From c2cc5ff1d2520267f9ebabb02eced6ea2a1dc9f6 Mon Sep 17 00:00:00 2001 From: jasmineWen Date: Fri, 22 Jun 2018 18:16:24 +0000 Subject: vvp -- VNF Validation Platform Issue-ID: OOM-1173 Change-Id: I11251d5729c057ebc2211c60ac973343c0aa01f3 Signed-off-by: jasmineWen Signed-off-by: stark, steven --- kubernetes/vvp/charts/vvp-em-uwsgi/Chart.yaml | 18 ++ .../vvp/charts/vvp-em-uwsgi/requirements.yaml | 18 ++ .../vvp-em-uwsgi/resources/config/em/__init__.py | 332 +++++++++++++++++++++ .../vvp-em-uwsgi/resources/config/em/envbool.py | 44 +++ .../vvp-em-uwsgi/resources/config/em/gunicorn.ini | 20 ++ .../vvp-em-uwsgi/resources/config/em/storage.py | 48 +++ .../charts/vvp-em-uwsgi/templates/configmap.yaml | 21 ++ .../charts/vvp-em-uwsgi/templates/deployment.yaml | 133 +++++++++ .../vvp/charts/vvp-em-uwsgi/templates/service.yaml | 28 ++ kubernetes/vvp/charts/vvp-em-uwsgi/values.yaml | 61 ++++ 10 files changed, 723 insertions(+) create mode 100644 kubernetes/vvp/charts/vvp-em-uwsgi/Chart.yaml create mode 100644 kubernetes/vvp/charts/vvp-em-uwsgi/requirements.yaml create mode 100644 kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/__init__.py create mode 100644 kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/envbool.py create mode 100644 kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/gunicorn.ini create mode 100644 kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/storage.py create mode 100644 kubernetes/vvp/charts/vvp-em-uwsgi/templates/configmap.yaml create mode 100644 kubernetes/vvp/charts/vvp-em-uwsgi/templates/deployment.yaml create mode 100644 kubernetes/vvp/charts/vvp-em-uwsgi/templates/service.yaml create mode 100644 kubernetes/vvp/charts/vvp-em-uwsgi/values.yaml (limited to 'kubernetes/vvp/charts/vvp-em-uwsgi') diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/Chart.yaml b/kubernetes/vvp/charts/vvp-em-uwsgi/Chart.yaml new file mode 100644 index 0000000000..4393322261 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: backend uwsgi server which hosts django application +name: vvp-em-uwsgi +version: 3.0.0 diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/requirements.yaml b/kubernetes/vvp/charts/vvp-em-uwsgi/requirements.yaml new file mode 100644 index 0000000000..9f44c6df28 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~3.0.0 + repository: '@local' diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/__init__.py b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/__init__.py new file mode 100644 index 0000000000..ed57ca604d --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/__init__.py @@ -0,0 +1,332 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +Django settings for VVP project. + +Environment variables that must exist: + + ENVIRONMENT + SECRET_KEY + SECRET_WEBHOOK_TOKEN + SECRET_GITLAB_AUTH_TOKEN + SECRET_JENKINS_PASSWORD + SECRET_CMS_APP_CLIENT_ID + SECRET_CMS_APP_CLIENT_SECRET + +Environment variables that must exist in production: + + EMAIL_HOST + EMAIL_HOST_PASSWORD + EMAIL_HOST_USER + EMAIL_PORT + +""" + +import os +from vvp.settings.envbool import envbool +from corsheaders.defaults import default_headers +from boto.s3.connection import OrdinaryCallingFormat +import datetime + +# With this file at ice/settings/__init__.py, we need three applications of +# dirname() to find the project root. +import engagementmanager +PROJECT_PATH = os.path.dirname(os.path.dirname(engagementmanager.__file__)) +LOGS_PATH = os.path.join(PROJECT_PATH, "logs") + +ENVIRONMENT = os.environ['ENVIRONMENT'] +PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX'] +SERVICE_PROVIDER = os.environ['SERVICE_PROVIDER'] +PROGRAM_NAME = os.environ['PROGRAM_NAME'] +SERVICE_PROVIDER_DOMAIN = os.environ['SERVICE_PROVIDER_DOMAIN'] + +# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/ +SECRET_KEY = os.environ["SECRET_KEY"] + +# https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts +# Anything in the Host header that does not match our expected domain should +# raise SuspiciousOperation exception. +ALLOWED_HOSTS = ['*'] + +DEBUG = envbool('DJANGO_DEBUG_MODE', False) + +if