aboutsummaryrefslogtreecommitdiffstats
path: root/ansible/roles/ansible-vvp-templates/templates
diff options
context:
space:
mode:
authoredan.binshtok <eb578m@intl.att.com>2017-11-21 20:06:04 +0200
committeredan.binshtok <eb578m@intl.att.com>2017-11-21 20:09:14 +0200
commit307215471b50e1f27654819434fb08de4d003d82 (patch)
tree36e07c3fe747d17a6d1e7d2642f2afd567a7d4b9 /ansible/roles/ansible-vvp-templates/templates
parenteb123edb162afc20da8d618df1e77d73b8236f6d (diff)
Fix gitignore and missing files
Due to bad gitignore some files were missing. Now .vault_passwords added and dirs under roles Issue-ID: VVP-32 Change-Id: I2b9b7afe305603b37fbfe184dc36156c8461bc85 Signed-off-by: edan.binshtok <eb578m@intl.att.com>
Diffstat (limited to 'ansible/roles/ansible-vvp-templates/templates')
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2198
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/configmaps/s3provision-configmap.yaml.j286
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2108
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2108
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j255
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2165
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2146
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2162
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2107
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j289
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j270
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j295
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j289
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/ceph-secret.yaml.j246
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/ci-secret.yaml.j248
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/cms-secret.yaml.j252
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/em-secret.yaml.j254
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j246
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/gitlab-password-secret.yaml.j247
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/haproxy-auth-secret.yaml.j247
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/imagescanner-ssh-secret.yaml.j250
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-admin-secret.yaml.j247
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-deploykey-secret.yaml.j247
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-ssh-secret.yaml.j251
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/postgresql-passwords-secret.yaml.j250
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j247
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j246
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/secrets/slack-tokens-secret.yaml.j246
-rw-r--r--ansible/roles/ansible-vvp-templates/templates/services/haproxy-service.yaml.j2105
29 files changed, 2307 insertions, 0 deletions
diff --git a/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2
new file mode 100644
index 0000000..3fd9055
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2
@@ -0,0 +1,198 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: ext-haproxy-cfg
+ namespace: default
+data:
+ file: |
+ resolvers dns
+ nameserver pod_dns "10.3.0.10:53"
+ resolve_retries 3
+ timeout retry 1s
+ hold valid 30s
+
+ defaults
+ mode http
+ timeout connect 5000ms
+ timeout client 50000ms
+ timeout server 50000ms
+ option httpclose
+ option redispatch
+ option abortonclose
+ option httplog
+ option dontlognull
+ default-server init-addr last,libc,none
+
+ backend gitlab_ssh
+ mode tcp
+ option tcplog
+ timeout server 2h
+ server gitlabssh gitlab:22 resolvers dns
+
+ frontend gitlab_ssh_frontend
+ mode tcp
+ option tcplog
+ timeout client 2h
+ bind 0.0.0.0:22
+ acl is_ssh dst_port 22
+ use_backend gitlab_ssh if is_ssh
+
+ backend portal_backend
+ mode http
+ server ice_portal portal:8181 resolvers dns
+
+ backend api
+ mode http
+ server engagement_manager em:80 resolvers dns
+
+ backend s3
+ mode http
+ balance roundrobin
+ option httpchk HEAD /
+{% for host in rgws %}
+ server {{ host['name'] }} {{ host['ip'] }}:{{ hostvars[host['name']]['radosgw_civetweb_port'] }} check inter 10000ms
+{% endfor %}
+
+ frontend portal
+ mode http
+ redirect scheme https if !{ ssl_fc }
+ acl is_api_call path_beg -i /ice
+ acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3.
+ use_backend api if is_api_call
+ use_backend s3 if is_s3
+ bind 0.0.0.0:80
+ bind 0.0.0.0:443 ssl crt /etc/haproxy/site.pem force-tlsv12
+ default_backend portal_backend
+
+ listen stats
+ bind 0.0.0.0:9001
+ mode http
+ stats enable # Enable stats page
+ stats realm Haproxy\ Statistics
+ stats uri /haproxy_stats
+ stats auth "${HAPROXY_USER}:${HAPROXY_PASS}"
+ acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16
+ http-request deny if !network_allowed
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: int-haproxy-cfg
+ namespace: default
+data:
+ file: |
+ resolvers dns
+ nameserver pod_dns "10.3.0.10:53"
+ resolve_retries 3
+ timeout retry 1s
+ hold valid 30s
+
+ defaults
+ mode http
+ timeout connect 5000ms
+ timeout client 50000ms
+ timeout server 50000ms
+ option httpclose
+ option redispatch
+ option abortonclose
+ option httplog
+ option dontlognull
+ default-server init-addr last,libc,none
+
+ backend gitlab_web_backend
+ mode http
+ server gitlab_web_1 gitlab:80 resolvers dns
+
+ frontend gitlab_web
+ mode http
+ bind 0.0.0.0:80
+
+ acl is_scanner path_beg /imagescanner
+ acl is_em_admin hdr_beg(host) em. staging-em. dev-em.
