summaryrefslogtreecommitdiffstats
path: root/kubernetes/vvp/charts/vvp-imagescanner
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/vvp/charts/vvp-imagescanner')
-rw-r--r--kubernetes/vvp/charts/vvp-imagescanner/Chart.yaml18
-rw-r--r--kubernetes/vvp/charts/vvp-imagescanner/requirements.yaml18
-rw-r--r--kubernetes/vvp/charts/vvp-imagescanner/resources/config/imagescanner/imagescannerconfig.py34
-rw-r--r--kubernetes/vvp/charts/vvp-imagescanner/templates/configmap.yaml91
-rw-r--r--kubernetes/vvp/charts/vvp-imagescanner/templates/deployment.yaml123
-rw-r--r--kubernetes/vvp/charts/vvp-imagescanner/templates/service.yaml28
-rw-r--r--kubernetes/vvp/charts/vvp-imagescanner/values.yaml61
7 files changed, 0 insertions, 373 deletions
diff --git a/kubernetes/vvp/charts/vvp-imagescanner/Chart.yaml b/kubernetes/vvp/charts/vvp-imagescanner/Chart.yaml
deleted file mode 100644
index f0b00dcf98..0000000000
--- a/kubernetes/vvp/charts/vvp-imagescanner/Chart.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: scan for validity and viruses on users files
-name: vvp-imagescanner
-version: 3.0.0
diff --git a/kubernetes/vvp/charts/vvp-imagescanner/requirements.yaml b/kubernetes/vvp/charts/vvp-imagescanner/requirements.yaml
deleted file mode 100644
index 9f44c6df28..0000000000
--- a/kubernetes/vvp/charts/vvp-imagescanner/requirements.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~3.0.0
- repository: '@local'
diff --git a/kubernetes/vvp/charts/vvp-imagescanner/resources/config/imagescanner/imagescannerconfig.py b/kubernetes/vvp/charts/vvp-imagescanner/resources/config/imagescanner/imagescannerconfig.py
deleted file mode 100644
index 1777b13ae0..0000000000
--- a/kubernetes/vvp/charts/vvp-imagescanner/resources/config/imagescanner/imagescannerconfig.py
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import os
-from pathlib import Path
-from awsauth import S3Auth
-# A mapping from host names to Requests Authentication Objects; see
-# http://docs.python-requests.org/en/master/user/authentication/
-AUTHS = {}
-if 'S3_HOST' in os.environ:
- AUTHS[os.environ['S3_HOST']] = S3Auth(
- os.environ['AWS_ACCESS_KEY_ID'],
- os.environ['AWS_SECRET_ACCESS_KEY'],
- service_url='https://%s/' % os.environ['S3_HOST']
- )
-LOGS_PATH = Path(os.environ['IMAGESCANNER_LOGS_PATH'])
-STATUSFILE = LOGS_PATH/'status.txt'
-# A dict passed as kwargs to jenkins.Jenkins constructor.
-JENKINS = {
- 'url': 'http://jenkins:8080',
- 'username': 'admin',
- 'password': os.environ['SECRET_JENKINS_PASSWORD'],
- }
diff --git a/kubernetes/vvp/charts/vvp-imagescanner/templates/configmap.yaml b/kubernetes/vvp/charts/vvp-imagescanner/templates/configmap.yaml
deleted file mode 100644
index 59d60666ef..0000000000
--- a/kubernetes/vvp/charts/vvp-imagescanner/templates/configmap.yaml
+++ /dev/null
@@ -1,91 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: imagescanner-settings
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/imagescanner/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: slack-tokens
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
- notifications: ""
----
-kind: Secret
-apiVersion: v1
-metadata:
- name: imagescanner-ssh
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
- # FIXME the imagescanner really should have its own private key, but then we
- # have to adjust the gitlab wrapper script to set two public keys as
- # deploykeys.
