ba1997
commented
5 months ago Open ba1997 opened 5 months ago
ba1997
commented
5 months ago ba1997
commented
5 months ago makefile
# Licensed Materials - Property of IBM
# (C) Copyright IBM Corp. 2018 All Rights Reserved
# US Government Users Restricted Rights - Use, duplication or disclosure
# restricted by GSA ADP Schedule Contract with IBM Corp.
BINARIES = activity
SRC=$(shell find . -type f -name '*.go' -not -path "./vendor/*")
PACKAGE_LIST := $$(go list ./... | grep -v 'golang.org' | grep -v 'github.com' | grep -v 'gopkg.in')
all: fmt $(BINARIES)
fmt:
$(eval TMP=$(shell gofmt -l `find . -name '*.go'`))
@if [ ! -z "$(TMP)" ]; then \
/bin/echo "Please fix format issues in the following files:" ; \
/bin/echo "$(TMP)" ; \
fi
vet:
@go vet $(PACKAGE_LIST)
$(BINARIES): $(SRC)
@mkdir -p ../../bin
CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) go build -mod=readonly -tags=$(BUILD_TAGS) -a -o ../../bin/$@ ./cmd/$@activity-deployment.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: activity-svc
namespace: lbaas-svc
spec:
replicas: 3
selector:
matchLabels:
app: activity-svc
template:
metadata:
labels:
app: activity-svc
spec:
containers:
- name: activity-svc
image: "IMAGE_STRING"
imagePullPolicy: Always
resources:
requests:
memory: 500Mi
cpu: "0.5"
limits:
memory: 1Gi
cpu: "1"
env:
- name: REDEPLOY
value: "THIS_STRING_IS_REPLACED_DURING_BUILD"
- name: DEPLOYMENT_ENVIRONMENT
value: "production"
- name: DB_TYPE
valueFrom:
configMapKeyRef:
name: endpoints
key: DB_TYPE
- name: LBAASADMIN_DB_DSN
valueFrom:
secretKeyRef:
name: db-dsns
key: LBAASADMIN_DB_DSN
- name: WFADMIN_DB_DSN
valueFrom:
secretKeyRef:
name: db-dsns
key: WFADMIN_DB_DSN
- name: MY_POD_NAME # Required env variable for shared-event library.
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NESSUS_AGENT_LINKING_KEY
valueFrom:
secretKeyRef:
name: nessus-agent-linking-key
key: NESSUS_AGENT_LINKING_KEY
- name: NESSUS_AGENT_LINKING_HOST
valueFrom:
configMapKeyRef:
name: endpoints
key: NESSUS_AGENT_LINKING_HOST
- name: NESSUS_AGENT_LINKING_PORT
valueFrom:
configMapKeyRef:
name: endpoints
key: NESSUS_AGENT_LINKING_PORT
- name: NESSUS_AGENT_LINKING_GROUP
valueFrom:
configMapKeyRef:
name: endpoints
key: NESSUS_AGENT_LINKING_GROUP
- name: MAX_IDLE_CONNECTIONS
value: "5"
- name: MAX_OPEN_CONNECTIONS
value: "10"
- name: DB_LOG_MODE
value: "true"
- name: CONNECTION_MAX_LIFE_TIME
value: "5"
- name: DB_CHECK_INTERVAL
value: "20"
- name: DB_CHECK_RETRIES
value: "5"
- name: PAGERDUTY_ENABLE
value: "True"
- name: SOS_REST_CLIENT_TIMEOUT
value: "60"
- name: SG_REQUEST_TIME_OUT_SECONDS
value: "22"
- name: IAM_TOKEN_CACHE_TIME_LIMIT
value: "20"
- name: WORKFLOW_SERVICE_URL
valueFrom:
configMapKeyRef:
name: endpoints
key: WORKFLOW_SERVICE_URL
- name: CERTIFICATE_MANAGER_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: CERTIFICATE_MANAGER_ENDPOINT
- name: SECRETS_MANAGER_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: SECRETS_MANAGER_ENDPOINT
- name: IAAS_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: IAAS_ENDPOINT
- name: IAAS_ENDPOINT_FORMAT
valueFrom:
configMapKeyRef:
name: endpoints
key: IAAS_ENDPOINT_FORMAT
- name: DSR_IAAS_ENDPOINT_FORMAT
valueFrom:
configMapKeyRef:
name: endpoints
key: DSR_IAAS_ENDPOINT_FORMAT
- name: DNS_ZONE
valueFrom:
configMapKeyRef:
name: endpoints
key: DNS_ZONE
