Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
C
CONF
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
UvA
CONF
Commits
827943f1
Commit
827943f1
authored
Nov 17, 2020
by
Spiros Koulouzis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
push working version
parent
b25dc0e4
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
152 additions
and
73 deletions
+152
-73
mongo-express-deployment.yaml
k8s/CONF/DBs/mongo-express-deployment.yaml
+0
-44
manager-deployment.yaml
k8s/CONF/manager-deployment.yaml
+2
-2
nginx-configmap.yaml
k8s/CONF/nginx-configmap.yaml
+144
-25
provisioner-deployment.yaml
k8s/CONF/provisioner-deployment.yaml
+5
-1
semaphore-deployment.yaml
k8s/CONF/semaphore-deployment.yaml
+1
-1
No files found.
k8s/CONF/DBs/mongo-express-deployment.yaml
deleted
100644 → 0
View file @
b25dc0e4
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
namespace
:
conf
annotations
:
kompose.cmd
:
kompose convert
kompose.version
:
1.16.0 (0c01309)
creationTimestamp
:
null
labels
:
io.kompose.service
:
mongo-express
name
:
mongo-express
spec
:
selector
:
matchLabels
:
io.kompose.service
:
mongo-express
replicas
:
1
strategy
:
{}
template
:
metadata
:
creationTimestamp
:
null
labels
:
io.kompose.service
:
mongo-express
spec
:
containers
:
-
env
:
-
name
:
ME_CONFIG_BASICAUTH_PASSWORD
value
:
pass
-
name
:
ME_CONFIG_BASICAUTH_USERNAME
value
:
user
-
name
:
ME_CONFIG_MONGODB_PORT
value
:
"
27017"
-
name
:
ME_CONFIG_MONGODB_SERVER
value
:
mongo
-
name
:
ME_CONFIG_SITE_BASEURL
value
:
/mongo-express
-
name
:
VCAP_APP_PORT
value
:
"
8082"
image
:
mongo-express
name
:
mongo-express
ports
:
-
containerPort
:
8082
resources
:
{}
restartPolicy
:
Always
status
:
{}
k8s/CONF/manager-deployment.yaml
View file @
827943f1
...
@@ -36,8 +36,8 @@ spec:
...
@@ -36,8 +36,8 @@ spec:
-
name
:
SURE_TOSCA_BASE_PATH
-
name
:
SURE_TOSCA_BASE_PATH
value
:
http://sure-tosca:8081/tosca-sure/1.0.0
value
:
http://sure-tosca:8081/tosca-sure/1.0.0
-
name
:
CREDENTIAL_SECRET
-
name
:
CREDENTIAL_SECRET
value
:
top_secret
value
:
MGY0MGQ1MDFkYzg5ZGIxYjY4MjQ4MzQz
image
:
qcdis/manager
:3.0.0
image
:
qcdis/manager
name
:
manager
name
:
manager
imagePullPolicy
:
Always
imagePullPolicy
:
Always
ports
:
ports
:
...
...
k8s/CONF/nginx-configmap.yaml
View file @
827943f1
apiVersion
:
v1
apiVersion
:
v1
kind
:
ConfigMap
kind
:
ConfigMap
metadata
:
metadata
:
name
:
nginx-conf
name
:
nginx-config
namespace
:
conf
data
:
data
:
htpasswd
:
|
alogo:$apr1$pbMniSeq$m4PZevv7VLULQLhiD2V2R0
conf_user:$apr1$sDBv9ugd$AV7m5Jeg0463jXaBxiZDs.
articonf_ui:$apr1$qFaau5L2$xgO53tciXFlrL/Z61nrzP.
deploy_tester:$apr1$k/SfT3BS$PtccoOeG87XErtNGtyM7r/
nginx.conf
:
|
nginx.conf
:
|
worker_processes auto;
worker_processes auto;
...
@@ -13,18 +21,19 @@ data:
...
@@ -13,18 +21,19 @@ data:
}
}
http {
http {
proxy_connect_timeout 1200;
proxy_send_timeout 1200;
proxy_read_timeout 1200;
send_timeout 1200;
tcp_nodelay on;
tcp_nodelay on;
# this is necessary for us to be able to disable request buffering in all cases
proxy_http_version 1.1;
proxy_http_version 1.1;
upstream semaphore {
upstream semaphore {
server semaphore:3000;
server semaphore:3000;
}
}
# upstream sure-tosca {
# server sure-tosca:8081;
# }
server {
server {
listen [::]:80 default_server;
listen [::]:80 default_server;
...
