# IntelliJ
.idea/*
*.iml
+
+# Mac OS
+*DS_Store*
version: ~3.0.0
repository: '@local'
condition: vnfsdk.enabled
+ - name: vvp
+ version: ~3.0.0
+ repository: '@local'
+ condition: vvp.enabled
enabled: false
vnfsdk:
enabled: false
+vvp:
+ enabled: false
enabled: true
vnfsdk:
enabled: true
+vvp:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP VNF Validation Platform
+name: vvp
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: end-to-end flow tests based on Seleniunm
+name: vvp-ci-uwsgi
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+from datetime import datetime
+
+# With this file at web/settings/__init__.py, we need three applications of
+# dirname() to find the project root.
+PROJECT_PATH = os.path.realpath(os.path.dirname(os.path.dirname(os.path.dirname(__file__))))
+LOGS_PATH = os.path.join(PROJECT_PATH, "logs")
+
+ICE_ENVIRONMENT = os.environ['ICE_ENVIRONMENT']
+PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX']
+SERVICE_PROVIDER = os.environ['SERVICE_PROVIDER']
+PROGRAM_NAME = os.environ['PROGRAM_NAME']
+SERVICE_PROVIDER_DOMAIN = os.environ['SERVICE_PROVIDER_DOMAIN']
+
+# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
+SECRET_KEY = os.environ["SECRET_KEY"]
+
+# https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts
+# Anything in the Host header that does not match our expected domain should
+# raise SuspiciousOperation exception.
+ALLOWED_HOSTS = ['*']
+
+if ICE_ENVIRONMENT == 'production':
+ DEBUG = False
+
+ EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+ EMAIL_HOST = os.environ.get('ICE_EMAIL_HOST')
+ EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD']
+ EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER']
+ EMAIL_PORT = os.environ['EMAIL_PORT']
+else:
+ DEBUG = True
+ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+
+
+# Note: Only SSL email backends are allowed
+EMAIL_USE_SSL = True
+
+REST_FRAMEWORK = {
+ 'DEFAULT_AUTHENTICATION_CLASSES': (
+ 'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
+ ),
+ 'PAGE_SIZE': 10,
+ # Use Django's standard `django.contrib.auth` permissions,
+ # or allow read-only access for unauthenticated users.
+ 'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAdminUser',),
+}
+APPEND_SLASH = False
+
+# Application definition
+
+INSTALLED_APPS = [
+
+ 'django.contrib.auth',
+ 'django.contrib.contenttypes', # required by d.c.admin
+ 'django.contrib.sessions', # required by d.c.admin
+ 'django.contrib.messages', # required by d.c.admin
+ 'django.contrib.staticfiles',
+ 'django.contrib.admin', # django admin site
+ 'rest_framework',
+ 'iceci.apps.IceCiConfig',
+]
+
+MIDDLEWARE_CLASSES = [
+ 'django.middleware.security.SecurityMiddleware',
+ 'django.contrib.sessions.middleware.SessionMiddleware',
+ 'django.middleware.common.CommonMiddleware',
+ 'django.middleware.csrf.CsrfViewMiddleware',
+ 'django.contrib.auth.middleware.AuthenticationMiddleware',
+ 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
+ 'django.contrib.messages.middleware.MessageMiddleware',
+ 'django.middleware.clickjacking.XFrameOptionsMiddleware',
+]
+
+ROOT_URLCONF = 'web.urls'
+
+TEMPLATES = [
+ {
+ 'BACKEND': 'django.template.backends.django.DjangoTemplates',
+ 'DIRS': [PROJECT_PATH + '/web/templates'],
+ 'APP_DIRS': True,
+ 'OPTIONS': {
+ 'context_processors': [
+ 'django.template.context_processors.debug',
+ 'django.template.context_processors.request',
+ 'django.contrib.auth.context_processors.auth', # required by d.c.admin
+ 'django.contrib.messages.context_processors.messages', # required by d.c.admin
+ ],
+ },
+ },
+]
+
+WSGI_APPLICATION = 'web.wsgi.application'
+
+# Database
+# https://docs.djangoproject.com/en/1.9/ref/settings/#databases
+
+DATABASES = {
+ 'default': { # CI DB details.
+ 'NAME': '/app/ice_ci_db.db' ,
+ 'ENGINE': 'django.db.backends.sqlite3',
+ 'TEST_NAME': '/app/ice_ci_db.db',
+ },
+}
+SINGLETONE_DB = {
+ 'default': { # CI DB details.
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ.get('CI_DB_NAME', 'ice_ci_db'),
+ 'USER': os.environ.get('CI_DB_USER', 'iceci'),
+ 'PASSWORD': os.environ.get('CI_DB_PASSWORD', 'Aa123456'),
+ 'HOST': os.environ.get('CI_DB_HOST', 'localhost'),
+ 'PORT': os.environ.get('CI_DB_PORT', '5433'),
+ },
+ 'em_db': { # ICE DB details.
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ.get('EM_DB_NAME', 'icedb'),
+ 'USER': os.environ.get('EM_DB_USER', 'iceuser'),
+ 'PASSWORD': os.environ.get('EM_DB_PASSWORD', 'Aa123456'),
+ 'HOST': os.environ.get('EM_DB_HOST', 'localhost'),
+ 'PORT': os.environ.get('EM_DB_PORT', '5433'),
+ },
+ 'cms_db': { # ICE CMS details.
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ.get('CMS_DB_NAME', 'icecmsdb'),
+ 'USER': os.environ.get('CMS_DB_USER', 'icecmsuser'),
+ 'PASSWORD': os.environ.get('CMS_DB_PASSWORD', 'Aa123456'),
+ 'HOST': os.environ.get('CMS_DB_HOST', 'localhost'),
+ 'PORT': os.environ.get('CMS_DB_PORT', '5433'),
+ }
+}
+
+# Password validation
+# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators
+
+AUTH_PASSWORD_VALIDATORS = [
+ {
+ 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+ },
+ {
+ 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+ },
+ {
+ 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+ },
+ {
+ 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+ },
+]
+
+
+# Internationalization
+# https://docs.djangoproject.com/en/1.9/topics/i18n/
+
+LANGUAGE_CODE = 'en-us'
+
+TIME_ZONE = 'UTC'
+
+USE_I18N = True
+
+USE_L10N = True
+
+USE_TZ = False
+
+
+# Static files (CSS, JavaScript, Images)
+# https://docs.djangoproject.com/en/1.9/howto/static-files/
+STATIC_ROOT = os.environ['STATIC_ROOT']
+STATIC_URL = '/static/'
+
+LOGGING = {
+ 'version': 1,
+ 'disable_existing_loggers': False,
+ 'formatters': { # All possible attributes are: https://docs.python.org/3/library/logging.html#logrecord-attributes
+ 'verbose': {
+ 'format': '%(asctime)s %(levelname)s %(module)s %(filename)s:%(lineno)d %(process)d %(thread)d %(message)s'
+ },
+ 'simple': {
+ 'format': '%(asctime)s %(levelname)s %(filename)s:%(lineno)d %(message)s'
+ },
+ },
+ 'handlers': {
+ 'console': {
+ 'class': 'logging.StreamHandler',
+ 'formatter': 'simple'
+ },
+ 'file1': {
+ 'level': 'INFO', # handler will ignore DEBUG (only process INFO, WARN, ERROR, CRITICAL, FATAL)
+ 'class': 'logging.FileHandler',
+ 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-info.log',
+ 'formatter': 'verbose'
+ },
+ 'file2': {
+ 'level': 'DEBUG',
+ 'class': 'logging.FileHandler',
+ 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-debug.log',
+ 'formatter': 'verbose'
+ },
+ 'file3': {
+ 'level': 'ERROR',
+ 'class': 'logging.FileHandler',
+ 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-requests.log',
+ 'formatter': 'verbose'
+ },
+ 'file4': {
+ 'level': 'ERROR',
+ 'class': 'logging.FileHandler',
+ 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-db.log',
+ 'formatter': 'verbose'
+ }
+ },
+ 'loggers': {
+ 'vvp-ci.logger': {
+ 'handlers': ['file1', 'file2', 'file3', 'file4','console'],
+ 'level': os.getenv('ICE_ICE_LOGGER_LEVEL', 'DEBUG'),
+ },
+ 'django': {
+ 'handlers': ['console'],
+ 'level': os.getenv('ICE_DJANGO_LOGGER_LEVEL', 'DEBUG'),
+ },
+ 'django.request': {
+ 'handlers': ['file3'],
+ 'level': os.getenv('ICE_ICE_REQUESTS_LOGGER_LEVEL', 'ERROR'),
+ },
+ 'django.db.backends': {
+ 'handlers': ['file4'],
+ 'level': os.getenv('ICE_ICE_DB_LOGGER_LEVEL', 'ERROR'),
+ }
+ }
+}
+
+
+#############################
+# ICE-CI Related Configuration
+#############################
+ICE_CONTACT_FROM_ADDRESS = os.getenv('ICE_CONTACT_FROM_ADDRESS')
+ICE_CONTACT_EMAILS = list(os.getenv('ICE_CONTACT_EMAILS','user@example.com').split(','))
+ICE_CI_ENVIRONMENT_NAME = os.getenv('ICE_CI_ENVIRONMENT_NAME', 'Dev') # Dev / Docker / Staging
+ICE_EM_URL = "{domain}/{prefix}".format(domain=os.environ['ICE_EM_DOMAIN_NAME'], prefix=PROGRAM_NAME_URL_PREFIX)
+ICE_PORTAL_URL = os.environ['ICE_DOMAIN']
+EM_REST_URL = ICE_EM_URL + '/v1/engmgr/'
+
+#Number of test results presented in admin page. Illegal values: '0' or 'Null'
+NUMBER_OF_TEST_RESULTS = int(os.getenv('NUMBER_OF_TEST_RESULTS', '30'))
+ICE_BUILD_REPORT_NUM = os.getenv('ICE_BUILD_REPORT_NUM',"{:%Y-%m-%d-%H-%M-%S}".format(datetime.now()))
+IS_JUMP_STATE=os.getenv('IS_JUMP_STATE', "True")
+DATABASE_TYPE = 'sqlite'
+
+# FIXME: Does this authentication scheme actually gain us anything? What's the
+# threat model
+WEBHOOK_TOKEN = os.environ['SECRET_WEBHOOK_TOKEN']
+
+# The authentication token and URL needed for us to issue requests to the GitLab API.
