ba1997
commented
8 months ago Open ba1997 opened 8 months ago
ba1997
commented
8 months ago ba1997
commented
8 months ago api-deployment.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-svc
namespace: lbaas-svc
spec:
replicas: 6
selector:
matchLabels:
app: api-svc
template:
metadata:
labels:
app: api-svc
spec:
containers:
- name: api-svc
image: "IMAGE_STRING"
imagePullPolicy: Always
resources:
requests:
memory: 500Mi
cpu: "0.5"
limits:
memory: 1Gi
cpu: "1"
env:
- name: REDEPLOY
value: "THIS_STRING_IS_REPLACED_DURING_BUILD"
- name: DB_TYPE
valueFrom:
configMapKeyRef:
name: endpoints
key: DB_TYPE
- name: LBAASADMIN_DB_DSN
valueFrom:
secretKeyRef:
name: db-dsns
key: LBAASADMIN_DB_DSN
- name: WFADMIN_DB_DSN
valueFrom:
secretKeyRef:
name: db-dsns
key: WFADMIN_DB_DSN
- name: MY_POD_NAME # Required env variable for shared-event library.
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MAX_IDLE_CONNECTIONS
value: "10"
- name: MAX_OPEN_CONNECTIONS
value: "30"
- name: DB_LOG_MODE
value: "true"
- name: CONNECTION_MAX_LIFE_TIME
value: "5"
- name: DB_CHECK_INTERVAL
value: "20"
- name: DB_CHECK_RETRIES
value: "5"
- name: PAGERDUTY_ENABLE
value: "True"
- name: SOS_REST_CLIENT_TIMEOUT
value: "60"
- name: BETA_WHITELISTED_ACCOUNTS
valueFrom:
secretKeyRef:
name: beta-accounts
key: BETA_WHITELISTED_ACCOUNTS
- name: WORKFLOW_SERVICE_URL
valueFrom:
configMapKeyRef:
name: endpoints
key: WORKFLOW_SERVICE_URL
- name: IAM_PROXY_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: IAM_PROXY_ENDPOINT
- name: IAM_URL
valueFrom:
configMapKeyRef:
name: endpoints
key: IAM_URL
- name: INTERNAL_IAAS_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: INTERNAL_IAAS_ENDPOINT
- name: SYSDIG_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: SYSDIG_ENDPOINT
- name: GLOBAL_CATALOG_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: GLOBAL_CATALOG_ENDPOINT
- name: RESOURCE_PLAN_ID
valueFrom:
configMapKeyRef:
name: endpoints
key: RESOURCE_PLAN_ID
- name: RESOURCE_PLAN_ID_GEN_2
valueFrom:
configMapKeyRef:
name: endpoints
key: RESOURCE_PLAN_ID_GEN_2
- name: RESOURCE_PLAN_NLB_ID_GEN_2
valueFrom:
configMapKeyRef:
name: endpoints
key: RESOURCE_PLAN_NLB_ID_GEN_2
- name: CERTIFICATE_MANAGER_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: CERTIFICATE_MANAGER_ENDPOINT
- name: SECRETS_MANAGER_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: SECRETS_MANAGER_ENDPOINT
- name: IAAS_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: IAAS_ENDPOINT
- name: IAAS_ENDPOINT_FORMAT
valueFrom:
configMapKeyRef:
name: endpoints
key: IAAS_ENDPOINT_FORMAT
- name: DSR_IAAS_ENDPOINT_FORMAT
valueFrom:
configMapKeyRef:
name: endpoints
key: DSR_IAAS_ENDPOINT_FORMAT
- name: RESOURCE_CONTROLLER_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: RESOURCE_CONTROLLER_ENDPOINT
- name: SOS_INVENTORY_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: SOS_INVENTORY_ENDPOINT
- name: US_SOUTH_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: US_SOUTH_SYSDIG_MONITOR_API_TOKEN
- name: US_EAST_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: US_EAST_SYSDIG_MONITOR_API_TOKEN
- name: EU_GB_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: EU_GB_SYSDIG_MONITOR_API_TOKEN
- name: EU_DE_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: EU_DE_SYSDIG_MONITOR_API_TOKEN
- name: JP_TOK_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: JP_TOK_SYSDIG_MONITOR_API_TOKEN
- name: AU_SYD_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: AU_SYD_SYSDIG_MONITOR_API_TOKEN
- name: JP_OSA_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: JP_OSA_SYSDIG_MONITOR_API_TOKEN
- name: EU_FR2_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: EU_FR2_SYSDIG_MONITOR_API_TOKEN
- name: CA_TOR_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: CA_TOR_SYSDIG_MONITOR_API_TOKEN
- name: BR_SAO_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: BR_SAO_SYSDIG_MONITOR_API_TOKEN
- name: EU_ES_SYSDIG_MONITOR_API_TOKEN
valueFrom:
secretKeyRef:
name: sysdig-secrets
key: EU_ES_SYSDIG_MONITOR_API_TOKEN
- name: DNS_ZONE
valueFrom:
configMapKeyRef:
name: endpoints
key: DNS_ZONE
- name: PDNS_BASE_URL
valueFrom:
configMapKeyRef:
name: endpoints
key: PDNS_SERVICE_URL
- name: DNS_STAGE_API_KEY
valueFrom:
secretKeyRef:
name: service-account-secret
key: DNS_STAGE_API_KEY
- name: CIS_CRN
valueFrom:
secretKeyRef:
name: cis-configuration
key: CIS_CRN
- name: CIS_ZONE_ID
valueFrom:
secretKeyRef:
name: cis-configuration
key: CIS_ZONE_ID
