multi-cluster-multi-branch-jee - init commit

redhat-cop · Sep 12, 2019 · 72d370b · 72d370b
1 parent 7856ba6
commit 72d370b
Show file tree

Hide file tree

Showing 15 changed files with 1,403 additions and 0 deletions.
diff --git a/multi-cluster-multi-branch-jee/.applier/.gitignore b/multi-cluster-multi-branch-jee/.applier/.gitignore
@@ -0,0 +1,2 @@
+roles
+*.retry
diff --git a/multi-cluster-multi-branch-jee/.applier/apply.yml b/multi-cluster-multi-branch-jee/.applier/apply.yml
@@ -0,0 +1,6 @@
+---
+- name: Run OpenShift applier
+  hosts: "{{ app_env }}"
+  tasks:
+    - include_role:
+        name: openshift-applier/roles/openshift-applier
diff --git a/multi-cluster-multi-branch-jee/.applier/inventory/group_vars/all.yml b/multi-cluster-multi-branch-jee/.applier/inventory/group_vars/all.yml
@@ -0,0 +1,7 @@
+---
+# Globals
+ansible_connection: local
+
+# NOTE: openshift_templates_raw MUST be accessible to OpenShift without authentication
+openshift_templates_raw: 'https://raw.githubusercontent.com/redhat-cop/openshift-templates'
+openshift_templates_raw_version_tag: 'v1.4.9'
diff --git a/multi-cluster-multi-branch-jee/.applier/inventory/host_vars/app-build.yml b/multi-cluster-multi-branch-jee/.applier/inventory/host_vars/app-build.yml
@@ -0,0 +1,135 @@
+---
+create_project_params:
+  NAMESPACE: '{{ ci_cd_namespace }}'
+  NAMESPACE_DISPLAY_NAME: '{{ ci_cd_namespace }}'
+
+jenkins_rolebinding_params:
+  JENKINS_NAMESPACE: '{{ ci_cd_namespace }}'
+
+group_rolebinding_params:
+  ROLE: 'admin'
+  GROUP: "{{ app_owner_group_name }}"
+
+build_params:
+  NAME: '{{ app_name }}'
+  PUSH_SECRET: '{{ app_build_push_secret }}'
+  PULL_SECRET: '{{ app_build_pull_secret }}'
+  DESTINATION_IMAGE_NAME: '{{ app_build_destination_image_name }}'
+  DESTINATION_REPO_NAME: '{{ app_build_destination_repo_name }}'
+  DESTINATION_IMAGE_TAG: '{{ app_build_destination_image_tag }}'
+  DESTINATION_REPO_NAMESPACE: '{{ app_build_destination_repo_namespace }}'
+  BUILDER_IMAGE_NAME: '{{ app_build_builder_image_name }}'
+  MAVEN_MIRROR_URL: '{{ app_build_maven_mirror_url }}'
+  MAVEN_ARGS_APPEND: '{{ app_build_maven_args_append }}'
+
+cluster_credential_dev_secret_params:
+  NAME: 'cluster-credential-dev'
+  API: "TODO_CLUSTER_API_ADDRESS_EX_https://ocp.non-prod.example.com"
+  TOKEN: TODO_VAULTED_CLUSTER_API_TOKEN
+
+cluster_credential_test_secret_params:
+  NAME: 'cluster-credential-test'
+  API: "TODO_CLUSTER_API_ADDRESS_EX_https://ocp.non-prod.example.com"
+  TOKEN: TODO_VAULTED_CLUSTER_API_TOKEN
+
+cluster_credential_qa_secret_params:
+  NAME: 'cluster-credential-qa'
+  API: "TODO_CLUSTER_API_ADDRESS_EX_https://ocp.non-prod.example.com"
+  TOKEN: TODO_VAULTED_CLUSTER_API_TOKEN
+
+cluster_credential_prod_secret_params:
+  NAME: 'cluster-credential-prod'
+  API: "TODO_CLUSTER_API_ADDRESS_EX_https://ocp.prod.example.com"
+  TOKEN: TODO_VAULTED_CLUSTER_API_TOKEN
+
+image_pull_repo_credential_secret_params:
+  NAME: 'image-pull-repo-credential'
+  REPO_FQDN: 'registry.example.com'
+  REPO_AUTH: TODO_VAULTED_REPO_AUTH
+
+image_push_repo_credential_secret_params:
+  NAME: 'image-push-repo-credential'
+  REPO_FQDN: 'registry.example.com'
+  REPO_AUTH: TODO_VAULTED_REPO_AUTH
+
+openshift_cluster_content:
+  - object: deploy-cicd
+    content:
+      - name: '{{ app_name }}-{{ ci_cd_namespace }}-create'
+        template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/project-requests/create-project.yml'
+        action: create
+        params_from_vars: '{{ create_project_params }}'
+        namespace: '{{ ci_cd_namespace }}'
+        tags:
+          - deploy
+          - cicd
+      - name: '{{ app_name }}-{{ ci_cd_namespace }}-jenkins-role-binding'
+        template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/role-bindings/jenkins-rolebinding-template.yml'
