# -*- encoding: utf-8 -*- # ============LICENSE_START======================================================= # org.onap.vvp/engagementmgr # =================================================================== # Copyright © 2017 AT&T Intellectual Property. All rights reserved. # =================================================================== # # Unless otherwise specified, all software contained herein is licensed # under the Apache License, Version 2.0 (the “License”); # you may not use this software except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # # # Unless otherwise specified, all documentation contained herein is licensed # under the Creative Commons License, Attribution 4.0 Intl. (the “License”); # you may not use this documentation except in compliance with the License. # You may obtain a copy of the License at # # https://creativecommons.org/licenses/by/4.0/ # # Unless required by applicable law or agreed to in writing, documentation # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # ============LICENSE_END============================================ # # ECOMP is a trademark and service mark of AT&T Intellectual Property. --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: imagescanner spec: template: spec: imagePullSecrets: - name: onapkey containers: - name: imagescanner-worker image: {{container_uri}}image-scanner:{{container_tag}} command: - "sh" - "/opt/site-certificate/wrapper.sh" - "/usr/local/bin/imagescanner-worker" securityContext: privileged: true volumeMounts: - name: imagescanner-ssh mountPath: /root/.ssh - name: dev mountPath: /dev - name: logs mountPath: /var/log/imagescanner - name: imagescanner-settings mountPath: /opt/imagescanner-settings - name: site-certificate mountPath: /opt/site-certificate env: - name: PYTHONPATH value: /opt/imagescanner-settings - name: S3_HOST value: "{{s3_dns_name}}" - name: S3_PORT value: "443" - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: {name: em-secret, key: aws_access_key_id} - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: {name: em-secret, key: aws_secret_access_key} - name: SECRET_JENKINS_PASSWORD value: '' - name: REQUESTS_CA_BUNDLE value: /etc/ssl/certs/ca-certificates.crt - name: notifications-worker image: {{container_uri}}image-scanner:{{container_tag}} command: ["/usr/local/bin/notifications-worker"] securityContext: privileged: true env: - name: SLACK_TOKEN valueFrom: secretKeyRef: {name: slack-tokens, key: notifications} - name: DOMAIN value: "{{em_internal_dns_name}}" - name: PYTHONPATH value: /opt/imagescanner-settings - name: SECRET_JENKINS_PASSWORD valueFrom: secretKeyRef: {name: em-secret, key: jenkins_admin_password} volumeMounts: - name: imagescanner-settings mountPath: /opt/imagescanner-settings - name: imagescanner-frontend image: {{container_uri}}image-scanner:{{container_tag}} command: ["/usr/local/bin/imagescanner-frontend"] {# FIXME: No, the frontend does not require a privileged container. However, it seems that if you run the frontend container without this specification in the same pod as the worker, then the worker loses its privileges! -#} securityContext: privileged: true ports: - containerPort: 80 volumeMounts: - name: logs mountPath: /var/log/imagescanner - name: imagescanner-settings mountPath: /opt/imagescanner-settings env: - name: DEFAULT_SLACK_CHANNEL value: "#notifications" - name: SECRET_JENKINS_PASSWORD value: '' volumes: - name: imagescanner-ssh secret: secretName: imagescanner-ssh defaultMode: 0600 - name: dev hostPath: path: /dev - name: logs emptyDir: {} - name: imagescanner-settings configMap: name: imagescanner-settings - name: site-certificate configMap: name: site-certificate metadata: labels: run: imagescanner