diff options
Diffstat (limited to 'ansible/roles/ansible-vvp-templates/templates/deployments')
8 files changed, 93 insertions, 16 deletions
diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 index 6771b1f..8b14661 100644 --- a/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 @@ -48,9 +48,11 @@ spec: labels: run: gitlab spec: + imagePullSecrets: + - name: onapkey containers: - name: gitlab - image: {{container_uri}}rkt-gitlab:{{container_tag}} + image: {{container_uri}}gitlab:{{container_tag}} ports: - containerPort: 80 - containerPort: 22 diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 index e78bfc9..bd5c10f 100644 --- a/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 @@ -48,9 +48,11 @@ spec: labels: run: postgresql spec: + imagePullSecrets: + - name: onapkey containers: - name: postgresql - image: {{container_uri}}rkt-postgresql:{{container_tag}} + image: {{container_uri}}postgresql:{{container_tag}} ports: - containerPort: 5432 volumeMounts: diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 index 98a04b5..44e78e1 100644 --- a/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 @@ -57,9 +57,11 @@ spec: hostPath: path: /var/devenv/ice-ci/ {% endif %} + imagePullSecrets: + - name: onapkey containers: - name: ci-uwsgi - image: {{container_uri}}rkt-ice-ci:{{container_tag}} + image: {{container_uri}}test-engine:{{container_tag}} ports: - containerPort: 80 - containerPort: 8282 @@ -77,7 +79,13 @@ spec: - name: ICE_ENVIRONMENT value: "{{ice_environment}}" - name: PROGRAM_NAME_URL_PREFIX - value: "ice" + value: "{{program_name_url_prefix}}" + - name: SERVICE_PROVIDER + value: "{{service_provider}}" + - name: PROGRAM_NAME + value: "{{program_name}}" + - name: SERVICE_PROVIDER_DOMAIN + value: "{{service_provider_domain}}" - name: SECRET_KEY valueFrom: secretKeyRef: {name: em-secret, key: key} @@ -158,7 +166,7 @@ spec: initialDelaySeconds: 90 periodSeconds: 15 {% endif %} - command: ["/app/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", "--static-map", "/static=/app/htdocs" {% if devenv is defined %}, "--py-auto-reload" , "3"{% endif %}] + command: ["/app/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "web.wsgi:application", {% if devenv is defined %}"--reload"{% endif %}] metadata: labels: run: ci-uwsgi diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 index 8b601e9..01032d7 100644 --- a/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 @@ -44,9 +44,11 @@ metadata: spec: template: spec: + imagePullSecrets: + - name: onapkey containers: - name: cms-uwsgi - image: {{container_uri}}rkt-ice-cms:{{container_tag}} + image: {{container_uri}}cms:{{container_tag}} ports: - containerPort: 80 - containerPort: 9000 @@ -119,7 +121,7 @@ spec: periodSeconds: 15 timeoutSeconds: 10 {% endif %} - command: ["/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", {% if devenv is defined %}"--py-auto-reload" , "3",{% endif %}"--static-map", "/static=/app/htdocs"] + command: ["/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "cms.wsgi:application", {% if devenv is defined %}"--reload"{% endif %}] volumeMounts: - name: settings mountPath: /opt/configmaps/settings/ diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 index 8cedd29..ceb24c4 100644 --- a/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 @@ -56,9 +56,11 @@ spec: - name: em-settings configMap: name: em-settings + imagePullSecrets: + - name: onapkey containers: - name: em-uwsgi - image: {{container_uri}}rkt-engagementmgr:{{container_tag}} + image: {{container_uri}}engagementmgr:{{container_tag}} ports: - containerPort: 80 - containerPort: 9000 @@ -75,7 +77,13 @@ spec: - name: ENVIRONMENT value: "{{ice_environment}}" - name: PROGRAM_NAME_URL_PREFIX - value: "ice" + value: "{{program_name_url_prefix}}" + - name: SERVICE_PROVIDER + value: "{{service_provider}}" + - name: PROGRAM_NAME + value: "{{program_name}}" + - name: SERVICE_PROVIDER_DOMAIN + value: "{{service_provider_domain}}" - name: SECRET_KEY valueFrom: secretKeyRef: {name: em-secret, key: key} @@ -156,7 +164,7 @@ spec: periodSeconds: 15 timeoutSeconds: 10 {% endif %} - command: ["/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", {% if devenv is defined %}"--py-auto-reload" , "3",{% endif %}"--static-map", "/static=/app/htdocs"] + command: ["/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "vvp.wsgi:application", {% if devenv is defined %}"--reload"{% endif %}] metadata: labels: run: em-uwsgi diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 index 775d341..b8f2f66 100644 --- a/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 @@ -44,11 +44,16 @@ metadata: spec: template: spec: + imagePullSecrets: + - name: onapkey containers: - name: imagescanner-worker - image: {{container_uri}}ice-image-scanner:{{container_tag}} - command: ["/usr/local/bin/imagescanner-worker"] + image: {{container_uri}}image-scanner:{{container_tag}} + command: + - "sh" + - "/opt/site-certificate/wrapper.sh" + - "/usr/local/bin/imagescanner-worker" securityContext: privileged: true volumeMounts: @@ -58,9 +63,30 @@ spec: mountPath: /dev - name: logs mountPath: /var/log/imagescanner + - name: imagescanner-settings + mountPath: /opt/imagescanner-settings + - name: site-certificate + mountPath: /opt/site-certificate + env: + - name: PYTHONPATH + value: /opt/imagescanner-settings + - name: S3_HOST + value: "{{s3_dns_name}}" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} + - name: SECRET_JENKINS_PASSWORD + value: '' + - name: REQUESTS_CA_BUNDLE + value: /etc/ssl/certs/ca-certificates.crt - name: notifications-worker - image: {{container_uri}}ice-image-scanner:{{container_tag}} + image: {{container_uri}}image-scanner:{{container_tag}} command: ["/usr/local/bin/notifications-worker"] securityContext: privileged: true @@ -70,9 +96,17 @@ spec: secretKeyRef: {name: slack-tokens, key: notifications} - name: DOMAIN value: "{{em_internal_dns_name}}" + - name: PYTHONPATH + value: /opt/imagescanner-settings + - name: SECRET_JENKINS_PASSWORD + valueFrom: + secretKeyRef: {name: em-secret, key: jenkins_admin_password} + volumeMounts: + - name: imagescanner-settings + mountPath: /opt/imagescanner-settings - name: imagescanner-frontend - image: {{container_uri}}ice-image-scanner:{{container_tag}} + image: {{container_uri}}image-scanner:{{container_tag}} command: ["/usr/local/bin/imagescanner-frontend"] {# FIXME: No, the frontend does not require a privileged container. @@ -87,9 +121,13 @@ spec: volumeMounts: - name: logs mountPath: /var/log/imagescanner + - name: imagescanner-settings + mountPath: /opt/imagescanner-settings env: - name: DEFAULT_SLACK_CHANNEL value: "#notifications" + - name: SECRET_JENKINS_PASSWORD + value: '' volumes: - name: imagescanner-ssh @@ -101,6 +139,12 @@ spec: path: /dev - name: logs emptyDir: {} + - name: imagescanner-settings + configMap: + name: imagescanner-settings + - name: site-certificate + configMap: + name: site-certificate metadata: labels: diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 index 61504f1..1b4289a 100644 --- a/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 @@ -44,9 +44,11 @@ metadata: spec: template: spec: + imagePullSecrets: + - name: onapkey containers: - name: jenkins - image: {{container_uri}}rkt-jenkins:{{container_tag}} + image: {{container_uri}}jenkins:{{container_tag}} ports: - containerPort: 8080 volumeMounts: diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 index f3505e5..5c898d3 100644 --- a/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 @@ -48,9 +48,11 @@ spec: labels: run: portal spec: + imagePullSecrets: + - name: onapkey containers: - name: portal - image: {{container_uri}}rkt-ice-portal:{{container_tag}} + image: {{container_uri}}portal:{{container_tag}} ports: - containerPort: 8181 command: ["nginx", "-g", "daemon off;", "-c", "/tmp/nginx.conf"] @@ -68,3 +70,10 @@ spec: items: - key: file path: nginx.conf + - key: service_provider.json + path: service_provider.json +{% if devenv is defined %} + - name: portal-rsync + hostPath: + path: /var/devenv/rkt-ice-portal/d2ice.att.io/app +{% endif %} |