+ acl is_cms hdr_beg(host) cms. staging-cms. dev-cms.
+ acl is_ci_admin hdr_beg(host) staging-ci. dev-ci.
+ acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3.
+
+ use_backend imagescanner if is_em_admin is_scanner
+ use_backend cms if is_cms
+ use_backend api if is_em_admin
+ use_backend ci if is_ci_admin
+ use_backend s3 if is_s3
+
+ default_backend gitlab_web_backend
+
+ backend s3
+ mode http
+ balance roundrobin
+{% for host in rgws %}
+ server {{ host['name'] }} {{ host['ip'] }}:{{ hostvars[host['name']]['radosgw_civetweb_port'] }}
+{% endfor %}
+
+ backend cms
+ mode http
+ server cms_server cms:80 resolvers dns
+
+ backend api
+ mode http
+ server engagement_manager em:80 resolvers dns
+
+ backend ci
+ mode http
+ server ci_test ci:8282 resolvers dns
+
+ listen jenkins
+ bind 0.0.0.0:8080
+ server jenkins jenkins:8080 resolvers dns
+
+ backend imagescanner
+ mode http
+ server imagescanner imagescanner:80 resolvers dns
+
+ listen stats
+ bind 0.0.0.0:9000
+ mode http
+ stats enable # Enable stats page
+ stats realm Haproxy\ Statistics
+ stats uri /haproxy_stats
+ stats auth "${HAPROXY_USER}:${HAPROXY_PASS}"
+ acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16
+ block if !network_allowed
diff --git a/ansible/roles/ansible-vvp-templates/templates/configmaps/s3provision-configmap.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/configmaps/s3provision-configmap.yaml.j2
new file mode 100644
index 0000000..6e30492
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/configmaps/s3provision-configmap.yaml.j2
@@ -0,0 +1,86 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: s3provision
+ namespace: default
+data:
+ s3cmd.cfg: |
+ [default]
+ access_key = {{ vault_aws_access_key_id }}
+ host_base = {{ rgws[0]['ip'] }}:{{ hostvars[rgws[0]['name']]['radosgw_civetweb_port'] }}
+ host_bucket =
+ secret_key = {{ vault_aws_secret_access_key }}
+ use_https = False
+ verbosity = INFO
+ corsconf.xml: |
+ <CORSConfiguration>
+ <CORSRule>
+ <ID>Allow GET and HEAD from our domain.</ID>
+ <AllowedOrigin>https://{{ domain }}</AllowedOrigin>
+ <AllowedOrigin>http://{{ cms_dns_name }}</AllowedOrigin>
+ <AllowedOrigin>http://{{ em_domain_name }}</AllowedOrigin>
+ <AllowedMethod>GET</AllowedMethod>
+ <AllowedMethod>HEAD</AllowedMethod>
+ <AllowedHeader>Content-*</AllowedHeader>
+ <AllowedHeader>Host</AllowedHeader>
+ <ExposeHeader>ETag</ExposeHeader>
+ <MaxAgeSeconds>1800</MaxAgeSeconds>
+ </CORSRule>
+ </CORSConfiguration>
+ entrypoint.sh: |
+ #!/bin/sh
+ set -ex
+ echo Running $0 ...
+ s3cmd="s3cmd -c /opt/configmaps/s3provision/s3cmd.cfg"
+ corsconf="/opt/configmaps/s3provision/corsconf.xml"
+
+ pip install s3cmd
+
+ for bucket in em-static cms-static em-media cms-media; do
+ $s3cmd mb s3://$bucket
+ done
+
+ for bucket in em-static cms-static; do
+ $s3cmd setcors $corsconf s3://$bucket
+ done
+
+ echo $0 complete.
