Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate Image Streams #4

Merged
merged 9 commits into from
Mar 6, 2018
Merged

Integrate Image Streams #4

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
61a7779
Introducing Imagestreams
Feb 19, 2018
9ed79a7
PR #4 review requests.
Feb 20, 2018
6d67553
Introducing Resource Limits
Feb 20, 2018
287e33c
Scheduled Import builder image
Feb 20, 2018
b3a3267
Makefile for deployment and Documentation Update
Feb 20, 2018
d917818
re-enabling postCommit in the BuildConfig
Feb 28, 2018
58d7958
Adding prometheus exporter endpoint
Feb 28, 2018
dfb1371
updating the postCommit to be more insightfull
Feb 28, 2018
0b3dfe2
specifying the port used to scrape
Feb 28, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions openshift/01-apicast-cloud-hosted-imagestream.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: v1
kind: ImageStream
metadata:
name: apicast-cloud-hosted
labels:
app: apicast-cloud-hosted
spec:
tags:
- name: latest
annotations:
openshift.io/display-name: APIcast Cloud Hosted (latest)
from:
kind: ImageStreamTag
name: latest
12 changes: 12 additions & 0 deletions openshift/02-apicast-builder-imagestream.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: v1
kind: ImageStream
metadata:
name: apicast
labels:
app: apicast
spec:
tags:
- name: master-builder
from:
kind: DockerImage
name: quay.io/3scale/apicast:master-builder
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shuld this use https://docs.openshift.com/container-platform/3.6/architecture/core_concepts/builds_and_image_streams.html#image-stream-mappings-working-periodic ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That could be set as https://docs.openshift.com/container-platform/3.6/rest_api/openshift_v1.html#v1-tagimportpolicy

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes I think it is a good idea.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be good to have a comment pointing to how is this refreshed.
#4 (comment)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TBH, I don't know how quay.io/3scale/apicast:master-builder is refreshed either... Or are you talking about the scheduled imports from the registry?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep. Scheduled imports.

Those quay images are built when master branch is updated.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in 287e33c

24 changes: 11 additions & 13 deletions openshift/BuildConfig.yml → openshift/03-build-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: build.openshift.io/v1
apiVersion: v1
kind: BuildConfig
metadata:
labels:
Expand All @@ -7,18 +7,16 @@ metadata:
status:
spec:
nodeSelector: null
postCommit:
args:
- '--dev'
- '--daemon'
command:
- bin/apicast
#postCommit:
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mikz Should we remove the postCommit ? The Deployment is working without it, but I'm not sure how to solve it...

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

postCommit is good. It verifies the image will boot. Otherwise you have no idea until you try to deploy it (and fail).

Copy link
Author

@maneta maneta Feb 20, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok you said something about Apicasy and the RESOLVER env Variable I will take a look at it

Copy link
Author

@maneta maneta Feb 21, 2018
edited by mikz
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mikz So the problem with the postCommit is that the openshift builder is setting the resolv.conf file like that:

# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh
# Generated by NetworkManager
search ec2.internal cluster.local
nameserver 10.0.101.97

The problem is the first line, looks like the parse_nameservers function in APIcast https://github.com/3scale/apicast/blob/5c2dc6bbf9295b5e7891fb7bb52e32abcf763972/gateway/src/resty/resolver.lua#L105 is matching with the commented nameserver in the file.

The actual error thrown by nginx is:

nginx: [emerg] invalid IPv6 address in resolver "[domain]:53" in /tmp/lua_c5D5o5:45

I have reproduced it locally.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep. Looks like: https://github.com/3scale/apicast/blob/5c2dc6bbf9295b5e7891fb7bb52e32abcf763972/gateway/src/resty/resolver.lua#L135-L140

This should match only from start of the line and ignore comments. We probably need better parsing anyway.

Good catch!

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Corrected in 3scale/APIcast#618

# args:
# - '--dev'
# - '--daemon'
# command:
# - bin/apicast
output:
pushSecret:
name: quay
to:
kind: DockerImage
name: 'quay.io/3scale/apicast-cloud-hosted:apicast-master'
kind: ImageStreamTag
name: apicast-cloud-hosted:latest
source:
contextDir: /apicast
git:
Expand All @@ -31,5 +29,5 @@ spec:
sourceStrategy:
forcePull: true
from:
kind: DockerImage
name: 'quay.io/3scale/apicast:master-builder'
kind: ImageStreamTag
name: apicast:master-builder
83 changes: 44 additions & 39 deletions openshift/template.yml → openshift/04-deployment-template.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,23 @@
apiVersion: v1
kind: Template
metadata:
name: "apicast-cloud-hosted"
name: "apicast-cloud-hosted-deployment"
objects:

- apiVersion: v1
kind: DeploymentConfig
metadata:
name: apicast-mapping-service
name: apicast-mapping-service-${RELEASE_REF}
spec:
replicas: 1
selector:
deploymentconfig: apicast-mapping-service
deploymentconfig: apicast-mapping-service-${RELEASE_REF}
strategy:
type: Rolling
template:
metadata:
labels:
deploymentconfig: apicast-mapping-service
deploymentconfig: apicast-mapping-service-${RELEASE_REF}
spec:
containers:
- name: apicast-mapping-service
Expand Down Expand Up @@ -50,23 +50,30 @@ objects:
- containerPort: 8090
name: management
protocol: TCP
resources:
limits:
cpu: '1'
memory: 128Mi
requests:
cpu: 500m
memory: 64Mi
triggers:
- type: ConfigChange

