...
 
Commits (2)
......@@ -8,9 +8,11 @@ serialize = {major}.{minor}.{patch}
[bumpversion:file:tower/ui/desktop_ui.js]
[bumpversion:file:contrib/k8s/noc-tower/Chart.yaml]
[bumpversion:part:prerel]
optional_value = d
values =
values =
dev
a
b
......
......@@ -38,7 +38,12 @@ RUN apt-get update \
&& rm -rf /var/cache/apk/* \
&& rm -rf /var/lib/apt/lists/* \
# Fix for https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783738
&& ln -s /usr/lib/python2.7/plat-*/_sysconfigdata_nd.py /usr/lib/python2.7/
&& ln -s /usr/lib/python2.7/plat-*/_sysconfigdata_nd.py /usr/lib/python2.7/ \
&& adduser --system \
--shell /bin/bash \
--no-create-home \
--disabled-password \
--uid 1201 tower
WORKDIR /opt/tower
......
......@@ -41,7 +41,8 @@ RUN apk add --no-cache --update \
curl \
git \
libffi \
openssl
openssl \
&& adduser -S -s /bin/sh -D -H -u 1201 tower
WORKDIR /opt/tower
......
# noc-tower helm chart
Please mention that tower is *not* for configuring noc in k8s.
That is just old plain tower to configure noc on VMs.
name: noc-tower
description: NocTower
version: 0.0.1
appVersion: 0.4.4
keywords:
- NocProject
sources:
- https://code.getnoc.com/noc/tower/
home: https://code.getnoc.com/noc/tower/blob/master/Readme.md
# NOC Tower
NOC Tower is the tool for deployment and maintaining multiple
NOC (http://nocproject.org/) installations.
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tower-configmap
namespace: {{ .Release.Namespace }}
data:
ANSIBLE_ROLES_PATH: /opt/tower/var/tower/playbooks/NOC/additional_roles:/opt/tower/var/tower/playbooks/NOC/system_roles:/opt/tower/var/tower/playbooks/NOC/noc_roles
NOC_ENV: NOC
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
service: tower
name: tower
namespace: {{ .Release.Namespace }}
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
service: tower
template:
metadata:
labels:
service: tower
spec:
{{- if .Values.serviceAccountName }}
serviceAccountName: {{ template "promtail.serviceAccountName" . }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
containers:
- envFrom:
- configMapRef:
name: tower-configmap
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: tower
ports:
- containerPort: 8888
resources:
limits:
cpu: 250m
memory: 150Mi
requests:
cpu: 50m
memory: 150Mi
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
volumeMounts:
- mountPath: /opt/tower/var/
name: tower-pvc
nodeSelector:
{{- toYaml .Values.nodeSelector | nindent 8 }}
hostname: tower
restartPolicy: Always
volumes:
- name: tower-pvc
persistentVolumeClaim:
claimName: tower-pvc
---
{{- if .Values.ingress.enable }}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tower-ingress
namespace: {{ .Release.Namespace }}
spec:
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- backend:
serviceName: tower-svc
servicePort: 8888
path: /
{{- end }}
{{- if .Values.ingress.enable_https }}
tls:
- hosts:
- {{ .Values.ingress.host }}
secretName: {{ .Values.ingress.tls_secret_name }}
{{- end }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
service: tower-pvc
name: tower-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 200Mi
---
{{- if .Values.rbac.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: tower-service-account
namespace: {{ .Release.Namespace }}
automountServiceAccountToken: false
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: tower-role
namespace: {{ .Release.Namespace }}
rules:
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["tower-configmap"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: tower-role-binding
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tower-role
subjects:
- kind: ServiceAccount
name: tower-service-account
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
labels:
service: tower
name: tower-svc
namespace: {{ .Release.Namespace }}
spec:
ports:
- name: web
port: 8888
targetPort: 8888
selector:
service: tower
---
image:
repository: registry.getnoc.com/noc/tower
tag: alpine
pullPolicy: IfNotPresent
## Assign a PriorityClassName to pods if set
# priorityClassName:
rbac:
create: true
securityContext: {}
# runAsUser: 1201
nodeSelector: {}
ingress:
enable: true
enable_https: false
host: tower.getnoc.com
tls_secret_name: tower-tls-secret
......@@ -4,4 +4,3 @@ Additional scripts
That directory contains scripts used with systems based on systemd.
* `noc-tower.service` should be placed to `/etc/systemd/system`
* `noc-tower-backup.service` and `noc-tower-backup.timer` should be used together for backup. Backup directory is hardcoded with `/opt/tower_backup`. Also script will remove backup after 5 days. Fell free to change that values on your flavour.
\ No newline at end of file
[Unit]
Description=NOC supervisor backup service
[Service]
Type=oneshot
WorkingDirectory=/opt/tower
User=tower
ExecStart=/bin/bash -c "/opt/tower/bin/tower-dump --output /opt/tower_backup/`date +%%Y-%%m-%%d-%%H:%%M`.dump"
ExecPostStart=/bin/bash -c "find /opt/tower_backup/ -mtime +5 -exec rm {} \;"
[Install]
WantedBy=multi-user.target
[Unit]
Description=Run tower-backup.service every day
[Timer]
OnCalendar=daily
RandomizedDelaySec=180
\ No newline at end of file