diff options
Diffstat (limited to 'kubernetes/vvp/charts')
67 files changed, 3814 insertions, 0 deletions
diff --git a/kubernetes/vvp/charts/vvp-ci-uwsgi/Chart.yaml b/kubernetes/vvp/charts/vvp-ci-uwsgi/Chart.yaml new file mode 100644 index 0000000000..5304ccb55f --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ci-uwsgi/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: end-to-end flow tests based on Seleniunm +name: vvp-ci-uwsgi +version: 3.0.0 diff --git a/kubernetes/vvp/charts/vvp-ci-uwsgi/resources/config/ci/__init__.py b/kubernetes/vvp/charts/vvp-ci-uwsgi/resources/config/ci/__init__.py new file mode 100644 index 0000000000..8b70506f6c --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ci-uwsgi/resources/config/ci/__init__.py @@ -0,0 +1,278 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import os +from datetime import datetime + +# With this file at web/settings/__init__.py, we need three applications of +# dirname() to find the project root. +PROJECT_PATH = os.path.realpath(os.path.dirname(os.path.dirname(os.path.dirname(__file__)))) +LOGS_PATH = os.path.join(PROJECT_PATH, "logs") + +ICE_ENVIRONMENT = os.environ['ICE_ENVIRONMENT'] +PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX'] +SERVICE_PROVIDER = os.environ['SERVICE_PROVIDER'] +PROGRAM_NAME = os.environ['PROGRAM_NAME'] +SERVICE_PROVIDER_DOMAIN = os.environ['SERVICE_PROVIDER_DOMAIN'] + +# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/ +SECRET_KEY = os.environ["SECRET_KEY"] + +# https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts +# Anything in the Host header that does not match our expected domain should +# raise SuspiciousOperation exception. +ALLOWED_HOSTS = ['*'] + +if ICE_ENVIRONMENT == 'production': + DEBUG = False + + EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' + EMAIL_HOST = os.environ.get('ICE_EMAIL_HOST') + EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD'] + EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER'] + EMAIL_PORT = os.environ['EMAIL_PORT'] +else: + DEBUG = True + EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' + + +# Note: Only SSL email backends are allowed +EMAIL_USE_SSL = True + +REST_FRAMEWORK = { + 'DEFAULT_AUTHENTICATION_CLASSES': ( + 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', + ), + 'PAGE_SIZE': 10, + # Use Django's standard `django.contrib.auth` permissions, + # or allow read-only access for unauthenticated users. + 'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAdminUser',), +} +APPEND_SLASH = False + +# Application definition + +INSTALLED_APPS = [ + + 'django.contrib.auth', + 'django.contrib.contenttypes', # required by d.c.admin + 'django.contrib.sessions', # required by d.c.admin + 'django.contrib.messages', # required by d.c.admin + 'django.contrib.staticfiles', + 'django.contrib.admin', # django admin site + 'rest_framework', + 'iceci.apps.IceCiConfig', +] + +MIDDLEWARE_CLASSES = [ + 'django.middleware.security.SecurityMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', +] + +ROOT_URLCONF = 'web.urls' + +TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [PROJECT_PATH + '/web/templates'], + 'APP_DIRS': True, + 'OPTIONS': { + 'context_processors': [ + 'django.template.context_processors.debug', + 'django.template.context_processors.request', + 'django.contrib.auth.context_processors.auth', # required by d.c.admin + 'django.contrib.messages.context_processors.messages', # required by d.c.admin + ], + }, + }, +] + +WSGI_APPLICATION = 'web.wsgi.application' + +# Database +# https://docs.djangoproject.com/en/1.9/ref/settings/#databases + +DATABASES = { + 'default': { # CI DB details. + 'NAME': '/app/ice_ci_db.db' , + 'ENGINE': 'django.db.backends.sqlite3', + 'TEST_NAME': '/app/ice_ci_db.db', + }, +} +SINGLETONE_DB = { + 'default': { # CI DB details. + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': os.environ.get('CI_DB_NAME', 'ice_ci_db'), + 'USER': os.environ.get('CI_DB_USER', 'iceci'), + 'PASSWORD': os.environ.get('CI_DB_PASSWORD', 'Aa123456'), + 'HOST': os.environ.get('CI_DB_HOST', 'localhost'), + 'PORT': os.environ.get('CI_DB_PORT', '5433'), + }, + 'em_db': { # ICE DB details. + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': os.environ.get('EM_DB_NAME', 'icedb'), + 'USER': os.environ.get('EM_DB_USER', 'iceuser'), + 'PASSWORD': os.environ.get('EM_DB_PASSWORD', 'Aa123456'), + 'HOST': os.environ.get('EM_DB_HOST', 'localhost'), + 'PORT': os.environ.get('EM_DB_PORT', '5433'), + }, + 'cms_db': { # ICE CMS details. + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': os.environ.get('CMS_DB_NAME', 'icecmsdb'), + 'USER': os.environ.get('CMS_DB_USER', 'icecmsuser'), + 'PASSWORD': os.environ.get('CMS_DB_PASSWORD', 'Aa123456'), + 'HOST': os.environ.get('CMS_DB_HOST', 'localhost'), + 'PORT': os.environ.get('CMS_DB_PORT', '5433'), + } +} + +# Password validation +# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators + +AUTH_PASSWORD_VALIDATORS = [ + { + 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', + }, +] + + +# Internationalization +# https://docs.djangoproject.com/en/1.9/topics/i18n/ + +LANGUAGE_CODE = 'en-us' + +TIME_ZONE = 'UTC' + +USE_I18N = True + +USE_L10N = True + +USE_TZ = False + + +# Static files (CSS, JavaScript, Images) +# https://docs.djangoproject.com/en/1.9/howto/static-files/ +STATIC_ROOT = os.environ['STATIC_ROOT'] +STATIC_URL = '/static/' + +LOGGING = { + 'version': 1, + 'disable_existing_loggers': False, + 'formatters': { # All possible attributes are: https://docs.python.org/3/library/logging.html#logrecord-attributes + 'verbose': { + 'format': '%(asctime)s %(levelname)s %(module)s %(filename)s:%(lineno)d %(process)d %(thread)d %(message)s' + }, + 'simple': { + 'format': '%(asctime)s %(levelname)s %(filename)s:%(lineno)d %(message)s' + }, + }, + 'handlers': { + 'console': { + 'class': 'logging.StreamHandler', + 'formatter': 'simple' + }, + 'file1': { + 'level': 'INFO', # handler will ignore DEBUG (only process INFO, WARN, ERROR, CRITICAL, FATAL) + 'class': 'logging.FileHandler', + 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-info.log', + 'formatter': 'verbose' + }, + 'file2': { + 'level': 'DEBUG', + 'class': 'logging.FileHandler', + 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-debug.log', + 'formatter': 'verbose' + }, + 'file3': { + 'level': 'ERROR', + 'class': 'logging.FileHandler', + 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-requests.log', + 'formatter': 'verbose' + }, + 'file4': { + 'level': 'ERROR', + 'class': 'logging.FileHandler', + 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-db.log', + 'formatter': 'verbose' + } + }, + 'loggers': { + 'vvp-ci.logger': { + 'handlers': ['file1', 'file2', 'file3', 'file4','console'], + 'level': os.getenv('ICE_ICE_LOGGER_LEVEL', 'DEBUG'), + }, + 'django': { + 'handlers': ['console'], + 'level': os.getenv('ICE_DJANGO_LOGGER_LEVEL', 'DEBUG'), + }, + 'django.request': { + 'handlers': ['file3'], + 'level': os.getenv('ICE_ICE_REQUESTS_LOGGER_LEVEL', 'ERROR'), + }, + 'django.db.backends': { + 'handlers': ['file4'], + 'level': os.getenv('ICE_ICE_DB_LOGGER_LEVEL', 'ERROR'), + } + } +} + + +############################# +# ICE-CI Related Configuration +############################# +ICE_CONTACT_FROM_ADDRESS = os.getenv('ICE_CONTACT_FROM_ADDRESS') +ICE_CONTACT_EMAILS = list(os.getenv('ICE_CONTACT_EMAILS','user@example.com').split(',')) +ICE_CI_ENVIRONMENT_NAME = os.getenv('ICE_CI_ENVIRONMENT_NAME', 'Dev') # Dev / Docker / Staging +ICE_EM_URL = "{domain}/{prefix}".format(domain=os.environ['ICE_EM_DOMAIN_NAME'], prefix=PROGRAM_NAME_URL_PREFIX) +ICE_PORTAL_URL = os.environ['ICE_DOMAIN'] +EM_REST_URL = ICE_EM_URL + '/v1/engmgr/' + +#Number of test results presented in admin page. Illegal values: '0' or 'Null' +NUMBER_OF_TEST_RESULTS = int(os.getenv('NUMBER_OF_TEST_RESULTS', '30')) +ICE_BUILD_REPORT_NUM = os.getenv('ICE_BUILD_REPORT_NUM',"{:%Y-%m-%d-%H-%M-%S}".format(datetime.now())) +IS_JUMP_STATE=os.getenv('IS_JUMP_STATE', "True") +DATABASE_TYPE = 'sqlite' + +# FIXME: Does this authentication scheme actually gain us anything? What's the +# threat model +WEBHOOK_TOKEN = os.environ['SECRET_WEBHOOK_TOKEN'] + +# The authentication token and URL needed for us to issue requests to the GitLab API. +GITLAB_TOKEN = os.environ['SECRET_GITLAB_AUTH_TOKEN'] +GITLAB_URL = "http://vvp-gitlab/" + +JENKINS_URL = "http://vvp-jenkins:8080/" +JENKINS_USERNAME = "admin" +JENKINS_PASSWORD = os.environ['SECRET_JENKINS_PASSWORD'] + +AWS_S3_HOST = os.environ['S3_HOST'] +AWS_S3_PORT = int(os.environ['S3_PORT']) +AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST'] +AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID'] +AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY'] diff --git a/kubernetes/vvp/charts/vvp-ci-uwsgi/resources/config/ci/gunicorn.ini b/kubernetes/vvp/charts/vvp-ci-uwsgi/resources/config/ci/gunicorn.ini new file mode 100644 index 0000000000..556fd55713 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ci-uwsgi/resources/config/ci/gunicorn.ini @@ -0,0 +1,20 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +bind = ":8282" +chdir = '/app' +pidfile = '/tmp/ice-project-master.pid' +backlog = '5000' +errorlog = '-' +loglevel = 'info' diff --git a/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/configmap.yaml b/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/configmap.yaml new file mode 100644 index 0000000000..1d340532a4 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/configmap.yaml @@ -0,0 +1,30 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-settings + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/ci/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-secret + namespace: {{ include "common.namespace" . }} +type: Opaque +data: + admin_password: "Y2lhZG1pbnBhc3M=" diff --git a/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/deployment.yaml b/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/deployment.yaml new file mode 100644 index 0000000000..5c9df34f49 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/deployment.yaml @@ -0,0 +1,135 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + name: {{ .Release.Name }} + spec: + imagePullSecrets: + - name: onapkey + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + ports: + - containerPort: 80 + - containerPort: 8282 + - containerPort: 9000 + volumeMounts: + - name: ci-settings + mountPath: /opt/configmaps/settings/ + - name: site-crt + mountPath: /opt/secrets/site-crt/ + env: + - name: ICE_ENVIRONMENT + value: "development" + - name: PROGRAM_NAME_URL_PREFIX + value: "vvp" + - name: SERVICE_PROVIDER + value: "NA" + - name: PROGRAM_NAME + value: "VVP" + - name: SERVICE_PROVIDER_DOMAIN + value: "na.com" + - name: SECRET_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: key} + - name: EM_DB_HOST + value: postgresql + - name: EM_DB_PORT + value: "5432" + - name: EM_DB_NAME + value: icedb + - name: EM_DB_USER + value: "em_postgresuser" + - name: EM_DB_PASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: emPassword} + - name: CMS_DB_HOST + value: postgresql + - name: CMS_DB_PORT + value: "5432" + - name: CMS_DB_NAME + value: "icecmsdb" + - name: CMS_DB_USER + value: "cms_postgresuser" + - name: CMS_DB_PASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: cmsPassword} + - name: CI_DB_HOST + value: postgresql + - name: CI_DB_PORT + value: "5432" + - name: CI_DB_NAME + value: icedb + - name: CI_DB_USER + value: "em_postgresuser" + - name: CI_DB_PASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: ciPassword} + - name: STATIC_ROOT + value: "/app/htdocs" + - name: ICE_CONTACT_FROM_ADDRESS + value: "example" + - name: SECRET_WEBHOOK_TOKEN + valueFrom: + secretKeyRef: {name: em-secret, key: em_webhook_token} + - name: SECRET_GITLAB_AUTH_TOKEN + valueFrom: + secretKeyRef: {name: gitlab-password, key: auth-token} + - name: SECRET_JENKINS_PASSWORD + valueFrom: + secretKeyRef: {name: em-secret, key: jenkins_admin_password} + - name: ICE_DOMAIN + value: https://development.vvp.example.com + - name: ICE_EM_DOMAIN_NAME + value: https://development.vvp.example.com + - name: OAUTHLIB_INSECURE_TRANSPORT + value: "1" + - name: CI_ADMIN_USER + value: "ciadminuser" + - name: CI_ADMIN_MAIL + value: "ciadminmail@example.com" + - name: CI_ADMIN_PASSWORD + valueFrom: + secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: admin_password} + - name: S3_HOST + value: "dev-s3.vvp.example.com" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} + command: ["/app/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "web.wsgi:application", ] + volumes: + - name: ci-settings + configMap: + name: {{ include "common.fullname" . }}-settings + - name: site-crt + secret: + secretName: site-crt diff --git a/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/service.yaml b/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/service.yaml new file mode 100644 index 0000000000..a4260013a4 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ci-uwsgi/templates/service.yaml @@ -0,0 +1,28 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName | default "http" }} + selector: + app: {{ include "common.name" . }} diff --git a/kubernetes/vvp/charts/vvp-ci-uwsgi/values.yaml b/kubernetes/vvp/charts/vvp-ci-uwsgi/values.yaml new file mode 100644 index 0000000000..1b58dd52aa --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ci-uwsgi/values.yaml @@ -0,0 +1,60 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/vvp/test-engine:1.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + internalPort: 8282 + +ingress: + enabled: false diff --git a/kubernetes/vvp/charts/vvp-cms-uwsgi/Chart.yaml b/kubernetes/vvp/charts/vvp-cms-uwsgi/Chart.yaml new file mode 100644 index 0000000000..3adf9a2514 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-cms-uwsgi/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: backend uwsgi server which hosts django application +name: vvp-cms-uwsgi +version: 3.0.0 diff --git a/kubernetes/vvp/charts/vvp-cms-uwsgi/resources/config/cms/__init__.py b/kubernetes/vvp/charts/vvp-cms-uwsgi/resources/config/cms/__init__.py new file mode 100644 index 0000000000..b583985739 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-cms-uwsgi/resources/config/cms/__init__.py @@ -0,0 +1,395 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, unicode_literals +import os +from cms.envbool import envbool + +from django import VERSION as DJANGO_VERSION +from django.utils.translation import ugettext_lazy as _ +from boto.s3.connection import OrdinaryCallingFormat + + +###################### +# MEZZANINE SETTINGS # +###################### + +# The following settings are already defined with default values in +# the ``defaults.py`` module within each of Mezzanine's apps, but are +# common enough to be put here, commented out, for conveniently +# overriding. Please consult the settings documentation for a full list +# of settings Mezzanine implements: +# http://mezzanine.jupo.org/docs/configuration.html#default-settings + +# Controls the ordering and grouping of the admin menu. +# +# ADMIN_MENU_ORDER = ( +# ("Content", ("pages.Page", "blog.BlogPost", +# "generic.ThreadedComment", (_("Media Library"), "media-library"),)), +# ("Site", ("sites.Site", "redirects.Redirect", "conf.Setting")), +# ("Users", ("auth.User", "auth.Group",)), +# ) + +# A three item sequence, each containing a sequence of template tags +# used to render the admin dashboard. +# +# DASHBOARD_TAGS = ( +# ("blog_tags.quick_blog", "mezzanine_tags.app_list"), +# ("comment_tags.recent_comments",), +# ("mezzanine_tags.recent_actions",), +# ) + +# A sequence of templates used by the ``page_menu`` template tag. Each +# item in the sequence is a three item sequence, containing a unique ID +# for the template, a label for the template, and the template path. +# These templates are then available for selection when editing which +# menus a page should appear in. Note that if a menu template is used +# that doesn't appear in this setting, all pages will appear in it. + +# PAGE_MENU_TEMPLATES = ( +# (1, _("Top navigation bar"), "pages/menus/dropdown.html"), +# (2, _("Left-hand tree"), "pages/menus/tree.html"), +# (3, _("Footer"), "pages/menus/footer.html"), +# ) + +# A sequence of fields that will be injected into Mezzanine's (or any +# library's) models. Each item in the sequence is a four item sequence. +# The first two items are the dotted path to the model and its field +# name to be added, and the dotted path to the field class to use for +# the field. The third and fourth items are a sequence of positional +# args and a dictionary of keyword args, to use when creating the +# field instance. When specifying the field class, the path +# ``django.models.db.`` can be omitted for regular Django model fields. +# +# EXTRA_MODEL_FIELDS = ( +# ( +# # Dotted path to field. +# "mezzanine.blog.models.BlogPost.image", +# # Dotted path to field class. +# "somelib.fields.ImageField", +# # Positional args for field class. +# (_("Image"),), +# # Keyword args for field class. +# {"blank": True, "upload_to": "blog"}, +# ), +# # Example of adding a field to *all* of Mezzanine's content types: +# ( +# "mezzanine.pages.models.Page.another_field", +# "IntegerField", # 'django.db.models.' is implied if path is omitted. +# (_("Another name"),), +# {"blank": True, "default": 1}, +# ), +# ) + +# Setting to turn on featured images for blog posts. Defaults to False. +# +# BLOG_USE_FEATURED_IMAGE = True + +# If True, the django-modeltranslation will be added to the +# INSTALLED_APPS setting. +USE_MODELTRANSLATION = False + + +######################## +# MAIN DJANGO SETTINGS # +######################## + +# Hosts/domain names that are valid for this site; required if DEBUG is False +# See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts +ALLOWED_HOSTS = ['*'] + +# Set UTC time zone: +TIME_ZONE = 'UTC' +USE_TZ = True + +# Local time zone for this installation. Choices can be found here: +# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name +# although not all choices may be available on all operating systems. +# On Unix systems, a value of None will cause Django to use the same +# timezone as the operating system. +# If running in a Windows environment this must be set to the same as your +# system time zone. +TIME_ZONE = 'UTC' + +# If you set this to True, Django will use timezone-aware datetimes. +USE_TZ = True + +# Language code for this installation. All choices can be found here: +# http://www.i18nguy.com/unicode/language-identifiers.html +LANGUAGE_CODE = "en" + +# Supported languages +LANGUAGES = ( + ('en', _('English')), +) + +ENVIRONMENT = os.environ['ENVIRONMENT'] + +# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/ +SECRET_KEY = os.environ["SECRET_KEY"] + +# A boolean that turns on/off debug mode. When set to ``True``, stack traces +# are displayed for error pages. Should always be set to ``False`` in +# production. Best set to ``True`` in local_settings.py +DEBUG = envbool('DJANGO_DEBUG_MODE', False) + +# Note: Only SSL email backends are allowed +EMAIL_USE_SSL = True + +# Whether a user's session cookie expires when the Web browser is closed. +SESSION_EXPIRE_AT_BROWSER_CLOSE = True + +SITE_ID = 1 + +# If you set this to False, Django will make some optimizations so as not +# to load the internationalization machinery. +USE_I18N = False + +AUTHENTICATION_BACKENDS = ("mezzanine.core.auth_backends.MezzanineBackend",) + +# The numeric mode to set newly-uploaded files to. The value should be +# a mode you'd pass directly to os.chmod. +FILE_UPLOAD_PERMISSIONS = 0o644 + + +############# +# DATABASES # +############# + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': os.environ['PGDATABASE'], + 'USER': os.environ['PGUSER'], + 'PASSWORD': os.environ['PGPASSWORD'], + 'HOST': os.environ['PGHOST'], + 'PORT': os.environ['PGPORT'], + } +} + + +######### +# PATHS # +######### + +# Full filesystem path to the project. +PROJECT_APP_PATH = os.path.dirname(os.path.abspath(__file__)) +PROJECT_APP = os.path.basename(PROJECT_APP_PATH) +PROJECT_ROOT = BASE_DIR = os.path.dirname(PROJECT_APP_PATH) + +# Every cache key will get prefixed with this value - here we set it to +# the name of the directory the project is in to try and use something +# project specific. +CACHE_MIDDLEWARE_KEY_PREFIX = PROJECT_APP + +# Package/module name to import the root urlpatterns from for the project. +ROOT_URLCONF = 'cms.urls' + +TEMPLATES = [ + { + "BACKEND": "django.template.backends.django.DjangoTemplates", + "DIRS": [ + os.path.join(PROJECT_ROOT, "templates") + ], + "APP_DIRS": True, + "OPTIONS": { + "context_processors": [ + "django.contrib.auth.context_processors.auth", + "django.contrib.messages.context_processors.messages", + "django.template.context_processors.debug", + "django.template.context_processors.i18n", + "django.template.context_processors.static", + "django.template.context_processors.media", + "django.template.context_processors.request", + "django.template.context_processors.tz", + "mezzanine.conf.context_processors.settings", + "mezzanine.pages.context_processors.page", + ], + "builtins": [ + "mezzanine.template.loader_tags", + ], + }, + }, +] + +if DJANGO_VERSION < (1, 9): + del TEMPLATES[0]["OPTIONS"]["builtins"] + + +################ +# APPLICATIONS # +################ + +INSTALLED_APPS = ( + "mezzanine_api", + "rest_framework", + "rest_framework_swagger", + "oauth2_provider", + "django.contrib.admin", + "django.contrib.auth", + "django.contrib.contenttypes", + "django.contrib.redirects", + "django.contrib.sessions", + "django.contrib.sites", + "django.contrib.sitemaps", + "django.contrib.staticfiles", + "mezzanine.boot", + "mezzanine.conf", + "mezzanine.core", + "mezzanine.generic", + "mezzanine.pages", + "mezzanine.blog", + "mezzanine.forms", + "mezzanine.galleries", + "mezzanine.twitter", + # "mezzanine.accounts", + # "mezzanine.mobile", + "cms" , + "storages", +) + +# List of middleware classes to use. Order is important; in the request phase, +# these middleware classes will be applied in the order given, and in the +# response phase the middleware will be applied in reverse order. +MIDDLEWARE_CLASSES = ( + "mezzanine.core.middleware.UpdateCacheMiddleware", + "mezzanine_api.middleware.ApiMiddleware", + 'django.contrib.sessions.middleware.SessionMiddleware', + # Uncomment if using internationalisation or localisation + # 'django.middleware.locale.LocaleMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + + "mezzanine.core.request.CurrentRequestMiddleware", + "mezzanine.core.middleware.RedirectFallbackMiddleware", + "mezzanine.core.middleware.TemplateForDeviceMiddleware", + "mezzanine.core.middleware.TemplateForHostMiddleware", + "mezzanine.core.middleware.AdminLoginInterfaceSelectorMiddleware", + "mezzanine.core.middleware.SitePermissionMiddleware", + "mezzanine.pages.middleware.PageMiddleware", + "mezzanine.core.middleware.FetchFromCacheMiddleware", +) + +# Store these package names here as they may change in the future since +# at the moment we are using custom forks of them. +PACKAGE_NAME_FILEBROWSER = "filebrowser_safe" +PACKAGE_NAME_GRAPPELLI = "grappelli_safe" + +######################### +# OPTIONAL APPLICATIONS # +######################### + +# These will be added to ``INSTALLED_APPS``, only if available. +OPTIONAL_APPS = ( + "debug_toolbar", + "django_extensions", + "compressor", + PACKAGE_NAME_FILEBROWSER, + PACKAGE_NAME_GRAPPELLI, +) + +##################### +# REST API SETTINGS # +##################### +try: + from mezzanine_api.settings import * +except ImportError: + pass + + +################## +# LOCAL SETTINGS # +################## + +# Allow any settings to be defined in local_settings.py which should be +# ignored in your version control system allowing for settings to be +# defined per ma chine. + +# Instead of doing "from .local_settings import *", we use exec so that +# local_settings has full access to everything defined in this module. +# Also force into sys.modules so it's visible to Django's autoreload. + +f = os.path.join(PROJECT_APP_PATH, "local_settings/__init__.py") +if os.path.exists(f): + import sys + import imp + module_name = "%s.local_settings" % PROJECT_APP + module = imp.new_module(module_name) + module.__file__ = f + sys.modules[module_name] = module + exec(open(f, "rb").read()) + + +#################### +# DYNAMIC SETTINGS # +#################### + +# set_dynamic_settings() will rewrite globals based on what has been +# defined so far, in order to provide some better defaults where +# applicable. We also allow this settings module to be imported +# without Mezzanine installed, as the case may be when using the +# fabfile, where setting the dynamic settings below isn't strictly +# required. +try: + from mezzanine.utils.conf import set_dynamic_settings +except ImportError: + pass +else: + set_dynamic_settings(globals()) + +# default settings for mezzanine +NEVERCACHE_KEY = os.getenv('CMS_NEVERCACHE_KEY', ''), +# Application User +CMS_APP_USER = os.getenv('CMS_APP_USER') +CMS_APP_USER_PASSWORD = os.getenv('CMS_APP_USER_PASSWORD') +CMS_APP_USER_MAIL = os.getenv('CMS_APP_USER_MAIL') +# Client App (EM) +CMS_APP_CLIENT_ID = os.getenv('CMS_APP_CLIENT_ID') +CMS_APP_CLIENT_SECRET = os.getenv('CMS_APP_CLIENT_SECRET') +CMS_APP_NAME = 'Engagement_Manager_App' +REST_FRAMEWORK['DEFAULT_RENDERER_CLASSES'] = ( + 'rest_framework.renderers.JSONRenderer', +) + +# S3 configuration for static resources storage and media upload + +# used by our custom storage.py +MEDIA_BUCKET = "cms-media" +STATIC_BUCKET = "cms-static" + +# django-storages configuration +AWS_S3_HOST = os.environ['S3_HOST'] +AWS_S3_PORT = int(os.environ['S3_PORT']) +AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST'] +AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID'] +AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY'] +AWS_AUTO_CREATE_BUCKET = True +AWS_PRELOAD_METADATA = True + +# Set by custom subclass. +# AWS_STORAGE_BUCKET_NAME = "em-static" +AWS_S3_CALLING_FORMAT = OrdinaryCallingFormat() +DEFAULT_FILE_STORAGE = 'cms.settings.storage.S3MediaStorage' +STATICFILES_STORAGE = 'cms.settings.storage.S3StaticStorage' + +# These seem to have no effect even when we don't override with custom_domain? +STATIC_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, STATIC_BUCKET) +MEDIA_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, MEDIA_BUCKET) + +STATIC_ROOT = os.environ['STATIC_ROOT'] + diff --git a/kubernetes/vvp/charts/vvp-cms-uwsgi/resources/config/cms/gunicorn.ini b/kubernetes/vvp/charts/vvp-cms-uwsgi/resources/config/cms/gunicorn.ini new file mode 100644 index 0000000000..29cca7db93 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-cms-uwsgi/resources/config/cms/gunicorn.ini @@ -0,0 +1,20 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +bind = ":80" +chdir = '/srv' +pidfile = '/tmp/ice-project-master.pid' +backlog = '5000' +errorlog = '-' +loglevel = 'info' diff --git a/kubernetes/vvp/charts/vvp-cms-uwsgi/resources/config/cms/storage.py b/kubernetes/vvp/charts/vvp-cms-uwsgi/resources/config/cms/storage.py new file mode 100644 index 0000000000..0abfae9035 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-cms-uwsgi/resources/config/cms/storage.py @@ -0,0 +1,50 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +storage.py + +In order to make Django store trusted static files and untrusted media +(user-uploaded) files in separate s3 buckets, we must create two different +storage classes. + +https://www.caktusgroup.com/blog/2014/11/10/Using-Amazon-S3-to-store-your-Django-sites-static-and-media-files/ +http://www.leehodgkinson.com/blog/my-mezzanine-s3-setup/ + +""" + +# FIXME this module never changes so might not need not be kept in a +# configmap. Also it is (almost) the same as what we use in em; that does +# not use S3BotoStorageMixin. + +# There is a newer storage based on boto3 but that doesn't support changing +# the HOST, as we need to for non-amazon s3 services. It does support an +# "endpoint"; setting AWS_S3_ENDPOINT_URL may cause it to work. +from storages.backends.s3boto import S3BotoStorage +from filebrowser_safe.storage import S3BotoStorageMixin +from django.conf import settings + + +# NOTE for some reason, collectstatic uploads to bucket/location but the +# urls constructed are domain/location +class S3StaticStorage(S3BotoStorage, S3BotoStorageMixin): + custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.STATIC_BUCKET) + bucket_name = settings.STATIC_BUCKET + # location = ... + + +class S3MediaStorage(S3BotoStorage, S3BotoStorageMixin): + custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.MEDIA_BUCKET) + bucket_name = settings.MEDIA_BUCKET + # location = ... diff --git a/kubernetes/vvp/charts/vvp-cms-uwsgi/templates/configmap.yaml b/kubernetes/vvp/charts/vvp-cms-uwsgi/templates/configmap.yaml new file mode 100644 index 0000000000..d8b2bbbbbc --- /dev/null +++ b/kubernetes/vvp/charts/vvp-cms-uwsgi/templates/configmap.yaml @@ -0,0 +1,37 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-settings + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/cms/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-secret + namespace: {{ include "common.namespace" . }} +type: Opaque +data: + key: "KCtkbV9yaigwMDU9XmV2emVzZDMjeHB5JC0kY15qI2NsemlsYngmXz0wbGg3by0zNCM=" + app_user: "Y21zYXBwdXNlcg==" + app_user_mail: "Y21zYXBwdXNlckBleGFtcGxlLmNvbQ==" + app_user_password: "Y21zYXBwdXNlcnBhc3N3b3Jk" + app_client_id: "RWVCNFhlaW1vb2M2eGllU2VlS2FoOGRhZTFlaXBhZTRvdGFlc2hlZQ==" + app_client_secret: "aGFpTW9vcGllWmVlMXdlaTNsZWY0Z2FleWlhMnZhaHdvaHRoMG1haWQ5aXRoMnBoZWVzaGFpdGh1VG9vcjJKb2hzaGVpNWJhZXk3RWlxdWFldGhlaWI4cXVhaXF1ZWU3cGhpYXRoN2V1YjJhaU5haWMzb3U5dmFpemViZWlGNXU=" + nevercache_key: "YV9qLWc1aCszKW9AMndpYXNtYmcoaHV4cHVqaD05NShwLSR2ejF4aiZ0K20pKy11ODQ=" +--- diff --git a/kubernetes/vvp/charts/vvp-cms-uwsgi/templates/deployment.yaml b/kubernetes/vvp/charts/vvp-cms-uwsgi/templates/deployment.yaml new file mode 100644 index 0000000000..c2408c5824 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-cms-uwsgi/templates/deployment.yaml @@ -0,0 +1,111 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + name: {{ .Release.Name }} + spec: + imagePullSecrets: + - name: onapkey + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort1 }} + - containerPort: {{ .Values.service.internalPort2 }} + env: + - name: ENVIRONMENT + value: "development" + - name: SECRET_KEY + valueFrom: + secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: key} + - name: EMAIL_HOST + value: "localhost" + - name: EMAIL_HOST_USER + value: "example" + - name: EMAIL_PORT + value: "25" + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: {name: email-secret, key: password} + - name: PGHOST + value: vvp-postgres + - name: PGPORT + value: "5432" + - name: PGDATABASE + value: "icecmsdb" + - name: PGUSER + value: "cms_postgresuser" + - name: PGPASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: cmsPassword} + - name: ICE_CONTACT_FROM_ADDRESS + value: "example" + - name: CMS_NEVERCACHE_KEY + valueFrom: + secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: nevercache_key} + - name: CMS_APP_USER + valueFrom: + secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: app_user} + - name: CMS_APP_USER_MAIL + valueFrom: + secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: app_user_mail} + - name: CMS_APP_USER_PASSWORD + valueFrom: + secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: app_user_password} + - name: CMS_APP_CLIENT_ID + valueFrom: + secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: app_client_id} + - name: CMS_APP_CLIENT_SECRET + valueFrom: + secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: app_client_secret} + - name: STATIC_ROOT + value: "/app/htdocs" + - name: DJANGO_DEBUG_MODE + value: "True" + - name: S3_HOST + value: "dev-s3.vvp.example.com" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} + command: ["/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "cms.wsgi:application", ] + volumeMounts: + - name: settings + mountPath: /opt/configmaps/settings/ + - name: site-crt + mountPath: /opt/secrets/site-crt/ + volumes: + - name: settings + configMap: + name: {{ include "common.fullname" . }}-settings + - name: site-crt + secret: + secretName: site-crt diff --git a/kubernetes/vvp/charts/vvp-cms-uwsgi/templates/service.yaml b/kubernetes/vvp/charts/vvp-cms-uwsgi/templates/service.yaml new file mode 100644 index 0000000000..0c6c30da78 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-cms-uwsgi/templates/service.yaml @@ -0,0 +1,28 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.internalPort1 }} + name: {{ .Values.service.portName | default "http" }} + selector: + app: {{ include "common.name" . }} diff --git a/kubernetes/vvp/charts/vvp-cms-uwsgi/values.yaml b/kubernetes/vvp/charts/vvp-cms-uwsgi/values.yaml new file mode 100644 index 0000000000..e57b1730c3 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-cms-uwsgi/values.yaml @@ -0,0 +1,61 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/vvp/cms:1.