- apiVersion: v1
kind: DeploymentConfig
metadata:
name: apicast
name: apicast-${RELEASE_REF}
spec:
replicas: 1
selector:
deploymentconfig: apicast
deploymentconfig: apicast-${RELEASE_REF}
strategy:
type: Rolling
template:
metadata:
labels:
deploymentconfig: apicast
deploymentconfig: apicast-${RELEASE_REF}
spec:
containers:
- env:
Expand All @@ -77,8 +84,10 @@ objects:
- name: THREESCALE_DEPLOYMENT_ENV
value: "${ENVIRONMENT}"
- name: THREESCALE_PORTAL_ENDPOINT
value: "http://apicast-mapping-service/config"
image: "${APICAST_IMAGE}"
value: "http://apicast-mapping-service-${RELEASE_REF}/config"
- name: APICAST_OIDC_LOG_LEVEL
value: "notice"
image: apicast-cloud-hosted:${RELEASE_REF}
imagePullPolicy: IfNotPresent
name: apicast
livenessProbe:
Expand All @@ -101,29 +110,43 @@ objects:
- containerPort: 8090
name: management
protocol: TCP
resources:
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mikz Should we set the APICAST_WORKERS too?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope. APIcast autodetects number of requested CPU cores: 3scale/APIcast#600

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

limits:
cpu: '1'
memory: 128Mi
requests:
cpu: 500m
memory: 64Mi
triggers:
- type: ConfigChange
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- apicast-${RELEASE_REF}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks wrong.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yep.

from:
kind: ImageStreamTag
name: apicast-cloud-hosted:${RELEASE_REF}

- apiVersion: v1
kind: Service
metadata:
name: apicast-mapping-service
name: apicast-mapping-service-${RELEASE_REF}
spec:
ports:
- name: mapping
port: 80
protocol: TCP
targetPort: mapping
selector:
deploymentconfig: apicast-mapping-service
deploymentconfig: apicast-mapping-service-${RELEASE_REF}

- apiVersion: v1
kind: Service
metadata:
name: apicast
name: apicast-${RELEASE_REF}
annotations:
service.alpha.openshift.io/dependencies: |-
[{"name": "apicast-mapping-service", "kind": "Service"}]
[{"name": "apicast-mapping-service-${RELEASE_REF}", "kind": "Service"}]
spec:
ports:
- name: proxy
Expand All @@ -135,28 +158,14 @@ objects:
port: 8090
targetPort: management
selector:
deploymentconfig: apicast

- apiVersion: v1
kind: Route
metadata:
name: apicast-router
labels:
app: apicast-router
spec:
host: apicast.${ENVIRONMENT}.gw.apicast.io
to:
kind: Service
name: apicast
port:
targetPort: proxy
wildcardPolicy: Subdomain
tls:
termination: edge
insecureEdgeTerminationPolicy: Allow
deploymentconfig: apicast-${RELEASE_REF}

parameters:

- description: "Release version reference"
name: RELEASE_REF
required: true

- description: "Deployment environment. `staging` or `production`"
name: ENVIRONMENT
required: true
Expand All @@ -168,14 +177,10 @@ parameters:
- name: MAPPING_SERVICE_IMAGE
description: "Mapping Service image name. Used to discover proxy configurations."
required: true
value: "quay.io/3scale/apicast-cloud-hosted:mapping-service-v3.0.0-cloud1"

- name: APICAST_IMAGE
description: "APIcast image name."
required: true
value: "quay.io/3scale/apicast-cloud-hosted:apicast-v3.0.0-cloud1"
value: "quay.io/3scale/apicast-cloud-hosted:mapping-service-master"

- name: MASTER_ACCESS_TOKEN_SECRET
description: "Secret name that containts System Master Access Token password"
required: true
value: 'master-access-token-secret'

49 changes: 49 additions & 0 deletions openshift/05-routes.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
apiVersion: v1
kind: Template
metadata:
name: "apicast-cloud-hosted"
objects:

- apiVersion: v1
kind: Route
metadata:
name: apicast-router
labels:
app: apicast-router
spec:
host: apicast.${ENVIRONMENT}.gw.apicast.io
to:
kind: Service
name: apicast
port:
targetPort: proxy
wildcardPolicy: Subdomain
tls:
termination: edge
insecureEdgeTerminationPolicy: Allow

- apiVersion: v1
kind: Route
metadata:
name: apicast-${ENVIRONMENT}-policies
spec:
host: apicast.${ENVIRONMENT}.${WILDCARD_DOMAIN}
path: /policies
to:
kind: Service
name: apicast
port:
targetPort: management
wildcardPolicy: None
tls:
termination: edge

parameters:

- description: "Deployment environment. `staging` or `production`"
name: ENVIRONMENT
required: true

- description: "Openshift Cluster Wildcard Domain"
name: WILDCARD_DOMAIN
required: true