ENVIRONMENT == 'production': + EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' + EMAIL_HOST = os.environ['EMAIL_HOST'] + EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD'] + EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER'] + EMAIL_PORT = os.environ['EMAIL_PORT'] +else: + EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' + +# Note: Only SSL email backends are allowed +EMAIL_USE_SSL = True + +REST_FRAMEWORK = { + # Use Django's standard `django.contrib.auth` permissions, + # or allow read-only access for unauthenticated users. + 'EXCEPTION_HANDLER': 'engagementmanager.utils.exception_handler.ice_exception_handler', + 'PAGE_SIZE': 10, + 'DEFAULT_PERMISSION_CLASSES': ( + 'rest_framework.permissions.IsAuthenticated', + ), + 'DEFAULT_AUTHENTICATION_CLASSES': ( + 'rest_framework.authentication.SessionAuthentication', + 'rest_framework.authentication.BasicAuthentication', + 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', + ), + 'DEFAULT_PARSER_CLASSES': ( + 'engagementmanager.rest.parsers.XSSJSONParser', + 'engagementmanager.rest.parsers.XSSFormParser', + 'engagementmanager.rest.parsers.XSSMultiPartParser', + ) +} + +JWT_AUTH = { + 'JWT_AUTH_HEADER_PREFIX': 'token', + 'JWT_ALGORITHM': 'HS256', + 'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1), + 'JWT_DECODE_HANDLER': 'engagementmanager.utils.authentication.ice_jwt_decode_handler', +} + +APPEND_SLASH = False + +# Application definition +INSTALLED_APPS = [ + 'django.contrib.auth', # required by d.c.admin + 'corsheaders', + 'django.contrib.contenttypes', # required by d.c.admin + 'django.contrib.sessions', # required by d.c.admin + 'django.contrib.messages', # required by d.c.admin + 'django.contrib.staticfiles', + 'django.contrib.admin', # django admin site + 'rest_framework', + 'engagementmanager.apps.EngagementmanagerConfig', + 'validationmanager.apps.ValidationmanagerConfig', +] + +MIDDLEWARE_CLASSES = [ + 'django.middleware.security.SecurityMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', # required by d.c.admin + 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'corsheaders.middleware.CorsMiddleware', +] + +ROOT_URLCONF = 'vvp.urls' + +TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [PROJECT_PATH + '/web/templates'], + 'APP_DIRS': True, + 'OPTIONS': { + 'context_processors': [ + 'django.template.context_processors.debug', + 'django.template.context_processors.request', + 'django.contrib.auth.context_processors.auth', # required by d.c.admin + 'django.contrib.messages.context_processors.messages', # required by d.c.admin + ], + }, + }, +] + +WSGI_APPLICATION = 'vvp.wsgi.application' + + +# Database +# https://docs.djangoproject.com/en/1.9/ref/settings/#databases +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': os.environ['PGDATABASE'], + 'USER': os.environ['PGUSER'], + 'PASSWORD': os.environ['PGPASSWORD'], + 'HOST': os.environ['PGHOST'], + 'PORT': os.environ['PGPORT'], + } +} + + +# Password validation +# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators +AUTH_PASSWORD_VALIDATORS = [ + {'NAME': 'django.contrib.auth.password_validation.%s' % s} for s in [ + 'UserAttributeSimilarityValidator', + 'MinimumLengthValidator', + 'CommonPasswordValidator', + 'NumericPasswordValidator', + ]] + + +# Internationalization +# https://docs.djangoproject.com/en/1.9/topics/i18n/ +LANGUAGE_CODE = 'en-us' +TIME_ZONE = 'UTC' +USE_I18N = True +USE_L10N = True +USE_TZ = True + +CORS_ALLOW_HEADERS = default_headers + ('ICE-USER-ID',) + +# Static files (CSS, JavaScript, Images) +# https://docs.djangoproject.com/en/1.9/howto/static-files/ +STATIC_ROOT = os.environ['STATIC_ROOT'] + + +LOGGING = { + 'version': 1, + 'disable_existing_loggers': False, + 'formatters': { # All possible attributes are: https://docs.python.org/3/library/logging.html#logrecord-attributes + 'verbose': { + 'format': '%(asctime)s %(levelname)s %(name)s %(module)s %(lineno)d %(process)d %(thread)d %(message)s' + }, + 'simple': { + 'format': '%(asctime)s %(levelname)s %(name)s %(message)s' + }, + }, + 'handlers': { + 'console': { + 