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + internalPort1: 80 + internalPort2: 9000 + +ingress: + enabled: false diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/Chart.yaml b/kubernetes/vvp/charts/vvp-em-uwsgi/Chart.yaml new file mode 100644 index 0000000000..4393322261 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: backend uwsgi server which hosts django application +name: vvp-em-uwsgi +version: 3.0.0 diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/requirements.yaml b/kubernetes/vvp/charts/vvp-em-uwsgi/requirements.yaml new file mode 100644 index 0000000000..9f44c6df28 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~3.0.0 + repository: '@local' diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/__init__.py b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/__init__.py new file mode 100644 index 0000000000..ed57ca604d --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/__init__.py @@ -0,0 +1,332 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +Django settings for VVP project. + +Environment variables that must exist: + + ENVIRONMENT + SECRET_KEY + SECRET_WEBHOOK_TOKEN + SECRET_GITLAB_AUTH_TOKEN + SECRET_JENKINS_PASSWORD + SECRET_CMS_APP_CLIENT_ID + SECRET_CMS_APP_CLIENT_SECRET + +Environment variables that must exist in production: + + EMAIL_HOST + EMAIL_HOST_PASSWORD + EMAIL_HOST_USER + EMAIL_PORT + +""" + +import os +from vvp.settings.envbool import envbool +from corsheaders.defaults import default_headers +from boto.s3.connection import OrdinaryCallingFormat +import datetime + +# With this file at ice/settings/__init__.py, we need three applications of +# dirname() to find the project root. +import engagementmanager +PROJECT_PATH = os.path.dirname(os.path.dirname(engagementmanager.__file__)) +LOGS_PATH = os.path.join(PROJECT_PATH, "logs") + +ENVIRONMENT = os.environ['ENVIRONMENT'] +PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX'] +SERVICE_PROVIDER = os.environ['SERVICE_PROVIDER'] +PROGRAM_NAME = os.environ['PROGRAM_NAME'] +SERVICE_PROVIDER_DOMAIN = os.environ['SERVICE_PROVIDER_DOMAIN'] + +# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/ +SECRET_KEY = os.environ["SECRET_KEY"] + +# https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts +# Anything in the Host header that does not match our expected domain should +# raise SuspiciousOperation exception. +ALLOWED_HOSTS = ['*'] + +DEBUG = envbool('DJANGO_DEBUG_MODE', False) + +if ENVIRONMENT == 'production': + EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' + EMAIL_HOST = os.environ['EMAIL_HOST'] + EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD'] + EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER'] + EMAIL_PORT = os.environ['EMAIL_PORT'] +else: + EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' + +# Note: Only SSL email backends are allowed +EMAIL_USE_SSL = True + +REST_FRAMEWORK = { + # Use Django's standard `django.contrib.auth` permissions, + # or allow read-only access for unauthenticated users. + 'EXCEPTION_HANDLER': 'engagementmanager.utils.exception_handler.ice_exception_handler', + 'PAGE_SIZE': 10, + 'DEFAULT_PERMISSION_CLASSES': ( + 'rest_framework.permissions.IsAuthenticated', + ), + 'DEFAULT_AUTHENTICATION_CLASSES': ( + 'rest_framework.authentication.SessionAuthentication', + 'rest_framework.authentication.BasicAuthentication', + 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', + ), + 'DEFAULT_PARSER_CLASSES': ( + 'engagementmanager.rest.parsers.XSSJSONParser', + 'engagementmanager.rest.parsers.XSSFormParser', + 'engagementmanager.rest.parsers.XSSMultiPartParser', + ) +} + +JWT_AUTH = { + 'JWT_AUTH_HEADER_PREFIX': 'token', + 'JWT_ALGORITHM': 'HS256', + 'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1), + 'JWT_DECODE_HANDLER': 'engagementmanager.utils.authentication.ice_jwt_decode_handler', +} + +APPEND_SLASH = False + +# Application definition +INSTALLED_APPS = [ + 'django.contrib.auth', # required by d.c.admin + 'corsheaders', + 'django.contrib.contenttypes', # required by d.c.admin + 'django.contrib.sessions', # required by d.c.admin + 'django.contrib.messages', # required by d.c.admin + 'django.contrib.staticfiles', + 'django.contrib.admin', # django admin site + 'rest_framework', + 'engagementmanager.apps.EngagementmanagerConfig', + 'validationmanager.apps.ValidationmanagerConfig', +] + +MIDDLEWARE_CLASSES = [ + 'django.middleware.security.SecurityMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', # required by d.c.admin + 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'corsheaders.middleware.CorsMiddleware', +] + +ROOT_URLCONF = 'vvp.urls' + +TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [PROJECT_PATH + '/web/templates'], + 'APP_DIRS': True, + 'OPTIONS': { + 'context_processors': [ + 'django.template.context_processors.debug', + 'django.template.context_processors.request', + 'django.contrib.auth.context_processors.auth', # required by d.c.admin + 'django.contrib.messages.context_processors.messages', # required by d.c.admin + ], + }, + }, +] + +WSGI_APPLICATION = 'vvp.wsgi.application' + + +# Database +# https://docs.djangoproject.com/en/1.9/ref/settings/#databases +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': os.environ['PGDATABASE'], + 'USER': os.environ['PGUSER'], + 'PASSWORD': os.environ['PGPASSWORD'], + 'HOST': os.environ['PGHOST'], + 'PORT': os.environ['PGPORT'], + } +} + + +# Password validation +# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators +AUTH_PASSWORD_VALIDATORS = [ + {'NAME': 'django.contrib.auth.password_validation.%s' % s} for s in [ + 'UserAttributeSimilarityValidator', + 'MinimumLengthValidator', + 'CommonPasswordValidator', + 'NumericPasswordValidator', + ]] + + +# Internationalization +# https://docs.djangoproject.com/en/1.9/topics/i18n/ +LANGUAGE_CODE = 'en-us' +TIME_ZONE = 'UTC' +USE_I18N = True +USE_L10N = True +USE_TZ = True + +CORS_ALLOW_HEADERS = default_headers + ('ICE-USER-ID',) + +# Static files (CSS, JavaScript, Images) +# https://docs.djangoproject.com/en/1.9/howto/static-files/ +STATIC_ROOT = os.environ['STATIC_ROOT'] + + +LOGGING = { + 'version': 1, + 'disable_existing_loggers': False, + 'formatters': { # All possible attributes are: https://docs.python.org/3/library/logging.html#logrecord-attributes + 'verbose': { + 'format': '%(asctime)s %(levelname)s %(name)s %(module)s %(lineno)d %(process)d %(thread)d %(message)s' + }, + 'simple': { + 'format': '%(asctime)s %(levelname)s %(name)s %(message)s' + }, + }, + 'handlers': { + 'console': { + 'class': 'logging.StreamHandler', + 'formatter': 'simple' + }, + 'vvp-info.log': { + 'level': 'INFO', # handler will ignore DEBUG (only process INFO, WARN, ERROR, CRITICAL, FATAL) + 'class': 'logging.FileHandler', + 'filename': os.path.join(LOGS_PATH, 'vvp-info.log'), + 'formatter': 'verbose' + }, + 'vvp-debug.log': { + 'level': 'DEBUG', + 'class': 'logging.FileHandler', + 'filename': os.path.join(LOGS_PATH, 'vvp-debug.log'), + 'formatter': 'verbose' + }, + 'vvp-requests.log': { + 'level': 'ERROR', + 'class': 'logging.FileHandler', + 'filename': os.path.join(LOGS_PATH, 'vvp-requests.log'), + 'formatter': 'verbose' + }, + 'vvp-db.log': { + 'level': 'ERROR', + 'class': 'logging.FileHandler', + 'filename': os.path.join(LOGS_PATH, 'vvp-db.log'), + 'formatter': 'verbose', + }, + }, + 'loggers': { + 'vvp.logger': { + 'handlers': ['vvp-info.log', 'vvp-debug.log', 'vvp-requests.log', 'vvp-db.log', 'console'], + 'level': 'DEBUG' if DEBUG else 'INFO', + }, + 'django': { + 'handlers': ['console'], + 'level': 'INFO' if DEBUG else 'ERROR', + }, + 'django.request': { + 'handlers': ['vvp-requests.log', 'console'], + 'level': 'INFO' if DEBUG else 'ERROR', + }, + 'django.db.backends': { + 'handlers': ['vvp-db.log', 'console'], + 'level': 'DEBUG' if DEBUG else 'ERROR', + 'propagate': False, + }, + # silence the hundred lines of useless "missing variable in template" + # complaints per admin pageview. + 'django.template': { + 'level': 'DEBUG', + 'handlers': ['vvp-info.log', 'vvp-debug.log', 'console'], + 'propagate': False, + }, + } +} + + +############################# +# VVP Related Configuration +############################# +CONTACT_FROM_ADDRESS = os.getenv('CONTACT_FROM_ADDRESS', 'dummy@example.com') +CONTACT_EMAILS = [s.strip() for s in os.getenv('CONTACT_EMAILS', 'user@example.com').split(',') if s] +DOMAIN = os.getenv('EM_DOMAIN_NAME') +TOKEN_EXPIRATION_IN_HOURS = 48 +DAILY_SCHEDULED_JOB_HOUR = 20 +NUMBER_OF_POLLED_ACTIVITIES = 5 +TEMP_PASSWORD_EXPIRATION_IN_HOURS = 48 +# This is the DNS name pointing to the private-network ip of the host machine +# running (a haproxy that points to) (an nginx frontend for) this app +API_DOMAIN = 'em' + +# The authentication token needed by Jenkins or Gitlab to issue webhook updates +# to us. This is a "secret" shared by Jenkins and Django. It must be part of +# the URL path component for the Jenkins webhook in ValidationManager to accept +# a notification. It should be a set of random URL-path-safe characters, with +# no slash '/'. +# FIXME: Does this authentication scheme actually gain us anything? What's the +# threat model +WEBHOOK_TOKEN = os.environ['SECRET_WEBHOOK_TOKEN'] + +# The authentication token and URL needed for us to issue requests to the GitLab API. +GITLAB_TOKEN = os.environ['SECRET_GITLAB_AUTH_TOKEN'] +GITLAB_URL = "http://vvp-gitlab/" + +JENKINS_URL = "http://vvp-jenkins:8080/" +JENKINS_USERNAME = "admin" +JENKINS_PASSWORD = os.environ['SECRET_JENKINS_PASSWORD'] + +IS_CL_CREATED_ON_REVIEW_STATE = envbool('IS_CL_CREATED_ON_REVIEW_STATE', False) # Options: True, False +IS_SIGNAL_ENABLED = envbool('IS_SIGNAL_ENABLED', True) +RECENT_ENG_TTL = 3 # In days +CMS_URL = "http://vvp-cms-uwsgi/api/" +CMS_APP_CLIENT_ID = os.environ['SECRET_CMS_APP_CLIENT_ID'] +CMS_APP_CLIENT_SECRET = os.environ['SECRET_CMS_APP_CLIENT_SECRET'] + +# slack integration +SLACK_API_TOKEN = os.environ['SLACK_API_TOKEN'] +ENGAGEMENTS_CHANNEL = os.getenv('ENGAGEMENTS_CHANNEL', '') +ENGAGEMENTS_NOTIFICATIONS_CHANNEL = os.getenv('ENGAGEMENTS_NOTIFICATIONS_CHANNEL:', '') +DEVOPS_CHANNEL = os.getenv('DEVOPS_CHANNEL', '') +DEVOPS_NOTIFICATIONS_CHANNEL = os.getenv('DEVOPS_NOTIFICATIONS_CHANNEL', '') + +# S3 configuration for static resources storage and media upload + +# used by our custom storage.py +MEDIA_BUCKET = "em-media" +STATIC_BUCKET = "em-static" + +# django-storages configuration +AWS_S3_HOST = os.environ['S3_HOST'] +AWS_S3_PORT = int(os.environ['S3_PORT']) +AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST'] +AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID'] +AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY'] +AWS_AUTO_CREATE_BUCKET = True +AWS_PRELOAD_METADATA = True + +# Set by custom subclass. +# AWS_STORAGE_BUCKET_NAME = "em-static" +AWS_S3_CALLING_FORMAT = OrdinaryCallingFormat() +DEFAULT_FILE_STORAGE = 'vvp.settings.storage.S3MediaStorage' +STATICFILES_STORAGE = 'vvp.settings.storage.S3StaticStorage' + +# These seem to have no effect even when we don't override with custom_domain? +STATIC_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, STATIC_BUCKET) +MEDIA_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, MEDIA_BUCKET) + +STATIC_ROOT = os.environ['STATIC_ROOT'] diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/envbool.py b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/envbool.py new file mode 100644 index 0000000000..31f4385d16 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/envbool.py @@ -0,0 +1,44 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +envbool.py + +Return which environment is currently running on (to setting.py). + +""" +import os + + +def envbool(key, default=False, unknown=True): + """Return a boolean value based on that of an environment variable. + + Environment variables have no native boolean type. They are always strings, and may be empty or + unset (which differs from empty.) Furthermore, notions of what is "truthy" in shell script + differ from that of python. + + This function converts environment variables to python boolean True or False in + case-insensitive, expected ways to avoid pitfalls: + + "True", "true", and "1" become True + "False", "false", and "0" become False + unset or empty becomes False by default (toggle with 'default' parameter.) + any other value becomes True by default (toggle with 'unknown' parameter.) + + """ + return { + 'true': True, '1': True, # 't': True, + 'false': False, '0': False, # 'f': False. + '': default, + }.get(os.getenv(key, '').lower(), unknown) diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/gunicorn.ini b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/gunicorn.ini new file mode 100644 index 0000000000..29cca7db93 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/gunicorn.ini @@ -0,0 +1,20 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +bind = ":80" +chdir = '/srv' +pidfile = '/tmp/ice-project-master.pid' +backlog = '5000' +errorlog = '-' +loglevel = 'info' diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/storage.py b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/storage.py new file mode 100644 index 0000000000..c76046a329 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/storage.py @@ -0,0 +1,48 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +storage.py + +In order to make Django store trusted static files and untrusted media +(user-uploaded) files in separate s3 buckets, we must create two different +storage classes. + +https://www.caktusgroup.com/blog/2014/11/10/Using-Amazon-S3-to-store-your-Django-sites-static-and-media-files/ +http://www.leehodgkinson.com/blog/my-mezzanine-s3-setup/ + +""" + +# FIXME this module never changes so might not need not be kept in a +# configmap. Also it is (almost) the same as what we use in cms. + +# There is a newer storage based on boto3 but that doesn't support changing +# the HOST, as we need to for non-amazon s3 services. It does support an +# "endpoint"; setting AWS_S3_ENDPOINT_URL may cause it to work. +from storages.backends.s3boto import S3BotoStorage +from django.conf import settings + + +# NOTE for some reason, collectstatic uploads to bucket/location but the +# urls constructed are domain/location +class S3StaticStorage(S3BotoStorage): + custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.STATIC_BUCKET) + bucket_name = settings.STATIC_BUCKET + # location = ... + + +class S3MediaStorage(S3BotoStorage): + custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.MEDIA_BUCKET) + bucket_name = settings.MEDIA_BUCKET + # location = ... diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/templates/configmap.yaml b/kubernetes/vvp/charts/vvp-em-uwsgi/templates/configmap.yaml new file mode 100644 index 0000000000..1163973c28 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/templates/configmap.yaml @@ -0,0 +1,21 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-settings + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/em/*").AsConfig . | indent 2 }} diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/templates/deployment.yaml b/kubernetes/vvp/charts/vvp-em-uwsgi/templates/deployment.yaml new file mode 100644 index 0000000000..1d08f76ed8 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/templates/deployment.yaml @@ -0,0 +1,133 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + name: {{ .Release.Name }} + spec: + imagePullSecrets: + - name: onapkey + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + ports: + - containerPort: 80 + - containerPort: 9000 + volumeMounts: + - name: em-settings + mountPath: /opt/configmaps/settings/ + - name: site-crt + mountPath: /opt/secrets/site-crt/ + env: + - name: ENVIRONMENT + value: "development" + - name: PROGRAM_NAME_URL_PREFIX + value: "vvp" + - name: SERVICE_PROVIDER + value: "NA" + - name: PROGRAM_NAME + value: "VVP" + - name: SERVICE_PROVIDER_DOMAIN + value: "na.com" + - name: SECRET_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: key} + - name: EMAIL_HOST + value: "localhost" + - name: EMAIL_HOST_USER + value: "example" + - name: EMAIL_PORT + value: "25" + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: {name: email-secret, key: password} + - name: PGHOST + value: vvp-postgres + - name: PGPORT + value: "5432" + - name: PGDATABASE + value: icedb + - name: PGUSER + value: "em_postgresuser" + - name: PGPASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: emPassword} + - name: DOMAIN + value: https://development.vvp.example.com + - name: ICE_EM_DOMAIN_NAME + value: https://development.vvp.example.com + - name: CONTACT_FROM_ADDRESS + value: "example" + - name: OAUTHLIB_INSECURE_TRANSPORT + value: "1" + - name: SECRET_WEBHOOK_TOKEN + valueFrom: + secretKeyRef: {name: em-secret, key: em_webhook_token} + - name: SECRET_GITLAB_AUTH_TOKEN + valueFrom: + secretKeyRef: {name: gitlab-password, key: auth-token} + - name: SECRET_JENKINS_PASSWORD + valueFrom: + secretKeyRef: {name: em-secret, key: jenkins_admin_password} + - name: SECRET_CMS_APP_CLIENT_ID + valueFrom: + secretKeyRef: {name: em-secret, key: cms_app_client_id} + - name: SECRET_CMS_APP_CLIENT_SECRET + valueFrom: + secretKeyRef: {name: em-secret, key: cms_app_client_secret} + - name: STATIC_ROOT + value: "/app/htdocs" + - name: DJANGO_DEBUG_MODE + value: "True" + - name: SLACK_API_TOKEN + valueFrom: + secretKeyRef: {name: em-secret, key: slack_api_token} + - name: ENGAGEMENTS_CHANNEL + value: "" + - name: ENGAGEMENTS_NOTIFICATIONS_CHANNEL + value: "" + - name: DEVOPS_CHANNEL + value: "" + - name: DEVOPS_NOTIFICATIONS_CHANNEL + value: "" + - name: S3_HOST + value: "dev-s3.vvp.example.com" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} + command: ["/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "vvp.wsgi:application", ] + volumes: + - name: site-crt + secret: + secretName: site-crt + - name: em-settings + configMap: + name: {{ include "common.fullname" . }}-settings diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/templates/service.yaml b/kubernetes/vvp/charts/vvp-em-uwsgi/templates/service.yaml new file mode 100644 index 0000000000..a4260013a4 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/templates/service.yaml @@ -0,0 +1,28 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName | default "http" }} + selector: + app: {{ include "common.name" . }} diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/values.yaml b/kubernetes/vvp/charts/vvp-em-uwsgi/values.yaml new file mode 100644 index 0000000000..a96ca26119 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/values.yaml @@ -0,0 +1,61 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/vvp/engagementmgr:1.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + internalPort: 80 + portName: em + +ingress: + enabled: false diff --git a/kubernetes/vvp/charts/vvp-ext-haproxy/Chart.yaml b/kubernetes/vvp/charts/vvp-ext-haproxy/Chart.yaml new file mode 100644 index 0000000000..721912d3c9 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ext-haproxy/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: load balancer for external transport +name: vvp-ext-haproxy +version: 3.0.0 diff --git a/kubernetes/vvp/charts/vvp-ext-haproxy/resources/config/ext-haproxy-cfg/file b/kubernetes/vvp/charts/vvp-ext-haproxy/resources/config/ext-haproxy-cfg/file new file mode 100644 index 0000000000..ca7b40a7bc --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ext-haproxy/resources/config/ext-haproxy-cfg/file @@ -0,0 +1,79 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resolvers dns + nameserver pod_dns "10.3.0.10:53" + resolve_retries 3 + timeout retry 1s + hold valid 30s + +defaults + mode http + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + option httpclose + option redispatch + option abortonclose + option httplog + option dontlognull + default-server init-addr last,libc,none + +backend gitlab_ssh + mode tcp + option tcplog + timeout server 2h + server gitlabssh vvp-gitlab:22 resolvers dns + +frontend gitlab_ssh_frontend + mode tcp + option tcplog + timeout client 2h + bind 0.0.0.0:22 + acl is_ssh dst_port 22 + use_backend gitlab_ssh if is_ssh + +backend portal_backend + mode http + server ice_portal vvp:8181 resolvers dns + +backend api + mode http + server engagement_manager vvp-em-uwsgi:80 resolvers dns + +backend s3 + mode http + balance roundrobin + option httpchk HEAD / + server ceph-01 10.252.0.21:8080 check inter 10000ms + +frontend