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2
new file mode 100644
index 0000000..6771b1f
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2
@@ -0,0 +1,108 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: gitlab
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ run: gitlab
+ spec:
+ containers:
+ - name: gitlab
+ image: {{container_uri}}rkt-gitlab:{{container_tag}}
+ ports:
+ - containerPort: 80
+ - containerPort: 22
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /var/opt/gitlab
+ name: gitlab
+ subPath: var/opt/gitlab
+ - mountPath: /etc/gitlab
+ name: gitlab
+ subPath: etc/gitlab
+ - mountPath: /var/log/gitlab
+ name: gitlab
+ subPath: var/log/gitlab
+ - mountPath: /tmp/deploykey
+ name: jenkins-deploykey
+ env:
+ - name: ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: gitlab-password
+ key: password
+ - name: AUTHENTICATION_TOKEN
+ valueFrom:
+ secretKeyRef:
+ name: gitlab-password
+ key: auth-token
+ - name: EXTERNAL_URL
+ value: "http://{{git_dns_name}}"
+{% if enable_liveness_probes %}
+ livenessProbe:
+ httpGet:
+ path: /
+ port: 80
+ initialDelaySeconds: {{livenessProbe_initialDelaySeconds.gitlab | default(120)}}
+ periodSeconds: 15
+{% endif %}
+ volumes:
+ - name: gitlab
+ rbd:
+ monitors:
+{% for ip in mon_ips %}
+ - "{{ ip }}"
+{% endfor %}
+ pool: rbd
+ image: gitlab
+ user: admin
+ secretRef:
+ name: "ceph-secret"
+ fsType: xfs
+ readOnly: false
+ - name: jenkins-deploykey
+ secret:
+ secretName: jenkins-deploykey
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2
new file mode 100644
index 0000000..e78bfc9
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2
@@ -0,0 +1,108 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: postgresql
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ run: postgresql
+ spec:
+ containers:
+ - name: postgresql
+ image: {{container_uri}}rkt-postgresql:{{container_tag}}
+ ports:
+ - containerPort: 5432
+ volumeMounts:
+ - mountPath: /var/lib/postgresql/data
+ name: postgresql-data
+ - mountPath: /etc/postgresql/conf.d/
+ name: postgresql-conf
+ - mountPath: /docker-entrypoint-initdb.d/
+ name: postgresql-initdb
+ env:
+ - name: POSTGRES_DB
+ value: icedb
+ - name: ICE_CMS_DB_NAME
+ value: icecmsdb
+ - name: POSTGRES_USER
+ value: {{vault_em_postgresql_user}}
+ - name: ICE_CMS_DB_USER
+ value: {{vault_cms_postgresql_user}}
+ - name: ICE_CMS_DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: postgresql-passwords
+ key: cmsPassword
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: postgresql-passwords
+ key: emPassword
+{% if enable_liveness_probes %}
+ livenessProbe:
+ timeoutSeconds: 1
+ initialDelaySeconds: {{livenessProbe_initialDelaySeconds.postgresql | default(120)}}
+ tcpSocket:
+ port: 5432
+{% endif %}
+ volumes:
+ - name: postgresql-data
+ rbd:
+ monitors:
+{% for ip in mon_ips %}
+ - "{{ ip }}"
+{% endfor %}
+ pool: rbd
+ image: em_postgresql
+ user: admin
+ secretRef:
+ name: "ceph-secret"
+ fsType: xfs
+ readOnly: false
+ - name: postgresql-conf
+ configMap:
+ name: postgresql-conf
+ - name: postgresql-initdb
+ configMap:
+ name: postgresql-initdb
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2
new file mode 100644
index 0000000..523504a
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2
@@ -0,0 +1,55 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: redis
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ run: redis
+ spec:
+ containers:
+ - name: redis
+ image: redis:alpine
+ ports:
+ - containerPort: 6379
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2
new file mode 100644
index 0000000..98a04b5
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2
@@ -0,0 +1,165 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+{% if ice_environment != 'production' %}
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: ci-uwsgi
+spec:
+ template:
+ spec:
+ volumes:
+ - name: ci-settings
+ configMap:
+ name: ci-settings
+ - name: site-crt
+ secret:
+ secretName: site-crt
+{% if devenv is defined %}
+ - name: ci-rsync
+ hostPath:
+ path: /var/devenv/ice-ci/
+{% endif %}
+ containers:
+ - name: ci-uwsgi
+ image: {{container_uri}}rkt-ice-ci:{{container_tag}}
+ ports:
+ - containerPort: 80
+ - containerPort: 8282
+ - containerPort: 9000
+ volumeMounts:
+ - name: ci-settings
+ mountPath: /opt/configmaps/settings/
+ - name: site-crt
+ mountPath: /opt/secrets/site-crt/
+{% if devenv is defined %}
+ - name: ci-rsync
+ mountPath: /app
+{% endif %}
+ env:
+ - name: ICE_ENVIRONMENT
+ value: "{{ice_environment}}"
+ - name: PROGRAM_NAME_URL_PREFIX
+ value: "ice"
+ - name: SECRET_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: key}
+ - name: EM_DB_HOST
+ value: postgresql
+ - name: EM_DB_PORT
+ value: "5432"
+ - name: EM_DB_NAME
+ value: icedb
+ - name: EM_DB_USER
+ value: "{{vault_em_postgresql_user}}"
