summaryrefslogtreecommitdiffstats
path: root/kubernetes/vvp/charts/vvp-imagescanner/templates
diff options
context:
space:
mode:
authorjasmineWen <jasmine.wen@amdocs.com>2018-06-22 18:16:24 +0000
committerjasmineWen <jasmine.wen@amdocs.com>2018-10-23 18:53:41 +0000
commitc2cc5ff1d2520267f9ebabb02eced6ea2a1dc9f6 (patch)
treef511b25bc188c8b2a2ab3648c548c2372fa99afd /kubernetes/vvp/charts/vvp-imagescanner/templates
parent0f14e168d05d8a8527913b14b10f9202152f0c5a (diff)
vvp -- VNF Validation Platform
Issue-ID: OOM-1173 Change-Id: I11251d5729c057ebc2211c60ac973343c0aa01f3 Signed-off-by: jasmineWen <jasmine.wen@amdocs.com> Signed-off-by: stark, steven <ss820f@att.com>
Diffstat (limited to 'kubernetes/vvp/charts/vvp-imagescanner/templates')
-rw-r--r--kubernetes/vvp/charts/vvp-imagescanner/templates/configmap.yaml91
-rw-r--r--kubernetes/vvp/charts/vvp-imagescanner/templates/deployment.yaml123
-rw-r--r--kubernetes/vvp/charts/vvp-imagescanner/templates/service.yaml28
3 files changed, 242 insertions, 0 deletions
diff --git a/kubernetes/vvp/charts/vvp-imagescanner/templates/configmap.yaml b/kubernetes/vvp/charts/vvp-imagescanner/templates/configmap.yaml
new file mode 100644
index 0000000000..59d60666ef
--- /dev/null
+++ b/kubernetes/vvp/charts/vvp-imagescanner/templates/configmap.yaml
@@ -0,0 +1,91 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: imagescanner-settings
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/imagescanner/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: slack-tokens
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ notifications: ""
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: imagescanner-ssh
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ # FIXME the imagescanner really should have its own private key, but then we
+ # have to adjust the gitlab wrapper script to set two public keys as
+ # deploykeys.
+ id_ed25519: "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNDRDEwanpvNGlSZjF4bTYzSWxMSEpGeTVUK0FoUnVmenZLdmdpMEhwZ1RVQUFBQUpqV3dKZDkxc0NYCmZRQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDQ0QxMGp6bzRpUmYxeG02M0lsTEhKRnk1VCtBaFJ1Znp2S3ZnaTBIcGdUVUEKQUFBRUFXRktNV0xsNkZnRUJ1Zzk3MSthdE5ZQnQ4R2R1V3pDWWd0L2o5VHU0U2g0UFhTUE9qaUpGL1hHYnJjaVVzY2tYTApsUDRDRkc1L084cStDTFFlbUJOUUFBQUFFM0JoZFd4QVVHRjFiQ2R6SUUxaFl5QlFjbThCQWc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K"
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: site-certificate
+ namespace: {{ include "common.namespace" . }}
+data:
+ site.crt: |
+ -----BEGIN CERTIFICATE-----
+ MIIDEDCCAfgCCQDhahVKE9/eUjANBgkqhkiG9w0BAQsFADBKMRAwDgYDVQQKDAdF
+ eGFtcGxlMRAwDgYDVQQLDAdleGFtcGxlMSQwIgYDVQQDDBtkZXZlbG9wbWVudC52
+ dnAuZXhhbXBsZS5jb20wHhcNMTcxMjI0MTUzOTA3WhcNMTgxMjI0MTUzOTA3WjBK
+ MRAwDgYDVQQKDAdFeGFtcGxlMRAwDgYDVQQLDAdleGFtcGxlMSQwIgYDVQQDDBtk
+ ZXZlbG9wbWVudC52dnAuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ DwAwggEKAoIBAQCkvNGXe+bdvL2kvrP2L3WABt2WCFoZ2Pn8Px0eEsRiJHVD0eWz
+ rgJYHFJu0C0cK9NYSKxVVI8LnKH7Ny5MFfM4Tqyr3UEOLs+fSwaAqM5tSyZU/tEK
+ ractA7bi9fDk2lkcs+LLuZMqGPZ37UZcZwsUQ0BONHP668LqkWqT9hNLIN4ejInr
+ 32WA3Y7hPNd8Cj+AaLt1x2cXYzi9hrE5l3h9ofkOpXsgDzeIHlp4jJ6kXXQf8UM5
+ 1viqa2CWXHBHEG+5eftLSaeE6LAlNt5IJ6LcWEZgNtXr2es4LJC3FjXrv0gc04Cp
+ U2OfizpbhT11cLGaeXOq1cUCXNIb4FcJApoXAgMBAAEwDQYJKoZIhvcNAQELBQAD
+ ggEBAFGPDG9iurAhUKbFkY97xLA443U01bdwi7eAT5T9qo/RzOwcbuKWXVm1k5HK
+ CQO81nlLqLQwhI1+uTTmR41epuJxyGIaDgUySB+8fLzyRSIFaxKD+UeVPgipDNZs
+ h0sKSKrO6MoWzMLUYvdZRw6VIc+UpSCqPY+FKUBUHZtMpSFLnhHjRvVkiP4VvFXj
+ b7jQzHughzeITygws42fKK/MK7wQ6byaMVRbPbQKPAXNxd/UrSPeX+RzKRWOZ6R8
+ Ulyp7dezXCP77UaTZTsxwlurPQIZNMshDxE/SbWt0Q1g28rj5KfAjoZs5Tg/gmQ8
+ LLKI/b1OvKohaANGZ6We5U+ceeU=
+ -----END CERTIFICATE-----
+ wrapper.sh: |
+ #!/bin/sh
+ # This script is meant to be used as a wrapper, so that it can be easily
+ # used with docker or kubernetes' container command specification.