- id_ed25519: "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNDRDEwanpvNGlSZjF4bTYzSWxMSEpGeTVUK0FoUnVmenZLdmdpMEhwZ1RVQUFBQUpqV3dKZDkxc0NYCmZRQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDQ0QxMGp6bzRpUmYxeG02M0lsTEhKRnk1VCtBaFJ1Znp2S3ZnaTBIcGdUVUEKQUFBRUFXRktNV0xsNkZnRUJ1Zzk3MSthdE5ZQnQ4R2R1V3pDWWd0L2o5VHU0U2g0UFhTUE9qaUpGL1hHYnJjaVVzY2tYTApsUDRDRkc1L084cStDTFFlbUJOUUFBQUFFM0JoZFd4QVVHRjFiQ2R6SUUxaFl5QlFjbThCQWc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K"
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: site-certificate
- namespace: {{ include "common.namespace" . }}
-data:
- site.crt: |
- -----BEGIN CERTIFICATE-----
- MIIDEDCCAfgCCQDhahVKE9/eUjANBgkqhkiG9w0BAQsFADBKMRAwDgYDVQQKDAdF
- eGFtcGxlMRAwDgYDVQQLDAdleGFtcGxlMSQwIgYDVQQDDBtkZXZlbG9wbWVudC52
- dnAuZXhhbXBsZS5jb20wHhcNMTcxMjI0MTUzOTA3WhcNMTgxMjI0MTUzOTA3WjBK
- MRAwDgYDVQQKDAdFeGFtcGxlMRAwDgYDVQQLDAdleGFtcGxlMSQwIgYDVQQDDBtk
- ZXZlbG9wbWVudC52dnAuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
- DwAwggEKAoIBAQCkvNGXe+bdvL2kvrP2L3WABt2WCFoZ2Pn8Px0eEsRiJHVD0eWz
- rgJYHFJu0C0cK9NYSKxVVI8LnKH7Ny5MFfM4Tqyr3UEOLs+fSwaAqM5tSyZU/tEK
- ractA7bi9fDk2lkcs+LLuZMqGPZ37UZcZwsUQ0BONHP668LqkWqT9hNLIN4ejInr
- 32WA3Y7hPNd8Cj+AaLt1x2cXYzi9hrE5l3h9ofkOpXsgDzeIHlp4jJ6kXXQf8UM5
- 1viqa2CWXHBHEG+5eftLSaeE6LAlNt5IJ6LcWEZgNtXr2es4LJC3FjXrv0gc04Cp
- U2OfizpbhT11cLGaeXOq1cUCXNIb4FcJApoXAgMBAAEwDQYJKoZIhvcNAQELBQAD
- ggEBAFGPDG9iurAhUKbFkY97xLA443U01bdwi7eAT5T9qo/RzOwcbuKWXVm1k5HK
- CQO81nlLqLQwhI1+uTTmR41epuJxyGIaDgUySB+8fLzyRSIFaxKD+UeVPgipDNZs
- h0sKSKrO6MoWzMLUYvdZRw6VIc+UpSCqPY+FKUBUHZtMpSFLnhHjRvVkiP4VvFXj
- b7jQzHughzeITygws42fKK/MK7wQ6byaMVRbPbQKPAXNxd/UrSPeX+RzKRWOZ6R8
- Ulyp7dezXCP77UaTZTsxwlurPQIZNMshDxE/SbWt0Q1g28rj5KfAjoZs5Tg/gmQ8
- LLKI/b1OvKohaANGZ6We5U+ceeU=
- -----END CERTIFICATE-----
- wrapper.sh: |
- #!/bin/sh
- # This script is meant to be used as a wrapper, so that it can be easily
- # used with docker or kubernetes' container command specification.
- #
- # Kubernetes' volumeMount creates symlinks for configMapped files at the
- # target directory.
- # Alpine's update-ca-certificates ignores symlinks.
- # So we must contrive to copy the contents of the mounted cert (a symlink)
- # into place as a normal file.
- dev_cert="${0%/*}/site.crt"
- echo >&2 "$0: Checking for site CA certificate at $dev_cert..."
- if [ -s "$dev_cert" ]; then
- echo >&2 "$0: Updating container CA certificate bundle with site certificate..."
- cp -L "$dev_cert" /usr/local/share/ca-certificates/
- update-ca-certificates
- else
- echo >&2 "$0: No site CA certificate found."