+GITLAB_TOKEN = os.environ['SECRET_GITLAB_AUTH_TOKEN']
+GITLAB_URL = "http://vvp-gitlab/"
+
+JENKINS_URL = "http://vvp-jenkins:8080/"
+JENKINS_USERNAME = "admin"
+JENKINS_PASSWORD = os.environ['SECRET_JENKINS_PASSWORD']
+
+AWS_S3_HOST = os.environ['S3_HOST']
+AWS_S3_PORT = int(os.environ['S3_PORT'])
+AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST']
+AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID']
+AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY']
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+bind = ":8282"
+chdir = '/app'
+pidfile = '/tmp/ice-project-master.pid'
+backlog = '5000'
+errorlog = '-'
+loglevel = 'info'
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-settings
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/ci/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-secret
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ admin_password: "Y2lhZG1pbnBhc3M="
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ - containerPort: 80
+ - containerPort: 8282
+ - containerPort: 9000
+ volumeMounts:
+ - name: ci-settings
+ mountPath: /opt/configmaps/settings/
+ - name: site-crt
+ mountPath: /opt/secrets/site-crt/
+ env:
+ - name: ICE_ENVIRONMENT
+ value: "development"
+ - name: PROGRAM_NAME_URL_PREFIX
+ value: "vvp"
+ - name: SERVICE_PROVIDER
+ value: "NA"
+ - name: PROGRAM_NAME
+ value: "VVP"
+ - name: SERVICE_PROVIDER_DOMAIN
+ value: "na.com"
+ - name: SECRET_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: key}
+ - name: EM_DB_HOST
+ value: postgresql
+ - name: EM_DB_PORT
+ value: "5432"
+ - name: EM_DB_NAME
+ value: icedb
+ - name: EM_DB_USER
+ value: "em_postgresuser"
+ - name: EM_DB_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: emPassword}
+ - name: CMS_DB_HOST
+ value: postgresql
+ - name: CMS_DB_PORT
+ value: "5432"
+ - name: CMS_DB_NAME
+ value: "icecmsdb"
+ - name: CMS_DB_USER
+ value: "cms_postgresuser"
+ - name: CMS_DB_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: cmsPassword}
+ - name: CI_DB_HOST
+ value: postgresql
+ - name: CI_DB_PORT
+ value: "5432"
+ - name: CI_DB_NAME
+ value: icedb
+ - name: CI_DB_USER
+ value: "em_postgresuser"
+ - name: CI_DB_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: ciPassword}
+ - name: STATIC_ROOT
+ value: "/app/htdocs"
+ - name: ICE_CONTACT_FROM_ADDRESS
+ value: "example"
+ - name: SECRET_WEBHOOK_TOKEN
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: em_webhook_token}
+ - name: SECRET_GITLAB_AUTH_TOKEN
+ valueFrom:
+ secretKeyRef: {name: gitlab-password, key: auth-token}
+ - name: SECRET_JENKINS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: jenkins_admin_password}
+ - name: ICE_DOMAIN
+ value: https://development.vvp.example.com
+ - name: ICE_EM_DOMAIN_NAME
+ value: https://development.vvp.example.com
+ - name: OAUTHLIB_INSECURE_TRANSPORT
+ value: "1"
+ - name: CI_ADMIN_USER
+ value: "ciadminuser"
+ - name: CI_ADMIN_MAIL
+ value: "ciadminmail@example.com"
+ - name: CI_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: admin_password}
+ - name: S3_HOST
+ value: "dev-s3.vvp.example.com"
+ - name: S3_PORT
+ value: "443"
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_access_key_id}
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_secret_access_key}
+ command: ["/app/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "web.wsgi:application", ]
+ volumes:
+ - name: ci-settings
+ configMap:
+ name: {{ include "common.fullname" . }}-settings
+ - name: site-crt
+ secret:
+ secretName: site-crt
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/vvp/test-engine:1.0.0-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ internalPort: 8282
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: backend uwsgi server which hosts django application
+name: vvp-cms-uwsgi
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, unicode_literals
+import os
+from cms.envbool import envbool
+
+from django import VERSION as DJANGO_VERSION
+from django.utils.translation import ugettext_lazy as _
+from boto.s3.connection import OrdinaryCallingFormat
+
+
+######################
+# MEZZANINE SETTINGS #
+######################
+
+# The following settings are already defined with default values in
+# the ``defaults.py`` module within each of Mezzanine's apps, but are
+# common enough to be put here, commented out, for conveniently
+# overriding. Please consult the settings documentation for a full list
+# of settings Mezzanine implements:
+# http://mezzanine.jupo.org/docs/configuration.html#default-settings
+
+# Controls the ordering and grouping of the admin menu.
+#
+# ADMIN_MENU_ORDER = (
+# ("Content", ("pages.Page", "blog.BlogPost",
+# "generic.ThreadedComment", (_("Media Library"), "media-library"),)),
+# ("Site", ("sites.Site", "redirects.Redirect", "conf.Setting")),
+# ("Users", ("auth.User", "auth.Group",)),
+# )
+
+# A three item sequence, each containing a sequence of template tags
+# used to render the admin dashboard.
+#
+# DASHBOARD_TAGS = (
+# ("blog_tags.quick_blog", "mezzanine_tags.app_list"),
+# ("comment_tags.recent_comments",),
+# ("mezzanine_tags.recent_actions",),
+# )
+
+# A sequence of templates used by the ``page_menu`` template tag. Each
+# item in the sequence is a three item sequence, containing a unique ID
+# for the template, a label for the template, and the template path.
+# These templates are then available for selection when editing which
+# menus a page should appear in. Note that if a menu template is used
+# that doesn't appear in this setting, all pages will appear in it.
+
+# PAGE_MENU_TEMPLATES = (
+# (1, _("Top navigation bar"), "pages/menus/dropdown.html"),
+# (2, _("Left-hand tree"), "pages/menus/tree.html"),
+# (3, _("Footer"), "pages/menus/footer.html"),
+# )
+
+# A sequence of fields that will be injected into Mezzanine's (or any
+# library's) models. Each item in the sequence is a four item sequence.
+# The first two items are the dotted path to the model and its field
+# name to be added, and the dotted path to the field class to use for
+# the field. The third and fourth items are a sequence of positional
+# args and a dictionary of keyword args, to use when creating the
+# field instance. When specifying the field class, the path
+# ``django.models.db.`` can be omitted for regular Django model fields.
+#
+# EXTRA_MODEL_FIELDS = (
+# (
+# # Dotted path to field.
+# "mezzanine.blog.models.BlogPost.image",
+# # Dotted path to field class.
+# "somelib.fields.ImageField",
+# # Positional args for field class.
+# (_("Image"),),
+# # Keyword args for field class.
+# {"blank": True, "upload_to": "blog"},
+# ),
+# # Example of adding a field to *all* of Mezzanine's content types:
+# (
+# "mezzanine.pages.models.Page.another_field",
+# "IntegerField", # 'django.db.models.' is implied if path is omitted.
+# (_("Another name"),),
+# {"blank": True, "default": 1},
+# ),
+# )
+
+# Setting to turn on featured images for blog posts. Defaults to False.
+#
+# BLOG_USE_FEATURED_IMAGE = True
+
+# If True, the django-modeltranslation will be added to the
+# INSTALLED_APPS setting.
+USE_MODELTRANSLATION = False
+
+
+########################
+# MAIN DJANGO SETTINGS #
+########################
+
+# Hosts/domain names that are valid for this site; required if DEBUG is False
+# See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
+ALLOWED_HOSTS = ['*']
+
+# Set UTC time zone:
+TIME_ZONE = 'UTC'
+USE_TZ = True
+
+# Local time zone for this installation. Choices can be found here:
+# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
+# although not all choices may be available on all operating systems.
+# On Unix systems, a value of None will cause Django to use the same
+# timezone as the operating system.
+# If running in a Windows environment this must be set to the same as your
+# system time zone.
+TIME_ZONE = 'UTC'
+
+# If you set this to True, Django will use timezone-aware datetimes.
+USE_TZ = True
+
+# Language code for this installation. All choices can be found here:
+# http://www.i18nguy.com/unicode/language-identifiers.html
+LANGUAGE_CODE = "en"
+
+# Supported languages
+LANGUAGES = (
+ ('en', _('English')),
+)
+
+ENVIRONMENT = os.environ['ENVIRONMENT']
+
+# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
+SECRET_KEY = os.environ["SECRET_KEY"]
+
+# A boolean that turns on/off debug mode. When set to ``True``, stack traces
+# are displayed for error pages. Should always be set to ``False`` in
+# production. Best set to ``True`` in local_settings.py
+DEBUG = envbool('DJANGO_DEBUG_MODE', False)
+
+# Note: Only SSL email backends are allowed
+EMAIL_USE_SSL = True
+
+# Whether a user's session cookie expires when the Web browser is closed.
+SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+
+SITE_ID = 1
+
+# If you set this to False, Django will make some optimizations so as not
+# to load the internationalization machinery.
+USE_I18N = False
+
+AUTHENTICATION_BACKENDS = ("mezzanine.core.auth_backends.MezzanineBackend",)
+
+# The numeric mode to set newly-uploaded files to. The value should be
+# a mode you'd pass directly to os.chmod.
+FILE_UPLOAD_PERMISSIONS = 0o644
+
+
+#############
+# DATABASES #
+#############
+
+DATABASES = {
+ 'default': {
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ['PGDATABASE'],
+ 'USER': os.environ['PGUSER'],
+ 'PASSWORD': os.environ['PGPASSWORD'],
+ 'HOST': os.environ['PGHOST'],
+ 'PORT': os.environ['PGPORT'],
+ }
+}
+
+
+#########
+# PATHS #
+#########
+
+# Full filesystem path to the project.
+PROJECT_APP_PATH = os.path.dirname(os.path.abspath(__file__))
+PROJECT_APP = os.path.basename(PROJECT_APP_PATH)
+PROJECT_ROOT = BASE_DIR = os.path.dirname(PROJECT_APP_PATH)
+
+# Every cache key will get prefixed with this value - here we set it to
+# the name of the directory the project is in to try and use something
+# project specific.
+CACHE_MIDDLEWARE_KEY_PREFIX = PROJECT_APP
+
+# Package/module name to import the root urlpatterns from for the project.
+ROOT_URLCONF = 'cms.urls'
+
+TEMPLATES = [
+ {
+ "BACKEND": "django.template.backends.django.DjangoTemplates",
+ "DIRS": [
+ os.path.join(PROJECT_ROOT, "templates")
+ ],
+ "APP_DIRS": True,
+ "OPTIONS": {
+ "context_processors": [
+ "django.contrib.auth.context_processors.auth",
+ "django.contrib.messages.context_processors.messages",
+ "django.template.context_processors.debug",
+ "django.template.context_processors.i18n",
+ "django.template.context_processors.static",
+ "django.template.context_processors.media",
+ "django.template.context_processors.request",
+ "django.template.context_processors.tz",
+ "mezzanine.conf.context_processors.settings",
+ "mezzanine.pages.context_processors.page",
+ ],
+ "builtins": [
+ "mezzanine.template.loader_tags",
+ ],
+ },
+ },
+]
+
+if DJANGO_VERSION < (1, 9):
+ del TEMPLATES[0]["OPTIONS"]["builtins"]
+
+
+################
+# APPLICATIONS #
+################
+
+INSTALLED_APPS = (
+ "mezzanine_api",
+ "rest_framework",
+ "rest_framework_swagger",
+ "oauth2_provider",
+ "django.contrib.admin",
+ "django.contrib.auth",
+ "django.contrib.contenttypes",
+ "django.contrib.redirects",
+ "django.contrib.sessions",
+ "django.contrib.sites",
+ "django.contrib.sitemaps",
+ "django.contrib.staticfiles",
+ "mezzanine.boot",
+ "mezzanine.conf",
+ "mezzanine.core",
+ "mezzanine.generic",
+ "mezzanine.pages",
+ "mezzanine.blog",
+ "mezzanine.forms",
+ "mezzanine.galleries",
+ "mezzanine.twitter",
+ # "mezzanine.accounts",
+ # "mezzanine.mobile",
+ "cms" ,
+ "storages",
+)
+
+# List of middleware classes to use. Order is important; in the request phase,
+# these middleware classes will be applied in the order given, and in the
+# response phase the middleware will be applied in reverse order.
