diff options
Diffstat (limited to 'kubernetes/vvp/charts/vvp-imagescanner')
7 files changed, 0 insertions, 373 deletions
diff --git a/kubernetes/vvp/charts/vvp-imagescanner/Chart.yaml b/kubernetes/vvp/charts/vvp-imagescanner/Chart.yaml deleted file mode 100644 index f0b00dcf98..0000000000 --- a/kubernetes/vvp/charts/vvp-imagescanner/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: scan for validity and viruses on users files -name: vvp-imagescanner -version: 3.0.0 diff --git a/kubernetes/vvp/charts/vvp-imagescanner/requirements.yaml b/kubernetes/vvp/charts/vvp-imagescanner/requirements.yaml deleted file mode 100644 index 9f44c6df28..0000000000 --- a/kubernetes/vvp/charts/vvp-imagescanner/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~3.0.0 - repository: '@local' diff --git a/kubernetes/vvp/charts/vvp-imagescanner/resources/config/imagescanner/imagescannerconfig.py b/kubernetes/vvp/charts/vvp-imagescanner/resources/config/imagescanner/imagescannerconfig.py deleted file mode 100644 index 1777b13ae0..0000000000 --- a/kubernetes/vvp/charts/vvp-imagescanner/resources/config/imagescanner/imagescannerconfig.py +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import os -from pathlib import Path -from awsauth import S3Auth -# A mapping from host names to Requests Authentication Objects; see -# http://docs.python-requests.org/en/master/user/authentication/ -AUTHS = {} -if 'S3_HOST' in os.environ: - AUTHS[os.environ['S3_HOST']] = S3Auth( - os.environ['AWS_ACCESS_KEY_ID'], - os.environ['AWS_SECRET_ACCESS_KEY'], - service_url='https://%s/' % os.environ['S3_HOST'] - ) -LOGS_PATH = Path(os.environ['IMAGESCANNER_LOGS_PATH']) -STATUSFILE = LOGS_PATH/'status.txt' -# A dict passed as kwargs to jenkins.Jenkins constructor. -JENKINS = { - 'url': 'http://jenkins:8080', - 'username': 'admin', - 'password': os.environ['SECRET_JENKINS_PASSWORD'], - } diff --git a/kubernetes/vvp/charts/vvp-imagescanner/templates/configmap.yaml b/kubernetes/vvp/charts/vvp-imagescanner/templates/configmap.yaml deleted file mode 100644 index 59d60666ef..0000000000 --- a/kubernetes/vvp/charts/vvp-imagescanner/templates/configmap.yaml +++ /dev/null @@ -1,91 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: imagescanner-settings - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/imagescanner/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: slack-tokens - namespace: {{ include "common.namespace" . }} -type: Opaque -data: - notifications: "" ---- -kind: Secret -apiVersion: v1 -metadata: - name: imagescanner-ssh - namespace: {{ include "common.namespace" . }} -type: Opaque -data: - # FIXME the imagescanner really should have its own private key, but then we - # have to adjust the gitlab wrapper script to set two public keys as - # deploykeys. - id_ed25519: "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNDRDEwanpvNGlSZjF4bTYzSWxMSEpGeTVUK0FoUnVmenZLdmdpMEhwZ1RVQUFBQUpqV3dKZDkxc0NYCmZRQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDQ0QxMGp6bzRpUmYxeG02M0lsTEhKRnk1VCtBaFJ1Znp2S3ZnaTBIcGdUVUEKQUFBRUFXRktNV0xsNkZnRUJ1Zzk3MSthdE5ZQnQ4R2R1V3pDWWd0L2o5VHU0U2g0UFhTUE9qaUpGL1hHYnJjaVVzY2tYTApsUDRDRkc1L084cStDTFFlbUJOUUFBQUFFM0JoZFd4QVVHRjFiQ2R6SUUxaFl5QlFjbThCQWc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K" ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: site-certificate - namespace: {{ include "common.namespace" . }} -data: - site.crt: | - -----BEGIN CERTIFICATE----- - MIIDEDCCAfgCCQDhahVKE9/eUjANBgkqhkiG9w0BAQsFADBKMRAwDgYDVQQKDAdF - eGFtcGxlMRAwDgYDVQQLDAdleGFtcGxlMSQwIgYDVQQDDBtkZXZlbG9wbWVudC52 - dnAuZXhhbXBsZS5jb20wHhcNMTcxMjI0MTUzOTA3WhcNMTgxMjI0MTUzOTA3WjBK - MRAwDgYDVQQKDAdFeGFtcGxlMRAwDgYDVQQLDAdleGFtcGxlMSQwIgYDVQQDDBtk - ZXZlbG9wbWVudC52dnAuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB - DwAwggEKAoIBAQCkvNGXe+bdvL2kvrP2L3WABt2WCFoZ2Pn8Px0eEsRiJHVD0eWz - rgJYHFJu0C0cK9NYSKxVVI8LnKH7Ny5MFfM4Tqyr3UEOLs+fSwaAqM5tSyZU/tEK - ractA7bi9fDk2lkcs+LLuZMqGPZ37UZcZwsUQ0BONHP668LqkWqT9hNLIN4ejInr - 32WA3Y7hPNd8Cj+AaLt1x2cXYzi9hrE5l3h9ofkOpXsgDzeIHlp4jJ6kXXQf8UM5 - 1viqa2CWXHBHEG+5eftLSaeE6LAlNt5IJ6LcWEZgNtXr2es4LJC3FjXrv0gc04Cp - U2OfizpbhT11cLGaeXOq1cUCXNIb4FcJApoXAgMBAAEwDQYJKoZIhvcNAQELBQAD - ggEBAFGPDG9iurAhUKbFkY97xLA443U01bdwi7eAT5T9qo/RzOwcbuKWXVm1k5HK - CQO81nlLqLQwhI1+uTTmR41epuJxyGIaDgUySB+8fLzyRSIFaxKD+UeVPgipDNZs - h0sKSKrO6MoWzMLUYvdZRw6VIc+UpSCqPY+FKUBUHZtMpSFLnhHjRvVkiP4VvFXj - b7jQzHughzeITygws42fKK/MK7wQ6byaMVRbPbQKPAXNxd/UrSPeX+RzKRWOZ6R8 - Ulyp7dezXCP77UaTZTsxwlurPQIZNMshDxE/SbWt0Q1g28rj5KfAjoZs5Tg/gmQ8 - LLKI/b1OvKohaANGZ6We5U+ceeU= - -----END CERTIFICATE----- - wrapper.sh: | - #!