+ - name: EM_DB_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: emPassword}
+ - name: CMS_DB_HOST
+ value: postgresql
+ - name: CMS_DB_PORT
+ value: "5432"
+ - name: CMS_DB_NAME
+ value: "{{cms_postgresql_db|default('icecmsdb')}}"
+ - name: CMS_DB_USER
+ value: "{{vault_cms_postgresql_user}}"
+ - name: CMS_DB_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: cmsPassword}
+ - name: CI_DB_HOST
+ value: postgresql
+ - name: CI_DB_PORT
+ value: "5432"
+ - name: CI_DB_NAME
+ value: icedb
+ - name: CI_DB_USER
+ value: "{{vault_em_postgresql_user}}"
+ - name: CI_DB_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: ciPassword}
+ - name: STATIC_ROOT
+ value: "/app/htdocs"
+ - name: ICE_CONTACT_FROM_ADDRESS
+ value: "{{vault_email_host_user}}"
+ - name: SECRET_WEBHOOK_TOKEN
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: em_webhook_token}
+ - name: SECRET_GITLAB_AUTH_TOKEN
+ valueFrom:
+ secretKeyRef: {name: gitlab-password, key: auth-token}
+ - name: SECRET_JENKINS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: jenkins_admin_password}
+ - name: ICE_DOMAIN
+ value: https://{{domain}}
+ - name: ICE_EM_DOMAIN_NAME
+ value: https://{{em_domain_name}}
+ - name: OAUTHLIB_INSECURE_TRANSPORT
+ value: "1"
+ - name: CI_ADMIN_USER
+ value: "{{vault_ci_admin_user}}"
+ - name: CI_ADMIN_MAIL
+ value: "{{vault_ci_admin_mail}}"
+ - name: CI_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: ci-secret, key: admin_password}
+ - name: S3_HOST
+ value: "{{s3_dns_name}}"
+ - name: S3_PORT
+ value: "443"
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_access_key_id}
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_secret_access_key}
+{% if enable_liveness_probes %}
+ livenessProbe:
+ httpGet:
+ path: /
+ port: 9000
+ initialDelaySeconds: 90
+ periodSeconds: 15
+{% endif %}
+ command: ["/app/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", "--static-map", "/static=/app/htdocs" {% if devenv is defined %}, "--py-auto-reload" , "3"{% endif %}]
+ metadata:
+ labels:
+ run: ci-uwsgi
+{% endif %}
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2
new file mode 100644
index 0000000..8b601e9
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2
@@ -0,0 +1,146 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: cms-uwsgi
+spec:
+ template:
+ spec:
+ containers:
+ - name: cms-uwsgi
+ image: {{container_uri}}rkt-ice-cms:{{container_tag}}
+ ports:
+ - containerPort: 80
+ - containerPort: 9000
+ env:
+ - name: ENVIRONMENT
+ value: "{{ice_environment}}"
+ - name: SECRET_KEY
+ valueFrom:
+ secretKeyRef: {name: cms-secret, key: key}
+ - name: EMAIL_HOST
+ value: "{{vault_email_host}}"
+ - name: EMAIL_HOST_USER
+ value: "{{vault_email_host_user}}"
+ - name: EMAIL_PORT
+ value: "{{email_port|default(25)}}"
+ - name: EMAIL_HOST_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: email-secret, key: password}
+ - name: PGHOST
+ value: postgresql
+ - name: PGPORT
+ value: "5432"
+ - name: PGDATABASE
+ value: "{{cms_postgresql_db|default('icecmsdb')}}"
+ - name: PGUSER
+ value: "{{vault_cms_postgresql_user}}"
+ - name: PGPASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: cmsPassword}
+ - name: ICE_CONTACT_FROM_ADDRESS
+ value: "{{vault_email_host_user}}"
+ - name: CMS_NEVERCACHE_KEY
+ valueFrom:
+ secretKeyRef: {name: cms-secret, key: nevercache_key}
+ - name: CMS_APP_USER
+ valueFrom:
+ secretKeyRef: {name: cms-secret, key: app_user}
+ - name: CMS_APP_USER_MAIL
+ valueFrom:
+ secretKeyRef: {name: cms-secret, key: app_user_mail}
+ - name: CMS_APP_USER_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: cms-secret, key: app_user_password}
+ - name: CMS_APP_CLIENT_ID
+ valueFrom:
+ secretKeyRef: {name: cms-secret, key: app_client_id}
+ - name: CMS_APP_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef: {name: cms-secret, key: app_client_secret}
+ - name: STATIC_ROOT
+ value: "/app/htdocs"
+ - name: DJANGO_DEBUG_MODE
+ value: "{{django_debug_mode}}"
+ - name: S3_HOST
+ value: "{{s3_dns_name}}"
+ - name: S3_PORT
+ value: "443"
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_access_key_id}
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_secret_access_key}
+{% if enable_liveness_probes %}
+ livenessProbe:
+ httpGet:
+ path: /
+ port: 9000
+ initialDelaySeconds: 30
+ periodSeconds: 15
+ timeoutSeconds: 10
+{% endif %}
+ command: ["/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", {% if devenv is defined %}"--py-auto-reload" , "3",{% endif %}"--static-map", "/static=/app/htdocs"]
+ volumeMounts:
+ - name: settings
+ mountPath: /opt/configmaps/settings/
+ - name: site-crt
+ mountPath: /opt/secrets/site-crt/
+{% if devenv is defined %}
+ - name: cms-rsync
+ mountPath: /srv
+{% endif %}
+ volumes:
+ - name: settings
+ configMap:
+ name: cms-settings
+ - name: site-crt
+ secret:
+ secretName: site-crt