portal + mode http + acl is_api_call path_beg -i /vvp + acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3. + use_backend api if is_api_call + use_backend s3 if is_s3 + bind 0.0.0.0:80 + bind 0.0.0.0:443 ssl crt /etc/haproxy/site.pem force-tlsv12 + default_backend portal_backend + +listen stats + bind 0.0.0.0:9001 + mode http + stats enable # Enable stats page + stats realm Haproxy\ Statistics + stats uri /haproxy_stats + stats auth "${HAPROXY_USER}:${HAPROXY_PASS}" + acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16 + http-request deny if !network_allowed diff --git a/kubernetes/vvp/charts/vvp-ext-haproxy/templates/configmap.yaml b/kubernetes/vvp/charts/vvp-ext-haproxy/templates/configmap.yaml new file mode 100644 index 0000000000..0bb0e264cb --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ext-haproxy/templates/configmap.yaml @@ -0,0 +1,21 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-cfg + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/ext-haproxy-cfg/*").AsConfig . | indent 2 }} diff --git a/kubernetes/vvp/charts/vvp-ext-haproxy/templates/deployment.yaml b/kubernetes/vvp/charts/vvp-ext-haproxy/templates/deployment.yaml new file mode 100644 index 0000000000..afe8c75425 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ext-haproxy/templates/deployment.yaml @@ -0,0 +1,66 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + name: {{ .Release.Name }} + spec: + imagePullSecrets: + - name: onapkey + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + ports: + - containerPort: 80 + - containerPort: 22 + - containerPort: 443 + - containerPort: 9001 + env: + - name: HAPROXY_USER + valueFrom: + secretKeyRef: + name: haproxy-auth + key: user + - name: HAPROXY_PASS + valueFrom: + secretKeyRef: + name: haproxy-auth + key: pass + volumeMounts: + - mountPath: /usr/local/etc/haproxy/ + name: ext-haproxy-cfg + - mountPath: /etc/haproxy/ + name: site-pem + volumes: + - name: ext-haproxy-cfg + configMap: + name: {{ include "common.fullname" . }}-cfg + items: + - key: file + path: haproxy.cfg + - name: site-pem + secret: + secretName: site-pem diff --git a/kubernetes/vvp/charts/vvp-ext-haproxy/templates/service.yaml b/kubernetes/vvp/charts/vvp-ext-haproxy/templates/service.yaml new file mode 100644 index 0000000000..bcc41c1671 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ext-haproxy/templates/service.yaml @@ -0,0 +1,34 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.internalPort1 }} + name: {{ .Values.service.portName1 }} + - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + - port: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.portName3 }} + - port: {{ .Values.service.internalPort4 }} + name: {{ .Values.service.portName4 }} + selector: + app: {{ include "common.name" . }} diff --git a/kubernetes/vvp/charts/vvp-ext-haproxy/values.yaml b/kubernetes/vvp/charts/vvp-ext-haproxy/values.yaml new file mode 100644 index 0000000000..88b32d7d77 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-ext-haproxy/values.yaml @@ -0,0 +1,63 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repository: nexus3.onap.org:10001 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: docker.io +image: haproxy:1.7.2-alpine +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + portName1: web + internalPort1: 80 + portName2: ssl + internalPort2: 443 + portName3: ssh + internalPort3: 22 + portName4: stats + internalPort4: 9000 + +ingress: + enabled: false diff --git a/kubernetes/vvp/charts/vvp-gitlab/Chart.yaml b/kubernetes/vvp/charts/vvp-gitlab/Chart.yaml new file mode 100644 index 0000000000..4598d6754a --- /dev/null +++ b/kubernetes/vvp/charts/vvp-gitlab/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: holds all customers files in repos +name: vvp-gitlab +version: 3.0.0 diff --git a/kubernetes/vvp/charts/vvp-gitlab/templates/configmap.yaml b/kubernetes/vvp/charts/vvp-gitlab/templates/configmap.yaml new file mode 100644 index 0000000000..821b5b7dc9 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-gitlab/templates/configmap.yaml @@ -0,0 +1,32 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: gitlab-password + namespace: {{ include "common.namespace" . }} +type: Opaque +data: + password: "YW82aWo2d29oV2VpcXU0ZQ==" + auth-token: "amFkdTZ5b2hqYWl5OFdvYjBJZUs=" +--- +kind: Secret +apiVersion: v1 +metadata: + name: jenkins-deploykey + namespace: {{ include "common.namespace" . }} +type: Opaque +data: + deploykey.pub: "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUlQWFNQT2ppSkYvWEdicmNpVXNja1hMbFA0Q0ZHNS9POHErQ0xRZW1CTlE=" diff --git a/kubernetes/vvp/charts/vvp-gitlab/templates/deployment.yaml b/kubernetes/vvp/charts/vvp-gitlab/templates/deployment.yaml new file mode 100644 index 0000000000..09ffaac224 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-gitlab/templates/deployment.yaml @@ -0,0 +1,71 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + name: {{ .Release.Name }} + spec: + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort1 }} + - containerPort: {{ .Values.service.internalPort2 }} + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/opt/gitlab + name: gitlab + subPath: var/opt/gitlab + - mountPath: /etc/gitlab + name: gitlab + subPath: etc/gitlab + - mountPath: /var/log/gitlab + name: gitlab + subPath: var/log/gitlab + - mountPath: /tmp/deploykey + name: jenkins-deploykey + env: + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: gitlab-password + key: password + - name: AUTHENTICATION_TOKEN + valueFrom: + secretKeyRef: + name: gitlab-password + key: auth-token + - name: EXTERNAL_URL + value: "http://vvp-gitlab" + volumes: + - name: gitlab + emptyDir: {} + - name: jenkins-deploykey + secret: + secretName: jenkins-deploykey + imagePullSecrets: + - name: onapkey diff --git a/kubernetes/vvp/charts/vvp-gitlab/templates/service.yaml b/kubernetes/vvp/charts/vvp-gitlab/templates/service.yaml new file mode 100644 index 0000000000..dd4a9cd33b --- /dev/null +++ b/kubernetes/vvp/charts/vvp-gitlab/templates/service.yaml @@ -0,0 +1,30 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.internalPort1 }} + name: {{ .Values.service.portName1 }} + - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + selector: + app: {{ include "common.name" . }} diff --git a/kubernetes/vvp/charts/vvp-gitlab/values.yaml b/kubernetes/vvp/charts/vvp-gitlab/values.yaml new file mode 100644 index 0000000000..4855c8873e --- /dev/null +++ b/kubernetes/vvp/charts/vvp-gitlab/values.yaml @@ -0,0 +1,63 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/vvp/gitlab:1.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + internalPort1: 80 + internalPort2: 22 + portName1: web + portName2: ssh + +ingress: + enabled: false diff --git a/kubernetes/vvp/charts/vvp-imagescanner/Chart.yaml b/kubernetes/vvp/charts/vvp-imagescanner/Chart.yaml new file mode 100644 index 0000000000..f0b00dcf98 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-imagescanner/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: scan for validity and viruses on users files +name: vvp-imagescanner +version: 3.0.0 diff --git a/kubernetes/vvp/charts/vvp-imagescanner/requirements.yaml b/kubernetes/vvp/charts/vvp-imagescanner/requirements.yaml new file mode 100644 index 0000000000..9f44c6df28 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-imagescanner/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~3.0.0 + repository: '@local' diff --git a/kubernetes/vvp/charts/vvp-imagescanner/resources/config/imagescanner/imagescannerconfig.py b/kubernetes/vvp/charts/vvp-imagescanner/resources/config/imagescanner/imagescannerconfig.py new file mode 100644 index 0000000000..1777b13ae0 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-imagescanner/resources/config/imagescanner/imagescannerconfig.py @@ -0,0 +1,34 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import os +from pathlib import Path +from awsauth import S3Auth +# A mapping from host names to Requests Authentication Objects; see +# http://docs.python-requests.org/en/master/user/authentication/ +AUTHS = {} +if 'S3_HOST' in os.environ: + AUTHS[os.environ['S3_HOST']] = S3Auth( + os.environ['AWS_ACCESS_KEY_ID'], + os.environ['AWS_SECRET_ACCESS_KEY'], + service_url='https://%s/' % os.environ['S3_HOST'] + ) +LOGS_PATH = Path(os.environ['IMAGESCANNER_LOGS_PATH']) +STATUSFILE = LOGS_PATH/'status.txt' +# A dict passed as kwargs to jenkins.Jenkins constructor. +JENKINS = { + 'url': 'http://jenkins:8080', + 'username': 'admin', + 'password': os.environ['SECRET_JENKINS_PASSWORD'], + } diff --git a/kubernetes/vvp/charts/vvp-imagescanner/templates/configmap.yaml b/kubernetes/vvp/charts/vvp-imagescanner/templates/configmap.yaml new file mode 100644 index 0000000000..59d60666ef --- /dev/null +++ b/kubernetes/vvp/charts/vvp-imagescanner/templates/configmap.yaml @@ -0,0 +1,91 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: imagescanner-settings + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/imagescanner/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: slack-tokens + namespace: {{ include "common.namespace" . }} +type: Opaque +data: + notifications: "" +--- +kind: Secret +apiVersion: v1 +metadata: + name: imagescanner-ssh + namespace: {{ include "common.namespace" . }} +type: Opaque +data: + # FIXME the imagescanner really should have its own private key, but then we + # have to adjust the gitlab wrapper script to set two public keys as + # deploykeys. + id_ed25519: "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNDRDEwanpvNGlSZjF4bTYzSWxMSEpGeTVUK0FoUnVmenZLdmdpMEhwZ1RVQUFBQUpqV3dKZDkxc0NYCmZRQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDQ0QxMGp6bzRpUmYxeG02M0lsTEhKRnk1VCtBaFJ1Znp2S3ZnaTBIcGdUVUEKQUFBRUFXRktNV0xsNkZnRUJ1Zzk3MSthdE5ZQnQ4R2R1V3pDWWd0L2o5VHU0U2g0UFhTUE9qaUpGL1hHYnJjaVVzY2tYTApsUDRDRkc1L084cStDTFFlbUJOUUFBQUFFM0JoZFd4QVVHRjFiQ2R6SUUxaFl5QlFjbThCQWc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K" +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: site-certificate + namespace: {{ include "common.namespace" . }} +data: + site.crt: | + -----BEGIN CERTIFICATE----- + MIIDEDCCAfgCCQDhahVKE9/eUjANBgkqhkiG9w0BAQsFADBKMRAwDgYDVQQKDAdF + eGFtcGxlMRAwDgYDVQQLDAdleGFtcGxlMSQwIgYDVQQDDBtkZXZlbG9wbWVudC52 + dnAuZXhhbXBsZS5jb20wHhcNMTcxMjI0MTUzOTA3WhcNMTgxMjI0MTUzOTA3WjBK + MRAwDgYDVQQKDAdFeGFtcGxlMRAwDgYDVQQLDAdleGFtcGxlMSQwIgYDVQQDDBtk + ZXZlbG9wbWVudC52dnAuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQCkvNGXe+bdvL2kvrP2L3WABt2WCFoZ2Pn8Px0eEsRiJHVD0eWz + rgJYHFJu0C0cK9NYSKxVVI8LnKH7Ny5MFfM4Tqyr3UEOLs+fSwaAqM5tSyZU/tEK + ractA7bi9fDk2lkcs+LLuZMqGPZ37UZcZwsUQ0BONHP668LqkWqT9hNLIN4ejInr + 32WA3Y7hPNd8Cj+AaLt1x2cXYzi9hrE5l3h9ofkOpXsgDzeIHlp4jJ6kXXQf8UM5 + 1viqa2CWXHBHEG+5eftLSaeE6LAlNt5IJ6LcWEZgNtXr2es4LJC3FjXrv0gc04Cp + U2OfizpbhT11cLGaeXOq1cUCXNIb4FcJApoXAgMBAAEwDQYJKoZIhvcNAQELBQAD + ggEBAFGPDG9iurAhUKbFkY97xLA443U01bdwi7eAT5T9qo/RzOwcbuKWXVm1k5HK + CQO81nlLqLQwhI1+uTTmR41epuJxyGIaDgUySB+8fLzyRSIFaxKD+UeVPgipDNZs + h0sKSKrO6MoWzMLUYvdZRw6VIc+UpSCqPY+FKUBUHZtMpSFLnhHjRvVkiP4VvFXj + b7jQzHughzeITygws42fKK/MK7wQ6byaMVRbPbQKPAXNxd/UrSPeX+RzKRWOZ6R8 + Ulyp7dezXCP77UaTZTsxwlurPQIZNMshDxE/SbWt0Q1g28rj5KfAjoZs5Tg/gmQ8 + LLKI/b1OvKohaANGZ6We5U+ceeU= + -----END CERTIFICATE----- + wrapper.sh: | + #!