deploy-template.yaml

---
apiVersion: template.openshift.io/v1
kind: Template
metadata:
  annotations:
    description: Babylon Events UI
    openshift.io/display-name: Babylon Events UI
    openshift.io/documentation-url: https://github.com/redhat-cop/babylon-events-console/
    openshift.io/long-description: >-
      Deploy the Babylon Events UI.
  name: babylon-events-ui

message: |-
  The Babylon events URL may be found in the ${NAME} route resource.
  Admin Password:  ${ADMIN_PASSWORD}
  Access Password: ${ACCESS_PASSWORD}

parameters:
- name: NAME
  displayName: Name to apply to template resources
  value: babylon-events
  required: true
- name: ACCESS_PASSWORD
  displayName: User Access Password
  description: >-
    Optional student user access password.
- name: ACCESS_IP_NETWORKS
  displayName: Permitted Networks
  description: >-
    List of permitted networks in comma separated CIDR notation.
- name: ADMIN_PASSWORD
  displayName: Administrative Password
  generate: expression
  from: '[a-zA-Z0-9]{8}'
  required: true
  description: >-
    Administrative password controls access to manage lab environments.
- name: BOOKBAG_IMAGESTREAM_NAME
  displayName: Bookbag Image Stream Name
  description: >-
    Image Stream with Bookbag image for lab.
    If provided then bookbag pods will be created automatically.
- name: BOOKBAG_IMAGESTREAM_NAMESPACE
  displayName: Bookbag Image Stream Namespace
  description: >-
    Image Stream namespace for Bookbag image stream.
    If not provided then deployment namespace will be used.
- name: BOOKBAG_TEMPLATE_NAME
  displayName: Bookbag Template Name
  value: bookbag
  description: >-
    Bookbag deployment template.
- name: BOOKBAG_TEMPLATE_NAMESPACE
  displayName: Bookbag Template Namespace
  value: openshift
  description: >-
    Bookbag deployment template namespace.
    If not provided then "openshift" namespace will be used.
- name: CATALOG_TEMPLATE_NAME
  displayName: AgnosticV Template Name
  description: >-
    Babylon AgnosticV catalog item template name to provision for users.
    If not provided then lab environment data must be provided manually.
- name: CATALOG_TEMPLATE_NAMESPACE
  displayName: AgnosticV Template Namespace
  description: >-
    Babylon AgnosticV catalog item template namespace.
    If not provided then "openshift" namespace will be used.
  value: openshift
- name: CATALOG_TEMPLATE_PARAMETERS
  displayName: AgnosticV Template Parameters
  description: >-
    Parameters to pass to template when creating user lab environments.
    Provide parameters as a JSON or YAML dictionary.
  value: '{}'
- name: CATALOG_TEMPLATE_QUOTA
  displayName: AgnosticV Template Provision Limit
  description:
    Limit applied to number of catalog items that can be provisioned through the UI.
  value: "5"
- name: HOSTNAME
  displayName: Route Hostname
  description: >-
    Hostname for events ui route.
    Route hostname will be generated if not provided.
  required: false
- name: OPERATOR_IMAGE
  displayName: Babylon events operator image
  value: quay.io/redhat-cop/babylon-events-console-operator:v0.5.6
  required: true
  description: >-
    Image for babylon events operator.
- name: OPERATOR_IMAGE_PULL_POLICY
  value: IfNotPresent
  required: true
- name: OPERATOR_CPU_LIMIT
  displayName: Operator CPU Limit
  description: >-
    Operator container cpu limit.
  required: true
  value: 500m
- name: OPERATOR_MEMORY_LIMIT
  displayName: Operator Memory Limit
  description: >-
    Operator container memory limit.
  required: true
  value: 1500Mi
- name: OPERATOR_CPU_REQUESTS
  displayName: Operator CPU Request
  description: >-
    Operator container cpu request.
  required: true
  value: 100m
- name: OPERATOR_MEMORY_REQUESTS
  displayName: Operator Memory Request
  description: >-
    Operator container memory request.
  required: true
  value: 1500Mi
- name: UI_IMAGE
  displayName: Babylon events console image
  value: quay.io/redhat-cop/babylon-events-console:v0.5.6
  required: true
- name: UI_IMAGE_PULL_POLICY
  value: IfNotPresent
  required: true
- name: UI_CPU_LIMIT
  displayName: UI CPU Limit
  description: >-
    UI container cpu limit.
  required: true
  value: 500m
- name: UI_MEMORY_LIMIT
  displayName: UI Memory Limit
  description: >-
    UI container memory limit.
  required: true
  value: 512Mi
- name: REDIS_IMAGE
  displayName: Redis Image
  value: registry.redhat.io/rhscl/redis-32-rhel7:latest
  required: true
  description: >-
    Image for Redis database used for UI session tracking.
- name: REDIS_PASSWORD
  displayName: Redis Database Password
  description: >-
    Password for the Redis database.
    Care should be taken to explictly provide the redis password if reapplying template to avoid changing this value.
  from: '[a-zA-Z0-9]{16}'
  generate: expression
  required: true
- name: REDIS_CPU_LIMIT
  displayName: Redis CPU Limit
  description: >-
    Redis container cpu limit.
  required: true
  value: 500m
- name: REDIS_MEMORY_LIMIT
  displayName: Redis Memory Limit
  description: >-
    Redis container memory limit.
  required: true
  value: 512Mi
- name: REDIS_VOLUME_CAPACITY
  displayName: Redis Volume Capacity
  description: >-
    Volume space available for session data, e.g. 512Mi, 2Gi.
  required: true
  value: 1Gi
- name: LAB_ENV_PREASSIGNMENT
  description: >-
    Whether lab environments are pre-assigned, disabling dynamic assignment.
    Value must be "true" or "false"
  value: 'false'
- name: LAB_START_TIME
  description: >-
    Datetime string in iso8601 format for lab start time.