+{% if devenv is defined %}
+ - name: cms-rsync
+ hostPath:
+ path: /var/devenv/rkt-ice-cms/django
+{% endif %}
+ metadata:
+ labels:
+ run: cms-uwsgi
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2
new file mode 100644
index 0000000..8cedd29
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2
@@ -0,0 +1,162 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: em-uwsgi
+spec:
+ template:
+ spec:
+ volumes:
+{% if devenv is defined %}
+ - name: em-rsync
+ hostPath:
+ path: /var/devenv/rkt-ice-engagementmgr/django
+{% endif %}
+ - name: site-crt
+ secret:
+ secretName: site-crt
+ - name: em-settings
+ configMap:
+ name: em-settings
+ containers:
+ - name: em-uwsgi
+ image: {{container_uri}}rkt-engagementmgr:{{container_tag}}
+ ports:
+ - containerPort: 80
+ - containerPort: 9000
+ volumeMounts:
+{% if devenv is defined %}
+ - name: em-rsync
+ mountPath: /srv
+{% endif %}
+ - name: em-settings
+ mountPath: /opt/configmaps/settings/
+ - name: site-crt
+ mountPath: /opt/secrets/site-crt/
+ env:
+ - name: ENVIRONMENT
+ value: "{{ice_environment}}"
+ - name: PROGRAM_NAME_URL_PREFIX
+ value: "ice"
+ - name: SECRET_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: key}
+ - name: EMAIL_HOST
+ value: "{{vault_email_host}}"
+ - name: EMAIL_HOST_USER
+ value: "{{vault_email_host_user}}"
+ - name: EMAIL_PORT
+ value: "{{email_port|default(25)}}"
+ - name: EMAIL_HOST_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: email-secret, key: password}
+ - name: PGHOST
+ value: postgresql
+ - name: PGPORT
+ value: "5432"
+ - name: PGDATABASE
+ value: icedb
+ - name: PGUSER
+ value: "{{vault_em_postgresql_user}}"
+ - name: PGPASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: emPassword}
+ - name: DOMAIN
+ value: https://{{domain}}
+ - name: ICE_EM_DOMAIN_NAME
+ value: https://{{em_domain_name}}
+ - name: CONTACT_FROM_ADDRESS
+ value: "{{vault_email_host_user}}"
+ - name: OAUTHLIB_INSECURE_TRANSPORT
+ value: "1"
+ - name: SECRET_WEBHOOK_TOKEN
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: em_webhook_token}
+ - name: SECRET_GITLAB_AUTH_TOKEN
+ valueFrom:
+ secretKeyRef: {name: gitlab-password, key: auth-token}
+ - name: SECRET_JENKINS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: jenkins_admin_password}
+ - name: SECRET_CMS_APP_CLIENT_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: cms_app_client_id}
+ - name: SECRET_CMS_APP_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: cms_app_client_secret}
+ - name: STATIC_ROOT
+ value: "/app/htdocs"
+ - name: DJANGO_DEBUG_MODE
+ value: "{{django_debug_mode}}"
+ - name: SLACK_API_TOKEN
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: slack_api_token}
+ - name: ENGAGEMENTS_CHANNEL
+ value: "{{engagements_channel | default('')}}"
+ - name: ENGAGEMENTS_NOTIFICATIONS_CHANNEL
+ value: "{{engagements_notifications_channel | default('')}}"
+ - name: DEVOPS_CHANNEL
+ value: "{{devops_channel | default('')}}"
+ - name: DEVOPS_NOTIFICATIONS_CHANNEL
+ value: "{{devops_notifications_channel | default('')}}"
+ - name: S3_HOST
+ value: "{{s3_dns_name}}"
+ - name: S3_PORT
+ value: "443"
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_access_key_id}
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_secret_access_key}
+{% if enable_liveness_probes %}
+ livenessProbe:
+ httpGet:
+ path: /
+ port: 9000
+ initialDelaySeconds: {{livenessProbe_initialDelaySeconds.em | default(90)}}
+ periodSeconds: 15
+ timeoutSeconds: 10
+{% endif %}
+ command: ["/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", {% if devenv is defined %}"--py-auto-reload" , "3",{% endif %}"--static-map", "/static=/app/htdocs"]
+ metadata:
+ labels:
+ run: em-uwsgi
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2
new file mode 100644
index 0000000..775d341
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2
@@ -0,0 +1,107 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: imagescanner
+spec:
+ template:
+ spec:
+
+ containers:
+ - name: imagescanner-worker
+ image: {{container_uri}}ice-image-scanner:{{container_tag}}
+ command: ["/usr/local/bin/imagescanner-worker"]
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: imagescanner-ssh
+ mountPath: /root/.ssh
+ - name: dev
+ mountPath: /dev
+ - name: logs
+ mountPath: /var/log/imagescanner
+
+ - name: notifications-worker
+ image: {{container_uri}}ice-image-scanner:{{container_tag}}
+ command: ["/usr/local/bin/notifications-worker"]
+ securityContext:
+ privileged: true
+ env:
+ - name: SLACK_TOKEN
+ valueFrom:
+ secretKeyRef: {name: slack-tokens, key: notifications}
+ - name: DOMAIN
+ value: "{{em_internal_dns_name}}"
+
+ - name: imagescanner-frontend
+ image: {{container_uri}}ice-image-scanner:{{container_tag}}
+ command: ["/usr/local/bin/imagescanner-frontend"]
+ {#
+ FIXME: No, the frontend does not require a privileged container.
