merge openshift and docker support

7 years ago · 7c79d5acf6
8 changed files with 206 additions and 112 deletions
--- a/support/docker/Dockerfile
+++ b/support/docker/Dockerfile
@ -4,10 +4,13 @@ MAINTAINER Nicolas Masse <nmasse@redhat.com>
 LABEL io.k8s.display-name="Ansible role nmasse-itix.threescale-cicd" \
      io.k8s.description="Deploys an API to 3scale API Management." \
-      io.openshift.tags="ansible,api,3scale"
+      io.openshift.tags="3scale"
-ARG GIT_REPOSITORY=https://github.com/nmasse-itix/threescale-cicd.git
+ARG THREESCALE_CICD_GIT_REPOSITORY=https://github.com/nmasse-itix/threescale-cicd.git
-ARG GIT_BRANCH=master
+
 # This one is by convention used by the Docker Build services. 
 # See https://docs.docker.com/docker-hub/builds/advanced/
 ARG SOURCE_BRANCH=master
 RUN yum install -y centos-release-scl && \
    yum-config-manager --enable rhel-server-rhscl-7-rpms && \
@ -16,7 +19,7 @@ RUN yum install -y centos-release-scl && \
    yum clean all && \
    rm -rf /var/cache/yum && \
    mkdir -p /opt/ansible/threescale-cicd && \
-    git clone -b ${GIT_BRANCH} -- ${GIT_REPOSITORY} /opt/ansible/threescale-cicd && \
+    git clone -b ${SOURCE_BRANCH} -- ${THREESCALE_CICD_GIT_REPOSITORY} /opt/ansible/threescale-cicd && \
    cd /opt/ansible/threescale-cicd/support/docker && mkdir api && \
    ansible-playbook install.yaml
--- a/support/docker/deploy-api.yaml
+++ b/support/docker/deploy-api.yaml
@ -1 +0,0 @@
 ../jenkins/deploy-api.yaml
--- a/support/docker/deploy-api.yaml
+++ b/support/docker/deploy-api.yaml
@ -0,0 +1,89 @@
 ---
 - name: Prepare the Ansible inventory
  hosts: localhost
  gather_facts: no
  vars:
    # By default, the 3scale admin portal hostname and its access token are taken
    # from a Kubernetes secret but they can be overriden from the command line
    # as extra vars (-e threescale_portal_hostname=... -e threescale_cicd_access_token=...)
    threescale_portal_hostname: 'lookup(''file'', ''/tmp/secrets/hostname'')'
    threescale_cicd_access_token: 'lookup(''file'', ''/tmp/secrets/access_token'')'
  tasks:
  - assert:
      that: threescale_portal_hostname is defined
      msg: >
        Please pass the hostname of your 3scale Admin Portal in "hostname" key of the
        "3scale-admin-portal" secret.
  - assert:
      that: threescale_cicd_access_token is defined
      msg: >
        Please pass the access token of your 3scale Admin Portal in "access_token" key of the
        "3scale-admin-portal" secret.
  # Generate dynamically a one host inventory
  - add_host:
      hostname: '{{ threescale_portal_hostname }}'
      groups:
      - threescale
      threescale_cicd_access_token: '{{ threescale_cicd_access_token }}'
 - name: Deploy an API to 3scale
  hosts: threescale
  gather_facts: no
  vars:
