diff options
Diffstat (limited to 'kubernetes/vvp/charts/vvp-ci-uwsgi')
7 files changed, 569 insertions, 0 deletions
diff --git a/kubernetes/vvp/charts/vvp-ci-uwsgi/Chart.yaml b/kubernetes/vvp/charts/vvp-ci-uwsgi/Chart.yaml new file mode 100644 index 0000000000..5304ccb55f --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ci-uwsgi/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: end-to-end flow tests based on Seleniunm +name: vvp-ci-uwsgi +version: 3.0.0 diff --git a/kubernetes/vvp/charts/vvp-ci-uwsgi/resources/config/ci/__init__.py b/kubernetes/vvp/charts/vvp-ci-uwsgi/resources/config/ci/__init__.py new file mode 100644 index 0000000000..8b70506f6c --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ci-uwsgi/resources/config/ci/__init__.py @@ -0,0 +1,278 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import os +from datetime import datetime + +# With this file at web/settings/__init__.py, we need three applications of +# dirname() to find the project root. +PROJECT_PATH = os.path.realpath(os.path.dirname(os.path.dirname(os.path.dirname(__file__)))) +LOGS_PATH = os.path.join(PROJECT_PATH, "logs") + +ICE_ENVIRONMENT = os.environ['ICE_ENVIRONMENT'] +PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX'] +SERVICE_PROVIDER = os.environ['SERVICE_PROVIDER'] +PROGRAM_NAME = os.environ['PROGRAM_NAME'] +SERVICE_PROVIDER_DOMAIN = os.environ['SERVICE_PROVIDER_DOMAIN'] + +# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/ +SECRET_KEY = os.environ["SECRET_KEY"] + +# https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts +# Anything in the Host header that does not match our expected domain should +# raise SuspiciousOperation exception. +ALLOWED_HOSTS = ['*'] + +if ICE_ENVIRONMENT == 'production': + DEBUG = False + + EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' + EMAIL_HOST = os.environ.get('ICE_EMAIL_HOST') + EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD'] + EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER'] + EMAIL_PORT = os.environ['EMAIL_PORT'] +else: + DEBUG = True + EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' + + +# Note: Only SSL email backends are allowed +EMAIL_USE_SSL = True + +REST_FRAMEWORK = { + 'DEFAULT_AUTHENTICATION_CLASSES': ( + 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', + ), + 'PAGE_SIZE': 10, + # Use Django's standard `django.contrib.auth` permissions, + # or allow read-only access for unauthenticated users. + 'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAdminUser',), +} +APPEND_SLASH = False + +# Application definition + +INSTALLED_APPS = [ + + 'django.contrib.auth', + 'django.contrib.contenttypes', # required by d.c.admin + 'django.contrib.sessions', # required by d.c.admin + 'django.contrib.messages', # required by d.c.admin + 'django.contrib.staticfiles', + 'django.contrib.admin', # django admin site + 'rest_framework', + 'iceci.apps.IceCiConfig', +] + +MIDDLEWARE_CLASSES = [ + 'django.middleware.security.SecurityMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', +] + +ROOT_URLCONF = 'web.urls' + +TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [PROJECT_PATH + '/web/templates'], + 'APP_DIRS': True, + 'OPTIONS': { + 'context_processors': [ + 'django.template.context_processors.debug', + 'django.template.context_processors.request', + 'django.contrib.auth.context_processors.auth', # required by d.c.admin + 'django.contrib.messages.context_processors.messages', # required by d.c.admin + ], + }, + }, +] + +WSGI_APPLICATION = 'web.wsgi.application' + +# Database +# https://docs.djangoproject.com/en/1.9/ref/settings/#databases + +DATABASES = { + 'default': { # CI DB details. + 'NAME': '/app/ice_ci_db.db' , + 'ENGINE': 'django.db.backends.sqlite3', + 'TEST_NAME': '/app/ice_ci_db.db', + }, +} +SINGLETONE_DB = { + 'default': { # CI DB details. + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': os.environ.get('CI_DB_NAME', 'ice_ci_db'), + 'USER': os.environ.get('CI_DB_USER', 'iceci'), + 'PASSWORD': os.environ.get('CI_DB_PASSWORD', 'Aa123456'), + 'HOST': os.environ.get('CI_DB_HOST', 'localhost'), + 'PORT': os.environ.get('CI_DB_PORT', '5433'), + }, + 'em_db': { # ICE DB details. + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': os.environ.get('EM_DB_NAME', 'icedb'), + 'USER': os.environ.get('EM_DB_USER', 'iceuser'), + 'PASSWORD': os.environ.get('EM_DB_PASSWORD', 'Aa123456'), + 'HOST': os.environ.get('EM_DB_HOST', 'localhost'), + 'PORT': os.environ.get('EM_DB_PORT', '5433'), + }, + 'cms_db': { # ICE CMS details. + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': os.environ.get('CMS_DB_NAME', 'icecmsdb'), + 'USER': os.environ.get('CMS_DB_USER', 'icecmsuser'), + 'PASSWORD': os.environ.get('CMS_DB_PASSWORD', 'Aa123456'), + 'HOST': os.environ.get('CMS_DB_HOST', 'localhost'), + 'PORT': os.environ.get('CMS_DB_PORT', '5433'), + } +} + +# Password validation +# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators + +AUTH_PASSWORD_VALIDATORS = [ + { + 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', + }, +] + + +# Internationalization +# https://docs.djangoproject.com/en/1.9/topics/i18n/ + +LANGUAGE_CODE = 'en-us' + +TIME_ZONE = 'UTC' + +USE_I18N = True + +USE_L10N = True + +USE_TZ = False + + +# Static files (CSS, JavaScript, Images) +# https://docs.djangoproject.com/en/1.9/howto/static-files/ +STATIC_ROOT = os.environ['STATIC_ROOT'] +STATIC_URL = '/static/' + +LOGGING = { + 'version': 1, + 'disable_existing_loggers': False, + 'formatters': { # All possible attributes are: https://docs.python.org/3/library/logging.html#logrecord-attributes + 'verbose': { + 'format': '%(asctime)s %(levelname)s %(module)s %(filename)s:%(lineno)d %(process)d %(thread)d %(message)s' + }, + 'simple': { + 'format': '%(asctime)s %(levelname)s %(filename)s:%(lineno)d %(message)s' + }, + }, + 'handlers': { + 'console': { + 'class': 'logging.StreamHandler', + 'formatter': 'simple' + }, + 'file1': { + 'level': 'INFO', # handler will ignore DEBUG (only process INFO, WARN, ERROR, CRITICAL, FATAL) + 'class': 'logging.FileHandler', + 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-info.log', + 'formatter': 'verbose' + }, + 'file2': { + 'level': 'DEBUG', + 'class': 'logging.FileHandler', + 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-debug.log', + 'formatter': 'verbose' + }, + 'file3': { + 'level': 'ERROR', + 'class': 'logging.FileHandler', + 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-requests.log', + 'formatter': 'verbose' + }, + 'file4': { + 'level': 'ERROR', + 'class': 'logging.FileHandler', + 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-db.log', + 'formatter': 'verbose' + } + }, + 'loggers': { + 'vvp-ci.logger': { + 'handlers': ['file1', 'file2', 'file3', 'file4','console'], + 'level': os.getenv('ICE_ICE_LOGGER_LEVEL', 'DEBUG'), + }, + 'django': { + 'handlers': ['console'], + 'level': os.getenv('ICE_DJANGO_LOGGER_LEVEL', 'DEBUG'), + }, + 'django.request': { + 'handlers': ['file3'], + 'level': os.getenv('ICE_ICE_REQUESTS_LOGGER_LEVEL', 'ERROR'), + }, + 'django.db.backends': { + 'handlers': ['file4'], + 'level': os.getenv('ICE_ICE_DB_LOGGER_LEVEL', 'ERROR'), + } + } +} + + +############################# +# ICE-CI Related Configuration +############################# +ICE_CONTACT_FROM_ADDRESS = os.getenv('ICE_CONTACT_FROM_ADDRESS') +ICE_CONTACT_EMAILS = list(os.getenv('ICE_CONTACT_EMAILS','user@example.com').split(',')) +ICE_CI_ENVIRONMENT_NAME = os.getenv('ICE_CI_ENVIRONMENT_NAME', 'Dev') # Dev / Docker / Staging +ICE_EM_URL = "{domain}/{prefix}".format(domain=os.environ['ICE_EM_DOMAIN_NAME'], prefix=PROGRAM_NAME_URL_PREFIX) +ICE_PORTAL_URL = os.environ['ICE_DOMAIN'] +EM_REST_URL = ICE_EM_URL + '/v1/engmgr/' + +#Number of test results presented in admin page. Illegal values: '0' or 'Null' +NUMBER_OF_TEST_RESULTS = int(os.getenv('NUMBER_OF_TEST_RESULTS', '30')) +ICE_BUILD_REPORT_NUM = os.getenv('ICE_BUILD_REPORT_NUM',"{:%Y-%m-%d-%H-%M-%S}".format(datetime.now())) +IS_JUMP_STATE=os.getenv('IS_JUMP_STATE', "True") +DATABASE_TYPE = 'sqlite' + +# FIXME: Does this authentication scheme actually gain us anything? What's the +# threat model +WEBHOOK_TOKEN = os.environ['SECRET_WEBHOOK_TOKEN'] + +# The authentication token and URL needed for us to issue requests to the GitLab API. +GITLAB_TOKEN = os.environ['SECRET_GITLAB_AUTH_TOKEN'] +GITLAB_URL = "http://vvp-gitlab/" + +JENKINS_URL = "http://vvp-jenkins:8080/" +JENKINS_USERNAME = "admin" +JENKINS_PASSWORD = os.environ['SECRET_JENKINS_PASSWORD'] + +AWS_S3_HOST = os.environ['S3_HOST'] +AWS_S3_PORT = int(os.environ['S3_PORT']) +AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST'] +AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID'] +AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY'] diff --git a/kubernetes/vvp/charts/vvp-ci-uwsgi/resources/config/ci/gunicorn.ini b/kubernetes/vvp/charts/vvp-ci-uwsgi/resources/config/ci/gunicorn.ini new file mode 100644 index 0000000000..556fd55713 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ci-uwsgi/resources/config/ci/gunicorn.ini @@ -0,0 +1,20 