# -*- encoding: utf-8 -*- # ============LICENSE_START======================================================= # org.onap.vvp/engagementmgr # =================================================================== # Copyright © 2017 AT&T Intellectual Property. All rights reserved. # =================================================================== # # Unless otherwise specified, all software contained herein is licensed # under the Apache License, Version 2.0 (the “License”); # you may not use this software except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # # # Unless otherwise specified, all documentation contained herein is licensed # under the Creative Commons License, Attribution 4.0 Intl. (the “License”); # you may not use this documentation except in compliance with the License. # You may obtain a copy of the License at # # https://creativecommons.org/licenses/by/4.0/ # # Unless required by applicable law or agreed to in writing, documentation # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # ============LICENSE_END============================================ # # ECOMP is a trademark and service mark of AT&T Intellectual Property. --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: imagescanner spec: template: spec: containers: - name: imagescanner-worker image: {{container_uri}}ice-image-scanner:{{container_tag}} command: ["/usr/local/bin/imagescanner-worker"] securityContext: privileged: true volumeMounts: - name: imagescanner-ssh mountPath: /root/.ssh - name: dev mountPath: /dev - name: logs mountPath: /var/log/imagescanner - name: notifications-worker image: {{container_uri}}ice-image-scanner:{{container_tag}} command: ["/usr/local/bin/notifications-worker"] securityContext: privileged: true env: - name: SLACK_TOKEN valueFrom: secretKeyRef: {name: slack-tokens, key: notifications} - name: DOMAIN value: "{{em_internal_dns_name}}" - name: imagescanner-frontend image: {{container_uri}}ice-image-scanner:{{container_tag}} command: ["/usr/local/bin/imagescanner-frontend"] {# FIXME: No, the frontend does not require a privileged container. However, it seems that if you run the frontend container without this specification in the same pod as the worker, then the worker loses its privileges! -#} securityContext: privileged: true ports: - containerPort: 80 volumeMounts: - name: logs mountPath: /var/log/imagescanner env: - name: DEFAULT_SLACK_CHANNEL value: "#notifications" volumes: - name: imagescanner-ssh secret: secretName: imagescanner-ssh defaultMode: 0600 - name: dev hostPath: path: /dev - name: logs emptyDir: {} metadata: labels: run: imagescanner