-
Notifications
You must be signed in to change notification settings - Fork 23
Expand file tree
/
Copy pathclowdapp.yml
More file actions
253 lines (252 loc) · 8.23 KB
/
clowdapp.yml
File metadata and controls
253 lines (252 loc) · 8.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
---
apiVersion: v1
kind: Template
metadata:
name: entitlements-api-go
objects:
- apiVersion: cloud.redhat.com/v1alpha1
kind: ClowdApp
metadata:
name: entitlements-api-go
spec:
envName: ${ENV_NAME}
deployments:
- name: service
webServices:
public:
enabled: True
minReplicas: ${{REPLICAS}}
podSpec:
volumes:
- configMap:
name: ${CONFIG_MAP_NAME}
name: default-entitlements-config
- secret:
secretName: it-key-pair
name: it-certificates
initContainers:
- name: bundle-sync
image: ${IMAGE}:${IMAGE_TAG}
command: ["/bundle-sync"]
env:
- name: ENT_SUBS_HOST
value: ${SUBS_HOST}
- name: ENT_BUNDLE_INFO_YAML
value: /bundles/bundles.yml
- name: ENT_CERTS_FROM_ENV
value: ${CERTS_FROM_ENV}
- name: ENT_RUN_BUNDLE_SYNC
value: ${RUN_BUNDLE_SYNC}
- name: ENT_CA_CERT
value: ${ENT_CA_CERT}
- name: ENT_CERT
value: ${ENT_CERT}
- name: ENT_KEY
value: ${ENT_KEY}
volumeMounts:
- mountPath: /bundles
name: default-entitlements-config
- mountPath: /certificates
name: it-certificates
readOnly: true
inheritEnv: true
resources:
limits:
cpu: ${CPU_LIMIT}
memory: ${MEMORY_LIMIT}
requests:
cpu: ${CPU_REQUESTS}
memory: ${MEMORY_REQUESTS}
minReadySeconds: 15
progressDeadlineSeconds: 600
image: ${IMAGE}:${IMAGE_TAG}
livenessProbe:
failureThreshold: 3
httpGet:
path: /status
port: 8000
initialDelaySeconds: 20
timeoutSeconds: 60
readinessProbe:
httpGet:
path: /status
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 60
resources:
limits:
cpu: ${CPU_LIMIT}
memory: ${MEMORY_LIMIT}
requests:
cpu: ${CPU_REQUESTS}
memory: ${MEMORY_REQUESTS}
volumeMounts:
- mountPath: /bundles
name: default-entitlements-config
- mountPath: /certificates
name: it-certificates
readOnly: true
env:
- name: ENT_PORT
value: ${PORT}
- name: ENT_ENTITLE_ALL
value: ${ENTITLE_ALL}
- name: ENT_CERTS_FROM_ENV
value: ${CERTS_FROM_ENV}
- name: ENT_LOG_LEVEL
value: ${LOG_LEVEL}
- name: ENT_AMS_HOST
value: ${AMS_HOST}
- name: ENT_BOP_URL
value: ${BOP_URL}
- name: ENT_BOP_ENV
value: ${BOP_ENV}
- name: ENT_SUBS_HOST
value: ${SUBS_HOST}
- name: ENT_COMPLIANCE_HOST
value: ${COMPLIANCE_HOST}
- name: ENT_OPENAPI_SPEC_PATH
value: /apispec/api.spec.json
- name: ENT_BUNDLE_INFO_YAML
value: /bundles/bundles.yml
- name: ENT_FEATURES
value: ${FEATURES}
- name: ENT_DISABLE_SEAT_MANAGER
value: ${DISABLE_SEAT_MANAGER}
- name: ENT_SUBS_CACHE_DURATION_SECONDS
value: ${SUBS_CACHE_DURATION}
- name: ENT_SUBS_CACHE_MAX_SIZE
value: ${SUBS_CACHE_MAX_SIZE}
- name: ENT_SUBS_CACHE_ITEM_PRUNE
value: ${SUBS_CACHE_ITEM_PRUNE}
- name: ENT_AMS_ACCT_MGMT_11_ERR_MSG
value: ${AMS_ACCT_MGMT_11_ERR_MSG}
- name: ENT_IT_SERVICES_TIMEOUT_SECONDS
value: ${IT_SERVICES_TIMEOUT_SECONDS}
- name: ENT_CA_CERT
value: ${ENT_CA_CERT}
- name: ENT_CERT
value: ${ENT_CERT}
- name: ENT_KEY
value: ${ENT_KEY}
- name: GLITCHTIP_DSN
valueFrom:
secretKeyRef:
name: ${GLITCHTIP_SECRET}
key: dsn
optional: true
- name: ENT_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: oidc
key: client_id
- name: ENT_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: oidc
key: client_secret
- name: ENT_BOP_CLIENT_ID
valueFrom:
secretKeyRef:
name: entitlements-api
key: client_id
- name: ENT_BOP_TOKEN
valueFrom:
secretKeyRef:
name: entitlements-api
