diff options
Diffstat (limited to 'ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2')
| -rw-r--r-- | ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 new file mode 100644 index 0000000..775d341 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 @@ -0,0 +1,107 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: imagescanner +spec: + template: + spec: + + containers: + - name: imagescanner-worker + image: {{container_uri}}ice-image-scanner:{{container_tag}} + command: ["/usr/local/bin/imagescanner-worker"] + securityContext: + privileged: true + volumeMounts: + - name: imagescanner-ssh + mountPath: /root/.ssh + - name: dev + mountPath: /dev + - name: logs + mountPath: /var/log/imagescanner + + - name: notifications-worker + image: {{container_uri}}ice-image-scanner:{{container_tag}} + command: ["/usr/local/bin/notifications-worker"] + securityContext: + privileged: true + env: + - name: SLACK_TOKEN + valueFrom: + secretKeyRef: {name: slack-tokens, key: notifications} + - name: DOMAIN + value: "{{em_internal_dns_name}}" + + - name: imagescanner-frontend + image: {{container_uri}}ice-image-scanner:{{container_tag}} + command: ["/usr/local/bin/imagescanner-frontend"] + {# + FIXME: No, the frontend does not require a privileged container. + However, it seems that if you run the frontend container without + this specification in the same pod as the worker, then the worker + loses its privileges! + -#} + securityContext: + privileged: true + ports: + - containerPort: 80 + volumeMounts: + - name: logs + mountPath: /var/log/imagescanner + env: + - name: DEFAULT_SLACK_CHANNEL + value: "#notifications" + + volumes: + - name: imagescanner-ssh + secret: + secretName: imagescanner-ssh + defaultMode: 0600 + - name: dev + hostPath: + path: /dev + - name: logs + emptyDir: {} + + metadata: + labels: + run: imagescanner |