# Wed Dec 18 Deploy ``` --- # Source: insight/templates/secrets.yaml apiVersion: v1 kind: Secret metadata: name: bnsinsight annotations: # this ignores this object during helm upgrade. delete object manually to # replace/update "helm.sh/hook": "pre-install" "helm.sh/hook-delete-policy": "before-hook-creation" type: Opaque data: BNS_AUTH_SECRET_KEY: "b1FSWHFuOVd2ekUwb2IwazBYREcwZTd5RjlPc2RQbkhzUDlKU2FZUFVyY1ZvVmNpeFRGSVpURXZKUVBFV0s2RnhZa2k3ZmVEbVBpSkJDV0ZxQ3J1TDUzRXp4RWZVWWdlRGZlN3pMUjBuQVJiSzNOZEFyMjdNOTdLaGNkNWZkbW0=" DB_PASS: "Q2Ntd0VmNnBTN2dCWmlSM2ZUdTMy" FV_PASS: "M25YWHdRVmQ=" FV_USER: "eWFyZC5pbnNpZ2h0QGZyZWlnaHR2ZXJpZnktYXBpLmNvbQ==" ADFS_M2M_CLIENT_SECRET: "MlZRc201T2JIRF9yUm1LQVV6MkdFVmh0cGZucG5UdVpuWDU3eTJfbA==" YMS_BOOTSTRAP_CLIENT_SECRET: "bE9HejFKNmlSV1M0RFU5LUNpMEl5cVYwc01adC1oTm9QR2xzV2NwaFVPNmctb2k3d21rZHUxbUFCRWpFRjF5bQ==" BNS_M2M_AUTH_TOKEN: "ZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKSVV6STFOaUo5LmV5SnBjM01pT2lKamIyMHVZbXgxWlMxdVpYZDBMbmx0Y3lJc0luQmxjbTFwYzNOcGIyNXpJanBiSW0xdlpHbG1lVjkwYlhOZllYQnBJaXdpYlc5a2FXWjVYM2RsWW1odmIydHpYMkZ3YVNJc0ltMXZaR2xtZVY5bGNuQmZjM1ZpYldsemMybHZibk5mWVhCcElsMTkuOGVjLWJOVEVMRjlSN1BlM1JvNDRSc1ZUS2ExWmw2Y2lyTjVJeTJNaWFCSQ==" --- # Source: insight/templates/auth.yaml apiVersion: v1 kind: ConfigMap metadata: name: auth-signing-cert data: insight.pem: | -----BEGIN CERTIFICATE----- MIIG3DCCBcSgAwIBAgIMbOvsEbV63HhDEIHaMA0GCSqGSIb3DQEBCwUAMGYxCzAJ BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g RzIwHhcNMTkwMzExMTQzNDQ1WhcNMjEwMzExMTQzNDQ1WjB7MQswCQYDVQQGEwJV UzERMA8GA1UECBMITWljaGlnYW4xETAPBgNVBAcTCERlYXJib3JuMRswGQYDVQQK ExJGb3JkIE1vdG9yIENvbXBhbnkxKTAnBgNVBAMTIHRva2Vuc2lnbmluZy5jb3Jw cWEuc3RzLmZvcmQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 1zZeLQlEAnVQJ0b9mNfVIZJsOmucbjSYVtYk0JdfqGVCdxqyDuB3eceUtvClWKUE UDbDeiLRWX1W8Pd2EjS3Y89kcbZFS5xTnnLuWpwuAHPhGAgjTjwVxegE9xnmNxDX DFBeepwJ7vBCJJmu8BQoWD0Iyre9jT4EIFX7zBVnuXxv60FOAAg7c9Ix0eE74hjr LPqd+Ip5sSt1yZ3o8QpKcZXTXnmy88fChZbUKaF9T1oxP3irA1+b6zG319EghBxF F0VwKLeHTDme25gyjKn4pC/1d2WMZo+dTFAhZVRI2UykQZT7dPCCpGnLfc4B4DP8 EiO+9HJODTcnAueUTMwmswIDAQABo4IDczCCA28wDgYDVR0PAQH/BAQDAgWgMIGg BggrBgEFBQcBAQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9i YWxzaWduLmNvbS9jYWNlcnQvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzJyMS5jcnQw PwYIKwYBBQUHMAGGM2h0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc29yZ2Fu aXphdGlvbnZhbHNoYTJnMjBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsG AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAI BgZngQwBAgIwCQYDVR0TBAIwADBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3Js Lmdsb2JhbHNpZ24uY29tL2dzL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyLmNybDAr BgNVHREEJDAigiB0b2tlbnNpZ25pbmcuY29ycHFhLnN0cy5mb3JkLmNvbTAdBgNV HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFFclN7nEFkNtEqkd OZYi7kqwLt5JMB8GA1UdIwQYMBaAFJbeYfG9HBYpUxzAzH07gwBA5hp8MIIBfgYK KwYBBAHWeQIEAgSCAW4EggFqAWgAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcv o6odBxPTDAAAAWltLWmIAAAEAwBHMEUCIFiUJjhtBhh7qlNb1RFMWnOcO2u6m2ES KO69zUN5ky6EAiEA7cVQH5uL4Zw6s9+m+9kynzuHd+Mhlw4dbqktZzN7mJ8AdwC7 2d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWltLWzzAAAEAwBIMEYC IQCImlK3saJWLS8sowheUYWYgz6gEeHLf3XdbYDcQYOQzgIhANOLxBXcXocOfNcj 0vud89nU3u8nH3EEdfExD1/S+XElAHUAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQAp Bo2yCJo32RMAAAFpbS1ppAAABAMARjBEAiBb6dzG6Y8vwamVRDAi8M2FfTinZh5F OYX8atJb8rZ59gIgF50eEQ67FdWcxjUachu3e1MdLPgS0HzbuyYhqpH/wc8wDQYJ KoZIhvcNAQELBQADggEBACtHwzZecgLeY0ZTeHt48ltqc4IHSAFRXIq2VEwv21RE qpGb4yfNGsbStbPDqkv0itNBEez//YWGqBOg3VLQ5tpwcacH+cxgPxXwtKanteLE XCuFk7+vIBxUP6uzrKnpgFfuuFsZ+hD3sj+gfqPYW7LSxnRkbC6pYflS9P52XCnJ M81wo4+euTs9COpJYR7+mOuGiZvxpe51lgA7Px3bnuhmJYBlzlIqw8/I7IO/V2a7 sKyGoXkRY4p0lnVtMCacM+znCd3vvaCQuCgLaRdahWT/+xz5nyLurcwU5yYA5s5I 40RO8lhfgrzWbeGuU6RFvdlnkM2EpmDrBywmnGVuxoI= -----END CERTIFICATE----- --- apiVersion: apps/v1 kind: Deployment metadata: name: auth spec: replicas: 1 selector: matchLabels: app: auth template: metadata: labels: app: auth spec: securityContext: runAsNonRoot: true volumes: - name: signing-cert configMap: name: auth-signing-cert automountServiceAccountToken: false containers: - name: auth volumeMounts: - name: signing-cert mountPath: /app/certificates image: registry.ford.com/yms2/yms-auth:master-v0.11.0 resources: limits: memory: 200M cpu: 30m requests: memory: 40M cpu: 10m ports: - containerPort: 8000 name: svc-port env: - name: DB_PASS valueFrom: secretKeyRef: name: bnsinsight key: DB_PASS - name: BNS_AUTH_SECRET_KEY valueFrom: secretKeyRef: name: bnsinsight key: BNS_AUTH_SECRET_KEY - name: BNS_AUTH_REVERSE_DOMAIN_IDENTIFIER value: com.blue-newt.yms - name: DB_USER value: newt - name: DB_HOST value: localpg - name: DB_NAME value: yms - name: DB_SCHEMA value: yms - name: AUTH_PROVIDER value: ADFS - name: CLIENT_AUTH_URL value: https://bns-yms.auth0.com/oauth/token imagePullSecrets: - name: yms2-yms2robo-pull-secret --- apiVersion: v1 kind: Service metadata: name: auth spec: selector: app: auth ports: - name: insight-auth protocol: TCP port: 80 targetPort: svc-port --- # Source: insight/templates/metrics/configmap-prometheus.yaml apiVersion: v1 kind: ConfigMap metadata: name: metricsconf data: prometheus.yml: | global: scrape_interval: 3s external_labels: monitor: insight-app rule_files: null scrape_configs: - job_name: prometheus static_configs: - targets: - localhost:9090 - job_name: apiserver dns_sd_configs: - names: - api port: 80 type: A refresh_interval: 5s - job_name: auth dns_sd_configs: - names: - auth port: 80 type: A refresh_interval: 5s --- # Source: insight/templates/redis.yaml apiVersion: v1 kind: ConfigMap metadata: name: redis-config data: redis.conf: | save "" protected-mode no bind 0.0.0.0 --- apiVersion: apps/v1 kind: Deployment metadata: name: redis spec: replicas: 1 selector: matchLabels: app: redis template: metadata: labels: app: redis spec: volumes: - name: redisconf configMap: name: redis-config containers: - name: redis image: registry.ford.com/yms2/redis:redis-5-rhel7 volumeMounts: - name: redisconf mountPath: /usr/local/etc/redis resources: limits: memory: 128M cpu: 100m requests: memory: 16M cpu: 20m ports: - containerPort: 6379 name: redis-port command: - env - PATH=/opt/rh/rh-redis5/root/usr/bin:/opt/rh/rh-redis5/root/usr/sbin:/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - LD_LIBRARY_PATH=/opt/rh/rh-redis5/root/usr/lib64 - redis-server - /usr/local/etc/redis/redis.conf imagePullSecrets: - name: yms2-yms2robo-pull-secret --- apiVersion: v1 kind: Service metadata: name: redis spec: selector: app: redis ports: - port: 6379 protocol: TCP name: svc-redis targetPort: redis-port --- # Source: insight/templates/pg.yaml --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: pg-data spec: accessModes: - ReadWriteOnce volumeMode: Filesystem resources: requests: storage: 50Gi storageClassName: edc1h1-file-performance --- apiVersion: apps/v1 kind: Deployment metadata: name: pg spec: strategy: type: Recreate replicas: 1 selector: matchLabels: app: pg template: metadata: labels: app: pg spec: volumes: - name: pgdata persistentVolumeClaim: claimName: pg-data automountServiceAccountToken: false containers: - name: pg image: registry.ford.com/yms2/postgres:pg-10-rhel7 volumeMounts: - mountPath: "/var/lib/pgsql/data" name: pgdata resources: limits: memory: 1024M cpu: 2 requests: memory: 200M cpu: 100m livenessProbe: exec: command: - env - LD_LIBRARY_PATH=/opt/rh/rh-postgresql10/root/usr/lib64 - PATH=/opt/rh/rh-postgresql10/root/usr/bin:/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - sh - -c - exec pg_isready --host $POD_IP readinessProbe: exec: command: - env - LD_LIBRARY_PATH=/opt/rh/rh-postgresql10/root/usr/lib64 - PATH=/opt/rh/rh-postgresql10/root/usr/bin:/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - sh - -c - exec pg_isready --host $POD_IP ports: - containerPort: 5432 name: svc-port env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: bnsinsight key: DB_PASS - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: name: bnsinsight key: DB_PASS - name: POSTGRES_USER value: newt - name: POSTGRESQL_USER value: newt - name: POSTGRES_DB value: yms - name: POSTGRESQL_DATABASE value: yms - name: PGDATA value: "/var/lib/pgsql/data/pgdata" - name: POD_IP valueFrom: { fieldRef: { fieldPath: status.podIP } } imagePullSecrets: - name: yms2-yms2robo-pull-secret --- apiVersion: v1 kind: Service metadata: name: localpg spec: selector: app: pg ports: - name: insight-pg protocol: TCP port: 5432 targetPort: svc-port --- # Source: insight/templates/api.yaml apiVersion: apps/v1 kind: Deployment metadata: name: api spec: replicas: 1 selector: matchLabels: app: api template: metadata: labels: app: api spec: initContainers: - name: dbmigrate resources: limits: memory: 1500M cpu: 1500m requests: memory: 200M cpu: 500m image: registry.ford.com/yms2/yms-service:master-v0.13.0 command: - python - -c - "import initdb ; initdb.dbmigrate()" env: - name: PYTHONPATH value: "/app/yms_server" - name: DB_HOST value: localpg - name: DB_NAME value: yms - name: DB_PASS valueFrom: secretKeyRef: name: bnsinsight key: DB_PASS - name: DB_SCHEMA value: yms - name: DB_USER value: newt - name: YMS_DATA_THEME value: ford - name: REDIS_URL value: redis://redis:6379 securityContext: runAsNonRoot: true automountServiceAccountToken: false containers: - name: api image: registry.ford.com/yms2/yms-service:master-v0.13.0 lifecycle: postStart: exec: command: - env - PYTHONPATH=/app/yms_server - python - -c - import initdb ; initdb.dataload() - '>>/proc/1/fd/1' - 2>>/proc/1/fd/2 resources: limits: memory: 1500M cpu: 1500m requests: memory: 200M cpu: 500m securityContext: allowPrivilegeEscalation: false ports: - containerPort: 8000 name: svc-port livenessProbe: httpGet: path: /healthz port: svc-port readinessProbe: httpGet: path: /healthz port: svc-port env: - name: API_HOST value: "localhost" - name: API_PORT value: "8000" - name: AUTH_API_HOST value: auth - name: AUTH_API_PORT value: "80" - name: BNS_AUTH_REVERSE_DOMAIN_IDENTIFIER value: com.blue-newt.yms - name: BNS_AUTH_SECRET_KEY valueFrom: secretKeyRef: name: bnsinsight key: BNS_AUTH_SECRET_KEY - name: DB_HOST value: localpg - name: DB_NAME value: yms - name: DB_PASS valueFrom: secretKeyRef: name: bnsinsight key: DB_PASS - name: DB_SCHEMA value: yms - name: DB_USER value: newt - name: EMAIL_REPLY_TO value: noreply@example.com - name: EMAIL_SENDER value: YMS - name: SMTP_SERVER value: localhost - name: YMS_DATA_THEME value: ford - name: SCHEDULING_ENABLED value: "false" - name: TMS_CELERY_TASK value: tms_update imagePullSecrets: - name: yms2-yms2robo-pull-secret --- apiVersion: v1 kind: Service metadata: name: api spec: selector: app: api ports: - name: insight-api protocol: TCP port: 80 targetPort: svc-port --- # Source: insight/templates/celery.yaml apiVersion: apps/v1 kind: Deployment metadata: name: celery spec: replicas: 1 selector: matchLabels: app: celery template: metadata: labels: app: celery spec: securityContext: runAsNonRoot: true automountServiceAccountToken: false containers: - name: celery image: registry.ford.com/yms2/yms-service:master-v0.13.0 resources: limits: memory: 400M cpu: 500m requests: memory: 150M cpu: 70m command: - /bin/sh - -c - /start_celery.sh env: - name: API_HOST value: api - name: API_PORT value: "80" - name: AUTH_API_HOST value: auth - name: AUTH_API_PORT value: "80" - name: BNS_AUTH_SECRET_KEY valueFrom: secretKeyRef: name: bnsinsight key: BNS_AUTH_SECRET_KEY - name: BNS_AUTH_REVERSE_DOMAIN_IDENTIFIER value: com.blue-newt.yms - name: DB_PASS valueFrom: secretKeyRef: name: bnsinsight key: DB_PASS - name: DB_USER value: newt - name: DB_HOST value: localpg - name: DB_NAME value: yms - name: DB_SCHEMA value: yms - name: BNS_M2M_AUTH_TOKEN valueFrom: secretKeyRef: name: bnsinsight key: BNS_M2M_AUTH_TOKEN optional: true - name: FV_TMS_ENABLED value: "false" - name: FV_PROXY value: internet.ford.com:83 - name: SCHEDULING_ENABLED value: "false" - name: TMS_BUFFER_PERIOD value: "24" - name: TMS_UPDATE_PERIOD value: "600" - name: TMS_CELERY_TASK value: tms_update - name: TMS_CLIENT_ID value: 2xbUA145aY1bMkhV0CK7h5mLHFaUQn7p - name: TMS_CLIENT_SECRET valueFrom: secretKeyRef: name: bnsinsight key: YMS_BOOTSTRAP_CLIENT_SECRET imagePullSecrets: - name: yms2-yms2robo-pull-secret --- # Source: insight/templates/docs.yaml apiVersion: apps/v1 kind: Deployment metadata: name: docs spec: replicas: 1 selector: matchLabels: app: docs template: metadata: labels: app: docs spec: automountServiceAccountToken: false containers: - name: docs image: registry.ford.com/yms2/yms-docs:master-v0.9.0 # setting this to Always to fix confusion with older yms-docs images imagePullPolicy: Always env: - name: NO_BUILD value: "true" resources: limits: memory: 60M cpu: 100m requests: memory: 10M cpu: 5m ports: - containerPort: 4400 name: svc-port livenessProbe: initialDelaySeconds: 30 httpGet: path: /healthz port: svc-port readinessProbe: initialDelaySeconds: 30 httpGet: path: /healthz port: svc-port imagePullSecrets: - name: yms2-yms2robo-pull-secret --- apiVersion: v1 kind: Service metadata: name: docs spec: selector: app: docs ports: - name: insight-docs protocol: TCP port: 80 targetPort: svc-port --- # Source: insight/templates/ehubi/consumer.yaml apiVersion: apps/v1 kind: Deployment metadata: name: ehubi-consumer spec: replicas: 2 selector: matchLabels: app: ehubi-consumer template: metadata: labels: app: ehubi-consumer group: ehub spec: automountServiceAccountToken: false containers: - name: ehubi-consumer image: registry.ford.com/yms2/yms-ehubi:master-bb7c2332 command: - /app/start_huey_consumer.sh resources: limits: memory: 64M cpu: 100m requests: memory: 32M cpu: 50m livenessProbe: initialDelaySeconds: 10 periodSeconds: 60 exec: command: - pgrep - huey_consumer readinessProbe: initialDelaySeconds: 10 periodSeconds: 60 exec: command: - pgrep - huey_consumer env: - name: REDIS_URL value: redis://redis:6379 imagePullSecrets: - name: yms2-yms2robo-pull-secret --- # Source: insight/templates/ehubi/ehubi.yaml apiVersion: apps/v1 kind: Deployment metadata: name: ehubi spec: replicas: 1 selector: matchLabels: app: ehubi template: metadata: labels: app: ehubi group: ehub spec: automountServiceAccountToken: false containers: - name: ehubi image: registry.ford.com/yms2/yms-ehubi:master-bb7c2332 resources: limits: memory: 64M cpu: 100m requests: memory: 32M cpu: 50m ports: - containerPort: 8000 name: svc-port livenessProbe: initialDelaySeconds: 10 periodSeconds: 30 httpGet: path: /healthz port: svc-port readinessProbe: initialDelaySeconds: 10 periodSeconds: 30 httpGet: path: /healthz port: svc-port env: - name: YMS_API_HOST value: api - name: YMS_API_PORT value: "80" - name: EHUB_URL value: https://wwwqa.bts13.ford.com/ymsshipper.ohio.showshipment.v1.svc - name: ADFS_M2M_CLIENT_ID value: 9faef281-ecb3-f822-0c59-a91f286d0bdf - name: ADFS_M2M_AUTH_URL value: https://corpqa.sts.ford.com/adfs/oauth2/token - name: ADFS_M2M_RESOURCE_ID value: urn:qa.bts.ford.com - name: BNS_M2M_AUTH_TOKEN valueFrom: secretKeyRef: name: bnsinsight key: BNS_M2M_AUTH_TOKEN optional: true - name: ADFS_M2M_CLIENT_SECRET valueFrom: secretKeyRef: name: bnsinsight key: ADFS_M2M_CLIENT_SECRET - name: REDIS_URL value: redis://redis:6379 - name: EHUBI_PORT value: "80" - name: EHUBI_HOST value: "ehubi" imagePullSecrets: - name: yms2-yms2robo-pull-secret --- apiVersion: v1 kind: Service metadata: name: ehubi spec: selector: app: ehubi ports: - protocol: TCP port: 80 targetPort: svc-port name: ehubi-port --- # Source: insight/templates/metrics/grafana.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: grafana spec: replicas: 1 strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 0 type: RollingUpdate template: metadata: labels: app: grafana spec: securityContext: runAsNonRoot: true automountServiceAccountToken: false containers: - name: grafana image: registry.ford.com/yms2/yms-grafana-metrics:master-v0.0.1 resources: limits: memory: 100M cpu: 50m requests: memory: 25M cpu: 10m ports: - containerPort: 3000 name: svc-port livenessProbe: failureThreshold: 10 httpGet: path: /api/health port: svc-port scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 30 readinessProbe: failureThreshold: 3 httpGet: path: /api/health port: svc-port scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 imagePullSecrets: - name: yms2-yms2robo-pull-secret --- apiVersion: v1 kind: Service metadata: name: grafana spec: selector: app: grafana ports: - protocol: TCP targetPort: svc-port port: 80 name: insight-grafana --- # Source: insight/templates/metrics/prometheus.yaml --- apiVersion: apps/v1 kind: Deployment metadata: name: prometheus spec: strategy: type: Recreate replicas: 1 selector: matchLabels: app: prometheus template: metadata: labels: app: prometheus spec: automountServiceAccountToken: false initContainers: - name: "init-chown-data" image: busybox:1 imagePullPolicy: Always command: ["chown", "-R", "65534:65534", "/prometheus"] volumeMounts: - name: prom-pvc-vol mountPath: /prometheus subPath: "" containers: - name: prometheus args: - --config.file=/etc/prometheus/prometheus.yml - --storage.tsdb.path=/prometheus - --storage.tsdb.no-lockfile - --storage.tsdb.retention=7d - --web.console.libraries=/usr/share/prometheus/console_libraries - --web.console.templates=/usr/share/prometheus/consoles securityContext: runAsNonRoot: true resources: limits: memory: 500M cpu: 500m requests: memory: 128M cpu: 15m image: registry.ford.com/yms2/prometheus:v2.14.0 volumeMounts: - name: config-volume mountPath: /etc/prometheus/prometheus.yml subPath: prometheus.yml - name: prom-pvc-vol mountPath: /prometheus ports: - containerPort: 9090 name: svc-port protocol: TCP livenessProbe: failureThreshold: 6 httpGet: path: /-/healthy port: svc-port scheme: HTTP periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 name: prometheus readinessProbe: failureThreshold: 120 httpGet: path: /-/ready port: svc-port scheme: HTTP periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 volumes: - name: config-volume configMap: name: metricsconf - name: prom-pvc-vol persistentVolumeClaim: claimName: prom-pvc imagePullSecrets: - name: yms2-yms2robo-pull-secret --- apiVersion: v1 kind: Service metadata: name: prometheus spec: selector: app: prometheus ports: - protocol: TCP targetPort: svc-port port: 9090 name: insight-prometheus --- # Source: insight/templates/pgweb.yaml apiVersion: apps/v1 kind: Deployment metadata: name: pgweb spec: selector: matchLabels: app: pgweb template: metadata: labels: app: pgweb spec: automountServiceAccountToken: false containers: - name: pgweb image: registry.ford.com/yms2/yms-pgweb:master-v0.1.0 resources: limits: memory: 100M cpu: 200m requests: memory: 10M cpu: 5m ports: - containerPort: 8383 name: svc-port env: - name: DB_PASS valueFrom: secretKeyRef: name: bnsinsight key: DB_PASS - name: DATABASE_URL value: "postgres://newt@localpg:5432/yms?sslmode=disable&search_path=yms" - name: URL_PREFIX value: "pgweb" - name: PGWEB_USER value: newt - name: PGWEB_PASS value: blue-newt imagePullSecrets: - name: yms2-yms2robo-pull-secret --- apiVersion: v1 kind: Service metadata: name: pgweb spec: ports: - name: insight-pgweb port: 80 protocol: TCP targetPort: svc-port selector: app: pgweb --- # Source: insight/templates/ui.yaml apiVersion: apps/v1 kind: Deployment metadata: name: ui spec: replicas: 1 selector: matchLabels: app: ui template: metadata: labels: app: ui spec: securityContext: runAsNonRoot: true automountServiceAccountToken: false containers: - name: ui image: registry.ford.com/yms2/yms-ui:master-v0.14.0 resources: limits: memory: 30M cpu: 50m requests: memory: 5M cpu: 5m ports: - containerPort: 3000 name: svc-port livenessProbe: httpGet: path: /healthz port: svc-port readinessProbe: httpGet: path: /healthz port: svc-port env: - name: AUTH_PROVIDER value: ADFS - name: AUTH_DOMAIN value: https://corpqa.sts.ford.com/adfs/oauth2/authorize - name: AUTH_CLIENT_ID value: urn:yms2_mwe_caas_edc1:clientid:web_yms2mwe:qa - name: AUTH_RESOURCE_ID value: urn:yms2_mwe_caas_edc1:resource:web_yms2mwe:qa - name: YMS_THEME value: ford - name: AUTH_TOKEN valueFrom: secretKeyRef: name: bnsinsight key: AUTH_TOKEN optional: true imagePullSecrets: - name: yms2-yms2robo-pull-secret --- apiVersion: v1 kind: Service metadata: name: ui spec: selector: app: ui ports: - protocol: TCP port: 80 targetPort: svc-port name: insight-ui --- # Source: insight/templates/webhooks.yaml apiVersion: apps/v1 kind: Deployment metadata: name: webhooks spec: replicas: 2 selector: matchLabels: app: webhooks template: metadata: labels: app: webhooks spec: automountServiceAccountToken: false containers: - name: webhooks image: registry.ford.com/yms2/yms-service:master-v0.13.0 command: - sh - -c - /start_huey_consumer.sh resources: limits: memory: 64M cpu: 100m requests: memory: 32M cpu: 50m livenessProbe: initialDelaySeconds: 10 periodSeconds: 60 exec: command: - grep - -qa - huey_consumer - /proc/1/cmdline readinessProbe: initialDelaySeconds: 10 periodSeconds: 60 exec: command: - grep - -qa - huey_consumer - /proc/1/cmdline env: - name: REDIS_URL value: redis://redis:6379 imagePullSecrets: - name: yms2-yms2robo-pull-secret --- # Source: insight/templates/openshift-routes.yaml --- apiVersion: v1 kind: Route metadata: name: route-path-api spec: host: wwwqa-yms2.app.caas.ford.com path: "/api" tls: termination: edge insecureEdgeTerminationPolicy: Redirect to: kind: Service name: api --- apiVersion: v1 kind: Route metadata: name: route-path-pgweb spec: host: wwwqa-yms2.app.caas.ford.com path: "/pgweb" tls: termination: edge insecureEdgeTerminationPolicy: Redirect to: kind: Service name: pgweb --- apiVersion: v1 kind: Route metadata: name: route-path-ehubi spec: host: wwwqa-yms2.app.caas.ford.com path: "/ehub" tls: termination: edge insecureEdgeTerminationPolicy: Redirect to: kind: Service name: ehubi --- apiVersion: v1 kind: Route metadata: name: route-path-auth spec: host: wwwqa-yms2.app.caas.ford.com path: "/auth" tls: termination: edge insecureEdgeTerminationPolicy: Redirect to: kind: Service name: auth --- apiVersion: v1 kind: Route metadata: name: route-path-metrics spec: host: yms2-qa-metrics.app.caas.ford.com path: "/" tls: termination: edge insecureEdgeTerminationPolicy: Redirect to: kind: Service name: grafana --- apiVersion: v1 kind: Route metadata: name: route-path-docs spec: host: wwwqa-yms2.app.caas.ford.com path: "/docs" tls: termination: edge insecureEdgeTerminationPolicy: Redirect to: kind: Service name: docs --- apiVersion: v1 kind: Route metadata: name: route-path-tms spec: host: wwwqa-yms2.app.caas.ford.com path: "/tms" tls: termination: edge insecureEdgeTerminationPolicy: Redirect to: kind: Service name: api --- apiVersion: v1 kind: Route metadata: name: route-path-wms spec: host: wwwqa-yms2.app.caas.ford.com path: "/wms" tls: termination: edge insecureEdgeTerminationPolicy: Redirect to: kind: Service name: api --- apiVersion: v1 kind: Route metadata: name: route-path-ui spec: host: wwwqa-yms2.app.caas.ford.com path: "/" tls: termination: edge insecureEdgeTerminationPolicy: Redirect to: kind: Service name: ui --- # Source: insight/templates/alb-ingress.yaml --- # Source: insight/templates/exporter.yaml --- # Source: insight/templates/image-pull-secret.yaml --- # Source: insight/templates/nginx-ingress.yaml ```