+ However, it seems that if you run the frontend container without
+ this specification in the same pod as the worker, then the worker
+ loses its privileges!
+ -#}
+ securityContext:
+ privileged: true
+ ports:
+ - containerPort: 80
+ volumeMounts:
+ - name: logs
+ mountPath: /var/log/imagescanner
+ env:
+ - name: DEFAULT_SLACK_CHANNEL
+ value: "#notifications"
+
+ volumes:
+ - name: imagescanner-ssh
+ secret:
+ secretName: imagescanner-ssh
+ defaultMode: 0600
+ - name: dev
+ hostPath:
+ path: /dev
+ - name: logs
+ emptyDir: {}
+
+ metadata:
+ labels:
+ run: imagescanner
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2
new file mode 100644
index 0000000..61504f1
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2
@@ -0,0 +1,89 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: jenkins
+spec:
+ template:
+ spec:
+ containers:
+ - name: jenkins
+ image: {{container_uri}}rkt-jenkins:{{container_tag}}
+ ports:
+ - containerPort: 8080
+ volumeMounts:
+ - name: jenkins-home
+ mountPath: /var/jenkins_home
+ - name: jenkins-users-admin
+ mountPath: /var/jenkins_home/users/admin
+ - name: jenkins-ssh
+ mountPath: /var/jenkins_home/.ssh
+{% if enable_liveness_probes %}
+ livenessProbe:
+ httpGet:
+ path: /robots.txt
+ port: 8080
+ initialDelaySeconds: 120
+ periodSeconds: 15
+{% endif %}
+ volumes:
+ - name: jenkins-home
+ rbd:
+ monitors:
+{% for ip in mon_ips %}
+ - "{{ ip }}"
+{% endfor %}
+ pool: rbd
+ image: jenkins
+ user: admin
+ secretRef:
+ name: "ceph-secret"
+ fsType: xfs
+ readOnly: false
+ - name: jenkins-users-admin
+ secret:
+ secretName: jenkins-users-admin
+ - name: jenkins-ssh
+ secret:
+ secretName: jenkins-ssh
+ metadata:
+ labels:
+ run: jenkins
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2
new file mode 100644
index 0000000..f3505e5
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2
@@ -0,0 +1,70 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: portal
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ run: portal
+ spec:
+ containers:
+ - name: portal
+ image: {{container_uri}}rkt-ice-portal:{{container_tag}}
+ ports:
+ - containerPort: 8181
+ command: ["nginx", "-g", "daemon off;", "-c", "/tmp/nginx.conf"]
+ volumeMounts:
+ - mountPath: /tmp/
+ name: portal-nginx-config
+{% if devenv is defined %}
+ - name: portal-rsync
+ mountPath: /usr/share/nginx/html
+{% endif %}
+ volumes:
+ - name: portal-nginx-config
+ configMap:
+ name: portal-nginx-config
+ items:
+ - key: file
+ path: nginx.conf
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2
new file mode 100644
index 0000000..729f98c
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2
@@ -0,0 +1,95 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: ext-haproxy
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ run: ext-haproxy
+ spec:
+ containers:
+ - name: ext-haproxy
+ image: haproxy:1.7.2-alpine
+ ports:
+ - containerPort: 80
+ - containerPort: 22
+ - containerPort: 443
+ - containerPort: 9001
+ env:
+ - name: HAPROXY_USER
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: user
+ - name: HAPROXY_PASS
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: pass
+{% if enable_liveness_probes %}
+ livenessProbe:
+ httpGet:
+ path: /haproxy_stats
+ port: 9001
+ httpHeaders:
+ - name: Authorization
+ value: Basic {{(vault_haproxy_user+":"+vault_haproxy_pass)|b64encode}}
+ initialDelaySeconds: 15
+ periodSeconds: 15
+{% endif %}
+ volumeMounts:
+ - mountPath: /usr/local/etc/haproxy/
+ name: ext-haproxy-cfg
+ - mountPath: /etc/haproxy/
+ name: site-pem
+ volumes:
+ - name: ext-haproxy-cfg
+ configMap:
+ name: ext-haproxy-cfg
+ items:
+ - key: file
+ path: haproxy.cfg
+ - name: site-pem
+ secret:
+ secretName: site-pem
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2
new file mode 100644
index 0000000..bc23c01
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2
@@ -0,0 +1,89 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: int-haproxy
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ run: int-haproxy
+ spec:
+ containers:
+ - name: int-haproxy
+ image: haproxy:1.7.2-alpine
+ ports:
+ - containerPort: 80
+ - containerPort: 8080
+ - containerPort: 9000
+ env:
+ - name: HAPROXY_USER
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: user
+ - name: HAPROXY_PASS
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: pass
+{% if enable_liveness_probes %}
+ livenessProbe:
+ httpGet:
+ path: /haproxy_stats
+ port: 9000
+ httpHeaders:
+ - name: Authorization
+ value: Basic {{(vault_haproxy_user+":"+vault_haproxy_pass)|b64encode}}
+ initialDelaySeconds: 15
+ periodSeconds: 15
+{% endif %}
+ volumeMounts:
+ - mountPath: /usr/local/etc/haproxy/
+ name: int-haproxy-cfg