/bin/sh + # This script is meant to be used as a wrapper, so that it can be easily + # used with docker or kubernetes' container command specification. + # + # Kubernetes' volumeMount creates symlinks for configMapped files at the + # target directory. + # Alpine's update-ca-certificates ignores symlinks. + # So we must contrive to copy the contents of the mounted cert (a symlink) + # into place as a normal file. + dev_cert="${0%/*}/site.crt" + echo >&2 "$0: Checking for site CA certificate at $dev_cert..." + if [ -s "$dev_cert" ]; then + echo >&2 "$0: Updating container CA certificate bundle with site certificate..." + cp -L "$dev_cert" /usr/local/share/ca-certificates/ + update-ca-certificates + else + echo >&2 "$0: No site CA certificate found." + fi + echo >&2 "$0: Launching command: $@" + exec "$@" + diff --git a/kubernetes/vvp/charts/vvp-imagescanner/templates/deployment.yaml b/kubernetes/vvp/charts/vvp-imagescanner/templates/deployment.yaml new file mode 100644 index 0000000000..d01a7d6960 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-imagescanner/templates/deployment.yaml @@ -0,0 +1,123 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + name: {{ .Release.Name }} + spec: + imagePullSecrets: + - name: onapkey + containers: + - name: imagescanner-worker + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + command: + - "sh" + - "/opt/site-certificate/wrapper.sh" + - "/usr/local/bin/imagescanner-worker" + securityContext: + privileged: true + volumeMounts: + - name: imagescanner-ssh + mountPath: /root/.ssh + - name: dev + mountPath: /dev + - name: logs + mountPath: /var/log/imagescanner + - name: imagescanner-settings + mountPath: /opt/imagescanner-settings + - name: site-certificate + mountPath: /opt/site-certificate + env: + - name: PYTHONPATH + value: /opt/imagescanner-settings + - name: S3_HOST + value: "dev-s3.vvp.example.com" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} + - name: SECRET_JENKINS_PASSWORD + value: '' + - name: REQUESTS_CA_BUNDLE + value: /etc/ssl/certs/ca-certificates.crt + + - name: notifications-worker + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + command: ["/usr/local/bin/notifications-worker"] + securityContext: + privileged: true + env: + - name: SLACK_TOKEN + valueFrom: + secretKeyRef: {name: slack-tokens, key: notifications} + - name: DOMAIN + value: "dev-em.vvp.example.com" + - name: PYTHONPATH + value: /opt/imagescanner-settings + - name: SECRET_JENKINS_PASSWORD + valueFrom: + secretKeyRef: {name: em-secret, key: jenkins_admin_password} + volumeMounts: + - name: imagescanner-settings + mountPath: /opt/imagescanner-settings + + - name: imagescanner-frontend + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + command: ["/usr/local/bin/imagescanner-frontend"] + securityContext: + privileged: true + ports: + - containerPort: 80 + volumeMounts: + - name: logs + mountPath: /var/log/imagescanner + - name: imagescanner-settings + mountPath: /opt/imagescanner-settings + env: + - name: DEFAULT_SLACK_CHANNEL + value: "#notifications" + - name: SECRET_JENKINS_PASSWORD + value: '' + + volumes: + - name: imagescanner-ssh + secret: + secretName: imagescanner-ssh + defaultMode: 0600 + - name: dev + hostPath: + path: /dev + - name: logs + emptyDir: {} + - name: imagescanner-settings + configMap: + name: imagescanner-settings + - name: site-certificate + configMap: + name: site-certificate diff --git a/kubernetes/vvp/charts/vvp-imagescanner/templates/service.yaml b/kubernetes/vvp/charts/vvp-imagescanner/templates/service.yaml new file mode 100644 index 0000000000..a4260013a4 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-imagescanner/templates/service.yaml @@ -0,0 +1,28 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName | default "http" }} + selector: + app: {{ include "common.name" . }} diff --git a/kubernetes/vvp/charts/vvp-imagescanner/values.yaml b/kubernetes/vvp/charts/vvp-imagescanner/values.yaml new file mode 100644 index 0000000000..ed62413c4f --- /dev/null +++ b/kubernetes/vvp/charts/vvp-imagescanner/values.yaml @@ -0,0 +1,61 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/vvp/image-scanner:1.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + internalPort: 80 + portName: web + +ingress: + enabled: false diff --git a/kubernetes/vvp/charts/vvp-int-haproxy/Chart.yaml b/kubernetes/vvp/charts/vvp-int-haproxy/Chart.yaml new file mode 100644 index 0000000000..b2a1de80ad --- /dev/null +++ b/kubernetes/vvp/charts/vvp-int-haproxy/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: load balancer for internal (container to container) transport +name: vvp-int-haproxy +version: 3.0.0 diff --git a/kubernetes/vvp/charts/vvp-int-haproxy/resources/config/int-haproxy-cfg/file b/kubernetes/vvp/charts/vvp-int-haproxy/resources/config/int-haproxy-cfg/file new file mode 100644 index 0000000000..d497ba48b6 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-int-haproxy/resources/config/int-haproxy-cfg/file @@ -0,0 +1,88 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resolvers dns + nameserver pod_dns "10.3.0.10:53" + resolve_retries 3 + timeout retry 1s + hold valid 30s + +defaults + mode http + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + option httpclose + option redispatch + option abortonclose + option httplog + option dontlognull + default-server init-addr last,libc,none + +backend gitlab_web_backend + mode http + server gitlab_web_1 vvp-gitlab:80 resolvers dns + +frontend gitlab_web + mode http + bind 0.0.0.0:80 + + acl is_scanner path_beg /imagescanner + acl is_em_admin hdr_beg(host) em. staging-em. dev-em. + acl is_cms hdr_beg(host) cms. staging-cms. dev-cms. + acl is_ci_admin hdr_beg(host) staging-ci. dev-ci. + acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3. + + use_backend imagescanner if is_em_admin is_scanner + use_backend cms if is_cms + use_backend api if is_em_admin + use_backend ci if is_ci_admin + use_backend s3 if is_s3 + + default_backend gitlab_web_backend + +backend s3 + mode http + balance roundrobin + server ceph-01 10.252.0.21:8080 + +backend cms + mode http + server cms_server vvp-cms-uwsgi:80 resolvers dns + +backend api + mode http + server engagement_manager vvp-em-uwsgi:80 resolvers dns + +backend ci + mode http + server ci_test vvp-ci-uwsgi:8282 resolvers dns + +listen jenkins + bind 0.0.0.0:8080 + server jenkins vvp-jenkins:8080 resolvers dns + +backend imagescanner + mode http + server imagescanner vvp-imagescanner:80 resolvers dns + +listen stats + bind 0.0.0.0:9000 + mode http + stats enable # Enable stats page + stats realm Haproxy\ Statistics + stats uri /haproxy_stats + stats auth "${HAPROXY_USER}:${HAPROXY_PASS}" + acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16 + block if !network_allowed diff --git a/kubernetes/vvp/charts/vvp-int-haproxy/templates/configmap.yaml b/kubernetes/vvp/charts/vvp-int-haproxy/templates/configmap.yaml new file mode 100644 index 0000000000..255f8f9e78 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-int-haproxy/templates/configmap.yaml @@ -0,0 +1,21 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-cfg + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/int-haproxy-cfg/*").AsConfig . | indent 2 }} diff --git a/kubernetes/vvp/charts/vvp-int-haproxy/templates/deployment.yaml b/kubernetes/vvp/charts/vvp-int-haproxy/templates/deployment.yaml new file mode 100644 index 0000000000..4344df3ab2 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-int-haproxy/templates/deployment.yaml @@ -0,0 +1,60 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + name: {{ .Release.Name }} + spec: + imagePullSecrets: + - name: onapkey + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + ports: + - containerPort: 80 + - containerPort: 8080 + - containerPort: 9000 + env: + - name: HAPROXY_USER + valueFrom: + secretKeyRef: + name: haproxy-auth + key: user + - name: HAPROXY_PASS + valueFrom: + secretKeyRef: + name: haproxy-auth + key: pass + volumeMounts: + - mountPath: /usr/local/etc/haproxy/ + name: int-haproxy-cfg + volumes: + - name: int-haproxy-cfg + configMap: + name: {{ include "common.fullname" . }}-cfg + items: + - key: file + path: haproxy.cfg diff --git a/kubernetes/vvp/charts/vvp-int-haproxy/templates/service.yaml b/kubernetes/vvp/charts/vvp-int-haproxy/templates/service.yaml new file mode 100644 index 0000000000..1f8fa2cd64 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-int-haproxy/templates/service.yaml @@ -0,0 +1,32 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.internalPort1 }} + name: {{ .Values.service.portName1 }} + - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + - port: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.portName3 }} + selector: + app: {{ include "common.name" . }} diff --git a/kubernetes/vvp/charts/vvp-int-haproxy/values.yaml b/kubernetes/vvp/charts/vvp-int-haproxy/values.yaml new file mode 100644 index 0000000000..8a304b4cf5 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-int-haproxy/values.yaml @@ -0,0 +1,61 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repository: nexus3.onap.org:10001 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: docker.io +image: haproxy:1.7.2-alpine +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + portName1: web + internalPort1: 80 + portName2: jenkins + internalPort2: 8080 + portName3: stats + internalPort3: 9000 + +ingress: + enabled: false diff --git a/kubernetes/vvp/charts/vvp-jenkins/Chart.yaml b/kubernetes/vvp/charts/vvp-jenkins/Chart.yaml new file mode 100644 index 0000000000..190312fcb0 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-jenkins/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: run validation tasks +name: vvp-jenkins +version: 3.0.0 diff --git a/kubernetes/vvp/charts/vvp-jenkins/requirements.yaml b/kubernetes/vvp/charts/vvp-jenkins/requirements.yaml new file mode 100644 index 0000000000..9f44c6df28 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-jenkins/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~3.0.0 + repository: '@local' diff --git a/kubernetes/vvp/charts/vvp-jenkins/templates/configmap.yaml b/kubernetes/vvp/charts/vvp-jenkins/templates/configmap.yaml new