- fi
- echo >&2 "$0: Launching command: $@"
- exec "$@"
-
diff --git a/kubernetes/vvp/charts/vvp-imagescanner/templates/deployment.yaml b/kubernetes/vvp/charts/vvp-imagescanner/templates/deployment.yaml
deleted file mode 100644
index d01a7d6960..0000000000
--- a/kubernetes/vvp/charts/vvp-imagescanner/templates/deployment.yaml
+++ /dev/null
@@ -1,123 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- name: {{ .Release.Name }}
- spec:
- imagePullSecrets:
- - name: onapkey
- containers:
- - name: imagescanner-worker
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- command:
- - "sh"
- - "/opt/site-certificate/wrapper.sh"
- - "/usr/local/bin/imagescanner-worker"
- securityContext:
- privileged: true
- volumeMounts:
- - name: imagescanner-ssh
- mountPath: /root/.ssh
- - name: dev
- mountPath: /dev
- - name: logs
- mountPath: /var/log/imagescanner
- - name: imagescanner-settings
- mountPath: /opt/imagescanner-settings
- - name: site-certificate
- mountPath: /opt/site-certificate
- env:
- - name: PYTHONPATH
- value: /opt/imagescanner-settings
- - name: S3_HOST
- value: "dev-s3.vvp.example.com"
- - name: S3_PORT
- value: "443"
- - name: AWS_ACCESS_KEY_ID
- valueFrom:
- secretKeyRef: {name: em-secret, key: aws_access_key_id}
- - name: AWS_SECRET_ACCESS_KEY
- valueFrom:
- secretKeyRef: {name: em-secret, key: aws_secret_access_key}
- - name: SECRET_JENKINS_PASSWORD
- value: ''
- - name: REQUESTS_CA_BUNDLE
- value: /etc/ssl/certs/ca-certificates.crt
-
- - name: notifications-worker
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- command: ["/usr/local/bin/notifications-worker"]
- securityContext:
- privileged: true
- env:
- - name: SLACK_TOKEN
- valueFrom:
- secretKeyRef: {name: slack-tokens, key: notifications}
- - name: DOMAIN
- value: "dev-em.vvp.example.com"
- - name: PYTHONPATH
- value: /opt/imagescanner-settings
- - name: SECRET_JENKINS_PASSWORD
- valueFrom:
- secretKeyRef: {name: em-secret, key: jenkins_admin_password}
- volumeMounts:
- - name: imagescanner-settings
- mountPath: /opt/imagescanner-settings
-
- - name: imagescanner-frontend
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- command: ["/usr/local/bin/imagescanner-frontend"]
- securityContext:
- privileged: true
- ports:
- - containerPort: 80
- volumeMounts:
- - name: logs
- mountPath: /var/log/imagescanner
- - name: imagescanner-settings
- mountPath: /opt/imagescanner-settings
- env:
- - name: DEFAULT_SLACK_CHANNEL
- value: "#notifications"
- - name: SECRET_JENKINS_PASSWORD
- value: ''
-
- volumes:
- - name: imagescanner-ssh
- secret:
- secretName: imagescanner-ssh
- defaultMode: 0600
- - name: dev
- hostPath:
- path: /dev
- - name: logs
- emptyDir: {}
- - name: imagescanner-settings
- configMap:
- name: imagescanner-settings
- - name: site-certificate
- configMap:
- name: site-certificate
diff --git a/kubernetes/vvp/charts/vvp-imagescanner/templates/service.yaml b/kubernetes/vvp/charts/vvp-imagescanner/templates/service.yaml
deleted file mode 100644
index a4260013a4..0000000000
--- a/kubernetes/vvp/charts/vvp-imagescanner/templates/service.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName | default "http" }}
- selector:
- app: {{ include "common.name" . }}
diff --git a/kubernetes/vvp/charts/vvp-imagescanner/values.yaml b/kubernetes/vvp/charts/vvp-imagescanner/values.yaml
deleted file mode 100644
index ed62413c4f..0000000000
--- a/kubernetes/vvp/charts/vvp-imagescanner/values.yaml
+++ /dev/null
@@ -1,61 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/vvp/image-scanner:1.0.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- internalPort: 80
- portName: web
-
-ingress:
- enabled: false