+ volumes:
+ - name: int-haproxy-cfg
+ configMap:
+ name: int-haproxy-cfg
+ items:
+ - key: file
+ path: haproxy.cfg
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/ceph-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/ceph-secret.yaml.j2
new file mode 100644
index 0000000..a0480ec
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/ceph-secret.yaml.j2
@@ -0,0 +1,46 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: ceph-secret
+type: "kubernetes.io/rbd"
+data:
+ key: "{{ ceph_key | b64encode }}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/ci-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/ci-secret.yaml.j2
new file mode 100644
index 0000000..dae5191
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/ci-secret.yaml.j2
@@ -0,0 +1,48 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+{% if ice_environment != 'production' %}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: ci-secret
+type: Opaque
+data:
+ admin_password: "{{vault_ci_admin_password | b64encode}}"
+{% endif %} \ No newline at end of file
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/cms-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/cms-secret.yaml.j2
new file mode 100644
index 0000000..38c528c
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/cms-secret.yaml.j2
@@ -0,0 +1,52 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: cms-secret
+type: Opaque
+data:
+ key: "{{ vault_cms_secret_key | b64encode }}"
+ app_user: "{{vault_cms_app_user | b64encode}}"
+ app_user_mail: "{{vault_cms_app_user_mail | b64encode}}"
+ app_user_password: "{{vault_cms_app_user_password | b64encode}}"
+ app_client_id: "{{vault_cms_app_client_id | b64encode}}"
+ app_client_secret: "{{vault_cms_app_client_secret | b64encode}}"
+ nevercache_key: "{{vault_cms_nevercache_key | b64encode}}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/em-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/em-secret.yaml.j2
new file mode 100644
index 0000000..56cbb30
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/em-secret.yaml.j2
@@ -0,0 +1,54 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: em-secret
+type: Opaque
+data:
+ key: "{{ vault_em_secret_key | b64encode }}"
+ em_webhook_token: "{{ vault_engagementmgr_webhook_token | b64encode }}"
+ gitlab_admin_password: "{{ vault_gitlab_admin_password | b64encode }}"
+ jenkins_admin_password: "{{ vault_jenkins_admin_password | b64encode }}"
+ cms_app_client_id: "{{vault_cms_app_client_id | b64encode}}"
+ cms_app_client_secret: "{{vault_cms_app_client_secret | b64encode}}"
+ slack_api_token: "{{( vault_slack_api_token | default('') ) | b64encode}}"
+ aws_access_key_id: "{{ vault_aws_access_key_id | b64encode }}"
+ aws_secret_access_key: "{{ vault_aws_secret_access_key | b64encode }}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2
new file mode 100644
index 0000000..29d1319
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2
@@ -0,0 +1,46 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: email-secret
+type: Opaque
+data:
+ password: "{{vault_email_host_password | b64encode }}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/gitlab-password-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/gitlab-password-secret.yaml.j2
new file mode 100644
index 0000000..3621b45
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/gitlab-password-secret.yaml.j2
@@ -0,0 +1,47 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: gitlab-password
+type: Opaque
+data:
+ password: "{{ vault_gitlab_admin_password | b64encode }}"
+ auth-token: "{{ vault_gitlab_authentication_token | b64encode }}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/haproxy-auth-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/haproxy-auth-secret.yaml.j2
new file mode 100644
index 0000000..c1a8fe1
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/haproxy-auth-secret.yaml.j2
@@ -0,0 +1,47 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: haproxy-auth
+type: Opaque
+data:
+ user: "{{ vault_haproxy_user | b64encode }}"
+ pass: "{{ vault_haproxy_pass | b64encode }}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/imagescanner-ssh-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/imagescanner-ssh-secret.yaml.j2
new file mode 100644
index 0000000..0028baf
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/imagescanner-ssh-secret.yaml.j2
@@ -0,0 +1,50 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: imagescanner-ssh
+ namespace: default
+type: Opaque
+data:
+ # FIXME the imagescanner really should have its own private key, but then we
+ # have to adjust the gitlab wrapper script to set two public keys as
+ # deploykeys.