    # Support for OpenShift custom build
    #
    # The git_repository, git_context_dir and git_ref are taken from the OpenShift build definition
    # but they can be overriden from the command line as extra vars (-e git_repository=... 
    # -e git_ref=... -e git_context_dir=...). If you choose to pass those vars on the command line,
    # you need to pass all those three variables.
    build: '{{ lookup(''env'', ''BUILD'')|from_json }}'
    git_repository: '{{ build.spec.source.git.uri }}'
    git_context_dir: '{{ build.spec.source.git.contextDir|default('''') }}'
    git_ref: '{{ build.spec.source.git.ref|default(''master'') }}'
    # By default, the Red Hat SSO Issuer Endpoint are taken from a Kubernetes secret
    # but they can be overriden from the command line as extra vars (-e threescale_cicd_sso_issuer_endpoint=...)
    threescale_cicd_sso_issuer_endpoint: 'lookup(''file'', ''/tmp/secrets/sso_issuer_endpoint'')'
    ansible_connection: local
    parameter_whitelist:
    - threescale_cicd_openapi_file
    - threescale_cicd_openapi_file_format
    - threescale_cicd_api_system_name
    - threescale_cicd_api_base_system_name
    - threescale_cicd_wildcard_domain
    - threescale_cicd_api_basepath
    - threescale_cicd_api_backend_hostname
    - threescale_cicd_api_backend_scheme
    - threescale_cicd_private_base_url
    - threescale_cicd_apicast_policies_cors
    - threescale_cicd_openapi_smoketest_operation
    - threescale_cicd_api_environment_name
    - threescale_cicd_validate_openapi
    - threescale_cicd_apicast_sandbox_endpoint
    - threescale_cicd_apicast_production_endpoint
  pre_tasks:
  - name: Clone the git repo containing the API Definition
    git:
      repo: '{{ git_repository }}'
      dest: '{{ playbook_dir }}/api'
      version: '{{ git_ref }}'
    when: 'lookup(''env'', ''BUILD'')|length > 0 or git_repository|default('''')|length > 0'
  - name: Accept threescale_cicd_* variables from environment variables
    set_fact:
        '{{ item|lower }}': '{{ lookup(''env'', item|upper) }}'
    with_items: '{{ parameter_whitelist }}'
    when: 'lookup(''env'', item|upper)|length > 0'
  - name: Add the contextDir to the OpenAPI file path
    set_fact:
      threescale_cicd_openapi_file: '{{ playbook_dir }}/api/{{ git_context_dir }}/{{ threescale_cicd_openapi_file }}'
    when: 'lookup(''env'', ''BUILD'')|length > 0 or git_repository|default('''')|length > 0'
  roles:
  - nmasse-itix.threescale-cicd
--- a/support/docker/openshift-template.yaml
+++ b/support/docker/openshift-template.yaml
@ -0,0 +1,110 @@
 apiVersion: v1
 kind: Template
 labels:
  template: deploy-3scale-api
 metadata:
  annotations:
    description: |-
      Deploy an API to 3scale
    openshift.io/display-name: OpenShift BuildConfig to deploy an API to 3scale
    tags: builder
    template.openshift.io/documentation-url: https://github.com/nmasse-itix/threescale-cicd
    template.openshift.io/long-description: OpenShift BuildConfig to deploy an API to 3scale
    template.openshift.io/provider-display-name: Nicolas Massé
    template.openshift.io/support-url: https://github.com/nmasse-itix/threescale-cicd/issues
  name: deploy-3scale-api
 parameters:
 - name: API_NAME