+MIDDLEWARE_CLASSES = (
+ "mezzanine.core.middleware.UpdateCacheMiddleware",
+ "mezzanine_api.middleware.ApiMiddleware",
+ 'django.contrib.sessions.middleware.SessionMiddleware',
+ # Uncomment if using internationalisation or localisation
+ # 'django.middleware.locale.LocaleMiddleware',
+ 'django.middleware.common.CommonMiddleware',
+ 'django.middleware.csrf.CsrfViewMiddleware',
+ 'django.contrib.auth.middleware.AuthenticationMiddleware',
+ 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
+ 'django.contrib.messages.middleware.MessageMiddleware',
+ 'django.middleware.clickjacking.XFrameOptionsMiddleware',
+
+ "mezzanine.core.request.CurrentRequestMiddleware",
+ "mezzanine.core.middleware.RedirectFallbackMiddleware",
+ "mezzanine.core.middleware.TemplateForDeviceMiddleware",
+ "mezzanine.core.middleware.TemplateForHostMiddleware",
+ "mezzanine.core.middleware.AdminLoginInterfaceSelectorMiddleware",
+ "mezzanine.core.middleware.SitePermissionMiddleware",
+ "mezzanine.pages.middleware.PageMiddleware",
+ "mezzanine.core.middleware.FetchFromCacheMiddleware",
+)
+
+# Store these package names here as they may change in the future since
+# at the moment we are using custom forks of them.
+PACKAGE_NAME_FILEBROWSER = "filebrowser_safe"
+PACKAGE_NAME_GRAPPELLI = "grappelli_safe"
+
+#########################
+# OPTIONAL APPLICATIONS #
+#########################
+
+# These will be added to ``INSTALLED_APPS``, only if available.
+OPTIONAL_APPS = (
+ "debug_toolbar",
+ "django_extensions",
+ "compressor",
+ PACKAGE_NAME_FILEBROWSER,
+ PACKAGE_NAME_GRAPPELLI,
+)
+
+#####################
+# REST API SETTINGS #
+#####################
+try:
+ from mezzanine_api.settings import *
+except ImportError:
+ pass
+
+
+##################
+# LOCAL SETTINGS #
+##################
+
+# Allow any settings to be defined in local_settings.py which should be
+# ignored in your version control system allowing for settings to be
+# defined per ma chine.
+
+# Instead of doing "from .local_settings import *", we use exec so that
+# local_settings has full access to everything defined in this module.
+# Also force into sys.modules so it's visible to Django's autoreload.
+
+f = os.path.join(PROJECT_APP_PATH, "local_settings/__init__.py")
+if os.path.exists(f):
+ import sys
+ import imp
+ module_name = "%s.local_settings" % PROJECT_APP
+ module = imp.new_module(module_name)
+ module.__file__ = f
+ sys.modules[module_name] = module
+ exec(open(f, "rb").read())
+
+
+####################
+# DYNAMIC SETTINGS #
+####################
+
+# set_dynamic_settings() will rewrite globals based on what has been
+# defined so far, in order to provide some better defaults where
+# applicable. We also allow this settings module to be imported
+# without Mezzanine installed, as the case may be when using the
+# fabfile, where setting the dynamic settings below isn't strictly
+# required.
+try:
+ from mezzanine.utils.conf import set_dynamic_settings
+except ImportError:
+ pass
+else:
+ set_dynamic_settings(globals())
+
+# default settings for mezzanine
+NEVERCACHE_KEY = os.getenv('CMS_NEVERCACHE_KEY', ''),
+# Application User
+CMS_APP_USER = os.getenv('CMS_APP_USER')
+CMS_APP_USER_PASSWORD = os.getenv('CMS_APP_USER_PASSWORD')
+CMS_APP_USER_MAIL = os.getenv('CMS_APP_USER_MAIL')
+# Client App (EM)
+CMS_APP_CLIENT_ID = os.getenv('CMS_APP_CLIENT_ID')
+CMS_APP_CLIENT_SECRET = os.getenv('CMS_APP_CLIENT_SECRET')
+CMS_APP_NAME = 'Engagement_Manager_App'
+REST_FRAMEWORK['DEFAULT_RENDERER_CLASSES'] = (
+ 'rest_framework.renderers.JSONRenderer',
+)
+
+# S3 configuration for static resources storage and media upload
+
+# used by our custom storage.py
+MEDIA_BUCKET = "cms-media"
+STATIC_BUCKET = "cms-static"
+
+# django-storages configuration
+AWS_S3_HOST = os.environ['S3_HOST']
+AWS_S3_PORT = int(os.environ['S3_PORT'])
+AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST']
+AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID']
+AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY']
+AWS_AUTO_CREATE_BUCKET = True
+AWS_PRELOAD_METADATA = True
+
+# Set by custom subclass.
+# AWS_STORAGE_BUCKET_NAME = "em-static"
+AWS_S3_CALLING_FORMAT = OrdinaryCallingFormat()
+DEFAULT_FILE_STORAGE = 'cms.settings.storage.S3MediaStorage'
+STATICFILES_STORAGE = 'cms.settings.storage.S3StaticStorage'
+
+# These seem to have no effect even when we don't override with custom_domain?
+STATIC_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, STATIC_BUCKET)
+MEDIA_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, MEDIA_BUCKET)
+
+STATIC_ROOT = os.environ['STATIC_ROOT']
+
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+bind = ":80"
+chdir = '/srv'
+pidfile = '/tmp/ice-project-master.pid'
+backlog = '5000'
+errorlog = '-'
+loglevel = 'info'
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+storage.py
+
+In order to make Django store trusted static files and untrusted media
+(user-uploaded) files in separate s3 buckets, we must create two different
+storage classes.
+
+https://www.caktusgroup.com/blog/2014/11/10/Using-Amazon-S3-to-store-your-Django-sites-static-and-media-files/
+http://www.leehodgkinson.com/blog/my-mezzanine-s3-setup/
+
+"""
+
+# FIXME this module never changes so might not need not be kept in a
+# configmap. Also it is (almost) the same as what we use in em; that does
+# not use S3BotoStorageMixin.
+
+# There is a newer storage based on boto3 but that doesn't support changing
+# the HOST, as we need to for non-amazon s3 services. It does support an
+# "endpoint"; setting AWS_S3_ENDPOINT_URL may cause it to work.
+from storages.backends.s3boto import S3BotoStorage
+from filebrowser_safe.storage import S3BotoStorageMixin
+from django.conf import settings
+
+
+# NOTE for some reason, collectstatic uploads to bucket/location but the
+# urls constructed are domain/location
+class S3StaticStorage(S3BotoStorage, S3BotoStorageMixin):
+ custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.STATIC_BUCKET)
+ bucket_name = settings.STATIC_BUCKET
+ # location = ...
+
+
+class S3MediaStorage(S3BotoStorage, S3BotoStorageMixin):
+ custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.MEDIA_BUCKET)
+ bucket_name = settings.MEDIA_BUCKET
+ # location = ...
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-settings
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/cms/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-secret
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ key: "KCtkbV9yaigwMDU9XmV2emVzZDMjeHB5JC0kY15qI2NsemlsYngmXz0wbGg3by0zNCM="
+ app_user: "Y21zYXBwdXNlcg=="
+ app_user_mail: "Y21zYXBwdXNlckBleGFtcGxlLmNvbQ=="
+ app_user_password: "Y21zYXBwdXNlcnBhc3N3b3Jk"
+ app_client_id: "RWVCNFhlaW1vb2M2eGllU2VlS2FoOGRhZTFlaXBhZTRvdGFlc2hlZQ=="
+ app_client_secret: "aGFpTW9vcGllWmVlMXdlaTNsZWY0Z2FleWlhMnZhaHdvaHRoMG1haWQ5aXRoMnBoZWVzaGFpdGh1VG9vcjJKb2hzaGVpNWJhZXk3RWlxdWFldGhlaWI4cXVhaXF1ZWU3cGhpYXRoN2V1YjJhaU5haWMzb3U5dmFpemViZWlGNXU="
+ nevercache_key: "YV9qLWc1aCszKW9AMndpYXNtYmcoaHV4cHVqaD05NShwLSR2ejF4aiZ0K20pKy11ODQ="
+---
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort1 }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ env:
+ - name: ENVIRONMENT
+ value: "development"
+ - name: SECRET_KEY
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: key}
+ - name: EMAIL_HOST
+ value: "localhost"
+ - name: EMAIL_HOST_USER
+ value: "example"
+ - name: EMAIL_PORT
+ value: "25"
+ - name: EMAIL_HOST_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: email-secret, key: password}
+ - name: PGHOST
+ value: vvp-postgres
+ - name: PGPORT
+ value: "5432"
+ - name: PGDATABASE
+ value: "icecmsdb"
+ - name: PGUSER
+ value: "cms_postgresuser"
+ - name: PGPASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: cmsPassword}
+ - name: ICE_CONTACT_FROM_ADDRESS
+ value: "example"
+ - name: CMS_NEVERCACHE_KEY
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: nevercache_key}
+ - name: CMS_APP_USER
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: app_user}
+ - name: CMS_APP_USER_MAIL
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: app_user_mail}
+ - name: CMS_APP_USER_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: app_user_password}
+ - name: CMS_APP_CLIENT_ID
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: app_client_id}
+ - name: CMS_APP_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: app_client_secret}
+ - name: STATIC_ROOT
+ value: "/app/htdocs"
+ - name: DJANGO_DEBUG_MODE
+ value: "True"
+ - name: S3_HOST
+ value: "dev-s3.vvp.example.com"
+ - name: S3_PORT
+ value: "443"
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_access_key_id}
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_secret_access_key}
+ command: ["/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "cms.wsgi:application", ]
+ volumeMounts:
+ - name: settings
+ mountPath: /opt/configmaps/settings/
+ - name: site-crt
+ mountPath: /opt/secrets/site-crt/
+ volumes:
+ - name: settings
+ configMap:
+ name: {{ include "common.fullname" . }}-settings
+ - name: site-crt
+ secret:
+ secretName: site-crt
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort1 }}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/vvp/cms:1.0.0-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ internalPort1: 80
+ internalPort2: 9000
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: backend uwsgi server which hosts django application
+name: vvp-em-uwsgi
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~3.0.0
+ repository: '@local'
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+Django settings for VVP project.
+
+Environment variables that must exist:
+
+ ENVIRONMENT
+ SECRET_KEY
+ SECRET_WEBHOOK_TOKEN
+ SECRET_GITLAB_AUTH_TOKEN
+ SECRET_JENKINS_PASSWORD
+ SECRET_CMS_APP_CLIENT_ID
+ SECRET_CMS_APP_CLIENT_SECRET
+
+Environment variables that must exist in production:
+
+ EMAIL_HOST
+ EMAIL_HOST_PASSWORD
+ EMAIL_HOST_USER
+ EMAIL_PORT
+
+"""
+
+import os
+from vvp.settings.envbool import envbool
+from corsheaders.defaults import default_headers
+from boto.s3.connection import OrdinaryCallingFormat
+import datetime
+
+# With this file at ice/settings/__init__.py, we need three applications of
+# dirname() to find the project root.