+        params_from_vars: '{{ jenkins_rolebinding_params }}'
+        namespace: '{{ ci_cd_namespace }}'
+        tags:
+          - deploy
+          - dev
+      - name: '{{ app_name }}-{{ ci_cd_namespace }}-owner-role-binding'
+        template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/role-bindings/group-rolebinding-template.yml'
+        params_from_vars: '{{ group_rolebinding_params }}'
+        namespace: '{{ ci_cd_namespace }}'
+        tags:
+          - deploy
+          - dev
+      - name: '{{ app_name }}-build'
+        template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/app-build/s2i-build-template-binary-to-dockerimage-with-pull-and-push-secrets.yaml'
+        params_from_vars: '{{ build_params }}'
+        namespace: '{{ ci_cd_namespace }}'
+        tags:
+          - build
+          - deploy
+          - cicd
+      - name: '{{ app_name }}-secret-cluster-credential-dev'
+        template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/secrets/cluster-credential-secret.yml'
+        params_from_vars: '{{ cluster_credential_dev_secret_params }}'
+        namespace: '{{ ci_cd_namespace }}'
+        tags:
+          - build
+          - deploy
+          - cicd
+      - name: '{{ app_name }}-secret-cluster-credential-test'
+        template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/secrets/cluster-credential-secret.yml'
+        params_from_vars: '{{ cluster_credential_test_secret_params }}'
+        namespace: '{{ ci_cd_namespace }}'
+        tags:
+          - build
+          - deploy
+          - cicd
+      - name: '{{ app_name }}-secret-cluster-credential-qa'
+        template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/secrets/cluster-credential-secret.yml'
+        params_from_vars: '{{ cluster_credential_qa_secret_params }}'
+        namespace: '{{ ci_cd_namespace }}'
+        tags:
+          - build
+          - deploy
+          - cicd
+      - name: '{{ app_name }}-secret-cluster-credential-prod'
+        template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/secrets/cluster-credential-secret.yml'
+        params_from_vars: '{{ cluster_credential_prod_secret_params }}'
+        namespace: '{{ ci_cd_namespace }}'
+        tags:
+          - build
+          - deploy
+          - cicd
+      - name: '{{ app_name }}-secret-image-pull-repo-credential'
+        template: 'https://raw.github.epb.net/EASL/epb-openshift-templates/master/docker-config-json-secret.yml?token=AAAAYZCqr6sQPbRRGcezspQP-y5Ylwboks5dPwXKwA%3D%3D'
+        params_from_vars: '{{ image_pull_repo_credential_secret_params }}'
+        namespace: '{{ ci_cd_namespace }}'
+        tags:
+          - build
+          - deploy
+          - cicd
+      - name: '{{ app_name }}-secret-image-push-repo-credential'
+        template: 'https://raw.github.epb.net/EASL/epb-openshift-templates/master/docker-config-json-secret.yml?token=AAAAYZCqr6sQPbRRGcezspQP-y5Ylwboks5dPwXKwA%3D%3D'
+        params_from_vars: '{{ image_push_repo_credential_secret_params }}'
+        namespace: '{{ ci_cd_namespace }}'
+        tags:
+          - build
+          - deploy
+          - cicd
diff --git a/multi-cluster-multi-branch-jee/.applier/inventory/host_vars/app-dev.yml b/multi-cluster-multi-branch-jee/.applier/inventory/host_vars/app-dev.yml
@@ -0,0 +1,51 @@
+---
+create_project:
+  NAMESPACE: '{{ namespace }}'
+  NAMESPACE_DISPLAY_NAME: '{{ namespace }}'
+
+jenkins_rolebinding:
+  JENKINS_NAMESPACE: '{{ ci_cd_namespace }}'
+
+group_rolebinding:
+  ROLE: 'admin'
+  GROUP: "{{ app_owner_group_name }}"
+
+app_deploy:
+  NAME: '{{ app_name }}'
+  APP_TAG: '{{ app_image_tag }}'
+  NAMESPACE: '{{ app_image_namespace }}'
+  IMAGE_REPO: '{{ repo_name }}'
+  IMAGE_PULL_SECRET: '{{ image_pull_secret }}'                                                    