  description: 'The name of your API (subject to OpenShift name syntax: [a-zA-Z0-9_])'
  value: example
  required: true
 - name: API_GIT_URI
  description: GIT Repository containing the OpenAPI Specification to deploy
  required: true
 - name: API_GIT_REF
  description: The branch or tag to use when checking out the GIT repository
  value: master
  required: true
 - name: API_GIT_CONTEXT_DIR
  description: The context directory to cd after the git checkout
  required: false
 - name: API_OPENAPI_FILE
  description: The OpenAPI Specification file to use to deploy the API
  value: openapi-spec.yaml
  required: true
 - name: API_OPENAPI_FILE_FORMAT
  description: The format (JSON or YAML) of the OpenAPI Specification file
  value: YAML
  required: false
 - name: 3SCALE_ADMIN_PORTAL_HOSTNAME
  description: The hostname of the 3scale admin portal (bare hostname, without https://)
  required: true
 - name: 3SCALE_ADMIN_PORTAL_ACCESS_TOKEN
  description: The 3scale access token
  required: true
 - name: SSO_ISSUER_ENDPOINT
  description: For OpenID Connect APIs only, the Red Hat SSO OIDC Issuer Endpoint (https://client_id:client_secret@sso.hostname/auth/realms/my-realm) 
  required: false
 - name: THREESCALE_CICD_VERSION
  value: stable
  required: true
 objects:
 - apiVersion: v1
  kind: ImageStream
  metadata:
    name: threescale-cicd
  spec:
    - name: latest
      annotations:
      referencePolicy:
        type: Local
      from:
        kind: ImageStreamTag
        name: ${THREESCALE_CICD_VERSION}
    - name: ${THREESCALE_CICD_VERSION}
      annotations:
      referencePolicy:
        type: Local
      from:
        kind: DockerImage
        name: docker.io/nmasse/threescale-cicd:${THREESCALE_CICD_VERSION}
 - kind: "BuildConfig"
  apiVersion: "v1"
  metadata:
    name: "deploy-3scale-api-${API_NAME}" 
  spec:
    source: 
      type: "Git"
      git:
        uri: "${API_GIT_URI}"
        ref: "${API_GIT_REF}"
      contextDir: "${API_GIT_CONTEXT_DIR}"
    strategy: 
      type: "Custom"
      customStrategy:
        from:
          kind: "ImageStreamTag"
          name: "threescale-cicd:${THREESCALE_CICD_VERSION}"
        env:
        - name: THREESCALE_CICD_OPENAPI_FILE_FORMAT
          value: ${API_OPENAPI_FILE_FORMAT}
        - name: THREESCALE_CICD_API_BASE_SYSTEM_NAME
          value: ${API_NAME}
        secrets:
          - secretSource: 
              name: "3scale-admin-portal-${API_NAME}"
            mountPath: "/tmp/secrets"
    triggers:
    - type: ConfigChange
 - apiVersion: v1
  kind: Secret
  metadata:
    name: 3scale-admin-portal-${API_NAME}
  type: Opaque 
  stringData: 
    hostname: ${3SCALE_ADMIN_PORTAL_HOSTNAME}
    access_token: ${3SCALE_ADMIN_PORTAL_ACCESS_TOKEN}
    sso_issuer_endpoint: ${SSO_ISSUER_ENDPOINT}
--- a/support/openshift/Dockerfile
+++ b/support/openshift/Dockerfile
@ -1,30 +0,0 @@
 FROM openshift/origin-base:v3.11
 MAINTAINER Nicolas Masse <nmasse@redhat.com>
 LABEL io.k8s.display-name="OpenShift Custom builder for Ansible role nmasse-itix.threescale-cicd" \
      io.k8s.description="Deploys an API to 3scale API Management." \
      io.openshift.tags="builder,3scale"
 ARG THREESCALE_CICD_GIT_REPOSITORY=https://github.com/nmasse-itix/threescale-cicd.git