'class': 'logging.StreamHandler', + 'formatter': 'simple' + }, + 'vvp-info.log': { + 'level': 'INFO', # handler will ignore DEBUG (only process INFO, WARN, ERROR, CRITICAL, FATAL) + 'class': 'logging.FileHandler', + 'filename': os.path.join(LOGS_PATH, 'vvp-info.log'), + 'formatter': 'verbose' + }, + 'vvp-debug.log': { + 'level': 'DEBUG', + 'class': 'logging.FileHandler', + 'filename': os.path.join(LOGS_PATH, 'vvp-debug.log'), + 'formatter': 'verbose' + }, + 'vvp-requests.log': { + 'level': 'ERROR', + 'class': 'logging.FileHandler', + 'filename': os.path.join(LOGS_PATH, 'vvp-requests.log'), + 'formatter': 'verbose' + }, + 'vvp-db.log': { + 'level': 'ERROR', + 'class': 'logging.FileHandler', + 'filename': os.path.join(LOGS_PATH, 'vvp-db.log'), + 'formatter': 'verbose', + }, + }, + 'loggers': { + 'vvp.logger': { + 'handlers': ['vvp-info.log', 'vvp-debug.log', 'vvp-requests.log', 'vvp-db.log', 'console'], + 'level': 'DEBUG' if DEBUG else 'INFO', + }, + 'django': { + 'handlers': ['console'], + 'level': 'INFO' if DEBUG else 'ERROR', + }, + 'django.request': { + 'handlers': ['vvp-requests.log', 'console'], + 'level': 'INFO' if DEBUG else 'ERROR', + }, + 'django.db.backends': { + 'handlers': ['vvp-db.log', 'console'], + 'level': 'DEBUG' if DEBUG else 'ERROR', + 'propagate': False, + }, + # silence the hundred lines of useless "missing variable in template" + # complaints per admin pageview. + 'django.template': { + 'level': 'DEBUG', + 'handlers': ['vvp-info.log', 'vvp-debug.log', 'console'], + 'propagate': False, + }, + } +} + + +############################# +# VVP Related Configuration +############################# +CONTACT_FROM_ADDRESS = os.getenv('CONTACT_FROM_ADDRESS', 'dummy@example.com') +CONTACT_EMAILS = [s.strip() for s in os.getenv('CONTACT_EMAILS', 'user@example.com').split(',') if s] +DOMAIN = os.getenv('EM_DOMAIN_NAME') +TOKEN_EXPIRATION_IN_HOURS = 48 +DAILY_SCHEDULED_JOB_HOUR = 20 +NUMBER_OF_POLLED_ACTIVITIES = 5 +TEMP_PASSWORD_EXPIRATION_IN_HOURS = 48 +# This is the DNS name pointing to the private-network ip of the host machine +# running (a haproxy that points to) (an nginx frontend for) this app +API_DOMAIN = 'em' + +# The authentication token needed by Jenkins or Gitlab to issue webhook updates +# to us. This is a "secret" shared by Jenkins and Django. It must be part of +# the URL path component for the Jenkins webhook in ValidationManager to accept +# a notification. It should be a set of random URL-path-safe characters, with +# no slash '/'. +# FIXME: Does this authentication scheme actually gain us anything? What's the +# threat model +WEBHOOK_TOKEN = os.environ['SECRET_WEBHOOK_TOKEN'] + +# The authentication token and URL needed for us to issue requests to the GitLab API. +GITLAB_TOKEN = os.environ['SECRET_GITLAB_AUTH_TOKEN'] +GITLAB_URL = "http://vvp-gitlab/" + +JENKINS_URL = "http://vvp-jenkins:8080/" +JENKINS_USERNAME = "admin" +JENKINS_PASSWORD = os.environ['SECRET_JENKINS_PASSWORD'] + +IS_CL_CREATED_ON_REVIEW_STATE = envbool('IS_CL_CREATED_ON_REVIEW_STATE', False) # Options: True, False +IS_SIGNAL_ENABLED = envbool('IS_SIGNAL_ENABLED', True) +RECENT_ENG_TTL = 3 # In days +CMS_URL = "http://vvp-cms-uwsgi/api/" +CMS_APP_CLIENT_ID = os.environ['SECRET_CMS_APP_CLIENT_ID'] +CMS_APP_CLIENT_SECRET = os.environ['SECRET_CMS_APP_CLIENT_SECRET'] + +# slack integration +SLACK_API_TOKEN = os.environ['SLACK_API_TOKEN'] +ENGAGEMENTS_CHANNEL = os.getenv('ENGAGEMENTS_CHANNEL', '') +ENGAGEMENTS_NOTIFICATIONS_CHANNEL = os.getenv('ENGAGEMENTS_NOTIFICATIONS_CHANNEL:', '') +DEVOPS_CHANNEL = os.getenv('DEVOPS_CHANNEL', '') +DEVOPS_NOTIFICATIONS_CHANNEL = os.getenv('DEVOPS_NOTIFICATIONS_CHANNEL', '') + +# S3 configuration for static resources storage and media upload + +# used by our custom storage.py +MEDIA_BUCKET = "em-media" +STATIC_BUCKET = "em-static" + +# django-storages configuration +AWS_S3_HOST = os.environ['S3_HOST'] +AWS_S3_PORT = int(os.environ['S3_PORT']) +AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST'] +AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID'] +AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY'] +AWS_AUTO_CREATE_BUCKET = True +AWS_PRELOAD_METADATA = True + +# Set by custom subclass. +# AWS_STORAGE_BUCKET_NAME = "em-static" +AWS_S3_CALLING_FORMAT = OrdinaryCallingFormat() +DEFAULT_FILE_STORAGE = 'vvp.settings.storage.S3MediaStorage' +STATICFILES_STORAGE = 'vvp.settings.storage.S3StaticStorage' + +# These seem to have no effect even when we don't override with custom_domain? +STATIC_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, STATIC_BUCKET) +MEDIA_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, MEDIA_BUCKET) + +STATIC_ROOT = os.environ['STATIC_ROOT'] diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/envbool.py b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/envbool.py new file mode 100644 index 0000000000..31f4385d16 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/envbool.py @@ -0,0 +1,44 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +envbool.py + +Return which environment is currently running on (to setting.py). + +""" +import os + + +def envbool(key, default=False, unknown=True): + """Return a boolean value based on that of an environment variable. + + Environment variables have no native boolean type. They are always strings, and may be empty or + unset (which differs from empty.) Furthermore, notions of what is "truthy" in shell script + differ from that of python. + + This function converts environment variables to python boolean True or False in + case-insensitive, expected ways to avoid pitfalls: + + "True", "true", and "1" become True + "False", "false", and "0" become False + unset or empty becomes False by default (toggle with 'default' parameter.) + any other value becomes True by default (toggle with 'unknown' parameter.) + + """ + return { + 'true': True, '1': True, # 't': True, + 'false': False, '0': False, # 'f': False. + '': default, + }.get(os.getenv(key, '').lower(), unknown) diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/gunicorn.ini b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/gunicorn.ini new file mode 100644 index 0000000000..29cca7db93 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/gunicorn.ini @@ -0,0 +1,20 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +bind = ":80" +chdir = '/srv' +pidfile = '/tmp/ice-project-master.pid' +backlog = '5000' +errorlog = '-' +loglevel = 'info' diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/storage.py b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/storage.py new file mode 100644 index 0000000000..c76046a329 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/storage.py @@ -0,0 +1,48 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +storage.py + +In order to make Django store trusted static files and untrusted media +(user-uploaded) files in separate s3 buckets, we must create two different +storage classes. + +https://www.caktusgroup.com/blog/2014/11/10/Using-Amazon-S3-to-store-your-Django-sites-static-and-media-files/ +http://www.leehodgkinson.com/blog/my-mezzanine-s3-setup/ + +""" + +# FIXME this module never changes so might not need not be kept in a +# configmap. Also it is (almost) the same as what we use in cms. + +# There is a newer storage based on boto3 but that doesn't support changing +# the HOST, as we need to for non-amazon s3 services. It does support an +# "endpoint"; setting AWS_S3_ENDPOINT_URL may cause it to work. +from storages.backends.s3boto import S3BotoStorage +from django.conf import settings + + +# NOTE for some reason, collectstatic uploads to bucket/location but the +# urls constructed are domain/location +class S3StaticStorage(S3BotoStorage): + custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.STATIC_BUCKET) + bucket_name = settings.STATIC_BUCKET + # location = ... + + +class S3MediaStorage(S3BotoStorage): + custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.MEDIA_BUCKET) + bucket_name = settings.MEDIA_BUCKET + # location = ... diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/templates/configmap.yaml b/kubernetes/vvp/charts/vvp-em-uwsgi/templates/configmap.yaml