity-rabbitmq Template for running RabbitMQ message queue application on OpenShift. 12 (all set) 4 unity-s3-object-storage Template for S3 connection information in OpenShift. 9 (2 generated) 2 @@ -66,7 +66,7 @@ oc policy add-role-to-group system:image-puller system:serviceaccounts:${project # Create Database objects from templates with parameters oc process unity-database --param-file=${params}-database.env | oc create -f - -oc wait dc/${release}-unity-data-postgres --for condition=available --timeout=120s +helm upgrade --install ${release}-hippo-ha . -f $repository\database\crunchy-postgres\values.yaml -f ${params}-pgo-custom-values.yaml oc process unity-backup-cronjob --param-file=${params}-database.env | oc create -f - # Create DbMigraitor objects from templates with parameters @@ -82,14 +82,14 @@ oc process unity-s3-object-storage --param-file=${params}-S3.env | oc create -f oc process unity-grantmanager-imagestream -p APPLICATION_GROUP=${release}-unity-grantmanager -p APPLICATION_NAME=${release}-unity-grantmanager | oc create -f - oc import-image ${release}-unity-grantmanager:$tag --confirm --from=image-registry.openshift-image-registry.svc:5000/${tools}/${release}-unity-grantmanager-build:$tag oc process unity-grantmanager-web --param-file=${params}-grantmanager-web.env | oc create -f - -oc wait dc/${release}-unity-grantmanager-web --for condition=available=true --timeout=120s +oc wait dc/${release}-unity-grantmanager-web --for condition=available=true --timeout=120s # Create RabbitMQ objects from templates with parameters oc process unity-rabbitmq --param-file=${project}-rabbitmq.env | oc create -f - oc wait dc/${namespace}unity-rabbitmq --for condition=available # Deployment for app-data-web -oc process unity-app-data-web -p IMAGEPULL_NAMESPACE=${tools} -p IMAGESTREAM_NAME=${namespace}-unity-app-data-build -p IMAGESTREAM_TAG=latest | oc create -f - +oc process unity-app-data-web -p IMAGEPULL_NAMESPACE=${tools} -p IMAGESTREAM_NAME=${namespace}-unity-app-data-build -p IMAGESTREAM_TAG=latest | oc create -f - # Deployment for reporting oc process unity-metabase --param-file=${project}-metabase.env | oc create -f - diff --git a/openshift/unity-app-data-web.json b/openshift/unity-app-data-web.json index d4d83a191..a82f004c3 100644 --- a/openshift/unity-app-data-web.json +++ b/openshift/unity-app-data-web.json @@ -52,6 +52,7 @@ "app.kubernetes.io/part-of": "${APPLICATION_GROUP}" }, "annotations": { + "haproxy.router.openshift.io/hsts_header": "max-age=31536000;includeSubDomains;preload", "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" } }, @@ -64,7 +65,7 @@ "tls": { "termination": "edge", "insecureEdgeTerminationPolicy": "Redirect" - } + } } }, { @@ -74,11 +75,11 @@ "name": "${APPLICATION_NAME}", "labels": { "app.openshift.io/runtime": "nginx", - "app.kubernetes.io/part-of": "${APPLICATION_GROUP}" + "app.kubernetes.io/part-of": "${APPLICATION_GROUP}" }, "annotations": { "description": "Defines how to deploy the application server", - "template.alpha.openshift.io/wait-for-ready": "true", + "template.alpha.openshift.io/wait-for-ready": "true", "image.openshift.io/triggers": "[{\"from\":{\"kind\":\"ImageStreamTag\",\"name\":\"${IMAGESTREAM_NAME}:${IMAGESTREAM_TAG}\",\"namespace\":\"${IMAGEPULL_NAMESPACE}\"},\"fieldPath\":\"spec.template.spec.containers[?