+import engagementmanager
+PROJECT_PATH = os.path.dirname(os.path.dirname(engagementmanager.__file__))
+LOGS_PATH = os.path.join(PROJECT_PATH, "logs")
+
+ENVIRONMENT = os.environ['ENVIRONMENT']
+PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX']
+SERVICE_PROVIDER = os.environ['SERVICE_PROVIDER']
+PROGRAM_NAME = os.environ['PROGRAM_NAME']
+SERVICE_PROVIDER_DOMAIN = os.environ['SERVICE_PROVIDER_DOMAIN']
+
+# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
+SECRET_KEY = os.environ["SECRET_KEY"]
+
+# https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts
+# Anything in the Host header that does not match our expected domain should
+# raise SuspiciousOperation exception.
+ALLOWED_HOSTS = ['*']
+
+DEBUG = envbool('DJANGO_DEBUG_MODE', False)
+
+if ENVIRONMENT == 'production':
+ EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+ EMAIL_HOST = os.environ['EMAIL_HOST']
+ EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD']
+ EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER']
+ EMAIL_PORT = os.environ['EMAIL_PORT']
+else:
+ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+
+# Note: Only SSL email backends are allowed
+EMAIL_USE_SSL = True
+
+REST_FRAMEWORK = {
+ # Use Django's standard `django.contrib.auth` permissions,
+ # or allow read-only access for unauthenticated users.
+ 'EXCEPTION_HANDLER': 'engagementmanager.utils.exception_handler.ice_exception_handler',
+ 'PAGE_SIZE': 10,
+ 'DEFAULT_PERMISSION_CLASSES': (
+ 'rest_framework.permissions.IsAuthenticated',
+ ),
+ 'DEFAULT_AUTHENTICATION_CLASSES': (
+ 'rest_framework.authentication.SessionAuthentication',
+ 'rest_framework.authentication.BasicAuthentication',
+ 'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
+ ),
+ 'DEFAULT_PARSER_CLASSES': (
+ 'engagementmanager.rest.parsers.XSSJSONParser',
+ 'engagementmanager.rest.parsers.XSSFormParser',
+ 'engagementmanager.rest.parsers.XSSMultiPartParser',
+ )
+}
+
+JWT_AUTH = {
+ 'JWT_AUTH_HEADER_PREFIX': 'token',
+ 'JWT_ALGORITHM': 'HS256',
+ 'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
+ 'JWT_DECODE_HANDLER': 'engagementmanager.utils.authentication.ice_jwt_decode_handler',
+}
+
+APPEND_SLASH = False
+
+# Application definition
+INSTALLED_APPS = [
+ 'django.contrib.auth', # required by d.c.admin
+ 'corsheaders',
+ 'django.contrib.contenttypes', # required by d.c.admin
+ 'django.contrib.sessions', # required by d.c.admin
+ 'django.contrib.messages', # required by d.c.admin
+ 'django.contrib.staticfiles',
+ 'django.contrib.admin', # django admin site
+ 'rest_framework',
+ 'engagementmanager.apps.EngagementmanagerConfig',
+ 'validationmanager.apps.ValidationmanagerConfig',
+]
+
+MIDDLEWARE_CLASSES = [
+ 'django.middleware.security.SecurityMiddleware',
+ 'django.contrib.sessions.middleware.SessionMiddleware',
+ 'django.middleware.common.CommonMiddleware',
+ 'django.contrib.auth.middleware.AuthenticationMiddleware', # required by d.c.admin
+ 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
+ 'django.contrib.messages.middleware.MessageMiddleware',
+ 'django.middleware.clickjacking.XFrameOptionsMiddleware',
+ 'corsheaders.middleware.CorsMiddleware',
+]
+
+ROOT_URLCONF = 'vvp.urls'
+
+TEMPLATES = [
+ {
+ 'BACKEND': 'django.template.backends.django.DjangoTemplates',
+ 'DIRS': [PROJECT_PATH + '/web/templates'],
+ 'APP_DIRS': True,
+ 'OPTIONS': {
+ 'context_processors': [
+ 'django.template.context_processors.debug',
+ 'django.template.context_processors.request',
+ 'django.contrib.auth.context_processors.auth', # required by d.c.admin
+ 'django.contrib.messages.context_processors.messages', # required by d.c.admin
+ ],
+ },
+ },
+]
+
+WSGI_APPLICATION = 'vvp.wsgi.application'
+
+
+# Database
+# https://docs.djangoproject.com/en/1.9/ref/settings/#databases
+DATABASES = {
+ 'default': {
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ['PGDATABASE'],
+ 'USER': os.environ['PGUSER'],
+ 'PASSWORD': os.environ['PGPASSWORD'],
+ 'HOST': os.environ['PGHOST'],
+ 'PORT': os.environ['PGPORT'],
+ }
+}
+
+
+# Password validation
+# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators
+AUTH_PASSWORD_VALIDATORS = [
+ {'NAME': 'django.contrib.auth.password_validation.%s' % s} for s in [
+ 'UserAttributeSimilarityValidator',
+ 'MinimumLengthValidator',
+ 'CommonPasswordValidator',
+ 'NumericPasswordValidator',
+ ]]
+
+
+# Internationalization
+# https://docs.djangoproject.com/en/1.9/topics/i18n/
+LANGUAGE_CODE = 'en-us'
+TIME_ZONE = 'UTC'
+USE_I18N = True
+USE_L10N = True
+USE_TZ = True
+
+CORS_ALLOW_HEADERS = default_headers + ('ICE-USER-ID',)
+
+# Static files (CSS, JavaScript, Images)
+# https://docs.djangoproject.com/en/1.9/howto/static-files/
+STATIC_ROOT = os.environ['STATIC_ROOT']
+
+
+LOGGING = {
+ 'version': 1,
+ 'disable_existing_loggers': False,
+ 'formatters': { # All possible attributes are: https://docs.python.org/3/library/logging.html#logrecord-attributes
+ 'verbose': {
+ 'format': '%(asctime)s %(levelname)s %(name)s %(module)s %(lineno)d %(process)d %(thread)d %(message)s'
+ },
+ 'simple': {
+ 'format': '%(asctime)s %(levelname)s %(name)s %(message)s'
+ },
+ },
+ 'handlers': {
+ 'console': {
+ 'class': 'logging.StreamHandler',
+ 'formatter': 'simple'
+ },
+ 'vvp-info.log': {
+ 'level': 'INFO', # handler will ignore DEBUG (only process INFO, WARN, ERROR, CRITICAL, FATAL)
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-info.log'),
+ 'formatter': 'verbose'
+ },
+ 'vvp-debug.log': {
+ 'level': 'DEBUG',
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-debug.log'),
+ 'formatter': 'verbose'
+ },
+ 'vvp-requests.log': {
+ 'level': 'ERROR',
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-requests.log'),
+ 'formatter': 'verbose'
+ },
+ 'vvp-db.log': {
+ 'level': 'ERROR',
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-db.log'),
+ 'formatter': 'verbose',
+ },
+ },
+ 'loggers': {
+ 'vvp.logger': {
+ 'handlers': ['vvp-info.log', 'vvp-debug.log', 'vvp-requests.log', 'vvp-db.log', 'console'],
+ 'level': 'DEBUG' if DEBUG else 'INFO',
+ },
+ 'django': {
+ 'handlers': ['console'],
+ 'level': 'INFO' if DEBUG else 'ERROR',
+ },
+ 'django.request': {
+ 'handlers': ['vvp-requests.log', 'console'],
+ 'level': 'INFO' if DEBUG else 'ERROR',
+ },
+ 'django.db.backends': {
+ 'handlers': ['vvp-db.log', 'console'],
+ 'level': 'DEBUG' if DEBUG else 'ERROR',
+ 'propagate': False,
+ },
+ # silence the hundred lines of useless "missing variable in template"
+ # complaints per admin pageview.
+ 'django.template': {
+ 'level': 'DEBUG',
+ 'handlers': ['vvp-info.log', 'vvp-debug.log', 'console'],
+ 'propagate': False,
+ },
+ }
+}
+
+
+#############################
+# VVP Related Configuration
+#############################
+CONTACT_FROM_ADDRESS = os.getenv('CONTACT_FROM_ADDRESS', 'dummy@example.com')
+CONTACT_EMAILS = [s.strip() for s in os.getenv('CONTACT_EMAILS', 'user@example.com').split(',') if s]
+DOMAIN = os.getenv('EM_DOMAIN_NAME')
+TOKEN_EXPIRATION_IN_HOURS = 48
+DAILY_SCHEDULED_JOB_HOUR = 20
+NUMBER_OF_POLLED_ACTIVITIES = 5
+TEMP_PASSWORD_EXPIRATION_IN_HOURS = 48
+# This is the DNS name pointing to the private-network ip of the host machine
+# running (a haproxy that points to) (an nginx frontend for) this app
+API_DOMAIN = 'em'
+
+# The authentication token needed by Jenkins or Gitlab to issue webhook updates
+# to us. This is a "secret" shared by Jenkins and Django. It must be part of
+# the URL path component for the Jenkins webhook in ValidationManager to accept
+# a notification. It should be a set of random URL-path-safe characters, with
+# no slash '/'.
+# FIXME: Does this authentication scheme actually gain us anything? What's the
+# threat model
+WEBHOOK_TOKEN = os.environ['SECRET_WEBHOOK_TOKEN']
+
+# The authentication token and URL needed for us to issue requests to the GitLab API.
+GITLAB_TOKEN = os.environ['SECRET_GITLAB_AUTH_TOKEN']
+GITLAB_URL = "http://vvp-gitlab/"
+
+JENKINS_URL = "http://vvp-jenkins:8080/"
+JENKINS_USERNAME = "admin"
+JENKINS_PASSWORD = os.environ['SECRET_JENKINS_PASSWORD']
+
+IS_CL_CREATED_ON_REVIEW_STATE = envbool('IS_CL_CREATED_ON_REVIEW_STATE', False) # Options: True, False
+IS_SIGNAL_ENABLED = envbool('IS_SIGNAL_ENABLED', True)
+RECENT_ENG_TTL = 3 # In days
+CMS_URL = "http://vvp-cms-uwsgi/api/"
+CMS_APP_CLIENT_ID = os.environ['SECRET_CMS_APP_CLIENT_ID']
+CMS_APP_CLIENT_SECRET = os.environ['SECRET_CMS_APP_CLIENT_SECRET']
+
+# slack integration
+SLACK_API_TOKEN = os.environ['SLACK_API_TOKEN']
+ENGAGEMENTS_CHANNEL = os.getenv('ENGAGEMENTS_CHANNEL', '')
+ENGAGEMENTS_NOTIFICATIONS_CHANNEL = os.getenv('ENGAGEMENTS_NOTIFICATIONS_CHANNEL:', '')
+DEVOPS_CHANNEL = os.getenv('DEVOPS_CHANNEL', '')
+DEVOPS_NOTIFICATIONS_CHANNEL = os.getenv('DEVOPS_NOTIFICATIONS_CHANNEL', '')
+
+# S3 configuration for static resources storage and media upload
+
+# used by our custom storage.py
+MEDIA_BUCKET = "em-media"
+STATIC_BUCKET = "em-static"
+
+# django-storages configuration
+AWS_S3_HOST = os.environ['S3_HOST']
+AWS_S3_PORT = int(os.environ['S3_PORT'])
+AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST']
+AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID']
+AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY']
+AWS_AUTO_CREATE_BUCKET = True
+AWS_PRELOAD_METADATA = True
+
+# Set by custom subclass.