new file mode 100644 index 0000000000..1163973c28 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/templates/configmap.yaml @@ -0,0 +1,21 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-settings + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/em/*").AsConfig . | indent 2 }} diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/templates/deployment.yaml b/kubernetes/vvp/charts/vvp-em-uwsgi/templates/deployment.yaml new file mode 100644 index 0000000000..1d08f76ed8 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/templates/deployment.yaml @@ -0,0 +1,133 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + name: {{ .Release.Name }} + spec: + imagePullSecrets: + - name: onapkey + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + ports: + - containerPort: 80 + - containerPort: 9000 + volumeMounts: + - name: em-settings + mountPath: /opt/configmaps/settings/ + - name: site-crt + mountPath: /opt/secrets/site-crt/ + env: + - name: ENVIRONMENT + value: "development" + - name: PROGRAM_NAME_URL_PREFIX + value: "vvp" + - name: SERVICE_PROVIDER + value: "NA" + - name: PROGRAM_NAME + value: "VVP" + - name: SERVICE_PROVIDER_DOMAIN + value: "na.com" + - name: SECRET_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: key} + - name: EMAIL_HOST + value: "localhost" + - name: EMAIL_HOST_USER + value: "example" + - name: EMAIL_PORT + value: "25" + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: {name: email-secret, key: password} + - name: PGHOST + value: vvp-postgres + - name: PGPORT + value: "5432" + - name: PGDATABASE + value: icedb + - name: PGUSER + value: "em_postgresuser" + - name: PGPASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: emPassword} + - name: DOMAIN + value: https://development.vvp.example.com + - name: ICE_EM_DOMAIN_NAME + value: https://development.vvp.example.com + - name: CONTACT_FROM_ADDRESS + value: "example" + - name: OAUTHLIB_INSECURE_TRANSPORT + value: "1" + - name: SECRET_WEBHOOK_TOKEN + valueFrom: + secretKeyRef: {name: em-secret, key: em_webhook_token} + - name: SECRET_GITLAB_AUTH_TOKEN + valueFrom: + secretKeyRef: {name: gitlab-password, key: auth-token} + - name: SECRET_JENKINS_PASSWORD + valueFrom: + secretKeyRef: {name: em-secret, key: jenkins_admin_password} + - name: SECRET_CMS_APP_CLIENT_ID + valueFrom: + secretKeyRef: {name: em-secret, key: cms_app_client_id} + - name: SECRET_CMS_APP_CLIENT_SECRET + valueFrom: + secretKeyRef: {name: em-secret, key: cms_app_client_secret} + - name: STATIC_ROOT + value: "/app/htdocs" + - name: DJANGO_DEBUG_MODE + value: "True" + - name: SLACK_API_TOKEN + valueFrom: + secretKeyRef: {name: em-secret, key: slack_api_token} + - name: ENGAGEMENTS_CHANNEL + value: "" + - name: ENGAGEMENTS_NOTIFICATIONS_CHANNEL + value: "" + - name: DEVOPS_CHANNEL + value: "" + - name: DEVOPS_NOTIFICATIONS_CHANNEL + value: "" + - name: S3_HOST + value: "dev-s3.vvp.example.com" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} + command: ["/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "vvp.wsgi:application", ] + volumes: + - name: site-crt + secret: + secretName: site-crt + - name: em-settings + configMap: + name: {{ include "common.fullname" . }}-settings diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/templates/service.yaml b/kubernetes/vvp/charts/vvp-em-uwsgi/templates/service.yaml new file mode 100644 index 0000000000..a4260013a4 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/templates/service.yaml @@ -0,0 +1,28 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName | default "http" }} + selector: + app: {{ include "common.name" . }} diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/values.yaml b/kubernetes/vvp/charts/vvp-em-uwsgi/values.yaml new file mode 100644 index 0000000000..dd01834846 --- /dev/null +++ b/kubernetes/vvp/charts/vvp-em-uwsgi/values.yaml @@ -0,0 +1,61 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/vvp/engagementmgr:1.0.0-latest +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + internalPort: 80 + portName: em + +ingress: + enabled: false -- cgit 1.2.3-korg