objects:
- apiVersion: v1
  kind: ServiceAccount
  metadata:
    name: ${NAME}

- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    name: ${NAME}
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: admin
  subjects:
  - kind: ServiceAccount
    name: ${NAME}

- apiVersion: v1
  kind: Secret
  metadata:
    name: ${NAME}
    annotations:
      template.openshift.io/expose-access_password: "{.data['access_password']}"
      template.openshift.io/expose-admin_password: "{.data['admin_password']}"
      template.openshift.io/expose-redis_password: "{.data['redis_password']}"
  stringData:
    access_password: ${ACCESS_PASSWORD}
    admin_password: ${ADMIN_PASSWORD}
    redis_password: ${REDIS_PASSWORD}

- apiVersion: v1
  kind: PersistentVolumeClaim
  metadata:
    name: ${NAME}-redis
  spec:
    accessModes:
    - ReadWriteOnce
    resources:
      requests:
        storage: ${REDIS_VOLUME_CAPACITY}

- apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: ${NAME}-operator
  spec:
    selector:
      matchLabels:
        app: ${NAME}
        component: operator
    replicas: 1
    template:
      metadata:
        labels:
          app: ${NAME}
          component: operator
      spec:
        serviceAccountName: ${NAME}
        containers:
        - name: operator
          env:
          - name: BOOKBAG_IMAGESTREAM_NAME
            value: ${BOOKBAG_IMAGESTREAM_NAME}
          - name: BOOKBAG_IMAGESTREAM_NAMESPACE
            value: ${BOOKBAG_IMAGESTREAM_NAMESPACE}
          - name: BOOKBAG_TEMPLATE_NAME
            value: ${BOOKBAG_TEMPLATE_NAME}
          - name: BOOKBAG_TEMPLATE_NAMESPACE
            value: ${BOOKBAG_TEMPLATE_NAMESPACE}
          image: ${OPERATOR_IMAGE}
          imagePullPolicy: ${OPERATOR_IMAGE_PULL_POLICY}
          resources:
            limits:
              cpu: ${OPERATOR_CPU_LIMIT}
              memory: ${OPERATOR_MEMORY_LIMIT}
            requests:
              cpu: ${OPERATOR_CPU_REQUESTS}
              memory: ${OPERATOR_MEMORY_REQUESTS}

- apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: ${NAME}-ui
  spec:
    selector:
      matchLabels:
        app: ${NAME}
        component: ui
    replicas: 1
    template:
      metadata:
        labels:
          app: ${NAME}
          component: ui
      spec:
        serviceAccountName: ${NAME}
        containers:
        - name: ui
          env:
          - name: ACCESS_PASSWORD
            valueFrom:
              secretKeyRef:
                name: ${NAME}
                key: access_password
          - name: ACCESS_IP_NETWORKS
            value: ${ACCESS_IP_NETWORKS}
          - name: ADMIN_PASSWORD
            valueFrom:
              secretKeyRef:
                name: ${NAME}
                key: admin_password
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
                name: ${NAME}
                key: redis_password
          - name: REDIS_SERVER
            value: ${NAME}-redis:6379
          - name: CATALOG_TEMPLATE_NAME
            value: ${CATALOG_TEMPLATE_NAME}
          - name: CATALOG_TEMPLATE_NAMESPACE
            value: ${CATALOG_TEMPLATE_NAMESPACE}
          - name: CATALOG_TEMPLATE_PARAMETERS
            value: ${CATALOG_TEMPLATE_PARAMETERS}
          - name: CATALOG_TEMPLATE_QUOTA
            value: ${CATALOG_TEMPLATE_QUOTA}
          - name: LAB_ENV_PREASSIGNMENT
            value: ${LAB_ENV_PREASSIGNMENT}
          - name: LAB_START_TIME
            value: ${LAB_START_TIME}
          image: ${UI_IMAGE}
          imagePullPolicy: ${UI_IMAGE_PULL_POLICY}
          ports:
          - containerPort: 8080
          resources:
            limits:
              cpu: ${UI_CPU_LIMIT}
              memory: ${UI_MEMORY_LIMIT}

- apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: ${NAME}-redis
  spec:
    replicas: 1
    selector:
      matchLabels:
        app: ${NAME}
        component: redis
    strategy:
      type: Recreate
    template:
      metadata:
        labels:
          app: ${NAME}
          component: redis
      spec:
        containers:
        - name: redis
          env:
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
                key: redis_password
                name: ${NAME}
          image: ${REDIS_IMAGE}
          imagePullPolicy: Always
          livenessProbe:
            initialDelaySeconds: 30
            tcpSocket:
              port: 6379
            timeoutSeconds: 1
          ports:
          - containerPort: 6379
            protocol: TCP
          readinessProbe:
            exec:
              command:
              - /bin/sh
              - -i
              - -c
              - test "$(redis-cli -h 127.0.0.1 -a $REDIS_PASSWORD ping)" == "PONG"
            initialDelaySeconds: 5
            timeoutSeconds: 1
          resources:
            limits:
              cpu: ${REDIS_CPU_LIMIT}
              memory: ${REDIS_MEMORY_LIMIT}
          volumeMounts:
          - mountPath: /var/lib/redis/data
            name: data
        volumes:
        - name: data
          persistentVolumeClaim:
            claimName: ${NAME}-redis

- apiVersion: v1
  kind: Service
  metadata:
    name: ${NAME}
  spec:
    ports:
    - name: app
      port: 8080
      protocol: TCP
      targetPort: 8080
    selector:
      app: ${NAME}
      component: ui
    type: ClusterIP

- apiVersion: v1
  kind: Service
  metadata:
    name: ${NAME}-redis
  spec:
    ports:
    - name: redis
      port: 6379
      protocol: TCP
      targetPort: 6379
    selector:
      app: ${NAME}
      component: redis
    type: ClusterIP

- apiVersion: route.openshift.io/v1
  kind: Route
  metadata:
    name: ${NAME}
  spec:
    host: ${HOSTNAME}
    port:
      targetPort: 8080
    to:
      kind: Service
      name: ${NAME}
    tls:
      termination: edge
      insecureEdgeTerminationPolicy: Redirect