+# AWS_STORAGE_BUCKET_NAME = "em-static"
+AWS_S3_CALLING_FORMAT = OrdinaryCallingFormat()
+DEFAULT_FILE_STORAGE = 'vvp.settings.storage.S3MediaStorage'
+STATICFILES_STORAGE = 'vvp.settings.storage.S3StaticStorage'
+
+# These seem to have no effect even when we don't override with custom_domain?
+STATIC_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, STATIC_BUCKET)
+MEDIA_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, MEDIA_BUCKET)
+
+STATIC_ROOT = os.environ['STATIC_ROOT']
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+envbool.py
+
+Return which environment is currently running on (to setting.py).
+
+"""
+import os
+
+
+def envbool(key, default=False, unknown=True):
+ """Return a boolean value based on that of an environment variable.
+
+ Environment variables have no native boolean type. They are always strings, and may be empty or
+ unset (which differs from empty.) Furthermore, notions of what is "truthy" in shell script
+ differ from that of python.
+
+ This function converts environment variables to python boolean True or False in
+ case-insensitive, expected ways to avoid pitfalls:
+
+ "True", "true", and "1" become True
+ "False", "false", and "0" become False
+ unset or empty becomes False by default (toggle with 'default' parameter.)
+ any other value becomes True by default (toggle with 'unknown' parameter.)
+
+ """
+ return {
+ 'true': True, '1': True, # 't': True,
+ 'false': False, '0': False, # 'f': False.
+ '': default,
+ }.get(os.getenv(key, '').lower(), unknown)
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+bind = ":80"
+chdir = '/srv'
+pidfile = '/tmp/ice-project-master.pid'
+backlog = '5000'
+errorlog = '-'
+loglevel = 'info'
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+storage.py
+
+In order to make Django store trusted static files and untrusted media
+(user-uploaded) files in separate s3 buckets, we must create two different
+storage classes.
+
+https://www.caktusgroup.com/blog/2014/11/10/Using-Amazon-S3-to-store-your-Django-sites-static-and-media-files/
+http://www.leehodgkinson.com/blog/my-mezzanine-s3-setup/
+
+"""
+
+# FIXME this module never changes so might not need not be kept in a
+# configmap. Also it is (almost) the same as what we use in cms.
+
+# There is a newer storage based on boto3 but that doesn't support changing
+# the HOST, as we need to for non-amazon s3 services. It does support an
+# "endpoint"; setting AWS_S3_ENDPOINT_URL may cause it to work.
+from storages.backends.s3boto import S3BotoStorage
+from django.conf import settings
+
+
+# NOTE for some reason, collectstatic uploads to bucket/location but the
+# urls constructed are domain/location
+class S3StaticStorage(S3BotoStorage):
+ custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.STATIC_BUCKET)
+ bucket_name = settings.STATIC_BUCKET
+ # location = ...
+
+
+class S3MediaStorage(S3BotoStorage):
+ custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.MEDIA_BUCKET)
+ bucket_name = settings.MEDIA_BUCKET
+ # location = ...
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-settings
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/em/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ - containerPort: 80
+ - containerPort: 9000
+ volumeMounts:
+ - name: em-settings
+ mountPath: /opt/configmaps/settings/
+ - name: site-crt
+ mountPath: /opt/secrets/site-crt/
+ env:
+ - name: ENVIRONMENT
+ value: "development"
+ - name: PROGRAM_NAME_URL_PREFIX
+ value: "vvp"
+ - name: SERVICE_PROVIDER
+ value: "NA"
+ - name: PROGRAM_NAME
+ value: "VVP"
+ - name: SERVICE_PROVIDER_DOMAIN
+ value: "na.com"
+ - name: SECRET_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: key}
+ - name: EMAIL_HOST
+ value: "localhost"
+ - name: EMAIL_HOST_USER
+ value: "example"
+ - name: EMAIL_PORT
+ value: "25"
+ - name: EMAIL_HOST_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: email-secret, key: password}
+ - name: PGHOST
+ value: vvp-postgres
+ - name: PGPORT
+ value: "5432"
+ - name: PGDATABASE
+ value: icedb
+ - name: PGUSER
+ value: "em_postgresuser"
+ - name: PGPASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: emPassword}
+ - name: DOMAIN
+ value: https://development.vvp.example.com
+ - name: ICE_EM_DOMAIN_NAME
+ value: https://development.vvp.example.com
+ - name: CONTACT_FROM_ADDRESS
+ value: "example"
+ - name: OAUTHLIB_INSECURE_TRANSPORT
+ value: "1"
+ - name: SECRET_WEBHOOK_TOKEN
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: em_webhook_token}
+ - name: SECRET_GITLAB_AUTH_TOKEN
+ valueFrom:
+ secretKeyRef: {name: gitlab-password, key: auth-token}
+ - name: SECRET_JENKINS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: jenkins_admin_password}
+ - name: SECRET_CMS_APP_CLIENT_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: cms_app_client_id}
+ - name: SECRET_CMS_APP_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: cms_app_client_secret}
+ - name: STATIC_ROOT
+ value: "/app/htdocs"
+ - name: DJANGO_DEBUG_MODE
+ value: "True"
+ - name: SLACK_API_TOKEN
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: slack_api_token}
+ - name: ENGAGEMENTS_CHANNEL
+ value: ""
+ - name: ENGAGEMENTS_NOTIFICATIONS_CHANNEL
+ value: ""
+ - name: DEVOPS_CHANNEL
+ value: ""
+ - name: DEVOPS_NOTIFICATIONS_CHANNEL
+ value: ""
+ - name: S3_HOST
+ value: "dev-s3.vvp.example.com"
+ - name: S3_PORT
+ value: "443"
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_access_key_id}
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_secret_access_key}
+ command: ["/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "vvp.wsgi:application", ]
+ volumes:
+ - name: site-crt
+ secret:
+ secretName: site-crt
+ - name: em-settings
+ configMap:
+ name: {{ include "common.fullname" . }}-settings
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/vvp/engagementmgr:1.0.0-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ internalPort: 80
+ portName: em
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: load balancer for external transport
+name: vvp-ext-haproxy
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resolvers dns
+ nameserver pod_dns "10.3.0.10:53"
+ resolve_retries 3
+ timeout retry 1s
+ hold valid 30s
+
+defaults
+ mode http
+ timeout connect 5000ms
+ timeout client 50000ms
+ timeout server 50000ms
+ option httpclose
+ option redispatch
+ option abortonclose
+ option httplog
+ option dontlognull
+ default-server init-addr last,libc,none
+
+backend gitlab_ssh
+ mode tcp
+ option tcplog
+ timeout server 2h
+ server gitlabssh vvp-gitlab:22 resolvers dns
+
+frontend gitlab_ssh_frontend
+ mode tcp
+ option tcplog
+ timeout client 2h
+ bind 0.0.0.0:22
+ acl is_ssh dst_port 22
+ use_backend gitlab_ssh if is_ssh
+
+backend portal_backend
+ mode http
+ server ice_portal vvp:8181 resolvers dns
+
+backend api
+ mode http
+ server engagement_manager vvp-em-uwsgi:80 resolvers dns
+
+backend s3
+ mode http
+ balance roundrobin
+ option httpchk HEAD /
+ server ceph-01 10.252.0.21:8080 check inter 10000ms
+
+frontend portal
+ mode http
+ acl is_api_call path_beg -i /vvp
+ acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3.
+ use_backend api if is_api_call
+ use_backend s3 if is_s3
+ bind 0.0.0.0:80
+ bind 0.0.0.0:443 ssl crt /etc/haproxy/site.pem force-tlsv12
+ default_backend portal_backend
+
+listen stats
+ bind 0.0.0.0:9001
+ mode http
+ stats enable # Enable stats page
+ stats realm Haproxy\ Statistics
+ stats uri /haproxy_stats
+ stats auth "${HAPROXY_USER}:${HAPROXY_PASS}"
+ acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16
+ http-request deny if !network_allowed
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-cfg
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/ext-haproxy-cfg/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ - containerPort: 80
+ - containerPort: 22
+ - containerPort: 443
+ - containerPort: 9001
+ env:
+ - name: HAPROXY_USER
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: user
+ - name: HAPROXY_PASS
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: pass
+ volumeMounts:
+ - mountPath: /usr/local/etc/haproxy/
+ name: ext-haproxy-cfg
+ - mountPath: /etc/haproxy/
+ name: site-pem
+ volumes:
+ - name: ext-haproxy-cfg
+ configMap:
+ name: {{ include "common.fullname" . }}-cfg
+ items:
+ - key: file
+ path: haproxy.cfg
+ - name: site-pem
+ secret:
+ secretName: site-pem
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort1 }}
+ name: {{ .Values.service.portName1 }}
+ - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName3 }}
+ - port: {{ .Values.service.internalPort4 }}
+ name: {{ .Values.service.portName4 }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: docker.io
+image: haproxy:1.7.2-alpine
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ portName1: web
+ internalPort1: 80
+ portName2: ssl
+ internalPort2: 443
+ portName3: ssh
+ internalPort3: 22
+ portName4: stats
+ internalPort4: 9000
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: holds all customers files in repos
+name: vvp-gitlab
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: gitlab-password
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ password: "YW82aWo2d29oV2VpcXU0ZQ=="
+ auth-token: "amFkdTZ5b2hqYWl5OFdvYjBJZUs="
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: jenkins-deploykey
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ deploykey.pub: "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUlQWFNQT2ppSkYvWEdicmNpVXNja1hMbFA0Q0ZHNS9POHErQ0xRZW1CTlE="
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort1 }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /var/opt/gitlab
+ name: gitlab
+ subPath: var/opt/gitlab
+ - mountPath: /etc/gitlab
+ name: gitlab
+ subPath: etc/gitlab
+ - mountPath: /var/log/gitlab
+ name: gitlab
+ subPath: var/log/gitlab
+ - mountPath: /tmp/deploykey
+ name: jenkins-deploykey
+ env:
+ - name: ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: gitlab-password
+ key: password
+ - name: AUTHENTICATION_TOKEN
+ valueFrom:
+ secretKeyRef:
+ name: gitlab-password
+ key: auth-token
+ - name: EXTERNAL_URL
+ value: "http://vvp-gitlab"
+ volumes:
+ - name: gitlab
+ emptyDir: {}
+ - name: jenkins-deploykey
+ secret:
+ secretName: jenkins-deploykey
+ imagePullSecrets:
+ - name: onapkey
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort1 }}
+ name: {{ .Values.service.portName1 }}
+ - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/vvp/gitlab:1.0.0-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ internalPort1: 80
+ internalPort2: 22
+ portName1: web
+ portName2: ssh
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: scan for validity and viruses on users files
+name: vvp-imagescanner
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~3.0.0
+ repository: '@local'
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+from pathlib import Path
+from awsauth import S3Auth
+# A mapping from host names to Requests Authentication Objects; see
+# http://docs.python-requests.org/en/master/user/authentication/
+AUTHS = {}
+if 'S3_HOST' in os.environ:
+ AUTHS[os.environ['S3_HOST']] = S3Auth(
+ os.environ['AWS_ACCESS_KEY_ID'],
+ os.environ['AWS_SECRET_ACCESS_KEY'],
+ service_url='https://%s/' % os.environ['S3_HOST']
+ )
+LOGS_PATH = Path(os.environ['IMAGESCANNER_LOGS_PATH'])
+STATUSFILE = LOGS_PATH/'status.txt'
+# A dict passed as kwargs to jenkins.Jenkins constructor.
