8 changed files with 206 additions and 112 deletions
@ -1 +0,0 @@ |
|||
../jenkins/deploy-api.yaml |
|||
@ -0,0 +1,89 @@ |
|||
--- |
|||
|
|||
- name: Prepare the Ansible inventory |
|||
hosts: localhost |
|||
gather_facts: no |
|||
vars: |
|||
# By default, the 3scale admin portal hostname and its access token are taken |
|||
# from a Kubernetes secret but they can be overriden from the command line |
|||
# as extra vars (-e threescale_portal_hostname=... -e threescale_cicd_access_token=...) |
|||
threescale_portal_hostname: 'lookup(''file'', ''/tmp/secrets/hostname'')' |
|||
threescale_cicd_access_token: 'lookup(''file'', ''/tmp/secrets/access_token'')' |
|||
tasks: |
|||
- assert: |
|||
that: threescale_portal_hostname is defined |
|||
msg: > |
|||
Please pass the hostname of your 3scale Admin Portal in "hostname" key of the |
|||
"3scale-admin-portal" secret. |
|||
|
|||
- assert: |
|||
that: threescale_cicd_access_token is defined |
|||
msg: > |
|||
Please pass the access token of your 3scale Admin Portal in "access_token" key of the |
|||
"3scale-admin-portal" secret. |
|||
|
|||
# Generate dynamically a one host inventory |
|||
- add_host: |
|||
hostname: '{{ threescale_portal_hostname }}' |
|||
groups: |
|||
- threescale |
|||
threescale_cicd_access_token: '{{ threescale_cicd_access_token }}' |
|||
|
|||
- name: Deploy an API to 3scale |
|||
hosts: threescale |
|||
gather_facts: no |
|||
vars: |
|||
# Support for OpenShift custom build |
|||
# |
|||
# The git_repository, git_context_dir and git_ref are taken from the OpenShift build definition |
|||
# but they can be overriden from the command line as extra vars (-e git_repository=... |
|||
# -e git_ref=... -e git_context_dir=...). If you choose to pass those vars on the command line, |
|||
# you need to pass all those three variables. |
|||
build: '{{ lookup(''env'', ''BUILD'')|from_json }}' |
|||
git_repository: '{{ build.spec.source.git.uri }}' |
|||
git_context_dir: '{{ build.spec.source.git.contextDir|default('''') }}' |
|||
git_ref: '{{ build.spec.source.git.ref|default(''master'') }}' |
|||
|
|||
# By default, the Red Hat SSO Issuer Endpoint are taken from a Kubernetes secret |
|||
# but they can be overriden from the command line as extra vars (-e threescale_cicd_sso_issuer_endpoint=...) |
|||
threescale_cicd_sso_issuer_endpoint: 'lookup(''file'', ''/tmp/secrets/sso_issuer_endpoint'')' |
|||
|
|||
ansible_connection: local |
|||
parameter_whitelist: |
|||
- threescale_cicd_openapi_file |
|||
- threescale_cicd_openapi_file_format |
|||
- threescale_cicd_api_system_name |
|||
- threescale_cicd_api_base_system_name |
|||
- threescale_cicd_wildcard_domain |
|||
- threescale_cicd_api_basepath |
|||
- threescale_cicd_api_backend_hostname |
|||
- threescale_cicd_api_backend_scheme |
|||
- threescale_cicd_private_base_url |
|||
- threescale_cicd_apicast_policies_cors |
|||
- threescale_cicd_openapi_smoketest_operation |
|||
- threescale_cicd_api_environment_name |
|||
- threescale_cicd_validate_openapi |
|||
