From fbe2f739a199037b5554ddb46b16dd77a7b53d7e Mon Sep 17 00:00:00 2001 From: wkmor1 Date: Tue, 9 Jul 2024 14:57:23 +0300 Subject: [PATCH] Update template --- oc-process.sh | 76 ++++++++++------- template.yml | 224 ++++++++++++++++++++++++++++++-------------------- 2 files changed, 179 insertions(+), 121 deletions(-) diff --git a/oc-process.sh b/oc-process.sh index 78fdf0c..ed96d66 100755 --- a/oc-process.sh +++ b/oc-process.sh @@ -1,13 +1,15 @@ #!/bin/bash i="all" +f="template.yml" +e=".env" while getopts ":f:e:i::" flag; do -case $flag in -f) f=${OPTARG} ;; -e) e=${OPTARG} ;; -i) i=${OPTARG} ;; -esac + case $flag in + f) f=${OPTARG} ;; + e) e=${OPTARG} ;; + i) i=${OPTARG} ;; + esac done set -a @@ -21,64 +23,76 @@ BRANCH=$(git symbolic-ref --short -q HEAD) # If not in main, assume dev if [ "$BRANCH" != "main" ]; then -HOST=$HOST_DEV -MYSQL_PASSWORD=$MYSQL_PASSWORD_DEV -ITSYSTEM=$ITSYSTEM_DEV + HOST=$HOST_DEV + MYSQL_PASSWORD=$MYSQL_PASSWORD_DEV + ITSYSTEM=$ITSYSTEM_DEV fi if [ $i = "volume" ]; then -ITEM=".items[0]" + ITEM=".items[0]" -elif [ $i = "image" ]; then +elif [ $i = "config" ]; then -ITEM=".items[1]" + ITEM=".items[1]" -elif [ $i = "build" ]; then +elif [ $i = "secrets" ]; then -ITEM=".items[2]" + ITEM=".items[2]" elif [ $i = "deploy-app" ]; then -ITEM=".items[3]" + ITEM=".items[3]" elif [ $i = "deploy-db" ]; then -ITEM=".items[4]" + ITEM=".items[4]" elif [ $i = "service-app" ]; then -ITEM=".items[5]" + ITEM=".items[5]" elif [ $i = "service-db" ]; then -ITEM=".items[6]" + ITEM=".items[6]" elif [ $i = "route" ]; then -ITEM=".items[7]" + ITEM=".items[7]" elif [ $i = "job" ]; then -ITEM=".items[8]" + ITEM=".items[8]" -else +elif [ $i = "all" ]; then ITEM="" +else + + echo "Object not found" + exit 1 + fi +FINBIF_API_TOKEN=$(echo -n $FINBIF_API_TOKEN | base64) +MYSQL_PASSWORD=$(echo -n $MYSQL_PASSWORD | base64) +FLASK_SECRET_KEY=$(echo -n $FLASK_SECRET_KEY | base64) +RCLONE_ACCESS_KEY_ID=$(echo -n $RCLONE_ACCESS_KEY_ID | base64) +RCLONE_SECRET_ACCESS_KEY=$(echo -n $RCLONE_SECRET_ACCESS_KEY | base64) + +echo "# $(oc project species-challenge)" + oc process -f $f \ --p BRANCH=$BRANCH \ --p HOST=$HOST \ --p MYSQL_PASSWORD=$MYSQL_PASSWORD \ --p MYSQL_USER=$MYSQL_USER \ --p MYSQL_DATABASE=$MYSQL_DATABASE \ --p FINBIF_API_TOKEN=$FINBIF_API_TOKEN \ --p FLASK_SECRET_KEY=$FLASK_SECRET_KEY \ --p ITSYSTEM=$ITSYSTEM \ --p RCLONE_ACCESS_KEY_ID=$RCLONE_ACCESS_KEY_ID \ --p RCLONE_SECRET_ACCESS_KEY=$RCLONE_SECRET_ACCESS_KEY \ +-p BRANCH="$BRANCH" \ +-p HOST="$HOST" \ +-p MYSQL_PASSWORD="$MYSQL_PASSWORD" \ +-p MYSQL_USER="$MYSQL_USER" \ +-p MYSQL_DATABASE="$MYSQL_DATABASE" \ +-p FINBIF_API_TOKEN="$FINBIF_API_TOKEN" \ +-p FLASK_SECRET_KEY="$FLASK_SECRET_KEY" \ +-p ITSYSTEM="$ITSYSTEM" \ +-p RCLONE_ACCESS_KEY_ID="$RCLONE_ACCESS_KEY_ID" \ +-p RCLONE_SECRET_ACCESS_KEY="$RCLONE_SECRET_ACCESS_KEY" \ | jq $ITEM - diff --git a/template.yml b/template.yml index 31cd288..375fbfc 100755 --- a/template.yml +++ b/template.yml @@ -9,12 +9,24 @@ parameters: - name: APP_PORT required: true value: "8081" + - name: HEALTH + required: true + value: /health + - name: LIVENESS_PERIOD + required: true + value: "30" + - name: FAILURE_THRESHOLD + required: true + value: "10" + - name: READINESS_PERIOD + required: true + value: "5" - name: DB required: true value: mariadb - name: DB_IMAGE required: true - value: quay.io/centos7/mariadb-105-centos7 + value: quay.io/fedora/mariadb-105 - name: DB_PORT required: true value: "3306" @@ -60,10 +72,6 @@ parameters: required: true - name: RCLONE_SECRET_ACCESS_KEY required: true - - name: GITHUB_SECRET - required: true - generate: expression - from: "[a-zA-Z0-9]{64}" metadata: name: ${APP} objects: @@ -72,49 +80,35 @@ objects: metadata: name: ${DB}-${BRANCH} spec: - storageClassName: "standard-rwo" + storageClassName: "standard-csi" accessModes: - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain resources: requests: storage: "20Gi" -- kind: ImageStream +- kind: ConfigMap apiVersion: v1 metadata: name: ${APP}-${BRANCH} - labels: - app: ${APP} - spec: - lookupPolicy: - local: true -- kind: BuildConfig + data: + branch: ${BRANCH} + db_port: ${DB_PORT} + app_port: ${APP_PORT} + mysql_database: ${MYSQL_DATABASE} + mysql_user: ${MYSQL_USER} +- kind: Secret apiVersion: v1 metadata: name: ${APP}-${BRANCH} - labels: - app: ${APP} - spec: - output: - to: - kind: ImageStreamTag - name: ${APP}-${BRANCH}:latest - source: - type: Git - git: - uri: https://github.com/luomus/${APP}.git - ref: ${BRANCH} - strategy: - dockerStrategy: - dockerfilePath: Dockerfile.rahti - type: Docker - triggers: - - type: ConfigChange - - type: GitHub - github: - secret: ${GITHUB_SECRET} -- kind: DeploymentConfig - apiVersion: v1 + type: Opaque + data: + finbif_api_token: ${FINBIF_API_TOKEN} + mysql_password: ${MYSQL_PASSWORD} + flask_secret_key: ${FLASK_SECRET_KEY} + rclone_access_key_id: ${RCLONE_ACCESS_KEY_ID} + rclone_secret_access_key: ${RCLONE_SECRET_ACCESS_KEY} +- kind: Deployment + apiVersion: apps/v1 metadata: name: ${APP}-${BRANCH} labels: @@ -122,60 +116,77 @@ objects: spec: replicas: 1 selector: - app: ${APP} - deploymentconfig: ${APP}-${BRANCH} + matchLabels: + app: ${APP} + strategy: + type: RollingUpdate template: metadata: labels: app: ${APP} - deploymentconfig: ${APP}-${BRANCH} + branch: ${BRANCH} + port: ${APP_PORT} spec: containers: - - image: ${APP}-${BRANCH}:latest + - image: ghcr.io/luomus/${APP}:${BRANCH} + imagePullPolicy: Always name: ${APP}-${BRANCH} env: - name: MYSQL_DATABASE - value: ${MYSQL_DATABASE} + valueFrom: + configMapKeyRef: + name: ${APP}-${BRANCH} + key: mysql_database - name: MYSQL_USER - value: ${MYSQL_USER} + valueFrom: + configMapKeyRef: + name: ${APP}-${BRANCH} + key: mysql_user - name: MYSQL_PASSWORD - value: ${MYSQL_PASSWORD} + valueFrom: + secretKeyRef: + name: ${APP}-${BRANCH} + key: mysql_password - name: MYSQL_HOST value: ${DB}-${BRANCH} - name: ITSYSTEM value: ${ITSYSTEM} - name: FINBIF_API_TOKEN - value: ${FINBIF_API_TOKEN} + valueFrom: + secretKeyRef: + name: ${APP}-${BRANCH} + key: finbif_api_token - name: FLASK_SECRET_KEY - value: ${FLASK_SECRET_KEY} + valueFrom: + secretKeyRef: + name: ${APP}-${BRANCH} + key: flask_secret_key - name: BRANCH - value: ${BRANCH} + valueFrom: + configMapKeyRef: + name: ${APP}-${BRANCH} + key: branch ports: - containerPort: ${{APP_PORT}} + startupProbe: + httpGet: + path: ${HEALTH} + port: ${{APP_PORT}} + failureThreshold: ${{FAILURE_THRESHOLD}} + periodSeconds: ${{LIVENESS_PERIOD}} livenessProbe: httpGet: - path: /health + path: ${HEALTH} port: ${{APP_PORT}} - failureThreshold: 5 - periodSeconds: 30 + failureThreshold: ${{FAILURE_THRESHOLD}} + periodSeconds: ${{LIVENESS_PERIOD}} readinessProbe: httpGet: - path: / + path: ${HEALTH} port: ${{APP_PORT}} - initialDelaySeconds: 30 - periodSeconds: 5 - triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - ${APP}-${BRANCH} - from: - kind: ImageStreamTag - name: ${APP}-${BRANCH}:latest -- kind: DeploymentConfig - apiVersion: v1 + periodSeconds: ${{READINESS_PERIOD}} +- kind: Deployment + apiVersion: apps/v1 metadata: name: ${DB}-${BRANCH} labels: @@ -183,47 +194,60 @@ objects: spec: replicas: 1 selector: - app: ${APP} - deploymentconfig: ${DB}-${BRANCH} + matchLabels: + app: ${APP} strategy: type: Recreate template: metadata: labels: app: ${APP} - deploymentconfig: ${DB}-${BRANCH} + branch: ${BRANCH} + port: ${DB_PORT} spec: containers: - image: ${DB_IMAGE} + imagePullPolicy: Always name: ${DB}-${BRANCH} volumeMounts: - mountPath: /var/lib/mysql/data name: ${DB}-${BRANCH} ports: - containerPort: ${{DB_PORT}} + startupProbe: + exec: + command: ${{DB_HEALTHCHECK}} + failureThreshold: ${{FAILURE_THRESHOLD}} + periodSeconds: ${{LIVENESS_PERIOD}} livenessProbe: exec: command: ${{DB_HEALTHCHECK}} - failureThreshold: 5 - periodSeconds: 30 + failureThreshold: ${{FAILURE_THRESHOLD}} + periodSeconds: ${{LIVENESS_PERIOD}} readinessProbe: - httpGet: + exec: command: ${{DB_HEALTHCHECK}} - initialDelaySeconds: 5 - periodSeconds: 5 + periodSeconds: ${{READINESS_PERIOD}} env: - name: MYSQL_DATABASE - value: ${MYSQL_DATABASE} + valueFrom: + configMapKeyRef: + name: ${APP}-${BRANCH} + key: mysql_database - name: MYSQL_USER - value: ${MYSQL_USER} + valueFrom: + configMapKeyRef: + name: ${APP}-${BRANCH} + key: mysql_user - name: MYSQL_PASSWORD - value: ${MYSQL_PASSWORD} + valueFrom: + secretKeyRef: + name: ${APP}-${BRANCH} + key: mysql_password volumes: - name: ${DB}-${BRANCH} persistentVolumeClaim: claimName: ${DB}-${BRANCH} - triggers: - - type: ConfigChange - kind: Service apiVersion: v1 metadata: @@ -237,7 +261,8 @@ objects: targetPort: ${{APP_PORT}} selector: app: ${APP} - deploymentconfig: ${APP}-${BRANCH} + branch: ${BRANCH} + port: ${APP_PORT} - kind: Service apiVersion: v1 metadata: @@ -251,7 +276,8 @@ objects: targetPort: ${{DB_PORT}} selector: app: ${APP} - deploymentconfig: ${DB}-${BRANCH} + branch: ${BRANCH} + port: ${DB_PORT} - kind: Route apiVersion: v1 metadata: @@ -263,13 +289,12 @@ objects: port: targetPort: ${{APP_PORT}} tls: - termination: edge + insecureEdgeTerminationPolicy: Redirect to: kind: Service name: ${APP}-${BRANCH} - wildcardPolicy: None - kind: CronJob - apiVersion: batch/v1beta1 + apiVersion: batch/v1 metadata: name: ${APP}-${BRANCH} spec: @@ -286,21 +311,40 @@ objects: spec: containers: - name: ${APP}-${BRANCH} - image: ${APP}-${BRANCH}:latest + image: ghcr.io/luomus/${APP}:${BRANCH} + imagePullPolicy: Always command: ${{JOB_CMD}} env: - name: RCLONE_CONFIG_DEFAULT_ACCESS_KEY_ID - value: ${RCLONE_ACCESS_KEY_ID} + valueFrom: + secretKeyRef: + name: ${APP}-${BRANCH} + key: rclone_access_key_id - name: RCLONE_CONFIG_DEFAULT_SECRET_ACCESS_KEY - value: ${RCLONE_SECRET_ACCESS_KEY} + valueFrom: + secretKeyRef: + name: ${APP}-${BRANCH} + key: rclone_secret_access_key - name: MYSQL_DATABASE - value: ${MYSQL_DATABASE} + valueFrom: + configMapKeyRef: + name: ${APP}-${BRANCH} + key: mysql_database - name: MYSQL_USER - value: ${MYSQL_USER} + valueFrom: + configMapKeyRef: + name: ${APP}-${BRANCH} + key: mysql_user - name: MYSQL_PASSWORD - value: ${MYSQL_PASSWORD} + valueFrom: + secretKeyRef: + name: ${APP}-${BRANCH} + key: mysql_password - name: MYSQL_HOST value: ${DB}-${BRANCH} - name: BRANCH - value: ${BRANCH} + valueFrom: + configMapKeyRef: + name: ${APP}-${BRANCH} + key: branch restartPolicy: Never