@@ -39,26 +48,27 @@ data:
...
@@ -39,26 +48,27 @@ data:
listen 443 ssl;
listen 443 ssl;
server_name _;
server_name _;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000" always;
add_header Strict-Transport-Security "max-age=31536000" always;
# SSL
# SSL
ssl_certificate /etc/nginx/cert/cert.pem;
ssl_certificate /etc/nginx/cert.pem;
ssl_certificate_key /etc/nginx/cert/privkey.pem;
ssl_certificate_key /etc/nginx/privkey.pem;
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_cache shared:SSL:10m;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;
chunked_transfer_encoding on;
location / {
location / {
add_header 'Access-Control-Allow-Origin' *;
proxy_pass http://semaphore/;
proxy_pass http://semaphore/;
proxy_set_header Host $http_host;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
...
@@ -71,6 +81,7 @@ data:
...
@@ -71,6 +81,7 @@ data:
}
}
location /api/ws {
location /api/ws {
add_header 'Access-Control-Allow-Origin' *;
proxy_pass http://semaphore/api/ws;
proxy_pass http://semaphore/api/ws;
proxy_http_version 1.1;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
...
@@ -79,8 +90,22 @@ data:
...
@@ -79,8 +90,22 @@ data:
}
}
location /tosca-sure/1.0.0/ {
location /tosca-sure/1.0.0 {
proxy_pass http://sure-tosca:8081/tosca-sure/1.0.0/;
add_header 'Access-Control-Allow-Origin' *;
proxy_pass http://sure-tosca:8081/tosca-sure/1.0.0;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /manager {
add_header 'Access-Control-Allow-Origin' *;
proxy_pass http://manager:8080/manager;
proxy_set_header Host $http_host;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
...
@@ -91,8 +116,9 @@ data:
...
@@ -91,8 +116,9 @@ data:
proxy_request_buffering off;
proxy_request_buffering off;
}
}
location /manager/ {
location /swagger-ui.html {
proxy_pass http:///manager:8080/manager;
add_header 'Access-Control-Allow-Origin' *;
proxy_pass http://manager:8080/swagger-ui.html;
proxy_set_header Host $http_host;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
...
@@ -102,17 +128,110 @@ data:
...
@@ -102,17 +128,110 @@ data:
proxy_buffering off;
proxy_buffering off;
proxy_request_buffering off;
proxy_request_buffering off;
}
}
location /mongo-express {