- name: PDNS_BASE_URL
valueFrom:
configMapKeyRef:
name: endpoints
key: PDNS_SERVICE_URL
- name: CIS_CRN
valueFrom:
secretKeyRef:
name: cis-configuration
key: CIS_CRN
- name: CIS_ZONE_ID
valueFrom:
secretKeyRef:
name: cis-configuration
key: CIS_ZONE_ID
- name: IAM_PROXY_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: IAM_PROXY_ENDPOINT
- name: IAM_PROXY_CLIENT_CERT_PATH
value: "/etc/ssl/certs/iam_proxy_certs/client.crt"
- name: IAM_PROXY_CLIENT_KEY_PATH
value: "/etc/ssl/certs/iam_proxy_certs/client.key"
- name: CA_CERT_PATH
value: "/etc/ssl/certs/ca.crt"
- name: IAM_URL
valueFrom:
configMapKeyRef:
name: endpoints
key: IAM_URL
- name: INTERNAL_IAAS_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: INTERNAL_IAAS_ENDPOINT
- name: SYSDIG_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: SYSDIG_ENDPOINT
- name: METRICS_ROUTER_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: METRICS_ROUTER_ENDPOINT
- name: HYPERSYNC_URL
valueFrom:
configMapKeyRef:
name: endpoints
key: HYPERSYNC_URL
- name: US_SOUTH_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: US_SOUTH_SYSDIG_MONITOR_API_TOKEN
- name: US_EAST_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: US_EAST_SYSDIG_MONITOR_API_TOKEN
- name: EU_GB_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: EU_GB_SYSDIG_MONITOR_API_TOKEN
- name: EU_DE_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: EU_DE_SYSDIG_MONITOR_API_TOKEN
- name: JP_TOK_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: JP_TOK_SYSDIG_MONITOR_API_TOKEN
- name: AU_SYD_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: AU_SYD_SYSDIG_MONITOR_API_TOKEN
- name: JP_OSA_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: JP_OSA_SYSDIG_MONITOR_API_TOKEN
- name: EU_FR2_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: EU_FR2_SYSDIG_MONITOR_API_TOKEN
- name: CA_TOR_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: CA_TOR_SYSDIG_MONITOR_API_TOKEN
- name: BR_SAO_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: BR_SAO_SYSDIG_MONITOR_API_TOKEN
- name: EU_ES_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: EU_ES_SYSDIG_MONITOR_API_TOKEN
- name: US_SOUTH_METRICS_ROUTER_IAM_API_KEY
valueFrom:
secretKeyRef:
name: metrics-router-secrets
key: US_SOUTH_METRICS_ROUTER_IAM_API_KEY
- name: US_EAST_METRICS_ROUTER_IAM_API_KEY
valueFrom:
secretKeyRef:
name: metrics-router-secrets
key: US_EAST_METRICS_ROUTER_IAM_API_KEY
- name: EU_GB_METRICS_ROUTER_IAM_API_KEY
valueFrom:
secretKeyRef:
name: metrics-router-secrets
key: EU_GB_METRICS_ROUTER_IAM_API_KEY
- name: EU_DE_METRICS_ROUTER_IAM_API_KEY
valueFrom:
secretKeyRef:
name: metrics-router-secrets
key: EU_DE_METRICS_ROUTER_IAM_API_KEY
- name: JP_TOK_METRICS_ROUTER_IAM_API_KEY
valueFrom:
secretKeyRef:
name: metrics-router-secrets
key: JP_TOK_METRICS_ROUTER_IAM_API_KEY
- name: AU_SYD_METRICS_ROUTER_IAM_API_KEY
valueFrom:
secretKeyRef:
name: metrics-router-secrets
key: AU_SYD_METRICS_ROUTER_IAM_API_KEY
- name: JP_OSA_METRICS_ROUTER_IAM_API_KEY
valueFrom:
secretKeyRef:
name: metrics-router-secrets
key: JP_OSA_METRICS_ROUTER_IAM_API_KEY
- name: EU_FR2_METRICS_ROUTER_IAM_API_KEY
valueFrom:
secretKeyRef:
name: metrics-router-secrets
key: EU_FR2_METRICS_ROUTER_IAM_API_KEY
- name: CA_TOR_METRICS_ROUTER_IAM_API_KEY
valueFrom:
secretKeyRef:
name: metrics-router-secrets