- name: HYPERSYNC_URL
valueFrom:
configMapKeyRef:
name: endpoints
key: HYPERSYNC_URL
- name: HYPERSYNC_PUBLISHER
valueFrom:
secretKeyRef:
name: service-account-secret
key: HYPERSYNC_PUBLISHER
- name: SOS_INVENTORY_USERNAME
valueFrom:
secretKeyRef:
name: service-account-secret
key: SOS_INVENTORY_USERNAME
- name: SOS_INVENTORY_ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: service-account-secret
key: SOS_INVENTORY_ACCESS_TOKEN
- name: SOS_INVENTORY_VERSION
valueFrom:
configMapKeyRef:
name: endpoints
key: SOS_INVENTORY_VERSION
- name: ES_USERNAMES_BY_REGION
valueFrom:
secretKeyRef:
name: service-account-secret
key: ES_USERNAMES_BY_REGION
- name: ES_PASSWORDS_BY_REGION
valueFrom:
secretKeyRef:
name: service-account-secret
key: ES_PASSWORDS_BY_REGION
- name: NEXTGEN_IAAS_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: NEXTGEN_IAAS_ENDPOINT
- name: INSTANCE_GROUP_SERVICE_ID
valueFrom:
configMapKeyRef:
name: endpoints
key: INSTANCE_GROUP_SERVICE_ID
- name: RIAS_QUERY_PARAM
valueFrom:
configMapKeyRef:
name: endpoints
key: RIAS_QUERY_PARAM
- name: RESERVED_IP_API_VERSION
valueFrom:
configMapKeyRef:
name: endpoints
key: RESERVED_IP_API_VERSION
- name: METERING_COLLECTOR_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: METERING_COLLECTOR_ENDPOINT
- name: COMPLIANCE_ENDPOINT
valueFrom:
configMapKeyRef:
name: endpoints
key: COMPLIANCE_ENDPOINT
- name: CBR_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: cbr-manager-secrets
key: CBR_CLIENT_SECRET
- name: CBR_SERVICENAME
value: "is"
- name: CBR_CLIENT_ID
value: "is.load-balancer"
- name: DEPLOYMENT_ENVIRONMENT
value: "production"
- name: BASE_CERTS_DIR
value: "/etc/ssl/certs/"
- name: CA_CERT_DIR
value: "/etc/ssl/certs/"
- name: BACKEND_ENCRYPTION_ENABLED
value: "true"
- name: PROXY_PROTOCOL_ENABLED
value: "true"
- name: DATA_LOG_ENABLED
value: "true"
- name: WORKFLOW_LIMIT_CONF_FILE
value: "/workflow-limit-configs/config"
- name: SG_REQUEST_TIME_OUT_SECONDS
value: "22"
- name: DOWNLOAD_APPLIANCE_IMAGE_CONF_FILE
value: "/download-appliance-image-configs/config"
- name: MAX_VSI_COUNT
value: "16"
volumeMounts:
- name: ca-certs
mountPath: "/etc/ssl/certs/"
readOnly: true
- name: api-certs
mountPath: "/etc/ssl/certs/api_certs/"
readOnly: true
- name: activity-certs
mountPath: "/etc/ssl/certs/activity_certs/"
readOnly: true
- name: iam-proxy-certs
mountPath: "/etc/ssl/certs/iam_proxy_certs/"
readOnly: true
- name: workflow-certs
mountPath: "/etc/ssl/certs/workflow_certs/"
readOnly: true
- name: db-cert
mountPath: "/etc/ssl/certs/db-cert/"
readOnly: true
- name: event-streams
mountPath: "/etc/event-streams/" #By default readOnly option is false for the volume mount.
- name: workflow-limit-configs
mountPath: "/workflow-limit-configs"
- name: download-appliance-image-configs
mountPath: "/download-appliance-image-configs"
volumes:
- name: ca-certs
secret:
secretName: ca-ssl-certs
- name: api-certs
secret:
secretName: api-ssl-certs
- name: activity-certs
secret:
secretName: activity-ssl-certs
- name: workflow-certs
secret:
secretName: workflow-ssl-certs
- name: iam-proxy-certs
secret:
secretName: iam-proxy-ssl-certs
- name: db-cert
secret:
secretName: db-cert
- name: event-streams
emptyDir: {} # Creating an emptyDir volume. Ref: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
- name: workflow-limit-configs
configMap:
name: workflow-limit-configs
- name: download-appliance-image-configs
configMap:
name: download-appliance-image-configsapi-service.yaml
---
apiVersion: v1
kind: Service
metadata:
name: api-svc
namespace: lbaas-svc
spec:
selector:
app: api-svc
ports:
- port: 9091
-Makefile
# Licensed Materials - Property of IBM
# (C) Copyright IBM Corp. 2018 All Rights Reserved
# US Government Users Restricted Rights - Use, duplication or disclosure
# restricted by GSA ADP Schedule Contract with IBM Corp.
BINARY = api
SRC=$(shell find . -type f -name '*.go' -not -path "./vendor/*")
PACKAGE_LIST := $$(go list ./... | grep -v 'golang.org' | grep -v 'github.com' | grep -v 'gopkg.in')
all: fmt $(BINARY)
fmt:
$(eval TMP=$(shell gofmt -l `find . -name '*.go'`))
@if [ ! -z "$(TMP)" ]; then \
/bin/echo "Please fix format issues in the following files:" ; \
/bin/echo "$(TMP)" ; \
fi
vet:
@go vet $(PACKAGE_LIST)
$(BINARY): $(SRC)
@mkdir -p ../../bin
CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) go build -mod=readonly -tags=$(BUILD_TAGS) -a -o ../../bin/$@ ./cmd/$@
clean:
@rm ../../bin/api
.PHONY: all clean $(BINARY)