proxy_pass http://mongo-express:8082/mongo-express;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
}
}
location /rabbit {
proxy_pass http://rabbit:15672/#/queues;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
}
}
}
}
cert.pem
:
|
cert.pem
:
|
second file
-----BEGIN CERTIFICATE-----
contents
MIIFezCCA2OgAwIBAgIUROYyFnRFb0q04tViEuDvyQnmR34wDQYJKoZIhvcNAQEL
BQAwTTEOMAwGA1UECgwFcWNkaXMxDjAMBgNVBAsMBXFjZGlzMSswKQYDVQQDDCJ1
bmEubmwvYW5zaWJsZS1zZW1hcGhvcmUvc2VtYXBob3JlMB4XDTIwMDUwOTExMzkx
NFoXDTIwMDYwODExMzkxNFowTTEOMAwGA1UECgwFcWNkaXMxDjAMBgNVBAsMBXFj
ZGlzMSswKQYDVQQDDCJ1bmEubmwvYW5zaWJsZS1zZW1hcGhvcmUvc2VtYXBob3Jl
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApYMrTifbMSXSb8nQycX8
LYfYbYZW4Pm1b/lw1RwC5WI3G4o0NxEJPvLiHuceva/70FwohT1l+qs26moeISzN
30TFkNMvVhWCDC3E8+K1Ik2/oGLVSJcB4v+9DkXH3Z7BeEjZaR58sl8SlUtYoCB9
feLIagYyiLv/IthxR4MEeARjhvZfOST7Y5AQaQ0/wR7KNmKyiWzfNgsL9LmXkWMr
qrd1ldrW9+JnFqhzCeuaoJ3GIWA75sKgWSMt0zeVDOQHoRVs9MhJ2zvqvksrchOP
E3JdNvadcx97BP/vxLOXH4hW/kuHq4ouOGWmJ3TC46XUHnR/KMVnOa8TagDrpbK0
Xiw3eGYm2oBScKB9CPfhxJuo0AH4Z5yvPQkQCnrhGzF71APho2FpLdciiRm03NaT
wP1Yw0SiJR1mObVuUzQQcPGkk9IolW6seasTTA+P0QfRx2N+Ka4nHcjodLxp7tMV
iPwXeQc2SZdMaH7vJKzB21rloZ4eum8CjH38s09mol5iXEWeSLPCohU0FkST4LQk
WqFPDffzNSbQOsz5MnsxhIYs4Hg8IK+LAC/r585Xe6lMSQszoufG6njUfLJppTXD
cj7Wsu1cn2aLgbkv7v4Bvb31e8TISS9HwEVksxFSW4kp1ZIr7G9EZfR4gKqElyB3
098e44Odqh9DSittqKYK8mECAwEAAaNTMFEwHQYDVR0OBBYEFNSU+k9Saizw0s4Y
ukdu0xgGlOoQMB8GA1UdIwQYMBaAFNSU+k9Saizw0s4Yukdu0xgGlOoQMA8GA1Ud
EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBABheqNkWhg2JYqR3/8Yq+Jql
z++plJ5Tuh5C2cW4NnMwSq1dREsNp8RCLPf0FsinD5g9+SOFXc89Xluhgakr9RLF
uJTdWDElVzsyrzy+c/Khjh1zTyHlk8Vvtj/zB+Dw0+n9j5hWmZmhxl/R2k1Nhh55
vN8HBwHTmPfdjiruvbml+wG4TjqBBhvo6/RgQYFzgWY5K83cd/PsdlPbmf75S8CC
l5r3FLMsbpPmIdrfrEnAzyx+MspPnxW67P31arrFrGqR65Gem8HMBkkhWcET15Rz
ujtDzje25KJCXT1Ee1zBOe93De80x9VuXCxEZY7Lcl2ZaK8D37WdX7DGHhM+oV61
AnH5UurS3PEqE63l1RAuGLsfotFrxOWM6YI2mS0k2aappXgxUSbPcWtrK2a4o7sW
k4JWJirYANbKJmS6QuxQ6tsYOywoMpqoojNSQKRl/nLlqfg2IvzRKGS0zJ3+lFoZ
SZpisk+RRLuF3vi2X+7wtFm4G66N6FbTeQcRmybAh0U1RJriso9aO7TPO87WddOB
tHDpzueBlqytnZKsoBOylFc8Ci5KMRMRtiZRM65FcrO8RWJsSce1RwymM2r0UNZa
yinfAEVPqRXgOeGERcTBJHGMlnfWiPbkVJlKYI+X2FJxOueo7l02wF/OOA4K7HTQ
Ym991UvfEl+ffXQlrgSz
-----END CERTIFICATE-----
privkey.pem