key: CA_TOR_METRICS_ROUTER_IAM_API_KEY
- name: BR_SAO_METRICS_ROUTER_IAM_API_KEY
valueFrom:
secretKeyRef:
name: metrics-router-secrets
key: BR_SAO_METRICS_ROUTER_IAM_API_KEY
- name: EU_ES_METRICS_ROUTER_IAM_API_KEY
valueFrom:
secretKeyRef:
name: metrics-router-secrets
key: EU_ES_METRICS_ROUTER_IAM_API_KEY
- name: US_SOUTH_SYSDIG_INSTANCE_ID
valueFrom:
configMapKeyRef:
name: sysdig-instance-id
key: US_SOUTH_SYSDIG_INSTANCE_ID
- name: US_EAST_SYSDIG_INSTANCE_ID
valueFrom:
configMapKeyRef:
name: sysdig-instance-id
key: US_EAST_SYSDIG_INSTANCE_ID
- name: CA_TOR_SYSDIG_INSTANCE_ID
valueFrom:
configMapKeyRef:
name: sysdig-instance-id
key: CA_TOR_SYSDIG_INSTANCE_ID
- name: BR_SAO_SYSDIG_INSTANCE_ID
valueFrom:
configMapKeyRef:
name: sysdig-instance-id
key: BR_SAO_SYSDIG_INSTANCE_ID
- name: EU_GB_SYSDIG_INSTANCE_ID
valueFrom:
configMapKeyRef:
name: sysdig-instance-id
key: EU_GB_SYSDIG_INSTANCE_ID
- name: EU_DE_SYSDIG_INSTANCE_ID
valueFrom:
configMapKeyRef:
name: sysdig-instance-id
key: EU_DE_SYSDIG_INSTANCE_ID
- name: EU_FR2_SYSDIG_INSTANCE_ID
valueFrom:
configMapKeyRef:
name: sysdig-instance-id
key: EU_FR2_SYSDIG_INSTANCE_ID
- name: EU_ES_SYSDIG_INSTANCE_ID
valueFrom:
configMapKeyRef:
name: sysdig-instance-id
key: EU_ES_SYSDIG_INSTANCE_ID
- name: AU_SYD_SYSDIG_INSTANCE_ID
valueFrom:
configMapKeyRef:
name: sysdig-instance-id
key: AU_SYD_SYSDIG_INSTANCE_ID
- name: JP_TOK_SYSDIG_INSTANCE_ID
valueFrom:
configMapKeyRef:
name: sysdig-instance-id
key: JP_TOK_SYSDIG_INSTANCE_ID
- name: JP_OSA_SYSDIG_INSTANCE_ID
valueFrom:
configMapKeyRef:
name: sysdig-instance-id
key: JP_OSA_SYSDIG_INSTANCE_ID
- name: HYPERSYNC_PUBLISHER
valueFrom:
secretKeyRef:
name: service-account-secret
key: HYPERSYNC_PUBLISHER
- name: ES_USERNAMES_BY_REGION
valueFrom:
secretKeyRef:
name: service-account-secret
key: ES_USERNAMES_BY_REGION
- name: ES_PASSWORDS_BY_REGION
valueFrom:
secretKeyRef:
name: service-account-secret
key: ES_PASSWORDS_BY_REGION
- name: FIM_AGENT_PASSWORD
valueFrom:
secretKeyRef:
name: service-account-secret
key: FIM_AGENT_PASSWORD
- name: INSTANCE_GROUP_SERVICE_ID
valueFrom:
configMapKeyRef:
name: endpoints
key: INSTANCE_GROUP_SERVICE_ID
- name: SOS_INVENTORY_USERNAME
valueFrom:
secretKeyRef:
name: service-account-secret
key: SOS_INVENTORY_USERNAME
- name: SOS_INVENTORY_ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: service-account-secret
key: SOS_INVENTORY_ACCESS_TOKEN
- name: SOS_INVENTORY_VERSION
valueFrom:
configMapKeyRef:
name: endpoints
key: SOS_INVENTORY_VERSION
- name: SOS_INVENTORY_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: SOS_INVENTORY_ENDPOINT
- name: METERING_COLLECTOR_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: METERING_COLLECTOR_ENDPOINT
- name: NEXTGEN_IAAS_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: NEXTGEN_IAAS_ENDPOINT
- name: RIAS_QUERY_PARAM
valueFrom:
configMapKeyRef:
name: endpoints
key: RIAS_QUERY_PARAM
- name: RESERVED_IP_API_VERSION
valueFrom:
configMapKeyRef:
name: endpoints
key: RESERVED_IP_API_VERSION
- name: US_SOUTH_LOGDNA_INGESTION_KEY
valueFrom:
secretKeyRef:
name: logdna-secrets
key: US_SOUTH_LOGDNA_INGESTION_KEY
- name: US_EAST_LOGDNA_INGESTION_KEY
valueFrom:
secretKeyRef:
name: logdna-secrets
key: US_EAST_LOGDNA_INGESTION_KEY
- name: EU_GB_LOGDNA_INGESTION_KEY
valueFrom:
secretKeyRef:
name: logdna-secrets
