From 90021fe8bb912d169d12626d857842e557972164 Mon Sep 17 00:00:00 2001 From: Adarshkumar14 Date: Fri, 12 Aug 2022 21:18:54 +0530 Subject: [PATCH] adding manifest for 2.12.0 (#3736) * adding manifest for 2.12.0 Signed-off-by: Adarshkumar14 * Added suggested changes Signed-off-by: Vedant Signed-off-by: Adarshkumar14 Signed-off-by: Vedant Co-authored-by: Vedant --- mkdocs/docs/2.12.0/litmus-2.12.0.yaml | 895 ++++++++++ .../docs/2.12.0/litmus-namespaced-2.12.0.yaml | 860 ++++++++++ .../docs/2.12.0/litmus-portal-crds-2.12.0.yml | 1488 +++++++++++++++++ mkdocs/docs/2.12.0/upgrade-agent.yaml | 20 + 4 files changed, 3263 insertions(+) create mode 100644 mkdocs/docs/2.12.0/litmus-2.12.0.yaml create mode 100644 mkdocs/docs/2.12.0/litmus-namespaced-2.12.0.yaml create mode 100644 mkdocs/docs/2.12.0/litmus-portal-crds-2.12.0.yml create mode 100644 mkdocs/docs/2.12.0/upgrade-agent.yaml diff --git a/mkdocs/docs/2.12.0/litmus-2.12.0.yaml b/mkdocs/docs/2.12.0/litmus-2.12.0.yaml new file mode 100644 index 00000000000..c39853b7bd4 --- /dev/null +++ b/mkdocs/docs/2.12.0/litmus-2.12.0.yaml @@ -0,0 +1,895 @@ +### RBAC Manifests +## If SELF_AGENT="true" then these permissions are required to apply +## https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/1b_argo_rbac.yaml +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argo-cr-for-litmusportal-server +rules: +- apiGroups: [""] + resources: [pods, pods/exec] + verbs: [create, get, list, watch, update, patch, delete] +- apiGroups: [""] + resources: [configmaps] + verbs: [get, watch, list] +- apiGroups: [""] + resources: [persistentvolumeclaims] + verbs: [create, delete] +- apiGroups: [argoproj.io] + resources: [workflows, workflows/finalizers] + verbs: [get, list, watch, update, patch, delete, create] +- apiGroups: [argoproj.io] + resources: [workflowtemplates, workflowtemplates/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, workflowtasksets] + verbs: [get, list, watch] +- apiGroups: [argoproj.io] + resources: [workflowtaskresults] + verbs: [list, watch, deletecollection] +- apiGroups: [""] + resources: [serviceaccounts] + verbs: [get, list] +- apiGroups: [argoproj.io] + resources: [cronworkflows, cronworkflows/finalizers] + verbs: [get, list, watch, update, patch, delete] +- apiGroups: [""] + resources: [events] + verbs: [create, patch] +- apiGroups: [policy] + resources: [poddisruptionbudgets] + verbs: [create, get, delete] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: argo-crb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-cr-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/2b_litmus_rbac.yaml +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: litmus-cluster-scope-for-litmusportal-server + labels: + app.kubernetes.io/name: litmus + # provide unique instance-id if applicable + # app.kubernetes.io/instance: litmus-abcxzy + app.kubernetes.io/version: v2.12.0 + app.kubernetes.io/component: operator-clusterrole + app.kubernetes.io/part-of: litmus + app.kubernetes.io/managed-by: kubectl + name: litmus-cluster-scope-for-litmusportal-server +rules: + - apiGroups: [""] + resources: [replicationcontrollers, secrets] + verbs: [get, list] + - apiGroups: [apps.openshift.io] + resources: [deploymentconfigs] + verbs: [get, list] + - apiGroups: [apps] + resources: [deployments, daemonsets, replicasets, statefulsets] + verbs: [get, list] + - apiGroups: [batch] + resources: [jobs] + verbs: [get, list, deletecollection] + - apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [get, list] + - apiGroups: [""] + resources: [pods, configmaps, events, services] + verbs: [get, create, update, patch, delete, list, watch, deletecollection] + - apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosexperiments, chaosresults] + verbs: [get, create, update, patch, delete, list, watch, deletecollection] + - apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [list, get] + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines/finalizers"] + verbs: ["update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: litmus-cluster-scope-crb-for-litmusportal-server + labels: + app.kubernetes.io/name: litmus + # provide unique instance-id if applicable + # app.kubernetes.io/instance: litmus-abcxzy + app.kubernetes.io/version: v2.12.0 + app.kubernetes.io/component: operator-clusterrolebinding + app.kubernetes.io/part-of: litmus + app.kubernetes.io/managed-by: kubectl + name: litmus-cluster-scope-crb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: litmus-cluster-scope-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/3a_agents_rbac.yaml +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: litmus-admin-cr-for-litmusportal-server + labels: + name: litmus-admin-cr-for-litmusportal-server +rules: + # *************************************************************************************** + # Permissions needed for preparing and monitor the chaos resources by chaos-runner + # *************************************************************************************** + + # The chaos operator watches the chaosengine resource and orchestartes the chaos experiment.. + ## .. by creating the chaos-runner + + # for creating and monitoring the chaos-runner pods +- apiGroups: [""] + resources: [pods,events] + verbs: [create, delete, get, list, patch, update, deletecollection] + + # for fetching configmaps and secrets to inject into chaos-runner pod (if specified) +- apiGroups: [""] + resources: [secrets, configmaps] + verbs: [get, list] + + # for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner +- apiGroups: [""] + resources: [pods/log] + verbs: [get, list, watch] + + # for configuring and monitor the experiment job by chaos-runner pod +- apiGroups: [batch] + resources: [jobs] + verbs: [create, list, get, delete, deletecollection] + + # ******************************************************************** + # Permissions needed for creation and discovery of chaos experiments + # ******************************************************************** + + # The helper pods are created by experiment to perform the actual chaos injection ... + # ... for a period of chaos duration + + # for creating and deleting the helper or target app pod and events by experiment +- apiGroups: [""] + resources: [pods] + verbs: [create, delete, deletecollection] + + # for creating and monitoring the events for chaos operations +- apiGroups: [""] + resources: [events] + verbs: [create, delete, get, list, patch, update, deletecollection] + + # for monitoring the helper and target app pod +- apiGroups: [""] + resources: [pods] + verbs: [get, list, patch, update] + + # for creating and managing to execute comands inside target container +- apiGroups: [""] + resources: [pods/exec, pods/eviction, replicationcontrollers] + verbs: [get,list,create] + + # for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment +- apiGroups: [""] + resources: [pods/log] + verbs: [get, list, watch] + + # for creating and monitoring liveness services or monitoring target app services during chaos injection +- apiGroups: [""] + resources: [services] + verbs: [create, delete, get, list, delete, deletecollection] + + # for checking the app parent resources as deployments or sts and are eligible chaos candidates +- apiGroups: [apps] + resources: [deployments, statefulsets] + verbs: [list, get, patch, update, create, delete] + + # for checking the app parent resources as replicasets and are eligible chaos candidates +- apiGroups: [apps] + resources: [replicasets] + verbs: [list, get] + + # for checking the app parent resources as deamonsets and are eligible chaos candidates +- apiGroups: [apps] + resources: [daemonsets] + verbs: [list, get, delete] + + # for checking (openshift) app parent resources if they are eligible chaos candidates +- apiGroups: [apps.openshift.io] + resources: [deploymentconfigs] + verbs: [list, get] + + # for checking (argo) app parent resources if they are eligible chaos candidates +- apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [list, get] + + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow +- apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosexperiments, chaosresults] + verbs: [create, list, get, patch, update, delete] + + # for experiment to perform node status checks and other node level operations like taint, drain in the experiment. +- apiGroups: [""] + resources: [nodes] + verbs: [patch, get, list, update] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: litmus-admin-crb-for-litmusportal-server + labels: + name: litmus-admin-crb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: litmus-admin-cr-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chaos-cr-for-litmusportal-server +rules: + # for managing the pods created by workflow controller to implement individual steps in the workflow + - apiGroups: [""] + resources: [pods, services, namespaces] + verbs: [create, get, watch, patch, delete, list] + + # for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow + - apiGroups: [""] + resources: [pods/log, secrets, configmaps] + verbs: [get, watch, create, delete, patch] + + # for creation & deletion of application in predefined workflows + - apiGroups: [apps] + resources: [deployments, statefulsets] + verbs: [get, watch, patch, create, delete] + + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosexperiments, chaosresults, chaosschedules] + verbs: [create, list, get, patch, delete, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chaos-crb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chaos-cr-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: subscriber-cr-for-litmusportal-server + namespace: litmus + labels: + name: subscriber-cr-for-litmusportal-server +rules: +- apiGroups: [""] + resources: [configmaps, secrets] + verbs: [get, create, delete, update] +- apiGroups: [""] + resources: [pods/log] + verbs: [get, list, watch] +- apiGroups: [""] + resources: [pods, namespaces, nodes, services] + verbs: [get, list, watch] +- apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosschedules, chaosresults] + verbs: [get, list, create, delete, update, watch] +- apiGroups: [apps.openshift.io] + resources: [deploymentconfigs] + verbs: [get, list] +- apiGroups: [apps] + resources: [deployments, daemonsets, replicasets, statefulsets] + verbs: [get, list, delete] +- apiGroups: [argoproj.io] + resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, rollouts] + verbs: [get, list, create, delete, update, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: subscriber-crb-for-litmusportal-server + namespace: litmus +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +roleRef: + kind: ClusterRole + name: subscriber-cr-for-litmusportal-server + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: event-tracker-cr-for-litmusportal-server +rules: +- apiGroups: [eventtracker.litmuschaos.io] + resources: [eventtrackerpolicies] + verbs: [create, delete, get, list, patch, update, watch] +- apiGroups: [eventtracker.litmuschaos.io] + resources: [eventtrackerpolicies/status] + verbs: [get, patch, update] +- apiGroups: ["", extensions, apps] + resources: [deployments, daemonsets, statefulsets, pods, configmaps, secrets] + verbs: [get, list, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: event-tracker-crb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: event-tracker-cr-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +# litmus-server-cr is used by the litmusportal-server +# If SELF_AGENT=false, then only litmus-server-cr and litmus-server-crb are required. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: litmus-server-cr +rules: + - apiGroups: [networking.k8s.io, extensions] + resources: [ingresses] + verbs: [get] + - apiGroups: [""] + resources: [services, nodes, pods/log] + verbs: [get, watch] + - apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [create] + - apiGroups: [apps] + resources: [deployments] + verbs: [create] + - apiGroups: [""] + resources: [configmaps] + verbs: [get] + - apiGroups: [""] + resources: [serviceaccounts] + verbs: [create] + - apiGroups: [rbac.authorization.k8s.io] + resources: [rolebindings, roles, clusterrolebindings, clusterroles] + verbs: [create] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: litmus-server-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: litmus-server-cr +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +## Control plane manifests +--- +apiVersion: v1 +kind: Namespace +metadata: + name: litmus +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: litmus-server-account + namespace: litmus +--- +apiVersion: v1 +kind: Secret +metadata: + name: litmus-portal-admin-secret + namespace: litmus +stringData: + JWT_SECRET: "litmus-portal@123" + DB_USER: "admin" + DB_PASSWORD: "1234" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: litmus-portal-admin-config + namespace: litmus +data: + DB_SERVER: "mongodb://mongo-service:27017" + AGENT_SCOPE: cluster + AGENT_NAMESPACE: litmus + VERSION: "2.12.0" + SKIP_SSL_VERIFY: "false" + # Configurations if you are using dex for OAuth + DEX_ENABLED: "false" + OIDC_ISSUER: "http://:32000" + DEX_OAUTH_CALLBACK_URL: "http://:8080/auth/dex/callback" + DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend" + DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0" + OAuthJwtSecret: "litmus-oauth@123" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: litmusportal-frontend-nginx-configuration + namespace: litmus +data: + default.conf: | + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + server { + listen 8080; + server_name localhost; + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + location / { + proxy_http_version 1.1; + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri /index.html; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + + location /auth/ { + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://litmusportal-auth-server-service:9003/"; + } + + location /api/ { + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://litmusportal-server-service:9002/"; + } + + location /ws/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://litmusportal-server-service:9002/"; + } + } +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: litmusportal-frontend + namespace: litmus + labels: + component: litmusportal-frontend +spec: + replicas: 1 + selector: + matchLabels: + component: litmusportal-frontend + template: + metadata: + labels: + component: litmusportal-frontend + spec: + automountServiceAccountToken: false + containers: + - name: litmusportal-frontend + image: litmuschaos/litmusportal-frontend:2.12.0 + imagePullPolicy: Always + securityContext: + runAsUser: 2000 + allowPrivilegeEscalation: false + runAsNonRoot: true + ports: + - containerPort: 8080 + env: + - name: AGENT_SCOPE + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: AGENT_SCOPE + resources: + requests: + memory: "150Mi" + cpu: "125m" + ephemeral-storage: "500Mi" + limits: + memory: "512Mi" + cpu: "550m" + ephemeral-storage: "1Gi" + volumeMounts: + - name: nginx-config + mountPath: /etc/nginx/conf.d/default.conf + subPath: default.conf + volumes: + - name: nginx-config + configMap: + name: litmusportal-frontend-nginx-configuration +--- +apiVersion: v1 +kind: Service +metadata: + name: litmusportal-frontend-service + namespace: litmus +spec: + type: NodePort + ports: + - name: http + port: 9091 + targetPort: 8080 + selector: + component: litmusportal-frontend +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: litmusportal-server + namespace: litmus + labels: + component: litmusportal-server +spec: + replicas: 1 + selector: + matchLabels: + component: litmusportal-server + template: + metadata: + labels: + component: litmusportal-server + spec: + initContainers: + - name: wait-for-mongodb + image: litmuschaos/curl:2.11.0 + command: ["/bin/sh", "-c"] + args: + [ + "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'", + ] + resources: + requests: + memory: "150Mi" + cpu: "25m" + ephemeral-storage: "500Mi" + limits: + memory: "512Mi" + cpu: "250m" + ephemeral-storage: "1Gi" + volumes: + - name: gitops-storage + emptyDir: {} + - name: hub-storage + emptyDir: {} + containers: + - name: graphql-server + image: litmuschaos/litmusportal-server:2.12.0 + volumeMounts: + - mountPath: /tmp/ + name: gitops-storage + - mountPath: /tmp/version + name: hub-storage + securityContext: + runAsUser: 2000 + allowPrivilegeEscalation: false + runAsNonRoot: true + readOnlyRootFilesystem: true + envFrom: + - configMapRef: + name: litmus-portal-admin-config + - secretRef: + name: litmus-portal-admin-secret + env: + - name: SELF_AGENT + value: "true" + # if self-signed certificate are used pass the k8s tls secret name created in portal ns, to allow agents to use tls for communication + - name: TLS_SECRET_NAME + value: "" + - name: LITMUS_PORTAL_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CHAOS_CENTER_SCOPE + value: "cluster" + - name: SUBSCRIBER_IMAGE + value: "litmuschaos/litmusportal-subscriber:2.12.0" + - name: EVENT_TRACKER_IMAGE + value: "litmuschaos/litmusportal-event-tracker:2.12.0" + - name: ARGO_WORKFLOW_CONTROLLER_IMAGE + value: "litmuschaos/workflow-controller:v3.3.1" + - name: ARGO_WORKFLOW_EXECUTOR_IMAGE + value: "litmuschaos/argoexec:v3.3.1" + - name: LITMUS_CHAOS_OPERATOR_IMAGE + value: "litmuschaos/chaos-operator:2.11.0" + - name: LITMUS_CHAOS_RUNNER_IMAGE + value: "litmuschaos/chaos-runner:2.11.0" + - name: LITMUS_CHAOS_EXPORTER_IMAGE + value: "litmuschaos/chaos-exporter:2.11.0" + - name: SERVER_SERVICE_NAME + value: "litmusportal-server-service" + - name: AGENT_DEPLOYMENTS + value: "[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SELF_AGENT_NODE_SELECTOR + value: "" + - name: SELF_AGENT_TOLERATIONS + value: "" + - name: CHAOS_CENTER_UI_ENDPOINT + value: "" + - name: INGRESS + value: "false" + - name: INGRESS_NAME + value: "litmus-ingress" + - name: CONTAINER_RUNTIME_EXECUTOR + value: "k8sapi" + - name: HUB_BRANCH_NAME + value: "v2.11.x" + - name: LITMUS_AUTH_GRPC_ENDPOINT + value: "litmusportal-auth-server-service.litmus.svc.cluster.local" + - name: LITMUS_AUTH_GRPC_PORT + value: ":3030" + - name: WORKFLOW_HELPER_IMAGE_VERSION + value: "2.11.0" + - name: REMOTE_HUB_MAX_SIZE + value: "5000000" + ports: + - containerPort: 8080 + - containerPort: 8000 + imagePullPolicy: Always + resources: + requests: + memory: "250Mi" + cpu: "225m" + ephemeral-storage: "500Mi" + limits: + memory: "712Mi" + cpu: "550m" + ephemeral-storage: "1Gi" + serviceAccountName: litmus-server-account +--- +apiVersion: v1 +kind: Service +metadata: + name: litmusportal-server-service + namespace: litmus +spec: + type: NodePort + ports: + - name: graphql-server + port: 9002 + targetPort: 8080 + - name: graphql-rpc-server + port: 8000 + targetPort: 8000 + selector: + component: litmusportal-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: litmusportal-auth-server + namespace: litmus + labels: + component: litmusportal-auth-server +spec: + replicas: 1 + selector: + matchLabels: + component: litmusportal-auth-server + template: + metadata: + labels: + component: litmusportal-auth-server + spec: + automountServiceAccountToken: false + initContainers: + - name: wait-for-mongodb + image: litmuschaos/curl:2.11.0 + command: ["/bin/sh", "-c"] + args: + [ + "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'", + ] + resources: + requests: + memory: "150Mi" + cpu: "25m" + ephemeral-storage: "500Mi" + limits: + memory: "225Mi" + cpu: "250m" + ephemeral-storage: "1Gi" + containers: + - name: auth-server + image: litmuschaos/litmusportal-auth-server:2.12.0 + securityContext: + runAsUser: 2000 + allowPrivilegeEscalation: false + runAsNonRoot: true + readOnlyRootFilesystem: true + envFrom: + - configMapRef: + name: litmus-portal-admin-config + - secretRef: + name: litmus-portal-admin-secret + env: + - name: STRICT_PASSWORD_POLICY + value: "false" + - name: ADMIN_USERNAME + value: "admin" + - name: ADMIN_PASSWORD + value: "litmus" + - name: LITMUS_GQL_GRPC_ENDPOINT + value: "litmusportal-server-service.litmus.svc.cluster.local" + - name: LITMUS_GQL_GRPC_PORT + value: ":8000" + resources: + requests: + memory: "250Mi" + cpu: "225m" + ephemeral-storage: "500Mi" + limits: + memory: "712Mi" + cpu: "550m" + ephemeral-storage: "1Gi" + ports: + - containerPort: 3000 + - containerPort: 3030 + imagePullPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + name: litmusportal-auth-server-service + namespace: litmus +spec: + type: NodePort + ports: + - name: auth-server + port: 9003 + targetPort: 3000 + - name: auth-rpc-server + port: 3030 + targetPort: 3030 + selector: + component: litmusportal-auth-server +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mongo + namespace: litmus + labels: + app: mongo +spec: + selector: + matchLabels: + component: database + serviceName: mongo-headless-service + replicas: 1 + template: + metadata: + labels: + component: database + spec: + automountServiceAccountToken: false + containers: + - name: mongo + image: litmuschaos/mongo:4.2.8 + securityContext: +# runAsUser: 2000 + allowPrivilegeEscalation: false +# runAsNonRoot: true + args: ["--ipv6"] + ports: + - containerPort: 27017 + imagePullPolicy: Always + volumeMounts: + - name: mongo-persistent-storage + mountPath: /data/db + resources: + requests: + memory: "550Mi" + cpu: "225m" + ephemeral-storage: "1Gi" + limits: + memory: "1Gi" + cpu: "750m" + ephemeral-storage: "3Gi" + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_USER + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_PASSWORD + volumeClaimTemplates: + - metadata: + name: mongo-persistent-storage + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: mongo + name: mongo-service + namespace: litmus +spec: + ports: + - port: 27017 + targetPort: 27017 + selector: + component: database +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: mongo + name: mongo-headless-service + namespace: litmus +spec: + clusterIP: None + ports: + - port: 27017 + targetPort: 27017 + selector: + component: database \ No newline at end of file diff --git a/mkdocs/docs/2.12.0/litmus-namespaced-2.12.0.yaml b/mkdocs/docs/2.12.0/litmus-namespaced-2.12.0.yaml new file mode 100644 index 00000000000..0142f2c4cb2 --- /dev/null +++ b/mkdocs/docs/2.12.0/litmus-namespaced-2.12.0.yaml @@ -0,0 +1,860 @@ +### RBAC Manifests +## If SELF_AGENT="true" then these permissions are required to apply +## https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/namespace/1b_argo_rbac.yaml +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role-for-litmusportal-server +rules: + - apiGroups: [""] + resources: [pods, pods/exec] + verbs: [create, get, list, watch, update, patch, delete] + - apiGroups: [""] + resources: [configmaps] + verbs: [get, watch, list] + - apiGroups: [""] + resources: [persistentvolumeclaims] + verbs: [create, delete] + - apiGroups: [argoproj.io] + resources: [workflows, workflows/finalizers] + verbs: [get, list, watch, update, patch, delete, create] + - apiGroups: [argoproj.io] + resources: [workflowtemplates, workflowtemplates/finalizers,workflowtasksets] + verbs: [get, list, watch] + - apiGroups: [argoproj.io] + resources: [workflowtaskresults] + verbs: [list, watch, deletecollection] + - apiGroups: [""] + resources: [serviceaccounts] + verbs: [get, list] + - apiGroups: [""] + resources: [secrets] + verbs: [get] + - apiGroups: [argoproj.io] + resources: [cronworkflows, cronworkflows/finalizers] + verbs: [get, list, watch, update, patch, delete] + - apiGroups: [""] + resources: [events] + verbs: [create, patch] + - apiGroups: [policy] + resources: [poddisruptionbudgets] + verbs: [create, get, delete] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-rb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: litmus-namespace-scope-for-litmusportal-server + labels: + app.kubernetes.io/name: litmus + # provide unique instance-id if applicable + # app.kubernetes.io/instance: litmus-abcxzy + app.kubernetes.io/version: v2.12.0 + app.kubernetes.io/component: operator-role + app.kubernetes.io/part-of: litmus + app.kubernetes.io/managed-by: kubectl + name: litmus-namespace-scope-for-litmusportal-server +rules: + - apiGroups: [""] + resources: [replicationcontrollers, secrets] + verbs: [get, list] + - apiGroups: [apps.openshift.io] + resources: [deploymentconfigs] + verbs: [get, list] + - apiGroups: [apps] + resources: [deployments, daemonsets, replicasets, statefulsets] + verbs: [get, list, update] + - apiGroups: [batch] + resources: [jobs] + verbs: [get, list, create, deletecollection] + - apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [get, list] + - apiGroups: [""] + resources: [pods, pods/exec, configmaps, events, services] + verbs: [get, create, update, patch, delete, list, watch, deletecollection] + - apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosexperiments, chaosresults] + verbs: [get, create, update, patch, delete, list, watch, deletecollection] + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines/finalizers"] + verbs: ["update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: litmus-namespace-scope-rb-for-litmusportal-server + labels: + app.kubernetes.io/name: litmus + # provide unique instance-id if applicable + # app.kubernetes.io/instance: litmus-abcxzy + app.kubernetes.io/version: v2.12.0 + app.kubernetes.io/component: operator-rolebinding + app.kubernetes.io/part-of: litmus + app.kubernetes.io/managed-by: kubectl + name: litmus-namespace-scope-rb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: litmus-namespace-scope-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account +#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/namespace/3a_agents_rbac.yaml +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: subscriber-role-for-litmusportal-server + labels: + name: subscriber-role-for-litmusportal-server +rules: + - apiGroups: [""] + resources: [configmaps, secrets] + verbs: [get, create, delete, update] + + - apiGroups: [""] + resources: [pods/log] + verbs: [get, list, watch] + + - apiGroups: [""] + resources: [pods, services] + verbs: [get, list, watch] + + - apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosschedules, chaosresults] + verbs: [get, list, create, delete, update, watch] + + - apiGroups: [apps.openshift.io] + resources: [deploymentconfigs] + verbs: [get, list] + + - apiGroups: [apps] + resources: [deployments, daemonsets, replicasets, statefulsets] + verbs: [get, list, delete] + + - apiGroups: [argoproj.io] + resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, rollouts] + verbs: [get, list, create, delete, update, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: subscriber-rb-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account +roleRef: + kind: Role + name: subscriber-role-for-litmusportal-server + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: litmus-admin-role-for-litmusportal-server + labels: + name: litmus-admin-role-for-litmusportal-server +rules: + # *************************************************************************************** + # Permissions needed for preparing and monitor the chaos resources by chaos-runner + # *************************************************************************************** + + # The chaos operator watches the chaosengine resource and