(@.name==\\\"${APPLICATION_NAME}\\\")].image\",\"pause\":\"true\"}]" } }, diff --git a/openshift/unity-applicantportal-web.yaml b/openshift/unity-applicantportal-web.yaml index 95a89ab51..7f8e13f3a 100644 --- a/openshift/unity-applicantportal-web.yaml +++ b/openshift/unity-applicantportal-web.yaml @@ -2,11 +2,11 @@ kind: Template message: |- A new application been created in your project: unity-applicantportal-web - For more information about using this template, including OpenShift considerations, + For more information about using this template, including OpenShift considerations, see template usage guide found in the project readme.md and wiki documents. metadata: name: unity-applicantportal-web - # This template uses a separate parameter .env file to override the default values defined in this section. + # This template uses a separate parameter .env file to override the default values defined in this section. # oc process -f .\openshift\unity-applicantportal-web.yaml --param-file=namespace.env | oc create -f - labels: template: unity-applicantportal-web @@ -68,10 +68,10 @@ parameters: name: IMAGEPULL_NAMESPACE from: '[a-zA-Z0-9]{5}-tools' generate: expression -- description: The ImageStream Name +- description: The ImageStream Name displayName: Registry imagestream name name: IMAGESTREAM_NAME - value: unity-applicantportal-build + value: unity-applicantportal-build - description: The version of the image to use, e.g. v1.0.0, v0.1.0, latest the ImageStream tag. displayName: Application Version name: IMAGESTREAM_TAG @@ -105,8 +105,8 @@ parameters: # Template objects to instantiate the project application. objects: # Configmap -- apiVersion: v1 - kind: ConfigMap +- apiVersion: v1 + kind: ConfigMap metadata: name: ${APPLICATION_NAME} labels: @@ -147,6 +147,11 @@ objects: metadata: annotations: description: Route for application's http service. + haproxy.router.openshift.io/balance: roundrobin + haproxy.router.openshift.io/hsts_header: max-age=31536000;includeSubDomains;preload + haproxy.router.openshift.io/ip_whitelist: 142.22.0.0/15 142.24.0.0/13 142.32.0.0/14 142.36.0.0/16 + router.openshift.io/cookie-same-site: Strict + router.openshift.io/cookie_name: haproxy-uap name: ${APPLICATION_NAME} labels: app: ${APPLICATION_NAME} @@ -167,6 +172,29 @@ objects: termination: edge insecureEdgeTerminationPolicy: Redirect wildcardPolicy: None + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: SAMEORIGIN + - name: X-Content-Type-Options + action: + type: Set + set: + value: no-sniff + - name: Referrer-Policy + action: + type: Set + set: + value: strict-origin-when-cross-origin + - name: Content-Security-Policy + action: + type: Set + set: + value: object-src 'none'; frame-ancestors 'none' # Persistent storage for the application logfiles. - apiVersion: v1 kind: PersistentVolumeClaim diff --git a/openshift/unity-chefs-data-web.json b/openshift/unity-chefs-data-web.json index a102ae9c9..1494e8e12 100644 --- a/openshift/unity-chefs-data-web.json +++ b/openshift/unity-chefs-data-web.json @@ -26,6 +26,8 @@ "app.kubernetes.io/part-of": "${APPLICATION_GROUP}" }, "annotations": { + "haproxy.router.openshift.io/hsts_header": "max-age=31536000;includeSubDomains;preload", + "haproxy.router.openshift.io/ip_whitelist": "142.22.0.0/15 142.24.0.0/13 142.32.0.0/14 142.36.0.0/16", "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" } }, @@ -35,10 +37,53 @@ "kind": "Service", "name": "${APPLICATION_SERVICE}" }, - "tls": { + "httpHeaders": { + "actions": { + "request": null, + "response": [ + { + "action": { + "set": { + "value": "SAMEORIGIN" + }, + "type": "Set" + }, + "name": "X-Frame-Options" + }, + { + "action": { + "set": { + "value": "no-sniff" + }, + "type": "Set" + }, + "name": "X-Content-Type-Options" + }, + { + "action": { + "set": { + "value": "strict-origin-when-cross-origin" + }, + "type": "Set" + }, + "name": "Referrer-Policy" + }, + { + "action": { + "set": { + "value": "object-src 'none'; frame-ancestors 'none'" + }, + "type": "Set" + }, + "name": "Content-Security-Policy" + } + ] + } + }, + "tls": { "termination": "edge", "insecureEdgeTerminationPolicy": "Redirect" - } + } } } ], diff --git a/openshift/unity-grantmanager-web.yaml b/openshift/unity-grantmanager-web.yaml index 4f9f433db..aa738ba82 100644 --- a/openshift/unity-grantmanager-web.yaml +++ b/openshift/unity-grantmanager-web.yaml @@ -2,11 +2,11 @@ kind: Template message: |- A new application been created in your project: unity-grantmanager-web - For more information about using this template, including OpenShift considerations, + For more information about using this template, including OpenShift considerations, see template usage guide found in the project readme.md and wiki documents. metadata: name: unity-grantmanager-web - # This template uses a separate parameter .env file to override the default values defined in this section. + # This template uses a separate parameter .env file to override the default values defined in this section. # oc process -f .\openshift\unity-grantmanager-web.yaml --param-file=namespace.env | oc create -f - labels: template: unity-grantmanager-web @@ -58,7 +58,7 @@ parameters: e.g.: -.' displayName: Custom http Route Hostname name: HOSTNAME_HTTP - value: dev2-unity.apps.silver.devops.gov.bc.ca + value: develop-unity.apps.silver.devops.gov.bc.ca - description: ASPNETCORE_ENVIRONMENT displayName: ASPNETCORE_ENVIRONMENT name: ASPNETCORE_ENVIRONMENT @@ -155,7 +155,7 @@ parameters: value: 'https://cfs-systws.cas.gov.bc.ca:7025/ords/cas' - description: Payments__CasClientSecret displayName: Payments__CasClientSecret - from: '[a-zA-Z0-9]{22}..' + from: '[a-zA-Z0-9]{22}..' generate: expression name: Payments__CasClientSecret - description: Payments__CasClientId @@ -180,21 +180,49 @@ parameters: displayName: RabbitMQ__HostName value: 'unity-rabbitmq' name: RabbitMQ__HostName +- description: Redis__HostName + displayName: Redis__HostName + value: 'dev-redis' + name: Redis__HostName +- description: Redis__Password + displayName: Redis__Password + name: Redis__Password + required: true + from: '[a-zA-Z0-9]{26}' + generate: expression +- description: Redis__IsEnabled + displayName: Redis__IsEnabled + value: 'false' + name: Redis__IsEnabled # Base image location - description: The Namespace where the container image resides displayName: Registry Namespace name: IMAGEPULL_NAMESPACE from: '[a-zA-Z0-9]{5}-tools' generate: expression -- description: The ImageStream Name +- description: The ImageStream Name displayName: Registry imagestream name name: IMAGESTREAM_NAME - value: unity-grantmanager-build + value: unity-grantmanager-build - description: The version of the image to use, e.g. v1.0.0, v0.1.0, latest the ImageStream tag. displayName: Application Version name: IMAGESTREAM_TAG required: true value: latest +- description: The Namespace where the container image resides + displayName: Registry Namespace + name: REDIS_IMAGEPULL_NAMESPACE + from: '[a-zA-Z0-9]{5}-tools' + generate: expression +- description: The ImageStream Name + displayName: Registry imagestream name + name: REDIS_IMAGESTREAM_NAME + value: redis +- description: The version of the image to use + displayName: Application Version + name: REDIS_IMAGESTREAM_TAG + required: true + value: latest - description: The registry path of the container image used. displayName: Registry location to pull from name: IMAGEPULL_REGISTRY @@ -222,7 +250,7 @@ parameters: value: 512Mi # Template objects to instantiate the project application. objects: -# Secrets +# Secrets - apiVersion: v1 kind: Secret metadata: @@ -247,9 +275,23 @@ objects: Payments__CasClientId: ${Payments__CasClientId} RabbitMQ__Password: ${RabbitMQ__Password} type: Opaque +# Redis +- apiVersion: v1 + kind: Secret + metadata: + name: ${Redis__HostName} + labels: + app: ${Redis__HostName} + app.kubernetes.io/component: ${Redis__HostName} + app.kubernetes.io/instance: ${APPLICATION_NAME}-1 + app.kubernetes.io/name: ${Redis__HostName} + app.kubernetes.io/part-of: ${APPLICATION_GROUP} + stringData: + database-password: ${Redis__Password} + type: Opaque # Configmap -- apiVersion: v1 - kind: ConfigMap +- apiVersion: v1 + kind: ConfigMap metadata: name: ${APPLICATION_NAME} labels: @@ -274,6 +316,7 @@ objects: BackgroundJobs__Quartz__IsAutoRegisterEnabled: 'true' BackgroundJobs__IntakeResync__NumDaysToCheck: '-2' BackgroundJobs__IntakeResync__Expression: '0 0 23 1/1 * ? *' + BackgroundJobs__Quartz__UseCluster: ${Redis__IsEnabled} CssApi__TokenUrl: ${CssApi__TokenUrl} CssApi__Url: ${CssApi__Url} CssApi__Env: ${CssApi__Env} @@ -285,7 +328,15 @@ objects: RabbitMQ__UserName: ${RabbitMQ__UserName} RabbitMQ__VirtualHost: ${RabbitMQ__VirtualHost} RabbitMQ__HostName: ${RabbitMQ__HostName} -# Service + DataProtection__IsEnabled: ${Redis__IsEnabled} + Redis__Host: ${Redis__HostName} + Redis__InstanceName: ${Redis__HostName} + Redis__IsEnabled: ${Redis__IsEnabled} + Redis__KeyPrefix: unity + Redis__Port: '6379' + Serilog__MinimumLevel__Override__Quartz.Impl: Information + Serilog__MinimumLevel__Override__Quartz.SQL: Information +# Services - apiVersion: v1 kind: Service metadata: @@ -306,13 +357,38 @@ objects: targetPort: 8080 selector: app: ${APPLICATION_NAME} -# Route +# Redis +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: The application's host port. + name: ${Redis__HostName} + labels: + app: ${Redis__HostName} + app.kubernetes.io/component: ${Redis__HostName} + app.kubernetes.io/instance: ${APPLICATION_NAME}-1 + app.kubernetes.io/name: ${Redis__HostName} + app.kubernetes.io/part-of: ${APPLICATION_GROUP} + spec: + ports: + - name: redis + protocol: TCP + port: 6379 + targetPort: 6379 + selector: + app: ${Redis__HostName} +# Route ingress - apiVersion: route.openshift.io/v1 id: ${APPLICATION_NAME}-http kind: Route metadata: annotations: description: Route for application's http service. + haproxy.router.openshift.io/balance: roundrobin + haproxy.router.openshift.io/hsts_header: max-age=31536000;includeSubDomains;preload + router.openshift.io/cookie-same-site: Strict + router.openshift.io/cookie_name: haproxy-ugm name: ${APPLICATION_NAME} labels: app: ${APPLICATION_NAME} @@ -333,7 +409,30 @@ objects: termination: edge insecureEdgeTerminationPolicy: Redirect wildcardPolicy: None -# Persistent storage for the application logfiles. + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: SAMEORIGIN + - name: X-Content-Type-Options + action: + type: Set + set: + value: no-sniff + - name: Referrer-Policy + action: + type: Set + set: + value: strict-origin-when-cross-origin + - name: Content-Security-Policy + action: + type: Set + set: + value: object-src 'none'; frame-ancestors 'none' +# Persistent storage for the application logfiles - apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -352,7 +451,26 @@ objects: storage: ${VOLUME_CAPACITY} storageClassName: netapp-file-standard volumeMode: Filesystem -# Deployment +# Redis +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: ${Redis__HostName} + labels: + app: ${Redis__HostName} + app.kubernetes.io/component: ${Redis__HostName} + app.kubernetes.io/instance: ${APPLICATION_NAME}-1 + app.kubernetes.io/name: ${Redis__HostName} + app.kubernetes.io/part-of: ${APPLICATION_GROUP} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: ${VOLUME_CAPACITY} + storageClassName: netapp-file-standard + volumeMode: Filesystem +# Deployment - apiVersion: apps/v1 kind: Deployment metadata: @@ -418,6 +536,20 @@ objects: requests: cpu: ${CPU_REQUEST} memory: ${MEMORY_REQUEST} + readinessProbe: + httpGet: + path: /healthz/ready + port: 8080 + scheme: HTTP + httpHeaders: + - name: content-type + value: text/plain + - name: readiness + value: healthy + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 livenessProbe: httpGet: path: /healthz/live @@ -455,3 +587,80 @@ objects: restartPolicy: Always terminationGracePeriodSeconds: 30 dnsPolicy: ClusterFirst +# Redis +- apiVersion: apps/v1 + kind: Deployment + metadata: + name: ${Redis__HostName} + annotations: + app.openshift.io/route-disabled: "false" + app.openshift.io/vcs-ref: ${SOURCE_REPOSITORY_REF} + app.openshift.io/vcs-uri: ${SOURCE_REPOSITORY_URL} + image.openshift.io/triggers: >- + [{"from":{"kind":"ImageStreamTag","name":"${REDIS_IMAGESTREAM_NAME}:${REDIS_IMAGESTREAM_TAG}","namespace":"${REDIS_IMAGEPULL_NAMESPACE}"},"fieldPath":"spec.template.spec.containers[?(@.name==\"${Redis__HostName}\")].image","pause":"false"}] + labels: + app: ${Redis__HostName} + app.openshift.io/runtime: redis + app.kubernetes.io/component: ${Redis__HostName} + app.kubernetes.io/instance: ${APPLICATION_NAME}-1 + app.kubernetes.io/name: ${Redis__HostName} + app.kubernetes.io/part-of: ${APPLICATION_GROUP} + spec: + replicas: 1 + selector: + matchLabels: + app: ${Redis__HostName} + strategy: + type: Recreate + template: + metadata: + labels: + application: ${Redis__HostName} + app: ${Redis__HostName} + spec: + volumes: + - name: ${Redis__HostName}-data + persistentVolumeClaim: + claimName: ${Redis__HostName} + containers: + - name: ${Redis__HostName} + image: ${IMAGEPULL_REGISTRY}/${REDIS_IMAGEPULL_NAMESPACE}/${REDIS_IMAGESTREAM_NAME}:${REDIS_IMAGESTREAM_TAG} + imagePullPolicy: Always + resources: + limits: + cpu: ${CPU_LIMIT} + memory: ${MEMORY_LIMIT} + requests: + cpu: ${CPU_REQUEST} + memory: ${MEMORY_REQUEST} + readinessProbe: + exec: + command: + - /bin/sh + - '-i' + - '-c' + - test "$(redis-cli -h 127.0.0.1 -a $REDIS_PASSWORD ping)" == "PONG" + initialDelaySeconds: 5 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + livenessProbe: + tcpSocket: + port: 6379 + initialDelaySeconds: 30 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + ports: + - containerPort: 6379 + protocol: TCP + imagePullPolicy: IfNotPresent + volumeMounts: + - name: ${Redis__HostName}-data + mountPath: /var/lib/redis/data + terminationMessagePolicy: File + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst diff --git a/openshift/unity-metabase.yaml b/openshift/unity-metabase.yaml index 6d546ad3d..51af5b008 100644 Binary files a/openshift/unity-metabase.yaml and b/openshift/unity-metabase.yaml differ diff --git a/openshift/unity-rabbitmq.yaml b/openshift/unity-rabbitmq.yaml index 92f44db46..5a62a246f 100644 Binary files a/openshift/unity-rabbitmq.yaml and b/openshift/unity-rabbitmq.yaml differ