- threescale_cicd_apicast_sandbox_endpoint |
|||
- threescale_cicd_apicast_production_endpoint |
|||
pre_tasks: |
|||
|
|||
- name: Clone the git repo containing the API Definition |
|||
git: |
|||
repo: '{{ git_repository }}' |
|||
dest: '{{ playbook_dir }}/api' |
|||
version: '{{ git_ref }}' |
|||
when: 'lookup(''env'', ''BUILD'')|length > 0 or git_repository|default('''')|length > 0' |
|||
|
|||
- name: Accept threescale_cicd_* variables from environment variables |
|||
set_fact: |
|||
'{{ item|lower }}': '{{ lookup(''env'', item|upper) }}' |
|||
with_items: '{{ parameter_whitelist }}' |
|||
when: 'lookup(''env'', item|upper)|length > 0' |
|||
|
|||
- name: Add the contextDir to the OpenAPI file path |
|||
set_fact: |
|||
threescale_cicd_openapi_file: '{{ playbook_dir }}/api/{{ git_context_dir }}/{{ threescale_cicd_openapi_file }}' |
|||
when: 'lookup(''env'', ''BUILD'')|length > 0 or git_repository|default('''')|length > 0' |
|||
|
|||
roles: |
|||
- nmasse-itix.threescale-cicd |
|||
@ -0,0 +1,110 @@ |
|||
apiVersion: v1 |
|||
kind: Template |
|||
labels: |
|||
template: deploy-3scale-api |
|||
metadata: |
|||
annotations: |
|||
description: |- |
|||
Deploy an API to 3scale |
|||
openshift.io/display-name: OpenShift BuildConfig to deploy an API to 3scale |
|||
tags: builder |
|||
template.openshift.io/documentation-url: https://github.com/nmasse-itix/threescale-cicd |
|||
template.openshift.io/long-description: OpenShift BuildConfig to deploy an API to 3scale |
|||
template.openshift.io/provider-display-name: Nicolas Massé |
|||
template.openshift.io/support-url: https://github.com/nmasse-itix/threescale-cicd/issues |
|||
name: deploy-3scale-api |
|||
parameters: |
|||
- name: API_NAME |
|||
description: 'The name of your API (subject to OpenShift name syntax: [a-zA-Z0-9_])' |
|||
value: example |
|||
required: true |
|||
- name: API_GIT_URI |
|||
description: GIT Repository containing the OpenAPI Specification to deploy |
|||
required: true |
|||
- name: API_GIT_REF |
|||
description: The branch or tag to use when checking out the GIT repository |
|||
value: master |
|||
required: true |
|||
- name: API_GIT_CONTEXT_DIR |
|||
description: The context directory to cd after the git checkout |
|||
required: false |
|||
- name: API_OPENAPI_FILE |
|||
description: The OpenAPI Specification file to use to deploy the API |
|||
value: openapi-spec.yaml |
|||
required: true |
|||
- name: API_OPENAPI_FILE_FORMAT |
|||
description: The format (JSON or YAML) of the OpenAPI Specification file |
|||
value: YAML |
|||
required: false |
|||
- name: 3SCALE_ADMIN_PORTAL_HOSTNAME |
|||
description: The hostname of the 3scale admin portal (bare hostname, without https://) |
|||
required: true |
|||
- name: 3SCALE_ADMIN_PORTAL_ACCESS_TOKEN |
|||
description: The 3scale access token |
|||
required: true |
|||
- name: SSO_ISSUER_ENDPOINT |
|||
description: For OpenID Connect APIs only, the Red Hat SSO OIDC Issuer Endpoint (https://client_id:client_secret@sso.hostname/auth/realms/my-realm) |
|||
required: false |
|||