orchestartes the chaos experiment.. + ## .. by creating the chaos-runner + + # for creating and monitoring the chaos-runner pods + - apiGroups: [""] + resources: [pods, events] + verbs: [create, delete, get, list, patch, update, deletecollection] + + # for fetching configmaps and secrets to inject into chaos-runner pod (if specified) + - apiGroups: [""] + resources: [secrets, configmaps] + verbs: [get, list] + + # for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner + - apiGroups: [""] + resources: [pods/log] + verbs: [get, list, watch] + + # for configuring and monitor the experiment job by chaos-runner pod + - apiGroups: [batch] + resources: [jobs] + verbs: [create, list, get, delete, deletecollection] + + # ******************************************************************** + # Permissions needed for creation and discovery of chaos experiments + # ******************************************************************** + + # The helper pods are created by experiment to perform the actual chaos injection ... + # ... for a period of chaos duration + + # for creating and deleting the helper or target app pod and events by experiment + - apiGroups: [""] + resources: [pods] + verbs: [create, delete, deletecollection] + + # for creating and monitoring the events for chaos operations + - apiGroups: [""] + resources: [events] + verbs: [create, delete, get, list, patch, update, deletecollection] + + # for monitoring the helper and target app pod + - apiGroups: [""] + resources: [pods] + verbs: [get, list, patch, update] + + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: [pods/exec, pods/eviction, replicationcontrollers] + verbs: [get, list, create] + + # for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment + - apiGroups: [""] + resources: [pods/log] + verbs: [get, list, watch] + + # for creating and monitoring liveness services or monitoring target app services during chaos injection + - apiGroups: [""] + resources: [services] + verbs: [create, delete, get, list, delete, deletecollection] + + # for checking the app parent resources as deployments or sts and are eligible chaos candidates + - apiGroups: [apps] + resources: [deployments, statefulsets] + verbs: [list, get, patch, update, create, delete] + + # for checking the app parent resources as replicasets and are eligible chaos candidates + - apiGroups: [apps] + resources: [replicasets] + verbs: [list, get] + + # for checking the app parent resources as deamonsets and are eligible chaos candidates + - apiGroups: [apps] + resources: [daemonsets] + verbs: [list, get, delete] + + # for checking (openshift) app parent resources if they are eligible chaos candidates + - apiGroups: [apps.openshift.io] + resources: [deploymentconfigs] + verbs: [list, get] + + # for checking (argo) app parent resources if they are eligible chaos candidates + - apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [list, get] + + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosexperiments, chaosresults] + verbs: [create, list, get, patch, update, delete] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: litmus-admin-rb-for-litmusportal-server + labels: + name: litmus-admin-rb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: litmus-admin-role-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: chaos-role-for-litmusportal-server +rules: + # for managing the pods created by workflow controller to implement individual steps in the workflow + - apiGroups: [""] + resources: [pods, services] + verbs: [create, get, watch, patch, delete, list] + + # for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow + - apiGroups: [""] + resources: [pods/log, secrets, configmaps] + verbs: [get, watch, create, delete, patch] + + # for creation & deletion of application in predefined workflows + - apiGroups: [apps] + resources: [deployments, statefulsets] + verbs: [get, watch, patch , create, delete] + + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: [litmuschaos.io] + resources: + [chaosengines, chaosexperiments, chaosresults, chaosschedules] + verbs: [create, list, get, patch, delete, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: chaos-rb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chaos-role-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: event-tracker-role-for-litmusportal-server +rules: + - apiGroups: [eventtracker.litmuschaos.io] + resources: [eventtrackerpolicies] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [eventtracker.litmuschaos.io] + resources: [eventtrackerpolicies/status] + verbs: [get, patch, update] + - apiGroups: [""] + resources: [pods, configmaps, secrets] + verbs: [get, list, watch] + - apiGroups: [extensions, apps] + resources: [deployments, daemonsets, statefulsets] + verbs: [get, list, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: event-tracker-rb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: event-tracker-role-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account +# litmus-server-role is used by the litmusportal-server +# If SELF_AGENT=false, then only litmus-server-role and litmus-server-rb are required. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: litmus-server-role +rules: + - apiGroups: [networking.k8s.io, extensions] + resources: [ingresses] + verbs: [get] + - apiGroups: [""] + resources: [services, pods/log] + verbs: [get, watch] + - apiGroups: [apps] + resources: [deployments] + verbs: [create] + - apiGroups: [""] + resources: [configmaps] + verbs: [get] + - apiGroups: [""] + resources: [serviceaccounts] + verbs: [create] + - apiGroups: [rbac.authorization.k8s.io] + resources: [rolebindings, roles] + verbs: [create] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: litmus-server-rb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: litmus-server-role +subjects: + - kind: ServiceAccount + name: litmus-server-account +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: litmus-server-account +--- +apiVersion: v1 +kind: Secret +metadata: + name: litmus-portal-admin-secret +stringData: + JWT_SECRET: "litmus-portal@123" + DB_USER: "admin" + DB_PASSWORD: "1234" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: litmus-portal-admin-config +data: + AGENT_SCOPE: namespace + DB_SERVER: "mongodb://mongo-service:27017" + VERSION: "2.12.0" + SKIP_SSL_VERIFY: "false" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: litmusportal-frontend-nginx-configuration +data: + default.conf: | + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + server { + listen 8080; + server_name localhost; + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + location / { + proxy_http_version 1.1; + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri /index.html; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + + location /auth/ { + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://litmusportal-auth-server-service:9003/"; + } + + location /api/ { + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://litmusportal-server-service:9002/"; + } + + location /ws/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://litmusportal-server-service:9002/"; + } + } +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: litmusportal-frontend + labels: + component: litmusportal-frontend +spec: + replicas: 1 + selector: + matchLabels: + component: litmusportal-frontend + template: + metadata: + labels: + component: litmusportal-frontend + spec: + automountServiceAccountToken: false + containers: + - name: litmusportal-frontend + image: litmuschaos/litmusportal-frontend:2.12.0 + securityContext: + runAsUser: 2000 + allowPrivilegeEscalation: false + runAsNonRoot: true + imagePullPolicy: Always + ports: + - containerPort: 8080 + env: + - name: AGENT_SCOPE + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: AGENT_SCOPE + volumeMounts: + - name: nginx-config + mountPath: /etc/nginx/conf.d/default.conf + subPath: default.conf + resources: + requests: + memory: "250Mi" + cpu: "125m" + ephemeral-storage: "500Mi" + limits: + memory: "512Mi" + cpu: "550m" + ephemeral-storage: "1Gi" + volumes: + - name: nginx-config + configMap: + name: litmusportal-frontend-nginx-configuration +--- +apiVersion: v1 +kind: Service +metadata: + name: litmusportal-frontend-service +spec: + type: NodePort + ports: + - name: http + port: 9091 + targetPort: 8080 + selector: + component: litmusportal-frontend +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: litmusportal-server + labels: + component: litmusportal-server +spec: + replicas: 1 + selector: + matchLabels: + component: litmusportal-server + template: + metadata: + labels: + component: litmusportal-server + spec: + initContainers: + - name: wait-for-mongodb + image: litmuschaos/curl:2.11.0 + command: ["/bin/sh", "-c"] + args: + [ + "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'", + ] + resources: + requests: + memory: "150Mi" + cpu: "25m" + ephemeral-storage: "500Mi" + limits: + memory: "512Mi" + cpu: "250m" + ephemeral-storage: "1Gi" + volumes: + - name: gitops-storage + emptyDir: {} + - name: hub-storage + emptyDir: {} + containers: + - name: graphql-server + image: litmuschaos/litmusportal-server:2.12.0 + volumeMounts: + - mountPath: /tmp/gitops + name: gitops-storage + - mountPath: /tmp/version + name: hub-storage + securityContext: + runAsUser: 2000 + allowPrivilegeEscalation: false + runAsNonRoot: true + readOnlyRootFilesystem: true + envFrom: + - configMapRef: + name: litmus-portal-admin-config + - secretRef: + name: litmus-portal-admin-secret + env: + - name: LITMUS_PORTAL_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SELF_AGENT + value: "true" + - name: SELF_AGENT_NODE_SELECTOR + value: "" + - name: SELF_AGENT_TOLERATIONS + value: "" + # if self-signed certificate are used pass the base64 tls certificate, to allow agents to use tls for communication + - name: TLS_CERT_B64 + value: "" + - name: CHAOS_CENTER_SCOPE + value: "namespace" + - name: AGENT_DEPLOYMENTS + value: "[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]" + - name: SERVER_SERVICE_NAME + value: "litmusportal-server-service" + - name: CHAOS_CENTER_UI_ENDPOINT + value: "" + - name: SUBSCRIBER_IMAGE + value: "litmuschaos/litmusportal-subscriber:2.12.0" + - name: EVENT_TRACKER_IMAGE + value: "litmuschaos/litmusportal-event-tracker:2.12.0" + - name: ARGO_WORKFLOW_CONTROLLER_IMAGE + value: "litmuschaos/workflow-controller:v3.3.1" + - name: ARGO_WORKFLOW_EXECUTOR_IMAGE + value: "litmuschaos/argoexec:v3.3.1" + - name: LITMUS_CHAOS_OPERATOR_IMAGE + value: "litmuschaos/chaos-operator:2.11.0" + - name: LITMUS_CHAOS_RUNNER_IMAGE + value: "litmuschaos/chaos-runner:2.11.0" + - name: LITMUS_CHAOS_EXPORTER_IMAGE + value: "litmuschaos/chaos-exporter:2.11.0" + - name: CONTAINER_RUNTIME_EXECUTOR + value: "k8sapi" + - name: HUB_BRANCH_NAME + value: "v2.11.x" + - name: LITMUS_AUTH_GRPC_ENDPOINT + value: "litmusportal-auth-server-service" + - name: LITMUS_AUTH_GRPC_PORT + value: ":3030" + - name: WORKFLOW_HELPER_IMAGE_VERSION + value: "2.11.0" + - name: REMOTE_HUB_MAX_SIZE + value: "5000000" + - name: INGRESS + value: "false" + - name: INGRESS_NAME + value: "litmus-ingress" + ports: + - containerPort: 8080 + - containerPort: 8000 + imagePullPolicy: Always + resources: + requests: + memory: "250Mi" + cpu: "225m" + ephemeral-storage: "500Mi" + limits: + memory: "712Mi" + cpu: "550m" + ephemeral-storage: "1Gi" + serviceAccountName: litmus-server-account +--- +apiVersion: v1 +kind: Service +metadata: + name: litmusportal-server-service +spec: + type: NodePort + ports: + - name: graphql-server + port: 9002 + targetPort: 8080 + - name: graphql-rpc-server + port: 8000 + targetPort: 8000 + selector: + component: litmusportal-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: litmusportal-auth-server + labels: + component: litmusportal-auth-server +spec: + replicas: 1 + selector: + matchLabels: + component: litmusportal-auth-server + template: + metadata: + labels: + component: litmusportal-auth-server + spec: + automountServiceAccountToken: false + initContainers: + - name: wait-for-mongodb + image: litmuschaos/curl:2.11.0 + command: ["/bin/sh", "-c"] + args: + [ + "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'", + ] + resources: + requests: + memory: "150Mi" + cpu: "25m" + ephemeral-storage: "500Mi" + limits: + memory: "512Mi" + cpu: "250m" + ephemeral-storage: "1Gi" + containers: + - name: auth-server + image: litmuschaos/litmusportal-auth-server:2.12.0 + securityContext: + runAsUser: 2000 + allowPrivilegeEscalation: false + runAsNonRoot: true + readOnlyRootFilesystem: true + envFrom: + - configMapRef: + name: litmus-portal-admin-config + - secretRef: + name: litmus-portal-admin-secret + env: + - name: STRICT_PASSWORD_POLICY + value: "false" + - name: ADMIN_USERNAME + value: "admin" + - name: ADMIN_PASSWORD + value: "litmus" + - name: LITMUS_GQL_GRPC_ENDPOINT + value: "litmusportal-server-service" + - name: LITMUS_GQL_GRPC_PORT + value: ":8000" + ports: + - containerPort: 3000 + - containerPort: 3030 + imagePullPolicy: Always + resources: + requests: + memory: "250Mi" + cpu: "125m" + ephemeral-storage: "500Mi" + limits: + memory: "712Mi" + cpu: "550m" + ephemeral-storage: "1Gi" +--- +apiVersion: v1 +kind: Service +metadata: + name: litmusportal-auth-server-service +spec: + type: NodePort + ports: + - name: auth-server + port: 9003 + targetPort: 3000 + - name: auth-rpc-server + port: 3030 + targetPort: 3030 + selector: + component: litmusportal-auth-server +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mongo + labels: + app: mongo +spec: + selector: + matchLabels: + component: database + serviceName: mongo-headless-service + replicas: 