+ id_ed25519: "{{vault_jenkins_deploy_key|b64encode}}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-admin-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-admin-secret.yaml.j2
new file mode 100644
index 0000000..c44d898
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-admin-secret.yaml.j2
@@ -0,0 +1,47 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: jenkins-users-admin
+ namespace: default
+type: Opaque
+data:
+ config.xml: "{{jenkins_admin_config_xml|b64encode}}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-deploykey-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-deploykey-secret.yaml.j2
new file mode 100644
index 0000000..4dee827
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-deploykey-secret.yaml.j2
@@ -0,0 +1,47 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: jenkins-deploykey
+ namespace: default
+type: Opaque
+data:
+ deploykey.pub: "{{vault_jenkins_deploy_key_pub|b64encode}}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-ssh-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-ssh-secret.yaml.j2
new file mode 100644
index 0000000..633e1ae
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-ssh-secret.yaml.j2
@@ -0,0 +1,51 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: jenkins-ssh
+ namespace: default
+type: Opaque
+data:
+ # .ssh/config isn't really a secret, but it's the easiest way to get it into
+ # the same directory as the key
+ config: >
+ SG9zdCAqClVzZXJLbm93bkhvc3RzRmlsZSAvZGV2L251bGwKU3RyaWN0SG9zdEtleUNoZWNraW5nIG5vCklkZW50aXR5RmlsZSAiL3Zhci9qZW5raW5zX2hvbWUvLnNzaC9pZF9lZDI1NTE5Igo=
+ id_ed25519: "{{vault_jenkins_deploy_key|b64encode}}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/postgresql-passwords-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/postgresql-passwords-secret.yaml.j2
new file mode 100644
index 0000000..03f1d9e
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/postgresql-passwords-secret.yaml.j2
@@ -0,0 +1,50 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: postgresql-passwords
+type: Opaque
+data:
+ emPassword: "{{ vault_em_postgresql_password | b64encode }}"
+ cmsPassword: "{{vault_cms_postgresql_password | b64encode}}"
+{% if ice_environment != 'production' %}
+ ciPassword: "{{vault_ci_postgresql_password | b64encode}}"
+{% endif %}
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2
new file mode 100644
index 0000000..f529dcf
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2
@@ -0,0 +1,47 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: site-crt
+type: Opaque
+data:
+ # the public part of the certificate, not actually a secret.
+ site.crt: "{{ site_pem_cert | b64encode }}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2
new file mode 100644
index 0000000..d045770
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2
@@ -0,0 +1,46 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: site-pem
+type: Opaque
+data:
+ site.pem: "{{ site_pem | b64encode }}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/slack-tokens-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/slack-tokens-secret.yaml.j2
new file mode 100644
index 0000000..ae9f29d
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/secrets/slack-tokens-secret.yaml.j2
@@ -0,0 +1,46 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: slack-tokens
+type: Opaque
+data:
+ notifications: "{{( vault_slack_tokens.notifications | default('') ) | b64encode}}"
diff --git a/ansible/roles/ansible-vvp-templates/templates/services/haproxy-service.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/services/haproxy-service.yaml.j2
new file mode 100644
index 0000000..a1b6cd4
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/templates/services/haproxy-service.yaml.j2
@@ -0,0 +1,105 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: ext-haproxy
+ labels:
+ run: ext-haproxy
+spec:
+ ports:
+ - port: 80
+ protocol: TCP
+ name: web
+ - port: 443
+ protocol: TCP
+ name: ssl
+ - port: 22
+ protocol: TCP
+ name: ssh
+ - port: 9000
+ protocol: TCP
+ name: stats
+ externalIPs:
+{% for ip in external_ips %}
+ - "{{ ip }}"
+{% endfor %}
+ selector:
+ run: ext-haproxy
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: int-haproxy
+ labels:
+ run: int-haproxy
+spec:
+ ports:
+ - port: 80
+ protocol: TCP
+ name: web
+ - port: 8080
+ protocol: TCP
+ name: jenkins
+ - port: 9000
+ protocol: TCP
+ name: stats
+ externalIPs:
+{% for ip in internal_ips %}
+ - "{{ ip }}"
+{% endfor %}
+ selector:
+ run: int-haproxy
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: ext-haproxy-stats
+ labels:
+ run: ext-haproxy-stats
+spec:
+ ports:
+ - port: 9001
+ protocol: TCP
+ name: stats
+ externalIPs:
+ - "{{ internal_ips[0] }}"
+ selector:
+ run: ext-haproxy