+JENKINS = {
+ 'url': 'http://jenkins:8080',
+ 'username': 'admin',
+ 'password': os.environ['SECRET_JENKINS_PASSWORD'],
+ }
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: imagescanner-settings
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/imagescanner/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: slack-tokens
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ notifications: ""
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: imagescanner-ssh
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ # FIXME the imagescanner really should have its own private key, but then we
+ # have to adjust the gitlab wrapper script to set two public keys as
+ # deploykeys.
+ id_ed25519: "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNDRDEwanpvNGlSZjF4bTYzSWxMSEpGeTVUK0FoUnVmenZLdmdpMEhwZ1RVQUFBQUpqV3dKZDkxc0NYCmZRQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDQ0QxMGp6bzRpUmYxeG02M0lsTEhKRnk1VCtBaFJ1Znp2S3ZnaTBIcGdUVUEKQUFBRUFXRktNV0xsNkZnRUJ1Zzk3MSthdE5ZQnQ4R2R1V3pDWWd0L2o5VHU0U2g0UFhTUE9qaUpGL1hHYnJjaVVzY2tYTApsUDRDRkc1L084cStDTFFlbUJOUUFBQUFFM0JoZFd4QVVHRjFiQ2R6SUUxaFl5QlFjbThCQWc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K"
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: site-certificate
+ namespace: {{ include "common.namespace" . }}
+data:
+ site.crt: |
+ -----BEGIN CERTIFICATE-----
+ MIIDEDCCAfgCCQDhahVKE9/eUjANBgkqhkiG9w0BAQsFADBKMRAwDgYDVQQKDAdF
+ eGFtcGxlMRAwDgYDVQQLDAdleGFtcGxlMSQwIgYDVQQDDBtkZXZlbG9wbWVudC52
+ dnAuZXhhbXBsZS5jb20wHhcNMTcxMjI0MTUzOTA3WhcNMTgxMjI0MTUzOTA3WjBK
+ MRAwDgYDVQQKDAdFeGFtcGxlMRAwDgYDVQQLDAdleGFtcGxlMSQwIgYDVQQDDBtk
+ ZXZlbG9wbWVudC52dnAuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ DwAwggEKAoIBAQCkvNGXe+bdvL2kvrP2L3WABt2WCFoZ2Pn8Px0eEsRiJHVD0eWz
+ rgJYHFJu0C0cK9NYSKxVVI8LnKH7Ny5MFfM4Tqyr3UEOLs+fSwaAqM5tSyZU/tEK
+ ractA7bi9fDk2lkcs+LLuZMqGPZ37UZcZwsUQ0BONHP668LqkWqT9hNLIN4ejInr
+ 32WA3Y7hPNd8Cj+AaLt1x2cXYzi9hrE5l3h9ofkOpXsgDzeIHlp4jJ6kXXQf8UM5
+ 1viqa2CWXHBHEG+5eftLSaeE6LAlNt5IJ6LcWEZgNtXr2es4LJC3FjXrv0gc04Cp
+ U2OfizpbhT11cLGaeXOq1cUCXNIb4FcJApoXAgMBAAEwDQYJKoZIhvcNAQELBQAD
+ ggEBAFGPDG9iurAhUKbFkY97xLA443U01bdwi7eAT5T9qo/RzOwcbuKWXVm1k5HK
+ CQO81nlLqLQwhI1+uTTmR41epuJxyGIaDgUySB+8fLzyRSIFaxKD+UeVPgipDNZs
+ h0sKSKrO6MoWzMLUYvdZRw6VIc+UpSCqPY+FKUBUHZtMpSFLnhHjRvVkiP4VvFXj
+ b7jQzHughzeITygws42fKK/MK7wQ6byaMVRbPbQKPAXNxd/UrSPeX+RzKRWOZ6R8
+ Ulyp7dezXCP77UaTZTsxwlurPQIZNMshDxE/SbWt0Q1g28rj5KfAjoZs5Tg/gmQ8
+ LLKI/b1OvKohaANGZ6We5U+ceeU=
+ -----END CERTIFICATE-----
+ wrapper.sh: |
+ #!/bin/sh
+ # This script is meant to be used as a wrapper, so that it can be easily
+ # used with docker or kubernetes' container command specification.
+ #
+ # Kubernetes' volumeMount creates symlinks for configMapped files at the
+ # target directory.
+ # Alpine's update-ca-certificates ignores symlinks.
+ # So we must contrive to copy the contents of the mounted cert (a symlink)
+ # into place as a normal file.
+ dev_cert="${0%/*}/site.crt"
+ echo >&2 "$0: Checking for site CA certificate at $dev_cert..."
+ if [ -s "$dev_cert" ]; then
+ echo >&2 "$0: Updating container CA certificate bundle with site certificate..."
+ cp -L "$dev_cert" /usr/local/share/ca-certificates/
+ update-ca-certificates
+ else
+ echo >&2 "$0: No site CA certificate found."
+ fi
+ echo >&2 "$0: Launching command: $@"
+ exec "$@"
+
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: imagescanner-worker
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ command:
+ - "sh"
+ - "/opt/site-certificate/wrapper.sh"
+ - "/usr/local/bin/imagescanner-worker"
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: imagescanner-ssh
+ mountPath: /root/.ssh
+ - name: dev
+ mountPath: /dev
+ - name: logs
+ mountPath: /var/log/imagescanner
+ - name: imagescanner-settings
+ mountPath: /opt/imagescanner-settings
+ - name: site-certificate
+ mountPath: /opt/site-certificate
+ env:
+ - name: PYTHONPATH
+ value: /opt/imagescanner-settings
+ - name: S3_HOST
+ value: "dev-s3.vvp.example.com"
+ - name: S3_PORT
+ value: "443"
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_access_key_id}
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_secret_access_key}
+ - name: SECRET_JENKINS_PASSWORD
+ value: ''
+ - name: REQUESTS_CA_BUNDLE
+ value: /etc/ssl/certs/ca-certificates.crt
+
+ - name: notifications-worker
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ command: ["/usr/local/bin/notifications-worker"]
+ securityContext:
+ privileged: true
+ env:
+ - name: SLACK_TOKEN
+ valueFrom:
+ secretKeyRef: {name: slack-tokens, key: notifications}
+ - name: DOMAIN
+ value: "dev-em.vvp.example.com"
+ - name: PYTHONPATH
+ value: /opt/imagescanner-settings
+ - name: SECRET_JENKINS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: jenkins_admin_password}
+ volumeMounts:
+ - name: imagescanner-settings
+ mountPath: /opt/imagescanner-settings
+
+ - name: imagescanner-frontend
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ command: ["/usr/local/bin/imagescanner-frontend"]
+ securityContext:
+ privileged: true
+ ports:
+ - containerPort: 80
+ volumeMounts:
+ - name: logs
+ mountPath: /var/log/imagescanner
+ - name: imagescanner-settings
+ mountPath: /opt/imagescanner-settings
+ env:
+ - name: DEFAULT_SLACK_CHANNEL
+ value: "#notifications"
+ - name: SECRET_JENKINS_PASSWORD
+ value: ''
+
+ volumes:
+ - name: imagescanner-ssh
+ secret:
+ secretName: imagescanner-ssh
+ defaultMode: 0600
+ - name: dev
+ hostPath:
+ path: /dev
+ - name: logs
+ emptyDir: {}
+ - name: imagescanner-settings
+ configMap:
+ name: imagescanner-settings
+ - name: site-certificate
+ configMap:
+ name: site-certificate
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/vvp/image-scanner:1.0.0-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ internalPort: 80
+ portName: web
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: load balancer for internal (container to container) transport
+name: vvp-int-haproxy
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resolvers dns
+ nameserver pod_dns "10.3.0.10:53"
+ resolve_retries 3
+ timeout retry 1s
+ hold valid 30s
+
+defaults
+ mode http
+ timeout connect 5000ms
+ timeout client 50000ms
+ timeout server 50000ms
+ option httpclose
+ option redispatch
+ option abortonclose
+ option httplog
+ option dontlognull
+ default-server init-addr last,libc,none
+
+backend gitlab_web_backend
+ mode http
+ server gitlab_web_1 vvp-gitlab:80 resolvers dns
+
+frontend gitlab_web
+ mode http
+ bind 0.0.0.0:80
+
+ acl is_scanner path_beg /imagescanner
+ acl is_em_admin hdr_beg(host) em. staging-em. dev-em.
+ acl is_cms hdr_beg(host) cms. staging-cms. dev-cms.
+ acl is_ci_admin hdr_beg(host) staging-ci. dev-ci.
+ acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3.