+
+openshift_cluster_content:
+- object: deploy-dev
+  content:
+  - name: '{{ app_name }}-{{ namespace }}-create'
+    template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/project-requests/create-project.yml'
+    action: create
+    params_from_vars: '{{ create_project }}'
+    namespace: '{{ namespace }}'
+    tags:
+      - deploy
+      - dev
+  - name: '{{ app_name }}-{{ namespace }}-jenkins-role-binding'
+    template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/role-bindings/jenkins-rolebinding-template.yml'
+    params_from_vars: '{{ jenkins_rolebinding }}'
+    namespace: '{{ namespace }}'
+    tags:
+      - deploy
+      - dev
+  - name: '{{ app_name }}-{{ namespace }}-owner-role-binding'
+    template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/role-bindings/group-rolebinding-template.yml'
+    params_from_vars: '{{ group_rolebinding }}'
+    namespace: '{{ namespace }}'
+    tags:
+      - deploy
+      - dev
+  - name: '{{ app_name }}-{{ namespace }}-deploy'
+    template: '{{ inventory_dir }}/../.openshift/app-deploy-jboss-eap.yml'
+    params_from_vars: '{{ app_deploy }}'
+    namespace: '{{ namespace }}'
+    tags:
+      - deploy
+      - dev
diff --git a/multi-cluster-multi-branch-jee/.applier/inventory/host_vars/app-prod.yml b/multi-cluster-multi-branch-jee/.applier/inventory/host_vars/app-prod.yml
@@ -0,0 +1,51 @@
+---
+create_project:
+  NAMESPACE: '{{ namespace }}'
+  NAMESPACE_DISPLAY_NAME: '{{ namespace }}'
+
+jenkins_rolebinding:
+  JENKINS_NAMESPACE: '{{ ci_cd_namespace }}'
+
+group_rolebinding:
+  ROLE: 'admin'
+  GROUP: "{{ app_owner_group_name }}"
+
+app_deploy:
+  NAME: '{{ app_name }}'
+  APP_TAG: '{{ app_image_tag }}'
+  NAMESPACE: '{{ app_image_namespace }}'
+  IMAGE_REPO: '{{ repo_name }}'
+  IMAGE_PULL_SECRET: '{{ image_pull_secret }}'                                                    
+
+openshift_cluster_content:
+- object: deploy-prod
+  content:
+  - name: '{{ app_name }}-{{ namespace }}-create'
+    template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/project-requests/create-project.yml'
+    action: create
+    params_from_vars: '{{ create_project }}'
+    namespace: '{{ namespace }}'
+    tags:
+      - deploy
+      - prod
+  - name: '{{ app_name }}-{{ namespace }}-jenkins-role-binding'
+    template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/role-bindings/jenkins-rolebinding-template.yml'
+    params_from_vars: '{{ jenkins_rolebinding }}'
+    namespace: '{{ namespace }}'
+    tags:
+      - deploy
+      - prod
+  - name: '{{ app_name }}-{{ namespace }}-owner-role-binding'
+    template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/role-bindings/group-rolebinding-template.yml'
+    params_from_vars: '{{ group_rolebinding }}'
+    namespace: '{{ namespace }}'
+    tags:
+      - deploy
+      - prod
+  - name: '{{ app_name }}-{{ namespace }}-deploy'
+    template: '{{ inventory_dir }}/../.openshift/app-deploy-jboss-eap.yml'
+    params_from_vars: '{{ app_deploy }}'
+    namespace: '{{ namespace }}'
+    tags:
+      - deploy
+      - prod
diff --git a/multi-cluster-multi-branch-jee/.applier/inventory/host_vars/app-qa.yml b/multi-cluster-multi-branch-jee/.applier/inventory/host_vars/app-qa.yml
@@ -0,0 +1,51 @@
+---
+create_project:
+  NAMESPACE: '{{ namespace }}'
+  NAMESPACE_DISPLAY_NAME: '{{ namespace }}'
+
+jenkins_rolebinding:
+  JENKINS_NAMESPACE: '{{ ci_cd_namespace }}'
+
+group_rolebinding:
+  ROLE: 'admin'
+  GROUP: "{{ app_owner_group_name }}"
+
+app_deploy:
+  NAME: '{{ app_name }}'
+  APP_TAG: '{{ app_image_tag }}'
+  NAMESPACE: '{{ app_image_namespace }}'
+  IMAGE_REPO: '{{ repo_name }}'
+  IMAGE_PULL_SECRET: '{{ image_pull_secret }}'                                                    
+
+openshift_cluster_content:
+- object: deploy-qa