key: EU_GB_LOGDNA_INGESTION_KEY
- name: EU_DE_LOGDNA_INGESTION_KEY
valueFrom:
secretKeyRef:
name: logdna-secrets
key: EU_DE_LOGDNA_INGESTION_KEY
- name: JP_TOK_LOGDNA_INGESTION_KEY
valueFrom:
secretKeyRef:
name: logdna-secrets
key: JP_TOK_LOGDNA_INGESTION_KEY
- name: AU_SYD_LOGDNA_INGESTION_KEY
valueFrom:
secretKeyRef:
name: logdna-secrets
key: AU_SYD_LOGDNA_INGESTION_KEY
- name: JP_OSA_LOGDNA_INGESTION_KEY
valueFrom:
secretKeyRef:
name: logdna-secrets
key: JP_OSA_LOGDNA_INGESTION_KEY
- name: EU_FR2_LOGDNA_INGESTION_KEY
valueFrom:
secretKeyRef:
name: logdna-secrets
key: EU_FR2_LOGDNA_INGESTION_KEY
- name: CA_TOR_LOGDNA_INGESTION_KEY
valueFrom:
secretKeyRef:
name: logdna-secrets
key: CA_TOR_LOGDNA_INGESTION_KEY
- name: BR_SAO_LOGDNA_INGESTION_KEY
valueFrom:
secretKeyRef:
name: logdna-secrets
key: BR_SAO_LOGDNA_INGESTION_KEY
- name: EU_ES_LOGDNA_INGESTION_KEY
valueFrom:
secretKeyRef:
name: logdna-secrets
key: EU_ES_LOGDNA_INGESTION_KEY
- name: APPLIANCE_INTERNAL_API_KEY
valueFrom:
secretKeyRef:
name: service-account-secret
key: APPLIANCE_INTERNAL_API_KEY
- name: GHOST_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: GHOST_ENDPOINT
- name: MP_BROKER_USERNAME_BY_REGION
valueFrom:
secretKeyRef:
name: metric-publisher-secrets
key: MP_BROKER_USERNAME_BY_REGION
- name: MP_BROKER_PASSWORD_BY_REGION
valueFrom:
secretKeyRef:
name: metric-publisher-secrets
key: MP_BROKER_PASSWORD_BY_REGION
- name: BASE_CERTS_DIR
value: "/etc/ssl/certs/"
- name: CA_CERT_DIR
value: "/etc/ssl/certs/"
- name: METRIC_PUBLISHER_CONF_FILE
value: "/metric-publisher-configs/config"
- name: DOWNLOAD_APPLIANCE_IMAGE_CONF_FILE
value: "/download-appliance-image-configs/config"
- name: SYSDIG_INSTANCE_ID_BY_REGION
valueFrom:
configMapKeyRef:
name: sysdig-instance-id
key: SYSDIG_INSTANCE_ID_BY_REGION
volumeMounts:
- name: ca-certs
mountPath: "/etc/ssl/certs/"
readOnly: true
- name: api-certs
mountPath: "/etc/ssl/certs/api_certs/"
readOnly: true
- name: activity-certs
mountPath: "/etc/ssl/certs/activity_certs/"
readOnly: true
- name: iam-proxy-certs
mountPath: "/etc/ssl/certs/iam_proxy_certs/"
readOnly: true
- name: workflow-certs
mountPath: "/etc/ssl/certs/workflow_certs/"
readOnly: true
- name: db-cert
mountPath: "/etc/ssl/certs/db-cert/"
readOnly: true
- name: event-streams
mountPath: "/etc/event-streams/" #By default readOnly option is false for the volume mount.
- name: metric-publisher-configs
mountPath: "/metric-publisher-configs"
- name: download-appliance-image-configs
mountPath: "/download-appliance-image-configs"
volumes:
- name: ca-certs
secret:
secretName: ca-ssl-certs
- name: api-certs
secret:
secretName: api-ssl-certs
- name: activity-certs
secret:
secretName: activity-ssl-certs
- name: workflow-certs
secret:
secretName: workflow-ssl-certs
- name: iam-proxy-certs
secret:
secretName: iam-proxy-ssl-certs
- name: db-cert
secret:
secretName: db-cert
- name: event-streams
emptyDir: {} # Creating an emptyDir volume. Ref: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
- name: metric-publisher-configs
configMap:
name: metric-publisher-configs
- name: download-appliance-image-configs
configMap:
name: download-appliance-image-configsactivity-service.yaml
---
apiVersion: v1
kind: Service
metadata:
name: activity-svc
namespace: lbaas-svc
spec:
selector:
app: activity-svc
ports:
- port: 9092