+
+ use_backend imagescanner if is_em_admin is_scanner
+ use_backend cms if is_cms
+ use_backend api if is_em_admin
+ use_backend ci if is_ci_admin
+ use_backend s3 if is_s3
+
+ default_backend gitlab_web_backend
+
+backend s3
+ mode http
+ balance roundrobin
+ server ceph-01 10.252.0.21:8080
+
+backend cms
+ mode http
+ server cms_server vvp-cms-uwsgi:80 resolvers dns
+
+backend api
+ mode http
+ server engagement_manager vvp-em-uwsgi:80 resolvers dns
+
+backend ci
+ mode http
+ server ci_test vvp-ci-uwsgi:8282 resolvers dns
+
+listen jenkins
+ bind 0.0.0.0:8080
+ server jenkins vvp-jenkins:8080 resolvers dns
+
+backend imagescanner
+ mode http
+ server imagescanner vvp-imagescanner:80 resolvers dns
+
+listen stats
+ bind 0.0.0.0:9000
+ mode http
+ stats enable # Enable stats page
+ stats realm Haproxy\ Statistics
+ stats uri /haproxy_stats
+ stats auth "${HAPROXY_USER}:${HAPROXY_PASS}"
+ acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16
+ block if !network_allowed
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-cfg
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/int-haproxy-cfg/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ - containerPort: 80
+ - containerPort: 8080
+ - containerPort: 9000
+ env:
+ - name: HAPROXY_USER
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: user
+ - name: HAPROXY_PASS
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: pass
+ volumeMounts:
+ - mountPath: /usr/local/etc/haproxy/
+ name: int-haproxy-cfg
+ volumes:
+ - name: int-haproxy-cfg
+ configMap:
+ name: {{ include "common.fullname" . }}-cfg
+ items:
+ - key: file
+ path: haproxy.cfg
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort1 }}
+ name: {{ .Values.service.portName1 }}
+ - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName3 }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: docker.io
+image: haproxy:1.7.2-alpine
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ portName1: web
+ internalPort1: 80
+ portName2: jenkins
+ internalPort2: 8080
+ portName3: stats
+ internalPort3: 9000
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: run validation tasks
+name: vvp-jenkins
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~3.0.0
+ repository: '@local'
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+kind: Secret
+apiVersion: v1
+metadata:
+ name: jenkins-users-admin
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ config.xml: "PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnPz4KPHVzZXI+CiAgPGZ1bGxOYW1lPmFkbWluPC9mdWxsTmFtZT4KICA8ZGVzY3JpcHRpb24+PC9kZXNjcmlwdGlvbj4KICA8cHJvcGVydGllcz4KICAgIDxodWRzb24uc2VjdXJpdHkuSHVkc29uUHJpdmF0ZVNlY3VyaXR5UmVhbG1fLURldGFpbHM+CiAgICAgIDxwYXNzd29yZEhhc2g+I2piY3J5cHQ6JDJhJDEwJERyaXVLdThPcTdpaWhtdi80bzlKOHV6cmg2QlVBaUtuejMuM21EMXBDb2dzUHJnOW42M1pXPC9wYXNzd29yZEhhc2g+CiAgICA8L2h1ZHNvbi5zZWN1cml0eS5IdWRzb25Qcml2YXRlU2VjdXJpdHlSZWFsbV8tRGV0YWlscz4KICA8L3Byb3BlcnRpZXM+CjwvdXNlcj4K"
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: jenkins-ssh
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ # .ssh/config isn't really a secret, but it's the easiest way to get it into
+ # the same directory as the key
+ config: "SG9zdCAqClVzZXJLbm93bkhvc3RzRmlsZSAvZGV2L251bGwKU3RyaWN0SG9zdEtleUNoZWNraW5nIG5vCklkZW50aXR5RmlsZSAiL3Zhci9qZW5raW5zX2hvbWUvLnNzaC9pZF9lZDI1NTE5Igo="
+ id_ed25519: "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNDRDEwanpvNGlSZjF4bTYzSWxMSEpGeTVUK0FoUnVmenZLdmdpMEhwZ1RVQUFBQUpqV3dKZDkxc0NYCmZRQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDQ0QxMGp6bzRpUmYxeG02M0lsTEhKRnk1VCtBaFJ1Znp2S3ZnaTBIcGdUVUEKQUFBRUFXRktNV0xsNkZnRUJ1Zzk3MSthdE5ZQnQ4R2R1V3pDWWd0L2o5VHU0U2g0UFhTUE9qaUpGL1hHYnJjaVVzY2tYTApsUDRDRkc1L084cStDTFFlbUJOUUFBQUFFM0JoZFd4QVVHRjFiQ2R6SUUxaFl5QlFjbThCQWc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K"
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ ports:
+ - containerPort: 8080
+ volumeMounts:
+ - name: jenkins-home
+ mountPath: /var/jenkins_home
+ - name: jenkins-users-admin
+ mountPath: /var/jenkins_home/users/admin
+ - name: jenkins-ssh
+ mountPath: /var/jenkins_home/.ssh
+ volumes:
+ - name: jenkins-home
+ emptyDir: {}
+ - name: jenkins-users-admin
+ secret:
+ secretName: jenkins-users-admin
+ - name: jenkins-ssh
+ secret:
+ secretName: jenkins-ssh
+
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/vvp/jenkins:1.0.0-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ internalPort: 8080
+ portName: jenkins
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: store all data of engagement manager
+name: vvp-postgres
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# initdb defaults
+#
+listen_addresses = '*' # what IP address(es) to listen on;
+max_connections = 100 # (change requires restart)
+shared_buffers = 32MB # min 128kB
+datestyle = 'iso, mdy'
+lc_messages = 'en_US.UTF-8' # locale for system error message
+lc_monetary = 'en_US.UTF-8' # locale for monetary formatting
+lc_numeric = 'en_US.UTF-8' # locale for number formatting
+lc_time = 'en_US.UTF-8' # locale for time formatting
+default_text_search_config = 'pg_catalog.english'
+log_line_prefix = 'user=%u,db=%d '
+#
+# our customizations
+#
+dynamic_shared_memory_type = posix
+log_timezone = 'UTC'
+timezone = 'UTC'
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# sourced, not executed, by docker-entrypoint.sh (/bin/bash)
+
+# defaults
+: ${ICE_CMS_DB_USER:="icecmsuser"}
+: ${ICE_CMS_DB_NAME:="icecmsdb"}
+: ${ICE_CMS_DB_PASSWORD:="na"}
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<- EOF
+ CREATE USER ${ICE_CMS_DB_USER} WITH CREATEDB PASSWORD '${ICE_CMS_DB_PASSWORD}';
+ CREATE DATABASE ${ICE_CMS_DB_NAME} WITH OWNER ${ICE_CMS_DB_USER} ENCODING 'utf-8';
+EOF
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# sourced, not executed, by docker-entrypoint.sh (/bin/bash)
+ln -sf /etc/postgresql/conf.d/postgresql.conf "${PGDATA}"/postgresql.conf
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: postgresql-conf
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/postgres/conf/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: postgresql-initdb
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/postgres/init/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ - containerPort: 5432
+ volumeMounts:
+ - mountPath: /var/lib/postgresql/data
+ name: postgresql-data
+ - mountPath: /etc/postgresql/conf.d/
+ name: postgresql-conf
+ - mountPath: /docker-entrypoint-initdb.d/
+ name: postgresql-initdb
+ env:
+ - name: POSTGRES_DB
+ value: icedb
+ - name: ICE_CMS_DB_NAME
+ value: icecmsdb
+ - name: POSTGRES_USER
+ value: em_postgresuser
+ - name: ICE_CMS_DB_USER
+ value: cms_postgresuser
+ - name: ICE_CMS_DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: postgresql-passwords
+ key: cmsPassword
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: postgresql-passwords
+ key: emPassword
+ volumes:
+ - name: postgresql-data
+ emptyDir: {}
+ - name: postgresql-conf
+ configMap:
+ name: postgresql-conf
+ - name: postgresql-initdb
+ configMap:
+ name: postgresql-initdb
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/vvp/postgresql:1.0.0-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: vvp-postgres
+ portName: vvp-postgres
+ internalPort: 5432
+ externalPort: 5432
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: in memory key-value store for all project
+name: vvp-redis
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ name: {{ include "common.name" . }}
+ spec:
+ hostname: {{ include "common.name" . }}
+ containers:
+ - args:
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ name: {{ include "common.name" . }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- end}}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: docker.io
+image: redis:alpine
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: vvp-redis
+ portName: vvp-redis
+ internalPort: 6379
+ externalPort: 6379
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~3.0.0
+ repository: '@local'
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+pid /nginx.pid;
+error_log /dev/stdout warn;
+
+http {
+ access_log /dev/stdout;
+ server {
+ listen 0.0.0.0:8181;
+
+ location / {
+ include /etc/nginx/mime.types;
+ root /usr/share/nginx/html/;
+ }
+
+ }
+}
+
+events {
+ worker_connections 4096;
+}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{
+ "serviceProvider": {
+ "name": "NA"
+ },
+ "program": {
+ "name": "VVP"
+ }
+}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: portal-nginx-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/vvp/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: onapkey
+data:
+ .dockercfg: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOiB7InVzZXJuYW1lIjogImRvY2tlciIsICJwYXNzd29yZCI6ICJkb2NrZXIiLCAiZW1haWwiOiAiZW1haWxAZW1haWwuY29tIn19
+type: kubernetes.io/dockercfg
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: em-secret
+type: Opaque
+data:
+ key: "IzkxZV9fdzNrPTc4MUB5KGVfIzZodTZ0JmgyNTQjdSkmYmorbTl0aHglayE2XiowNnI="
+ em_webhook_token: "QWlwN29oeDFlaUhhZXNob2g5c2hhaWx1OWVleDd0aGE="
+ gitlab_admin_password: "YW82aWo2d29oV2VpcXU0ZQ=="
+ jenkins_admin_password: "a29peWVCYWlUaDNrYWlOZw=="
+ cms_app_client_id: "RWVCNFhlaW1vb2M2eGllU2VlS2FoOGRhZTFlaXBhZTRvdGFlc2hlZQ=="
+ cms_app_client_secret: "aGFpTW9vcGllWmVlMXdlaTNsZWY0Z2FleWlhMnZhaHdvaHRoMG1haWQ5aXRoMnBoZWVzaGFpdGh1VG9vcjJKb2hzaGVpNWJhZXk3RWlxdWFldGhlaWI4cXVhaXF1ZWU3cGhpYXRoN2V1YjJhaU5haWMzb3U5dmFpemViZWlGNXU="
+ slack_api_token: ""
+ aws_access_key_id: "MlpCMTlVOUQ4SzZYVkpHNzVWWDA="
+ aws_secret_access_key: "N3hWV2Vxc0xJb3RLT3VhMHh2aGFwSXNDdDFWVTB4Nk0yRTRmVFJLTw=="
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: email-secret
+type: Opaque
+data:
+ password: "RVhBTVBMRQ=="
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: site-crt
+type: Opaque
+data:
+ # the public part of the certificate, not actually a secret.