/bin/sh - # This script is meant to be used as a wrapper, so that it can be easily - # used with docker or kubernetes' container command specification. - # - # Kubernetes' volumeMount creates symlinks for configMapped files at the - # target directory. - # Alpine's update-ca-certificates ignores symlinks. - # So we must contrive to copy the contents of the mounted cert (a symlink) - # into place as a normal file. - dev_cert="${0%/*}/site.crt" - echo >&2 "$0: Checking for site CA certificate at $dev_cert..." - if [ -s "$dev_cert" ]; then - echo >&2 "$0: Updating container CA certificate bundle with site certificate..." - cp -L "$dev_cert" /usr/local/share/ca-certificates/ - update-ca-certificates - else - echo >&2 "$0: No site CA certificate found." - fi - echo >&2 "$0: Launching command: $@" - exec "$@" - diff --git a/kubernetes/vvp/charts/vvp-imagescanner/templates/deployment.yaml b/kubernetes/vvp/charts/vvp-imagescanner/templates/deployment.yaml deleted file mode 100644 index d01a7d6960..0000000000 --- a/kubernetes/vvp/charts/vvp-imagescanner/templates/deployment.yaml +++ /dev/null @@ -1,123 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - name: {{ .Release.Name }} - spec: - imagePullSecrets: - - name: onapkey - containers: - - name: imagescanner-worker - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - command: - - "sh" - - "/opt/site-certificate/wrapper.sh" - - "/usr/local/bin/imagescanner-worker" - securityContext: - privileged: true - volumeMounts: - - name: imagescanner-ssh - mountPath: /root/.ssh - - name: dev - mountPath: /dev - - name: logs - mountPath: /var/log/imagescanner - - name: imagescanner-settings - mountPath: /opt/imagescanner-settings - - name: site-certificate - mountPath: /opt/site-certificate - env: - - name: PYTHONPATH - value: /opt/imagescanner-settings - - name: S3_HOST - value: "dev-s3.vvp.example.com" - - name: S3_PORT - value: "443" - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: {name: em-secret, key: aws_access_key_id} - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: {name: em-secret, key: aws_secret_access_key} - - name: SECRET_JENKINS_PASSWORD - value: '' - - name: REQUESTS_CA_BUNDLE - value: /etc/ssl/certs/ca-certificates.crt - - - name: notifications-worker - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - command: ["/usr/local/bin/notifications-worker"] - securityContext: - privileged: true - env: - - name: SLACK_TOKEN - valueFrom: - secretKeyRef: {name: slack-tokens, key: notifications} - - name: DOMAIN - value: "dev-em.vvp.example.com" - - name: PYTHONPATH - value: /opt/imagescanner-settings - - name: SECRET_JENKINS_PASSWORD - valueFrom: - secretKeyRef: {name: em-secret, key: jenkins_admin_password} - volumeMounts: - - name: imagescanner-settings - mountPath: /opt/imagescanner-settings - - - name: imagescanner-frontend - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - command: ["/usr/local/bin/imagescanner-frontend"] - securityContext: - privileged: true - ports: - - containerPort: 80 - volumeMounts: - - name: logs - mountPath: /var/log/imagescanner - - name: imagescanner-settings - mountPath: /opt/imagescanner-settings - env: - - name: DEFAULT_SLACK_CHANNEL - value: "#notifications" - - name: SECRET_JENKINS_PASSWORD - value: '' - - volumes: - - name: imagescanner-ssh - secret: - secretName: imagescanner-ssh - defaultMode: 0600 - - name: dev - hostPath: - path: /dev - - name: logs - emptyDir: {} - - name: imagescanner-settings - configMap: - name: imagescanner-settings - - name: site-certificate - configMap: - name: site-certificate diff --git a/kubernetes/vvp/charts/vvp-imagescanner/templates/service.yaml b/kubernetes/vvp/charts/vvp-imagescanner/templates/service.yaml deleted file mode 100644 index a4260013a4..0000000000 --- a/kubernetes/vvp/charts/vvp-imagescanner/templates/service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName | default "http" }} - selector: - app: {{ include "common.name" . }} diff --git a/kubernetes/vvp/charts/vvp-imagescanner/values.yaml b/kubernetes/vvp/charts/vvp-imagescanner/values.yaml deleted file mode 100644 index ed62413c4f..0000000000 --- a/kubernetes/vvp/charts/vvp-imagescanner/values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/vvp/image-scanner:1.0.0 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - internalPort: 80 - portName: web - -ingress: - enabled: false |