 # This one is by convention used by the Docker Build services. 
 # See https://docs.docker.com/docker-hub/builds/advanced/
 ARG SOURCE_BRANCH=master
 RUN yum install -y centos-release-scl && \
    yum-config-manager --enable rhel-server-rhscl-7-rpms && \
    yum install -y ansible git python27-python-pip && \
    scl enable python27 "pip install --install-option='--install-purelib=/usr/lib/python2.7/site-packages/' jinja2" && \
    yum clean all && \
    rm -rf /var/cache/yum && \
    mkdir -p /opt/ansible/threescale-cicd && \
    git clone -b ${SOURCE_BRANCH} -- ${THREESCALE_CICD_GIT_REPOSITORY} /opt/ansible/threescale-cicd && \
    cd /opt/ansible/threescale-cicd/support/openshift && mkdir api && \
    ansible-playbook install.yaml
 WORKDIR /opt/ansible/threescale-cicd/support/openshift
 VOLUME [ "/opt/ansible/threescale-cicd/support/docker/api" ]
 ENTRYPOINT [ "/usr/bin/ansible-playbook", "deploy-api.yaml" ]
 CMD [ ]
--- a/support/openshift/ansible.cfg
+++ b/support/openshift/ansible.cfg
@ -1 +0,0 @@
 ../../ansible.cfg
--- a/support/openshift/deploy-api.yaml
+++ b/support/openshift/deploy-api.yaml
@ -1,74 +0,0 @@
 ---
 - name: Prepare the Ansible inventory
  hosts: localhost
  gather_facts: no
  vars:
    threescale_portal_hostname: 'lookup(''file'', ''/tmp/secrets/hostname'')'
    threescale_cicd_access_token: 'lookup(''file'', ''/tmp/secrets/access_token'')'
  tasks:
  - assert:
      that: threescale_portal_hostname is defined
      msg: >
        Please pass the hostname of your 3scale Admin Portal in "hostname" key of the
        "3scale-admin-portal" secret.
  - assert:
      that: threescale_cicd_access_token is defined
      msg: >
        Please pass the access token of your 3scale Admin Portal in "access_token" key of the
        "3scale-admin-portal" secret.
  # Generate dynamically a one host inventory
  - add_host:
      hostname: '{{ threescale_portal_hostname }}'
      groups:
      - threescale
      threescale_cicd_access_token: '{{ threescale_cicd_access_token }}'
 - name: Deploy an API to 3scale
  hosts: threescale
  gather_facts: no
  vars:
    build: '{{ lookup(''env'', ''BUILD'')|from_json }}'
    git_repository: '{{ build.spec.source.git.uri }}'
    git_context_dir: '{{ build.spec.source.git.contextDir|default('''') }}'
    git_ref: '{{ build.spec.source.git.ref|default(''master'') }}'
    ansible_connection: local
    parameter_whitelist:
    - threescale_cicd_openapi_file
    - threescale_cicd_openapi_file_format
    - threescale_cicd_api_system_name
    - threescale_cicd_api_base_system_name
    - threescale_cicd_wildcard_domain
    - threescale_cicd_api_basepath
    - threescale_cicd_api_backend_hostname
    - threescale_cicd_api_backend_scheme
    - threescale_cicd_private_base_url
    - threescale_cicd_apicast_policies_cors
    - threescale_cicd_openapi_smoketest_operation
    - threescale_cicd_api_environment_name
    - threescale_cicd_validate_openapi
    - threescale_cicd_apicast_sandbox_endpoint
    - threescale_cicd_apicast_production_endpoint
    threescale_cicd_sso_issuer_endpoint: 'lookup(''file'', ''/tmp/secrets/sso_issuer_endpoint'')'
  pre_tasks:
  - name: Clone the git repo containing the API Definition
    git:
      repo: '{{ git_repository }}'
      dest: '{{ playbook_dir }}/api'
      version: '{{ git_ref }}'
  - name: Accept threescale_cicd_* variables from environment variables
    set_fact:
        '{{ item|lower }}': '{{ lookup(''env'', item|upper) }}'
    with_items: '{{ parameter_whitelist }}'
    when: 'lookup(''env'', item|upper)|length > 0'
  - name: Add the contextDir to the OpenAPI file path
    set_fact:
      threescale_cicd_openapi_file: '{{ playbook_dir }}/api/{{ git_context_dir }}/{{ threescale_cicd_openapi_file }}'
  roles:
  - nmasse-itix.threescale-cicd
--- a/support/openshift/install.yaml
+++ b/support/openshift/install.yaml
@ -1 +0,0 @@
 ../docker/install.yaml
--- a/support/openshift/roles/nmasse-itix.threescale-cicd
+++ b/support/openshift/roles/nmasse-itix.threescale-cicd
@ -1 +0,0 @@
 ../../..