1 + template: + metadata: + labels: + component: database + spec: + automountServiceAccountToken: false + containers: + - name: mongo + image: litmuschaos/mongo:4.2.8 + securityContext: + # runAsUser: 2000 + allowPrivilegeEscalation: false + args: ["--ipv6"] + ports: + - containerPort: 27017 + imagePullPolicy: Always + volumeMounts: + - name: mongo-persistent-storage + mountPath: /data/db + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_USER + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_PASSWORD + resources: + requests: + memory: "250Mi" + cpu: "125m" + ephemeral-storage: "500Mi" + limits: + memory: "712Mi" + cpu: "550m" + ephemeral-storage: "3Gi" + volumeClaimTemplates: + - metadata: + name: mongo-persistent-storage + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: mongo + name: mongo-service +spec: + ports: + - port: 27017 + targetPort: 27017 + selector: + component: database +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: mongo + name: mongo-headless-service +spec: + clusterIP: None + ports: + - port: 27017 + targetPort: 27017 + selector: + component: database \ No newline at end of file diff --git a/mkdocs/docs/2.12.0/litmus-portal-crds-2.12.0.yml b/mkdocs/docs/2.12.0/litmus-portal-crds-2.12.0.yml new file mode 100644 index 00000000000..eeb4960e57e --- /dev/null +++ b/mkdocs/docs/2.12.0/litmus-portal-crds-2.12.0.yml @@ -0,0 +1,1488 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterworkflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: ClusterWorkflowTemplate + listKind: ClusterWorkflowTemplateList + plural: clusterworkflowtemplates + shortNames: + - clusterwftmpl + - cwft + singular: clusterworkflowtemplate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: cronworkflows.argoproj.io +spec: + group: argoproj.io + names: + kind: CronWorkflow + listKind: CronWorkflowList + plural: cronworkflows + shortNames: + - cwf + - cronwf + singular: cronworkflow + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status of the workflow + jsonPath: .status.phase + name: Status + type: string + - description: When the workflow was started + format: date-time + jsonPath: .status.startedAt + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtasksets.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTaskSet + listKind: WorkflowTaskSetList + plural: workflowtasksets + shortNames: + - wfts + singular: workflowtaskset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTemplate + listKind: WorkflowTemplateList + plural: workflowtemplates + shortNames: + - wftmpl + singular: workflowtemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtaskresults.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTaskResult + listKind: WorkflowTaskResultList + plural: workflowtaskresults + singular: workflowtaskresult + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + message: + type: string + metadata: + type: object + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + phase: + type: string + progress: + type: string + required: + - metadata + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: chaosengines.litmuschaos.io +spec: + group: litmuschaos.io + names: + kind: ChaosEngine + listKind: ChaosEngineList + plural: chaosengines + singular: chaosengine + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + x-kubernetes-preserve-unknown-fields: true + type: object + properties: + jobCleanUpPolicy: + type: string + pattern: ^(delete|retain)$ + # alternate ways to do this in case of complex pattern matches + #oneOf: + # - pattern: '^delete$' + # - pattern: '^retain$' + annotationCheck: + type: string + pattern: ^(true|false)$ + defaultAppHealthCheck: + type: string + pattern: ^(true|false)$ + appinfo: + type: object + properties: + appkind: + type: string + pattern: ^(^$|deployment|statefulset|daemonset|deploymentconfig|rollout)$ + applabel: + type: string + appns: + type: string + auxiliaryAppInfo: + type: string + engineState: + type: string + pattern: ^(active|stop)$ + chaosServiceAccount: + type: string + terminationGracePeriodSeconds: + type: integer + components: + type: object + properties: + runner: + x-kubernetes-preserve-unknown-fields: true + type: object + properties: + image: + type: string + type: + type: string + pattern: ^(go)$ + runnerAnnotations: + type: object + additionalProperties: + type: string + properties: + key: + type: string + minLength: 1 + value: + type: string + minLength: 1 + tolerations: + description: Pod's tolerations. + items: + description: The pod with this Toleration tolerates any taint matches the using the matching operator . + properties: + effect: + description: Effect to match. Empty means all effects. + type: string + key: + description: Taint key the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists. + type: string + operator: + description: Operators are Exists or Equal. Defaults to Equal. + type: string + tolerationSeconds: + description: Period of time the toleration tolerates the taint. + format: int64 + type: integer + value: + description: If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + experiments: + type: array + items: + type: object + properties: + name: + type: string + spec: + type: object + properties: + probe: + type: array + items: + type: object + required: + - runProperties + properties: + name: + type: string + type: + type: string + minLength: 1 + pattern: ^(k8sProbe|httpProbe|cmdProbe|promProbe)$ + k8sProbe/inputs: + type: object + properties: + group: + type: string + version: + type: string + resource: + type: string + namespace: + type: string + fieldSelector: + type: string + labelSelector: + type: string + operation: + type: string + pattern: ^(present|absent|create|delete)$ + minLength: 1 + cmdProbe/inputs: + type: object + properties: + command: + type: string + minLength: 1 + comparator: + type: object + properties: + type: + type: string + minLength: 1 + pattern: ^(int|float|string)$ + criteria: + type: string + value: + type: string + source: + type: object + properties: + image: + type: string + minLength: 1 + hostNetwork: + type: boolean + httpProbe/inputs: + type: object + properties: + url: + type: string + minLength: 1 + insecureSkipVerify: + type: boolean + responseTimeout: + type: integer + method: + type: object + minProperties: 1 + properties: + get: + type: object + properties: + criteria: + type: string + minLength: 1 + responseCode: + type: string + minLength: 1 + post: + type: object + properties: + contentType: + type: string + minLength: 1 + body: + type: string + bodyPath: + type: string + criteria: + type: string + minLength: 1 + responseCode: + type: string + minLength: 1 + promProbe/inputs: + type: object + properties: + endpoint: + type: string + query: + type: string + queryPath: + type: string + comparator: + type: object + properties: + criteria: + type: string + value: + type: string + runProperties: + type: object + minProperties: 3 + required: + - probeTimeout + - interval + - retry + properties: + probeTimeout: + type: integer + interval: + type: integer + retry: + type: integer + probePollingInterval: + type: integer + initialDelaySeconds: + type: integer + stopOnFailure: + type: boolean + mode: + type: string + pattern: ^(SOT|EOT|Edge|Continuous|OnChaos)$ + minLength: 1 + data: + type: string + components: + x-kubernetes-preserve-unknown-fields: true + type: object + properties: + statusCheckTimeouts: + type: object + properties: + delay: + type: integer + timeout: + type: integer + nodeSelector: + type: object + additionalProperties: + type: string + properties: + key: + type: string + minLength: 1 + allowEmptyValue: false + value: + type: string + minLength: 1 + allowEmptyValue: false + experimentImage: + type: string + env: + type: array + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, spec.nodeName, + spec.serviceAccountName, status.hostIP, + status.podIP.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + configMaps: + type: array + items: + type: object + properties: + name: + type: string + mountPath: + type: string + secrets: + type: array + items: + type: object + properties: + name: + type: string + mountPath: + type: string + experimentAnnotations: + type: object + additionalProperties: + type: string + properties: + key: + type: string + minLength: 1 + allowEmptyValue: false + value: + type: string + minLength: 1 + allowEmptyValue: false + tolerations: + description: Pod's tolerations. + items: + description: The pod with this Toleration tolerates any taint matches the using the matching operator . + properties: + effect: + description: Effect to match. Empty means all effects. + type: string + key: + description: Taint key the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists. + type: string + operator: + description: Operators are Exists or Equal. Defaults to Equal. + type: string + tolerationSeconds: + description: Period of time the toleration tolerates the taint. + format: int64 + type: integer + value: + description: If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: {} + conversion: + strategy: None +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: chaosexperiments.litmuschaos.io +spec: + group: litmuschaos.io + names: + kind: ChaosExperiment + listKind: ChaosExperimentList + plural: chaosexperiments + singular: chaosexperiment + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + description: + type: object + additionalProperties: + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + x-kubernetes-preserve-unknown-fields: true + type: object + spec: + type: object + properties: + definition: + x-kubernetes-preserve-unknown-fields: true + type: object + properties: + args: + type: array + items: + type: string + command: + type: array + items: + type: string + env: + type: array + items: + type: object + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, spec.nodeName, + spec.serviceAccountName, status.hostIP, + status.podIP.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + image: + type: string + imagePullPolicy: + type: string + labels: + type: object + additionalProperties: + type: string + scope: + type: string + pattern: ^(Namespaced|Cluster)$ + permissions: + type: array + items: + type: object + minProperties: 3 + required: + - apiGroups + - resources + - verbs + properties: + apiGroups: + type: array + items: + type: string + resources: + type: array + items: + type: string + verbs: + type: array + items: + type: string + resourceNames: + type: array + items: + type: string + nonResourceURLs: + type: array + items: + type: string + configMaps: + type: array + items: + type: object + minProperties: 2 + properties: + name: + type: string + allowEmptyValue: false + minLength: 1 + mountPath: + type: string + allowEmptyValue: false + minLength: 1 + secrets: + type: array + items: + type: object + minProperties: 2 + properties: + name: + type: string + allowEmptyValue: false + minLength: 1 + mountPath: + type: string + allowEmptyValue: false + minLength: 1 + hostFileVolumes: + type: array + items: + type: object + minProperties: 3 + properties: + name: + type: string + allowEmptyValue: false + minLength: 1 + mountPath: + type: string + allowEmptyValue: false + minLength: 1 + nodePath: + type: string + allowEmptyValue: false + minLength: 1 + securityContext: + x-kubernetes-preserve-unknown-fields: true + type: object + hostPID: + type: boolean + + served: true + storage: true + subresources: {} + conversion: + strategy: None +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: chaosresults.litmuschaos.io +spec: + group: litmuschaos.io + names: + kind: ChaosResult + listKind: ChaosResultList + plural: chaosresults + singular: chaosresult + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + x-kubernetes-preserve-unknown-fields: true + type: object + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: {} + conversion: + strategy: None +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: eventtrackerpolicies.eventtracker.litmuschaos.io +spec: + group: eventtracker.litmuschaos.io + names: + kind: EventTrackerPolicy + listKind: EventTrackerPolicyList + plural: eventtrackerpolicies + singular: eventtrackerpolicy + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: EventTrackerPolicy is the Schema for the eventtrackerpolicies + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EventTrackerPolicySpec defines the desired state of EventTrackerPolicy + properties: + condition_type: + type: string + conditions: + items: + properties: + key: + type: string + operator: + type: string + value: + type: string + type: object + type: array + type: object + statuses: + items: + description: EventTrackerPolicyStatus defines the observed state of + EventTrackerPolicy + properties: + is_triggered: + type: string + resource: + type: string + resource_name: + type: string + result: + type: string + time_stamp: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + workflow_id: + type: string + type: object + type: array + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/mkdocs/docs/2.12.0/upgrade-agent.yaml b/mkdocs/docs/2.12.0/upgrade-agent.yaml new file mode 100644 index 00000000000..a7b3fa53643 --- /dev/null +++ b/mkdocs/docs/2.12.0/upgrade-agent.yaml @@ -0,0 +1,20 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: upgrade-agent + namespace: litmus +spec: + ttlSecondsAfterFinished: 60 + backoffLimit: 0 + template: + spec: + containers: + - name: upgrade-agent + image: litmuschaos/upgrade-agent-cp:2.12.0 + envFrom: + - configMapRef: + name: litmus-portal-admin-config + - secretRef: + name: litmus-portal-admin-secret + imagePullPolicy: Always + restartPolicy: Never