key: token
parameters:
- description: image
name: IMAGE
value: quay.io/redhat-services-prod/hcc-accessmanagement-tenant/entitlements-api-go
- description: Log level for the application
name: LOG_LEVEL
required: false
value: info
- description: cpu limit for service
name: CPU_LIMIT
value: 1000m
- description: memory limit for service
name: MEMORY_LIMIT
value: 1024Mi
- description: requested cpu for service
name: CPU_REQUESTS
value: 250m
- description: requested memory for service
name: MEMORY_REQUESTS
value: 512Mi
- description: Port for listener
name: PORT
value: '8000'
- description: Subscriptions Service API endpoint
name: SUBS_HOST
value: https://subscription.stage.api.redhat.com
- description: Account Management Service URL
name: AMS_HOST
value: https://api.openshift.com
- description: Back Office Proxy URL
name: BOP_URL
value: https://backoffice-proxy.apps.ext.spoke.prod.us-west-2.aws.paas.redhat.com/v1/users
- description: Back Office Proxy environment to query for users in
name: BOP_ENV
value: 'stage'
required: true
- description: Export Compliance Service API endpoint
name: COMPLIANCE_HOST
value: https://export-compliance.dev.api.redhat.com
- description: Name of the entitlements-config config map
name: CONFIG_MAP_NAME
value: entitlements-config
- description: The number of replicas to use in the deployment
name: REPLICAS
value: '1'
- description: Image tag
name: IMAGE_TAG
required: true
- description: Flag to determine whether or not to sync bundles on init
name: RUN_BUNDLE_SYNC
required: false
value: 'false'
- description: Flag to determine whether or not to entitle all by default and mock calls to IT
name: ENTITLE_ALL
required: false
value: 'false'
- description: The name of the Glitchtip secret
name: GLITCHTIP_SECRET
required: false
value: 'entitlements-secret'
- description: List of feature bundles to onboard during bundle sync
name: FEATURES
value: ansible,rhods,openshift,acs
required: false
- description: Flag to disable seat manager by not exposing any of the apis related to the feature
name: DISABLE_SEAT_MANAGER
required: false
- description: Duration, in seconds, for items in the subs cache before they are expired
name: SUBS_CACHE_DURATION
required: false
- description: Max size of the subs cache
name: SUBS_CACHE_MAX_SIZE
required: false
- description: Items to prune for the subs cache (when memory is low)
name: SUBS_CACHE_ITEM_PRUNE
required: false
- description: ClowdEnv Name
name: ENV_NAME
required: true
- description: Error message to display for the ACCT-MGMT-11 error message
name: AMS_ACCT_MGMT_11_ERR_MSG
required: false
- description: Timeout for outbound requests to IT services, in seconds
name: IT_SERVICES_TIMEOUT_SECONDS
required: false
- description: Determines whether the certificates are loaded from the "ENT_CA_CERT", "ENT_CERT" and "ENT_KEY" environment variables or not. When the value is "false", the files are loaded directly from the "it-certificates" volume.
name: CERTS_FROM_ENV
required: true
value: 'false'
- description: The CA's chain of certificates to be used for the certificate verification. Requires the "CERTS_FROM_ENV" environment variable to be "true"
name: ENT_CA_CERT
- description: The certificate to be used to talk to the IT services. Requires the "CERTS_FROM_ENV" environment variable to be "true"
name: ENT_CERT
- description: The key to be used to talk to the IT services. Requires the "CERTS_FROM_ENV" environment variable to be "true"
name: ENT_KEY