diff --git a/support/docker/Dockerfile b/support/docker/Dockerfile index e1ffc93..7b322bf 100644 --- a/support/docker/Dockerfile +++ b/support/docker/Dockerfile @@ -4,10 +4,13 @@ MAINTAINER Nicolas Masse LABEL io.k8s.display-name="Ansible role nmasse-itix.threescale-cicd" \ io.k8s.description="Deploys an API to 3scale API Management." \ - io.openshift.tags="ansible,api,3scale" + io.openshift.tags="3scale" -ARG GIT_REPOSITORY=https://github.com/nmasse-itix/threescale-cicd.git -ARG GIT_BRANCH=master +ARG THREESCALE_CICD_GIT_REPOSITORY=https://github.com/nmasse-itix/threescale-cicd.git + +# This one is by convention used by the Docker Build services. +# See https://docs.docker.com/docker-hub/builds/advanced/ +ARG SOURCE_BRANCH=master RUN yum install -y centos-release-scl && \ yum-config-manager --enable rhel-server-rhscl-7-rpms && \ @@ -16,7 +19,7 @@ RUN yum install -y centos-release-scl && \ yum clean all && \ rm -rf /var/cache/yum && \ mkdir -p /opt/ansible/threescale-cicd && \ - git clone -b ${GIT_BRANCH} -- ${GIT_REPOSITORY} /opt/ansible/threescale-cicd && \ + git clone -b ${SOURCE_BRANCH} -- ${THREESCALE_CICD_GIT_REPOSITORY} /opt/ansible/threescale-cicd && \ cd /opt/ansible/threescale-cicd/support/docker && mkdir api && \ ansible-playbook install.yaml diff --git a/support/docker/deploy-api.yaml b/support/docker/deploy-api.yaml deleted file mode 120000 index e272666..0000000 --- a/support/docker/deploy-api.yaml +++ /dev/null @@ -1 +0,0 @@ -../jenkins/deploy-api.yaml \ No newline at end of file diff --git a/support/docker/deploy-api.yaml b/support/docker/deploy-api.yaml new file mode 100644 index 0000000..13bae39 --- /dev/null +++ b/support/docker/deploy-api.yaml @@ -0,0 +1,89 @@ +--- + +- name: Prepare the Ansible inventory + hosts: localhost + gather_facts: no + vars: + # By default, the 3scale admin portal hostname and its access token are taken + # from a Kubernetes secret but they can be overriden from the command line + # as extra vars (-e threescale_portal_hostname=... -e threescale_cicd_access_token=...) + threescale_portal_hostname: 'lookup(''file'', ''/tmp/secrets/hostname'')' + threescale_cicd_access_token: 'lookup(''file'', ''/tmp/secrets/access_token'')' + tasks: + - assert: + that: threescale_portal_hostname is defined + msg: > + Please pass the hostname of your 3scale Admin Portal in "hostname" key of the + "3scale-admin-portal" secret. + + - assert: + that: threescale_cicd_access_token is defined + msg: > + Please pass the access token of your 3scale Admin Portal in "access_token" key of the + "3scale-admin-portal" secret. + + # Generate dynamically a one host inventory + - add_host: + hostname: '{{ threescale_portal_hostname }}' + groups: + - threescale + threescale_cicd_access_token: '{{ threescale_cicd_access_token }}' + +- name: Deploy an API to 3scale + hosts: threescale + gather_facts: no + vars: + # Support for OpenShift custom build + # + # The git_repository, git_context_dir and git_ref are taken from the OpenShift build definition + # but they can be overriden from the command line as extra vars (-e git_repository=... + # -e git_ref=... -e git_context_dir=...). If you choose to pass those vars on the command line, + # you need to pass all those three variables. + build: '{{ lookup(''env'', ''BUILD'')|from_json }}' + git_repository: '{{ build.spec.source.git.uri }}' + git_context_dir: '{{ build.spec.source.git.contextDir|default('''') }}' + git_ref: '{{ build.spec.source.git.ref|default(''master'') }}' + + # By default, the Red Hat SSO Issuer Endpoint are taken from a Kubernetes secret + # but they can be overriden from the command line as extra vars (-e threescale_cicd_sso_issuer_endpoint=...) + threescale_cicd_sso_issuer_endpoint: 'lookup(''file'', ''/tmp/secrets/sso_issuer_endpoint'')' + + ansible_connection: local + parameter_whitelist: + - threescale_cicd_openapi_file + - threescale_cicd_openapi_file_format + - threescale_cicd_api_system_name + - threescale_cicd_api_base_system_name + - threescale_cicd_wildcard_domain + - threescale_cicd_api_basepath + - threescale_cicd_api_backend_hostname + - threescale_cicd_api_backend_scheme + - threescale_cicd_private_base_url + - threescale_cicd_apicast_policies_cors + - threescale_cicd_openapi_smoketest_operation + - threescale_cicd_api_environment_name + - threescale_cicd_validate_openapi + - threescale_cicd_apicast_sandbox_endpoint + - threescale_cicd_apicast_production_endpoint + pre_tasks: + + - name: Clone the git repo containing the API Definition + git: + repo: '{{ git_repository }}' + dest: '{{ playbook_dir }}/api' + version: '{{ git_ref }}' + when: 'lookup(''env'', ''BUILD'')|length > 0 or git_repository|default('''')|length > 0' + + - name: Accept threescale_cicd_* variables from environment variables + set_fact: + '{{ item|lower }}': '{{ lookup(''env'', item|upper) }}' + with_items: '{{ parameter_whitelist }}' + when: 'lookup(''env'', item|upper)|length > 0' + + - name: Add the contextDir to the OpenAPI file path + set_fact: + threescale_cicd_openapi_file: '{{ playbook_dir }}/api/{{ git_context_dir }}/{{ threescale_cicd_openapi_file }}' + when: 'lookup(''env'', ''BUILD'')|length > 0 or git_repository|default('''')|length > 0' + + roles: + - nmasse-itix.threescale-cicd diff --git a/support/docker/openshift-template.yaml b/support/docker/openshift-template.yaml new file mode 100644 index 0000000..895ab86 --- /dev/null +++ b/support/docker/openshift-template.yaml @@ -0,0 +1,110 @@ +apiVersion: v1 +kind: Template +labels: + template: deploy-3scale-api +metadata: + annotations: + description: |- + Deploy an API to 3scale + openshift.io/display-name: OpenShift BuildConfig to deploy an API to 3scale + tags: builder + template.openshift.io/documentation-url: https://github.com/nmasse-itix/threescale-cicd + template.openshift.io/long-description: OpenShift BuildConfig to deploy an API to 3scale + template.openshift.io/provider-display-name: Nicolas Massé + template.openshift.io/support-url: https://github.com/nmasse-itix/threescale-cicd/issues + name: deploy-3scale-api +parameters: +- name: API_NAME + description: 'The name of your API (subject to OpenShift name syntax: [a-zA-Z0-9_])' + value: example + required: true +- name: API_GIT_URI + description: GIT Repository containing the OpenAPI Specification to deploy + required: true +- name: API_GIT_REF + description: The branch or tag to use when checking out the GIT repository + value: master + required: true +- name: API_GIT_CONTEXT_DIR + description: The context directory to cd after the git checkout + required: false +- name: API_OPENAPI_FILE + description: The OpenAPI Specification file to use to deploy the API + value: openapi-spec.yaml + required: true +- name: API_OPENAPI_FILE_FORMAT + description: The format (JSON or YAML) of the OpenAPI Specification file + value: YAML + required: false +- name: 3SCALE_ADMIN_PORTAL_HOSTNAME + description: The hostname of the 3scale admin portal (bare hostname, without https://) + required: true +- name: 3SCALE_ADMIN_PORTAL_ACCESS_TOKEN + description: The 3scale access token + required: true +- name: SSO_ISSUER_ENDPOINT + description: For OpenID Connect APIs only, the Red Hat SSO OIDC Issuer Endpoint (https://client_id:client_secret@sso.hostname/auth/realms/my-realm) + required: false +- name: THREESCALE_CICD_VERSION + value: stable + required: true +objects: +- apiVersion: v1 + kind: ImageStream + metadata: + name: threescale-cicd + spec: + - name: latest + annotations: + referencePolicy: + type: Local + from: + kind: ImageStreamTag + name: ${THREESCALE_CICD_VERSION} + + - name: ${THREESCALE_CICD_VERSION} + annotations: + referencePolicy: + type: Local + from: + kind: DockerImage + name: docker.io/nmasse/threescale-cicd:${THREESCALE_CICD_VERSION} + +- kind: "BuildConfig" + apiVersion: "v1" + metadata: + name: "deploy-3scale-api-${API_NAME}" + spec: + source: + type: "Git" + git: + uri: "${API_GIT_URI}" + ref: "${API_GIT_REF}" + contextDir: "${API_GIT_CONTEXT_DIR}" + strategy: + type: "Custom" + customStrategy: + from: + kind: "ImageStreamTag" + name: "threescale-cicd:${THREESCALE_CICD_VERSION}" + env: + - name: THREESCALE_CICD_OPENAPI_FILE_FORMAT + value: ${API_OPENAPI_FILE_FORMAT} + - name: THREESCALE_CICD_API_BASE_SYSTEM_NAME + value: ${API_NAME} + secrets: + - secretSource: + name: "3scale-admin-portal-${API_NAME}" + mountPath: "/tmp/secrets" + triggers: + - type: ConfigChange + +- apiVersion: v1 + kind: Secret + metadata: + name: 3scale-admin-portal-${API_NAME} + type: Opaque + stringData: + hostname: ${3SCALE_ADMIN_PORTAL_HOSTNAME} + access_token: ${3SCALE_ADMIN_PORTAL_ACCESS_TOKEN} + sso_issuer_endpoint: ${SSO_ISSUER_ENDPOINT} \ No newline at end of file diff --git a/support/openshift/Dockerfile b/support/openshift/Dockerfile deleted file mode 100644 index 881b932..0000000 --- a/support/openshift/Dockerfile +++ /dev/null @@ -1,30 +0,0 @@ -FROM openshift/origin-base:v3.11 - -MAINTAINER Nicolas Masse - -LABEL io.k8s.display-name="OpenShift Custom builder for Ansible role nmasse-itix.threescale-cicd" \ - io.k8s.description="Deploys an API to 3scale API Management." \ - io.openshift.tags="builder,3scale" - -ARG THREESCALE_CICD_GIT_REPOSITORY=https://github.com/nmasse-itix/threescale-cicd.git - -# This one is by convention used by the Docker Build services. -# See https://docs.docker.com/docker-hub/builds/advanced/ -ARG SOURCE_BRANCH=master - -RUN yum install -y centos-release-scl && \ - yum-config-manager --enable rhel-server-rhscl-7-rpms && \ - yum install -y ansible git python27-python-pip && \ - scl enable python27 "pip install --install-option='--install-purelib=/usr/lib/python2.7/site-packages/' jinja2" && \ - yum clean all && \ - rm -rf /var/cache/yum && \ - mkdir -p /opt/ansible/threescale-cicd && \ - git clone -b ${SOURCE_BRANCH} -- ${THREESCALE_CICD_GIT_REPOSITORY} /opt/ansible/threescale-cicd && \ - cd /opt/ansible/threescale-cicd/support/openshift && mkdir api && \ - ansible-playbook install.yaml - -WORKDIR /opt/ansible/threescale-cicd/support/openshift -VOLUME [ "/opt/ansible/threescale-cicd/support/docker/api" ] - -ENTRYPOINT [ "/usr/bin/ansible-playbook", "deploy-api.yaml" ] -CMD [ ] diff --git a/support/openshift/ansible.cfg b/support/openshift/ansible.cfg deleted file