blob: c4fcefa8ab3bf1e1629120c8f4600772a5d8f5a7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
# https://docs.openshift.com/container-platform/3.11/rest_api/oapi/v1.DeploymentConfig.html#object-schema
apiVersion: v1
kind: DeploymentConfig
metadata:
name: mts
labels:
service: mts
spec:
replicas: 1
selector:
service: mts
strategy:
type: Recreate
template:
metadata:
labels:
service: mts
spec:
containers:
- name: mts
image: docker-registry.default.svc:5000/message-tagging-service/message-tagging-service:latest
env:
# Please do remember to increase this config version after any config
# file content is updated.
# This is a workaround to trigger Openshift automatically to create a
# new pod.
- name: MTS_CONFIG_VERSION
value: 1
ports:
- containerPort: 8080
volumeMounts:
- name: "mts-config"
mountPath: /etc/mts/config.py
subPath: config.py
readOnly: true
# Do not mount /etc/fedora-messaging to put the config file in order to
# use cert files to connect broker provided by fedora-messaging
# package.
- name: "mts-fedora-messaging"
mountPath: /etc/fedora-messaging/
readOnly: true
- name: "koji-conf"
{% if env == 'staging' %}
mountPath: /etc/koji.conf.d/stg.conf
subPath: stg.conf
{% else %}
mountPath: /etc/koji.conf
subPath: koji.conf
{% endif %}
readOnly: true
- name: "krb5-conf"
mountPath: /etc/krb5.conf
subPath: krb5.conf
readOnly: true
# Secret files
- name: keytab
mountPath: /etc/krb5.keytab
subPath: krb5.keytab
readOnly: true
# Refer to playbooks/openshift-apps/message-tagging-service.yml to
# learn the file names of cacert, certificate and private key.
- name: fedora-messaging-ca
mountPath: /etc/pki/fedora-messaging/mts.ca
subPath: mts.ca
readOnly: true
- name: fedora-messaging-crt
mountPath: /etc/pki/fedora-messaging/mts.crt
subPath: mts.crt
readOnly: true
- name: fedora-messaging-key
mountPath: /etc/pki/fedora-messaging/mts.key
subPath: mts.key
readOnly: true
resources:
requests:
cpu: 500m
memory: 128Mi
limits:
cpu: 2000m
memory: 512Mi
readinessProbe:
timeoutSeconds: 1
initialDelaySeconds: 5
httpGet:
path: /
port: 8080
livenessProbe:
timeoutSeconds: 1
initialDelaySeconds: 30
httpGet:
path: /
port: 8080
volumes:
- name: "mts-config"
configMap:
name: "mts-config"
- name: "mts-fedora-messaging"
configMap:
name: "mts-fedora-messaging"
- name: "koji-conf"
configMap:
name: "koji-conf"
- name: "krb5-conf"
configMap:
name: "krb5-conf"
# Secret file volumes
- name: keytab
secret:
secretName: keytab
- name: fedora-messaging-ca
secret:
secretName: mts-fedora-messaging-ca
- name: fedora-messaging-crt
secret:
secretName: mts-fedora-messaging-crt
- name: fedora-messaging-key
secret:
secretName: mts-fedora-messaging-key
triggers:
- type: ConfigChange
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- "{{ app }}"
from:
kind: ImageStreamTag
name: "message-tagging-service:latest"
# vim: ts=2 sw=2 autoindent
|
