From 307215471b50e1f27654819434fb08de4d003d82 Mon Sep 17 00:00:00 2001 From: "edan.binshtok" Date: Tue, 21 Nov 2017 20:06:04 +0200 Subject: Fix gitignore and missing files Due to bad gitignore some files were missing. Now .vault_passwords added and dirs under roles Issue-ID: VVP-32 Change-Id: I2b9b7afe305603b37fbfe184dc36156c8461bc85 Signed-off-by: edan.binshtok --- .../deployments/10-gitlab-deployment.yaml.j2 | 108 ++++++++++++++ .../deployments/10-postgresql-deployment.yaml.j2 | 108 ++++++++++++++ .../templates/deployments/10-redis.yaml.j2 | 55 +++++++ .../deployments/20-ci-uwsgi-deployment.yaml.j2 | 165 +++++++++++++++++++++ .../deployments/20-cms-uwsgi-deployment.yaml.j2 | 146 ++++++++++++++++++ .../deployments/20-em-uwsgi-deployment.yaml.j2 | 162 ++++++++++++++++++++ .../templates/deployments/20-imagescanner.yaml.j2 | 107 +++++++++++++ .../deployments/20-jenkins-deployment.yaml.j2 | 89 +++++++++++ .../deployments/30-portal-deployment.yaml.j2 | 70 +++++++++ .../deployments/40-ext-haproxy-deployment.yaml.j2 | 95 ++++++++++++ .../deployments/40-int-haproxy-deployments.yaml.j2 | 89 +++++++++++ 11 files changed, 1194 insertions(+) create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2 create mode 100644 ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2 (limited to 'ansible/roles/ansible-vvp-templates/templates/deployments') diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 new file mode 100644 index 0000000..6771b1f --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 @@ -0,0 +1,108 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: gitlab +spec: + replicas: 1 + template: + metadata: + labels: + run: gitlab + spec: + containers: + - name: gitlab + image: {{container_uri}}rkt-gitlab:{{container_tag}} + ports: + - containerPort: 80 + - containerPort: 22 + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/opt/gitlab + name: gitlab + subPath: var/opt/gitlab + - mountPath: /etc/gitlab + name: gitlab + subPath: etc/gitlab + - mountPath: /var/log/gitlab + name: gitlab + subPath: var/log/gitlab + - mountPath: /tmp/deploykey + name: jenkins-deploykey + env: + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: gitlab-password + key: password + - name: AUTHENTICATION_TOKEN + valueFrom: + secretKeyRef: + name: gitlab-password + key: auth-token + - name: EXTERNAL_URL + value: "http://{{git_dns_name}}" +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: / + port: 80 + initialDelaySeconds: {{livenessProbe_initialDelaySeconds.gitlab | default(120)}} + periodSeconds: 15 +{% endif %} + volumes: + - name: gitlab + rbd: + monitors: +{% for ip in mon_ips %} + - "{{ ip }}" +{% endfor %} + pool: rbd + image: gitlab + user: admin + secretRef: + name: "ceph-secret" + fsType: xfs + readOnly: false + - name: jenkins-deploykey + secret: + secretName: jenkins-deploykey diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 new file mode 100644 index 0000000..e78bfc9 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 @@ -0,0 +1,108 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: postgresql +spec: + replicas: 1 + template: + metadata: + labels: + run: postgresql + spec: + containers: + - name: postgresql + image: {{container_uri}}rkt-postgresql:{{container_tag}} + ports: + - containerPort: 5432 + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgresql-data + - mountPath: /etc/postgresql/conf.d/ + name: postgresql-conf + - mountPath: /docker-entrypoint-initdb.d/ + name: postgresql-initdb + env: + - name: POSTGRES_DB + value: icedb + - name: ICE_CMS_DB_NAME + value: icecmsdb + - name: POSTGRES_USER + value: {{vault_em_postgresql_user}} + - name: ICE_CMS_DB_USER + value: {{vault_cms_postgresql_user}} + - name: ICE_CMS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-passwords + key: cmsPassword + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-passwords + key: emPassword +{% if enable_liveness_probes %} + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: {{livenessProbe_initialDelaySeconds.postgresql | default(120)}} + tcpSocket: + port: 5432 +{% endif %} + volumes: + - name: postgresql-data + rbd: + monitors: +{% for ip in mon_ips %} + - "{{ ip }}" +{% endfor %} + pool: rbd + image: em_postgresql + user: admin + secretRef: + name: "ceph-secret" + fsType: xfs + readOnly: false + - name: postgresql-conf + configMap: + name: postgresql-conf + - name: postgresql-initdb + configMap: + name: postgresql-initdb diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2 new file mode 100644 index 0000000..523504a --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2 @@ -0,0 +1,55 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: redis +spec: + replicas: 1 + template: + metadata: + labels: + run: redis + spec: + containers: + - name: redis + image: redis:alpine + ports: + - containerPort: 6379 diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 new file mode 100644 index 0000000..98a04b5 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 @@ -0,0 +1,165 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +{% if ice_environment != 'production' %} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: ci-uwsgi +spec: + template: + spec: + volumes: + - name: ci-settings + configMap: + name: ci-settings + - name: site-crt + secret: + secretName: site-crt +{% if devenv is defined %} + - name: ci-rsync + hostPath: + path: /var/devenv/ice-ci/ +{% endif %} + containers: + - name: ci-uwsgi + image: {{container_uri}}rkt-ice-ci:{{container_tag}} + ports: + - containerPort: 80 + - containerPort: 8282 + - containerPort: 9000 + volumeMounts: + - name: ci-settings + mountPath: /opt/configmaps/settings/ + - name: site-crt + mountPath: /opt/secrets/site-crt/ +{% if devenv is defined %} + - name: ci-rsync + mountPath: /app +{% endif %} + env: + - name: ICE_ENVIRONMENT + value: "{{ice_environment}}" + - name: PROGRAM_NAME_URL_PREFIX + value: "ice" + - name: SECRET_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: key} + - name: EM_DB_HOST + value: postgresql + - name: EM_DB_PORT + value: "5432" + - name: EM_DB_NAME + value: icedb + - name: EM_DB_USER + value: "{{vault_em_postgresql_user}}" + - name: EM_DB_PASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: emPassword} + - name: CMS_DB_HOST + value: postgresql + - name: CMS_DB_PORT + value: "5432" + - name: CMS_DB_NAME + value: "{{cms_postgresql_db|default('icecmsdb')}}" + - name: CMS_DB_USER + value: "{{vault_cms_postgresql_user}}" + - name: CMS_DB_PASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: cmsPassword} + - name: CI_DB_HOST + value: postgresql + - name: CI_DB_PORT + value: "5432" + - name: CI_DB_NAME + value: icedb + - name: CI_DB_USER + value: "{{vault_em_postgresql_user}}" + - name: CI_DB_PASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: ciPassword} + - name: STATIC_ROOT + value: "/app/htdocs" + - name: ICE_CONTACT_FROM_ADDRESS + value: "{{vault_email_host_user}}" + - name: SECRET_WEBHOOK_TOKEN + valueFrom: + secretKeyRef: {name: em-secret, key: em_webhook_token} + - name: SECRET_GITLAB_AUTH_TOKEN + valueFrom: + secretKeyRef: {name: gitlab-password, key: auth-token} + - name: SECRET_JENKINS_PASSWORD + valueFrom: + secretKeyRef: {name: em-secret, key: jenkins_admin_password} + - name: ICE_DOMAIN + value: https://{{domain}} + - name: ICE_EM_DOMAIN_NAME + value: https://{{em_domain_name}} + - name: OAUTHLIB_INSECURE_TRANSPORT + value: "1" + - name: CI_ADMIN_USER + value: "{{vault_ci_admin_user}}" + - name: CI_ADMIN_MAIL + value: "{{vault_ci_admin_mail}}" + - name: CI_ADMIN_PASSWORD + valueFrom: + secretKeyRef: {name: ci-secret, key: admin_password} + - name: S3_HOST + value: "{{s3_dns_name}}" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: / + port: 9000 + initialDelaySeconds: 90 + periodSeconds: 15 +{% endif %} + command: ["/app/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", "--static-map", "/static=/app/htdocs" {% if devenv is defined %}, "--py-auto-reload" , "3"{% endif %}] + metadata: + labels: + run: ci-uwsgi +{% endif %} diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 new file mode 100644 index 0000000..8b601e9 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 @@ -0,0 +1,146 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cms-uwsgi +spec: + template: + spec: + containers: + - name: cms-uwsgi + image: {{container_uri}}rkt-ice-cms:{{container_tag}} + ports: + - containerPort: 80 + - containerPort: 9000 + env: + - name: ENVIRONMENT + value: "{{ice_environment}}" + - name: SECRET_KEY + valueFrom: + secretKeyRef: {name: cms-secret, key: key} + - name: EMAIL_HOST + value: "{{vault_email_host}}" + - name: EMAIL_HOST_USER + value: "{{vault_email_host_user}}" + - name: EMAIL_PORT + value: "{{email_port|default(25)}}" + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: {name: email-secret, key: password} + - name: PGHOST + value: postgresql + - name: PGPORT + value: "5432" + - name: PGDATABASE + value: "{{cms_postgresql_db|default('icecmsdb')}}" + - name: PGUSER + value: "{{vault_cms_postgresql_user}}" + - name: PGPASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: cmsPassword} + - name: ICE_CONTACT_FROM_ADDRESS + value: "{{vault_email_host_user}}" + - name: CMS_NEVERCACHE_KEY + valueFrom: + secretKeyRef: {name: cms-secret, key: nevercache_key} + - name: CMS_APP_USER + valueFrom: + secretKeyRef: {name: cms-secret, key: app_user} + - name: CMS_APP_USER_MAIL + valueFrom: + secretKeyRef: {name: cms-secret, key: app_user_mail} + - name: CMS_APP_USER_PASSWORD + valueFrom: + secretKeyRef: {name: cms-secret, key: app_user_password} + - name: CMS_APP_CLIENT_ID + valueFrom: + secretKeyRef: {name: cms-secret, key: app_client_id} + - name: CMS_APP_CLIENT_SECRET + valueFrom: + secretKeyRef: {name: cms-secret, key: app_client_secret} + - name: STATIC_ROOT + value: "/app/htdocs" + - name: DJANGO_DEBUG_MODE + value: "{{django_debug_mode}}" + - name: S3_HOST + value: "{{s3_dns_name}}" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: / + port: 9000 + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 10 +{% endif %} + command: ["/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", {% if devenv is defined %}"--py-auto-reload" , "3",{% endif %}"--static-map", "/static=/app/htdocs"] + volumeMounts: + - name: settings + mountPath: /opt/configmaps/settings/ + - name: site-crt + mountPath: /opt/secrets/site-crt/ +{% if devenv is defined %} + - name: cms-rsync + mountPath: /srv +{% endif %} + volumes: + - name: settings + configMap: + name: cms-settings + - name: site-crt + secret: + secretName: site-crt +{% if devenv is defined %} + - name: cms-rsync + hostPath: + path: /var/devenv/rkt-ice-cms/django +{% endif %} + metadata: + labels: + run: cms-uwsgi diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 new file mode 100644 index 0000000..8cedd29 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 @@ -0,0 +1,162 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: em-uwsgi +spec: + template: + spec: + volumes: +{% if devenv is defined %} + - name: em-rsync + hostPath: + path: /var/devenv/rkt-ice-engagementmgr/django +{% endif %} + - name: site-crt + secret: + secretName: site-crt + - name: em-settings + configMap: + name: em-settings + containers: + - name: em-uwsgi + image: {{container_uri}}rkt-engagementmgr:{{container_tag}} + ports: + - containerPort: 80 + - containerPort: 9000 + volumeMounts: +{% if devenv is defined %} + - name: em-rsync + mountPath: /srv +{% endif %} + - name: em-settings + mountPath: /opt/configmaps/settings/ + - name: site-crt + mountPath: /opt/secrets/site-crt/ + env: + - name: ENVIRONMENT + value: "{{ice_environment}}" + - name: PROGRAM_NAME_URL_PREFIX + value: "ice" + - name: SECRET_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: key} + - name: EMAIL_HOST + value: "{{vault_email_host}}" + - name: EMAIL_HOST_USER + value: "{{vault_email_host_user}}" + - name: EMAIL_PORT + value: "{{email_port|default(25)}}" + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: {name: email-secret, key: password} + - name: PGHOST + value: postgresql + - name: PGPORT + value: "5432" + - name: PGDATABASE + value: icedb + - name: PGUSER + value: "{{vault_em_postgresql_user}}" + - name: PGPASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: emPassword} + - name: DOMAIN + value: https://{{domain}} + - name: ICE_EM_DOMAIN_NAME + value: https://{{em_domain_name}} + - name: CONTACT_FROM_ADDRESS + value: "{{vault_email_host_user}}" + - name: OAUTHLIB_INSECURE_TRANSPORT + value: "1" + - name: SECRET_WEBHOOK_TOKEN + valueFrom: + secretKeyRef: {name: em-secret, key: em_webhook_token} + - name: SECRET_GITLAB_AUTH_TOKEN + valueFrom: + secretKeyRef: {name: gitlab-password, key: auth-token} + - name: SECRET_JENKINS_PASSWORD + valueFrom: + secretKeyRef: {name: em-secret, key: jenkins_admin_password} + - name: SECRET_CMS_APP_CLIENT_ID + valueFrom: + secretKeyRef: {name: em-secret, key: cms_app_client_id} + - name: SECRET_CMS_APP_CLIENT_SECRET + valueFrom: + secretKeyRef: {name: em-secret, key: cms_app_client_secret} + - name: STATIC_ROOT + value: "/app/htdocs" + - name: DJANGO_DEBUG_MODE + value: "{{django_debug_mode}}" + - name: SLACK_API_TOKEN + valueFrom: + secretKeyRef: {name: em-secret, key: slack_api_token} + - name: ENGAGEMENTS_CHANNEL + value: "{{engagements_channel | default('')}}" + - name: ENGAGEMENTS_NOTIFICATIONS_CHANNEL + value: "{{engagements_notifications_channel | default('')}}" + - name: DEVOPS_CHANNEL + value: "{{devops_channel | default('')}}" + - name: DEVOPS_NOTIFICATIONS_CHANNEL + value: "{{devops_notifications_channel | default('')}}" + - name: S3_HOST + value: "{{s3_dns_name}}" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: / + port: 9000 + initialDelaySeconds: {{livenessProbe_initialDelaySeconds.em | default(90)}} + periodSeconds: 15 + timeoutSeconds: 10 +{% endif %} + command: ["/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", {% if devenv is defined %}"--py-auto-reload" , "3",{% endif %}"--static-map", "/static=/app/htdocs"] + metadata: + labels: + run: em-uwsgi diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 new file mode 100644 index 0000000..775d341 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 @@ -0,0 +1,107 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: imagescanner +spec: + template: + spec: + + containers: + - name: imagescanner-worker + image: {{container_uri}}ice-image-scanner:{{container_tag}} + command: ["/usr/local/bin/imagescanner-worker"] + securityContext: + privileged: true + volumeMounts: + - name: imagescanner-ssh + mountPath: /root/.ssh + - name: dev + mountPath: /dev + - name: logs + mountPath: /var/log/imagescanner + + - name: notifications-worker + image: {{container_uri}}ice-image-scanner:{{container_tag}} + command: ["/usr/local/bin/notifications-worker"] + securityContext: + privileged: true + env: + - name: SLACK_TOKEN + valueFrom: + secretKeyRef: {name: slack-tokens, key: notifications} + - name: DOMAIN + value: "{{em_internal_dns_name}}" + + - name: imagescanner-frontend + image: {{container_uri}}ice-image-scanner:{{container_tag}} + command: ["/usr/local/bin/imagescanner-frontend"] + {# + FIXME: No, the frontend does not require a privileged container. + However, it seems that if you run the frontend container without + this specification in the same pod as the worker, then the worker + loses its privileges! + -#} + securityContext: + privileged: true + ports: + - containerPort: 80 + volumeMounts: + - name: logs + mountPath: /var/log/imagescanner + env: + - name: DEFAULT_SLACK_CHANNEL + value: "#notifications" + + volumes: + - name: imagescanner-ssh + secret: + secretName: imagescanner-ssh + defaultMode: 0600 + - name: dev + hostPath: + path: /dev + - name: logs + emptyDir: {} + + metadata: + labels: + run: imagescanner diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 new file mode 100644 index 0000000..61504f1 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 @@ -0,0 +1,89 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: jenkins +spec: + template: + spec: + containers: + - name: jenkins + image: {{container_uri}}rkt-jenkins:{{container_tag}} + ports: + - containerPort: 8080 + volumeMounts: + - name: jenkins-home + mountPath: /var/jenkins_home + - name: jenkins-users-admin + mountPath: /var/jenkins_home/users/admin + - name: jenkins-ssh + mountPath: /var/jenkins_home/.ssh +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: /robots.txt + port: 8080 + initialDelaySeconds: 120 + periodSeconds: 15 +{% endif %} + volumes: + - name: jenkins-home + rbd: + monitors: +{% for ip in mon_ips %} + - "{{ ip }}" +{% endfor %} + pool: rbd + image: jenkins + user: admin + secretRef: + name: "ceph-secret" + fsType: xfs + readOnly: false + - name: jenkins-users-admin + secret: + secretName: jenkins-users-admin + - name: jenkins-ssh + secret: + secretName: jenkins-ssh + metadata: + labels: + run: jenkins diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 new file mode 100644 index 0000000..f3505e5 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 @@ -0,0 +1,70 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: portal +spec: + replicas: 1 + template: + metadata: + labels: + run: portal + spec: + containers: + - name: portal + image: {{container_uri}}rkt-ice-portal:{{container_tag}} + ports: + - containerPort: 8181 + command: ["nginx", "-g", "daemon off;", "-c", "/tmp/nginx.conf"] + volumeMounts: + - mountPath: /tmp/ + name: portal-nginx-config +{% if devenv is defined %} + - name: portal-rsync + mountPath: /usr/share/nginx/html +{% endif %} + volumes: + - name: portal-nginx-config + configMap: + name: portal-nginx-config + items: + - key: file + path: nginx.conf diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2 new file mode 100644 index 0000000..729f98c --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2 @@ -0,0 +1,95 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: ext-haproxy +spec: + replicas: 1 + template: + metadata: + labels: + run: ext-haproxy + spec: + containers: + - name: ext-haproxy + image: haproxy:1.7.2-alpine + ports: + - containerPort: 80 + - containerPort: 22 + - containerPort: 443 + - containerPort: 9001 + env: + - name: HAPROXY_USER + valueFrom: + secretKeyRef: + name: haproxy-auth + key: user + - name: HAPROXY_PASS + valueFrom: + secretKeyRef: + name: haproxy-auth + key: pass +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: /haproxy_stats + port: 9001 + httpHeaders: + - name: Authorization + value: Basic {{(vault_haproxy_user+":"+vault_haproxy_pass)|b64encode}} + initialDelaySeconds: 15 + periodSeconds: 15 +{% endif %} + volumeMounts: + - mountPath: /usr/local/etc/haproxy/ + name: ext-haproxy-cfg + - mountPath: /etc/haproxy/ + name: site-pem + volumes: + - name: ext-haproxy-cfg + configMap: + name: ext-haproxy-cfg + items: + - key: file + path: haproxy.cfg + - name: site-pem + secret: + secretName: site-pem diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2 new file mode 100644 index 0000000..bc23c01 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2 @@ -0,0 +1,89 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: int-haproxy +spec: + replicas: 1 + template: + metadata: + labels: + run: int-haproxy + spec: + containers: + - name: int-haproxy + image: haproxy:1.7.2-alpine + ports: + - containerPort: 80 + - containerPort: 8080 + - containerPort: 9000 + env: + - name: HAPROXY_USER + valueFrom: + secretKeyRef: + name: haproxy-auth + key: user + - name: HAPROXY_PASS + valueFrom: + secretKeyRef: + name: haproxy-auth + key: pass +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: /haproxy_stats + port: 9000 + httpHeaders: + - name: Authorization + value: Basic {{(vault_haproxy_user+":"+vault_haproxy_pass)|b64encode}} + initialDelaySeconds: 15 + periodSeconds: 15 +{% endif %} + volumeMounts: + - mountPath: /usr/local/etc/haproxy/ + name: int-haproxy-cfg + volumes: + - name: int-haproxy-cfg + configMap: + name: int-haproxy-cfg + items: + - key: file + path: haproxy.cfg -- cgit 1.2.3-korg