From 948b607869cff54695ddc489a4d547c30b9d1ae4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Wed, 5 Sep 2018 09:54:53 +0200 Subject: [PATCH] update the doc to create secure routes by defautl --- README.md | 14 +++------ apicast-routes-template.yaml | 55 ++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 10 deletions(-) create mode 100644 apicast-routes-template.yaml diff --git a/README.md b/README.md index bd5c2f2..0ea564d 100644 --- a/README.md +++ b/README.md @@ -71,18 +71,12 @@ oc process -f apicast-template.yaml -p ACCESS_TOKEN= - ### 9/ Create the OpenShift routes for your APIcast gateways ```sh -oc expose svc/apicast-staging --hostname=rhte-api-1-staging.test.app.itix.fr --name rhte-api-1-staging -n rhte-test -oc expose svc/apicast-staging --hostname=rhte-api-2-staging.test.app.itix.fr --name rhte-api-2-staging -n rhte-test -oc expose svc/apicast-production --hostname=rhte-api-1.test.app.itix.fr --name rhte-api-1-production -n rhte-test -oc expose svc/apicast-production --hostname=rhte-api-2.test.app.itix.fr --name rhte-api-2-production -n rhte-test -oc expose svc/apicast-staging --hostname=rhte-api-1-staging.prod.app.itix.fr --name rhte-api-1-staging -n rhte-prod -oc expose svc/apicast-staging --hostname=rhte-api-2-staging.prod.app.itix.fr --name rhte-api-2-staging -n rhte-prod -oc expose svc/apicast-production --hostname=rhte-api-1.prod.app.itix.fr --name rhte-api-1-production -n rhte-prod -oc expose svc/apicast-production --hostname=rhte-api-2.prod.app.itix.fr --name rhte-api-2-production -n rhte-prod +oc process -f apicast-routes-template.yaml -p MAJOR_VERSION=1 -p WILDCARD_DOMAIN=test.app.itix.fr | oc create -f - -n rhte-test +oc process -f apicast-routes-template.yaml -p MAJOR_VERSION=2 -p WILDCARD_DOMAIN=test.app.itix.fr | oc create -f - -n rhte-test +oc process -f apicast-routes-template.yaml -p MAJOR_VERSION=1 -p WILDCARD_DOMAIN=prod.app.itix.fr | oc create -f - -n rhte-prod +oc process -f apicast-routes-template.yaml -p MAJOR_VERSION=2 -p WILDCARD_DOMAIN=prod.app.itix.fr | oc create -f - -n rhte-prod ``` -TODO: Patch the routes to enable HTTPS - ### 10/ Deploy Ansible Tower ```sh diff --git a/apicast-routes-template.yaml b/apicast-routes-template.yaml new file mode 100644 index 0000000..a9832ee --- /dev/null +++ b/apicast-routes-template.yaml @@ -0,0 +1,55 @@ +apiVersion: template.openshift.io/v1 +kind: Template +labels: + template: apicast +metadata: + annotations: + description: RHTE APIcast Routes + name: rhte-apicast-routes +objects: +- apiVersion: route.openshift.io/v1 + kind: Route + metadata: + name: ${BASE_NAME}-${MAJOR_VERSION}-staging + spec: + host: ${BASE_NAME}-${MAJOR_VERSION}-staging.${WILDCARD_DOMAIN} + port: + targetPort: proxy + tls: + termination: edge + insecureEdgeTerminationPolicy: Allow + to: + kind: Service + name: apicast-staging + weight: 100 + wildcardPolicy: None +- apiVersion: route.openshift.io/v1 + kind: Route + metadata: + name: ${BASE_NAME}-${MAJOR_VERSION}-production + spec: + host: ${BASE_NAME}-${MAJOR_VERSION}.${WILDCARD_DOMAIN} + port: + targetPort: proxy + tls: + termination: edge + insecureEdgeTerminationPolicy: Allow + to: + kind: Service + name: apicast-production + weight: 100 + wildcardPolicy: None +parameters: +- description: The DNS domain under which APIs will be exposed + displayName: 3scale wildcard domain + name: WILDCARD_DOMAIN + required: true +- description: 'The system_name of the API, converted to DNS ("_" -> "-")' + displayName: 3scale API Base Name + name: BASE_NAME + value: rhte-api + required: true +- description: The API major version (1, 2, etc.) + displayName: 3scale API major version + name: MAJOR_VERSION + required: true