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +bind = ":8282" +chdir = '/app' +pidfile = '/tmp/ice-project-master.pid' +backlog = '5000' +errorlog = '-' +loglevel = 'info' diff --git a/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/configmap.yaml b/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/configmap.yaml new file mode 100644 index 0000000000..1d340532a4 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/configmap.yaml @@ -0,0 +1,30 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-settings + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/ci/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-secret + namespace: {{ include "common.namespace" . }} +type: Opaque +data: + admin_password: "Y2lhZG1pbnBhc3M=" diff --git a/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/deployment.yaml b/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/deployment.yaml new file mode 100644 index 0000000000..5c9df34f49 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/deployment.yaml @@ -0,0 +1,135 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + name: {{ .Release.Name }} + spec: + imagePullSecrets: + - name: onapkey + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + ports: + - containerPort: 80 + - containerPort: 8282 + - containerPort: 9000 + volumeMounts: + - name: ci-settings + mountPath: /opt/configmaps/settings/ + - name: site-crt + mountPath: /opt/secrets/site-crt/ + env: + - name: ICE_ENVIRONMENT + value: "development" + - name: PROGRAM_NAME_URL_PREFIX + value: "vvp" + - name: SERVICE_PROVIDER + value: "NA" + - name: PROGRAM_NAME + value: "VVP" + - name: SERVICE_PROVIDER_DOMAIN + value: "na.com" + - name: SECRET_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: key} + - name: EM_DB_HOST + value: postgresql + - name: EM_DB_PORT + value: "5432" + - name: EM_DB_NAME + value: icedb + - name: EM_DB_USER + value: "em_postgresuser" + - name: EM_DB_PASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: emPassword} + - name: CMS_DB_HOST + value: postgresql + - name: CMS_DB_PORT + value: "5432" + - name: CMS_DB_NAME + value: "icecmsdb" + - name: CMS_DB_USER + value: "cms_postgresuser" + - name: CMS_DB_PASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: cmsPassword} + - name: CI_DB_HOST + value: postgresql + - name: CI_DB_PORT + value: "5432" + - name: CI_DB_NAME + value: icedb + - name: CI_DB_USER + value: "em_postgresuser" + - name: CI_DB_PASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: ciPassword} + - name: STATIC_ROOT + value: "/app/htdocs" + - name: ICE_CONTACT_FROM_ADDRESS + value: "example" + - name: SECRET_WEBHOOK_TOKEN + valueFrom: + secretKeyRef: {name: em-secret, key: em_webhook_token} + - name: SECRET_GITLAB_AUTH_TOKEN + valueFrom: + secretKeyRef: {name: gitlab-password, key: auth-token} + - name: SECRET_JENKINS_PASSWORD + valueFrom: + secretKeyRef: {name: em-secret, key: jenkins_admin_password} + - name: ICE_DOMAIN + value: https://development.vvp.example.com + - name: ICE_EM_DOMAIN_NAME + value: https://development.vvp.example.com + - name: OAUTHLIB_INSECURE_TRANSPORT + value: "1" + - name: CI_ADMIN_USER + value: "ciadminuser" + - name: CI_ADMIN_MAIL + value: "ciadminmail@example.com" + - name: CI_ADMIN_PASSWORD + valueFrom: + secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: admin_password} + - name: S3_HOST + value: "dev-s3.vvp.example.com" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} + command: ["/app/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "web.wsgi:application", ] + volumes: + - name: ci-settings + configMap: + name: {{ include "common.fullname" . }}-settings + - name: site-crt + secret: + secretName: site-crt diff --git a/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/service.yaml b/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/service.yaml new file mode 100644 index 0000000000..a4260013a4 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/service.yaml @@ -0,0 +1,28 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName | default "http" }} + selector: + app: {{ include "common.name" . }} diff --git a/kubernetes/vvp/charts/vvp-ci-uwsgi/values.yaml b/kubernetes/vvp/charts/vvp-ci-uwsgi/values.yaml new file mode 100644 index 0000000000..7aa5881463 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ci-uwsgi/values.yaml @@ -0,0 +1,60 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/vvp/test-engine:1.0.0-latest +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + internalPort: 8282 + +ingress: + enabled: false |