:
|
privkey.pem
:
|
second file
-----BEGIN PRIVATE KEY-----
contents
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQClgytOJ9sxJdJv
ydDJxfwth9hthlbg+bVv+XDVHALlYjcbijQ3EQk+8uIe5x69r/vQXCiFPWX6qzbq
ah4hLM3fRMWQ0y9WFYIMLcTz4rUiTb+gYtVIlwHi/70ORcfdnsF4SNlpHnyyXxKV
S1igIH194shqBjKIu/8i2HFHgwR4BGOG9l85JPtjkBBpDT/BHso2YrKJbN82Cwv0
uZeRYyuqt3WV2tb34mcWqHMJ65qgncYhYDvmwqBZIy3TN5UM5AehFWz0yEnbO+q+
SytyE48Tcl029p1zH3sE/+/Es5cfiFb+S4erii44ZaYndMLjpdQedH8oxWc5rxNq
AOulsrReLDd4ZibagFJwoH0I9+HEm6jQAfhnnK89CRAKeuEbMXvUA+GjYWkt1yKJ
GbTc1pPA/VjDRKIlHWY5tW5TNBBw8aST0iiVbqx5qxNMD4/RB9HHY34pricdyOh0
vGnu0xWI/Bd5BzZJl0xofu8krMHbWuWhnh66bwKMffyzT2aiXmJcRZ5Is8KiFTQW
RJPgtCRaoU8N9/M1JtA6zPkyezGEhizgeDwgr4sAL+vnzld7qUxJCzOi58bqeNR8
smmlNcNyPtay7VyfZouBuS/u/gG9vfV7xMhJL0fARWSzEVJbiSnVkivsb0Rl9HiA
qoSXIHfT3x7jg52qH0NKK22opgryYQIDAQABAoICAEBsJt3763hc1WUHs8nl0ztR
pe8zm/tjlrin6cA5b/Mi4HpKt/o7GlMzLMqEgVWp+yTlyivacyg3nl9twJ5/Fv7x
gMjXOpSSOJVO91tKgeCBTLY74fKoPGbDzi2RAbOEiJ+uE1m0MSsokE4mDq/9FXt7
WzDRirfoHO3OO4FvQL0KUEcG/Jd8ipD9UTXin08nEeRLVFzjUJpzgErYNmOzqxp+
4Djc/lFsAV4zYNuapgwgfS8eixJN7SXk6IBPISfsVf/gHBHHJ+A6mStKjPWRIV6b
ZCbxpOVbeoG+sO/qS0dNxTaj5YHifg0bm6m96+G5+S+Ffr064Ov19mOLSi2rukJR
HzwMuv9Z37pZMOJNdj1AsD1sILWs+7CvnRjeTyTEqrCrLx5ixSzpamGYJYBrIrTE
fndroUE3s/amW2zGbrCVHGPUEg287LDLe1cQEKud/CtoZYNKQzcwOu+9cilGVeod
2ubQeDleaQ9N8no00a0lXwEvv8bxBnzRlT8nSExWqFvI42DGQAit2ZSm+BxINT73
BBMBYW7w2DQpaVGV45RrVWqW6BWjaLqqeGMMeC+84J+5kgMAmEQnktizEB7y+u9t
Htu2V+gP9NSUzqRFnRLParU1d9KSjrQOZ57jaQ8wdLSOIfKliBSl4opjaZ5Jf6D4
xrV9Ou/Wtsp4mBc6AY/xAoIBAQDXoATzjBov9glAzB2mwFL2/hkTdYtOXlCDEUrO
357y9FOGTHbkeeRL/EvoVO91S/i62SFjN6NdfwoupAjDDCCbEAykhc4Z/KQqLAEs
94fXvmK1Z4ROJcItQ/k9mk0X2HeZSVTrKBVN96GTXvRe9vWl9PI6lEJgu1HCcz6r
GVQZYa7o6RGxaO4oyVVJUWFDL7oyvB/LJH8eHzWK+aut/XcQccaE5yUgSivp2fJ5
kN7fLovJkNu7a8hVdG6QKrAeauCxKD2tCZziwKpWMqt0srq8mnLoOu2PkTTm9qxl
41sP/lAJLu3pyrOEQNgUkb1yl6o4qguP/nnCOBrxPzhxrRV1AoIBAQDEgP/bbTfz
UcYXXydTp3kj/poGdwpfbFrP+vNNJgOwBzZokfTmy5+p7QP5ZQ9TBLmQxkOnlW5S
K9N8c+RwuJ1Vef6MSJHkHMYoQcx95kve6134dB8Uc6EpJ3+Ymo5OsNhOK/U1i7Oz
+di+UxmZp0VgW6ZW0OcFrvMeBsDwDobAMY54SMXUoTpP9+Fmts8Kfv8vpl6HpV7z
nXiSUaDh2FVdyZLWRZzRX+Ydea6NDbP9yUXj4AzTJWzI/nIMwugDgbDQYsAlPeaW
P8BmCbUOreUQX7HmkUV7OwoMT6UnF/yN4ntcTeySoofG7HqDLo44RLcmLwM/A/yN
