-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathprovision-ups.yml
171 lines (162 loc) · 5.04 KB
/
provision-ups.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
- name: UPS deployment
openshift_v1_deployment_config:
name: '{{ ups_deploymentconfig_name }}'
namespace: "{{ namespace }}"
labels:
app: ups
service: ups
name: ups
mobile: enabled
replicas: 1
selector:
app: ups
service: ups
spec_template_metadata_labels:
app: ups
service: ups
spec_template_spec_service_account_name: '{{ proxy_serviceaccount_name }}'
spec_template_spec_init_containers:
- name: wait-for-postgresql
image: '{{ postgres_image }}'
imagePullPolicy: Always
env:
- name: POSTGRES_SERVICE_HOST
value: "{{ postgres_service_name }}"
command:
- "/bin/sh"
- "-c"
- "source /opt/rh/rh-postgresql96/enable && until pg_isready -h $POSTGRES_SERVICE_HOST; do echo waiting for database; sleep 2; done;"
containers:
- name: ups
image: '{{ ups_image }}'
imagePullPolicy: Always
env:
- name: POSTGRES_USER
value_from:
secret_key_ref:
name: '{{ postgres_secret_name }}'
key: database-user
- name: POSTGRES_PASSWORD
value_from:
secret_key_ref:
name: '{{ postgres_secret_name }}'
key: database-password
- name: POSTGRES_DATABASE
value_from:
secret_key_ref:
name: '{{ postgres_secret_name }}'
key: database-name
- name: POSTGRES_SERVICE_HOST
value: "{{ postgres_service_name }}"
- name: POSTGRES_SERVICE_PORT
value: "5432"
ports:
- name: ups
protocol: TCP
container_port: 8080
readinessProbe:
httpGet:
path: '/rest/applications'
port: 8080
initialDelaySeconds: 15
timeoutSeconds: 2
livenessProbe:
httpGet:
path: '/rest/applications'
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 2
- name: ups-oauth-proxy
image: '{{ proxy_image }}'
imagePullPolicy: Always
ports:
- containerPort: '{{ ups_proxy_port }}'
name: public
args:
- --provider=openshift
- --openshift-service-account={{ proxy_serviceaccount_name }}
- --upstream=http://localhost:{{ ups_port }}
- >-
--openshift-sar={"namespace":"{{ namespace }}","resource":"deploymentconfigs","name":"ups","verb":"update"}
- --http-address=0.0.0.0:{{ ups_proxy_port }}
- --skip-auth-regex=/rest/sender,/rest/registry/device,/rest/prometheus/metrics,/rest/auth/config
- --https-address=
- --cookie-secret=SECRET
- name: ups-sync-service
image: '{{ ups_sidecar_image }}'
imagePullPolicy: Always
env:
- name: NAMESPACE
value: "{{ namespace }}"
- name: create UPS service
k8s_v1_service:
name: '{{ ups_service_name }}'
namespace: '{{ namespace }}'
annotations:
org.aerogear.metrics/plain_endpoint: "/rest/prometheus/metrics"
labels:
app: ups
service: ups
mobile: enabled
selector:
app: ups
service: ups
ports:
- name: web
port: 80
target_port: 8080
register: unifiedpush_service
- name: create UPS Proxy
k8s_v1_service:
name: '{{ ups_proxy_service_name }}'
namespace: '{{ namespace }}'
labels:
app: ups
service: ups-proxy
selector:
app: ups
service: ups
ports:
- name: web
port: 80
target_port: '{{ ups_proxy_port }}'
- name: create ups https route
openshift_v1_route:
name: '{{ ups_route_name }}'
namespace: '{{ namespace }}'
labels:
app: ups
service: ups-proxy
to_name: ups-proxy
spec_port_target_port: web
spec_tls_termination: edge
register: ups_route
# We need to wait for the deployment to be ready before we can exit the ansible job
- name: "Wait for all UPS containers to become ready"
shell: oc get pods --namespace={{ namespace }} --selector="deploymentconfig={{ ups_deploymentconfig_name }}" -o jsonpath='{.items[*].status.containerStatuses[?(@.ready==true)].ready}'| wc -w
register: ups_result
until: ups_result.stdout.find("3") != -1
retries: 60
delay: 5
- name: "Create {{ namespace }} PushApplication on service host {{ unifiedpush_service.service.spec.cluster_ip }}"
uri:
url: "http://{{ unifiedpush_service.service.spec.cluster_ip }}/rest/applications"
method: POST
body: '{"name" : "{{ namespace }}", "description" : "Push application for {{ namespace }}"}'
validate_certs: no
body_format: json
status_code: 201
register: namespace_push_app
# This is currently needed until https://github.com/openshift/ansible-service-broker/issues/847 is resolved
- name: Make the data available to be used in the binding
asb_encode_binding:
fields:
NAMESPACE: "{{ namespace }}"
- name: "Create ups secret yaml file"
template:
src: secret.yml.j2
dest: /tmp/secret.yaml
- name: "Create UPS secret"
shell: "oc create -f /tmp/secret.yaml -n {{ namespace }}"
- name: "Delete UPS Secret Template File"
file: path=/tmp/secret.yaml state=absent