mode 120000 index 5495ae5..0000000 --- a/support/openshift/ansible.cfg +++ /dev/null @@ -1 +0,0 @@ -../../ansible.cfg \ No newline at end of file diff --git a/support/openshift/deploy-api.yaml b/support/openshift/deploy-api.yaml deleted file mode 100644 index 2ab503d..0000000 --- a/support/openshift/deploy-api.yaml +++ /dev/null @@ -1,74 +0,0 @@ ---- - -- name: Prepare the Ansible inventory - hosts: localhost - gather_facts: no - vars: - threescale_portal_hostname: 'lookup(''file'', ''/tmp/secrets/hostname'')' - threescale_cicd_access_token: 'lookup(''file'', ''/tmp/secrets/access_token'')' - tasks: - - assert: - that: threescale_portal_hostname is defined - msg: > - Please pass the hostname of your 3scale Admin Portal in "hostname" key of the - "3scale-admin-portal" secret. - - - assert: - that: threescale_cicd_access_token is defined - msg: > - Please pass the access token of your 3scale Admin Portal in "access_token" key of the - "3scale-admin-portal" secret. - - # Generate dynamically a one host inventory - - add_host: - hostname: '{{ threescale_portal_hostname }}' - groups: - - threescale - threescale_cicd_access_token: '{{ threescale_cicd_access_token }}' - -- name: Deploy an API to 3scale - hosts: threescale - gather_facts: no - vars: - build: '{{ lookup(''env'', ''BUILD'')|from_json }}' - git_repository: '{{ build.spec.source.git.uri }}' - git_context_dir: '{{ build.spec.source.git.contextDir|default('''') }}' - git_ref: '{{ build.spec.source.git.ref|default(''master'') }}' - ansible_connection: local - parameter_whitelist: - - threescale_cicd_openapi_file - - threescale_cicd_openapi_file_format - - threescale_cicd_api_system_name - - threescale_cicd_api_base_system_name - - threescale_cicd_wildcard_domain - - threescale_cicd_api_basepath - - threescale_cicd_api_backend_hostname - - threescale_cicd_api_backend_scheme - - threescale_cicd_private_base_url - - threescale_cicd_apicast_policies_cors - - threescale_cicd_openapi_smoketest_operation - - threescale_cicd_api_environment_name - - threescale_cicd_validate_openapi - - threescale_cicd_apicast_sandbox_endpoint - - threescale_cicd_apicast_production_endpoint - threescale_cicd_sso_issuer_endpoint: 'lookup(''file'', ''/tmp/secrets/sso_issuer_endpoint'')' - pre_tasks: - - - name: Clone the git repo containing the API Definition - git: - repo: '{{ git_repository }}' - dest: '{{ playbook_dir }}/api' - version: '{{ git_ref }}' - - - name: Accept threescale_cicd_* variables from environment variables - set_fact: - '{{ item|lower }}': '{{ lookup(''env'', item|upper) }}' - with_items: '{{ parameter_whitelist }}' - when: 'lookup(''env'', item|upper)|length > 0' - - - name: Add the contextDir to the OpenAPI file path - set_fact: - threescale_cicd_openapi_file: '{{ playbook_dir }}/api/{{ git_context_dir }}/{{ threescale_cicd_openapi_file }}' - - roles: - - nmasse-itix.threescale-cicd diff --git a/support/openshift/install.yaml b/support/openshift/install.yaml deleted file mode 120000 index 4e7bb63..0000000 --- a/support/openshift/install.yaml +++ /dev/null @@ -1 +0,0 @@ -../docker/install.yaml \ No newline at end of file diff --git a/support/openshift/roles/nmasse-itix.threescale-cicd b/support/openshift/roles/nmasse-itix.threescale-cicd deleted file mode 120000 index a8a4f8c..0000000 --- a/support/openshift/roles/nmasse-itix.threescale-cicd +++ /dev/null @@ -1 +0,0 @@ -../../.. \ No newline at end of file