+  content:
+  - name: '{{ app_name }}-{{ namespace }}-create'
+    template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/project-requests/create-project.yml'
+    action: create
+    params_from_vars: '{{ create_project }}'
+    namespace: '{{ namespace }}'
+    tags:
+      - deploy
+      - qa
+  - name: '{{ app_name }}-{{ namespace }}-jenkins-role-binding'
+    template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/role-bindings/jenkins-rolebinding-template.yml'
+    params_from_vars: '{{ jenkins_rolebinding }}'
+    namespace: '{{ namespace }}'
+    tags:
+      - deploy
+      - qa
+  - name: '{{ app_name }}-{{ namespace }}-owner-role-binding'
+    template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/role-bindings/group-rolebinding-template.yml'
+    params_from_vars: '{{ group_rolebinding }}'
+    namespace: '{{ namespace }}'
+    tags:
+      - deploy
+      - qa
+  - name: '{{ app_name }}-{{ namespace }}-deploy'
+    template: '{{ inventory_dir }}/../.openshift/app-deploy-jboss-eap.yml'
+    params_from_vars: '{{ app_deploy }}'
+    namespace: '{{ namespace }}'
+    tags:
+      - deploy
+      - qa
diff --git a/multi-cluster-multi-branch-jee/.applier/inventory/host_vars/app-test.yml b/multi-cluster-multi-branch-jee/.applier/inventory/host_vars/app-test.yml
@@ -0,0 +1,51 @@
+---
+create_project:
+  NAMESPACE: '{{ namespace }}'
+  NAMESPACE_DISPLAY_NAME: '{{ namespace }}'
+
+jenkins_rolebinding:
+  JENKINS_NAMESPACE: '{{ ci_cd_namespace }}'
+
+group_rolebinding:
+  ROLE: 'admin'
+  GROUP: "{{ app_owner_group_name }}"
+
+app_deploy:
+  NAME: '{{ app_name }}'
+  APP_TAG: '{{ app_image_tag }}'
+  NAMESPACE: '{{ app_image_namespace }}'
+  IMAGE_REPO: '{{ repo_name }}'
+  IMAGE_PULL_SECRET: '{{ image_pull_secret }}'                                                    
+
+openshift_cluster_content:
+- object: deploy-test
+  content:
+  - name: '{{ app_name }}-{{ namespace }}-create'
+    template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/project-requests/create-project.yml'
+    action: create
+    params_from_vars: '{{ create_project }}'
+    namespace: '{{ namespace }}'
+    tags:
+      - deploy
+      - test
+  - name: '{{ app_name }}-{{ namespace }}-jenkins-role-binding'
+    template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/role-bindings/jenkins-rolebinding-template.yml'
+    params_from_vars: '{{ jenkins_rolebinding }}'
+    namespace: '{{ namespace }}'
+    tags:
+      - deploy
+      - test
+  - name: '{{ app_name }}-{{ namespace }}-owner-role-binding'
+    template: '{{ openshift_templates_raw }}/{{ openshift_templates_raw_version_tag }}/role-bindings/group-rolebinding-template.yml'
+    params_from_vars: '{{ group_rolebinding }}'
+    namespace: '{{ namespace }}'
+    tags:
+      - deploy
+      - test
+  - name: '{{ app_name }}-{{ namespace }}-deploy'
+    template: '{{ inventory_dir }}/../.openshift/app-deploy-jboss-eap.yml'
+    params_from_vars: '{{ app_deploy }}'
+    namespace: '{{ namespace }}'
+    tags:
+      - deploy
+      - test
diff --git a/multi-cluster-multi-branch-jee/.applier/inventory/hosts b/multi-cluster-multi-branch-jee/.applier/inventory/hosts
@@ -0,0 +1,8 @@
+[app-build]
+app-build
+
+[app-deploy]
+app-dev
+app-test
+app-qa
+app-prod
diff --git a/multi-cluster-multi-branch-jee/.applier/requirements.yml b/multi-cluster-multi-branch-jee/.applier/requirements.yml
@@ -0,0 +1,8 @@
+# This is the Ansible Galaxy requirements file to pull in the correct roles
+# to support the operation of CASL provisioning/runs.
+
+# From 'openshift-applier'
+- src: https://github.com/redhat-cop/openshift-applier
+  scm: git
+  version: v2.1.1
+  name: openshift-applier
diff --git a/multi-cluster-multi-branch-jee/.gitignore b/multi-cluster-multi-branch-jee/.gitignore
@@ -0,0 +1 @@
+*.swp