- name: THREESCALE_CICD_VERSION |
|||
value: stable |
|||
required: true |
|||
objects: |
|||
- apiVersion: v1 |
|||
kind: ImageStream |
|||
metadata: |
|||
name: threescale-cicd |
|||
spec: |
|||
- name: latest |
|||
annotations: |
|||
referencePolicy: |
|||
type: Local |
|||
from: |
|||
kind: ImageStreamTag |
|||
name: ${THREESCALE_CICD_VERSION} |
|||
|
|||
- name: ${THREESCALE_CICD_VERSION} |
|||
annotations: |
|||
referencePolicy: |
|||
type: Local |
|||
from: |
|||
kind: DockerImage |
|||
name: docker.io/nmasse/threescale-cicd:${THREESCALE_CICD_VERSION} |
|||
|
|||
- kind: "BuildConfig" |
|||
apiVersion: "v1" |
|||
metadata: |
|||
name: "deploy-3scale-api-${API_NAME}" |
|||
spec: |
|||
source: |
|||
type: "Git" |
|||
git: |
|||
uri: "${API_GIT_URI}" |
|||
ref: "${API_GIT_REF}" |
|||
contextDir: "${API_GIT_CONTEXT_DIR}" |
|||
strategy: |
|||
type: "Custom" |
|||
customStrategy: |
|||
from: |
|||
kind: "ImageStreamTag" |
|||
name: "threescale-cicd:${THREESCALE_CICD_VERSION}" |
|||
env: |
|||
- name: THREESCALE_CICD_OPENAPI_FILE_FORMAT |
|||
value: ${API_OPENAPI_FILE_FORMAT} |
|||
- name: THREESCALE_CICD_API_BASE_SYSTEM_NAME |
|||
value: ${API_NAME} |
|||
secrets: |
|||
- secretSource: |
|||
name: "3scale-admin-portal-${API_NAME}" |
|||
mountPath: "/tmp/secrets" |
|||
triggers: |
|||
- type: ConfigChange |
|||
|
|||
- apiVersion: v1 |
|||
kind: Secret |
|||
metadata: |
|||
name: 3scale-admin-portal-${API_NAME} |
|||
type: Opaque |
|||
stringData: |
|||
hostname: ${3SCALE_ADMIN_PORTAL_HOSTNAME} |
|||
access_token: ${3SCALE_ADMIN_PORTAL_ACCESS_TOKEN} |
|||
sso_issuer_endpoint: ${SSO_ISSUER_ENDPOINT} |
|||
@ -1,30 +0,0 @@ |
|||
FROM openshift/origin-base:v3.11 |
|||
|
|||
MAINTAINER Nicolas Masse <nmasse@redhat.com> |
|||
|
|||
LABEL io.k8s.display-name="OpenShift Custom builder for Ansible role nmasse-itix.threescale-cicd" \ |
|||
io.k8s.description="Deploys an API to 3scale API Management." \ |
|||
io.openshift.tags="builder,3scale" |
|||
|
|||
ARG THREESCALE_CICD_GIT_REPOSITORY=https://github.com/nmasse-itix/threescale-cicd.git |
|||
|
|||
# This one is by convention used by the Docker Build services. |
|||
# See https://docs.docker.com/docker-hub/builds/advanced/ |
|||
ARG SOURCE_BRANCH=master |
|||
|
|||
RUN yum install -y centos-release-scl && \ |
|||
yum-config-manager --enable rhel-server-rhscl-7-rpms && \ |
|||
yum install -y ansible git python27-python-pip && \ |
|||
scl enable python27 "pip install --install-option='--install-purelib=/usr/lib/python2.7/site-packages/' jinja2" && \ |
|||
yum clean all && \ |
|||
rm -rf /var/cache/yum && \ |
|||
mkdir -p /opt/ansible/threescale-cicd && \ |
|||
git clone -b ${SOURCE_BRANCH} -- ${THREESCALE_CICD_GIT_REPOSITORY} /opt/ansible/threescale-cicd && \ |
|||
cd /opt/ansible/threescale-cicd/support/openshift && mkdir api && \ |
|||
ansible-playbook install.yaml |
|||
|
|||
WORKDIR /opt/ansible/threescale-cicd/support/openshift |
|||
VOLUME [ "/opt/ansible/threescale-cicd/support/docker/api" ] |
|||
|
|||
ENTRYPOINT [ "/usr/bin/ansible-playbook", "deploy-api.yaml" ] |