+ site.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFRENDQWZnQ0NRRGhhaFZLRTkvZVVqQU5CZ2txaGtpRzl3MEJBUXNGQURCS01SQXdEZ1lEVlFRS0RBZEYKZUdGdGNHeGxNUkF3RGdZRFZRUUxEQWRsZUdGdGNHeGxNU1F3SWdZRFZRUUREQnRrWlhabGJHOXdiV1Z1ZEM1MgpkbkF1WlhoaGJYQnNaUzVqYjIwd0hoY05NVGN4TWpJME1UVXpPVEEzV2hjTk1UZ3hNakkwTVRVek9UQTNXakJLCk1SQXdEZ1lEVlFRS0RBZEZlR0Z0Y0d4bE1SQXdEZ1lEVlFRTERBZGxlR0Z0Y0d4bE1TUXdJZ1lEVlFRRERCdGsKWlhabGJHOXdiV1Z1ZEM1MmRuQXVaWGhoYlhCc1pTNWpiMjB3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQgpEd0F3Z2dFS0FvSUJBUUNrdk5HWGUrYmR2TDJrdnJQMkwzV0FCdDJXQ0ZvWjJQbjhQeDBlRXNSaUpIVkQwZVd6CnJnSllIRkp1MEMwY0s5TllTS3hWVkk4TG5LSDdOeTVNRmZNNFRxeXIzVUVPTHMrZlN3YUFxTTV0U3laVS90RUsKcmFjdEE3Ymk5ZkRrMmxrY3MrTEx1Wk1xR1BaMzdVWmNad3NVUTBCT05IUDY2OExxa1dxVDloTkxJTjRlaklucgozMldBM1k3aFBOZDhDaitBYUx0MXgyY1hZemk5aHJFNWwzaDlvZmtPcFhzZ0R6ZUlIbHA0ako2a1hYUWY4VU01CjF2aXFhMkNXWEhCSEVHKzVlZnRMU2FlRTZMQWxOdDVJSjZMY1dFWmdOdFhyMmVzNExKQzNGalhydjBnYzA0Q3AKVTJPZml6cGJoVDExY0xHYWVYT3ExY1VDWE5JYjRGY0pBcG9YQWdNQkFBRXdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQUZHUERHOWl1ckFoVUtiRmtZOTd4TEE0NDNVMDFiZHdpN2VBVDVUOXFvL1J6T3djYnVLV1hWbTFrNUhLCkNRTzgxbmxMcUxRd2hJMSt1VFRtUjQxZXB1Snh5R0lhRGdVeVNCKzhmTHp5UlNJRmF4S0QrVWVWUGdpcEROWnMKaDBzS1NLck82TW9Xek1MVVl2ZFpSdzZWSWMrVXBTQ3FQWStGS1VCVUhadE1wU0ZMbmhIalJ2VmtpUDRWdkZYagpiN2pRekh1Z2h6ZUlUeWd3czQyZktLL01LN3dRNmJ5YU1WUmJQYlFLUEFYTnhkL1VyU1BlWCtSektSV09aNlI4ClVseXA3ZGV6WENQNzdVYVRaVHN4d2x1clBRSVpOTXNoRHhFL1NiV3QwUTFnMjhyajVLZkFqb1pzNVRnL2dtUTgKTExLSS9iMU92S29oYUFOR1o2V2U1VStjZWVVPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+---
+piVersion: v1
+kind: Secret
+metadata:
+ name: postgresql-passwords
+type: Opaque
+data:
+ emPassword: "ZW1fcG9zdGdyZXNwYXNz"
+ cmsPassword: "Y21zX3Bvc3RncmVzcGFzcw=="
+ ciPassword: "Y2lkYnBhc3M="
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: site-pem
+type: Opaque
+data:
+ site.pem: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFRENDQWZnQ0NRRGhhaFZLRTkvZVVqQU5CZ2txaGtpRzl3MEJBUXNGQURCS01SQXdEZ1lEVlFRS0RBZEYKZUdGdGNHeGxNUkF3RGdZRFZRUUxEQWRsZUdGdGNHeGxNU1F3SWdZRFZRUUREQnRrWlhabGJHOXdiV1Z1ZEM1MgpkbkF1WlhoaGJYQnNaUzVqYjIwd0hoY05NVGN4TWpJME1UVXpPVEEzV2hjTk1UZ3hNakkwTVRVek9UQTNXakJLCk1SQXdEZ1lEVlFRS0RBZEZlR0Z0Y0d4bE1SQXdEZ1lEVlFRTERBZGxlR0Z0Y0d4bE1TUXdJZ1lEVlFRRERCdGsKWlhabGJHOXdiV1Z1ZEM1MmRuQXVaWGhoYlhCc1pTNWpiMjB3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQgpEd0F3Z2dFS0FvSUJBUUNrdk5HWGUrYmR2TDJrdnJQMkwzV0FCdDJXQ0ZvWjJQbjhQeDBlRXNSaUpIVkQwZVd6CnJnSllIRkp1MEMwY0s5TllTS3hWVkk4TG5LSDdOeTVNRmZNNFRxeXIzVUVPTHMrZlN3YUFxTTV0U3laVS90RUsKcmFjdEE3Ymk5ZkRrMmxrY3MrTEx1Wk1xR1BaMzdVWmNad3NVUTBCT05IUDY2OExxa1dxVDloTkxJTjRlaklucgozMldBM1k3aFBOZDhDaitBYUx0MXgyY1hZemk5aHJFNWwzaDlvZmtPcFhzZ0R6ZUlIbHA0ako2a1hYUWY4VU01CjF2aXFhMkNXWEhCSEVHKzVlZnRMU2FlRTZMQWxOdDVJSjZMY1dFWmdOdFhyMmVzNExKQzNGalhydjBnYzA0Q3AKVTJPZml6cGJoVDExY0xHYWVYT3ExY1VDWE5JYjRGY0pBcG9YQWdNQkFBRXdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQUZHUERHOWl1ckFoVUtiRmtZOTd4TEE0NDNVMDFiZHdpN2VBVDVUOXFvL1J6T3djYnVLV1hWbTFrNUhLCkNRTzgxbmxMcUxRd2hJMSt1VFRtUjQxZXB1Snh5R0lhRGdVeVNCKzhmTHp5UlNJRmF4S0QrVWVWUGdpcEROWnMKaDBzS1NLck82TW9Xek1MVVl2ZFpSdzZWSWMrVXBTQ3FQWStGS1VCVUhadE1wU0ZMbmhIalJ2VmtpUDRWdkZYagpiN2pRekh1Z2h6ZUlUeWd3czQyZktLL01LN3dRNmJ5YU1WUmJQYlFLUEFYTnhkL1VyU1BlWCtSektSV09aNlI4ClVseXA3ZGV6WENQNzdVYVRaVHN4d2x1clBRSVpOTXNoRHhFL1NiV3QwUTFnMjhyajVLZkFqb1pzNVRnL2dtUTgKTExLSS9iMU92S29oYUFOR1o2V2U1VStjZWVVPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCgotLS0tLUJFR0lOIFBSSVZBVEUgS0VZLS0tLS0KTUlJRXZRSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2N3Z2dTakFnRUFBb0lCQVFDa3ZOR1hlK2Jkdkwyawp2clAyTDNXQUJ0MldDRm9aMlBuOFB4MGVFc1JpSkhWRDBlV3pyZ0pZSEZKdTBDMGNLOU5ZU0t4VlZJOExuS0g3Ck55NU1GZk00VHF5cjNVRU9McytmU3dhQXFNNXRTeVpVL3RFS3JhY3RBN2JpOWZEazJsa2NzK0xMdVpNcUdQWjMKN1VaY1p3c1VRMEJPTkhQNjY4THFrV3FUOWhOTElONGVqSW5yMzJXQTNZN2hQTmQ4Q2orQWFMdDF4MmNYWXppOQpockU1bDNoOW9ma09wWHNnRHplSUhscDRqSjZrWFhRZjhVTTUxdmlxYTJDV1hIQkhFRys1ZWZ0TFNhZUU2TEFsCk50NUlKNkxjV0VaZ050WHIyZXM0TEpDM0ZqWHJ2MGdjMDRDcFUyT2ZpenBiaFQxMWNMR2FlWE9xMWNVQ1hOSWIKNEZjSkFwb1hBZ01CQUFFQ2dnRUFmaXVua3cvd2FBK3daOGN2YWZRN1dBenFGWWpjQ1VQbllzeXI3bWFOUm1XSgo4cUdGL2pIZDFjSUxXSmZVbE9qeiszL2RqWlV2NGNMYlJONmtkTjJ5NUlOTk9HeEM4U3ZsRkttUGwyYXlnMzYxCkl3L3U1dkROUTJxKzNlRmoyTU5xME5MdGR2N3d1YU5ZMGMxR3dHcWpUNmVhVHN0WnNPcDA1TmJ1KzlmU093ejgKcHJFOUVxU2FpbHBjMFpIMDNUb0JDY1ZpTFBRN0RDeWkzd0QvTHFaWXlqbnNKdnBWVjFGV2paTWRNQjVCTHlQNQp2Wkg5Qk1iQ0Eva2YrUDVYVjBtUU9rcWk3OVN0bEhHc21id3A5YzVEUnZiUHZ3TWdsdUpqVDRRNXZldXNtY1ozClF4ZGpXVVpLeXZUU2w2QmFVV0tmSkxhMGhPWHR1UXB5VHhhMDY3S1RNUUtCZ1FEU2tTUXM4aGhnYVhMQVJDMWUKcWwxK29ZNVNjckxVb3dBbHJoNXYxRjlzcTAyNEkrRXRPa3dUZHZkbDNTQjg0bmhyRDVZQ2JhcXlWRi9uNFRaQQpoMnZkUHVsZ3pOT0FPQUh5bjQyanpuQm5kcWtqaXQrdUhOUVBWVjA3bzVwaDk1N05DT25XNFFPZ01IeFhrbDRzCllROTlVYkJmTmdwTC9PY0NUOWhFbnl3d3pRS0JnUURJU0QvV2poMFZ3Nmd0VXlUcjFUMlQ0S3FzS09HTXNIZ1gKbWVqRkJnQVpoeTNSQTRxSnBLWkdPOWUyK0VvMWRSN1ErVjIzOXhaVy9WdEZDcmdLYUNENm9EWFFQM0grcC93VgpvRXozbDJoMWRrSmxYSVd1Z1ZUY05uOGNHeU1TUi9BMUEycFVQNkMwRTJqSTFXWURpT2VQdnFSVTZpczE4dGYwCkNwMjdnNU5tY3dLQmdGSEUvMUZjNms1MlpKTjVaa3oreDdQbk5RZWJkd3JRQ2J5WU0wV21LVEJnRFp4V2dwazMKckZkYXVaUWJIUVNpUmJUOXBubG04UVN6YzFMdXlFeWl5aVp1eWQ1SGJGSzhiVFUwOUtJS0J1aUcwZ1AxYUF1TApNbWFKOWR5MUdieTFsanQxSEtuUFU4TWZVUW9JMHYxVTY5ajBvaE0zUHlSbkg2WnNMMFhtc2hoNUFvR0FZT0tLCmR5a0NLdUFlUCtiRHFvM2FIdW9FeGdsMHFwRkhWdXR1TGJrc1hTMEdYZURmcUp3TWoxY3RqK1ptUjV2amoyWEMKRDFjbzZHWGhPL0htZTZwSm9kUFVsR3ZNb2tyeTZDZEdkRk03QmU5eVNRUkw2dEhIa2t1T2k3TVk4U1A1c0R0NQp1VTJhV09JMncwaHY4Ky9MVEw4RlVjcUJvclJhQVVVTmJvTkV6NzhDZ1lFQXF0bXI0YmJYeWRnNFpFckY5c2ZWCkh4NUhZdDQweU1QajJrR3hSWm9uQXYvaXBwaHpCNFRXZmZFckdCNlgvdzNnUWpla2Z6S2pFNU5rSGVvMytEQisKbzFqc1BySXhrcFlYSzAydlNWN3RZdnlaczBBWGlGcm5sZFBkSzlhNHRtWHhhZEQwZm1OSkxmU0hwd0tVNXdQagpOR2UzUG5rT1pMUlQ4MHVPWkVpMUx4Zz0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo="
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: haproxy-auth
+type: Opaque
+data:
+ user: "aGFwcm94eXVzZXI="
+ pass: "aGFwcm94eXBhc3M="
+
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ volumeMounts:
+ - mountPath: /tmp/
+ name: portal-nginx-config
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ command: ["nginx", "-g", "daemon off;", "-c", "/tmp/nginx.conf"]
+ volumes:
+ - name: portal-nginx-config
+ configMap:
+ name: portal-nginx-config
+ items:
+ - key: file
+ path: nginx.conf
+ - key: service_provider.json
+ path: service_provider.json
+ imagePullSecrets:
+ - name: onapkey
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- end}}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/vvp/portal:1.0.0-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ internalPort: 8181
+ externalPort: 8181
+
+ingress:
+ enabled: false
Code Review / oom.git / commitdiff