file mode 100644 index 0000000000..ba58c32eab --- /dev/null +++ b/kubernetes/vvp/charts/vvp-jenkins/templates/configmap.yaml @@ -0,0 +1,34 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Secret +apiVersion: v1 +metadata: + name: jenkins-users-admin + namespace: {{ include "common.namespace" . }} +type: Opaque +data: + config.xml: "PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnPz4KPHVzZXI+CiAgPGZ1bGxOYW1lPmFkbWluPC9mdWxsTmFtZT4KICA8ZGVzY3JpcHRpb24+PC9kZXNjcmlwdGlvbj4KICA8cHJvcGVydGllcz4KICAgIDxodWRzb24uc2VjdXJpdHkuSHVkc29uUHJpdmF0ZVNlY3VyaXR5UmVhbG1fLURldGFpbHM+CiAgICAgIDxwYXNzd29yZEhhc2g+I2piY3J5cHQ6JDJhJDEwJERyaXVLdThPcTdpaWhtdi80bzlKOHV6cmg2QlVBaUtuejMuM21EMXBDb2dzUHJnOW42M1pXPC9wYXNzd29yZEhhc2g+CiAgICA8L2h1ZHNvbi5zZWN1cml0eS5IdWRzb25Qcml2YXRlU2VjdXJpdHlSZWFsbV8tRGV0YWlscz4KICA8L3Byb3BlcnRpZXM+CjwvdXNlcj4K" +--- +kind: Secret +apiVersion: v1 +metadata: + name: jenkins-ssh + namespace: {{ include "common.namespace" . }} +type: Opaque +data: + # .ssh/config isn't really a secret, but it's the easiest way to get it into + # the same directory as the key + config: "SG9zdCAqClVzZXJLbm93bkhvc3RzRmlsZSAvZGV2L251bGwKU3RyaWN0SG9zdEtleUNoZWNraW5nIG5vCklkZW50aXR5RmlsZSAiL3Zhci9qZW5raW5zX2hvbWUvLnNzaC9pZF9lZDI1NTE5Igo=" + id_ed25519: "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNDRDEwanpvNGlSZjF4bTYzSWxMSEpGeTVUK0FoUnVmenZLdmdpMEhwZ1RVQUFBQUpqV3dKZDkxc0NYCmZRQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDQ0QxMGp6bzRpUmYxeG02M0lsTEhKRnk1VCtBaFJ1Znp2S3ZnaTBIcGdUVUEKQUFBRUFXRktNV0xsNkZnRUJ1Zzk3MSthdE5ZQnQ4R2R1V3pDWWd0L2o5VHU0U2g0UFhTUE9qaUpGL1hHYnJjaVVzY2tYTApsUDRDRkc1L084cStDTFFlbUJOUUFBQUFFM0JoZFd4QVVHRjFiQ2R6SUUxaFl5QlFjbThCQWc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K" diff --git a/kubernetes/vvp/charts/vvp-jenkins/templates/deployment.yaml b/kubernetes/vvp/charts/vvp-jenkins/templates/deployment.yaml new file mode 100644 index 0000000000..def0c03c15 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-jenkins/templates/deployment.yaml @@ -0,0 +1,55 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + name: {{ .Release.Name }} + spec: + imagePullSecrets: + - name: onapkey + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + ports: + ports: + - containerPort: 8080 + volumeMounts: + - name: jenkins-home + mountPath: /var/jenkins_home + - name: jenkins-users-admin + mountPath: /var/jenkins_home/users/admin + - name: jenkins-ssh + mountPath: /var/jenkins_home/.ssh + volumes: + - name: jenkins-home + emptyDir: {} + - name: jenkins-users-admin + secret: + secretName: jenkins-users-admin + - name: jenkins-ssh + secret: + secretName: jenkins-ssh + diff --git a/kubernetes/vvp/charts/vvp-jenkins/templates/service.yaml b/kubernetes/vvp/charts/vvp-jenkins/templates/service.yaml new file mode 100644 index 0000000000..a4260013a4 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-jenkins/templates/service.yaml @@ -0,0 +1,28 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName | default "http" }} + selector: + app: {{ include "common.name" . }} diff --git a/kubernetes/vvp/charts/vvp-jenkins/values.yaml b/kubernetes/vvp/charts/vvp-jenkins/values.yaml new file mode 100644 index 0000000000..083f88a663 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-jenkins/values.yaml @@ -0,0 +1,61 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/vvp/jenkins:1.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + internalPort: 8080 + portName: jenkins + +ingress: + enabled: false diff --git a/kubernetes/vvp/charts/vvp-postgres/Chart.yaml b/kubernetes/vvp/charts/vvp-postgres/Chart.yaml new file mode 100644 index 0000000000..3f4811b7c4 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-postgres/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: store all data of engagement manager +name: vvp-postgres +version: 3.0.0 diff --git a/kubernetes/vvp/charts/vvp-postgres/resources/config/postgres/conf/postgresql.conf b/kubernetes/vvp/charts/vvp-postgres/resources/config/postgres/conf/postgresql.conf new file mode 100644 index 0000000000..46dec02e65 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-postgres/resources/config/postgres/conf/postgresql.conf @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# initdb defaults +# +listen_addresses = '*' # what IP address(es) to listen on; +max_connections = 100 # (change requires restart) +shared_buffers = 32MB # min 128kB +datestyle = 'iso, mdy' +lc_messages = 'en_US.UTF-8' # locale for system error message +lc_monetary = 'en_US.UTF-8' # locale for monetary formatting +lc_numeric = 'en_US.UTF-8' # locale for number formatting +lc_time = 'en_US.UTF-8' # locale for time formatting +default_text_search_config = 'pg_catalog.english' +log_line_prefix = 'user=%u,db=%d ' +# +# our customizations +# +dynamic_shared_memory_type = posix +log_timezone = 'UTC' +timezone = 'UTC' diff --git a/kubernetes/vvp/charts/vvp-postgres/resources/config/postgres/init/cms_db.sh b/kubernetes/vvp/charts/vvp-postgres/resources/config/postgres/init/cms_db.sh new file mode 100644 index 0000000000..c2a1f6b6f7 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-postgres/resources/config/postgres/init/cms_db.sh @@ -0,0 +1,25 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# sourced, not executed, by docker-entrypoint.sh (/bin/bash) + +# defaults +: ${ICE_CMS_DB_USER:="icecmsuser"} +: ${ICE_CMS_DB_NAME:="icecmsdb"} +: ${ICE_CMS_DB_PASSWORD:="na"} + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<- EOF + CREATE USER ${ICE_CMS_DB_USER} WITH CREATEDB PASSWORD '${ICE_CMS_DB_PASSWORD}'; + CREATE DATABASE ${ICE_CMS_DB_NAME} WITH OWNER ${ICE_CMS_DB_USER} ENCODING 'utf-8'; +EOF diff --git a/kubernetes/vvp/charts/vvp-postgres/resources/config/postgres/init/link_postgresql.sh b/kubernetes/vvp/charts/vvp-postgres/resources/config/postgres/init/link_postgresql.sh new file mode 100644 index 0000000000..9ca36a141e --- /dev/null +++ b/kubernetes/vvp/charts/vvp-postgres/resources/config/postgres/init/link_postgresql.sh @@ -0,0 +1,16 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# sourced, not executed, by docker-entrypoint.sh (/bin/bash) +ln -sf /etc/postgresql/conf.d/postgresql.conf "${PGDATA}"/postgresql.conf diff --git a/kubernetes/vvp/charts/vvp-postgres/templates/configmap.yaml b/kubernetes/vvp/charts/vvp-postgres/templates/configmap.yaml new file mode 100644 index 0000000000..e5773f6e3f --- /dev/null +++ b/kubernetes/vvp/charts/vvp-postgres/templates/configmap.yaml @@ -0,0 +1,29 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgresql-conf + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/postgres/conf/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgresql-initdb + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/postgres/init/*").AsConfig . | indent 2 }} diff --git a/kubernetes/vvp/charts/vvp-postgres/templates/deployment.yaml b/kubernetes/vvp/charts/vvp-postgres/templates/deployment.yaml new file mode 100644 index 0000000000..c7e537da26 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-postgres/templates/deployment.yaml @@ -0,0 +1,72 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + name: {{ .Release.Name }} + spec: + imagePullSecrets: + - name: onapkey + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + ports: + - containerPort: 5432 + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgresql-data + - mountPath: /etc/postgresql/conf.d/ + name: postgresql-conf + - mountPath: /docker-entrypoint-initdb.d/ + name: postgresql-initdb + env: + - name: POSTGRES_DB + value: icedb + - name: ICE_CMS_DB_NAME + value: icecmsdb + - name: POSTGRES_USER + value: em_postgresuser + - name: ICE_CMS_DB_USER + value: cms_postgresuser + - name: ICE_CMS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-passwords + key: cmsPassword + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-passwords + key: emPassword + volumes: + - name: postgresql-data + emptyDir: {} + - name: postgresql-conf + configMap: + name: postgresql-conf + - name: postgresql-initdb + configMap: + name: postgresql-initdb diff --git a/kubernetes/vvp/charts/vvp-postgres/templates/service.yaml b/kubernetes/vvp/charts/vvp-postgres/templates/service.yaml new file mode 100644 index 0000000000..a4260013a4 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-postgres/templates/service.yaml @@ -0,0 +1,28 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName | default "http" }} + selector: + app: {{ include "common.name" . }} diff --git a/kubernetes/vvp/charts/vvp-postgres/values.yaml b/kubernetes/vvp/charts/vvp-postgres/values.yaml new file mode 100644 index 0000000000..000c049522 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-postgres/values.yaml @@ -0,0 +1,63 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/vvp/postgresql:1.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + name: vvp-postgres + portName: vvp-postgres + internalPort: 5432 + externalPort: 5432 + +ingress: + enabled: false diff --git a/kubernetes/vvp/charts/vvp-redis/Chart.yaml b/kubernetes/vvp/charts/vvp-redis/Chart.yaml new file mode 100644 index 0000000000..4147dd265f --- /dev/null +++ b/kubernetes/vvp/charts/vvp-redis/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: in memory key-value store for all project +name: vvp-redis +version: 3.0.0 diff --git a/kubernetes/vvp/charts/vvp-redis/templates/deployment.yaml b/kubernetes/vvp/charts/vvp-redis/templates/deployment.yaml new file mode 100644 index 0000000000..744b686f94 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-redis/templates/deployment.yaml @@ -0,0 +1,41 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + spec: + hostname: {{ include "common.name" . }} + containers: + - args: + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + name: {{ include "common.name" . }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/vvp/charts/vvp-redis/templates/service.yaml b/kubernetes/vvp/charts/vvp-redis/templates/service.yaml new file mode 100644 index 0000000000..e46ab4b030 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-redis/templates/service.yaml @@ -0,0 +1,34 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + {{- end}} + name: {{ .Values.service.portName | default "http" }} + selector: + app: {{ include "common.name" . }} diff --git a/kubernetes/vvp/charts/vvp-redis/values.yaml b/kubernetes/vvp/charts/vvp-redis/values.yaml new file mode 100644 index 0000000000..2eddd512da --- /dev/null +++ b/kubernetes/vvp/charts/vvp-redis/values.yaml @@ -0,0 +1,63 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: docker.io +image: redis:alpine +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + name: vvp-redis + portName: vvp-redis + internalPort: 6379 + externalPort: 6379 + +ingress: + enabled: false |