|||
CMD [ ] |
|||
@ -1 +0,0 @@ |
|||
../../ansible.cfg |
|||
@ -1,74 +0,0 @@ |
|||
--- |
|||
|
|||
- name: Prepare the Ansible inventory |
|||
hosts: localhost |
|||
gather_facts: no |
|||
vars: |
|||
threescale_portal_hostname: 'lookup(''file'', ''/tmp/secrets/hostname'')' |
|||
threescale_cicd_access_token: 'lookup(''file'', ''/tmp/secrets/access_token'')' |
|||
tasks: |
|||
- assert: |
|||
that: threescale_portal_hostname is defined |
|||
msg: > |
|||
Please pass the hostname of your 3scale Admin Portal in "hostname" key of the |
|||
"3scale-admin-portal" secret. |
|||
|
|||
- assert: |
|||
that: threescale_cicd_access_token is defined |
|||
msg: > |
|||
Please pass the access token of your 3scale Admin Portal in "access_token" key of the |
|||
"3scale-admin-portal" secret. |
|||
|
|||
# Generate dynamically a one host inventory |
|||
- add_host: |
|||
hostname: '{{ threescale_portal_hostname }}' |
|||
groups: |
|||
- threescale |
|||
threescale_cicd_access_token: '{{ threescale_cicd_access_token }}' |
|||
|
|||
- name: Deploy an API to 3scale |
|||
hosts: threescale |
|||
gather_facts: no |
|||
vars: |
|||
build: '{{ lookup(''env'', ''BUILD'')|from_json }}' |
|||
git_repository: '{{ build.spec.source.git.uri }}' |
|||
git_context_dir: '{{ build.spec.source.git.contextDir|default('''') }}' |
|||
git_ref: '{{ build.spec.source.git.ref|default(''master'') }}' |
|||
ansible_connection: local |
|||
parameter_whitelist: |
|||
- threescale_cicd_openapi_file |
|||
- threescale_cicd_openapi_file_format |
|||
- threescale_cicd_api_system_name |
|||
- threescale_cicd_api_base_system_name |
|||
- threescale_cicd_wildcard_domain |
|||
- threescale_cicd_api_basepath |
|||
- threescale_cicd_api_backend_hostname |
|||
- threescale_cicd_api_backend_scheme |
|||
- threescale_cicd_private_base_url |
|||
- threescale_cicd_apicast_policies_cors |
|||
- threescale_cicd_openapi_smoketest_operation |
|||
- threescale_cicd_api_environment_name |
|||
- threescale_cicd_validate_openapi |
|||
- threescale_cicd_apicast_sandbox_endpoint |
|||
- threescale_cicd_apicast_production_endpoint |
|||
threescale_cicd_sso_issuer_endpoint: 'lookup(''file'', ''/tmp/secrets/sso_issuer_endpoint'')' |
|||
pre_tasks: |
|||
|
|||
- name: Clone the git repo containing the API Definition |
|||
git: |
|||
repo: '{{ git_repository }}' |
|||
dest: '{{ playbook_dir }}/api' |
|||
version: '{{ git_ref }}' |
|||
|
|||
- name: Accept threescale_cicd_* variables from environment variables |
|||
set_fact: |
|||
'{{ item|lower }}': '{{ lookup(''env'', item|upper) }}' |
|||
with_items: '{{ parameter_whitelist }}' |
|||
when: 'lookup(''env'', item|upper)|length > 0' |
|||
|
|||
- name: Add the contextDir to the OpenAPI file path |
|||
set_fact: |
|||
threescale_cicd_openapi_file: '{{ playbook_dir }}/api/{{ git_context_dir }}/{{ threescale_cicd_openapi_file }}' |
|||
|
|||
roles: |
|||
- nmasse-itix.threescale-cicd |
|||
@ -1 +0,0 @@ |
|||
../docker/install.yaml |
|||
@ -1 +0,0 @@ |
|||
../../.. |
|||
Loading…
Reference in new issue