+ #
+ # Kubernetes' volumeMount creates symlinks for configMapped files at the
+ # target directory.
+ # Alpine's update-ca-certificates ignores symlinks.
+ # So we must contrive to copy the contents of the mounted cert (a symlink)
+ # into place as a normal file.
+ dev_cert="${0%/*}/site.crt"
+ echo >&2 "$0: Checking for site CA certificate at $dev_cert..."
+ if [ -s "$dev_cert" ]; then
+ echo >&2 "$0: Updating container CA certificate bundle with site certificate..."
+ cp -L "$dev_cert" /usr/local/share/ca-certificates/
+ update-ca-certificates
+ else
+ echo >&2 "$0: No site CA certificate found."
+ fi
+ echo >&2 "$0: Launching command: $@"
+ exec "$@"
+
diff --git a/kubernetes/vvp/charts/vvp-imagescanner/templates/deployment.yaml b/kubernetes/vvp/charts/vvp-imagescanner/templates/deployment.yaml
new file mode 100644
index 0000000000..d01a7d6960
--- /dev/null
+++ b/kubernetes/vvp/charts/vvp-imagescanner/templates/deployment.yaml
@@ -0,0 +1,123 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: imagescanner-worker
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ command:
+ - "sh"
+ - "/opt/site-certificate/wrapper.sh"
+ - "/usr/local/bin/imagescanner-worker"
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: imagescanner-ssh
+ mountPath: /root/.ssh
+ - name: dev
+ mountPath: /dev
+ - name: logs
+ mountPath: /var/log/imagescanner
+ - name: imagescanner-settings
+ mountPath: /opt/imagescanner-settings
+ - name: site-certificate
+ mountPath: /opt/site-certificate
+ env:
+ - name: PYTHONPATH
+ value: /opt/imagescanner-settings
+ - name: S3_HOST
+ value: "dev-s3.vvp.example.com"
+ - name: S3_PORT
+ value: "443"
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_access_key_id}
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_secret_access_key}
+ - name: SECRET_JENKINS_PASSWORD
+ value: ''
+ - name: REQUESTS_CA_BUNDLE
+ value: /etc/ssl/certs/ca-certificates.crt
+
+ - name: notifications-worker
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ command: ["/usr/local/bin/notifications-worker"]
+ securityContext:
+ privileged: true
+ env:
+ - name: SLACK_TOKEN
+ valueFrom:
+ secretKeyRef: {name: slack-tokens, key: notifications}
+ - name: DOMAIN
+ value: "dev-em.vvp.example.com"
+ - name: PYTHONPATH
+ value: /opt/imagescanner-settings
+ - name: SECRET_JENKINS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: jenkins_admin_password}
+ volumeMounts:
+ - name: imagescanner-settings
+ mountPath: /opt/imagescanner-settings
+
+ - name: imagescanner-frontend
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ command: ["/usr/local/bin/imagescanner-frontend"]
+ securityContext:
+ privileged: true
+ ports:
+ - containerPort: 80
+ volumeMounts:
+ - name: logs
+ mountPath: /var/log/imagescanner
+ - name: imagescanner-settings
+ mountPath: /opt/imagescanner-settings
+ env:
+ - name: DEFAULT_SLACK_CHANNEL
+ value: "#notifications"
+ - name: SECRET_JENKINS_PASSWORD
+ value: ''
+
+ volumes:
+ - name: imagescanner-ssh
+ secret:
+ secretName: imagescanner-ssh
+ defaultMode: 0600
+ - name: dev
+ hostPath:
+ path: /dev
+ - name: logs
+ emptyDir: {}
+ - name: imagescanner-settings
+ configMap:
+ name: imagescanner-settings
+ - name: site-certificate
+ configMap:
+ name: site-certificate
diff --git a/kubernetes/vvp/charts/vvp-imagescanner/templates/service.yaml b/kubernetes/vvp/charts/vvp-imagescanner/templates/service.yaml
new file mode 100644
index 0000000000..a4260013a4
--- /dev/null
+++ b/kubernetes/vvp/charts/vvp-imagescanner/templates/service.yaml
@@ -0,0 +1,28 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}