gnoHgXH1t0+9AoIBAGGjSBqwWjtVgaMhyltzwx2sudYh5864zmRLNECw6dzB3gB2
J3AV8damjAjMTRIkMKELKR8wVn1DxWyRQpZvq2QLxG3LWSRTTlL6Uh32iECdKT1T
fomUd3TfzsCiWj5t+toiZp2FLQB9HWEKIkXONjXL0NPNxrDeoYsXfE0lzvsfTICS
6TwYc59sa34jp5MwzXOj1BG8mQMexrQDkkXa/Esp+ea8dAdHDtN5qV56xzDwdsPz
IEyh5bksW9RUQCPF6bDOs/7i13OmInudvh29wOkeVuHprSDRc88R68bHSLjZQ4yk
/35aFyfP5QiLZem5246FEW9GoAPeO/T516lB4vECggEBAMNKIP2F8hETt/cKTh9J
VY98PL8oF1r2aNpB4QNPQGL1CBGs3ONygt9x+n0k/rHXBETphdtLGzT28VvCIcoU
7+g/McdhZ/x4zEa9/ekxsz18VQvS/ABrWkN4Scrz73ItNwuZjD0G9jVrnQiptcuK
/dvhudKWEsMHN/8jXyQ0i57+oUTRriq/gSBwjcZy8BjSVfKZOWE97LvYSDfCgE1z
noNzDUd+L3e2AxBQGjV85ODX42mxBY3ip9apaddc7RBvF7ZCLgvVFRFFkoTWKObJ
09kOAdPPlGoAJuBNVykfIZQw/cCigPbKKH5+DtPItPce85YzKtq5r4lDnttOvl8h
K1ECggEAFURukkhZiNQ5YCuuox11cq2GQzPdpPFkxxhi8l1lcCEnrLkZyGxbqdtX
xWaoNAzZeDnMd454pmzPKYzfCPxQQjF2dyzCg/031bPk4Nq5tmZInfW1ClJf6J7t
8hcQRa8dUXFNLmFDMUsR2K/ecCK1s9VCqXTq5jZDm20KNQ2bq20IJznOrSQ+5sI3
F4jDR9/b3K8ztGp6w4qOG0fVTZ7GlYN6rVA1wZmMbea027GDSb4b763UYCQ6avgU
gR0ELzDE1vuDrBzNghMCJ5rRqotwMQy9IOymUK1EnH0/GTHTgAWr3B33xys28sLx
IcMOOL2BxVOnf/0kzIRiuo8SUzbK+g==
-----END PRIVATE KEY-----
k8s/CONF/provisioner-deployment.yaml
View file @
827943f1
...
@@ -33,7 +33,11 @@ spec:
...
@@ -33,7 +33,11 @@ spec:
value
:
rabbit
value
:
rabbit
-
name
:
SURE_TOSCA_BASE_PATH
-
name
:
SURE_TOSCA_BASE_PATH
value
:
http://sure-tosca:8081/tosca-sure/1.0.0
value
:
http://sure-tosca:8081/tosca-sure/1.0.0
image
:
qcdis/provisioner:3.0.0
-
name
:
CLOUD_STORM_SECRET
value
:
ODlkYjgxM2RhNTAzMjExZTdiYWNhYWQ0
-
name
:
CREDENTIAL_SECRET
value
:
MGY0MGQ1MDFkYzg5ZGIxYjY4MjQ4MzQz
image
:
qcdis/provisioner
name
:
provisioner
name
:
provisioner
imagePullPolicy
:
Always
imagePullPolicy
:
Always
resources
:
{}
resources
:
{}
...
...
k8s/CONF/semaphore-deployment.yaml
View file @
827943f1
...
@@ -51,7 +51,7 @@ spec:
...
@@ -51,7 +51,7 @@ spec:
value
:
/etc/semaphore
value
:
/etc/semaphore
-
name
:
SEMAPHORE_WEB_ROOT
-
name
:
SEMAPHORE_WEB_ROOT
value
:
http://0.0.0.0:3000
value
:
http://0.0.0.0:3000
image
:
qcdis/docker_ansible_semaphore
image
:
qcdis/docker_ansible_semaphore
:2.4.1-2.9.9
name
:
semaphore
name
:
semaphore
imagePullPolicy
:
Always
imagePullPolicy
:
Always
ports
:
ports
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment