diff --git a/application/v3/kustomization.yaml b/application/v3/kustomization.yaml index c2a802fba..1178d2b18 100644 --- a/application/v3/kustomization.yaml +++ b/application/v3/kustomization.yaml @@ -7,6 +7,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow nameprefix: application-controller- +commonLabels: + app.kubernetes.io/component: kubeflow + app.kubernetes.io/name: kubeflow resources: - ../application-crds/base - ../application/base/cluster-role.yaml diff --git a/kfdef/kfctl_ibm.yaml b/kfdef/kfctl_ibm.yaml index f45ce7dba..ad093a020 100644 --- a/kfdef/kfctl_ibm.yaml +++ b/kfdef/kfctl_ibm.yaml @@ -4,349 +4,96 @@ metadata: namespace: kubeflow spec: applications: + # Install istio in a different namespace: istio-system + # Remove this application if istio is already installed - kustomizeConfig: - parameters: - - name: namespace - value: istio-system repoRef: name: manifests - path: istio/istio-crds - name: istio-crds + path: stacks/ibm/application/istio-stack + name: istio-stack - kustomizeConfig: - parameters: - - name: namespace - value: istio-system repoRef: name: manifests - path: istio/istio-install - name: istio-install - - kustomizeConfig: - parameters: - - name: namespace - value: istio-system - repoRef: - name: manifests - path: istio/cluster-local-gateway + path: stacks/ibm/application/cluster-local-gateway name: cluster-local-gateway - kustomizeConfig: - parameters: - - name: clusterRbacConfig - value: 'OFF' repoRef: name: manifests - path: istio/istio + path: stacks/ibm/application/istio name: istio - kustomizeConfig: - parameters: - - name: namespace - value: istio-system repoRef: name: manifests - path: istio/add-anonymous-user-filter + path: stacks/ibm/application/add-anonymous-user-filter name: add-anonymous-user-filter - kustomizeConfig: repoRef: name: manifests - path: application/application-crds - name: application-crds - - kustomizeConfig: - overlays: - - application - repoRef: - name: manifests - path: application/application + path: application/v3 name: application - kustomizeConfig: - parameters: - - name: namespace - value: cert-manager repoRef: name: manifests - path: cert-manager/cert-manager-crds - name: cert-manager-crds - - kustomizeConfig: - parameters: - - name: namespace - value: kube-system - repoRef: - name: manifests - path: cert-manager/cert-manager-kube-system-resources - name: cert-manager-kube-system-resources - - kustomizeConfig: - overlays: - - self-signed - - application - parameters: - - name: namespace - value: cert-manager - repoRef: - name: manifests - path: cert-manager/cert-manager - name: cert-manager - - kustomizeConfig: - repoRef: - name: manifests - path: metacontroller - name: metacontroller - - kustomizeConfig: - overlays: - - istio - - application - parameters: - - name: containerRuntimeExecutor - value: pns - repoRef: - name: manifests - path: argo - name: argo - - kustomizeConfig: - repoRef: - name: manifests - path: kubeflow-roles - name: kubeflow-roles - - kustomizeConfig: - overlays: - - istio - - application - repoRef: - name: manifests - path: common/centraldashboard - name: centraldashboard - - kustomizeConfig: - overlays: - - application - repoRef: - name: manifests - path: admission-webhook/bootstrap + path: stacks/ibm/application/bootstrap name: bootstrap - kustomizeConfig: - overlays: - - application repoRef: name: manifests - path: admission-webhook/webhook - name: webhook + path: stacks/ibm/application/cert-manager-crds + name: cert-manager-crds - kustomizeConfig: - overlays: - - istio - - application - parameters: - - name: userid-header - value: kubeflow-userid repoRef: name: manifests - path: jupyter/jupyter-web-app - name: jupyter-web-app + path: stacks/ibm/application/cert-manager-kube-system-resources + name: cert-manager-kube-system-resources - kustomizeConfig: - overlays: - - application repoRef: name: manifests - path: spark/spark-operator - name: spark-operator + path: stacks/ibm/application/cert-manager + name: cert-manager + # Install Kubeflow applications. - kustomizeConfig: - overlays: - - istio - - application - - ibm-storage-config - - db repoRef: name: manifests - path: metadata + path: stacks/ibm + name: kubeflow-apps + - kustomizeConfig: + repoRef: + name: manifests + path: metacontroller/base + name: metacontroller + - kustomizeConfig: + repoRef: + name: manifests + path: stacks/ibm/application/metadata name: metadata - kustomizeConfig: - overlays: - - istio - - application repoRef: name: manifests - path: jupyter/notebook-controller - name: notebook-controller + path: stacks/ibm/application/spark-operator + name: spark-operator - kustomizeConfig: - overlays: - - application repoRef: name: manifests - path: pytorch-job/pytorch-job-crds - name: pytorch-job-crds + path: knative/installs/generic + name: knative - kustomizeConfig: - overlays: - - application repoRef: name: manifests - path: pytorch-job/pytorch-operator - name: pytorch-operator + path: kfserving/installs/generic + name: kfserving + # Spartakus is a separate applications so that kfctl can remove it + # to disable usage reporting - kustomizeConfig: - overlays: - - application - parameters: - - name: namespace - value: knative-serving repoRef: name: manifests - path: knative/knative-serving-crds - name: knative-crds - - kustomizeConfig: - overlays: - - application - parameters: - - name: namespace - value: knative-serving - repoRef: - name: manifests - path: knative/knative-serving-install - name: knative-install - - kustomizeConfig: - overlays: - - application - repoRef: - name: manifests - path: kfserving/kfserving-crds - name: kfserving-crds - - kustomizeConfig: - overlays: - - application - repoRef: - name: manifests - path: kfserving/kfserving-install - name: kfserving-install - - kustomizeConfig: - overlays: - - application - parameters: - - name: usageId - value: - - name: reportUsage - value: 'true' - repoRef: - name: manifests - path: common/spartakus + path: stacks/ibm/application/spartakus name: spartakus - kustomizeConfig: - overlays: - - istio repoRef: name: manifests - path: tensorboard + path: stacks/ibm/application/tensorboard name: tensorboard - - kustomizeConfig: - overlays: - - application - repoRef: - name: manifests - path: tf-training/tf-job-crds - name: tf-job-crds - - kustomizeConfig: - overlays: - - application - repoRef: - name: manifests - path: tf-training/tf-job-operator - name: tf-job-operator - - kustomizeConfig: - overlays: - - application - repoRef: - name: manifests - path: katib/katib-crds - name: katib-crds - - kustomizeConfig: - overlays: - - application - - istio - - ibm-storage-config - repoRef: - name: manifests - path: katib/katib-controller - name: katib-controller - - kustomizeConfig: - overlays: - - application - repoRef: - name: manifests - path: pipeline/api-service - name: api-service - - kustomizeConfig: - overlays: - - application - parameters: - - name: minioPvcName - value: minio-pv-claim - repoRef: - name: manifests - path: pipeline/minio - name: minio - - kustomizeConfig: - overlays: - - application - parameters: - - name: mysqlPvcName - value: mysql-pv-claim - repoRef: - name: manifests - path: pipeline/mysql - name: mysql - - kustomizeConfig: - overlays: - - application - repoRef: - name: manifests - path: pipeline/persistent-agent - name: persistent-agent - - kustomizeConfig: - overlays: - - application - repoRef: - name: manifests - path: pipeline/pipelines-runner - name: pipelines-runner - - kustomizeConfig: - overlays: - - istio - - application - repoRef: - name: manifests - path: pipeline/pipelines-ui - name: pipelines-ui - - kustomizeConfig: - overlays: - - application - repoRef: - name: manifests - path: pipeline/pipelines-viewer - name: pipelines-viewer - - kustomizeConfig: - overlays: - - application - repoRef: - name: manifests - path: pipeline/scheduledworkflow - name: scheduledworkflow - - kustomizeConfig: - overlays: - - application - repoRef: - name: manifests - path: pipeline/pipeline-visualization-service - name: pipeline-visualization-service - - kustomizeConfig: - overlays: - - application - - istio - parameters: - - name: admin - value: example@kubeflow.org - repoRef: - name: manifests - path: profiles - name: profiles - - kustomizeConfig: - overlays: - - application - repoRef: - name: manifests - path: seldon/seldon-core-operator - name: seldon-core-operator repos: - name: manifests uri: https://github.com/kubeflow/manifests/archive/master.tar.gz diff --git a/kfserving/kubeflow/kustomization.yaml b/kfserving/installs/generic/kustomization.yaml similarity index 56% rename from kfserving/kubeflow/kustomization.yaml rename to kfserving/installs/generic/kustomization.yaml index 9d5555a04..196af1ca0 100644 --- a/kfserving/kubeflow/kustomization.yaml +++ b/kfserving/installs/generic/kustomization.yaml @@ -2,17 +2,17 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow resources: -- ../kfserving-crds/base -- ../kfserving-crds/overlays/application -- ../kfserving-install/base/cert.yaml -- ../kfserving-install/base/config-map.yaml -- ../kfserving-install/base/cluster-role-binding.yaml -- ../kfserving-install/base/cluster-role.yaml -- ../kfserving-install/base/secret.yaml -- ../kfserving-install/base/statefulset.yaml -- ../kfserving-install/base/service.yaml -- ../kfserving-install/base/webhook.yaml -- ../kfserving-install/overlays/application +- ../../kfserving-crds/base +- ../../kfserving-crds/overlays/application +- ../../kfserving-install/base/cert.yaml +- ../../kfserving-install/base/config-map.yaml +- ../../kfserving-install/base/cluster-role-binding.yaml +- ../../kfserving-install/base/cluster-role.yaml +- ../../kfserving-install/base/secret.yaml +- ../../kfserving-install/base/statefulset.yaml +- ../../kfserving-install/base/service.yaml +- ../../kfserving-install/base/webhook.yaml +- ../../kfserving-install/overlays/application commonLabels: app: kfserving kustomize.component: kfserving @@ -21,9 +21,11 @@ commonLabels: app.kuberenets.io/name: kfserving-install app.kuberenets.io/managed-by: kfctl app.kuberenets.io/part-of: kubeflow +generatorOptions: + disableNameSuffixHash: true configMapGenerator: - envs: - - ../kfserving-install/base/params.env + - ../../kfserving-install/base/params.env name: kfserving-config vars: - name: registry @@ -34,7 +36,7 @@ vars: fieldref: fieldpath: data.registry configurations: -- ../kfserving-install/base/params.yaml +- ../../kfserving-install/base/params.yaml images: - name: gcr.io/kubebuilder/kube-rbac-proxy newName: gcr.io/kubebuilder/kube-rbac-proxy diff --git a/knative/kubeflow/kustomization.yaml b/knative/installs/generic/kustomization.yaml similarity index 66% rename from knative/kubeflow/kustomization.yaml rename to knative/installs/generic/kustomization.yaml index af52c5092..8178ad70a 100644 --- a/knative/kubeflow/kustomization.yaml +++ b/knative/installs/generic/kustomization.yaml @@ -2,25 +2,24 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: knative-serving resources: -- ../knative-serving-crds/base -- ../knative-serving-crds/overlays/application -- ../knative-serving-install/base/gateway.yaml -- ../knative-serving-install/base/cluster-role.yaml -- ../knative-serving-install/base/cluster-role-binding.yaml -- ../knative-serving-install/base/service-role.yaml -- ../knative-serving-install/base/service-role-binding.yaml -- ../knative-serving-install/base/role-binding.yaml -- ../knative-serving-install/base/config-map.yaml -- ../knative-serving-install/base/deployment.yaml -- ../knative-serving-install/base/service-account.yaml -- ../knative-serving-install/base/service.yaml -- ../knative-serving-install/base/apiservice.yaml -- ../knative-serving-install/base/image.yaml -- ../knative-serving-install/base/hpa.yaml -- ../knative-serving-install/base/webhook-configuration.yaml -- ../knative-serving-install/overlays/application +- ../../knative-serving-crds/base +- ../../knative-serving-crds/overlays/application +- ../../knative-serving-install/base/gateway.yaml +- ../../knative-serving-install/base/cluster-role.yaml +- ../../knative-serving-install/base/cluster-role-binding.yaml +- ../../knative-serving-install/base/service-role.yaml +- ../../knative-serving-install/base/service-role-binding.yaml +- ../../knative-serving-install/base/role-binding.yaml +- ../../knative-serving-install/base/config-map.yaml +- ../../knative-serving-install/base/deployment.yaml +- ../../knative-serving-install/base/service-account.yaml +- ../../knative-serving-install/base/service.yaml +- ../../knative-serving-install/base/apiservice.yaml +- ../../knative-serving-install/base/image.yaml +- ../../knative-serving-install/base/hpa.yaml +- ../../knative-serving-install/base/webhook-configuration.yaml +- ../../knative-serving-install/overlays/application commonLabels: - app: knative kustomize.component: knative app.kubernetes.io/component: knative-serving-install app.kuberenets.io/instance: knative-serving-install diff --git a/pipeline/minio/installs/ibm/OWNERS b/pipeline/minio/installs/ibm/OWNERS new file mode 100644 index 000000000..0e5c85d5a --- /dev/null +++ b/pipeline/minio/installs/ibm/OWNERS @@ -0,0 +1,4 @@ +approvers: +- adrian555 +- animeshsingh +- tomcli diff --git a/pipeline/minio/installs/ibm/deployment-patch.yaml b/pipeline/minio/installs/ibm/deployment-patch.yaml new file mode 100644 index 000000000..6cb7f3e9e --- /dev/null +++ b/pipeline/minio/installs/ibm/deployment-patch.yaml @@ -0,0 +1,11 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio +spec: + template: + spec: + volumes: + - name: data + persistentVolumeClaim: + claimName: $(minioPvcName) diff --git a/pipeline/minio/installs/ibm/kustomization.yaml b/pipeline/minio/installs/ibm/kustomization.yaml new file mode 100644 index 000000000..98adc10d7 --- /dev/null +++ b/pipeline/minio/installs/ibm/kustomization.yaml @@ -0,0 +1,32 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio +resources: +- ../../../upstream/env/platform-agnostic/minio/ +- ../../../upstream/base/argo/minio-artifact-secret.yaml # TODO: move it to minio/ folder +- ../../overlays/application/application.yaml +- persistent-volume-claim.yaml +patchesStrategicMerge: +- deployment-patch.yaml +generatorOptions: + disableNameSuffixHash: true +configMapGenerator: +- name: pipeline-minio-parameters + envs: + - params.env +vars: +- name: minioPvcName + objref: + kind: ConfigMap + name: pipeline-minio-parameters + apiVersion: v1 + fieldref: + fieldpath: data.minioPvcName +images: +- name: minio/minio + newTag: RELEASE.2018-02-09T22-40-05Z + newName: minio/minio +configurations: +- params.yaml diff --git a/pipeline/minio/installs/ibm/params.env b/pipeline/minio/installs/ibm/params.env new file mode 100644 index 000000000..6fcd0ee8f --- /dev/null +++ b/pipeline/minio/installs/ibm/params.env @@ -0,0 +1 @@ +minioPvcName= diff --git a/pipeline/minio/installs/ibm/params.yaml b/pipeline/minio/installs/ibm/params.yaml new file mode 100644 index 000000000..3c356639a --- /dev/null +++ b/pipeline/minio/installs/ibm/params.yaml @@ -0,0 +1,5 @@ +varReference: +- path: spec/template/spec/volumes/persistentVolumeClaim/claimName + kind: Deployment +- path: metadata/name + kind: PersistentVolumeClaim diff --git a/pipeline/minio/installs/ibm/persistent-volume-claim.yaml b/pipeline/minio/installs/ibm/persistent-volume-claim.yaml new file mode 100644 index 000000000..4b4cf714b --- /dev/null +++ b/pipeline/minio/installs/ibm/persistent-volume-claim.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: $(minioPvcName) +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/pipeline/mysql/installs/ibm/OWNERS b/pipeline/mysql/installs/ibm/OWNERS new file mode 100644 index 000000000..0e5c85d5a --- /dev/null +++ b/pipeline/mysql/installs/ibm/OWNERS @@ -0,0 +1,4 @@ +approvers: +- adrian555 +- animeshsingh +- tomcli diff --git a/pipeline/mysql/installs/ibm/deployment-patch.yaml b/pipeline/mysql/installs/ibm/deployment-patch.yaml new file mode 100644 index 000000000..2d6e28b36 --- /dev/null +++ b/pipeline/mysql/installs/ibm/deployment-patch.yaml @@ -0,0 +1,11 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysql +spec: + template: + spec: + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: $(mysqlPvcName) diff --git a/pipeline/mysql/installs/ibm/kustomization.yaml b/pipeline/mysql/installs/ibm/kustomization.yaml new file mode 100644 index 000000000..784bb1e96 --- /dev/null +++ b/pipeline/mysql/installs/ibm/kustomization.yaml @@ -0,0 +1,30 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql +resources: +- ../generic +generatorOptions: + disableNameSuffixHash: true +configMapGenerator: +- name: pipeline-mysql-parameters + envs: + - params.env +vars: +- name: mysqlPvcName + objref: + kind: ConfigMap + name: pipeline-mysql-parameters + apiVersion: v1 + fieldref: + fieldpath: data.mysqlPvcName +images: +- name: mysql + newTag: '5.6' + newName: mysql +configurations: +- params.yaml +patchesStrategicMerge: +- deployment-patch.yaml diff --git a/pipeline/mysql/installs/ibm/params.env b/pipeline/mysql/installs/ibm/params.env new file mode 100644 index 000000000..f17d371b1 --- /dev/null +++ b/pipeline/mysql/installs/ibm/params.env @@ -0,0 +1 @@ +mysqlPvcName= diff --git a/pipeline/mysql/installs/ibm/params.yaml b/pipeline/mysql/installs/ibm/params.yaml new file mode 100644 index 000000000..5f19982ed --- /dev/null +++ b/pipeline/mysql/installs/ibm/params.yaml @@ -0,0 +1,5 @@ +varReference: +- path: spec/template/spec/volumes/persistentVolumeClaim/claimName + kind: Deployment +- path: metadata/name + kind: PersistentVolumeClaim \ No newline at end of file diff --git a/stacks/ibm/OWNERS b/stacks/ibm/OWNERS new file mode 100644 index 000000000..0e5c85d5a --- /dev/null +++ b/stacks/ibm/OWNERS @@ -0,0 +1,4 @@ +approvers: +- adrian555 +- animeshsingh +- tomcli diff --git a/stacks/ibm/application/add-anonymous-user-filter/kustomization.yaml b/stacks/ibm/application/add-anonymous-user-filter/kustomization.yaml new file mode 100644 index 000000000..3a282e21d --- /dev/null +++ b/stacks/ibm/application/add-anonymous-user-filter/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: istio-system +resources: +- ../../../../istio/add-anonymous-user-filter/base diff --git a/stacks/ibm/application/bootstrap/kustomization.yaml b/stacks/ibm/application/bootstrap/kustomization.yaml new file mode 100644 index 000000000..bd0df0dc8 --- /dev/null +++ b/stacks/ibm/application/bootstrap/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- ../../../../admission-webhook/bootstrap/overlays/application diff --git a/stacks/ibm/application/cert-manager-crds/kustomization.yaml b/stacks/ibm/application/cert-manager-crds/kustomization.yaml new file mode 100644 index 000000000..7046d1031 --- /dev/null +++ b/stacks/ibm/application/cert-manager-crds/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cert-manager +resources: +- ../../../../cert-manager/cert-manager-crds/base diff --git a/stacks/ibm/application/cert-manager-kube-system-resources/kustomization.yaml b/stacks/ibm/application/cert-manager-kube-system-resources/kustomization.yaml new file mode 100644 index 000000000..35d670069 --- /dev/null +++ b/stacks/ibm/application/cert-manager-kube-system-resources/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +resources: +- ../../../../cert-manager/cert-manager-kube-system-resources/base diff --git a/stacks/ibm/application/cert-manager/kustomization.yaml b/stacks/ibm/application/cert-manager/kustomization.yaml new file mode 100644 index 000000000..dde74a1c8 --- /dev/null +++ b/stacks/ibm/application/cert-manager/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +commonLabels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager +kind: Kustomization +namespace: cert-manager +resources: +- ../../../../cert-manager/cert-manager/base +- ../../../../cert-manager/cert-manager/overlays/application/application.yaml +- ../../../../cert-manager/cert-manager/overlays/self-signed/cluster-issuer.yaml +configurations: +- ../../../../cert-manager/cert-manager/overlays/application/params.yaml diff --git a/stacks/ibm/application/cluster-local-gateway/kustomization.yaml b/stacks/ibm/application/cluster-local-gateway/kustomization.yaml new file mode 100644 index 000000000..009137420 --- /dev/null +++ b/stacks/ibm/application/cluster-local-gateway/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: istio-system +resources: +- ../../../../istio/cluster-local-gateway/base diff --git a/stacks/ibm/application/istio-stack/kustomization.yaml b/stacks/ibm/application/istio-stack/kustomization.yaml new file mode 100644 index 000000000..ca325cebb --- /dev/null +++ b/stacks/ibm/application/istio-stack/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: istio-system +resources: +- ../../../../istio/istio-crds/base +- ../../../../istio/istio-install/base diff --git a/stacks/ibm/application/istio/kustomization.yaml b/stacks/ibm/application/istio/kustomization.yaml new file mode 100644 index 000000000..3552e9367 --- /dev/null +++ b/stacks/ibm/application/istio/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- ../../../../istio/istio/base +configMapGenerator: +- name: istio-parameters + behavior: merge + envs: + - params.env +configurations: +- params.yaml diff --git a/stacks/ibm/application/istio/params.env b/stacks/ibm/application/istio/params.env new file mode 100644 index 000000000..b39a74576 --- /dev/null +++ b/stacks/ibm/application/istio/params.env @@ -0,0 +1 @@ +clusterRbacConfig=OFF diff --git a/stacks/ibm/application/istio/params.yaml b/stacks/ibm/application/istio/params.yaml new file mode 100644 index 000000000..e894f9bd6 --- /dev/null +++ b/stacks/ibm/application/istio/params.yaml @@ -0,0 +1,3 @@ +varReference: +- path: spec/mode + kind: ClusterRbacConfig diff --git a/stacks/ibm/application/jupyter-web-app/README.md b/stacks/ibm/application/jupyter-web-app/README.md new file mode 100644 index 000000000..976b85d8d --- /dev/null +++ b/stacks/ibm/application/jupyter-web-app/README.md @@ -0,0 +1 @@ +Note: the approach to have the `base` in a sub-directory is to avoid the problem of current `namePrefix` incapability to skip adding to certain resources. In this case, they are `VirtualService` and `Application`. For these, we want the name to be `jupyter-web-app` instead of `jupyter-web-app-jupyter-web-app`. diff --git a/stacks/ibm/application/jupyter-web-app/base/deployment_patch.yaml b/stacks/ibm/application/jupyter-web-app/base/deployment_patch.yaml new file mode 100644 index 000000000..34e949340 --- /dev/null +++ b/stacks/ibm/application/jupyter-web-app/base/deployment_patch.yaml @@ -0,0 +1,33 @@ +# TODO(https://github.com/kubeflow/manifests/issues/774): This is a patch +# that pulls out from core the parts that should be in pulled into stacks. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment +spec: + template: + spec: + containers: + - name: jupyter-web-app + imagePullPolicy: $(policy) + env: + - name: ROK_SECRET_NAME + valueFrom: + configMapKeyRef: + name: jupyter-web-app-parameters + key: ROK_SECRET_NAME + - name: UI + valueFrom: + configMapKeyRef: + name: jupyter-web-app-parameters + key: UI + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + name: kubeflow-config + key: userid-header + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + name: kubeflow-config + key: userid-prefix diff --git a/stacks/ibm/application/jupyter-web-app/base/kustomization.yaml b/stacks/ibm/application/jupyter-web-app/base/kustomization.yaml new file mode 100644 index 000000000..367956394 --- /dev/null +++ b/stacks/ibm/application/jupyter-web-app/base/kustomization.yaml @@ -0,0 +1,49 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + app: jupyter-web-app + kustomize.component: jupyter-web-app +namePrefix: jupyter-web-app- +namespace: kubeflow +images: +- name: gcr.io/kubeflow-images-public/jupyter-web-app + newName: gcr.io/kubeflow-images-public/jupyter-web-app + newTag: vmaster-gd9be4b9e +resources: +- ../../../../../jupyter/jupyter-web-app/base/cluster-role-binding.yaml +- ../../../../../jupyter/jupyter-web-app/base/cluster-role.yaml +- ../../../../../jupyter/jupyter-web-app/base/deployment.yaml +- ../../../../../jupyter/jupyter-web-app/base/role-binding.yaml +- ../../../../../jupyter/jupyter-web-app/base/role.yaml +- ../../../../../jupyter/jupyter-web-app/base/service-account.yaml +- ../../../../../jupyter/jupyter-web-app/base/service.yaml +patchesStrategicMerge: +- deployment_patch.yaml +generatorOptions: + disableNameSuffixHash: true +configMapGenerator: +- name: jupyter-web-app-config + files: + - ../../../../../jupyter/jupyter-web-app/base/configs/spawner_ui_config.yaml +- name: parameters + envs: + - params.env +vars: +- fieldref: + fieldPath: data.policy + name: policy + objref: + apiVersion: v1 + kind: ConfigMap + name: parameters +- fieldref: + fieldPath: data.prefix + name: prefix + objref: + apiVersion: v1 + kind: ConfigMap + name: parameters +configurations: +- params.yaml diff --git a/stacks/ibm/application/jupyter-web-app/base/params.env b/stacks/ibm/application/jupyter-web-app/base/params.env new file mode 100644 index 000000000..0d6dd9289 --- /dev/null +++ b/stacks/ibm/application/jupyter-web-app/base/params.env @@ -0,0 +1,4 @@ +UI=default +ROK_SECRET_NAME=secret-rok-{username} +policy=Always +prefix=jupyter diff --git a/stacks/ibm/application/jupyter-web-app/base/params.yaml b/stacks/ibm/application/jupyter-web-app/base/params.yaml new file mode 100644 index 000000000..c665650a1 --- /dev/null +++ b/stacks/ibm/application/jupyter-web-app/base/params.yaml @@ -0,0 +1,7 @@ +varReference: +- path: spec/template/spec/containers/imagePullPolicy + kind: Deployment +- path: metadata/annotations/getambassador.io\/config + kind: Service +- path: spec/http/route/destination/host + kind: VirtualService diff --git a/stacks/ibm/application/jupyter-web-app/kustomization.yaml b/stacks/ibm/application/jupyter-web-app/kustomization.yaml new file mode 100644 index 000000000..10fe1d1d9 --- /dev/null +++ b/stacks/ibm/application/jupyter-web-app/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- base +- ../../../../jupyter/jupyter-web-app/overlays/istio +- ../../../../jupyter/jupyter-web-app/overlays/application diff --git a/stacks/ibm/application/metadata/kustomization.yaml b/stacks/ibm/application/metadata/kustomization.yaml new file mode 100644 index 000000000..f74ce7319 --- /dev/null +++ b/stacks/ibm/application/metadata/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +commonLabels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata +resources: +- ../../../../metadata/overlays/db +- ../../../../metadata/overlays/application/application.yaml +- ../../../../metadata/overlays/istio/virtual-service.yaml +- ../../../../metadata/overlays/istio/virtual-service-metadata-grpc.yaml +configurations: +- ../../../../metadata/overlays/istio/params.yaml +images: + - name: mysql + newTag: "5.6" + newName: mysql diff --git a/stacks/ibm/application/notebook-controller/README.md b/stacks/ibm/application/notebook-controller/README.md new file mode 100644 index 000000000..520d7af56 --- /dev/null +++ b/stacks/ibm/application/notebook-controller/README.md @@ -0,0 +1 @@ +Note: the approach to have the `base` in a sub-directory is to avoid the problem of current `namePrefix` incapability to skip adding to certain resources. In this case, they are `VirtualService` and `Application`. For these, we want the name to be `notebook-controller` instead of `notebook-controller-notebook-controller`. diff --git a/stacks/ibm/application/notebook-controller/base/deployment_patch.yaml b/stacks/ibm/application/notebook-controller/base/deployment_patch.yaml new file mode 100644 index 000000000..e1ea7a60d --- /dev/null +++ b/stacks/ibm/application/notebook-controller/base/deployment_patch.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment +spec: + template: + spec: + containers: + - name: manager + env: + - name: USE_ISTIO + valueFrom: + configMapKeyRef: + name: notebook-controller-config + key: USE_ISTIO + - name: ISTIO_GATEWAY + valueFrom: + configMapKeyRef: + name: notebook-controller-config + key: ISTIO_GATEWAY + \ No newline at end of file diff --git a/stacks/ibm/application/notebook-controller/base/kustomization.yaml b/stacks/ibm/application/notebook-controller/base/kustomization.yaml new file mode 100644 index 000000000..3b457e4aa --- /dev/null +++ b/stacks/ibm/application/notebook-controller/base/kustomization.yaml @@ -0,0 +1,29 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namePrefix: notebook-controller- +namespace: kubeflow +commonLabels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller +generatorOptions: + disableNameSuffixHash: true +configMapGenerator: +- literals: + - USE_ISTIO=true + - ISTIO_GATEWAY=kubeflow/kubeflow-gateway + name: config +images: +- name: gcr.io/kubeflow-images-public/notebook-controller + newName: gcr.io/kubeflow-images-public/notebook-controller + newTag: vmaster-gf39279c0 +patchesStrategicMerge: +- deployment_patch.yaml +resources: +- ../../../../../jupyter/notebook-controller/base/cluster-role-binding.yaml +- ../../../../../jupyter/notebook-controller/base/cluster-role.yaml +- ../../../../../jupyter/notebook-controller/base/crd.yaml +- ../../../../../jupyter/notebook-controller/base/deployment.yaml +- ../../../../../jupyter/notebook-controller/base/service-account.yaml +- ../../../../../jupyter/notebook-controller/base/service.yaml diff --git a/stacks/ibm/application/notebook-controller/kustomization.yaml b/stacks/ibm/application/notebook-controller/kustomization.yaml new file mode 100644 index 000000000..018bc13c7 --- /dev/null +++ b/stacks/ibm/application/notebook-controller/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller +resources: +- base +- ../../../../jupyter/notebook-controller/overlays/application/application.yaml diff --git a/stacks/ibm/application/pipelines-ui/kustomization.yaml b/stacks/ibm/application/pipelines-ui/kustomization.yaml new file mode 100644 index 000000000..465579a72 --- /dev/null +++ b/stacks/ibm/application/pipelines-ui/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +commonLabels: + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui +resources: + - ../../../../pipeline/pipelines-ui/overlays/istio + - ../../../../pipeline/pipelines-ui/overlays/application/application.yaml diff --git a/stacks/ibm/application/profiles/base/deployment_patch.yaml b/stacks/ibm/application/profiles/base/deployment_patch.yaml new file mode 100644 index 000000000..a630e2205 --- /dev/null +++ b/stacks/ibm/application/profiles/base/deployment_patch.yaml @@ -0,0 +1,58 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment +spec: + template: + spec: + containers: + - command: + - /manager + - -userid-header + - $(USERID_HEADER) + - -userid-prefix + - $(USERID_PREFIX) + - -workload-identity + - $(WORKLOAD_IDENTITY) + args: [] + name: manager + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + name: kubeflow-config + key: userid-header + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + name: kubeflow-config + key: userid-prefix + - name: WORKLOAD_IDENTITY + valueFrom: + configMapKeyRef: + name: profiles-config + key: gcp-sa + - command: + - /access-management + - -cluster-admin + - $(CLUSTER_ADMIN) + - -userid-prefix + - $(USERID_PREFIX) + args: [] + name: kfam + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + name: kubeflow-config + key: userid-header + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + name: kubeflow-config + key: userid-prefix + - name: CLUSTER_ADMIN + valueFrom: + configMapKeyRef: + name: profiles-config + key: admin diff --git a/stacks/ibm/application/profiles/base/kustomization.yaml b/stacks/ibm/application/profiles/base/kustomization.yaml new file mode 100644 index 000000000..16db68feb --- /dev/null +++ b/stacks/ibm/application/profiles/base/kustomization.yaml @@ -0,0 +1,27 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namePrefix: profiles- +commonLabels: + kustomize.component: profiles +images: +- name: gcr.io/kubeflow-images-public/kfam + newName: gcr.io/kubeflow-images-public/kfam + newTag: vmaster-gf3e09203 +- name: gcr.io/kubeflow-images-public/profile-controller + newName: gcr.io/kubeflow-images-public/profile-controller + newTag: vmaster-g34aa47c2 +resources: +- ../../../../../profiles/base/cluster-role-binding.yaml +- ../../../../../profiles/base/crd.yaml +- ../../../../../profiles/base/deployment.yaml +- ../../../../../profiles/base/service.yaml +- ../../../../../profiles/base/service-account.yaml +patchesStrategicMerge: +- deployment_patch.yaml +configMapGenerator: +# We need the name to be unique without the suffix because the original name is what +# gets used with patches +- name: profiles-config + literals: + - admin= + - gcp-sa= diff --git a/stacks/ibm/application/profiles/kustomization.yaml b/stacks/ibm/application/profiles/kustomization.yaml new file mode 100644 index 000000000..4d5d92ad3 --- /dev/null +++ b/stacks/ibm/application/profiles/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles +resources: +- base +- ../../../../profiles/overlays/istio/virtual-service.yaml +- ../../../../profiles/overlays/application/application.yaml diff --git a/stacks/ibm/application/spark-operator/kustomization.yaml b/stacks/ibm/application/spark-operator/kustomization.yaml new file mode 100644 index 000000000..0928ac443 --- /dev/null +++ b/stacks/ibm/application/spark-operator/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- ../../../../spark/spark-operator/overlays/application diff --git a/stacks/ibm/application/spartakus/kustomization.yaml b/stacks/ibm/application/spartakus/kustomization.yaml new file mode 100644 index 000000000..10560182c --- /dev/null +++ b/stacks/ibm/application/spartakus/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- ../../../../common/spartakus/overlays/application +configMapGenerator: +- name: spartakus-config + behavior: merge + literals: + - usageId= diff --git a/stacks/ibm/application/tensorboard/kustomization.yaml b/stacks/ibm/application/tensorboard/kustomization.yaml new file mode 100644 index 000000000..a39c7fed0 --- /dev/null +++ b/stacks/ibm/application/tensorboard/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- ../../../../tensorboard/overlays/istio +configMapGenerator: +- name: parameters + behavior: merge + literals: + - namespace=kubeflow diff --git a/stacks/ibm/config/params.env b/stacks/ibm/config/params.env new file mode 100644 index 000000000..1eaf03bab --- /dev/null +++ b/stacks/ibm/config/params.env @@ -0,0 +1,3 @@ +clusterDomain=cluster.local +userid-header=kubeflow-userid +userid-prefix= diff --git a/stacks/ibm/kustomization.yaml b/stacks/ibm/kustomization.yaml new file mode 100644 index 000000000..72e6b2954 --- /dev/null +++ b/stacks/ibm/kustomization.yaml @@ -0,0 +1,70 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: + - ../../admission-webhook/webhook/v3 + - ../../common/centraldashboard/overlays/stacks + - ../../kubeflow-roles/base + - application/jupyter-web-app + - application/notebook-controller + - application/profiles + - ../../argo/base_v3 + - ../../pipeline/api-service/overlays/application + - ../../pipeline/minio/installs/ibm + - ../../pipeline/mysql/installs/ibm + - ../../pipeline/persistent-agent/overlays/application + - ../../pipeline/pipelines-runner/overlays/application + - application/pipelines-ui + - ../../pipeline/pipelines-viewer/overlays/application + - ../../pipeline/scheduledworkflow/overlays/application + - ../../pipeline/pipeline-visualization-service/overlays/application + - ../../pytorch-job/pytorch-job-crds/overlays/application + - ../../pytorch-job/pytorch-operator/overlays/application + - ../../tf-training/tf-job-crds/overlays/application + - ../../tf-training/tf-job-operator/overlays/application + - ../../katib/installs/katib-standalone-ibm + - ../../seldon/seldon-core-operator/overlays/application +configMapGenerator: +- name: pipeline-mysql-parameters + behavior: merge + literals: + - mysqlPvcName=mysql-pv-claim +- name: pipeline-minio-parameters + behavior: merge + literals: + - minioPvcName=minio-pv-claim +- name: workflow-controller-parameters + behavior: merge + literals: + - containerRuntimeExecutor=pns +- name: profiles-config + behavior: merge + literals: + - admin=example@kubeflow.org +- name: kubeflow-config + envs: + - ./config/params.env +vars: +# We need to define vars at the top level otherwise we will get +# conflicts. +- fieldref: + fieldPath: data.clusterDomain + name: clusterDomain + objref: + apiVersion: v1 + kind: ConfigMap + name: kubeflow-config +- fieldref: + fieldPath: metadata.namespace + name: namespace + objref: + apiVersion: v1 + kind: ConfigMap + name: kubeflow-config +- fieldref: + fieldpath: metadata.namespace + name: katib-ui-namespace + objref: + kind: Service + name: katib-ui + apiVersion: v1 diff --git a/tests/stacks/ibm/application/add-anonymous-user-filter/kustomize_test.go b/tests/stacks/ibm/application/add-anonymous-user-filter/kustomize_test.go new file mode 100644 index 000000000..462d9f4d5 --- /dev/null +++ b/tests/stacks/ibm/application/add-anonymous-user-filter/kustomize_test.go @@ -0,0 +1,15 @@ +package add_anonymous_user_filter + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/ibm/application/add-anonymous-user-filter", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/add-anonymous-user-filter/test_data/expected/networking.istio.io_v1alpha3_envoyfilter_add-user-filter.yaml b/tests/stacks/ibm/application/add-anonymous-user-filter/test_data/expected/networking.istio.io_v1alpha3_envoyfilter_add-user-filter.yaml new file mode 100644 index 000000000..2dc41b322 --- /dev/null +++ b/tests/stacks/ibm/application/add-anonymous-user-filter/test_data/expected/networking.istio.io_v1alpha3_envoyfilter_add-user-filter.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: EnvoyFilter +metadata: + name: add-user-filter + namespace: istio-system +spec: + filters: + - filterConfig: + inlineCode: | + function envoy_on_request(request_handle) + request_handle:headers():add("kubeflow-userid","anonymous@kubeflow.org") + end + filterName: envoy.lua + filterType: HTTP + insertPosition: + index: FIRST + listenerMatch: + listenerType: GATEWAY + workloadLabels: + app: istio-ingressgateway diff --git a/tests/stacks/ibm/application/bootstrap/kustomize_test.go b/tests/stacks/ibm/application/bootstrap/kustomize_test.go new file mode 100644 index 000000000..670016e93 --- /dev/null +++ b/tests/stacks/ibm/application/bootstrap/kustomize_test.go @@ -0,0 +1,15 @@ +package bootstrap + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/ibm/application/bootstrap", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/bootstrap/test_data/expected/app.k8s.io_v1beta1_application_bootstrap.yaml b/tests/stacks/ibm/application/bootstrap/test_data/expected/app.k8s.io_v1beta1_application_bootstrap.yaml new file mode 100644 index 000000000..0d1f76622 --- /dev/null +++ b/tests/stacks/ibm/application/bootstrap/test_data/expected/app.k8s.io_v1beta1_application_bootstrap.yaml @@ -0,0 +1,37 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: bootstrap + app.kubernetes.io/name: bootstrap + name: bootstrap + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: StatefulSet + - group: core + kind: ServiceAccount + descriptor: + description: Bootstraps the admission-webhook controller + keywords: + - admission-webhook + - kubeflow + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/admission-webhook + maintainers: [] + owners: [] + type: bootstrap + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: bootstrap + app.kubernetes.io/instance: bootstrap-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: bootstrap + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/ibm/application/bootstrap/test_data/expected/apps_v1_statefulset_admission-webhook-bootstrap-stateful-set.yaml b/tests/stacks/ibm/application/bootstrap/test_data/expected/apps_v1_statefulset_admission-webhook-bootstrap-stateful-set.yaml new file mode 100644 index 000000000..876f92fe6 --- /dev/null +++ b/tests/stacks/ibm/application/bootstrap/test_data/expected/apps_v1_statefulset_admission-webhook-bootstrap-stateful-set.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: bootstrap + app.kubernetes.io/name: bootstrap + kustomize.component: admission-webhook-bootstrap + name: admission-webhook-bootstrap-stateful-set + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: bootstrap + app.kubernetes.io/name: bootstrap + kustomize.component: admission-webhook-bootstrap + serviceName: service + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: bootstrap + app.kubernetes.io/name: bootstrap + kustomize.component: admission-webhook-bootstrap + spec: + containers: + - command: + - sh + - /var/webhook-config/create_ca.sh + image: gcr.io/kubeflow-images-public/ingress-setup:latest + name: bootstrap + volumeMounts: + - mountPath: /var/webhook-config/ + name: admission-webhook-config + restartPolicy: Always + serviceAccountName: admission-webhook-bootstrap-service-account + volumes: + - configMap: + name: admission-webhook-bootstrap-config-map + name: admission-webhook-config + volumeClaimTemplates: [] diff --git a/tests/stacks/ibm/application/bootstrap/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_admission-webhook-bootstrap-cluster-role.yaml b/tests/stacks/ibm/application/bootstrap/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_admission-webhook-bootstrap-cluster-role.yaml new file mode 100644 index 000000000..2289f1f76 --- /dev/null +++ b/tests/stacks/ibm/application/bootstrap/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_admission-webhook-bootstrap-cluster-role.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: bootstrap + app.kubernetes.io/name: bootstrap + kustomize.component: admission-webhook-bootstrap + name: admission-webhook-bootstrap-cluster-role +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + verbs: + - list + - delete diff --git a/tests/stacks/ibm/application/bootstrap/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_admission-webhook-bootstrap-cluster-role-binding.yaml b/tests/stacks/ibm/application/bootstrap/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_admission-webhook-bootstrap-cluster-role-binding.yaml new file mode 100644 index 000000000..3dc6fb186 --- /dev/null +++ b/tests/stacks/ibm/application/bootstrap/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_admission-webhook-bootstrap-cluster-role-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: bootstrap + app.kubernetes.io/name: bootstrap + kustomize.component: admission-webhook-bootstrap + name: admission-webhook-bootstrap-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: admission-webhook-bootstrap-cluster-role +subjects: +- kind: ServiceAccount + name: admission-webhook-bootstrap-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/application/bootstrap/test_data/expected/~g_v1_configmap_admission-webhook-bootstrap-config-map.yaml b/tests/stacks/ibm/application/bootstrap/test_data/expected/~g_v1_configmap_admission-webhook-bootstrap-config-map.yaml new file mode 100644 index 000000000..26aece64f --- /dev/null +++ b/tests/stacks/ibm/application/bootstrap/test_data/expected/~g_v1_configmap_admission-webhook-bootstrap-config-map.yaml @@ -0,0 +1,139 @@ +apiVersion: v1 +data: + create_ca.sh: | + #!/bin/bash + + set -e + + usage() { + cat <> ${tmpdir}/csr.conf + [req] + req_extensions = v3_req + distinguished_name = req_distinguished_name + [req_distinguished_name] + [ v3_req ] + basicConstraints = CA:FALSE + keyUsage = nonRepudiation, digitalSignature, keyEncipherment + extendedKeyUsage = serverAuth + subjectAltName = @alt_names + [alt_names] + DNS.1 = ${service} + DNS.2 = ${service}.${namespace} + DNS.3 = ${service}.${namespace}.svc + EOF + + openssl genrsa -out ${tmpdir}/server-key.pem 2048 + openssl req -new -key ${tmpdir}/server-key.pem -subj "/CN=${service}.${namespace}.svc" -out ${tmpdir}/server.csr -config ${tmpdir}/csr.conf + + # Self sign + openssl x509 -req -days 365 -in ${tmpdir}/server.csr -CA ${tmpdir}/self_ca.crt -CAkey ${tmpdir}/self_ca.key -CAcreateserial -out ${tmpdir}/server-cert.pem + + # create the secret with CA cert and server cert/key + kubectl create secret generic ${secret} \ + --from-file=key.pem=${tmpdir}/server-key.pem \ + --from-file=cert.pem=${tmpdir}/server-cert.pem \ + --dry-run -o yaml | + kubectl -n ${namespace} apply -f - + + # Webhook pod needs to be restarted so that the service reload the secret + # http://github.com/kueflow/kubeflow/issues/3227 + webhookPod=$(kubectl get pods -n ${namespace} |grep ${webhookDeploymentName} |awk '{print $1;}') + # ignore error if webhook pod does not exist + kubectl delete pod ${webhookPod} 2>/dev/null || true + echo "webhook ${webhookPod} is restarted to utilize the new secret" + + cat ${tmpdir}/self_ca.crt + + # -a means base64 encode + caBundle=$(cat ${tmpdir}/self_ca.crt | openssl enc -a -A) + echo ${caBundle} + + patchString='[{"op": "replace", "path": "/webhooks/0/clientConfig/caBundle", "value":"{{CA_BUNDLE}}"}]' + patchString=$(echo ${patchString} | sed "s|{{CA_BUNDLE}}|${caBundle}|g") + echo ${patchString} + + checkWebhookConfig() { + currentBundle=$(kubectl get mutatingwebhookconfigurations -n ${namespace} ${mutatingWebhookConfigName} -o jsonpath='{.webhooks[0].clientConfig.caBundle}') + [[ "$currentBundle" == "$caBundle" ]] + } + + while true; do + if ! checkWebhookConfig; then + echo "patching ca bundle for webhook configuration..." + kubectl patch mutatingwebhookconfiguration ${mutatingWebhookConfigName} \ + --type='json' -p="${patchString}" + fi + sleep 10 + done + namespace: kubeflow + webhookNamePrefix: admission-webhook- +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/component: bootstrap + app.kubernetes.io/name: bootstrap + kustomize.component: admission-webhook-bootstrap + name: admission-webhook-bootstrap-config-map + namespace: kubeflow diff --git a/tests/stacks/ibm/application/bootstrap/test_data/expected/~g_v1_serviceaccount_admission-webhook-bootstrap-service-account.yaml b/tests/stacks/ibm/application/bootstrap/test_data/expected/~g_v1_serviceaccount_admission-webhook-bootstrap-service-account.yaml new file mode 100644 index 000000000..7b5e169df --- /dev/null +++ b/tests/stacks/ibm/application/bootstrap/test_data/expected/~g_v1_serviceaccount_admission-webhook-bootstrap-service-account.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: bootstrap + app.kubernetes.io/name: bootstrap + kustomize.component: admission-webhook-bootstrap + name: admission-webhook-bootstrap-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/application/cert-manager-crds/kustomize_test.go b/tests/stacks/ibm/application/cert-manager-crds/kustomize_test.go new file mode 100644 index 000000000..77624165c --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager-crds/kustomize_test.go @@ -0,0 +1,15 @@ +package cert_manager_crds + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/ibm/application/cert-manager-crds", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificaterequests.cert-manager.io.yaml b/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificaterequests.cert-manager.io.yaml new file mode 100644 index 000000000..0b81ee91e --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificaterequests.cert-manager.io.yaml @@ -0,0 +1,181 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: certificaterequests.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + group: cert-manager.io + names: + kind: CertificateRequest + listKind: CertificateRequestList + plural: certificaterequests + shortNames: + - cr + - crs + singular: certificaterequest + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: CertificateRequest is a type to represent a Certificate Signing + Request + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CertificateRequestSpec defines the desired state of CertificateRequest + properties: + csr: + description: Byte slice containing the PEM encoded CertificateSigningRequest + format: byte + type: string + duration: + description: Requested certificate default Duration + type: string + isCA: + description: IsCA will mark the resulting certificate as valid for signing. + This implies that the 'cert sign' usage is set + type: boolean + issuerRef: + description: IssuerRef is a reference to the issuer for this CertificateRequest. If + the 'kind' field is not set, or set to 'Issuer', an Issuer resource + with the given name in the same namespace as the CertificateRequest + will be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer + with the provided name will be used. The 'name' field in this stanza + is required at all times. The group field refers to the API group + of the issuer which defaults to 'cert-manager.io' if empty. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + usages: + description: Usages is the set of x509 actions that are enabled for + a given key. Defaults are ('digital signature', 'key encipherment') + if empty + items: + description: 'KeyUsage specifies valid usage contexts for keys. See: + https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12' + enum: + - signing + - digital signature + - content commitment + - key encipherment + - key agreement + - data encipherment + - cert sign + - crl sign + - encipher only + - decipher only + - any + - server auth + - client auth + - code signing + - email protection + - s/mime + - ipsec end system + - ipsec tunnel + - ipsec user + - timestamping + - ocsp signing + - microsoft sgc + - netscape sgc + type: string + type: array + required: + - issuerRef + type: object + status: + description: CertificateStatus defines the observed state of CertificateRequest + and resulting signed certificate. + properties: + ca: + description: Byte slice containing the PEM encoded certificate authority + of the signed certificate. + format: byte + type: string + certificate: + description: Byte slice containing a PEM encoded signed certificate + resulting from the given certificate signing request. + format: byte + type: string + conditions: + items: + description: CertificateRequestCondition contains condition information + for a CertificateRequest. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + failureTime: + description: FailureTime stores the time that this CertificateRequest + failed. This is used to influence garbage collection and back-off. + format: date-time + type: string + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.cert-manager.io.yaml b/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.cert-manager.io.yaml new file mode 100644 index 000000000..6a46d9446 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.cert-manager.io.yaml @@ -0,0 +1,235 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: certificates.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .spec.secretName + name: Secret + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + group: cert-manager.io + names: + kind: Certificate + listKind: CertificateList + plural: certificates + shortNames: + - cert + - certs + singular: certificate + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: Certificate is a type to represent a Certificate from ACME + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CertificateSpec defines the desired state of Certificate. A + valid Certificate requires at least one of a CommonName, DNSName, or URISAN + to be valid. + properties: + commonName: + description: CommonName is a common name to be used on the Certificate. + The CommonName should have a length of 64 characters or fewer to avoid + generating invalid CSRs. + type: string + dnsNames: + description: DNSNames is a list of subject alt names to be used on the + Certificate. + items: + type: string + type: array + duration: + description: Certificate default Duration + type: string + ipAddresses: + description: IPAddresses is a list of IP addresses to be used on the + Certificate + items: + type: string + type: array + isCA: + description: IsCA will mark this Certificate as valid for signing. This + implies that the 'cert sign' usage is set + type: boolean + issuerRef: + description: IssuerRef is a reference to the issuer for this certificate. + If the 'kind' field is not set, or set to 'Issuer', an Issuer resource + with the given name in the same namespace as the Certificate will + be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer + with the provided name will be used. The 'name' field in this stanza + is required at all times. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + keyAlgorithm: + description: KeyAlgorithm is the private key algorithm of the corresponding + private key for this certificate. If provided, allowed values are + either "rsa" or "ecdsa" If KeyAlgorithm is specified and KeySize is + not provided, key size of 256 will be used for "ecdsa" key algorithm + and key size of 2048 will be used for "rsa" key algorithm. + enum: + - rsa + - ecdsa + type: string + keyEncoding: + description: KeyEncoding is the private key cryptography standards (PKCS) + for this certificate's private key to be encoded in. If provided, + allowed values are "pkcs1" and "pkcs8" standing for PKCS#1 and PKCS#8, + respectively. If KeyEncoding is not specified, then PKCS#1 will be + used by default. + enum: + - pkcs1 + - pkcs8 + type: string + keySize: + description: KeySize is the key bit size of the corresponding private + key for this certificate. If provided, value must be between 2048 + and 8192 inclusive when KeyAlgorithm is empty or is set to "rsa", + and value must be one of (256, 384, 521) when KeyAlgorithm is set + to "ecdsa". + type: integer + organization: + description: Organization is the organization to be used on the Certificate + items: + type: string + type: array + renewBefore: + description: Certificate renew before expiration duration + type: string + secretName: + description: SecretName is the name of the secret resource to store + this secret in + type: string + uriSANs: + description: URISANs is a list of URI Subject Alternative Names to be + set on this Certificate. + items: + type: string + type: array + usages: + description: Usages is the set of x509 actions that are enabled for + a given key. Defaults are ('digital signature', 'key encipherment') + if empty + items: + description: 'KeyUsage specifies valid usage contexts for keys. See: + https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12' + enum: + - signing + - digital signature + - content commitment + - key encipherment + - key agreement + - data encipherment + - cert sign + - crl sign + - encipher only + - decipher only + - any + - server auth + - client auth + - code signing + - email protection + - s/mime + - ipsec end system + - ipsec tunnel + - ipsec user + - timestamping + - ocsp signing + - microsoft sgc + - netscape sgc + type: string + type: array + required: + - issuerRef + - secretName + type: object + status: + description: CertificateStatus defines the observed state of Certificate + properties: + conditions: + items: + description: CertificateCondition contains condition information for + an Certificate. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + lastFailureTime: + format: date-time + type: string + notAfter: + description: The expiration time of the certificate stored in the secret + named by this resource in spec.secretName. + format: date-time + type: string + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.acme.cert-manager.io.yaml b/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.acme.cert-manager.io.yaml new file mode 100644 index 000000000..32c452b7c --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.acme.cert-manager.io.yaml @@ -0,0 +1,1369 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: challenges.acme.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: State + type: string + - JSONPath: .spec.dnsName + name: Domain + type: string + - JSONPath: .status.reason + name: Reason + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + group: acme.cert-manager.io + names: + kind: Challenge + listKind: ChallengeList + plural: challenges + singular: challenge + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: Challenge is a type to represent a Challenge request with an ACME + server + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authzURL: + description: AuthzURL is the URL to the ACME Authorization resource + that this challenge is a part of. + type: string + dnsName: + description: DNSName is the identifier that this challenge is for, e.g. + example.com. + type: string + issuerRef: + description: IssuerRef references a properly configured ACME-type Issuer + which should be used to create this Challenge. If the Issuer does + not exist, processing will be retried. If the Issuer is not an 'ACME' + Issuer, an error will be returned and the Challenge will be marked + as failed. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + key: + description: Key is the ACME challenge key for this challenge + type: string + solver: + description: Solver contains the domain solving configuration that should + be used to solve this challenge resource. Only **one** of 'config' + or 'solver' may be specified, and if both are specified then no action + will be performed on the Challenge resource. + properties: + dns01: + properties: + acmedns: + description: ACMEIssuerDNS01ProviderAcmeDNS is a structure containing + the configuration for ACME-DNS servers + properties: + accountSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + host: + type: string + required: + - accountSecretRef + - host + type: object + akamai: + description: ACMEIssuerDNS01ProviderAkamai is a structure containing + the DNS configuration for Akamai DNS—Zone Record Management + API + properties: + accessTokenSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + clientTokenSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + serviceConsumerDomain: + type: string + required: + - accessTokenSecretRef + - clientSecretSecretRef + - clientTokenSecretRef + - serviceConsumerDomain + type: object + azuredns: + description: ACMEIssuerDNS01ProviderAzureDNS is a structure + containing the configuration for Azure DNS + properties: + clientID: + type: string + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + environment: + enum: + - AzurePublicCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureUSGovernmentCloud + type: string + hostedZoneName: + type: string + resourceGroupName: + type: string + subscriptionID: + type: string + tenantID: + type: string + required: + - clientID + - clientSecretSecretRef + - resourceGroupName + - subscriptionID + - tenantID + type: object + clouddns: + description: ACMEIssuerDNS01ProviderCloudDNS is a structure + containing the DNS configuration for Google Cloud DNS + properties: + project: + type: string + serviceAccountSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - project + - serviceAccountSecretRef + type: object + cloudflare: + description: ACMEIssuerDNS01ProviderCloudflare is a structure + containing the DNS configuration for Cloudflare + properties: + apiKeySecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + email: + type: string + required: + - apiKeySecretRef + - email + type: object + cnameStrategy: + description: CNAMEStrategy configures how the DNS01 provider + should handle CNAME records when found in DNS zones. + enum: + - None + - Follow + type: string + digitalocean: + description: ACMEIssuerDNS01ProviderDigitalOcean is a structure + containing the DNS configuration for DigitalOcean Domains + properties: + tokenSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - tokenSecretRef + type: object + rfc2136: + description: ACMEIssuerDNS01ProviderRFC2136 is a structure containing + the configuration for RFC2136 DNS + properties: + nameserver: + description: 'The IP address of the DNS supporting RFC2136. + Required. Note: FQDN is not a valid value, only IP.' + type: string + tsigAlgorithm: + description: 'The TSIG Algorithm configured in the DNS supporting + RFC2136. Used only when ""tsigSecretSecretRef"" and ""tsigKeyName"" + are defined. Supported values are (case-insensitive): + ""HMACMD5"" (default), ""HMACSHA1"", ""HMACSHA256"" or + ""HMACSHA512"".' + type: string + tsigKeyName: + description: The TSIG Key name configured in the DNS. If + ""tsigSecretSecretRef"" is defined, this field is required. + type: string + tsigSecretSecretRef: + description: The name of the secret containing the TSIG + value. If ""tsigKeyName"" is defined, this field is required. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - nameserver + type: object + route53: + description: ACMEIssuerDNS01ProviderRoute53 is a structure containing + the Route 53 configuration for AWS + properties: + accessKeyID: + description: 'The AccessKeyID is used for authentication. + If not set we fall-back to using env vars, shared credentials + file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + type: string + hostedZoneID: + description: If set, the provider will manage only this + zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName + api call. + type: string + region: + description: Always set the region when using AccessKeyID + and SecretAccessKey + type: string + role: + description: Role is a Role ARN which the Route53 provider + will assume using either the explicit credentials AccessKeyID/SecretAccessKey + or the inferred credentials from environment variables, + shared credentials file or AWS Instance metadata + type: string + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication. + If not set we fall-back to using env vars, shared credentials + file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - region + type: object + webhook: + description: ACMEIssuerDNS01ProviderWebhook specifies configuration + for a webhook DNS01 provider, including where to POST ChallengePayload + resources. + properties: + config: + description: Additional configuration that should be passed + to the webhook apiserver when challenges are processed. + This can contain arbitrary JSON data. Secret values should + not be specified in this stanza. If secret values are + needed (e.g. credentials for a DNS service), you should + use a SecretKeySelector to reference a Secret resource. + For details on the schema of this field, consult the webhook + provider implementation's documentation. + x-kubernetes-preserve-unknown-fields: true + groupName: + description: The API group name that should be used when + POSTing ChallengePayload resources to the webhook apiserver. + This should be the same as the GroupName specified in + the webhook provider implementation. + type: string + solverName: + description: The name of the solver to use, as defined in + the webhook provider implementation. This will typically + be the name of the provider, e.g. 'cloudflare'. + type: string + required: + - groupName + - solverName + type: object + type: object + http01: + description: ACMEChallengeSolverHTTP01 contains configuration detailing + how to solve HTTP01 challenges within a Kubernetes cluster. Typically + this is accomplished through creating 'routes' of some description + that configure ingress controllers to direct traffic to 'solver + pods', which are responsible for responding to the ACME server's + HTTP requests. + properties: + ingress: + description: The ingress based HTTP01 challenge solver will + solve challenges by creating or modifying Ingress resources + in order to route requests for '/.well-known/acme-challenge/XYZ' + to 'challenge solver' pods that are provisioned by cert-manager + for each Challenge to be completed. + properties: + class: + description: The ingress class to use when creating Ingress + resources to solve ACME challenges that use this challenge + solver. Only one of 'class' or 'name' may be specified. + type: string + name: + description: The name of the ingress resource that should + have ACME challenge solving routes inserted into it in + order to solve HTTP01 challenges. This is typically used + in conjunction with ingress controllers like ingress-gce, + which maintains a 1:1 mapping between external IPs and + ingress resources. + type: string + podTemplate: + description: Optional pod template used to configure the + ACME challenge solver pods used for HTTP01 challenges + properties: + metadata: + description: ObjectMeta overrides for the pod used to + solve HTTP01 challenges. Only the 'labels' and 'annotations' + fields may be set. If labels or annotations overlap + with in-built values, the values here will override + the in-built values. + type: object + spec: + description: PodSpec defines overrides for the HTTP01 + challenge solver pod. Only the 'nodeSelector', 'affinity' + and 'tolerations' fields are supported currently. + All other fields will be ignored. + properties: + affinity: + description: If specified, the pod's scheduling + constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with + the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a + sum by iterating through the elements + of this field and adding "weight" to the + sum if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no + objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, + associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to an update), the system may or may + not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with + the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a + sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches + the corresponding podAffinityTerm; the + node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there are + multiple elements, the lists of nodes + corresponding to each podAffinityTerm + are intersected, i.e. all terms must be + satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); null + or empty list means "this pod's + namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by + this field, but it may choose a node that + violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of the + scheduling requirements (resource request, + requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and + adding "weight" to the sum if the node + has pods which matches the corresponding + podAffinityTerm; the node(s) with the + highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there are + multiple elements, the lists of nodes + corresponding to each podAffinityTerm + are intersected, i.e. all terms must be + satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); null + or empty list means "this pod's + namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must + be true for the pod to fit on a node. Selector + which must match a node''s labels for the pod + to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the + toleration applies to. Empty means match + all taint keys. If the key is empty, operator + must be Exists; this combination means to + match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists + and Equal. Defaults to Equal. Exists is + equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By + default, it is not set, which means tolerate + the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the + toleration matches to. If the operator is + Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + type: object + type: object + serviceType: + description: Optional service type for Kubernetes solver + service + type: string + type: object + type: object + selector: + description: Selector selects a set of DNSNames on the Certificate + resource that should be solved using this challenge solver. + properties: + dnsNames: + description: List of DNSNames that this solver will be used + to solve. If specified and a match is found, a dnsNames selector + will take precedence over a dnsZones selector. If multiple + solvers match with the same dnsNames value, the solver with + the most matching labels in matchLabels will be selected. + If neither has more matches, the solver defined earlier in + the list will be selected. + items: + type: string + type: array + dnsZones: + description: List of DNSZones that this solver will be used + to solve. The most specific DNS zone match specified here + will take precedence over other DNS zone matches, so a solver + specifying sys.example.com will be selected over one specifying + example.com for the domain www.sys.example.com. If multiple + solvers match with the same dnsZones value, the solver with + the most matching labels in matchLabels will be selected. + If neither has more matches, the solver defined earlier in + the list will be selected. + items: + type: string + type: array + matchLabels: + additionalProperties: + type: string + description: A label selector that is used to refine the set + of certificate's that this challenge solver will apply to. + type: object + type: object + type: object + token: + description: Token is the ACME challenge token for this challenge. + type: string + type: + description: Type is the type of ACME challenge this resource represents, + e.g. "dns01" or "http01" + type: string + url: + description: URL is the URL of the ACME Challenge resource for this + challenge. This can be used to lookup details about the status of + this challenge. + type: string + wildcard: + description: Wildcard will be true if this challenge is for a wildcard + identifier, for example '*.example.com' + type: boolean + required: + - authzURL + - dnsName + - issuerRef + - key + - token + - type + - url + type: object + status: + properties: + presented: + description: Presented will be set to true if the challenge values for + this challenge are currently 'presented'. This *does not* imply the + self check is passing. Only that the values have been 'submitted' + for the appropriate challenge mechanism (i.e. the DNS01 TXT record + has been presented, or the HTTP01 configuration has been configured). + type: boolean + processing: + description: Processing is used to denote whether this challenge should + be processed or not. This field will only be set to true by the 'scheduling' + component. It will only be set to false by the 'challenges' controller, + after the challenge has reached a final state or timed out. If this + field is set to false, the challenge controller will not take any + more action. + type: boolean + reason: + description: Reason contains human readable information on why the Challenge + is in the current state. + type: string + state: + description: State contains the current 'state' of the challenge. If + not set, the state of the challenge is unknown. + enum: + - valid + - ready + - pending + - processing + - invalid + - expired + - errored + type: string + type: object + required: + - metadata + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.cert-manager.io.yaml b/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.cert-manager.io.yaml new file mode 100644 index 000000000..7691a8e2f --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.cert-manager.io.yaml @@ -0,0 +1,1655 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterissuers.cert-manager.io +spec: + group: cert-manager.io + names: + kind: ClusterIssuer + listKind: ClusterIssuerList + plural: clusterissuers + singular: clusterissuer + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IssuerSpec is the specification of an Issuer. This includes + any configuration required for the issuer. + properties: + acme: + description: ACMEIssuer contains the specification for an ACME issuer + properties: + email: + description: Email is the email for this account + type: string + privateKeySecretRef: + description: PrivateKey is the name of a secret containing the private + key for this user account. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + server: + description: Server is the ACME server URL + type: string + skipTLSVerify: + description: If true, skip verifying the ACME server TLS certificate + type: boolean + solvers: + description: Solvers is a list of challenge solvers that will be + used to solve ACME challenges for the matching domains. + items: + properties: + dns01: + properties: + acmedns: + description: ACMEIssuerDNS01ProviderAcmeDNS is a structure + containing the configuration for ACME-DNS servers + properties: + accountSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + host: + type: string + required: + - accountSecretRef + - host + type: object + akamai: + description: ACMEIssuerDNS01ProviderAkamai is a structure + containing the DNS configuration for Akamai DNS—Zone + Record Management API + properties: + accessTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + clientTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + serviceConsumerDomain: + type: string + required: + - accessTokenSecretRef + - clientSecretSecretRef + - clientTokenSecretRef + - serviceConsumerDomain + type: object + azuredns: + description: ACMEIssuerDNS01ProviderAzureDNS is a structure + containing the configuration for Azure DNS + properties: + clientID: + type: string + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + environment: + enum: + - AzurePublicCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureUSGovernmentCloud + type: string + hostedZoneName: + type: string + resourceGroupName: + type: string + subscriptionID: + type: string + tenantID: + type: string + required: + - clientID + - clientSecretSecretRef + - resourceGroupName + - subscriptionID + - tenantID + type: object + clouddns: + description: ACMEIssuerDNS01ProviderCloudDNS is a structure + containing the DNS configuration for Google Cloud DNS + properties: + project: + type: string + serviceAccountSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - project + - serviceAccountSecretRef + type: object + cloudflare: + description: ACMEIssuerDNS01ProviderCloudflare is a structure + containing the DNS configuration for Cloudflare + properties: + apiKeySecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + email: + type: string + required: + - apiKeySecretRef + - email + type: object + cnameStrategy: + description: CNAMEStrategy configures how the DNS01 provider + should handle CNAME records when found in DNS zones. + enum: + - None + - Follow + type: string + digitalocean: + description: ACMEIssuerDNS01ProviderDigitalOcean is a + structure containing the DNS configuration for DigitalOcean + Domains + properties: + tokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - tokenSecretRef + type: object + rfc2136: + description: ACMEIssuerDNS01ProviderRFC2136 is a structure + containing the configuration for RFC2136 DNS + properties: + nameserver: + description: 'The IP address of the DNS supporting + RFC2136. Required. Note: FQDN is not a valid value, + only IP.' + type: string + tsigAlgorithm: + description: 'The TSIG Algorithm configured in the + DNS supporting RFC2136. Used only when ""tsigSecretSecretRef"" + and ""tsigKeyName"" are defined. Supported values + are (case-insensitive): ""HMACMD5"" (default), ""HMACSHA1"", + ""HMACSHA256"" or ""HMACSHA512"".' + type: string + tsigKeyName: + description: The TSIG Key name configured in the DNS. + If ""tsigSecretSecretRef"" is defined, this field + is required. + type: string + tsigSecretSecretRef: + description: The name of the secret containing the + TSIG value. If ""tsigKeyName"" is defined, this + field is required. + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - nameserver + type: object + route53: + description: ACMEIssuerDNS01ProviderRoute53 is a structure + containing the Route 53 configuration for AWS + properties: + accessKeyID: + description: 'The AccessKeyID is used for authentication. + If not set we fall-back to using env vars, shared + credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + type: string + hostedZoneID: + description: If set, the provider will manage only + this zone in Route53 and will not do an lookup using + the route53:ListHostedZonesByName api call. + type: string + region: + description: Always set the region when using AccessKeyID + and SecretAccessKey + type: string + role: + description: Role is a Role ARN which the Route53 + provider will assume using either the explicit credentials + AccessKeyID/SecretAccessKey or the inferred credentials + from environment variables, shared credentials file + or AWS Instance metadata + type: string + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication. + If not set we fall-back to using env vars, shared + credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - region + type: object + webhook: + description: ACMEIssuerDNS01ProviderWebhook specifies + configuration for a webhook DNS01 provider, including + where to POST ChallengePayload resources. + properties: + config: + description: Additional configuration that should + be passed to the webhook apiserver when challenges + are processed. This can contain arbitrary JSON data. + Secret values should not be specified in this stanza. + If secret values are needed (e.g. credentials for + a DNS service), you should use a SecretKeySelector + to reference a Secret resource. For details on the + schema of this field, consult the webhook provider + implementation's documentation. + x-kubernetes-preserve-unknown-fields: true + groupName: + description: The API group name that should be used + when POSTing ChallengePayload resources to the webhook + apiserver. This should be the same as the GroupName + specified in the webhook provider implementation. + type: string + solverName: + description: The name of the solver to use, as defined + in the webhook provider implementation. This will + typically be the name of the provider, e.g. 'cloudflare'. + type: string + required: + - groupName + - solverName + type: object + type: object + http01: + description: ACMEChallengeSolverHTTP01 contains configuration + detailing how to solve HTTP01 challenges within a Kubernetes + cluster. Typically this is accomplished through creating + 'routes' of some description that configure ingress controllers + to direct traffic to 'solver pods', which are responsible + for responding to the ACME server's HTTP requests. + properties: + ingress: + description: The ingress based HTTP01 challenge solver + will solve challenges by creating or modifying Ingress + resources in order to route requests for '/.well-known/acme-challenge/XYZ' + to 'challenge solver' pods that are provisioned by cert-manager + for each Challenge to be completed. + properties: + class: + description: The ingress class to use when creating + Ingress resources to solve ACME challenges that + use this challenge solver. Only one of 'class' or + 'name' may be specified. + type: string + name: + description: The name of the ingress resource that + should have ACME challenge solving routes inserted + into it in order to solve HTTP01 challenges. This + is typically used in conjunction with ingress controllers + like ingress-gce, which maintains a 1:1 mapping + between external IPs and ingress resources. + type: string + podTemplate: + description: Optional pod template used to configure + the ACME challenge solver pods used for HTTP01 challenges + properties: + metadata: + description: ObjectMeta overrides for the pod + used to solve HTTP01 challenges. Only the 'labels' + and 'annotations' fields may be set. If labels + or annotations overlap with in-built values, + the values here will override the in-built values. + type: object + spec: + description: PodSpec defines overrides for the + HTTP01 challenge solver pod. Only the 'nodeSelector', + 'affinity' and 'tolerations' fields are supported + currently. All other fields will be ignored. + properties: + affinity: + description: If specified, the pod's scheduling + constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node matches the + corresponding matchExpressions; + the node(s) with the highest sum + are the most preferred. + items: + description: An empty preferred + scheduling term matches all objects + with implicit weight 0 (i.e. it's + a no-op). A null preferred scheduling + term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector + term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node + selector requirements + by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements + by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated + with matching the corresponding + nodeSelectorTerm, in the range + 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not + met at scheduling time, the pod + will not be scheduled onto the node. + If the affinity requirements specified + by this field cease to be met at + some point during pod execution + (e.g. due to an update), the system + may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list + of node selector terms. The + terms are ORed. + items: + description: A null or empty + node selector term matches + no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of + the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements + by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements + by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the + same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node has pods + which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all + of the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod + affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces + specifies which namespaces + the labelSelector applies + to (matches against); + null or empty list means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching + the labelSelector in the + specified namespaces, + where co-located is defined + as running on a node whose + value of the label with + key topologyKey matches + that of any node on which + any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not + met at scheduling time, the pod + will not be scheduled onto the node. + If the affinity requirements specified + by this field cease to be met at + some point during pod execution + (e.g. due to a pod label update), + the system may or may not try to + eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding + to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity + scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + anti-affinity expressions, etc.), + compute a sum by iterating through + the elements of this field and adding + "weight" to the sum if the node + has pods which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all + of the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod + affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces + specifies which namespaces + the labelSelector applies + to (matches against); + null or empty list means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching + the labelSelector in the + specified namespaces, + where co-located is defined + as running on a node whose + value of the label with + key topologyKey matches + that of any node on which + any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity + requirements specified by this field + are not met at scheduling time, + the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to + be met at some point during pod + execution (e.g. due to a pod label + update), the system may or may not + try to eventually evict the pod + from its node. When there are multiple + elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which + must be true for the pod to fit on a node. + Selector which must match a node''s labels + for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is + attached to tolerates any taint that matches + the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match + all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that + the toleration applies to. Empty means + match all taint keys. If the key is + empty, operator must be Exists; this + combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration + (which must be of effect NoExecute, + otherwise this field is ignored) tolerates + the taint. By default, it is not set, + which means tolerate the taint forever + (do not evict). Zero and negative + values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value + the toleration matches to. If the + operator is Exists, the value should + be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + serviceType: + description: Optional service type for Kubernetes + solver service + type: string + type: object + type: object + selector: + description: Selector selects a set of DNSNames on the Certificate + resource that should be solved using this challenge solver. + properties: + dnsNames: + description: List of DNSNames that this solver will be + used to solve. If specified and a match is found, a + dnsNames selector will take precedence over a dnsZones + selector. If multiple solvers match with the same dnsNames + value, the solver with the most matching labels in matchLabels + will be selected. If neither has more matches, the solver + defined earlier in the list will be selected. + items: + type: string + type: array + dnsZones: + description: List of DNSZones that this solver will be + used to solve. The most specific DNS zone match specified + here will take precedence over other DNS zone matches, + so a solver specifying sys.example.com will be selected + over one specifying example.com for the domain www.sys.example.com. + If multiple solvers match with the same dnsZones value, + the solver with the most matching labels in matchLabels + will be selected. If neither has more matches, the solver + defined earlier in the list will be selected. + items: + type: string + type: array + matchLabels: + additionalProperties: + type: string + description: A label selector that is used to refine the + set of certificate's that this challenge solver will + apply to. + type: object + type: object + type: object + type: array + required: + - privateKeySecretRef + - server + type: object + ca: + properties: + secretName: + description: SecretName is the name of the secret used to sign Certificates + issued by this Issuer. + type: string + required: + - secretName + type: object + selfSigned: + type: object + vault: + properties: + auth: + description: Vault authentication + properties: + appRole: + description: This Secret contains a AppRole and Secret + properties: + path: + description: Where the authentication path is mounted in + Vault. + type: string + roleId: + type: string + secretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - path + - roleId + - secretRef + type: object + kubernetes: + description: This contains a Role and Secret with a ServiceAccount + token to authenticate with vault. + properties: + mountPath: + description: The value here will be used as part of the + path used when authenticating with vault, for example + if you set a value of "foo", the path used will be "/v1/auth/foo/login". + If unspecified, the default value "kubernetes" will be + used. + type: string + role: + description: A required field containing the Vault Role + to assume. A Role binds a Kubernetes ServiceAccount with + a set of Vault policies. + type: string + secretRef: + description: The required Secret field containing a Kubernetes + ServiceAccount JWT used for authenticating with Vault. + Use of 'ambient credentials' is not supported. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - role + - secretRef + type: object + tokenSecretRef: + description: This Secret contains the Vault token key + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + type: object + caBundle: + description: Base64 encoded CA bundle to validate Vault server certificate. + Only used if the Server URL is using HTTPS protocol. This parameter + is ignored for plain HTTP protocol connection. If not set the + system root certificates are used to validate the TLS connection. + format: byte + type: string + path: + description: Vault URL path to the certificate role + type: string + server: + description: Server is the vault connection address + type: string + required: + - auth + - path + - server + type: object + venafi: + description: VenafiIssuer describes issuer configuration details for + Venafi Cloud. + properties: + cloud: + description: Cloud specifies the Venafi cloud configuration settings. + Only one of TPP or Cloud may be specified. + properties: + apiTokenSecretRef: + description: APITokenSecretRef is a secret key selector for + the Venafi Cloud API token. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + url: + description: URL is the base URL for Venafi Cloud + type: string + required: + - apiTokenSecretRef + - url + type: object + tpp: + description: TPP specifies Trust Protection Platform configuration + settings. Only one of TPP or Cloud may be specified. + properties: + caBundle: + description: CABundle is a PEM encoded TLS certifiate to use + to verify connections to the TPP instance. If specified, system + roots will not be used and the issuing CA for the TPP instance + must be verifiable using the provided root. If not specified, + the connection will be verified using the cert-manager system + root certificates. + format: byte + type: string + credentialsRef: + description: CredentialsRef is a reference to a Secret containing + the username and password for the TPP server. The secret must + contain two keys, 'username' and 'password'. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + url: + description: URL is the base URL for the Venafi TPP instance + type: string + required: + - credentialsRef + - url + type: object + zone: + description: Zone is the Venafi Policy Zone to use for this issuer. + All requests made to the Venafi platform will be restricted by + the named zone policy. This field is required. + type: string + required: + - zone + type: object + type: object + status: + description: IssuerStatus contains status information about an Issuer + properties: + acme: + properties: + lastRegisteredEmail: + description: LastRegisteredEmail is the email associated with the + latest registered ACME account, in order to track changes made + to registered account associated with the Issuer + type: string + uri: + description: URI is the unique account identifier, which can also + be used to retrieve account details from the CA + type: string + type: object + conditions: + items: + description: IssuerCondition contains condition information for an + Issuer. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.cert-manager.io.yaml b/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.cert-manager.io.yaml new file mode 100644 index 000000000..d529bff17 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.cert-manager.io.yaml @@ -0,0 +1,1655 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: issuers.cert-manager.io +spec: + group: cert-manager.io + names: + kind: Issuer + listKind: IssuerList + plural: issuers + singular: issuer + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IssuerSpec is the specification of an Issuer. This includes + any configuration required for the issuer. + properties: + acme: + description: ACMEIssuer contains the specification for an ACME issuer + properties: + email: + description: Email is the email for this account + type: string + privateKeySecretRef: + description: PrivateKey is the name of a secret containing the private + key for this user account. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + server: + description: Server is the ACME server URL + type: string + skipTLSVerify: + description: If true, skip verifying the ACME server TLS certificate + type: boolean + solvers: + description: Solvers is a list of challenge solvers that will be + used to solve ACME challenges for the matching domains. + items: + properties: + dns01: + properties: + acmedns: + description: ACMEIssuerDNS01ProviderAcmeDNS is a structure + containing the configuration for ACME-DNS servers + properties: + accountSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + host: + type: string + required: + - accountSecretRef + - host + type: object + akamai: + description: ACMEIssuerDNS01ProviderAkamai is a structure + containing the DNS configuration for Akamai DNS—Zone + Record Management API + properties: + accessTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + clientTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + serviceConsumerDomain: + type: string + required: + - accessTokenSecretRef + - clientSecretSecretRef + - clientTokenSecretRef + - serviceConsumerDomain + type: object + azuredns: + description: ACMEIssuerDNS01ProviderAzureDNS is a structure + containing the configuration for Azure DNS + properties: + clientID: + type: string + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + environment: + enum: + - AzurePublicCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureUSGovernmentCloud + type: string + hostedZoneName: + type: string + resourceGroupName: + type: string + subscriptionID: + type: string + tenantID: + type: string + required: + - clientID + - clientSecretSecretRef + - resourceGroupName + - subscriptionID + - tenantID + type: object + clouddns: + description: ACMEIssuerDNS01ProviderCloudDNS is a structure + containing the DNS configuration for Google Cloud DNS + properties: + project: + type: string + serviceAccountSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - project + - serviceAccountSecretRef + type: object + cloudflare: + description: ACMEIssuerDNS01ProviderCloudflare is a structure + containing the DNS configuration for Cloudflare + properties: + apiKeySecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + email: + type: string + required: + - apiKeySecretRef + - email + type: object + cnameStrategy: + description: CNAMEStrategy configures how the DNS01 provider + should handle CNAME records when found in DNS zones. + enum: + - None + - Follow + type: string + digitalocean: + description: ACMEIssuerDNS01ProviderDigitalOcean is a + structure containing the DNS configuration for DigitalOcean + Domains + properties: + tokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - tokenSecretRef + type: object + rfc2136: + description: ACMEIssuerDNS01ProviderRFC2136 is a structure + containing the configuration for RFC2136 DNS + properties: + nameserver: + description: 'The IP address of the DNS supporting + RFC2136. Required. Note: FQDN is not a valid value, + only IP.' + type: string + tsigAlgorithm: + description: 'The TSIG Algorithm configured in the + DNS supporting RFC2136. Used only when ""tsigSecretSecretRef"" + and ""tsigKeyName"" are defined. Supported values + are (case-insensitive): ""HMACMD5"" (default), ""HMACSHA1"", + ""HMACSHA256"" or ""HMACSHA512"".' + type: string + tsigKeyName: + description: The TSIG Key name configured in the DNS. + If ""tsigSecretSecretRef"" is defined, this field + is required. + type: string + tsigSecretSecretRef: + description: The name of the secret containing the + TSIG value. If ""tsigKeyName"" is defined, this + field is required. + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - nameserver + type: object + route53: + description: ACMEIssuerDNS01ProviderRoute53 is a structure + containing the Route 53 configuration for AWS + properties: + accessKeyID: + description: 'The AccessKeyID is used for authentication. + If not set we fall-back to using env vars, shared + credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + type: string + hostedZoneID: + description: If set, the provider will manage only + this zone in Route53 and will not do an lookup using + the route53:ListHostedZonesByName api call. + type: string + region: + description: Always set the region when using AccessKeyID + and SecretAccessKey + type: string + role: + description: Role is a Role ARN which the Route53 + provider will assume using either the explicit credentials + AccessKeyID/SecretAccessKey or the inferred credentials + from environment variables, shared credentials file + or AWS Instance metadata + type: string + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication. + If not set we fall-back to using env vars, shared + credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - region + type: object + webhook: + description: ACMEIssuerDNS01ProviderWebhook specifies + configuration for a webhook DNS01 provider, including + where to POST ChallengePayload resources. + properties: + config: + description: Additional configuration that should + be passed to the webhook apiserver when challenges + are processed. This can contain arbitrary JSON data. + Secret values should not be specified in this stanza. + If secret values are needed (e.g. credentials for + a DNS service), you should use a SecretKeySelector + to reference a Secret resource. For details on the + schema of this field, consult the webhook provider + implementation's documentation. + x-kubernetes-preserve-unknown-fields: true + groupName: + description: The API group name that should be used + when POSTing ChallengePayload resources to the webhook + apiserver. This should be the same as the GroupName + specified in the webhook provider implementation. + type: string + solverName: + description: The name of the solver to use, as defined + in the webhook provider implementation. This will + typically be the name of the provider, e.g. 'cloudflare'. + type: string + required: + - groupName + - solverName + type: object + type: object + http01: + description: ACMEChallengeSolverHTTP01 contains configuration + detailing how to solve HTTP01 challenges within a Kubernetes + cluster. Typically this is accomplished through creating + 'routes' of some description that configure ingress controllers + to direct traffic to 'solver pods', which are responsible + for responding to the ACME server's HTTP requests. + properties: + ingress: + description: The ingress based HTTP01 challenge solver + will solve challenges by creating or modifying Ingress + resources in order to route requests for '/.well-known/acme-challenge/XYZ' + to 'challenge solver' pods that are provisioned by cert-manager + for each Challenge to be completed. + properties: + class: + description: The ingress class to use when creating + Ingress resources to solve ACME challenges that + use this challenge solver. Only one of 'class' or + 'name' may be specified. + type: string + name: + description: The name of the ingress resource that + should have ACME challenge solving routes inserted + into it in order to solve HTTP01 challenges. This + is typically used in conjunction with ingress controllers + like ingress-gce, which maintains a 1:1 mapping + between external IPs and ingress resources. + type: string + podTemplate: + description: Optional pod template used to configure + the ACME challenge solver pods used for HTTP01 challenges + properties: + metadata: + description: ObjectMeta overrides for the pod + used to solve HTTP01 challenges. Only the 'labels' + and 'annotations' fields may be set. If labels + or annotations overlap with in-built values, + the values here will override the in-built values. + type: object + spec: + description: PodSpec defines overrides for the + HTTP01 challenge solver pod. Only the 'nodeSelector', + 'affinity' and 'tolerations' fields are supported + currently. All other fields will be ignored. + properties: + affinity: + description: If specified, the pod's scheduling + constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node matches the + corresponding matchExpressions; + the node(s) with the highest sum + are the most preferred. + items: + description: An empty preferred + scheduling term matches all objects + with implicit weight 0 (i.e. it's + a no-op). A null preferred scheduling + term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector + term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node + selector requirements + by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements + by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated + with matching the corresponding + nodeSelectorTerm, in the range + 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not + met at scheduling time, the pod + will not be scheduled onto the node. + If the affinity requirements specified + by this field cease to be met at + some point during pod execution + (e.g. due to an update), the system + may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list + of node selector terms. The + terms are ORed. + items: + description: A null or empty + node selector term matches + no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of + the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements + by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements + by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the + same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node has pods + which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all + of the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod + affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces + specifies which namespaces + the labelSelector applies + to (matches against); + null or empty list means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching + the labelSelector in the + specified namespaces, + where co-located is defined + as running on a node whose + value of the label with + key topologyKey matches + that of any node on which + any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not + met at scheduling time, the pod + will not be scheduled onto the node. + If the affinity requirements specified + by this field cease to be met at + some point during pod execution + (e.g. due to a pod label update), + the system may or may not try to + eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding + to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity + scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + anti-affinity expressions, etc.), + compute a sum by iterating through + the elements of this field and adding + "weight" to the sum if the node + has pods which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all + of the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod + affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces + specifies which namespaces + the labelSelector applies + to (matches against); + null or empty list means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching + the labelSelector in the + specified namespaces, + where co-located is defined + as running on a node whose + value of the label with + key topologyKey matches + that of any node on which + any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity + requirements specified by this field + are not met at scheduling time, + the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to + be met at some point during pod + execution (e.g. due to a pod label + update), the system may or may not + try to eventually evict the pod + from its node. When there are multiple + elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which + must be true for the pod to fit on a node. + Selector which must match a node''s labels + for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is + attached to tolerates any taint that matches + the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match + all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that + the toleration applies to. Empty means + match all taint keys. If the key is + empty, operator must be Exists; this + combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration + (which must be of effect NoExecute, + otherwise this field is ignored) tolerates + the taint. By default, it is not set, + which means tolerate the taint forever + (do not evict). Zero and negative + values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value + the toleration matches to. If the + operator is Exists, the value should + be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + serviceType: + description: Optional service type for Kubernetes + solver service + type: string + type: object + type: object + selector: + description: Selector selects a set of DNSNames on the Certificate + resource that should be solved using this challenge solver. + properties: + dnsNames: + description: List of DNSNames that this solver will be + used to solve. If specified and a match is found, a + dnsNames selector will take precedence over a dnsZones + selector. If multiple solvers match with the same dnsNames + value, the solver with the most matching labels in matchLabels + will be selected. If neither has more matches, the solver + defined earlier in the list will be selected. + items: + type: string + type: array + dnsZones: + description: List of DNSZones that this solver will be + used to solve. The most specific DNS zone match specified + here will take precedence over other DNS zone matches, + so a solver specifying sys.example.com will be selected + over one specifying example.com for the domain www.sys.example.com. + If multiple solvers match with the same dnsZones value, + the solver with the most matching labels in matchLabels + will be selected. If neither has more matches, the solver + defined earlier in the list will be selected. + items: + type: string + type: array + matchLabels: + additionalProperties: + type: string + description: A label selector that is used to refine the + set of certificate's that this challenge solver will + apply to. + type: object + type: object + type: object + type: array + required: + - privateKeySecretRef + - server + type: object + ca: + properties: + secretName: + description: SecretName is the name of the secret used to sign Certificates + issued by this Issuer. + type: string + required: + - secretName + type: object + selfSigned: + type: object + vault: + properties: + auth: + description: Vault authentication + properties: + appRole: + description: This Secret contains a AppRole and Secret + properties: + path: + description: Where the authentication path is mounted in + Vault. + type: string + roleId: + type: string + secretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - path + - roleId + - secretRef + type: object + kubernetes: + description: This contains a Role and Secret with a ServiceAccount + token to authenticate with vault. + properties: + mountPath: + description: The value here will be used as part of the + path used when authenticating with vault, for example + if you set a value of "foo", the path used will be "/v1/auth/foo/login". + If unspecified, the default value "kubernetes" will be + used. + type: string + role: + description: A required field containing the Vault Role + to assume. A Role binds a Kubernetes ServiceAccount with + a set of Vault policies. + type: string + secretRef: + description: The required Secret field containing a Kubernetes + ServiceAccount JWT used for authenticating with Vault. + Use of 'ambient credentials' is not supported. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - role + - secretRef + type: object + tokenSecretRef: + description: This Secret contains the Vault token key + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + type: object + caBundle: + description: Base64 encoded CA bundle to validate Vault server certificate. + Only used if the Server URL is using HTTPS protocol. This parameter + is ignored for plain HTTP protocol connection. If not set the + system root certificates are used to validate the TLS connection. + format: byte + type: string + path: + description: Vault URL path to the certificate role + type: string + server: + description: Server is the vault connection address + type: string + required: + - auth + - path + - server + type: object + venafi: + description: VenafiIssuer describes issuer configuration details for + Venafi Cloud. + properties: + cloud: + description: Cloud specifies the Venafi cloud configuration settings. + Only one of TPP or Cloud may be specified. + properties: + apiTokenSecretRef: + description: APITokenSecretRef is a secret key selector for + the Venafi Cloud API token. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + url: + description: URL is the base URL for Venafi Cloud + type: string + required: + - apiTokenSecretRef + - url + type: object + tpp: + description: TPP specifies Trust Protection Platform configuration + settings. Only one of TPP or Cloud may be specified. + properties: + caBundle: + description: CABundle is a PEM encoded TLS certifiate to use + to verify connections to the TPP instance. If specified, system + roots will not be used and the issuing CA for the TPP instance + must be verifiable using the provided root. If not specified, + the connection will be verified using the cert-manager system + root certificates. + format: byte + type: string + credentialsRef: + description: CredentialsRef is a reference to a Secret containing + the username and password for the TPP server. The secret must + contain two keys, 'username' and 'password'. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + url: + description: URL is the base URL for the Venafi TPP instance + type: string + required: + - credentialsRef + - url + type: object + zone: + description: Zone is the Venafi Policy Zone to use for this issuer. + All requests made to the Venafi platform will be restricted by + the named zone policy. This field is required. + type: string + required: + - zone + type: object + type: object + status: + description: IssuerStatus contains status information about an Issuer + properties: + acme: + properties: + lastRegisteredEmail: + description: LastRegisteredEmail is the email associated with the + latest registered ACME account, in order to track changes made + to registered account associated with the Issuer + type: string + uri: + description: URI is the unique account identifier, which can also + be used to retrieve account details from the CA + type: string + type: object + conditions: + items: + description: IssuerCondition contains condition information for an + Issuer. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.acme.cert-manager.io.yaml b/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.acme.cert-manager.io.yaml new file mode 100644 index 000000000..12b262c51 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.acme.cert-manager.io.yaml @@ -0,0 +1,200 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: orders.acme.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: State + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.reason + name: Reason + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + group: acme.cert-manager.io + names: + kind: Order + listKind: OrderList + plural: orders + singular: order + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: Order is a type to represent an Order with an ACME server + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + commonName: + description: CommonName is the common name as specified on the DER encoded + CSR. If CommonName is not specified, the first DNSName specified will + be used as the CommonName. At least one of CommonName or a DNSNames + must be set. This field must match the corresponding field on the + DER encoded CSR. + type: string + csr: + description: Certificate signing request bytes in DER encoding. This + will be used when finalizing the order. This field must be set on + the order. + format: byte + type: string + dnsNames: + description: DNSNames is a list of DNS names that should be included + as part of the Order validation process. If CommonName is not specified, + the first DNSName specified will be used as the CommonName. At least + one of CommonName or a DNSNames must be set. This field must match + the corresponding field on the DER encoded CSR. + items: + type: string + type: array + issuerRef: + description: IssuerRef references a properly configured ACME-type Issuer + which should be used to create this Order. If the Issuer does not + exist, processing will be retried. If the Issuer is not an 'ACME' + Issuer, an error will be returned and the Order will be marked as + failed. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + required: + - csr + - issuerRef + type: object + status: + properties: + authorizations: + description: Authorizations contains data returned from the ACME server + on what authoriations must be completed in order to validate the DNS + names specified on the Order. + items: + description: ACMEAuthorization contains data returned from the ACME + server on an authorization that must be completed in order validate + a DNS name on an ACME Order resource. + properties: + challenges: + description: Challenges specifies the challenge types offered + by the ACME server. One of these challenge types will be selected + when validating the DNS name and an appropriate Challenge resource + will be created to perform the ACME challenge process. + items: + description: Challenge specifies a challenge offered by the + ACME server for an Order. An appropriate Challenge resource + can be created to perform the ACME challenge process. + properties: + token: + description: Token is the token that must be presented for + this challenge. This is used to compute the 'key' that + must also be presented. + type: string + type: + description: Type is the type of challenge being offered, + e.g. http-01, dns-01 + type: string + url: + description: URL is the URL of this challenge. It can be + used to retrieve additional metadata about the Challenge + from the ACME server. + type: string + required: + - token + - type + - url + type: object + type: array + identifier: + description: Identifier is the DNS name to be validated as part + of this authorization + type: string + url: + description: URL is the URL of the Authorization that must be + completed + type: string + wildcard: + description: Wildcard will be true if this authorization is for + a wildcard DNS name. If this is true, the identifier will be + the *non-wildcard* version of the DNS name. For example, if + '*.example.com' is the DNS name being validated, this field + will be 'true' and the 'identifier' field will be 'example.com'. + type: boolean + required: + - url + type: object + type: array + certificate: + description: Certificate is a copy of the PEM encoded certificate for + this Order. This field will be populated after the order has been + successfully finalized with the ACME server, and the order has transitioned + to the 'valid' state. + format: byte + type: string + failureTime: + description: FailureTime stores the time that this order failed. This + is used to influence garbage collection and back-off. + format: date-time + type: string + finalizeURL: + description: FinalizeURL of the Order. This is used to obtain certificates + for this order once it has been completed. + type: string + reason: + description: Reason optionally provides more information about a why + the order is in the current state. + type: string + state: + description: State contains the current state of this Order resource. + States 'success' and 'expired' are 'final' + enum: + - valid + - ready + - pending + - processing + - invalid + - expired + - errored + type: string + url: + description: URL of the Order. This will initially be empty when the + resource is first created. The Order controller will populate this + field when the Order is first processed. This field will be immutable + after it is initially set. + type: string + type: object + required: + - metadata + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/tests/stacks/ibm/application/cert-manager-kube-system-resources/kustomize_test.go b/tests/stacks/ibm/application/cert-manager-kube-system-resources/kustomize_test.go new file mode 100644 index 000000000..111bc9ac6 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager-kube-system-resources/kustomize_test.go @@ -0,0 +1,15 @@ +package cert_manager_kube_system_resources + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/ibm/application/cert-manager-kube-system-resources", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager-cainjector:leaderelection.yaml b/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager-cainjector:leaderelection.yaml new file mode 100644 index 000000000..c37a3b749 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager-cainjector:leaderelection.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: cainjector + kustomize.component: cert-manager + name: cert-manager-cainjector:leaderelection + namespace: kube-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - create + - update + - patch diff --git a/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager:leaderelection.yaml b/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager:leaderelection.yaml new file mode 100644 index 000000000..542fbcbd5 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager:leaderelection.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: cert-manager + kustomize.component: cert-manager + name: cert-manager:leaderelection + namespace: kube-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - create + - update + - patch diff --git a/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-cainjector:leaderelection.yaml b/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-cainjector:leaderelection.yaml new file mode 100644 index 000000000..a47a2fe74 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-cainjector:leaderelection.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: cainjector + kustomize.component: cert-manager + name: cert-manager-cainjector:leaderelection + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cert-manager-cainjector:leaderelection +subjects: +- apiGroup: "" + kind: ServiceAccount + name: cert-manager-cainjector + namespace: cert-manager diff --git a/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-webhook:webhook-authentication-reader.yaml b/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-webhook:webhook-authentication-reader.yaml new file mode 100644 index 000000000..f7ec38a25 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-webhook:webhook-authentication-reader.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: webhook + kustomize.component: cert-manager + name: cert-manager-webhook:webhook-authentication-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- apiGroup: "" + kind: ServiceAccount + name: cert-manager-webhook + namespace: cert-manager diff --git a/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager:leaderelection.yaml b/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager:leaderelection.yaml new file mode 100644 index 000000000..25a7fde90 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager:leaderelection.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: cert-manager + kustomize.component: cert-manager + name: cert-manager:leaderelection + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cert-manager:leaderelection +subjects: +- apiGroup: "" + kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/~g_v1_configmap_cert-manager-kube-params-parameters.yaml b/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/~g_v1_configmap_cert-manager-kube-params-parameters.yaml new file mode 100644 index 000000000..d8e47f2a9 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/~g_v1_configmap_cert-manager-kube-params-parameters.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + certManagerNamespace: cert-manager +kind: ConfigMap +metadata: + labels: + kustomize.component: cert-manager + name: cert-manager-kube-params-parameters + namespace: kube-system diff --git a/tests/stacks/ibm/application/cert-manager/kustomize_test.go b/tests/stacks/ibm/application/cert-manager/kustomize_test.go new file mode 100644 index 000000000..7d975b0c3 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/kustomize_test.go @@ -0,0 +1,15 @@ +package cert_manager + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/ibm/application/cert-manager", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_cert-manager-webhook.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_cert-manager-webhook.yaml new file mode 100644 index 000000000..93e06c430 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_cert-manager-webhook.yaml @@ -0,0 +1,35 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-apiserver-ca: "true" + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook +webhooks: +- clientConfig: + caBundle: "" + service: + name: kubernetes + namespace: default + path: /apis/webhook.cert-manager.io/v1beta1/mutations + failurePolicy: Fail + name: webhook.cert-manager.io + rules: + - apiGroups: + - cert-manager.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - certificates + - issuers + - clusterissuers + - orders + - challenges + - certificaterequests diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_cert-manager-webhook.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_cert-manager-webhook.yaml new file mode 100644 index 000000000..36a252401 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_cert-manager-webhook.yaml @@ -0,0 +1,34 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-apiserver-ca: "true" + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook +webhooks: +- clientConfig: + caBundle: "" + service: + name: kubernetes + namespace: default + path: /apis/webhook.cert-manager.io/v1beta1/validations + failurePolicy: Fail + name: webhook.certmanager.k8s.io + rules: + - apiGroups: + - cert-manager.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - certificates + - issuers + - clusterissuers + - certificaterequests + sideEffects: None diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/apiregistration.k8s.io_v1beta1_apiservice_v1beta1.webhook.cert-manager.io.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/apiregistration.k8s.io_v1beta1_apiservice_v1beta1.webhook.cert-manager.io.yaml new file mode 100644 index 000000000..21cdee540 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/apiregistration.k8s.io_v1beta1_apiservice_v1beta1.webhook.cert-manager.io.yaml @@ -0,0 +1,19 @@ +apiVersion: apiregistration.k8s.io/v1beta1 +kind: APIService +metadata: + annotations: + cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-tls + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: v1beta1.webhook.cert-manager.io +spec: + group: webhook.cert-manager.io + groupPriorityMinimum: 1000 + service: + name: cert-manager-webhook + namespace: cert-manager + version: v1beta1 + versionPriority: 15 diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/app.k8s.io_v1beta1_application_cert-manager.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/app.k8s.io_v1beta1_application_cert-manager.yaml new file mode 100644 index 000000000..574d893ad --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/app.k8s.io_v1beta1_application_cert-manager.yaml @@ -0,0 +1,40 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager + namespace: cert-manager +spec: + componentKinds: + - group: rbac + kind: ClusterRole + - group: rbac + kind: ClusterRoleBinding + - group: core + kind: Namespace + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + descriptor: + description: Automatically provision and manage TLS certificates in Kubernetes + https://jetstack.io. + keywords: + - cert-manager + links: + - description: About + url: https://github.com/jetstack/cert-manager + type: "" + version: v0.10.0 + selector: + matchLabels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: cert-manager + app.kubernetes.io/part-of: kubeflow diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-cainjector.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-cainjector.yaml new file mode 100644 index 000000000..6ae84bc8c --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-cainjector.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-cainjector + namespace: cert-manager +spec: + replicas: 1 + selector: + matchLabels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + template: + metadata: + annotations: null + labels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + spec: + containers: + - args: + - --v=2 + - --leader-election-namespace=kube-system + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/jetstack/cert-manager-cainjector:v0.11.0 + imagePullPolicy: IfNotPresent + name: cainjector + resources: {} + serviceAccountName: cert-manager-cainjector diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-webhook.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-webhook.yaml new file mode 100644 index 000000000..33ab9729d --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-webhook.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook + namespace: cert-manager +spec: + replicas: 1 + selector: + matchLabels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + template: + metadata: + annotations: null + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + spec: + containers: + - args: + - --v=2 + - --secure-port=6443 + - --tls-cert-file=/certs/tls.crt + - --tls-private-key-file=/certs/tls.key + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/jetstack/cert-manager-webhook:v0.11.0 + imagePullPolicy: IfNotPresent + name: cert-manager + resources: {} + volumeMounts: + - mountPath: /certs + name: certs + serviceAccountName: cert-manager-webhook + volumes: + - name: certs + secret: + secretName: cert-manager-webhook-tls diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager.yaml new file mode 100644 index 000000000..8a116d7b3 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager + namespace: cert-manager +spec: + replicas: 1 + selector: + matchLabels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "9402" + prometheus.io/scrape: "true" + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + spec: + containers: + - args: + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system + - --webhook-namespace=$(POD_NAMESPACE) + - --webhook-ca-secret=cert-manager-webhook-ca + - --webhook-serving-secret=cert-manager-webhook-tls + - --webhook-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.cert-manager.svc + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/jetstack/cert-manager-controller:v0.11.0 + imagePullPolicy: IfNotPresent + name: cert-manager + ports: + - containerPort: 9402 + resources: + requests: + cpu: 10m + memory: 32Mi + serviceAccountName: cert-manager diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/cert-manager.io_v1alpha2_clusterissuer_kubeflow-self-signing-issuer.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/cert-manager.io_v1alpha2_clusterissuer_kubeflow-self-signing-issuer.yaml new file mode 100644 index 000000000..2a25e06d4 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/cert-manager.io_v1alpha2_clusterissuer_kubeflow-self-signing-issuer.yaml @@ -0,0 +1,11 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: ClusterIssuer +metadata: + labels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: kubeflow-self-signing-issuer + namespace: cert-manager +spec: + selfSigned: {} diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-edit.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-edit.yaml new file mode 100644 index 000000000..6ce5b8e0c --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-edit.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: cert-manager-edit +rules: +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + - issuers + verbs: + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-view.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-view.yaml new file mode 100644 index 000000000..f62a08529 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-view.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cert-manager-view +rules: +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + - issuers + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-webhook:webhook-requester.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-webhook:webhook-requester.yaml new file mode 100644 index 000000000..b0d464bfd --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-webhook:webhook-requester.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook:webhook-requester +rules: +- apiGroups: + - admission.cert-manager.io + resources: + - certificates + - certificaterequests + - issuers + - clusterissuers + verbs: + - create diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-cainjector.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-cainjector.yaml new file mode 100644 index 000000000..ce897a6a3 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-cainjector.yaml @@ -0,0 +1,63 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-cainjector +rules: +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - get + - create + - update + - patch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update +- apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - watch + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - update diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-certificates.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-certificates.yaml new file mode 100644 index 000000000..ad80b32de --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-certificates.yaml @@ -0,0 +1,64 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-certificates +rules: +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificates/status + - certificaterequests + - certificaterequests/status + verbs: + - update +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + - clusterissuers + - issuers + verbs: + - get + - list + - watch +- apiGroups: + - cert-manager.io + resources: + - certificates/finalizers + verbs: + - update +- apiGroups: + - acme.cert-manager.io + resources: + - orders + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-challenges.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-challenges.yaml new file mode 100644 index 000000000..fb0a1201c --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-challenges.yaml @@ -0,0 +1,86 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-challenges +rules: +- apiGroups: + - acme.cert-manager.io + resources: + - challenges + - challenges/status + verbs: + - update +- apiGroups: + - acme.cert-manager.io + resources: + - challenges + verbs: + - get + - list + - watch +- apiGroups: + - cert-manager.io + resources: + - issuers + - clusterissuers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - pods + - services + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - extensions + - networking.k8s.io/v1 + resources: + - ingresses + verbs: + - get + - list + - watch + - create + - delete + - update +- apiGroups: + - acme.cert-manager.io + resources: + - challenges/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-clusterissuers.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-clusterissuers.yaml new file mode 100644 index 000000000..bea275aa9 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-clusterissuers.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-clusterissuers +rules: +- apiGroups: + - cert-manager.io + resources: + - clusterissuers + - clusterissuers/status + verbs: + - update +- apiGroups: + - cert-manager.io + resources: + - clusterissuers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-ingress-shim.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-ingress-shim.yaml new file mode 100644 index 000000000..a276b1374 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-ingress-shim.yaml @@ -0,0 +1,51 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-ingress-shim +rules: +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + verbs: + - create + - update + - delete +- apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + - issuers + - clusterissuers + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io/v1 + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io/v1 + resources: + - ingresses/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-issuers.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-issuers.yaml new file mode 100644 index 000000000..13b98eeaa --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-issuers.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-issuers +rules: +- apiGroups: + - cert-manager.io + resources: + - issuers + - issuers/status + verbs: + - update +- apiGroups: + - cert-manager.io + resources: + - issuers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-orders.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-orders.yaml new file mode 100644 index 000000000..d5f2de3e1 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-orders.yaml @@ -0,0 +1,63 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-orders +rules: +- apiGroups: + - acme.cert-manager.io + resources: + - orders + - orders/status + verbs: + - update +- apiGroups: + - acme.cert-manager.io + resources: + - orders + - challenges + verbs: + - get + - list + - watch +- apiGroups: + - cert-manager.io + resources: + - clusterissuers + - issuers + verbs: + - get + - list + - watch +- apiGroups: + - acme.cert-manager.io + resources: + - challenges + verbs: + - create + - delete +- apiGroups: + - acme.cert-manager.io + resources: + - orders/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-cainjector.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-cainjector.yaml new file mode 100644 index 000000000..bd1d73f13 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-cainjector.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-cainjector +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-cainjector +subjects: +- kind: ServiceAccount + name: cert-manager-cainjector + namespace: cert-manager diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-certificates.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-certificates.yaml new file mode 100644 index 000000000..80792a8f2 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-certificates.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-certificates +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-certificates +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-challenges.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-challenges.yaml new file mode 100644 index 000000000..7ee5331ba --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-challenges.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-challenges +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-challenges +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-clusterissuers.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-clusterissuers.yaml new file mode 100644 index 000000000..bbc5ee440 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-clusterissuers.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-clusterissuers +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-clusterissuers +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-ingress-shim.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-ingress-shim.yaml new file mode 100644 index 000000000..6a7927095 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-ingress-shim.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-ingress-shim +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-ingress-shim +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-issuers.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-issuers.yaml new file mode 100644 index 000000000..854ffd11f --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-issuers.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-issuers +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-issuers +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-orders.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-orders.yaml new file mode 100644 index 000000000..137f15e73 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-orders.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-controller-orders +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-orders +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-webhook:auth-delegator.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-webhook:auth-delegator.yaml new file mode 100644 index 000000000..b19073be5 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-webhook:auth-delegator.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- apiGroup: "" + kind: ServiceAccount + name: cert-manager-webhook + namespace: cert-manager diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_configmap_cert-manager-parameters.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_configmap_cert-manager-parameters.yaml new file mode 100644 index 000000000..f40a39080 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_configmap_cert-manager-parameters.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + namespace: cert-manager +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-parameters + namespace: cert-manager diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_namespace_cert-manager.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_namespace_cert-manager.yaml new file mode 100644 index 000000000..d0a3fd2d2 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_namespace_cert-manager.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_service_cert-manager-webhook.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_service_cert-manager-webhook.yaml new file mode 100644 index 000000000..adb10f907 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_service_cert-manager-webhook.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook + namespace: cert-manager +spec: + ports: + - name: https + port: 443 + targetPort: 6443 + selector: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + type: ClusterIP diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_service_cert-manager.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_service_cert-manager.yaml new file mode 100644 index 000000000..b25a40165 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_service_cert-manager.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager + namespace: cert-manager +spec: + ports: + - port: 9402 + protocol: TCP + targetPort: 9402 + selector: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + type: ClusterIP diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-cainjector.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-cainjector.yaml new file mode 100644 index 000000000..e71b15aaa --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-cainjector.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-cainjector + namespace: cert-manager diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-webhook.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-webhook.yaml new file mode 100644 index 000000000..11c24d45c --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager-webhook.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: webhook + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager-webhook + namespace: cert-manager diff --git a/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager.yaml b/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager.yaml new file mode 100644 index 000000000..882e257d9 --- /dev/null +++ b/tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_serviceaccount_cert-manager.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/name: cert-manager + kustomize.component: cert-manager + name: cert-manager + namespace: cert-manager diff --git a/tests/stacks/ibm/application/cluster-local-gateway/kustomize_test.go b/tests/stacks/ibm/application/cluster-local-gateway/kustomize_test.go new file mode 100644 index 000000000..389d9ffaf --- /dev/null +++ b/tests/stacks/ibm/application/cluster-local-gateway/kustomize_test.go @@ -0,0 +1,15 @@ +package cluster_local_gateway + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/ibm/application/cluster-local-gateway", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/apps_v1_deployment_cluster-local-gateway.yaml b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/apps_v1_deployment_cluster-local-gateway.yaml new file mode 100644 index 000000000..3a8a7a15c --- /dev/null +++ b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/apps_v1_deployment_cluster-local-gateway.yaml @@ -0,0 +1,164 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cluster-local-gateway + istio: cluster-local-gateway + kustomize.component: cluster-local-gateway + name: cluster-local-gateway + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + kustomize.component: cluster-local-gateway + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: cluster-local-gateway + istio: cluster-local-gateway + kustomize.component: cluster-local-gateway + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --log_output_level=default:info + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --connectTimeout + - 10s + - --serviceCluster + - cluster-local-gateway + - --zipkinAddress + - zipkin.istio-system:9411 + - --proxyAdminPort + - "15000" + - --statusPort + - "15020" + - --controlPlaneAuthPolicy + - NONE + - --discoveryAddress + - istio-pilot.istio-system:15010 + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: ISTIO_META_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ISTIO_META_CONFIG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: docker.io/istio/proxyv2:1.1.6 + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 80 + - containerPort: 443 + - containerPort: 31400 + - containerPort: 15011 + - containerPort: 8060 + - containerPort: 15029 + - containerPort: 15030 + - containerPort: 15031 + - containerPort: 15032 + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + readinessProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15020 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /etc/istio/clusterlocalgateway-certs + name: clusterlocalgateway-certs + readOnly: true + - mountPath: /etc/istio/clusterlocalgateway-ca-certs + name: clusterlocalgateway-ca-certs + readOnly: true + serviceAccountName: cluster-local-gateway-service-account + volumes: + - name: istio-certs + secret: + optional: true + secretName: istio.cluster-local-gateway-service-account + - name: clusterlocalgateway-certs + secret: + optional: true + secretName: istio-clusterlocalgateway-certs + - name: clusterlocalgateway-ca-certs + secret: + optional: true + secretName: istio-clusterlocalgateway-ca-certs diff --git a/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_cluster-local-gateway.yaml b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_cluster-local-gateway.yaml new file mode 100644 index 000000000..3356f9214 --- /dev/null +++ b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_cluster-local-gateway.yaml @@ -0,0 +1,21 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: cluster-local-gateway + istio: cluster-local-gateway + kustomize.component: cluster-local-gateway + name: cluster-local-gateway + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: cluster-local-gateway diff --git a/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/policy_v1beta1_poddisruptionbudget_cluster-local-gateway.yaml b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/policy_v1beta1_poddisruptionbudget_cluster-local-gateway.yaml new file mode 100644 index 000000000..c53a86f32 --- /dev/null +++ b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/policy_v1beta1_poddisruptionbudget_cluster-local-gateway.yaml @@ -0,0 +1,16 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: cluster-local-gateway + istio: cluster-local-gateway + kustomize.component: cluster-local-gateway + name: cluster-local-gateway + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: cluster-local-gateway + istio: cluster-local-gateway + kustomize.component: cluster-local-gateway diff --git a/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cluster-local-gateway-istio-system.yaml b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cluster-local-gateway-istio-system.yaml new file mode 100644 index 000000000..f412abdb0 --- /dev/null +++ b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cluster-local-gateway-istio-system.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cluster-local-gateway + kustomize.component: cluster-local-gateway + name: cluster-local-gateway-istio-system +rules: +- apiGroups: + - networking.istio.io + resources: + - virtualservices + - destinationrules + - gateways + verbs: + - get + - watch + - list + - update diff --git a/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-reader.yaml b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-reader.yaml new file mode 100644 index 000000000..f2ee7370c --- /dev/null +++ b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-reader.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + kustomize.component: cluster-local-gateway + name: istio-reader +rules: +- apiGroups: + - "" + resources: + - nodes + - pods + - services + - endpoints + - replicationcontrollers + verbs: + - get + - watch + - list +- apiGroups: + - extensions + - apps + resources: + - replicasets + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_cluster-local-gateway-istio-system.yaml b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_cluster-local-gateway-istio-system.yaml new file mode 100644 index 000000000..91d90c9dc --- /dev/null +++ b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_cluster-local-gateway-istio-system.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: cluster-local-gateway + kustomize.component: cluster-local-gateway + name: cluster-local-gateway-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-local-gateway-istio-system +subjects: +- kind: ServiceAccount + name: cluster-local-gateway-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/~g_v1_configmap_cluster-local-gateway-parameters-tbbdb2842d.yaml b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/~g_v1_configmap_cluster-local-gateway-parameters-tbbdb2842d.yaml new file mode 100644 index 000000000..225e1a47d --- /dev/null +++ b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/~g_v1_configmap_cluster-local-gateway-parameters-tbbdb2842d.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + namespace: istio-system +kind: ConfigMap +metadata: + labels: + kustomize.component: cluster-local-gateway + name: cluster-local-gateway-parameters-tbbdb2842d + namespace: istio-system diff --git a/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/~g_v1_namespace_istio-system.yaml b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/~g_v1_namespace_istio-system.yaml new file mode 100644 index 000000000..07a4ad5c3 --- /dev/null +++ b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/~g_v1_namespace_istio-system.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + kustomize.component: cluster-local-gateway + name: istio-system diff --git a/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/~g_v1_service_cluster-local-gateway.yaml b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/~g_v1_service_cluster-local-gateway.yaml new file mode 100644 index 000000000..4e7722498 --- /dev/null +++ b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/~g_v1_service_cluster-local-gateway.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: cluster-local-gateway + istio: cluster-local-gateway + kustomize.component: cluster-local-gateway + name: cluster-local-gateway + namespace: istio-system +spec: + ports: + - name: http2 + port: 80 + targetPort: 80 + - name: https + port: 443 + - name: tcp + port: 31400 + - name: tcp-pilot-grpc-tls + port: 15011 + targetPort: 15011 + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: http2-kiali + port: 15029 + targetPort: 15029 + - name: http2-prometheus + port: 15030 + targetPort: 15030 + - name: http2-grafana + port: 15031 + targetPort: 15031 + - name: http2-tracing + port: 15032 + targetPort: 15032 + selector: + app: cluster-local-gateway + istio: cluster-local-gateway + kustomize.component: cluster-local-gateway + type: ClusterIP diff --git a/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/~g_v1_serviceaccount_cluster-local-gateway-service-account.yaml b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/~g_v1_serviceaccount_cluster-local-gateway-service-account.yaml new file mode 100644 index 000000000..f8940db4b --- /dev/null +++ b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/~g_v1_serviceaccount_cluster-local-gateway-service-account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: cluster-local-gateway + kustomize.component: cluster-local-gateway + name: cluster-local-gateway-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/~g_v1_serviceaccount_istio-multi.yaml b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/~g_v1_serviceaccount_istio-multi.yaml new file mode 100644 index 000000000..337ef9a37 --- /dev/null +++ b/tests/stacks/ibm/application/cluster-local-gateway/test_data/expected/~g_v1_serviceaccount_istio-multi.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + kustomize.component: cluster-local-gateway + name: istio-multi + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/kustomize_test.go b/tests/stacks/ibm/application/istio-stack/kustomize_test.go new file mode 100644 index 000000000..ec5be112c --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/kustomize_test.go @@ -0,0 +1,15 @@ +package istio_stack + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/ibm/application/istio-stack", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_istio-sidecar-injector.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_istio-sidecar-injector.yaml new file mode 100644 index 000000000..45f3d51ee --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_istio-sidecar-injector.yaml @@ -0,0 +1,30 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + labels: + app: sidecarInjectorWebhook + chart: sidecarInjectorWebhook + heritage: Tiller + release: istio + name: istio-sidecar-injector +webhooks: +- clientConfig: + caBundle: "" + service: + name: istio-sidecar-injector + namespace: istio-system + path: /inject + failurePolicy: Fail + name: sidecar-injector.istio.io + namespaceSelector: + matchLabels: + istio-injection: enabled + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_adapters.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_adapters.config.istio.io.yaml new file mode 100644 index 000000000..306a83db9 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_adapters.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: adapter + release: istio + name: adapters.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: adapter + plural: adapters + singular: adapter + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_apikeys.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_apikeys.config.istio.io.yaml new file mode 100644 index 000000000..d0385f0e4 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_apikeys.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: apikey + release: istio + name: apikeys.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: apikey + plural: apikeys + singular: apikey + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_attributemanifests.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_attributemanifests.config.istio.io.yaml new file mode 100644 index 000000000..b904f823e --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_attributemanifests.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: core + package: istio.io.mixer + release: istio + name: attributemanifests.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: attributemanifest + plural: attributemanifests + singular: attributemanifest + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_authorizations.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_authorizations.config.istio.io.yaml new file mode 100644 index 000000000..e7f9bb2ca --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_authorizations.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: authorization + release: istio + name: authorizations.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: authorization + plural: authorizations + singular: authorization + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_bypasses.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_bypasses.config.istio.io.yaml new file mode 100644 index 000000000..5d853a10d --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_bypasses.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: bypass + release: istio + name: bypasses.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: bypass + plural: bypasses + singular: bypass + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.certmanager.k8s.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.certmanager.k8s.io.yaml new file mode 100644 index 000000000..188a1093c --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.certmanager.k8s.io.yaml @@ -0,0 +1,43 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: certmanager + chart: certmanager + heritage: Tiller + release: istio + name: certificates.certmanager.k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .spec.secretName + name: Secret + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: certmanager.k8s.io + names: + kind: Certificate + plural: certificates + shortNames: + - cert + - certs + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.certmanager.k8s.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.certmanager.k8s.io.yaml new file mode 100644 index 000000000..08e76be42 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.certmanager.k8s.io.yaml @@ -0,0 +1,35 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: certmanager + chart: certmanager + heritage: Tiller + release: istio + name: challenges.certmanager.k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: State + type: string + - JSONPath: .spec.dnsName + name: Domain + type: string + - JSONPath: .status.reason + name: Reason + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: certmanager.k8s.io + names: + kind: Challenge + plural: challenges + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_checknothings.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_checknothings.config.istio.io.yaml new file mode 100644 index 000000000..f31fc2477 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_checknothings.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: checknothing + release: istio + name: checknothings.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: checknothing + plural: checknothings + singular: checknothing + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_circonuses.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_circonuses.config.istio.io.yaml new file mode 100644 index 000000000..e5b719464 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_circonuses.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: circonus + release: istio + name: circonuses.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: circonus + plural: circonuses + singular: circonus + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_cloudwatches.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_cloudwatches.config.istio.io.yaml new file mode 100644 index 000000000..0c2c35ff0 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_cloudwatches.config.istio.io.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + istio: mixer-adapter + package: cloudwatch + name: cloudwatches.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: cloudwatch + plural: cloudwatches + singular: cloudwatch + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.certmanager.k8s.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.certmanager.k8s.io.yaml new file mode 100644 index 000000000..dea35ef84 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.certmanager.k8s.io.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: certmanager + chart: certmanager + heritage: Tiller + release: istio + name: clusterissuers.certmanager.k8s.io +spec: + group: certmanager.k8s.io + names: + kind: ClusterIssuer + plural: clusterissuers + scope: Cluster + version: v1alpha1 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterrbacconfigs.rbac.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterrbacconfigs.rbac.istio.io.yaml new file mode 100644 index 000000000..366c18ebc --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterrbacconfigs.rbac.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-pilot + heritage: Tiller + istio: rbac + release: istio + name: clusterrbacconfigs.rbac.istio.io +spec: + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: ClusterRbacConfig + plural: clusterrbacconfigs + singular: clusterrbacconfig + scope: Cluster + version: v1alpha1 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_deniers.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_deniers.config.istio.io.yaml new file mode 100644 index 000000000..9d89ab9c8 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_deniers.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: denier + release: istio + name: deniers.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: denier + plural: deniers + singular: denier + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_destinationrules.networking.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_destinationrules.networking.istio.io.yaml new file mode 100644 index 000000000..044b9a80e --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_destinationrules.networking.istio.io.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: destinationrules.networking.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.host + description: The name of a service from the service registry + name: Host + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: DestinationRule + listKind: DestinationRuleList + plural: destinationrules + shortNames: + - dr + singular: destinationrule + scope: Namespaced + version: v1alpha3 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_dogstatsds.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_dogstatsds.config.istio.io.yaml new file mode 100644 index 000000000..3e6d9dc8e --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_dogstatsds.config.istio.io.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + istio: mixer-adapter + package: dogstatsd + name: dogstatsds.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: dogstatsd + plural: dogstatsds + singular: dogstatsd + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_edges.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_edges.config.istio.io.yaml new file mode 100644 index 000000000..65099a24d --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_edges.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: edge + release: istio + name: edges.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: edge + plural: edges + singular: edge + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_envoyfilters.networking.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_envoyfilters.networking.istio.io.yaml new file mode 100644 index 000000000..ed0739556 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_envoyfilters.networking.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: envoyfilters.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: EnvoyFilter + plural: envoyfilters + singular: envoyfilter + scope: Namespaced + version: v1alpha3 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_fluentds.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_fluentds.config.istio.io.yaml new file mode 100644 index 000000000..f3111ccc2 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_fluentds.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: fluentd + release: istio + name: fluentds.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: fluentd + plural: fluentds + singular: fluentd + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_gateways.networking.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_gateways.networking.istio.io.yaml new file mode 100644 index 000000000..f7420c2f4 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_gateways.networking.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: gateways.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: Gateway + plural: gateways + shortNames: + - gw + singular: gateway + scope: Namespaced + version: v1alpha3 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_handlers.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_handlers.config.istio.io.yaml new file mode 100644 index 000000000..dab8c75f1 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_handlers.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-handler + package: handler + release: istio + name: handlers.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: handler + plural: handlers + singular: handler + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecbindings.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecbindings.config.istio.io.yaml new file mode 100644 index 000000000..1771daada --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecbindings.config.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-mixer + chart: istio + heritage: Tiller + release: istio + name: httpapispecbindings.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - apim-istio-io + kind: HTTPAPISpecBinding + plural: httpapispecbindings + singular: httpapispecbinding + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecs.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecs.config.istio.io.yaml new file mode 100644 index 000000000..cbf2f7914 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_httpapispecs.config.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-mixer + chart: istio + heritage: Tiller + release: istio + name: httpapispecs.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - apim-istio-io + kind: HTTPAPISpec + plural: httpapispecs + singular: httpapispec + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_instances.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_instances.config.istio.io.yaml new file mode 100644 index 000000000..9699fa820 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_instances.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: instance + release: istio + name: instances.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: instance + plural: instances + singular: instance + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.certmanager.k8s.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.certmanager.k8s.io.yaml new file mode 100644 index 000000000..a0c186a1d --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.certmanager.k8s.io.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: certmanager + chart: certmanager + heritage: Tiller + release: istio + name: issuers.certmanager.k8s.io +spec: + group: certmanager.k8s.io + names: + kind: Issuer + plural: issuers + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_kubernetesenvs.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_kubernetesenvs.config.istio.io.yaml new file mode 100644 index 000000000..7b7da141a --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_kubernetesenvs.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: kubernetesenv + release: istio + name: kubernetesenvs.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: kubernetesenv + plural: kubernetesenvs + singular: kubernetesenv + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_kuberneteses.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_kuberneteses.config.istio.io.yaml new file mode 100644 index 000000000..91693505d --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_kuberneteses.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: adapter.template.kubernetes + release: istio + name: kuberneteses.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: kubernetes + plural: kuberneteses + singular: kubernetes + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_listcheckers.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_listcheckers.config.istio.io.yaml new file mode 100644 index 000000000..cf59ae38c --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_listcheckers.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: listchecker + release: istio + name: listcheckers.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: listchecker + plural: listcheckers + singular: listchecker + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_listentries.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_listentries.config.istio.io.yaml new file mode 100644 index 000000000..04806a76c --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_listentries.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: listentry + release: istio + name: listentries.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: listentry + plural: listentries + singular: listentry + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_logentries.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_logentries.config.istio.io.yaml new file mode 100644 index 000000000..d1d561e6d --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_logentries.config.istio.io.yaml @@ -0,0 +1,45 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: logentry + release: istio + name: logentries.config.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.severity + description: The importance of the log entry + name: Severity + type: string + - JSONPath: .spec.timestamp + description: The time value for the log entry + name: Timestamp + type: string + - JSONPath: .spec.monitored_resource_type + description: Optional expression to compute the type of the monitored resource + this log entry is being recorded on + name: Res Type + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: logentry + plural: logentries + singular: logentry + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_memquotas.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_memquotas.config.istio.io.yaml new file mode 100644 index 000000000..c36d6a5e6 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_memquotas.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: memquota + release: istio + name: memquotas.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: memquota + plural: memquotas + singular: memquota + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_meshpolicies.authentication.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_meshpolicies.authentication.istio.io.yaml new file mode 100644 index 000000000..56fcaeb04 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_meshpolicies.authentication.istio.io.yaml @@ -0,0 +1,23 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-citadel + chart: istio + heritage: Tiller + release: istio + name: meshpolicies.authentication.istio.io +spec: + group: authentication.istio.io + names: + categories: + - istio-io + - authentication-istio-io + kind: MeshPolicy + listKind: MeshPolicyList + plural: meshpolicies + singular: meshpolicy + scope: Cluster + version: v1alpha1 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_metrics.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_metrics.config.istio.io.yaml new file mode 100644 index 000000000..19a4a519c --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_metrics.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: metric + release: istio + name: metrics.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: metric + plural: metrics + singular: metric + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_noops.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_noops.config.istio.io.yaml new file mode 100644 index 000000000..c8cadbd41 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_noops.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: noop + release: istio + name: noops.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: noop + plural: noops + singular: noop + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_opas.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_opas.config.istio.io.yaml new file mode 100644 index 000000000..936836049 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_opas.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: opa + release: istio + name: opas.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: opa + plural: opas + singular: opa + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.certmanager.k8s.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.certmanager.k8s.io.yaml new file mode 100644 index 000000000..06d5359de --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.certmanager.k8s.io.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: certmanager + chart: certmanager + heritage: Tiller + release: istio + name: orders.certmanager.k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: State + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.reason + name: Reason + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: certmanager.k8s.io + names: + kind: Order + plural: orders + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_policies.authentication.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_policies.authentication.istio.io.yaml new file mode 100644 index 000000000..b9933dfd9 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_policies.authentication.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-citadel + chart: istio + heritage: Tiller + release: istio + name: policies.authentication.istio.io +spec: + group: authentication.istio.io + names: + categories: + - istio-io + - authentication-istio-io + kind: Policy + plural: policies + singular: policy + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_prometheuses.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_prometheuses.config.istio.io.yaml new file mode 100644 index 000000000..07d9e146f --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_prometheuses.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: prometheus + release: istio + name: prometheuses.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: prometheus + plural: prometheuses + singular: prometheus + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotas.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotas.config.istio.io.yaml new file mode 100644 index 000000000..df929bfdd --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotas.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: quota + release: istio + name: quotas.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: quota + plural: quotas + singular: quota + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecbindings.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecbindings.config.istio.io.yaml new file mode 100644 index 000000000..7434f2f66 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecbindings.config.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-mixer + chart: istio + heritage: Tiller + release: istio + name: quotaspecbindings.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - apim-istio-io + kind: QuotaSpecBinding + plural: quotaspecbindings + singular: quotaspecbinding + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecs.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecs.config.istio.io.yaml new file mode 100644 index 000000000..53d48ab74 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_quotaspecs.config.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-mixer + chart: istio + heritage: Tiller + release: istio + name: quotaspecs.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - apim-istio-io + kind: QuotaSpec + plural: quotaspecs + singular: quotaspec + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rbacconfigs.rbac.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rbacconfigs.rbac.istio.io.yaml new file mode 100644 index 000000000..7883b0d7c --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rbacconfigs.rbac.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: rbac + package: istio.io.mixer + release: istio + name: rbacconfigs.rbac.istio.io +spec: + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: RbacConfig + plural: rbacconfigs + singular: rbacconfig + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rbacs.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rbacs.config.istio.io.yaml new file mode 100644 index 000000000..a197d882a --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rbacs.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: rbac + release: istio + name: rbacs.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: rbac + plural: rbacs + singular: rbac + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_redisquotas.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_redisquotas.config.istio.io.yaml new file mode 100644 index 000000000..15158d0df --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_redisquotas.config.istio.io.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: redisquota + release: istio + name: redisquotas.config.istio.io +spec: + group: config.istio.io + names: + kind: redisquota + plural: redisquotas + singular: redisquota + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_reportnothings.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_reportnothings.config.istio.io.yaml new file mode 100644 index 000000000..899806b3a --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_reportnothings.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: reportnothing + release: istio + name: reportnothings.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: reportnothing + plural: reportnothings + singular: reportnothing + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rules.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rules.config.istio.io.yaml new file mode 100644 index 000000000..40b5a703e --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_rules.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: core + package: istio.io.mixer + release: istio + name: rules.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: rule + plural: rules + singular: rule + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceentries.networking.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceentries.networking.istio.io.yaml new file mode 100644 index 000000000..db8fa18cb --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceentries.networking.istio.io.yaml @@ -0,0 +1,46 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: serviceentries.networking.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.hosts + description: The hosts associated with the ServiceEntry + name: Hosts + type: string + - JSONPath: .spec.location + description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL + or MESH_INTERNAL) + name: Location + type: string + - JSONPath: .spec.resolution + description: Service discovery mode for the hosts (NONE, STATIC, or DNS) + name: Resolution + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: ServiceEntry + listKind: ServiceEntryList + plural: serviceentries + shortNames: + - se + singular: serviceentry + scope: Namespaced + version: v1alpha3 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicerolebindings.rbac.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicerolebindings.rbac.istio.io.yaml new file mode 100644 index 000000000..6228a334b --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicerolebindings.rbac.istio.io.yaml @@ -0,0 +1,36 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: rbac + package: istio.io.mixer + release: istio + name: servicerolebindings.rbac.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.roleRef.name + description: The name of the ServiceRole object being referenced + name: Reference + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: ServiceRoleBinding + plural: servicerolebindings + singular: servicerolebinding + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceroles.rbac.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceroles.rbac.istio.io.yaml new file mode 100644 index 000000000..24d78ee50 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_serviceroles.rbac.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: rbac + package: istio.io.mixer + release: istio + name: serviceroles.rbac.istio.io +spec: + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: ServiceRole + plural: serviceroles + singular: servicerole + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sidecars.networking.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sidecars.networking.istio.io.yaml new file mode 100644 index 000000000..059355b08 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sidecars.networking.istio.io.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: sidecars.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: Sidecar + plural: sidecars + singular: sidecar + scope: Namespaced + version: v1alpha3 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_signalfxs.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_signalfxs.config.istio.io.yaml new file mode 100644 index 000000000..dfe2f4c61 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_signalfxs.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: signalfx + release: istio + name: signalfxs.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: signalfx + plural: signalfxs + singular: signalfx + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_solarwindses.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_solarwindses.config.istio.io.yaml new file mode 100644 index 000000000..6b758b40d --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_solarwindses.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: solarwinds + release: istio + name: solarwindses.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: solarwinds + plural: solarwindses + singular: solarwinds + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_stackdrivers.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_stackdrivers.config.istio.io.yaml new file mode 100644 index 000000000..c3e9b39dc --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_stackdrivers.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: stackdriver + release: istio + name: stackdrivers.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: stackdriver + plural: stackdrivers + singular: stackdriver + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_statsds.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_statsds.config.istio.io.yaml new file mode 100644 index 000000000..7b3da3e06 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_statsds.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: statsd + release: istio + name: statsds.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: statsd + plural: statsds + singular: statsd + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_stdios.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_stdios.config.istio.io.yaml new file mode 100644 index 000000000..1918fa9b1 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_stdios.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-adapter + package: stdio + release: istio + name: stdios.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: stdio + plural: stdios + singular: stdio + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_templates.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_templates.config.istio.io.yaml new file mode 100644 index 000000000..60c365f94 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_templates.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-template + package: template + release: istio + name: templates.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: template + plural: templates + singular: template + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tracespans.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tracespans.config.istio.io.yaml new file mode 100644 index 000000000..677ffc60b --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tracespans.config.istio.io.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: tracespan + release: istio + name: tracespans.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: tracespan + plural: tracespans + singular: tracespan + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_virtualservices.networking.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_virtualservices.networking.istio.io.yaml new file mode 100644 index 000000000..fa7f9a0d8 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_virtualservices.networking.istio.io.yaml @@ -0,0 +1,41 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: virtualservices.networking.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.gateways + description: The names of gateways and sidecars that should apply these routes + name: Gateways + type: string + - JSONPath: .spec.hosts + description: The destination hosts to which traffic is being sent + name: Hosts + type: string + - JSONPath: .metadata.creationTimestamp + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + name: Age + type: date + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: VirtualService + listKind: VirtualServiceList + plural: virtualservices + shortNames: + - vs + singular: virtualservice + scope: Namespaced + version: v1alpha3 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_zipkins.config.istio.io.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_zipkins.config.istio.io.yaml new file mode 100644 index 000000000..cfd1f9115 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_zipkins.config.istio.io.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: mixer + istio: mixer-adapter + package: zipkin + name: zipkins.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: zipkin + plural: zipkins + singular: zipkin + scope: Namespaced + version: v1alpha2 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_grafana.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_grafana.yaml new file mode 100644 index 000000000..b4fba3181 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_grafana.yaml @@ -0,0 +1,152 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + name: grafana + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - env: + - name: GRAFANA_PORT + value: "3000" + - name: GF_AUTH_BASIC_ENABLED + value: "false" + - name: GF_AUTH_ANONYMOUS_ENABLED + value: "true" + - name: GF_AUTH_ANONYMOUS_ORG_ROLE + value: Admin + - name: GF_PATHS_DATA + value: /data/grafana + image: grafana/grafana:6.0.2 + imagePullPolicy: IfNotPresent + name: grafana + ports: + - containerPort: 3000 + readinessProbe: + httpGet: + path: /login + port: 3000 + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /data/grafana + name: data + - mountPath: /var/lib/grafana/dashboards/istio/galley-dashboard.json + name: dashboards-istio-galley-dashboard + readOnly: true + subPath: galley-dashboard.json + - mountPath: /var/lib/grafana/dashboards/istio/istio-mesh-dashboard.json + name: dashboards-istio-istio-mesh-dashboard + readOnly: true + subPath: istio-mesh-dashboard.json + - mountPath: /var/lib/grafana/dashboards/istio/istio-performance-dashboard.json + name: dashboards-istio-istio-performance-dashboard + readOnly: true + subPath: istio-performance-dashboard.json + - mountPath: /var/lib/grafana/dashboards/istio/istio-service-dashboard.json + name: dashboards-istio-istio-service-dashboard + readOnly: true + subPath: istio-service-dashboard.json + - mountPath: /var/lib/grafana/dashboards/istio/istio-workload-dashboard.json + name: dashboards-istio-istio-workload-dashboard + readOnly: true + subPath: istio-workload-dashboard.json + - mountPath: /var/lib/grafana/dashboards/istio/mixer-dashboard.json + name: dashboards-istio-mixer-dashboard + readOnly: true + subPath: mixer-dashboard.json + - mountPath: /var/lib/grafana/dashboards/istio/pilot-dashboard.json + name: dashboards-istio-pilot-dashboard + readOnly: true + subPath: pilot-dashboard.json + - mountPath: /etc/grafana/provisioning/datasources/datasources.yaml + name: config + subPath: datasources.yaml + - mountPath: /etc/grafana/provisioning/dashboards/dashboardproviders.yaml + name: config + subPath: dashboardproviders.yaml + securityContext: + fsGroup: 472 + runAsUser: 472 + volumes: + - configMap: + name: istio-grafana + name: config + - emptyDir: {} + name: data + - configMap: + name: istio-grafana-configuration-dashboards-galley-dashboard + name: dashboards-istio-galley-dashboard + - configMap: + name: istio-grafana-configuration-dashboards-istio-mesh-dashboard + name: dashboards-istio-istio-mesh-dashboard + - configMap: + name: istio-grafana-configuration-dashboards-istio-performance-dashboard + name: dashboards-istio-istio-performance-dashboard + - configMap: + name: istio-grafana-configuration-dashboards-istio-service-dashboard + name: dashboards-istio-istio-service-dashboard + - configMap: + name: istio-grafana-configuration-dashboards-istio-workload-dashboard + name: dashboards-istio-istio-workload-dashboard + - configMap: + name: istio-grafana-configuration-dashboards-mixer-dashboard + name: dashboards-istio-mixer-dashboard + - configMap: + name: istio-grafana-configuration-dashboards-pilot-dashboard + name: dashboards-istio-pilot-dashboard diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-citadel.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-citadel.yaml new file mode 100644 index 000000000..8cf48324f --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-citadel.yaml @@ -0,0 +1,90 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: security + chart: security + heritage: Tiller + istio: citadel + release: istio + name: istio-citadel + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + app: security + chart: security + heritage: Tiller + istio: citadel + release: istio + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: security + chart: security + heritage: Tiller + istio: citadel + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - --append-dns-names=true + - --grpc-port=8060 + - --grpc-hostname=citadel + - --citadel-storage-namespace=istio-system + - --custom-dns-names=istio-pilot-service-account.istio-system:istio-pilot.istio-system + - --monitoring-port=15014 + - --self-signed-ca=true + image: docker.io/istio/citadel:1.1.6 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /version + port: 15014 + initialDelaySeconds: 5 + periodSeconds: 5 + name: citadel + resources: + requests: + cpu: 10m + serviceAccountName: istio-citadel-service-account diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-egressgateway.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-egressgateway.yaml new file mode 100644 index 000000000..82a3fce5a --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-egressgateway.yaml @@ -0,0 +1,171 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: istio-egressgateway + chart: gateways + heritage: Tiller + istio: egressgateway + release: istio + name: istio-egressgateway + namespace: istio-system +spec: + selector: + matchLabels: + app: istio-egressgateway + chart: gateways + heritage: Tiller + istio: egressgateway + release: istio + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: istio-egressgateway + chart: gateways + heritage: Tiller + istio: egressgateway + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --log_output_level=default:info + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --connectTimeout + - 10s + - --serviceCluster + - istio-egressgateway + - --zipkinAddress + - zipkin:9411 + - --proxyAdminPort + - "15000" + - --statusPort + - "15020" + - --controlPlaneAuthPolicy + - NONE + - --discoveryAddress + - istio-pilot:15010 + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: ISTIO_META_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ISTIO_META_CONFIG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ISTIO_META_ROUTER_MODE + value: sni-dnat + image: docker.io/istio/proxyv2:1.1.6 + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 80 + - containerPort: 443 + - containerPort: 15443 + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + readinessProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15020 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 10m + memory: 40Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /etc/istio/egressgateway-certs + name: egressgateway-certs + readOnly: true + - mountPath: /etc/istio/egressgateway-ca-certs + name: egressgateway-ca-certs + readOnly: true + serviceAccountName: istio-egressgateway-service-account + volumes: + - name: istio-certs + secret: + optional: true + secretName: istio.istio-egressgateway-service-account + - name: egressgateway-certs + secret: + optional: true + secretName: istio-egressgateway-certs + - name: egressgateway-ca-certs + secret: + optional: true + secretName: istio-egressgateway-ca-certs diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-galley.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-galley.yaml new file mode 100644 index 000000000..9bdf1a9c2 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-galley.yaml @@ -0,0 +1,133 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: galley + chart: galley + heritage: Tiller + istio: galley + release: istio + name: istio-galley + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + app: galley + chart: galley + heritage: Tiller + istio: galley + release: istio + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: galley + chart: galley + heritage: Tiller + istio: galley + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - command: + - /usr/local/bin/galley + - server + - --meshConfigFile=/etc/mesh-config/mesh + - --livenessProbeInterval=1s + - --livenessProbePath=/healthliveness + - --readinessProbePath=/healthready + - --readinessProbeInterval=1s + - --deployment-namespace=istio-system + - --insecure=true + - --validation-webhook-config-file + - /etc/config/validatingwebhookconfiguration.yaml + - --monitoringPort=15014 + - --log_output_level=default:info + - --enable-validation=true + image: docker.io/istio/galley:1.1.6 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /usr/local/bin/galley + - probe + - --probe-path=/healthliveness + - --interval=10s + initialDelaySeconds: 5 + periodSeconds: 5 + name: galley + ports: + - containerPort: 443 + - containerPort: 15014 + - containerPort: 9901 + readinessProbe: + exec: + command: + - /usr/local/bin/galley + - probe + - --probe-path=/healthready + - --interval=10s + initialDelaySeconds: 5 + periodSeconds: 5 + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/certs + name: certs + readOnly: true + - mountPath: /etc/config + name: config + readOnly: true + - mountPath: /etc/mesh-config + name: mesh-config + readOnly: true + serviceAccountName: istio-galley-service-account + volumes: + - name: certs + secret: + secretName: istio.istio-galley-service-account + - configMap: + name: istio-galley-configuration + name: config + - configMap: + name: istio + name: mesh-config diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-ingressgateway.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-ingressgateway.yaml new file mode 100644 index 000000000..01d4547b3 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-ingressgateway.yaml @@ -0,0 +1,177 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: istio-ingressgateway + chart: gateways + heritage: Tiller + istio: ingressgateway + release: istio + name: istio-ingressgateway + namespace: istio-system +spec: + selector: + matchLabels: + app: istio-ingressgateway + chart: gateways + heritage: Tiller + istio: ingressgateway + release: istio + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: istio-ingressgateway + chart: gateways + heritage: Tiller + istio: ingressgateway + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --log_output_level=default:info + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --connectTimeout + - 10s + - --serviceCluster + - istio-ingressgateway + - --zipkinAddress + - zipkin:9411 + - --proxyAdminPort + - "15000" + - --statusPort + - "15020" + - --controlPlaneAuthPolicy + - NONE + - --discoveryAddress + - istio-pilot:15010 + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: ISTIO_META_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ISTIO_META_CONFIG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ISTIO_META_ROUTER_MODE + value: sni-dnat + image: docker.io/istio/proxyv2:1.1.6 + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 15020 + - containerPort: 80 + - containerPort: 443 + - containerPort: 31400 + - containerPort: 15029 + - containerPort: 15030 + - containerPort: 15031 + - containerPort: 15032 + - containerPort: 15443 + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + readinessProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15020 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 10m + memory: 40Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /etc/istio/ingressgateway-certs + name: ingressgateway-certs + readOnly: true + - mountPath: /etc/istio/ingressgateway-ca-certs + name: ingressgateway-ca-certs + readOnly: true + serviceAccountName: istio-ingressgateway-service-account + volumes: + - name: istio-certs + secret: + optional: true + secretName: istio.istio-ingressgateway-service-account + - name: ingressgateway-certs + secret: + optional: true + secretName: istio-ingressgateway-certs + - name: ingressgateway-ca-certs + secret: + optional: true + secretName: istio-ingressgateway-ca-certs diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-pilot.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-pilot.yaml new file mode 100644 index 000000000..3eaa8c426 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-pilot.yaml @@ -0,0 +1,175 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + checksum/config-volume: f8da08b6b8c170dde721efd680270b2901e750d4aa186ebb6c22bef5b78a43f9 + labels: + app: pilot + chart: pilot + heritage: Tiller + istio: pilot + release: istio + name: istio-pilot + namespace: istio-system +spec: + selector: + matchLabels: + istio: pilot + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: pilot + chart: pilot + heritage: Tiller + istio: pilot + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - discovery + - --monitoringAddr=:15014 + - --log_output_level=default:info + - --domain + - cluster.local + - --secureGrpcAddr + - "" + - --keepaliveMaxServerConnectionAge + - 30m + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: GODEBUG + value: gctrace=1 + - name: PILOT_PUSH_THROTTLE + value: "100" + - name: PILOT_TRACE_SAMPLING + value: "100" + - name: PILOT_DISABLE_XDS_MARSHALING_TO_ANY + value: "1" + image: docker.io/istio/pilot:1.1.6 + imagePullPolicy: IfNotPresent + name: discovery + ports: + - containerPort: 8080 + - containerPort: 15010 + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 5 + resources: + limits: + cpu: 100m + memory: 200Mi + requests: + cpu: 10m + memory: 100Mi + volumeMounts: + - mountPath: /etc/istio/config + name: config-volume + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - args: + - proxy + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --serviceCluster + - istio-pilot + - --templateFile + - /etc/istio/proxy/envoy_pilot.yaml.tmpl + - --controlPlaneAuthPolicy + - NONE + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: docker.io/istio/proxyv2:1.1.6 + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 15003 + - containerPort: 15005 + - containerPort: 15007 + - containerPort: 15011 + resources: + limits: + cpu: 2000m + memory: 128Mi + requests: + cpu: 10m + memory: 40Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + serviceAccountName: istio-pilot-service-account + volumes: + - configMap: + name: istio + name: config-volume + - name: istio-certs + secret: + optional: true + secretName: istio.istio-pilot-service-account diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-policy.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-policy.yaml new file mode 100644 index 000000000..204884f48 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-policy.yaml @@ -0,0 +1,168 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: istio-mixer + chart: mixer + heritage: Tiller + istio: mixer + release: istio + name: istio-policy + namespace: istio-system +spec: + selector: + matchLabels: + istio: mixer + istio-mixer-type: policy + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: policy + chart: mixer + heritage: Tiller + istio: mixer + istio-mixer-type: policy + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - --monitoringPort=15014 + - --address + - unix:///sock/mixer.socket + - --log_output_level=default:info + - --configStoreURL=mcp://istio-galley.istio-system.svc:9901 + - --configDefaultNamespace=istio-system + - --useAdapterCRDs=true + - --trace_zipkin_url=http://zipkin:9411/api/v1/spans + env: + - name: GODEBUG + value: gctrace=1 + - name: GOMAXPROCS + value: "6" + image: docker.io/istio/mixer:1.1.6 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /version + port: 15014 + initialDelaySeconds: 5 + periodSeconds: 5 + name: mixer + ports: + - containerPort: 15014 + - containerPort: 42422 + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 100Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /sock + name: uds-socket + - args: + - proxy + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --serviceCluster + - istio-policy + - --templateFile + - /etc/istio/proxy/envoy_policy.yaml.tmpl + - --controlPlaneAuthPolicy + - NONE + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: docker.io/istio/proxyv2:1.1.6 + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 9091 + - containerPort: 15004 + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + resources: + limits: + cpu: 2000m + memory: 128Mi + requests: + cpu: 10m + memory: 40Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /sock + name: uds-socket + - mountPath: /var/run/secrets/istio.io/policy/adapter + name: policy-adapter-secret + readOnly: true + serviceAccountName: istio-mixer-service-account + volumes: + - name: istio-certs + secret: + optional: true + secretName: istio.istio-mixer-service-account + - emptyDir: {} + name: uds-socket + - name: policy-adapter-secret + secret: + optional: true + secretName: policy-adapter-secret diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-sidecar-injector.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-sidecar-injector.yaml new file mode 100644 index 000000000..a7d7af79d --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-sidecar-injector.yaml @@ -0,0 +1,125 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: sidecarInjectorWebhook + chart: sidecarInjectorWebhook + heritage: Tiller + istio: sidecar-injector + release: istio + name: istio-sidecar-injector + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + app: sidecarInjectorWebhook + chart: sidecarInjectorWebhook + heritage: Tiller + istio: sidecar-injector + release: istio + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: sidecarInjectorWebhook + chart: sidecarInjectorWebhook + heritage: Tiller + istio: sidecar-injector + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - --caCertFile=/etc/istio/certs/root-cert.pem + - --tlsCertFile=/etc/istio/certs/cert-chain.pem + - --tlsKeyFile=/etc/istio/certs/key.pem + - --injectConfig=/etc/istio/inject/config + - --meshConfig=/etc/istio/config/mesh + - --healthCheckInterval=2s + - --healthCheckFile=/health + image: docker.io/istio/sidecar_injector:1.1.6 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /usr/local/bin/sidecar-injector + - probe + - --probe-path=/health + - --interval=4s + initialDelaySeconds: 4 + periodSeconds: 4 + name: sidecar-injector-webhook + readinessProbe: + exec: + command: + - /usr/local/bin/sidecar-injector + - probe + - --probe-path=/health + - --interval=4s + initialDelaySeconds: 4 + periodSeconds: 4 + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/istio/config + name: config-volume + readOnly: true + - mountPath: /etc/istio/certs + name: certs + readOnly: true + - mountPath: /etc/istio/inject + name: inject-config + readOnly: true + serviceAccountName: istio-sidecar-injector-service-account + volumes: + - configMap: + name: istio + name: config-volume + - name: certs + secret: + secretName: istio.istio-sidecar-injector-service-account + - configMap: + items: + - key: config + path: config + name: istio-sidecar-injector + name: inject-config diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-telemetry.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-telemetry.yaml new file mode 100644 index 000000000..e848f4ba9 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-telemetry.yaml @@ -0,0 +1,172 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: istio-mixer + chart: mixer + heritage: Tiller + istio: mixer + release: istio + name: istio-telemetry + namespace: istio-system +spec: + selector: + matchLabels: + istio: mixer + istio-mixer-type: telemetry + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: telemetry + chart: mixer + heritage: Tiller + istio: mixer + istio-mixer-type: telemetry + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - --monitoringPort=15014 + - --address + - unix:///sock/mixer.socket + - --log_output_level=default:info + - --configStoreURL=mcp://istio-galley.istio-system.svc:9901 + - --configDefaultNamespace=istio-system + - --useAdapterCRDs=true + - --trace_zipkin_url=http://zipkin:9411/api/v1/spans + - --averageLatencyThreshold + - 100ms + - --loadsheddingMode + - enforce + env: + - name: GODEBUG + value: gctrace=1 + - name: GOMAXPROCS + value: "6" + image: docker.io/istio/mixer:1.1.6 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /version + port: 15014 + initialDelaySeconds: 5 + periodSeconds: 5 + name: mixer + ports: + - containerPort: 15014 + - containerPort: 42422 + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 50m + memory: 100Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /var/run/secrets/istio.io/telemetry/adapter + name: telemetry-adapter-secret + readOnly: true + - mountPath: /sock + name: uds-socket + - args: + - proxy + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --serviceCluster + - istio-telemetry + - --templateFile + - /etc/istio/proxy/envoy_telemetry.yaml.tmpl + - --controlPlaneAuthPolicy + - NONE + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: docker.io/istio/proxyv2:1.1.6 + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 9091 + - containerPort: 15004 + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + resources: + limits: + cpu: 2000m + memory: 128Mi + requests: + cpu: 10m + memory: 40Mi + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /sock + name: uds-socket + serviceAccountName: istio-mixer-service-account + volumes: + - name: istio-certs + secret: + optional: true + secretName: istio.istio-mixer-service-account + - emptyDir: {} + name: uds-socket + - name: telemetry-adapter-secret + secret: + optional: true + secretName: telemetry-adapter-secret diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-tracing.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-tracing.yaml new file mode 100644 index 000000000..a67c51e98 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_istio-tracing.yaml @@ -0,0 +1,99 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: jaeger + chart: tracing + heritage: Tiller + release: istio + name: istio-tracing + namespace: istio-system +spec: + selector: + matchLabels: + app: jaeger + chart: tracing + heritage: Tiller + release: istio + template: + metadata: + annotations: + prometheus.io/path: /jaeger/metrics + prometheus.io/port: "16686" + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + labels: + app: jaeger + chart: tracing + heritage: Tiller + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "50000" + - name: QUERY_BASE_PATH + value: /jaeger + image: docker.io/jaegertracing/all-in-one:1.9 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: / + port: 16686 + name: jaeger + ports: + - containerPort: 9411 + - containerPort: 16686 + - containerPort: 5775 + protocol: UDP + - containerPort: 6831 + protocol: UDP + - containerPort: 6832 + protocol: UDP + readinessProbe: + httpGet: + path: / + port: 16686 + resources: + requests: + cpu: 10m diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_kiali.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_kiali.yaml new file mode 100644 index 000000000..6bbccb9b2 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_kiali.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: kiali + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + app: kiali + template: + metadata: + annotations: + prometheus.io/port: "9090" + prometheus.io/scrape: "true" + scheduler.alpha.kubernetes.io/critical-pod: "" + sidecar.istio.io/inject: "false" + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: kiali + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - command: + - /opt/kiali/kiali + - -config + - /kiali-configuration/config.yaml + - -v + - "4" + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PROMETHEUS_SERVICE_URL + value: http://prometheus:9090 + - name: SERVER_WEB_ROOT + value: /kiali + image: docker.io/kiali/kiali:v0.16 + name: kiali + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /kiali-configuration + name: kiali-configuration + - mountPath: /kiali-secret + name: kiali-secret + serviceAccountName: kiali-service-account + volumes: + - configMap: + name: kiali + name: kiali-configuration + - name: kiali-secret + secret: + optional: true + secretName: kiali diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_prometheus.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_prometheus.yaml new file mode 100644 index 000000000..613cd2fe1 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/apps_v1_deployment_prometheus.yaml @@ -0,0 +1,93 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: prometheus + chart: prometheus + heritage: Tiller + release: istio + name: prometheus + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + app: prometheus + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: prometheus + chart: prometheus + heritage: Tiller + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - --storage.tsdb.retention=6h + - --config.file=/etc/prometheus/prometheus.yml + image: docker.io/prom/prometheus:v2.3.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /-/healthy + port: 9090 + name: prometheus + ports: + - containerPort: 9090 + name: http + readinessProbe: + httpGet: + path: /-/ready + port: 9090 + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/prometheus + name: config-volume + - mountPath: /etc/istio-certs + name: istio-certs + serviceAccountName: prometheus + volumes: + - configMap: + name: prometheus + name: config-volume + - name: istio-certs + secret: + defaultMode: 420 + secretName: istio.default diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-egressgateway.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-egressgateway.yaml new file mode 100644 index 000000000..cdbeef32e --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-egressgateway.yaml @@ -0,0 +1,22 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: egressgateway + chart: gateways + heritage: Tiller + release: istio + name: istio-egressgateway + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-egressgateway diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-ingressgateway.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-ingressgateway.yaml new file mode 100644 index 000000000..c5a6bdd2d --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-ingressgateway.yaml @@ -0,0 +1,22 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: ingressgateway + chart: gateways + heritage: Tiller + release: istio + name: istio-ingressgateway + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-ingressgateway diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-pilot.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-pilot.yaml new file mode 100644 index 000000000..1c3bd0a78 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-pilot.yaml @@ -0,0 +1,22 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: pilot + chart: pilot + heritage: Tiller + release: istio + name: istio-pilot + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-pilot diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-policy.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-policy.yaml new file mode 100644 index 000000000..f33a22eec --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-policy.yaml @@ -0,0 +1,22 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: istio-policy + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-policy diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-telemetry.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-telemetry.yaml new file mode 100644 index 000000000..8fc6b67d6 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/autoscaling_v2beta1_horizontalpodautoscaler_istio-telemetry.yaml @@ -0,0 +1,22 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: istio-telemetry + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-telemetry diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/batch_v1_job_istio-cleanup-secrets-1.1.6.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/batch_v1_job_istio-cleanup-secrets-1.1.6.yaml new file mode 100644 index 000000000..e3cf64d5b --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/batch_v1_job_istio-cleanup-secrets-1.1.6.yaml @@ -0,0 +1,72 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + helm.sh/hook: post-delete + helm.sh/hook-delete-policy: hook-succeeded + helm.sh/hook-weight: "3" + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-cleanup-secrets-1.1.6 + namespace: istio-system +spec: + template: + metadata: + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-cleanup-secrets + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - command: + - /bin/bash + - -c + - | + kubectl get secret --all-namespaces | grep "istio.io/key-and-cert" | while read -r entry; do + ns=$(echo $entry | awk '{print $1}'); + name=$(echo $entry | awk '{print $2}'); + kubectl delete secret $name -n $ns; + done + image: docker.io/istio/kubectl:1.1.6 + imagePullPolicy: IfNotPresent + name: kubectl + restartPolicy: OnFailure + serviceAccountName: istio-cleanup-secrets-service-account diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/batch_v1_job_istio-grafana-post-install-1.1.6.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/batch_v1_job_istio-grafana-post-install-1.1.6.yaml new file mode 100644 index 000000000..79d95f825 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/batch_v1_job_istio-grafana-post-install-1.1.6.yaml @@ -0,0 +1,72 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + helm.sh/hook: post-install + helm.sh/hook-delete-policy: hook-succeeded + labels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + name: istio-grafana-post-install-1.1.6 + namespace: istio-system +spec: + template: + metadata: + labels: + app: istio-grafana + chart: grafana + heritage: Tiller + release: istio + name: istio-grafana-post-install + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - command: + - /bin/bash + - /tmp/grafana/run.sh + - /tmp/grafana/custom-resources.yaml + image: docker.io/istio/kubectl:1.1.6 + name: kubectl + volumeMounts: + - mountPath: /tmp/grafana + name: tmp-configmap-grafana + restartPolicy: OnFailure + serviceAccountName: istio-grafana-post-install-account + volumes: + - configMap: + name: istio-grafana-custom-resources + name: tmp-configmap-grafana diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/batch_v1_job_istio-security-post-install-1.1.6.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/batch_v1_job_istio-security-post-install-1.1.6.yaml new file mode 100644 index 000000000..f907dee1a --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/batch_v1_job_istio-security-post-install-1.1.6.yaml @@ -0,0 +1,73 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + helm.sh/hook: post-install + helm.sh/hook-delete-policy: hook-succeeded + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-security-post-install-1.1.6 + namespace: istio-system +spec: + template: + metadata: + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-security-post-install + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - command: + - /bin/bash + - /tmp/security/run.sh + - /tmp/security/custom-resources.yaml + image: docker.io/istio/kubectl:1.1.6 + imagePullPolicy: IfNotPresent + name: kubectl + volumeMounts: + - mountPath: /tmp/security + name: tmp-configmap-security + restartPolicy: OnFailure + serviceAccountName: istio-security-post-install-account + volumes: + - configMap: + name: istio-security-custom-resources + name: tmp-configmap-security diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_istioproxy.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_istioproxy.yaml new file mode 100644 index 000000000..d475e6bc5 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_istioproxy.yaml @@ -0,0 +1,138 @@ +apiVersion: config.istio.io/v1alpha2 +kind: attributemanifest +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: istioproxy + namespace: istio-system +spec: + attributes: + api.operation: + valueType: STRING + api.protocol: + valueType: STRING + api.service: + valueType: STRING + api.version: + valueType: STRING + check.cache_hit: + valueType: BOOL + check.error_code: + valueType: INT64 + check.error_message: + valueType: STRING + connection.duration: + valueType: DURATION + connection.event: + valueType: STRING + connection.id: + valueType: STRING + connection.mtls: + valueType: BOOL + connection.received.bytes: + valueType: INT64 + connection.received.bytes_total: + valueType: INT64 + connection.requested_server_name: + valueType: STRING + connection.sent.bytes: + valueType: INT64 + connection.sent.bytes_total: + valueType: INT64 + context.protocol: + valueType: STRING + context.proxy_error_code: + valueType: STRING + context.reporter.kind: + valueType: STRING + context.reporter.local: + valueType: BOOL + context.reporter.uid: + valueType: STRING + context.time: + valueType: TIMESTAMP + context.timestamp: + valueType: TIMESTAMP + destination.port: + valueType: INT64 + destination.principal: + valueType: STRING + destination.uid: + valueType: STRING + origin.ip: + valueType: IP_ADDRESS + origin.uid: + valueType: STRING + origin.user: + valueType: STRING + quota.cache_hit: + valueType: BOOL + rbac.permissive.effective_policy_id: + valueType: STRING + rbac.permissive.response_code: + valueType: STRING + request.api_key: + valueType: STRING + request.auth.audiences: + valueType: STRING + request.auth.claims: + valueType: STRING_MAP + request.auth.presenter: + valueType: STRING + request.auth.principal: + valueType: STRING + request.auth.raw_claims: + valueType: STRING + request.headers: + valueType: STRING_MAP + request.host: + valueType: STRING + request.id: + valueType: STRING + request.method: + valueType: STRING + request.path: + valueType: STRING + request.query_params: + valueType: STRING_MAP + request.reason: + valueType: STRING + request.referer: + valueType: STRING + request.scheme: + valueType: STRING + request.size: + valueType: INT64 + request.time: + valueType: TIMESTAMP + request.total_size: + valueType: INT64 + request.url_path: + valueType: STRING + request.useragent: + valueType: STRING + response.code: + valueType: INT64 + response.duration: + valueType: DURATION + response.grpc_message: + valueType: STRING + response.grpc_status: + valueType: STRING + response.headers: + valueType: STRING_MAP + response.size: + valueType: INT64 + response.time: + valueType: TIMESTAMP + response.total_size: + valueType: INT64 + source.principal: + valueType: STRING + source.uid: + valueType: STRING + source.user: + valueType: STRING diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_kubernetes.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_kubernetes.yaml new file mode 100644 index 000000000..6b39cc034 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_attributemanifest_kubernetes.yaml @@ -0,0 +1,64 @@ +apiVersion: config.istio.io/v1alpha2 +kind: attributemanifest +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: kubernetes + namespace: istio-system +spec: + attributes: + destination.container.name: + valueType: STRING + destination.ip: + valueType: IP_ADDRESS + destination.labels: + valueType: STRING_MAP + destination.metadata: + valueType: STRING_MAP + destination.name: + valueType: STRING + destination.namespace: + valueType: STRING + destination.owner: + valueType: STRING + destination.service.host: + valueType: STRING + destination.service.name: + valueType: STRING + destination.service.namespace: + valueType: STRING + destination.service.uid: + valueType: STRING + destination.serviceAccount: + valueType: STRING + destination.workload.name: + valueType: STRING + destination.workload.namespace: + valueType: STRING + destination.workload.uid: + valueType: STRING + source.ip: + valueType: IP_ADDRESS + source.labels: + valueType: STRING_MAP + source.metadata: + valueType: STRING_MAP + source.name: + valueType: STRING + source.namespace: + valueType: STRING + source.owner: + valueType: STRING + source.serviceAccount: + valueType: STRING + source.services: + valueType: STRING + source.workload.name: + valueType: STRING + source.workload.namespace: + valueType: STRING + source.workload.uid: + valueType: STRING diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_kubernetesenv.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_kubernetesenv.yaml new file mode 100644 index 000000000..41928afff --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_kubernetesenv.yaml @@ -0,0 +1,13 @@ +apiVersion: config.istio.io/v1alpha2 +kind: handler +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: kubernetesenv + namespace: istio-system +spec: + compiledAdapter: kubernetesenv + params: null diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_prometheus.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_prometheus.yaml new file mode 100644 index 000000000..7558b9922 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_prometheus.yaml @@ -0,0 +1,216 @@ +apiVersion: config.istio.io/v1alpha2 +kind: handler +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: prometheus + namespace: istio-system +spec: + compiledAdapter: prometheus + params: + metrics: + - instance_name: requestcount.metric.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - request_protocol + - response_code + - response_flags + - permissive_response_code + - permissive_response_policyid + - connection_security_policy + name: requests_total + - buckets: + explicit_buckets: + bounds: + - 0.005 + - 0.01 + - 0.025 + - 0.05 + - 0.1 + - 0.25 + - 0.5 + - 1 + - 2.5 + - 5 + - 10 + instance_name: requestduration.metric.istio-system + kind: DISTRIBUTION + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - request_protocol + - response_code + - response_flags + - permissive_response_code + - permissive_response_policyid + - connection_security_policy + name: request_duration_seconds + - buckets: + exponentialBuckets: + growthFactor: 10 + numFiniteBuckets: 8 + scale: 1 + instance_name: requestsize.metric.istio-system + kind: DISTRIBUTION + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - request_protocol + - response_code + - response_flags + - permissive_response_code + - permissive_response_policyid + - connection_security_policy + name: request_bytes + - buckets: + exponentialBuckets: + growthFactor: 10 + numFiniteBuckets: 8 + scale: 1 + instance_name: responsesize.metric.istio-system + kind: DISTRIBUTION + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - request_protocol + - response_code + - response_flags + - permissive_response_code + - permissive_response_policyid + - connection_security_policy + name: response_bytes + - instance_name: tcpbytesent.metric.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - connection_security_policy + - response_flags + name: tcp_sent_bytes_total + - instance_name: tcpbytereceived.metric.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - connection_security_policy + - response_flags + name: tcp_received_bytes_total + - instance_name: tcpconnectionsopened.metric.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - connection_security_policy + - response_flags + name: tcp_connections_opened_total + - instance_name: tcpconnectionsclosed.metric.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - connection_security_policy + - response_flags + name: tcp_connections_closed_total + metricsExpirationPolicy: + metricsExpiryDuration: 10m diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_stdio.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_stdio.yaml new file mode 100644 index 000000000..2baf4e909 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_handler_stdio.yaml @@ -0,0 +1,14 @@ +apiVersion: config.istio.io/v1alpha2 +kind: handler +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: stdio + namespace: istio-system +spec: + compiledAdapter: stdio + params: + outputAsJson: true diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_kubernetes_attributes.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_kubernetes_attributes.yaml new file mode 100644 index 000000000..1e6657678 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_kubernetes_attributes.yaml @@ -0,0 +1,37 @@ +apiVersion: config.istio.io/v1alpha2 +kind: kubernetes +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: attributes + namespace: istio-system +spec: + attribute_bindings: + destination.container.name: $out.destination_container_name | "unknown" + destination.ip: $out.destination_pod_ip | ip("0.0.0.0") + destination.labels: $out.destination_labels | emptyStringMap() + destination.name: $out.destination_pod_name | "unknown" + destination.namespace: $out.destination_namespace | "default" + destination.owner: $out.destination_owner | "unknown" + destination.serviceAccount: $out.destination_service_account_name | "unknown" + destination.uid: $out.destination_pod_uid | "unknown" + destination.workload.name: $out.destination_workload_name | "unknown" + destination.workload.namespace: $out.destination_workload_namespace | "unknown" + destination.workload.uid: $out.destination_workload_uid | "unknown" + source.ip: $out.source_pod_ip | ip("0.0.0.0") + source.labels: $out.source_labels | emptyStringMap() + source.name: $out.source_pod_name | "unknown" + source.namespace: $out.source_namespace | "default" + source.owner: $out.source_owner | "unknown" + source.serviceAccount: $out.source_service_account_name | "unknown" + source.uid: $out.source_pod_uid | "unknown" + source.workload.name: $out.source_workload_name | "unknown" + source.workload.namespace: $out.source_workload_namespace | "unknown" + source.workload.uid: $out.source_workload_uid | "unknown" + destination_port: destination.port | 0 + destination_uid: destination.uid | "" + source_ip: source.ip | ip("0.0.0.0") + source_uid: source.uid | "" diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_logentry_accesslog.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_logentry_accesslog.yaml new file mode 100644 index 000000000..c4098d4e1 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_logentry_accesslog.yaml @@ -0,0 +1,58 @@ +apiVersion: config.istio.io/v1alpha2 +kind: logentry +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: accesslog + namespace: istio-system +spec: + monitored_resource_type: '"global"' + severity: '"Info"' + timestamp: request.time + variables: + apiClaims: request.auth.raw_claims | "" + apiKey: request.api_key | request.headers["x-api-key"] | "" + clientTraceId: request.headers["x-client-trace-id"] | "" + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destinationApp: destination.labels["app"] | "" + destinationIp: destination.ip | ip("0.0.0.0") + destinationName: destination.name | "" + destinationNamespace: destination.namespace | "" + destinationOwner: destination.owner | "" + destinationPrincipal: destination.principal | "" + destinationServiceHost: destination.service.host | "" + destinationWorkload: destination.workload.name | "" + grpcMessage: response.grpc_message | "" + grpcStatus: response.grpc_status | "" + httpAuthority: request.headers[":authority"] | request.host | "" + latency: response.duration | "0ms" + method: request.method | "" + permissiveResponseCode: rbac.permissive.response_code | "none" + permissiveResponsePolicyID: rbac.permissive.effective_policy_id | "none" + protocol: request.scheme | context.protocol | "http" + receivedBytes: request.total_size | 0 + referer: request.referer | "" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + requestId: request.headers["x-request-id"] | "" + requestSize: request.size | 0 + requestedServerName: connection.requested_server_name | "" + responseCode: response.code | 0 + responseFlags: context.proxy_error_code | "" + responseSize: response.size | 0 + responseTimestamp: response.time + sentBytes: response.total_size | 0 + sourceApp: source.labels["app"] | "" + sourceIp: source.ip | ip("0.0.0.0") + sourceName: source.name | "" + sourceNamespace: source.namespace | "" + sourceOwner: source.owner | "" + sourcePrincipal: source.principal | "" + sourceWorkload: source.workload.name | "" + url: request.path | "" + userAgent: request.useragent | "" + xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0" diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_logentry_tcpaccesslog.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_logentry_tcpaccesslog.yaml new file mode 100644 index 000000000..797b01697 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_logentry_tcpaccesslog.yaml @@ -0,0 +1,43 @@ +apiVersion: config.istio.io/v1alpha2 +kind: logentry +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: tcpaccesslog + namespace: istio-system +spec: + monitored_resource_type: '"global"' + severity: '"Info"' + timestamp: context.time | timestamp("2017-01-01T00:00:00Z") + variables: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + connectionDuration: connection.duration | "0ms" + connectionEvent: connection.event | "" + destinationApp: destination.labels["app"] | "" + destinationIp: destination.ip | ip("0.0.0.0") + destinationName: destination.name | "" + destinationNamespace: destination.namespace | "" + destinationOwner: destination.owner | "" + destinationPrincipal: destination.principal | "" + destinationServiceHost: destination.service.host | "" + destinationWorkload: destination.workload.name | "" + protocol: context.protocol | "tcp" + receivedBytes: connection.received.bytes | 0 + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + requestedServerName: connection.requested_server_name | "" + responseFlags: context.proxy_error_code | "" + sentBytes: connection.sent.bytes | 0 + sourceApp: source.labels["app"] | "" + sourceIp: source.ip | ip("0.0.0.0") + sourceName: source.name | "" + sourceNamespace: source.namespace | "" + sourceOwner: source.owner | "" + sourcePrincipal: source.principal | "" + sourceWorkload: source.workload.name | "" + totalReceivedBytes: connection.received.bytes_total | 0 + totalSentBytes: connection.sent.bytes_total | 0 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestcount.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestcount.yaml new file mode 100644 index 000000000..5aa199b23 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestcount.yaml @@ -0,0 +1,36 @@ +apiVersion: config.istio.io/v1alpha2 +kind: metric +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: requestcount + namespace: istio-system +spec: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + permissive_response_code: rbac.permissive.response_code | "none" + permissive_response_policyid: rbac.permissive.effective_policy_id | "none" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + request_protocol: api.protocol | context.protocol | "unknown" + response_code: response.code | 200 + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: "1" diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestduration.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestduration.yaml new file mode 100644 index 000000000..914e4d4b5 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestduration.yaml @@ -0,0 +1,36 @@ +apiVersion: config.istio.io/v1alpha2 +kind: metric +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: requestduration + namespace: istio-system +spec: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + permissive_response_code: rbac.permissive.response_code | "none" + permissive_response_policyid: rbac.permissive.effective_policy_id | "none" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + request_protocol: api.protocol | context.protocol | "unknown" + response_code: response.code | 200 + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: response.duration | "0ms" diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestsize.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestsize.yaml new file mode 100644 index 000000000..155343600 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_requestsize.yaml @@ -0,0 +1,36 @@ +apiVersion: config.istio.io/v1alpha2 +kind: metric +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: requestsize + namespace: istio-system +spec: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + permissive_response_code: rbac.permissive.response_code | "none" + permissive_response_policyid: rbac.permissive.effective_policy_id | "none" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + request_protocol: api.protocol | context.protocol | "unknown" + response_code: response.code | 200 + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: request.size | 0 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_responsesize.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_responsesize.yaml new file mode 100644 index 000000000..d3aafb93c --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_responsesize.yaml @@ -0,0 +1,36 @@ +apiVersion: config.istio.io/v1alpha2 +kind: metric +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: responsesize + namespace: istio-system +spec: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + permissive_response_code: rbac.permissive.response_code | "none" + permissive_response_policyid: rbac.permissive.effective_policy_id | "none" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + request_protocol: api.protocol | context.protocol | "unknown" + response_code: response.code | 200 + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: response.size | 0 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpbytereceived.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpbytereceived.yaml new file mode 100644 index 000000000..33e8f468b --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpbytereceived.yaml @@ -0,0 +1,32 @@ +apiVersion: config.istio.io/v1alpha2 +kind: metric +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: tcpbytereceived + namespace: istio-system +spec: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: connection.received.bytes | 0 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpbytesent.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpbytesent.yaml new file mode 100644 index 000000000..39df34138 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpbytesent.yaml @@ -0,0 +1,32 @@ +apiVersion: config.istio.io/v1alpha2 +kind: metric +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: tcpbytesent + namespace: istio-system +spec: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: connection.sent.bytes | 0 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpconnectionsclosed.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpconnectionsclosed.yaml new file mode 100644 index 000000000..f2b80ce1d --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpconnectionsclosed.yaml @@ -0,0 +1,32 @@ +apiVersion: config.istio.io/v1alpha2 +kind: metric +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: tcpconnectionsclosed + namespace: istio-system +spec: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.name | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: "1" diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpconnectionsopened.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpconnectionsopened.yaml new file mode 100644 index 000000000..68dbbf0c9 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_metric_tcpconnectionsopened.yaml @@ -0,0 +1,32 @@ +apiVersion: config.istio.io/v1alpha2 +kind: metric +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: tcpconnectionsopened + namespace: istio-system +spec: + dimensions: + connection_security_policy: conditional((context.reporter.kind | "inbound") == + "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + destination_app: destination.labels["app"] | "unknown" + destination_principal: destination.principal | "unknown" + destination_service: destination.service.name | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", + "destination") + response_flags: context.proxy_error_code | "-" + source_app: source.labels["app"] | "unknown" + source_principal: source.principal | "unknown" + source_version: source.labels["version"] | "unknown" + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + monitored_resource_type: '"UNSPECIFIED"' + value: "1" diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_kubeattrgenrulerule.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_kubeattrgenrulerule.yaml new file mode 100644 index 000000000..16f89c981 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_kubeattrgenrulerule.yaml @@ -0,0 +1,15 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: kubeattrgenrulerule + namespace: istio-system +spec: + actions: + - handler: kubernetesenv + instances: + - attributes.kubernetes diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promhttp.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promhttp.yaml new file mode 100644 index 000000000..6ba4b19ca --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promhttp.yaml @@ -0,0 +1,20 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: promhttp + namespace: istio-system +spec: + actions: + - handler: prometheus + instances: + - requestcount.metric + - requestduration.metric + - requestsize.metric + - responsesize.metric + match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent + | "-"), "kube-probe*") == false) diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcp.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcp.yaml new file mode 100644 index 000000000..74466f18b --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcp.yaml @@ -0,0 +1,17 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: promtcp + namespace: istio-system +spec: + actions: + - handler: prometheus + instances: + - tcpbytesent.metric + - tcpbytereceived.metric + match: context.protocol == "tcp" diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionclosed.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionclosed.yaml new file mode 100644 index 000000000..4414aa902 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionclosed.yaml @@ -0,0 +1,16 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: promtcpconnectionclosed + namespace: istio-system +spec: + actions: + - handler: prometheus + instances: + - tcpconnectionsclosed.metric + match: context.protocol == "tcp" && ((connection.event | "na") == "close") diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionopen.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionopen.yaml new file mode 100644 index 000000000..5d119b596 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_promtcpconnectionopen.yaml @@ -0,0 +1,16 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: promtcpconnectionopen + namespace: istio-system +spec: + actions: + - handler: prometheus + instances: + - tcpconnectionsopened.metric + match: context.protocol == "tcp" && ((connection.event | "na") == "open") diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_stdio.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_stdio.yaml new file mode 100644 index 000000000..2d272125d --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_stdio.yaml @@ -0,0 +1,16 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: stdio + namespace: istio-system +spec: + actions: + - handler: stdio + instances: + - accesslog.logentry + match: context.protocol == "http" || context.protocol == "grpc" diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_stdiotcp.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_stdiotcp.yaml new file mode 100644 index 000000000..339c38a2b --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_stdiotcp.yaml @@ -0,0 +1,16 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: stdiotcp + namespace: istio-system +spec: + actions: + - handler: stdio + instances: + - tcpaccesslog.logentry + match: context.protocol == "tcp" diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_tcpkubeattrgenrulerule.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_tcpkubeattrgenrulerule.yaml new file mode 100644 index 000000000..7e713777c --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/config.istio.io_v1alpha2_rule_tcpkubeattrgenrulerule.yaml @@ -0,0 +1,16 @@ +apiVersion: config.istio.io/v1alpha2 +kind: rule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: tcpkubeattrgenrulerule + namespace: istio-system +spec: + actions: + - handler: kubernetesenv + instances: + - attributes.kubernetes + match: context.protocol == "tcp" diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-policy.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-policy.yaml new file mode 100644 index 000000000..4bc62dd7f --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-policy.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: istio-policy + namespace: istio-system +spec: + host: istio-policy.istio-system.svc.cluster.local + trafficPolicy: + connectionPool: + http: + http2MaxRequests: 10000 + maxRequestsPerConnection: 10000 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-telemetry.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-telemetry.yaml new file mode 100644 index 000000000..97db246c8 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/networking.istio.io_v1alpha3_destinationrule_istio-telemetry.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: istio-telemetry + namespace: istio-system +spec: + host: istio-telemetry.istio-system.svc.cluster.local + trafficPolicy: + connectionPool: + http: + http2MaxRequests: 10000 + maxRequestsPerConnection: 10000 diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-egressgateway.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-egressgateway.yaml new file mode 100644 index 000000000..a1c5f6ab1 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-egressgateway.yaml @@ -0,0 +1,18 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: istio-egressgateway + chart: gateways + heritage: Tiller + istio: egressgateway + release: istio + name: istio-egressgateway + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: istio-egressgateway + istio: egressgateway + release: istio diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-galley.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-galley.yaml new file mode 100644 index 000000000..9a384b903 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-galley.yaml @@ -0,0 +1,18 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: galley + chart: galley + heritage: Tiller + istio: galley + release: istio + name: istio-galley + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: galley + istio: galley + release: istio diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-ingressgateway.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-ingressgateway.yaml new file mode 100644 index 000000000..579d4ec2e --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-ingressgateway.yaml @@ -0,0 +1,18 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: istio-ingressgateway + chart: gateways + heritage: Tiller + istio: ingressgateway + release: istio + name: istio-ingressgateway + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: istio-ingressgateway + istio: ingressgateway + release: istio diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-pilot.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-pilot.yaml new file mode 100644 index 000000000..73bd8933a --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-pilot.yaml @@ -0,0 +1,18 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: pilot + chart: pilot + heritage: Tiller + istio: pilot + release: istio + name: istio-pilot + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: pilot + istio: pilot + release: istio diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-policy.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-policy.yaml new file mode 100644 index 000000000..5ac4f6464 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-policy.yaml @@ -0,0 +1,21 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: policy + chart: mixer + heritage: Tiller + istio: mixer + istio-mixer-type: policy + release: istio + version: 1.1.0 + name: istio-policy + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: policy + istio: mixer + istio-mixer-type: policy + release: istio diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-telemetry.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-telemetry.yaml new file mode 100644 index 000000000..ee5c3a1de --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/policy_v1beta1_poddisruptionbudget_istio-telemetry.yaml @@ -0,0 +1,21 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: telemetry + chart: mixer + heritage: Tiller + istio: mixer + istio-mixer-type: telemetry + release: istio + version: 1.1.0 + name: istio-telemetry + namespace: istio-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: telemetry + istio: mixer + istio-mixer-type: telemetry + release: istio diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-citadel-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-citadel-istio-system.yaml new file mode 100644 index 000000000..cb57ab863 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-citadel-istio-system.yaml @@ -0,0 +1,44 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-citadel-istio-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - watch + - list + - update + - delete +- apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - get + - watch + - list +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-cleanup-secrets-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-cleanup-secrets-istio-system.yaml new file mode 100644 index 000000000..b31002df6 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-cleanup-secrets-istio-system.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + helm.sh/hook: post-delete + helm.sh/hook-delete-policy: hook-succeeded + helm.sh/hook-weight: "1" + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-cleanup-secrets-istio-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - delete diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-egressgateway-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-egressgateway-istio-system.yaml new file mode 100644 index 000000000..14745dd1b --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-egressgateway-istio-system.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: egressgateway + chart: gateways + heritage: Tiller + release: istio + name: istio-egressgateway-istio-system +rules: +- apiGroups: + - networking.istio.io + resources: + - virtualservices + - destinationrules + - gateways + verbs: + - get + - watch + - list + - update diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-galley-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-galley-istio-system.yaml new file mode 100644 index 000000000..31cd021e8 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-galley-istio-system.yaml @@ -0,0 +1,85 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: galley + chart: galley + heritage: Tiller + release: istio + name: istio-galley-istio-system +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - apps + resourceNames: + - istio-galley + resources: + - deployments + verbs: + - get +- apiGroups: + - "" + resources: + - pods + - nodes + - services + - endpoints + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - apps + resourceNames: + - istio-galley + resources: + - deployments/finalizers + verbs: + - update diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-grafana-post-install-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-grafana-post-install-istio-system.yaml new file mode 100644 index 000000000..f38f3710a --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-grafana-post-install-istio-system.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + name: istio-grafana-post-install-istio-system +rules: +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-ingressgateway-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-ingressgateway-istio-system.yaml new file mode 100644 index 000000000..ce5773085 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-ingressgateway-istio-system.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: ingressgateway + chart: gateways + heritage: Tiller + release: istio + name: istio-ingressgateway-istio-system +rules: +- apiGroups: + - networking.istio.io + resources: + - virtualservices + - destinationrules + - gateways + verbs: + - get + - watch + - list + - update diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-mixer-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-mixer-istio-system.yaml new file mode 100644 index 000000000..4c406989f --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-mixer-istio-system.yaml @@ -0,0 +1,51 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: istio-mixer-istio-system +rules: +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - create + - get + - list + - watch + - patch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - pods + - services + - namespaces + - secrets + - replicationcontrollers + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - apps + resources: + - replicasets + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-pilot-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-pilot-istio-system.yaml new file mode 100644 index 000000000..fbf58bcdd --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-pilot-istio-system.yaml @@ -0,0 +1,73 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: pilot + chart: pilot + heritage: Tiller + release: istio + name: istio-pilot-istio-system +rules: +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - get + - watch + - list +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + - ingresses/status + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - watch + - update +- apiGroups: + - "" + resources: + - endpoints + - pods + - services + - namespaces + - nodes + - secrets + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-reader.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-reader.yaml new file mode 100644 index 000000000..40b0dd6c4 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-reader.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-reader +rules: +- apiGroups: + - "" + resources: + - nodes + - pods + - services + - endpoints + - replicationcontrollers + verbs: + - get + - watch + - list +- apiGroups: + - extensions + - apps + resources: + - replicasets + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-sidecar-injector-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-sidecar-injector-istio-system.yaml new file mode 100644 index 000000000..06d72de03 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_istio-sidecar-injector-istio-system.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: sidecarInjectorWebhook + chart: sidecarInjectorWebhook + heritage: Tiller + istio: sidecar-injector + release: istio + name: istio-sidecar-injector-istio-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - patch diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kiali-viewer.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kiali-viewer.yaml new file mode 100644 index 000000000..a00bd0367 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kiali-viewer.yaml @@ -0,0 +1,124 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: kiali-viewer +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - services + - replicationcontrollers + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - apps + resources: + - deployments + - statefulsets + - replicasets + verbs: + - get + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - config.istio.io + resources: + - apikeys + - authorizations + - checknothings + - circonuses + - deniers + - fluentds + - handlers + - kubernetesenvs + - kuberneteses + - listcheckers + - listentries + - logentries + - memquotas + - metrics + - opas + - prometheuses + - quotas + - quotaspecbindings + - quotaspecs + - rbacs + - reportnothings + - rules + - servicecontrolreports + - servicecontrols + - solarwindses + - stackdrivers + - statsds + - stdios + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + resources: + - destinationrules + - gateways + - serviceentries + - virtualservices + verbs: + - get + - list + - watch +- apiGroups: + - authentication.istio.io + resources: + - policies + - meshpolicies + verbs: + - get + - list + - watch +- apiGroups: + - rbac.istio.io + resources: + - clusterrbacconfigs + - rbacconfigs + - serviceroles + - servicerolebindings + verbs: + - get + - list + - watch +- apiGroups: + - monitoring.kiali.io + resources: + - monitoringdashboards + verbs: + - get diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kiali.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kiali.yaml new file mode 100644 index 000000000..de91e8f85 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kiali.yaml @@ -0,0 +1,134 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: kiali +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - services + - replicationcontrollers + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - apps + resources: + - deployments + - statefulsets + - replicasets + verbs: + - get + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - config.istio.io + resources: + - apikeys + - authorizations + - checknothings + - circonuses + - deniers + - fluentds + - handlers + - kubernetesenvs + - kuberneteses + - listcheckers + - listentries + - logentries + - memquotas + - metrics + - opas + - prometheuses + - quotas + - quotaspecbindings + - quotaspecs + - rbacs + - reportnothings + - rules + - solarwindses + - stackdrivers + - statsds + - stdios + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + resources: + - destinationrules + - gateways + - serviceentries + - virtualservices + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - authentication.istio.io + resources: + - policies + - meshpolicies + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - rbac.istio.io + resources: + - clusterrbacconfigs + - rbacconfigs + - serviceroles + - servicerolebindings + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - monitoring.kiali.io + resources: + - monitoringdashboards + verbs: + - get diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_prometheus-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_prometheus-istio-system.yaml new file mode 100644 index 000000000..4e42dfb6a --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_prometheus-istio-system.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: prometheus + chart: prometheus + heritage: Tiller + release: istio + name: prometheus-istio-system +rules: +- apiGroups: + - "" + resources: + - nodes + - services + - endpoints + - pods + - nodes/proxy + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-citadel-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-citadel-istio-system.yaml new file mode 100644 index 000000000..28ac035ab --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-citadel-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-citadel-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-citadel-istio-system +subjects: +- kind: ServiceAccount + name: istio-citadel-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-cleanup-secrets-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-cleanup-secrets-istio-system.yaml new file mode 100644 index 000000000..fcc37b18d --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-cleanup-secrets-istio-system.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + helm.sh/hook: post-delete + helm.sh/hook-delete-policy: hook-succeeded + helm.sh/hook-weight: "2" + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-cleanup-secrets-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-cleanup-secrets-istio-system +subjects: +- kind: ServiceAccount + name: istio-cleanup-secrets-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-egressgateway-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-egressgateway-istio-system.yaml new file mode 100644 index 000000000..291dd013b --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-egressgateway-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: egressgateway + chart: gateways + heritage: Tiller + release: istio + name: istio-egressgateway-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-egressgateway-istio-system +subjects: +- kind: ServiceAccount + name: istio-egressgateway-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-galley-admin-role-binding-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-galley-admin-role-binding-istio-system.yaml new file mode 100644 index 000000000..9c2ca1a82 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-galley-admin-role-binding-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: galley + chart: galley + heritage: Tiller + release: istio + name: istio-galley-admin-role-binding-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-galley-istio-system +subjects: +- kind: ServiceAccount + name: istio-galley-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-grafana-post-install-role-binding-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-grafana-post-install-role-binding-istio-system.yaml new file mode 100644 index 000000000..473c34c42 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-grafana-post-install-role-binding-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + name: istio-grafana-post-install-role-binding-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-grafana-post-install-istio-system +subjects: +- kind: ServiceAccount + name: istio-grafana-post-install-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-ingressgateway-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-ingressgateway-istio-system.yaml new file mode 100644 index 000000000..c4b280410 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-ingressgateway-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: ingressgateway + chart: gateways + heritage: Tiller + release: istio + name: istio-ingressgateway-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-ingressgateway-istio-system +subjects: +- kind: ServiceAccount + name: istio-ingressgateway-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-kiali-admin-role-binding-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-kiali-admin-role-binding-istio-system.yaml new file mode 100644 index 000000000..d1db23758 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-kiali-admin-role-binding-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: istio-kiali-admin-role-binding-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kiali +subjects: +- kind: ServiceAccount + name: kiali-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-mixer-admin-role-binding-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-mixer-admin-role-binding-istio-system.yaml new file mode 100644 index 000000000..8c801ce56 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-mixer-admin-role-binding-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: istio-mixer-admin-role-binding-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-mixer-istio-system +subjects: +- kind: ServiceAccount + name: istio-mixer-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-multi.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-multi.yaml new file mode 100644 index 000000000..b7cccaacb --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-multi.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + chart: istio-1.1.0 + name: istio-multi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-reader +subjects: +- kind: ServiceAccount + name: istio-multi + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-pilot-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-pilot-istio-system.yaml new file mode 100644 index 000000000..fc78ced11 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-pilot-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: pilot + chart: pilot + heritage: Tiller + release: istio + name: istio-pilot-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-pilot-istio-system +subjects: +- kind: ServiceAccount + name: istio-pilot-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-sidecar-injector-admin-role-binding-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-sidecar-injector-admin-role-binding-istio-system.yaml new file mode 100644 index 000000000..fc5d7a83d --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_istio-sidecar-injector-admin-role-binding-istio-system.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: sidecarInjectorWebhook + chart: sidecarInjectorWebhook + heritage: Tiller + istio: sidecar-injector + release: istio + name: istio-sidecar-injector-admin-role-binding-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-sidecar-injector-istio-system +subjects: +- kind: ServiceAccount + name: istio-sidecar-injector-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_prometheus-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_prometheus-istio-system.yaml new file mode 100644 index 000000000..455f52e86 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_prometheus-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: prometheus + chart: prometheus + heritage: Tiller + release: istio + name: prometheus-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prometheus-istio-system +subjects: +- kind: ServiceAccount + name: prometheus + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_role_istio-ingressgateway-sds.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_role_istio-ingressgateway-sds.yaml new file mode 100644 index 000000000..907894866 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_role_istio-ingressgateway-sds.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-ingressgateway-sds + namespace: istio-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - watch + - list diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_istio-ingressgateway-sds.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_istio-ingressgateway-sds.yaml new file mode 100644 index 000000000..2b7f19846 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_istio-ingressgateway-sds.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-ingressgateway-sds + namespace: istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-ingressgateway-sds +subjects: +- kind: ServiceAccount + name: istio-ingressgateway-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_istio-security-post-install-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_istio-security-post-install-istio-system.yaml new file mode 100644 index 000000000..57718cea6 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_istio-security-post-install-istio-system.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-security-post-install-istio-system +rules: +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get +- apiGroups: + - extensions + - apps + resources: + - deployments + - replicasets + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_istio-security-post-install-role-binding-istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_istio-security-post-install-role-binding-istio-system.yaml new file mode 100644 index 000000000..725830af2 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_istio-security-post-install-role-binding-istio-system.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-security-post-install-role-binding-istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-security-post-install-istio-system +subjects: +- kind: ServiceAccount + name: istio-security-post-install-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-galley-configuration.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-galley-configuration.yaml new file mode 100644 index 000000000..cc7748587 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-galley-configuration.yaml @@ -0,0 +1,123 @@ +apiVersion: v1 +data: + validatingwebhookconfiguration.yaml: |- + apiVersion: admissionregistration.k8s.io/v1beta1 + kind: ValidatingWebhookConfiguration + metadata: + name: istio-galley + namespace: istio-system + labels: + app: galley + chart: galley + heritage: Tiller + release: istio + istio: galley + webhooks: + - name: pilot.validation.istio.io + clientConfig: + service: + name: istio-galley + namespace: istio-system + path: "/admitpilot" + caBundle: "" + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - config.istio.io + apiVersions: + - v1alpha2 + resources: + - httpapispecs + - httpapispecbindings + - quotaspecs + - quotaspecbindings + - operations: + - CREATE + - UPDATE + apiGroups: + - rbac.istio.io + apiVersions: + - "*" + resources: + - "*" + - operations: + - CREATE + - UPDATE + apiGroups: + - authentication.istio.io + apiVersions: + - "*" + resources: + - "*" + - operations: + - CREATE + - UPDATE + apiGroups: + - networking.istio.io + apiVersions: + - "*" + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + failurePolicy: Fail + - name: mixer.validation.istio.io + clientConfig: + service: + name: istio-galley + namespace: istio-system + path: "/admitmixer" + caBundle: "" + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - config.istio.io + apiVersions: + - v1alpha2 + resources: + - rules + - attributemanifests + - circonuses + - deniers + - fluentds + - kubernetesenvs + - listcheckers + - memquotas + - noops + - opas + - prometheuses + - rbacs + - solarwindses + - stackdrivers + - cloudwatches + - dogstatsds + - statsds + - stdios + - apikeys + - authorizations + - checknothings + # - kuberneteses + - listentries + - logentries + - metrics + - quotas + - reportnothings + - tracespans + failurePolicy: Fail +kind: ConfigMap +metadata: + labels: + app: galley + chart: galley + heritage: Tiller + istio: galley + release: istio + name: istio-galley-configuration + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-galley-dashboard.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-galley-dashboard.yaml new file mode 100644 index 000000000..c7b460e35 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-galley-dashboard.yaml @@ -0,0 +1,341 @@ +apiVersion: v1 +data: + galley-dashboard.json: '{ "__inputs": [ { "name": "DS_PROMETHEUS", "label": "Prometheus", + "description": "", "type": "datasource", "pluginId": "prometheus", "pluginName": + "Prometheus" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": "-- + Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": false, + "gnetId": null, "graphTooltip": 0, "links": [], "panels": [ { "aliasColors": {}, + "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 5, "w": 24, "x": 0, "y": 0 }, "id": 46, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "sum(istio_build{component=\"galley\"}) by (tag)", "format": + "time_series", "intervalFactor": 1, "legendFormat": "{{ tag }}", "refId": "A" + } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, + "title": "Galley Versions", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": + 24, "x": 0, "y": 5 }, "id": 40, "panels": [], "title": "Resource Usage", "type": + "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 8, "w": 6, "x": 0, "y": + 6 }, "id": 36, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, + "stack": false, "steppedLine": false, "targets": [ { "expr": "process_virtual_memory_bytes{job=\"galley\"}", + "format": "time_series", "intervalFactor": 2, "legendFormat": "Virtual Memory", + "refId": "A" }, { "expr": "process_resident_memory_bytes{job=\"galley\"}", "format": + "time_series", "intervalFactor": 2, "legendFormat": "Resident Memory", "refId": + "B" }, { "expr": "go_memstats_heap_sys_bytes{job=\"galley\"}", "format": "time_series", + "intervalFactor": 2, "legendFormat": "heap sys", "refId": "C" }, { "expr": "go_memstats_heap_alloc_bytes{job=\"galley\"}", + "format": "time_series", "intervalFactor": 2, "legendFormat": "heap alloc", "refId": + "D" }, { "expr": "go_memstats_alloc_bytes{job=\"galley\"}", "format": "time_series", + "intervalFactor": 2, "legendFormat": "Alloc", "refId": "F" }, { "expr": "go_memstats_heap_inuse_bytes{job=\"galley\"}", + "format": "time_series", "intervalFactor": 2, "legendFormat": "Heap in-use", "refId": + "G" }, { "expr": "go_memstats_stack_inuse_bytes{job=\"galley\"}", "format": "time_series", + "intervalFactor": 2, "legendFormat": "Stack in-use", "refId": "H" }, { "expr": + "sum(container_memory_usage_bytes{container_name=~\"galley\", pod_name=~\"istio-galley-.*\"})", + "format": "time_series", "intervalFactor": 1, "legendFormat": "Total (kis)", "refId": + "E" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, + "title": "Memory", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 8, "w": 6, "x": 6, "y": 6 }, "id": 38, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(rate(container_cpu_usage_seconds_total{container_name=~\"galley\", pod_name=~\"istio-galley-.*\"}[1m]))", + "format": "time_series", "intervalFactor": 2, "legendFormat": "Total (k8s)", "refId": + "A" }, { "expr": "sum(rate(container_cpu_usage_seconds_total{container_name=~\"galley\", + pod_name=~\"istio-galley-.*\"}[1m])) by (container_name)", "format": "time_series", + "intervalFactor": 2, "legendFormat": "{{ container_name }} (k8s)", "refId": "B" + }, { "expr": "irate(process_cpu_seconds_total{job=\"galley\"}[1m])", "format": + "time_series", "intervalFactor": 2, "legendFormat": "galley (self-reported)", + "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": + null, "title": "CPU", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 8, "w": 6, "x": 12, "y": 6 }, "id": 42, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "process_open_fds{job=\"galley\"}", "format": "time_series", "intervalFactor": + 2, "legendFormat": "Open FDs (galley)", "refId": "A" }, { "expr": "container_fs_usage_bytes{container_name=~\"galley\", + pod_name=~\"istio-galley-.*\"}", "format": "time_series", "intervalFactor": 2, + "legendFormat": "{{ container_name }} ", "refId": "B" } ], "thresholds": [], "timeFrom": + null, "timeRegions": [], "timeShift": null, "title": "Disk", "tooltip": { "shared": + true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": + true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { + "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": + "Prometheus", "fill": 1, "gridPos": { "h": 8, "w": 6, "x": 18, "y": 6 }, "id": + 44, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": + true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": + [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": + false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": + false, "steppedLine": false, "targets": [ { "expr": "go_goroutines{job=\"galley\"}", + "format": "time_series", "intervalFactor": 2, "legendFormat": "goroutines_total", + "refId": "A" }, { "expr": "galley_mcp_source_clients_total", "format": "time_series", + "intervalFactor": 1, "legendFormat": "clients_total", "refId": "B" }, { "expr": + "go_goroutines{job=\"galley\"}/galley_mcp_source_clients_total", "format": "time_series", + "intervalFactor": 1, "legendFormat": "avg_goroutines_per_client", "refId": "C" + } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, + "title": "Goroutines", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": + 24, "x": 0, "y": 14 }, "id": 10, "panels": [], "title": "Runtime", "type": "row" + }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": + "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 0, "y": 15 }, "id": + 2, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": + true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": + [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": + false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": + false, "steppedLine": false, "targets": [ { "expr": "sum(rate(galley_runtime_strategy_on_change_total[1m])) + * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Strategy + Change Events", "refId": "A" }, { "expr": "sum(rate(galley_runtime_processor_events_processed_total[1m])) + * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Processed + Events", "refId": "B" }, { "expr": "sum(rate(galley_runtime_processor_snapshots_published_total[1m])) + * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Snapshot + Published", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeRegions": + [], "timeShift": null, "title": "Event Rates", "tooltip": { "shared": true, "sort": + 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, + "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": + "short", "label": "Events/min", "logBase": 1, "max": null, "min": null, "show": + true }, { "format": "short", "label": "", "logBase": 1, "max": null, "min": null, + "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 8, "y": 15 }, "id": 4, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "sum(rate(galley_runtime_strategy_timer_max_time_reached_total[1m])) + * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Max Time + Reached", "refId": "A" }, { "expr": "sum(rate(galley_runtime_strategy_timer_quiesce_reached_total[1m])) + * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Quiesce + Reached", "refId": "B" }, { "expr": "sum(rate(galley_runtime_strategy_timer_resets_total[1m])) + * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Timer Resets", + "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": + null, "title": "Timer Rates", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "Events/min", + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 8, "x": 16, "y": 15 }, "id": 8, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 3, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": true, "steppedLine": false, "targets": [ { "expr": + "histogram_quantile(0.50, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "P50", "refId": + "A" }, { "expr": "histogram_quantile(0.90, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "P90", "refId": + "B" }, { "expr": "histogram_quantile(0.95, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "P95", "refId": + "C" }, { "expr": "histogram_quantile(0.99, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "P99", "refId": + "D" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, + "title": "Events Per Snapshot", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 8, "x": 8, "y": 21 }, "id": 6, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum by (typeURL) (galley_runtime_state_type_instances_total)", "format": "time_series", + "intervalFactor": 1, "legendFormat": "{{ typeURL }}", "refId": "A" } ], "thresholds": + [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "State Type + Instances", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "Count", + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": + 24, "x": 0, "y": 27 }, "id": 34, "panels": [], "title": "Validation", "type": + "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 0, "y": + 28 }, "id": 28, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, + "stack": false, "steppedLine": false, "targets": [ { "expr": "galley_validation_cert_key_updates{job=\"galley\"}", + "format": "time_series", "intervalFactor": 1, "legendFormat": "Key Updates", "refId": + "A" }, { "expr": "galley_validation_cert_key_update_errors{job=\"galley\"}", "format": + "time_series", "intervalFactor": 1, "legendFormat": "Key Update Errors: {{ error + }}", "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], + "timeShift": null, "title": "Validation Webhook Certificate", "tooltip": { "shared": + true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": + true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 8, "y": 28 }, "id": 30, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "sum(galley_validation_passed{job=\"galley\"}) by (group, + version, resource)", "format": "time_series", "intervalFactor": 1, "legendFormat": + "Passed: {{ group }}/{{ version }}/{{resource}}", "refId": "A" }, { "expr": "sum(galley_validation_failed{job=\"galley\"}) + by (group, version, resource, reason)", "format": "time_series", "intervalFactor": + 1, "legendFormat": "Failed: {{ group }}/{{ version }}/{{resource}} ({{ reason}})", + "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": + null, "title": "Resource Validation", "tooltip": { "shared": true, "sort": 0, + "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": + "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", + "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": + "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } + ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": + false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": + 1, "gridPos": { "h": 6, "w": 8, "x": 16, "y": 28 }, "id": 32, "legend": { "avg": + false, "current": false, "max": false, "min": false, "show": true, "total": false, + "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "sum(galley_validation_http_error{job=\"galley\"}) by (status)", + "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ status }}", + "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": + null, "title": "Validation HTTP Errors", "tooltip": { "shared": true, "sort": + 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, + "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": + "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, + { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": + true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, + "gridPos": { "h": 1, "w": 24, "x": 0, "y": 34 }, "id": 12, "panels": [], "title": + "Kubernetes Source", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 8, "x": 0, "y": 35 }, "id": 14, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "rate(galley_source_kube_event_success_total[1m]) * 60", "format": "time_series", + "intervalFactor": 1, "legendFormat": "Success", "refId": "A" }, { "expr": "rate(galley_source_kube_event_error_total[1m]) + * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Error", + "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": + null, "title": "Source Event Rate", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "Events/min", + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 8, "x": 8, "y": 35 }, "id": 16, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "rate(galley_source_kube_dynamic_converter_success_total[1m]) * 60", "format": + "time_series", "intervalFactor": 1, "legendFormat": "{apiVersion=\"{{apiVersion}}\",group=\"{{group}}\",kind=\"{{kind}}\"}", + "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": + null, "title": "Kubernetes Object Conversion Successes", "tooltip": { "shared": + true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "short", "label": "Conversions/min", "logBase": 1, "max": null, "min": + null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": + null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 16, "y": + 35 }, "id": 24, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, + "stack": false, "steppedLine": false, "targets": [ { "expr": "rate(galley_source_kube_dynamic_converter_failure_total[1m]) + * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Error", + "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": + null, "title": "Kubernetes Object Conversion Failures", "tooltip": { "shared": + true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "short", "label": "Failures/min", "logBase": 1, "max": null, "min": + null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": + null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 41 + }, "id": 18, "panels": [], "title": "Mesh Configuration Protocol", "type": "row" + }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": + "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 0, "y": 42 }, "id": + 20, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": + true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": + [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": + false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": + false, "steppedLine": false, "targets": [ { "expr": "sum(galley_mcp_source_clients_total)", + "format": "time_series", "intervalFactor": 1, "legendFormat": "Clients", "refId": + "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, + "title": "Connected Clients", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 8, "x": 8, "y": 42 }, "id": 22, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum by(collection)(irate(galley_mcp_source_request_acks_total[1m]) * 60)", "format": + "time_series", "intervalFactor": 1, "legendFormat": "", "refId": "A" } ], "thresholds": + [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Request + ACKs", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": + "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, + "values": [] }, "yaxes": [ { "format": "short", "label": "ACKs/min", "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 8, "x": 16, "y": 42 }, "id": 26, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "rate(galley_mcp_source_request_nacks_total[1m]) * 60", "format": "time_series", + "intervalFactor": 1, "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": + [], "timeShift": null, "title": "Request NACKs", "tooltip": { "shared": true, + "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "short", "label": "NACKs/min", "logBase": 1, "max": null, "min": null, + "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, + "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } + } ], "refresh": "5s", "schemaVersion": 16, "style": "dark", "tags": [], "templating": + { "list": [] }, "time": { "from": "now-5m", "to": "now" }, "timepicker": { "refresh_intervals": + [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": + [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "", + "title": "Istio Galley Dashboard", "uid": "TSEY6jLmk", "version": 1 } ' +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana-configuration-dashboards-galley-dashboard + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-mesh-dashboard.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-mesh-dashboard.yaml new file mode 100644 index 000000000..8be80d717 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-mesh-dashboard.yaml @@ -0,0 +1,229 @@ +apiVersion: v1 +data: + istio-mesh-dashboard.json: '{ "__inputs": [ { "name": "DS_PROMETHEUS", "label": + "Prometheus", "description": "", "type": "datasource", "pluginId": "prometheus", + "pluginName": "Prometheus" } ], "__requires": [ { "type": "grafana", "id": "grafana", + "name": "Grafana", "version": "5.2.3" }, { "type": "panel", "id": "graph", "name": + "Graph", "version": "5.0.0" }, { "type": "datasource", "id": "prometheus", "name": + "Prometheus", "version": "5.0.0" }, { "type": "panel", "id": "singlestat", "name": + "Singlestat", "version": "5.0.0" }, { "type": "panel", "id": "table", "name": + "Table", "version": "5.0.0" }, { "type": "panel", "id": "text", "name": "Text", + "version": "5.0.0" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": + "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, + 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": false, + "gnetId": null, "graphTooltip": 0, "id": null, "links": [], "panels": [ { "content": + "
\n
\n Istio\n
\n
\n Istio + is an open platform + that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the + Istio community.\n
\n
", + "gridPos": { "h": 3, "w": 24, "x": 0, "y": 0 }, "height": "50px", "id": 13, "links": + [], "mode": "html", "style": { "font-size": "18pt" }, "title": "", "transparent": + true, "type": "text" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": + false, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, + 172, 45, 0.97)" ], "datasource": "Prometheus", "format": "ops", "gauge": { "maxValue": + 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": + true }, "gridPos": { "h": 3, "w": 6, "x": 0, "y": 3 }, "id": 20, "interval": null, + "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": + 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": + "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": + "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": + "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, + "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": + [ { "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), + 0.001)", "intervalFactor": 1, "refId": "A", "step": 4 } ], "thresholds": "", "title": + "Global Request Volume", "transparent": false, "type": "singlestat", "valueFontSize": + "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": + "avg" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, + "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, + 45, 0.97)" ], "datasource": "Prometheus", "format": "percentunit", "gauge": { + "maxValue": 100, "minValue": 80, "show": false, "thresholdLabels": false, "thresholdMarkers": + false }, "gridPos": { "h": 3, "w": 6, "x": 6, "y": 3 }, "id": 21, "interval": + null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", + "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, + "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": + "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", + "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, + 0.18)", "full": true, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": + "", "targets": [ { "expr": "sum(rate(istio_requests_total{reporter=\"destination\", + response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", + "format": "time_series", "intervalFactor": 1, "refId": "A", "step": 4 } ], "thresholds": + "95, 99, 99.5", "title": "Global Success Rate (non-5xx responses)", "transparent": + false, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", + "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "cacheTimeout": null, + "colorBackground": false, "colorValue": false, "colors": [ "rgba(245, 54, 54, + 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": + "Prometheus", "format": "ops", "gauge": { "maxValue": 100, "minValue": 0, "show": + false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": + 3, "w": 6, "x": 12, "y": 3 }, "id": 22, "interval": null, "links": [], "mappingType": + 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range + to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", + "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": + "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": + { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, + 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "sum(irate(istio_requests_total{reporter=\"destination\", + response_code=~\"4.*\"}[1m])) ", "format": "time_series", "intervalFactor": 1, + "refId": "A", "step": 4 } ], "thresholds": "", "title": "4xxs", "transparent": + false, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", + "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "cacheTimeout": null, + "colorBackground": false, "colorValue": false, "colors": [ "rgba(245, 54, 54, + 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": + "Prometheus", "format": "ops", "gauge": { "maxValue": 100, "minValue": 0, "show": + false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": + 3, "w": 6, "x": 18, "y": 3 }, "id": 23, "interval": null, "links": [], "mappingType": + 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range + to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", + "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": + "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": + { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, + 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "sum(irate(istio_requests_total{reporter=\"destination\", + response_code=~\"5.*\"}[1m])) ", "format": "time_series", "intervalFactor": 1, + "refId": "A", "step": 4 } ], "thresholds": "", "title": "5xxs", "transparent": + false, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", + "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "columns": [], "datasource": + "Prometheus", "fontSize": "100%", "gridPos": { "h": 21, "w": 24, "x": 0, "y": + 6 }, "hideTimeOverride": false, "id": 73, "links": [], "pageSize": null, "repeat": + null, "repeatDirection": "v", "scroll": true, "showHeader": true, "sort": { "col": + 4, "desc": true }, "styles": [ { "alias": "Workload", "colorMode": null, "colors": + [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" + ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": false, "linkTargetBlank": + false, "linkTooltip": "Workload dashboard", "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_", + "pattern": "destination_workload", "preserveFormat": false, "sanitize": false, + "thresholds": [], "type": "hidden", "unit": "short" }, { "alias": "", "colorMode": + null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, + 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": + "Time", "thresholds": [], "type": "hidden", "unit": "short" }, { "alias": "Requests", + "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": + 2, "pattern": "Value #A", "thresholds": [], "type": "number", "unit": "ops" }, + { "alias": "P50 Latency", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD + HH:mm:ss", "decimals": 2, "pattern": "Value #B", "thresholds": [], "type": "number", + "unit": "s" }, { "alias": "P90 Latency", "colorMode": null, "colors": [ "rgba(245, + 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": + "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Value #D", "thresholds": [], + "type": "number", "unit": "s" }, { "alias": "P99 Latency", "colorMode": null, + "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, + 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Value + #E", "thresholds": [], "type": "number", "unit": "s" }, { "alias": "Success Rate", + "colorMode": "cell", "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, + 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": + 2, "pattern": "Value #F", "thresholds": [ ".95", " 1.00" ], "type": "number", + "unit": "percentunit" }, { "alias": "Workload", "colorMode": null, "colors": [ + "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" + ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": true, "linkTooltip": + "$__cell dashboard", "linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3", + "pattern": "destination_workload_var", "thresholds": [], "type": "number", "unit": + "short" }, { "alias": "Service", "colorMode": null, "colors": [ "rgba(245, 54, + 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": + "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": true, "linkTooltip": "$__cell dashboard", + "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", "pattern": + "destination_service", "thresholds": [], "type": "string", "unit": "short" }, + { "alias": "", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, + 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, "pattern": "destination_workload_namespace", "thresholds": [], + "type": "hidden", "unit": "short" } ], "targets": [ { "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", + response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, + destination_service), \"destination_workload_var\", \".\", \"destination_workload\", + \"destination_workload_namespace\")", "format": "table", "hide": false, "instant": + true, "intervalFactor": 1, "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace + }}", "refId": "A" }, { "expr": "label_join(histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) + by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", + \".\", \"destination_workload\", \"destination_workload_namespace\")", "format": + "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": + "{{ destination_workload}}.{{ destination_workload_namespace }}", "refId": "B" + }, { "expr": "label_join(histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) + by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", + \".\", \"destination_workload\", \"destination_workload_namespace\")", "format": + "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": + "{{ destination_workload }}.{{ destination_workload_namespace }}", "refId": "D" + }, { "expr": "label_join(histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) + by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", + \".\", \"destination_workload\", \"destination_workload_namespace\")", "format": + "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": + "{{ destination_workload }}.{{ destination_workload_namespace }}", "refId": "E" + }, { "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", + response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) + / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, + destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", + \"destination_workload_namespace\")", "format": "table", "hide": false, "instant": + true, "interval": "", "intervalFactor": 1, "legendFormat": "{{ destination_workload + }}.{{ destination_workload_namespace }}", "refId": "F" } ], "timeFrom": null, + "title": "HTTP/GRPC Workloads", "transform": "table", "transparent": false, "type": + "table" }, { "columns": [], "datasource": "Prometheus", "fontSize": "100%", "gridPos": + { "h": 18, "w": 24, "x": 0, "y": 27 }, "hideTimeOverride": false, "id": 109, "links": + [], "pageSize": null, "repeatDirection": "v", "scroll": true, "showHeader": true, + "sort": { "col": 2, "desc": true }, "styles": [ { "alias": "Workload", "colorMode": + null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, + 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": + false, "linkTargetBlank": false, "linkTooltip": "$__cell dashboard", "linkUrl": + "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", + "pattern": "destination_workload", "preserveFormat": false, "sanitize": false, + "thresholds": [], "type": "hidden", "unit": "short" }, { "alias": "Bytes Sent", + "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": + 2, "pattern": "Value #A", "thresholds": [ "" ], "type": "number", "unit": "Bps" + }, { "alias": "Bytes Received", "colorMode": null, "colors": [ "rgba(245, 54, + 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": + "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Value #C", "thresholds": [], + "type": "number", "unit": "Bps" }, { "alias": "", "colorMode": null, "colors": + [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" + ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Time", "thresholds": + [], "type": "hidden", "unit": "short" }, { "alias": "Workload", "colorMode": null, + "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, + 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": true, + "linkTooltip": "$__cell dashboard", "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2", + "pattern": "destination_workload_var", "thresholds": [], "type": "string", "unit": + "short" }, { "alias": "", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD + HH:mm:ss", "decimals": 2, "pattern": "destination_workload_namespace", "thresholds": + [], "type": "hidden", "unit": "short" }, { "alias": "Service", "colorMode": null, + "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, + 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": true, + "linkTooltip": "$__cell dashboard", "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", + "pattern": "destination_service", "thresholds": [], "type": "number", "unit": + "short" } ], "targets": [ { "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) + by (destination_workload, destination_workload_namespace, destination_service), + \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", + "format": "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": + "{{ destination_workload }}", "refId": "C" }, { "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) + by (destination_workload, destination_workload_namespace, destination_service), + \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", + "format": "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": + "{{ destination_workload }}", "refId": "A" } ], "timeFrom": null, "title": "TCP + Workloads", "transform": "table", "transparent": false, "type": "table" }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 9, "w": 24, "x": 0, "y": 45 }, "id": 111, "legend": + { "alignAsTable": false, "avg": false, "current": false, "max": false, "min": + false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(istio_build) by (component, tag)", "format": "time_series", "intervalFactor": + 1, "legendFormat": "{{ component }}: {{ tag }}", "refId": "A" } ], "thresholds": + [], "timeFrom": null, "timeShift": null, "title": "Istio Components by Version", + "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "transparent": + false, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } } ], "refresh": "5s", "schemaVersion": 16, "style": + "dark", "tags": [], "templating": { "list": [] }, "time": { "from": "now-5m", + "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", "10s", "30s", "1m", + "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ "5m", "15m", "1h", "6h", + "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "browser", "title": "Istio Mesh + Dashboard", "version": 4 } ' +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana-configuration-dashboards-istio-mesh-dashboard + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-performance-dashboard.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-performance-dashboard.yaml new file mode 100644 index 000000000..0d56502d7 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-performance-dashboard.yaml @@ -0,0 +1,150 @@ +apiVersion: v1 +data: + istio-performance-dashboard.json: '{ "__inputs": [ { "name": "DS_PROMETHEUS", "label": + "Prometheus", "description": "", "type": "datasource", "pluginId": "prometheus", + "pluginName": "Prometheus" } ], "__requires": [ { "type": "grafana", "id": "grafana", + "name": "Grafana", "version": "5.2.3" }, { "type": "panel", "id": "graph", "name": + "Graph", "version": "5.0.0" }, { "type": "datasource", "id": "prometheus", "name": + "Prometheus", "version": "5.0.0" }, { "type": "panel", "id": "text", "name": "Text", + "version": "5.0.0" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": + "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, + 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": false, + "gnetId": null, "graphTooltip": 0, "id": null, "links": [], "panels": [ { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 9, "w": 12, "x": 0, "y": 0 }, "id": 2, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "(sum(rate(container_cpu_usage_seconds_total{pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ + (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) + >bool 10)", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-telemetry", + "refId": "A" }, { "expr": "sum(rate(container_cpu_usage_seconds_total{pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m])) + / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", + reporter=\"source\"}[1m])), 0.001)/1000)", "format": "time_series", "intervalFactor": + 1, "legendFormat": "istio-ingressgateway", "refId": "B" }, { "expr": "(sum(rate(container_cpu_usage_seconds_total{namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))/ + (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) + >bool 10)", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-proxy", + "refId": "C" }, { "expr": "(sum(rate(container_cpu_usage_seconds_total{pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))/ + (round(sum(irate(istio_requests_total[1m])), 0.001)/1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) + >bool 10)", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-policy", + "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": + "vCPU / 1k rps", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 9, "w": 12, "x": 12, "y": 0 }, "id": 6, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(rate(container_cpu_usage_seconds_total{pod_name=~\"istio-telemetry-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-telemetry", + "refId": "A" }, { "expr": "sum(rate(container_cpu_usage_seconds_total{pod_name=~\"istio-ingressgateway-.*\",container_name=\"istio-proxy\"}[1m]))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-ingressgateway", + "refId": "B" }, { "expr": "sum(rate(container_cpu_usage_seconds_total{namespace!=\"istio-system\",container_name=\"istio-proxy\"}[1m]))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-proxy", "refId": + "C" }, { "expr": "sum(rate(container_cpu_usage_seconds_total{pod_name=~\"istio-policy-.*\",container_name=~\"mixer|istio-proxy\"}[1m]))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-policy", + "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": + "vCPU", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, + "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": + true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 9, "w": 12, "x": 0, "y": 9 }, "id": 4, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "(sum(container_memory_usage_bytes{pod_name=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) + / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) + >bool 10)", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-telemetry + / 1k rps", "refId": "A" }, { "expr": "sum(container_memory_usage_bytes{pod_name=~\"istio-ingressgateway-.*\"}) + / count(container_memory_usage_bytes{pod_name=~\"istio-ingressgateway-.*\",container_name!=\"POD\"})", + "format": "time_series", "intervalFactor": 1, "legendFormat": "per istio-ingressgateway", + "refId": "C" }, { "expr": "sum(container_memory_usage_bytes{namespace!=\"istio-system\",container_name=\"istio-proxy\"}) + / count(container_memory_usage_bytes{namespace!=\"istio-system\",container_name=\"istio-proxy\"})", + "format": "time_series", "intervalFactor": 1, "legendFormat": "per istio-proxy", + "refId": "B" }, { "expr": "(sum(container_memory_usage_bytes{pod_name=~\"istio-policy-.*\"}) + / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) + >bool 10)", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-policy + / 1k rps", "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeShift": + null, "title": "Memory", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "decbytes", "label": + null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", + "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": + { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, + "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": + { "h": 9, "w": 12, "x": 12, "y": 9 }, "id": 5, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-telemetry", + "refId": "A" }, { "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", + reporter=\"source\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": + "istio-ingressgateway", "refId": "C" }, { "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", + reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", + reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", + reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", + reporter=\"destination\"}[1m]))", "format": "time_series", "intervalFactor": 1, + "legendFormat": "istio-proxy", "refId": "D" }, { "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", + "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-policy", + "refId": "E" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": + "Bytes transferred / sec", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "bytes", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 9, "w": 24, "x": 0, "y": 18 }, "id": 8, "legend": { "alignAsTable": false, "avg": + false, "current": false, "max": false, "min": false, "rightSide": false, "show": + true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": + [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": + false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": + false, "steppedLine": false, "targets": [ { "expr": "sum(istio_build) by (component, + tag)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ component + }}: {{ tag }}", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": + null, "title": "Istio Components by Version", "tooltip": { "shared": true, "sort": + 0, "value_type": "individual" }, "transparent": false, "type": "graph", "xaxis": + { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, + "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": + null } }, { "content": "The charts on this dashboard are intended to show Istio + main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k + rps:** shows vCPU utilization by the main Istio components normalized by 1000 + requests/second. When idle or low traffic, this chart will be blank. The curve + for istio-proxy refers to the services sidecars only. \n- **vCPU:** vCPU utilization + by Istio components, not normalized.\n- **Memory:** memory footprint for the components. + Telemetry and policy are normalized by 1k rps, and no data is shown when there + is no traffic. For ingress and istio-proxy, the data is per instance. \n- **Bytes + transferred/ sec:** shows the number of bytes flowing through each Istio component.", + "gridPos": { "h": 4, "w": 24, "x": 0, "y": 18 }, "id": 11, "links": [], "mode": + "markdown", "title": "Istio Performance Dashboard Readme", "type": "text" } ], + "schemaVersion": 16, "style": "dark", "tags": [], "templating": { "list": [] }, + "time": { "from": "now-5m", "to": "now" }, "timepicker": { "refresh_intervals": + [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": + [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "", + "title": "Istio Performance Dashboard", "version": 4 } ' +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana-configuration-dashboards-istio-performance-dashboard + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-service-dashboard.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-service-dashboard.yaml new file mode 100644 index 000000000..d39f3a822 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-service-dashboard.yaml @@ -0,0 +1,795 @@ +apiVersion: v1 +data: + istio-service-dashboard.json: "{ \"annotations\": { \"list\": [ { \"builtIn\": 1, + \"datasource\": \"-- Grafana --\", \"enable\": true, \"hide\": true, \"iconColor\": + \"rgba(0, 211, 255, 1)\", \"name\": \"Annotations & Alerts\", \"type\": \"dashboard\" + } ] }, \"editable\": false, \"gnetId\": null, \"graphTooltip\": 0, \"iteration\": + 1536442501501, \"links\": [], \"panels\": [ { \"content\": \"
\\nSERVICE: $service\\n
\", \"gridPos\": { \"h\": + 3, \"w\": 24, \"x\": 0, \"y\": 0 }, \"id\": 89, \"links\": [], \"mode\": \"html\", + \"title\": \"\", \"transparent\": true, \"type\": \"text\" }, { \"cacheTimeout\": + null, \"colorBackground\": false, \"colorValue\": false, \"colors\": [ \"rgba(245, + 54, 54, 0.9)\", \"rgba(237, 129, 40, 0.89)\", \"rgba(50, 172, 45, 0.97)\" ], \"datasource\": + \"Prometheus\", \"format\": \"ops\", \"gauge\": { \"maxValue\": 100, \"minValue\": + 0, \"show\": false, \"thresholdLabels\": false, \"thresholdMarkers\": true }, + \"gridPos\": { \"h\": 4, \"w\": 6, \"x\": 0, \"y\": 3 }, \"id\": 12, \"interval\": + null, \"links\": [], \"mappingType\": 1, \"mappingTypes\": [ { \"name\": \"value + to text\", \"value\": 1 }, { \"name\": \"range to text\", \"value\": 2 } ], \"maxDataPoints\": + 100, \"nullPointMode\": \"connected\", \"nullText\": null, \"postfix\": \"\", + \"postfixFontSize\": \"50%\", \"prefix\": \"\", \"prefixFontSize\": \"50%\", \"rangeMaps\": + [ { \"from\": \"null\", \"text\": \"N/A\", \"to\": \"null\" } ], \"sparkline\": + { \"fillColor\": \"rgba(31, 118, 189, 0.18)\", \"full\": true, \"lineColor\": + \"rgb(31, 120, 193)\", \"show\": true }, \"tableColumn\": \"\", \"targets\": [ + { \"expr\": \"round(sum(irate(istio_requests_total{reporter=\\\"source\\\",destination_service=~\\\"$service\\\"}[5m])), + 0.001)\", \"format\": \"time_series\", \"intervalFactor\": 1, \"refId\": \"A\", + \"step\": 4 } ], \"thresholds\": \"\", \"title\": \"Client Request Volume\", \"transparent\": + false, \"type\": \"singlestat\", \"valueFontSize\": \"80%\", \"valueMaps\": [ + { \"op\": \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], \"valueName\": \"current\" + }, { \"cacheTimeout\": null, \"colorBackground\": false, \"colorValue\": false, + \"colors\": [ \"rgba(50, 172, 45, 0.97)\", \"rgba(237, 129, 40, 0.89)\", \"rgba(245, + 54, 54, 0.9)\" ], \"datasource\": \"Prometheus\", \"decimals\": null, \"format\": + \"percentunit\", \"gauge\": { \"maxValue\": 100, \"minValue\": 80, \"show\": false, + \"thresholdLabels\": false, \"thresholdMarkers\": false }, \"gridPos\": { \"h\": + 4, \"w\": 6, \"x\": 6, \"y\": 3 }, \"id\": 14, \"interval\": null, \"links\": + [], \"mappingType\": 1, \"mappingTypes\": [ { \"name\": \"value to text\", \"value\": + 1 }, { \"name\": \"range to text\", \"value\": 2 } ], \"maxDataPoints\": 100, + \"nullPointMode\": \"connected\", \"nullText\": null, \"postfix\": \"\", \"postfixFontSize\": + \"50%\", \"prefix\": \"\", \"prefixFontSize\": \"50%\", \"rangeMaps\": [ { \"from\": + \"null\", \"text\": \"N/A\", \"to\": \"null\" } ], \"sparkline\": { \"fillColor\": + \"rgba(31, 118, 189, 0.18)\", \"full\": true, \"lineColor\": \"rgb(31, 120, 193)\", + \"show\": true }, \"tableColumn\": \"\", \"targets\": [ { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"source\\\",destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\"}[5m])) + / sum(irate(istio_requests_total{reporter=\\\"source\\\",destination_service=~\\\"$service\\\"}[5m]))\", + \"format\": \"time_series\", \"intervalFactor\": 1, \"refId\": \"B\" } ], \"thresholds\": + \"95, 99, 99.5\", \"title\": \"Client Success Rate (non-5xx responses)\", \"transparent\": + false, \"type\": \"singlestat\", \"valueFontSize\": \"80%\", \"valueMaps\": [ + { \"op\": \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], \"valueName\": \"avg\" + }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, + \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": { \"h\": 4, \"w\": 6, + \"x\": 12, \"y\": 3 }, \"id\": 87, \"legend\": { \"alignAsTable\": false, \"avg\": + false, \"current\": false, \"hideEmpty\": false, \"hideZero\": false, \"max\": + false, \"min\": false, \"rightSide\": true, \"show\": true, \"total\": false, + \"values\": false }, \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": + \"null\", \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": + \"flot\", \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\",destination_service=~\\\"$service\\\"}[1m])) + by (le))\", \"format\": \"time_series\", \"interval\": \"\", \"intervalFactor\": + 1, \"legendFormat\": \"P50\", \"refId\": \"A\" }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\",destination_service=~\\\"$service\\\"}[1m])) + by (le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": + 1, \"legendFormat\": \"P90\", \"refId\": \"B\" }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\",destination_service=~\\\"$service\\\"}[1m])) + by (le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": + 1, \"legendFormat\": \"P99\", \"refId\": \"C\" } ], \"thresholds\": [], \"timeFrom\": + null, \"timeShift\": null, \"title\": \"Client Request Duration\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"s\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": null, \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } }, { \"cacheTimeout\": null, \"colorBackground\": + false, \"colorValue\": false, \"colors\": [ \"#299c46\", \"rgba(237, 129, 40, + 0.89)\", \"#d44a3a\" ], \"datasource\": \"Prometheus\", \"format\": \"Bps\", \"gauge\": + { \"maxValue\": 100, \"minValue\": 0, \"show\": false, \"thresholdLabels\": false, + \"thresholdMarkers\": true }, \"gridPos\": { \"h\": 4, \"w\": 6, \"x\": 18, \"y\": + 3 }, \"id\": 84, \"interval\": null, \"links\": [], \"mappingType\": 1, \"mappingTypes\": + [ { \"name\": \"value to text\", \"value\": 1 }, { \"name\": \"range to text\", + \"value\": 2 } ], \"maxDataPoints\": 100, \"nullPointMode\": \"connected\", \"nullText\": + null, \"postfix\": \"\", \"postfixFontSize\": \"50%\", \"prefix\": \"\", \"prefixFontSize\": + \"50%\", \"rangeMaps\": [ { \"from\": \"null\", \"text\": \"N/A\", \"to\": \"null\" + } ], \"sparkline\": { \"fillColor\": \"rgba(31, 118, 189, 0.18)\", \"full\": true, + \"lineColor\": \"rgb(31, 120, 193)\", \"show\": true }, \"tableColumn\": \"\", + \"targets\": [ { \"expr\": \"sum(irate(istio_tcp_received_bytes_total{reporter=\\\"source\\\", + destination_service=~\\\"$service\\\"}[1m]))\", \"format\": \"time_series\", \"hide\": + false, \"intervalFactor\": 1, \"legendFormat\": \"\", \"refId\": \"A\" } ], \"thresholds\": + \"\", \"title\": \"TCP Received Bytes\", \"transparent\": false, \"type\": \"singlestat\", + \"valueFontSize\": \"80%\", \"valueMaps\": [ { \"op\": \"=\", \"text\": \"N/A\", + \"value\": \"null\" } ], \"valueName\": \"avg\" }, { \"cacheTimeout\": null, \"colorBackground\": + false, \"colorValue\": false, \"colors\": [ \"rgba(245, 54, 54, 0.9)\", \"rgba(237, + 129, 40, 0.89)\", \"rgba(50, 172, 45, 0.97)\" ], \"datasource\": \"Prometheus\", + \"format\": \"ops\", \"gauge\": { \"maxValue\": 100, \"minValue\": 0, \"show\": + false, \"thresholdLabels\": false, \"thresholdMarkers\": true }, \"gridPos\": + { \"h\": 4, \"w\": 6, \"x\": 0, \"y\": 7 }, \"id\": 97, \"interval\": null, \"links\": + [], \"mappingType\": 1, \"mappingTypes\": [ { \"name\": \"value to text\", \"value\": + 1 }, { \"name\": \"range to text\", \"value\": 2 } ], \"maxDataPoints\": 100, + \"nullPointMode\": \"connected\", \"nullText\": null, \"postfix\": \"\", \"postfixFontSize\": + \"50%\", \"prefix\": \"\", \"prefixFontSize\": \"50%\", \"rangeMaps\": [ { \"from\": + \"null\", \"text\": \"N/A\", \"to\": \"null\" } ], \"sparkline\": { \"fillColor\": + \"rgba(31, 118, 189, 0.18)\", \"full\": true, \"lineColor\": \"rgb(31, 120, 193)\", + \"show\": true }, \"tableColumn\": \"\", \"targets\": [ { \"expr\": \"round(sum(irate(istio_requests_total{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[5m])), + 0.001)\", \"format\": \"time_series\", \"intervalFactor\": 1, \"refId\": \"A\", + \"step\": 4 } ], \"thresholds\": \"\", \"title\": \"Server Request Volume\", \"transparent\": + false, \"type\": \"singlestat\", \"valueFontSize\": \"80%\", \"valueMaps\": [ + { \"op\": \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], \"valueName\": \"current\" + }, { \"cacheTimeout\": null, \"colorBackground\": false, \"colorValue\": false, + \"colors\": [ \"rgba(50, 172, 45, 0.97)\", \"rgba(237, 129, 40, 0.89)\", \"rgba(245, + 54, 54, 0.9)\" ], \"datasource\": \"Prometheus\", \"decimals\": null, \"format\": + \"percentunit\", \"gauge\": { \"maxValue\": 100, \"minValue\": 80, \"show\": false, + \"thresholdLabels\": false, \"thresholdMarkers\": false }, \"gridPos\": { \"h\": + 4, \"w\": 6, \"x\": 6, \"y\": 7 }, \"id\": 98, \"interval\": null, \"links\": + [], \"mappingType\": 1, \"mappingTypes\": [ { \"name\": \"value to text\", \"value\": + 1 }, { \"name\": \"range to text\", \"value\": 2 } ], \"maxDataPoints\": 100, + \"nullPointMode\": \"connected\", \"nullText\": null, \"postfix\": \"\", \"postfixFontSize\": + \"50%\", \"prefix\": \"\", \"prefixFontSize\": \"50%\", \"rangeMaps\": [ { \"from\": + \"null\", \"text\": \"N/A\", \"to\": \"null\" } ], \"sparkline\": { \"fillColor\": + \"rgba(31, 118, 189, 0.18)\", \"full\": true, \"lineColor\": \"rgb(31, 120, 193)\", + \"show\": true }, \"tableColumn\": \"\", \"targets\": [ { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\"}[5m])) + / sum(irate(istio_requests_total{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[5m]))\", + \"format\": \"time_series\", \"intervalFactor\": 1, \"refId\": \"B\" } ], \"thresholds\": + \"95, 99, 99.5\", \"title\": \"Server Success Rate (non-5xx responses)\", \"transparent\": + false, \"type\": \"singlestat\", \"valueFontSize\": \"80%\", \"valueMaps\": [ + { \"op\": \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], \"valueName\": \"avg\" + }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, + \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": { \"h\": 4, \"w\": 6, + \"x\": 12, \"y\": 7 }, \"id\": 99, \"legend\": { \"alignAsTable\": false, \"avg\": + false, \"current\": false, \"hideEmpty\": false, \"hideZero\": false, \"max\": + false, \"min\": false, \"rightSide\": true, \"show\": true, \"total\": false, + \"values\": false }, \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": + \"null\", \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": + \"flot\", \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[1m])) + by (le))\", \"format\": \"time_series\", \"interval\": \"\", \"intervalFactor\": + 1, \"legendFormat\": \"P50\", \"refId\": \"A\" }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[1m])) + by (le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": + 1, \"legendFormat\": \"P90\", \"refId\": \"B\" }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",destination_service=~\\\"$service\\\"}[1m])) + by (le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": + 1, \"legendFormat\": \"P99\", \"refId\": \"C\" } ], \"thresholds\": [], \"timeFrom\": + null, \"timeShift\": null, \"title\": \"Server Request Duration\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"s\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": null, \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } }, { \"cacheTimeout\": null, \"colorBackground\": + false, \"colorValue\": false, \"colors\": [ \"#299c46\", \"rgba(237, 129, 40, + 0.89)\", \"#d44a3a\" ], \"datasource\": \"Prometheus\", \"format\": \"Bps\", \"gauge\": + { \"maxValue\": 100, \"minValue\": 0, \"show\": false, \"thresholdLabels\": false, + \"thresholdMarkers\": true }, \"gridPos\": { \"h\": 4, \"w\": 6, \"x\": 18, \"y\": + 7 }, \"id\": 100, \"interval\": null, \"links\": [], \"mappingType\": 1, \"mappingTypes\": + [ { \"name\": \"value to text\", \"value\": 1 }, { \"name\": \"range to text\", + \"value\": 2 } ], \"maxDataPoints\": 100, \"nullPointMode\": \"connected\", \"nullText\": + null, \"postfix\": \"\", \"postfixFontSize\": \"50%\", \"prefix\": \"\", \"prefixFontSize\": + \"50%\", \"rangeMaps\": [ { \"from\": \"null\", \"text\": \"N/A\", \"to\": \"null\" + } ], \"sparkline\": { \"fillColor\": \"rgba(31, 118, 189, 0.18)\", \"full\": true, + \"lineColor\": \"rgb(31, 120, 193)\", \"show\": true }, \"tableColumn\": \"\", + \"targets\": [ { \"expr\": \"sum(irate(istio_tcp_sent_bytes_total{reporter=\\\"source\\\", + destination_service=~\\\"$service\\\"}[1m])) \", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"\", \"refId\": \"A\" + } ], \"thresholds\": \"\", \"title\": \"TCP Sent Bytes\", \"transparent\": false, + \"type\": \"singlestat\", \"valueFontSize\": \"80%\", \"valueMaps\": [ { \"op\": + \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], \"valueName\": \"avg\" }, { + \"content\": \"
\\nCLIENT + WORKLOADS\\n
\", \"gridPos\": { \"h\": 3, \"w\": 24, \"x\": 0, \"y\": + 11 }, \"id\": 45, \"links\": [], \"mode\": \"html\", \"title\": \"\", \"transparent\": + true, \"type\": \"text\" }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": + 10, \"dashes\": false, \"datasource\": \"Prometheus\", \"fill\": 0, \"gridPos\": + { \"h\": 6, \"w\": 12, \"x\": 0, \"y\": 14 }, \"id\": 25, \"legend\": { \"avg\": + false, \"current\": false, \"hideEmpty\": true, \"max\": false, \"min\": false, + \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": + 1, \"links\": [], \"nullPointMode\": \"null as zero\", \"percentage\": false, + \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_requests_total{connection_security_policy=\\\"mutual_tls\\\",destination_service=~\\\"$service\\\",reporter=\\\"source\\\",source_workload=~\\\"$srcwl\\\",source_workload_namespace=~\\\"$srcns\\\"}[5m])) + by (source_workload, source_workload_namespace, response_code), 0.001)\", \"format\": + \"time_series\", \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload + }}.{{ source_workload_namespace }} : {{ response_code }} (\U0001F510mTLS)\", \"refId\": + \"B\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_requests_total{connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", reporter=\\\"source\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[5m])) by (source_workload, source_workload_namespace, + response_code), 0.001)\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": + 1, \"legendFormat\": \"{{ source_workload }}.{{ source_workload_namespace }} : + {{ response_code }}\", \"refId\": \"A\", \"step\": 2 } ], \"thresholds\": [], + \"timeFrom\": null, \"timeShift\": null, \"title\": \"Incoming Requests by Source + And Response Code\", \"tooltip\": { \"shared\": false, \"sort\": 0, \"value_type\": + \"individual\" }, \"type\": \"graph\", \"xaxis\": { \"buckets\": null, \"mode\": + \"time\", \"name\": null, \"show\": true, \"values\": [ \"total\" ] }, \"yaxes\": + [ { \"format\": \"ops\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": + \"0\", \"show\": true }, { \"format\": \"short\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": { \"align\": + false, \"alignLevel\": null } }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": + 10, \"dashes\": false, \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": + { \"h\": 6, \"w\": 12, \"x\": 12, \"y\": 14 }, \"id\": 26, \"legend\": { \"avg\": + false, \"current\": false, \"hideEmpty\": true, \"hideZero\": false, \"max\": + false, \"min\": false, \"show\": true, \"total\": false, \"values\": false }, + \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", + \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", + \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m])) + by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m])) + by (source_workload, source_workload_namespace)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload + }}.{{ source_workload_namespace }} (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": + 2 }, { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[5m])) by (source_workload, source_workload_namespace) + / sum(irate(istio_requests_total{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m])) + by (source_workload, source_workload_namespace)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload + }}.{{ source_workload_namespace }}\", \"refId\": \"B\", \"step\": 2 } ], \"thresholds\": + [], \"timeFrom\": null, \"timeShift\": null, \"title\": \"Incoming Success Rate + (non-5xx responses) By Source\", \"tooltip\": { \"shared\": true, \"sort\": 0, + \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": { \"buckets\": + null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": [] }, \"yaxes\": + [ { \"format\": \"percentunit\", \"label\": null, \"logBase\": 1, \"max\": \"1.01\", + \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": { \"align\": + false, \"alignLevel\": null } }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": + 10, \"dashes\": false, \"datasource\": \"Prometheus\", \"description\": \"\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": 0, \"y\": 20 }, \"id\": + 27, \"legend\": { \"alignAsTable\": false, \"avg\": false, \"current\": false, + \"hideEmpty\": true, \"hideZero\": false, \"max\": false, \"min\": false, \"rightSide\": + false, \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, + \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", \"percentage\": + false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P50 (\U0001F510mTLS)\", \"refId\": \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P90 (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P95 (\U0001F510mTLS)\", \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P99 (\U0001F510mTLS)\", \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P50\", \"refId\": \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P90\", \"refId\": \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P95\", \"refId\": \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P99\", \"refId\": \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, + \"timeShift\": null, \"title\": \"Incoming Request Duration by Source\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"s\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } }, { \"aliasColors\": {}, \"bars\": + false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": 8, \"y\": 20 }, \"id\": + 28, \"legend\": { \"alignAsTable\": false, \"avg\": false, \"current\": false, + \"hideEmpty\": true, \"max\": false, \"min\": false, \"rightSide\": false, \"show\": + true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": 1, + \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P50 (\U0001F510mTLS)\", \"refId\": \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + \ P90 (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P95 (\U0001F510mTLS)\", \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + \ P99 (\U0001F510mTLS)\", \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P50\", \"refId\": \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P90\", \"refId\": \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P95\", \"refId\": \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P99\", \"refId\": \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, + \"timeShift\": null, \"title\": \"Incoming Request Size By Source\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"decbytes\", \"label\": null, + \"logBase\": 1, \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": + \"short\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": + false } ], \"yaxis\": { \"align\": false, \"alignLevel\": null } }, { \"aliasColors\": + {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": 16, \"y\": 20 }, \"id\": + 68, \"legend\": { \"alignAsTable\": false, \"avg\": false, \"current\": false, + \"hideEmpty\": true, \"max\": false, \"min\": false, \"rightSide\": false, \"show\": + true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": 1, + \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P50 (\U0001F510mTLS)\", \"refId\": \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + \ P90 (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P95 (\U0001F510mTLS)\", \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + \ P99 (\U0001F510mTLS)\", \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P50\", \"refId\": \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P90\", \"refId\": \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P95\", \"refId\": \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P99\", \"refId\": \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, + \"timeShift\": null, \"title\": \"Response Size By Source\", \"tooltip\": { \"shared\": + true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"decbytes\", \"label\": null, \"logBase\": 1, + \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } }, { \"aliasColors\": {}, \"bars\": + false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 12, \"x\": 0, \"y\": 26 }, \"id\": + 80, \"legend\": { \"avg\": false, \"current\": false, \"max\": false, \"min\": + false, \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, + \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", \"percentage\": + false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace), 0.001)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload + }}.{{ source_workload_namespace}} (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": + 2 }, { \"expr\": \"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace), 0.001)\", \"format\": \"time_series\", + \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload }}.{{ source_workload_namespace}}\", + \"refId\": \"B\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Bytes Received from Incoming TCP Connection\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"Bps\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": true } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } }, { \"aliasColors\": {}, \"bars\": + false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 12, \"x\": 12, \"y\": 26 }, \"id\": + 82, \"legend\": { \"avg\": false, \"current\": false, \"max\": false, \"min\": + false, \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, + \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", \"percentage\": + false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\\\"mutual_tls\\\", + reporter=\\\"source\\\", destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace), + 0.001)\", \"format\": \"time_series\", \"intervalFactor\": 1, \"legendFormat\": + \"{{ source_workload }}.{{ source_workload_namespace}} (\U0001F510mTLS)\", \"refId\": + \"A\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\\\"mutual_tls\\\", + reporter=\\\"source\\\", destination_service=~\\\"$service\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace), + 0.001)\", \"format\": \"time_series\", \"intervalFactor\": 1, \"legendFormat\": + \"{{ source_workload }}.{{ source_workload_namespace}}\", \"refId\": \"B\", \"step\": + 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": null, \"title\": + \"Bytes Sent to Incoming TCP Connection\", \"tooltip\": { \"shared\": true, \"sort\": + 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": { \"buckets\": + null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": [] }, \"yaxes\": + [ { \"format\": \"Bps\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": + \"0\", \"show\": true }, { \"format\": \"short\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": null, \"show\": true } ], \"yaxis\": { \"align\": false, + \"alignLevel\": null } }, { \"content\": \"
\\nSERVICE + WORKLOADS\\n
\", \"gridPos\": { \"h\": 3, \"w\": 24, \"x\": 0, \"y\": + 32 }, \"id\": 69, \"links\": [], \"mode\": \"html\", \"title\": \"\", \"transparent\": + true, \"type\": \"text\" }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": + 10, \"dashes\": false, \"datasource\": \"Prometheus\", \"fill\": 0, \"gridPos\": + { \"h\": 6, \"w\": 12, \"x\": 0, \"y\": 35 }, \"id\": 90, \"legend\": { \"avg\": + false, \"current\": false, \"hideEmpty\": true, \"max\": false, \"min\": false, + \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": + 1, \"links\": [], \"nullPointMode\": \"null as zero\", \"percentage\": false, + \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_requests_total{connection_security_policy=\\\"mutual_tls\\\",destination_service=~\\\"$service\\\",reporter=\\\"destination\\\",destination_workload=~\\\"$dstwl\\\",destination_workload_namespace=~\\\"$dstns\\\"}[5m])) + by (destination_workload, destination_workload_namespace, response_code), 0.001)\", + \"format\": \"time_series\", \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_workload + }}.{{ destination_workload_namespace }} : {{ response_code }} (\U0001F510mTLS)\", + \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_requests_total{connection_security_policy!=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", reporter=\\\"destination\\\", destination_workload=~\\\"$dstwl\\\", + destination_workload_namespace=~\\\"$dstns\\\"}[5m])) by (destination_workload, + destination_workload_namespace, response_code), 0.001)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_workload + }}.{{ destination_workload_namespace }} : {{ response_code }}\", \"refId\": \"A\", + \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": null, + \"title\": \"Incoming Requests by Destination And Response Code\", \"tooltip\": + { \"shared\": false, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": + \"graph\", \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, + \"show\": true, \"values\": [ \"total\" ] }, \"yaxes\": [ { \"format\": \"ops\", + \"label\": null, \"logBase\": 1, \"max\": null, \"min\": \"0\", \"show\": true + }, { \"format\": \"short\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": + null, \"show\": false } ], \"yaxis\": { \"align\": false, \"alignLevel\": null + } }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, + \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 12, + \"x\": 12, \"y\": 35 }, \"id\": 91, \"legend\": { \"avg\": false, \"current\": + false, \"hideEmpty\": true, \"hideZero\": false, \"max\": false, \"min\": false, + \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": + 1, \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[5m])) + by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[5m])) + by (destination_workload, destination_workload_namespace)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_workload + }}.{{ destination_workload_namespace }} (\U0001F510mTLS)\", \"refId\": \"A\", + \"step\": 2 }, { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\",response_code!~\\\"5.*\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[5m])) + by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[5m])) + by (destination_workload, destination_workload_namespace)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_workload + }}.{{ destination_workload_namespace }}\", \"refId\": \"B\", \"step\": 2 } ], + \"thresholds\": [], \"timeFrom\": null, \"timeShift\": null, \"title\": \"Incoming + Success Rate (non-5xx responses) By Source\", \"tooltip\": { \"shared\": true, + \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"percentunit\", \"label\": null, \"logBase\": + 1, \"max\": \"1.01\", \"min\": \"0\", \"show\": true }, { \"format\": \"short\", + \"label\": null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false + } ], \"yaxis\": { \"align\": false, \"alignLevel\": null } }, { \"aliasColors\": + {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"description\": \"\", \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": + 0, \"y\": 41 }, \"id\": 94, \"legend\": { \"alignAsTable\": false, \"avg\": false, + \"current\": false, \"hideEmpty\": true, \"hideZero\": false, \"max\": false, + \"min\": false, \"rightSide\": false, \"show\": true, \"total\": false, \"values\": + false }, \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": + \"null\", \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": + \"flot\", \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P50 (\U0001F510mTLS)\", + \"refId\": \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P90 (\U0001F510mTLS)\", + \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P95 (\U0001F510mTLS)\", + \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P99 (\U0001F510mTLS)\", + \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P50\", \"refId\": + \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P90\", \"refId\": + \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P95\", \"refId\": + \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P99\", \"refId\": + \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Incoming Request Duration by Source\", \"tooltip\": { \"shared\": + true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"s\", \"label\": null, \"logBase\": 1, \"max\": + null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": null, + \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } }, { \"aliasColors\": {}, \"bars\": + false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": 8, \"y\": 41 }, \"id\": + 95, \"legend\": { \"alignAsTable\": false, \"avg\": false, \"current\": false, + \"hideEmpty\": true, \"max\": false, \"min\": false, \"rightSide\": false, \"show\": + true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": 1, + \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P50 (\U0001F510mTLS)\", + \"refId\": \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P90 (\U0001F510mTLS)\", + \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P95 (\U0001F510mTLS)\", + \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P99 (\U0001F510mTLS)\", + \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P50\", \"refId\": + \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P90\", \"refId\": + \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P95\", \"refId\": + \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P99\", \"refId\": + \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Incoming Request Size By Source\", \"tooltip\": { \"shared\": + true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"decbytes\", \"label\": null, \"logBase\": 1, + \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } }, { \"aliasColors\": {}, \"bars\": + false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": 16, \"y\": 41 }, \"id\": + 96, \"legend\": { \"alignAsTable\": false, \"avg\": false, \"current\": false, + \"hideEmpty\": true, \"max\": false, \"min\": false, \"rightSide\": false, \"show\": + true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": 1, + \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P50 (\U0001F510mTLS)\", + \"refId\": \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P90 (\U0001F510mTLS)\", + \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P95 (\U0001F510mTLS)\", + \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P99 (\U0001F510mTLS)\", + \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P50\", \"refId\": + \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P90\", \"refId\": + \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P95\", \"refId\": + \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace }} P99\", \"refId\": + \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Response Size By Source\", \"tooltip\": { \"shared\": true, + \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"decbytes\", \"label\": null, \"logBase\": 1, + \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } }, { \"aliasColors\": {}, \"bars\": + false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 12, \"x\": 0, \"y\": 47 }, \"id\": + 92, \"legend\": { \"avg\": false, \"current\": false, \"max\": false, \"min\": + false, \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, + \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", \"percentage\": + false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace), 0.001)\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_workload }}.{{ destination_workload_namespace}} (\U0001F510mTLS)\", + \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_service=~\\\"$service\\\", + destination_workload=~\\\"$dstwl\\\", destination_workload_namespace=~\\\"$dstns\\\"}[1m])) + by (destination_workload, destination_workload_namespace), 0.001)\", \"format\": + \"time_series\", \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_workload + }}.{{ destination_workload_namespace}}\", \"refId\": \"B\", \"step\": 2 } ], \"thresholds\": + [], \"timeFrom\": null, \"timeShift\": null, \"title\": \"Bytes Received from + Incoming TCP Connection\", \"tooltip\": { \"shared\": true, \"sort\": 0, \"value_type\": + \"individual\" }, \"type\": \"graph\", \"xaxis\": { \"buckets\": null, \"mode\": + \"time\", \"name\": null, \"show\": true, \"values\": [] }, \"yaxes\": [ { \"format\": + \"Bps\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": \"0\", \"show\": + true }, { \"format\": \"short\", \"label\": null, \"logBase\": 1, \"max\": null, + \"min\": null, \"show\": true } ], \"yaxis\": { \"align\": false, \"alignLevel\": + null } }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": 10, \"dashes\": + false, \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": + 12, \"x\": 12, \"y\": 47 }, \"id\": 93, \"legend\": { \"avg\": false, \"current\": + false, \"max\": false, \"min\": false, \"show\": true, \"total\": false, \"values\": + false }, \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": + \"null\", \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": + \"flot\", \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\\\"mutual_tls\\\", + reporter=\\\"source\\\", destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", + destination_workload_namespace=~\\\"$dstns\\\"}[1m])) by (destination_workload, + destination_workload_namespace), 0.001)\", \"format\": \"time_series\", \"intervalFactor\": + 1, \"legendFormat\": \"{{ destination_workload }}.{{destination_workload_namespace + }} (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\\\"mutual_tls\\\", + reporter=\\\"source\\\", destination_service=~\\\"$service\\\", destination_workload=~\\\"$dstwl\\\", + destination_workload_namespace=~\\\"$dstns\\\"}[1m])) by (destination_workload, + destination_workload_namespace), 0.001)\", \"format\": \"time_series\", \"intervalFactor\": + 1, \"legendFormat\": \"{{ destination_workload }}.{{destination_workload_namespace + }}\", \"refId\": \"B\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, + \"timeShift\": null, \"title\": \"Bytes Sent to Incoming TCP Connection\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"Bps\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": true } ], \"yaxis\": + { \"align\": false, \"alignLevel\": null } } ], \"refresh\": \"10s\", \"schemaVersion\": + 16, \"style\": \"dark\", \"tags\": [], \"templating\": { \"list\": [ { \"allValue\": + null, \"datasource\": \"Prometheus\", \"hide\": 0, \"includeAll\": false, \"label\": + \"Service\", \"multi\": false, \"name\": \"service\", \"options\": [], \"query\": + \"label_values(destination_service)\", \"refresh\": 1, \"regex\": \"\", \"sort\": + 0, \"tagValuesQuery\": \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": \"query\", + \"useTags\": false }, { \"allValue\": null, \"current\": { \"text\": \"All\", + \"value\": \"$__all\" }, \"datasource\": \"Prometheus\", \"hide\": 0, \"includeAll\": + true, \"label\": \"Client Workload Namespace\", \"multi\": true, \"name\": \"srcns\", + \"options\": [], \"query\": \"query_result( sum(istio_requests_total{reporter=\\\"destination\\\", + destination_service=\\\"$service\\\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\", + destination_service=~\\\"$service\\\"}) by (source_workload_namespace))\", \"refresh\": + 1, \"regex\": \"/.*namespace=\\\"([^\\\"]*).*/\", \"sort\": 2, \"tagValuesQuery\": + \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": \"query\", \"useTags\": false + }, { \"allValue\": null, \"current\": { \"text\": \"All\", \"value\": \"$__all\" + }, \"datasource\": \"Prometheus\", \"hide\": 0, \"includeAll\": true, \"label\": + \"Client Workload\", \"multi\": true, \"name\": \"srcwl\", \"options\": [], \"query\": + \"query_result( sum(istio_requests_total{reporter=\\\"destination\\\", destination_service=~\\\"$service\\\", + source_workload_namespace=~\\\"$srcns\\\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\", + destination_service=~\\\"$service\\\", source_workload_namespace=~\\\"$srcns\\\"}) + by (source_workload))\", \"refresh\": 1, \"regex\": \"/.*workload=\\\"([^\\\"]*).*/\", + \"sort\": 3, \"tagValuesQuery\": \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": + \"query\", \"useTags\": false }, { \"allValue\": null, \"current\": { \"text\": + \"All\", \"value\": \"$__all\" }, \"datasource\": \"Prometheus\", \"hide\": 0, + \"includeAll\": true, \"label\": \"Service Workload Namespace\", \"multi\": true, + \"name\": \"dstns\", \"options\": [], \"query\": \"query_result( sum(istio_requests_total{reporter=\\\"destination\\\", + destination_service=\\\"$service\\\"}) by (destination_workload_namespace) or + sum(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\", destination_service=~\\\"$service\\\"}) + by (destination_workload_namespace))\", \"refresh\": 1, \"regex\": \"/.*namespace=\\\"([^\\\"]*).*/\", + \"sort\": 2, \"tagValuesQuery\": \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": + \"query\", \"useTags\": false }, { \"allValue\": null, \"current\": { \"text\": + \"All\", \"value\": \"$__all\" }, \"datasource\": \"Prometheus\", \"hide\": 0, + \"includeAll\": true, \"label\": \"Service Workload\", \"multi\": true, \"name\": + \"dstwl\", \"options\": [], \"query\": \"query_result( sum(istio_requests_total{reporter=\\\"destination\\\", + destination_service=~\\\"$service\\\", destination_workload_namespace=~\\\"$dstns\\\"}) + by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\", + destination_service=~\\\"$service\\\", destination_workload_namespace=~\\\"$dstns\\\"}) + by (destination_workload))\", \"refresh\": 1, \"regex\": \"/.*workload=\\\"([^\\\"]*).*/\", + \"sort\": 3, \"tagValuesQuery\": \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": + \"query\", \"useTags\": false } ] }, \"time\": { \"from\": \"now-5m\", \"to\": + \"now\" }, \"timepicker\": { \"refresh_intervals\": [ \"5s\", \"10s\", \"30s\", + \"1m\", \"5m\", \"15m\", \"30m\", \"1h\", \"2h\", \"1d\" ], \"time_options\": + [ \"5m\", \"15m\", \"1h\", \"6h\", \"12h\", \"24h\", \"2d\", \"7d\", \"30d\" ] + }, \"timezone\": \"\", \"title\": \"Istio Service Dashboard\", \"uid\": \"LJ_uJAvmk\", + \"version\": 1 } " +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana-configuration-dashboards-istio-service-dashboard + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-workload-dashboard.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-workload-dashboard.yaml new file mode 100644 index 000000000..a3022b2ca --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-istio-workload-dashboard.yaml @@ -0,0 +1,744 @@ +apiVersion: v1 +data: + istio-workload-dashboard.json: "{ \"__inputs\": [ { \"name\": \"DS_PROMETHEUS\", + \"label\": \"Prometheus\", \"description\": \"\", \"type\": \"datasource\", \"pluginId\": + \"prometheus\", \"pluginName\": \"Prometheus\" } ], \"__requires\": [ { \"type\": + \"grafana\", \"id\": \"grafana\", \"name\": \"Grafana\", \"version\": \"5.0.4\" + }, { \"type\": \"panel\", \"id\": \"graph\", \"name\": \"Graph\", \"version\": + \"5.0.0\" }, { \"type\": \"datasource\", \"id\": \"prometheus\", \"name\": \"Prometheus\", + \"version\": \"5.0.0\" }, { \"type\": \"panel\", \"id\": \"singlestat\", \"name\": + \"Singlestat\", \"version\": \"5.0.0\" }, { \"type\": \"panel\", \"id\": \"text\", + \"name\": \"Text\", \"version\": \"5.0.0\" } ], \"annotations\": { \"list\": [ + { \"builtIn\": 1, \"datasource\": \"-- Grafana --\", \"enable\": true, \"hide\": + true, \"iconColor\": \"rgba(0, 211, 255, 1)\", \"name\": \"Annotations & Alerts\", + \"type\": \"dashboard\" } ] }, \"editable\": false, \"gnetId\": null, \"graphTooltip\": + 0, \"id\": null, \"iteration\": 1531345461465, \"links\": [], \"panels\": [ { + \"content\": \"
\\nWORKLOAD: + $workload.$namespace\\n
\", \"gridPos\": { \"h\": 3, \"w\": 24, \"x\": + 0, \"y\": 0 }, \"id\": 89, \"links\": [], \"mode\": \"html\", \"title\": \"\", + \"transparent\": true, \"type\": \"text\" }, { \"cacheTimeout\": null, \"colorBackground\": + false, \"colorValue\": false, \"colors\": [ \"rgba(245, 54, 54, 0.9)\", \"rgba(237, + 129, 40, 0.89)\", \"rgba(50, 172, 45, 0.97)\" ], \"datasource\": \"Prometheus\", + \"format\": \"ops\", \"gauge\": { \"maxValue\": 100, \"minValue\": 0, \"show\": + false, \"thresholdLabels\": false, \"thresholdMarkers\": true }, \"gridPos\": + { \"h\": 4, \"w\": 8, \"x\": 0, \"y\": 3 }, \"id\": 12, \"interval\": null, \"links\": + [], \"mappingType\": 1, \"mappingTypes\": [ { \"name\": \"value to text\", \"value\": + 1 }, { \"name\": \"range to text\", \"value\": 2 } ], \"maxDataPoints\": 100, + \"nullPointMode\": \"connected\", \"nullText\": null, \"postfix\": \"\", \"postfixFontSize\": + \"50%\", \"prefix\": \"\", \"prefixFontSize\": \"50%\", \"rangeMaps\": [ { \"from\": + \"null\", \"text\": \"N/A\", \"to\": \"null\" } ], \"sparkline\": { \"fillColor\": + \"rgba(31, 118, 189, 0.18)\", \"full\": true, \"lineColor\": \"rgb(31, 120, 193)\", + \"show\": true }, \"tableColumn\": \"\", \"targets\": [ { \"expr\": \"round(sum(irate(istio_requests_total{reporter=\\\"destination\\\",destination_workload_namespace=~\\\"$namespace\\\",destination_workload=~\\\"$workload\\\"}[5m])), + 0.001)\", \"format\": \"time_series\", \"intervalFactor\": 1, \"refId\": \"A\", + \"step\": 4 } ], \"thresholds\": \"\", \"title\": \"Incoming Request Volume\", + \"transparent\": false, \"type\": \"singlestat\", \"valueFontSize\": \"80%\", + \"valueMaps\": [ { \"op\": \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], + \"valueName\": \"current\" }, { \"cacheTimeout\": null, \"colorBackground\": false, + \"colorValue\": false, \"colors\": [ \"rgba(50, 172, 45, 0.97)\", \"rgba(237, + 129, 40, 0.89)\", \"rgba(245, 54, 54, 0.9)\" ], \"datasource\": \"Prometheus\", + \"decimals\": null, \"format\": \"percentunit\", \"gauge\": { \"maxValue\": 100, + \"minValue\": 80, \"show\": false, \"thresholdLabels\": false, \"thresholdMarkers\": + false }, \"gridPos\": { \"h\": 4, \"w\": 8, \"x\": 8, \"y\": 3 }, \"id\": 14, + \"interval\": null, \"links\": [], \"mappingType\": 1, \"mappingTypes\": [ { \"name\": + \"value to text\", \"value\": 1 }, { \"name\": \"range to text\", \"value\": 2 + } ], \"maxDataPoints\": 100, \"nullPointMode\": \"connected\", \"nullText\": null, + \"postfix\": \"\", \"postfixFontSize\": \"50%\", \"prefix\": \"\", \"prefixFontSize\": + \"50%\", \"rangeMaps\": [ { \"from\": \"null\", \"text\": \"N/A\", \"to\": \"null\" + } ], \"sparkline\": { \"fillColor\": \"rgba(31, 118, 189, 0.18)\", \"full\": true, + \"lineColor\": \"rgb(31, 120, 193)\", \"show\": true }, \"tableColumn\": \"\", + \"targets\": [ { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"destination\\\",destination_workload_namespace=~\\\"$namespace\\\",destination_workload=~\\\"$workload\\\",response_code!~\\\"5.*\\\"}[5m])) + / sum(irate(istio_requests_total{reporter=\\\"destination\\\",destination_workload_namespace=~\\\"$namespace\\\",destination_workload=~\\\"$workload\\\"}[5m]))\", + \"format\": \"time_series\", \"intervalFactor\": 1, \"refId\": \"B\" } ], \"thresholds\": + \"95, 99, 99.5\", \"title\": \"Incoming Success Rate (non-5xx responses)\", \"transparent\": + false, \"type\": \"singlestat\", \"valueFontSize\": \"80%\", \"valueMaps\": [ + { \"op\": \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], \"valueName\": \"avg\" + }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, + \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": { \"h\": 4, \"w\": 8, + \"x\": 16, \"y\": 3 }, \"id\": 87, \"legend\": { \"alignAsTable\": false, \"avg\": + false, \"current\": false, \"hideEmpty\": false, \"hideZero\": false, \"max\": + false, \"min\": false, \"rightSide\": true, \"show\": true, \"total\": false, + \"values\": false }, \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": + \"null\", \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": + \"flot\", \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\"}[1m])) by (le))\", \"format\": + \"time_series\", \"interval\": \"\", \"intervalFactor\": 1, \"legendFormat\": + \"P50\", \"refId\": \"A\" }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\"}[1m])) by (le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"P90\", + \"refId\": \"B\" }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\",destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\"}[1m])) by (le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"P99\", + \"refId\": \"C\" } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": null, + \"title\": \"Request Duration\", \"tooltip\": { \"shared\": true, \"sort\": 0, + \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": { \"buckets\": + null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": [] }, \"yaxes\": + [ { \"format\": \"s\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": + null, \"show\": true }, { \"format\": \"short\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": null, \"show\": false } ] }, { \"cacheTimeout\": null, + \"colorBackground\": false, \"colorValue\": false, \"colors\": [ \"#299c46\", + \"rgba(237, 129, 40, 0.89)\", \"#d44a3a\" ], \"datasource\": \"Prometheus\", \"format\": + \"Bps\", \"gauge\": { \"maxValue\": 100, \"minValue\": 0, \"show\": false, \"thresholdLabels\": + false, \"thresholdMarkers\": true }, \"gridPos\": { \"h\": 4, \"w\": 12, \"x\": + 0, \"y\": 7 }, \"id\": 84, \"interval\": null, \"links\": [], \"mappingType\": + 1, \"mappingTypes\": [ { \"name\": \"value to text\", \"value\": 1 }, { \"name\": + \"range to text\", \"value\": 2 } ], \"maxDataPoints\": 100, \"nullPointMode\": + \"connected\", \"nullText\": null, \"postfix\": \"\", \"postfixFontSize\": \"50%\", + \"prefix\": \"\", \"prefixFontSize\": \"50%\", \"rangeMaps\": [ { \"from\": \"null\", + \"text\": \"N/A\", \"to\": \"null\" } ], \"sparkline\": { \"fillColor\": \"rgba(31, + 118, 189, 0.18)\", \"full\": true, \"lineColor\": \"rgb(31, 120, 193)\", \"show\": + true }, \"tableColumn\": \"\", \"targets\": [ { \"expr\": \"sum(irate(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\", + destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\"}[1m])) + + sum(irate(istio_tcp_received_bytes_total{reporter=\\\"destination\\\", destination_workload_namespace=~\\\"$namespace\\\", + destination_workload=~\\\"$workload\\\"}[1m]))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"\", \"refId\": \"A\" + } ], \"thresholds\": \"\", \"title\": \"TCP Server Traffic\", \"transparent\": + false, \"type\": \"singlestat\", \"valueFontSize\": \"80%\", \"valueMaps\": [ + { \"op\": \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], \"valueName\": \"avg\" + }, { \"cacheTimeout\": null, \"colorBackground\": false, \"colorValue\": false, + \"colors\": [ \"#299c46\", \"rgba(237, 129, 40, 0.89)\", \"#d44a3a\" ], \"datasource\": + \"Prometheus\", \"format\": \"Bps\", \"gauge\": { \"maxValue\": 100, \"minValue\": + 0, \"show\": false, \"thresholdLabels\": false, \"thresholdMarkers\": true }, + \"gridPos\": { \"h\": 4, \"w\": 12, \"x\": 12, \"y\": 7 }, \"id\": 85, \"interval\": + null, \"links\": [], \"mappingType\": 1, \"mappingTypes\": [ { \"name\": \"value + to text\", \"value\": 1 }, { \"name\": \"range to text\", \"value\": 2 } ], \"maxDataPoints\": + 100, \"nullPointMode\": \"connected\", \"nullText\": null, \"postfix\": \"\", + \"postfixFontSize\": \"50%\", \"prefix\": \"\", \"prefixFontSize\": \"50%\", \"rangeMaps\": + [ { \"from\": \"null\", \"text\": \"N/A\", \"to\": \"null\" } ], \"sparkline\": + { \"fillColor\": \"rgba(31, 118, 189, 0.18)\", \"full\": true, \"lineColor\": + \"rgb(31, 120, 193)\", \"show\": true }, \"tableColumn\": \"\", \"targets\": [ + { \"expr\": \"sum(irate(istio_tcp_sent_bytes_total{reporter=\\\"source\\\", source_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$workload\\\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\\\"source\\\", + source_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$workload\\\"}[1m]))\", + \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"\", \"refId\": \"A\" } ], \"thresholds\": \"\", \"title\": \"TCP Client Traffic\", + \"transparent\": false, \"type\": \"singlestat\", \"valueFontSize\": \"80%\", + \"valueMaps\": [ { \"op\": \"=\", \"text\": \"N/A\", \"value\": \"null\" } ], + \"valueName\": \"avg\" }, { \"content\": \"
\\nINBOUND + WORKLOADS\\n
\", \"gridPos\": { \"h\": 3, \"w\": 24, \"x\": 0, \"y\": + 11 }, \"id\": 45, \"links\": [], \"mode\": \"html\", \"title\": \"\", \"transparent\": + true, \"type\": \"text\" }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": + 10, \"dashes\": false, \"datasource\": \"Prometheus\", \"fill\": 0, \"gridPos\": + { \"h\": 6, \"w\": 12, \"x\": 0, \"y\": 14 }, \"id\": 25, \"legend\": { \"avg\": + false, \"current\": false, \"hideEmpty\": true, \"max\": false, \"min\": false, + \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": + 1, \"links\": [], \"nullPointMode\": \"null as zero\", \"percentage\": false, + \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_requests_total{connection_security_policy=\\\"mutual_tls\\\", + destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\", + reporter=\\\"destination\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m])) + by (source_workload, source_workload_namespace, response_code), 0.001)\", \"format\": + \"time_series\", \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload + }}.{{ source_workload_namespace }} : {{ response_code }} (\U0001F510mTLS)\", \"refId\": + \"B\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_requests_total{connection_security_policy!=\\\"mutual_tls\\\", + destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\", + reporter=\\\"destination\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m])) + by (source_workload, source_workload_namespace, response_code), 0.001)\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + source_workload }}.{{ source_workload_namespace }} : {{ response_code }}\", \"refId\": + \"A\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Incoming Requests by Source And Response Code\", \"tooltip\": + { \"shared\": false, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": + \"graph\", \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, + \"show\": true, \"values\": [ \"total\" ] }, \"yaxes\": [ { \"format\": \"ops\", + \"label\": null, \"logBase\": 1, \"max\": null, \"min\": \"0\", \"show\": true + }, { \"format\": \"short\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": + null, \"show\": false } ] }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": + 10, \"dashes\": false, \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": + { \"h\": 6, \"w\": 12, \"x\": 12, \"y\": 14 }, \"id\": 26, \"legend\": { \"avg\": + false, \"current\": false, \"hideEmpty\": true, \"hideZero\": false, \"max\": + false, \"min\": false, \"show\": true, \"total\": false, \"values\": false }, + \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", + \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", + \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload_namespace=~\\\"$namespace\\\", + destination_workload=~\\\"$workload\\\",response_code!~\\\"5.*\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[5m])) by (source_workload, source_workload_namespace) + / sum(rate(istio_requests_total{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m])) + by (source_workload, source_workload_namespace)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload + }}.{{ source_workload_namespace }} (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": + 2 }, { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload_namespace=~\\\"$namespace\\\", + destination_workload=~\\\"$workload\\\",response_code!~\\\"5.*\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[5m])) by (source_workload, source_workload_namespace) + / sum(rate(istio_requests_total{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_workload_namespace=~\\\"$namespace\\\", destination_workload=~\\\"$workload\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[5m])) + by (source_workload, source_workload_namespace)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload + }}.{{ source_workload_namespace }}\", \"refId\": \"B\", \"step\": 2 } ], \"thresholds\": + [], \"timeFrom\": null, \"timeShift\": null, \"title\": \"Incoming Success Rate + (non-5xx responses) By Source\", \"tooltip\": { \"shared\": true, \"sort\": 0, + \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": { \"buckets\": + null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": [] }, \"yaxes\": + [ { \"format\": \"percentunit\", \"label\": null, \"logBase\": 1, \"max\": \"1.01\", + \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": null, \"show\": false } ] }, { \"aliasColors\": {}, + \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"description\": \"\", \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": + 0, \"y\": 20 }, \"id\": 27, \"legend\": { \"alignAsTable\": false, \"avg\": false, + \"current\": false, \"hideEmpty\": true, \"hideZero\": false, \"max\": false, + \"min\": false, \"rightSide\": false, \"show\": true, \"total\": false, \"values\": + false }, \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": + \"null\", \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": + \"flot\", \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P50 (\U0001F510mTLS)\", \"refId\": + \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P90 (\U0001F510mTLS)\", \"refId\": + \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P95 (\U0001F510mTLS)\", \"refId\": + \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P99 (\U0001F510mTLS)\", \"refId\": + \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P50\", \"refId\": \"E\", \"step\": + 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P90\", \"refId\": \"F\", \"step\": + 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P95\", \"refId\": \"G\", \"step\": + 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P99\", \"refId\": \"H\", \"step\": + 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": null, \"title\": + \"Incoming Request Duration by Source\", \"tooltip\": { \"shared\": true, \"sort\": + 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": { \"buckets\": + null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": [] }, \"yaxes\": + [ { \"format\": \"s\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": + \"0\", \"show\": true }, { \"format\": \"short\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": null, \"show\": false } ] }, { \"aliasColors\": {}, + \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": 8, \"y\": 20 }, \"id\": + 28, \"legend\": { \"alignAsTable\": false, \"avg\": false, \"current\": false, + \"hideEmpty\": true, \"max\": false, \"min\": false, \"rightSide\": false, \"show\": + true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": 1, + \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P50 (\U0001F510mTLS)\", \"refId\": \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + \ P90 (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P95 (\U0001F510mTLS)\", \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy=\\\"mutual_tls\\\", + destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + \ P99 (\U0001F510mTLS)\", \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P50\", \"refId\": \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P90\", \"refId\": \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P95\", \"refId\": \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, + sum(irate(istio_request_bytes_bucket{reporter=\\\"destination\\\", connection_security_policy!=\\\"mutual_tls\\\", + destination_workload=~\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace, le))\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{source_workload}}.{{source_workload_namespace}} + P99\", \"refId\": \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, + \"timeShift\": null, \"title\": \"Incoming Request Size By Source\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"decbytes\", \"label\": null, + \"logBase\": 1, \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": + \"short\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": + false } ] }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": 10, \"dashes\": + false, \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": + 8, \"x\": 16, \"y\": 20 }, \"id\": 68, \"legend\": { \"alignAsTable\": false, + \"avg\": false, \"current\": false, \"hideEmpty\": true, \"max\": false, \"min\": + false, \"rightSide\": false, \"show\": true, \"total\": false, \"values\": false + }, \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", + \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", + \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P50 (\U0001F510mTLS)\", \"refId\": + \"D\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P90 (\U0001F510mTLS)\", \"refId\": + \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P95 (\U0001F510mTLS)\", \"refId\": + \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P99 (\U0001F510mTLS)\", \"refId\": + \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P50\", \"refId\": \"E\", \"step\": + 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P90\", \"refId\": \"F\", \"step\": + 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P95\", \"refId\": \"G\", \"step\": + 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload=~\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$srcwl\\\", + source_workload_namespace=~\\\"$srcns\\\"}[1m])) by (source_workload, source_workload_namespace, + le))\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": + \"{{source_workload}}.{{source_workload_namespace}} P99\", \"refId\": \"H\", \"step\": + 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": null, \"title\": + \"Response Size By Source\", \"tooltip\": { \"shared\": true, \"sort\": 0, \"value_type\": + \"individual\" }, \"type\": \"graph\", \"xaxis\": { \"buckets\": null, \"mode\": + \"time\", \"name\": null, \"show\": true, \"values\": [] }, \"yaxes\": [ { \"format\": + \"decbytes\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": \"0\", + \"show\": true }, { \"format\": \"short\", \"label\": null, \"logBase\": 1, \"max\": + null, \"min\": null, \"show\": false } ] }, { \"aliasColors\": {}, \"bars\": false, + \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", \"fill\": + 1, \"gridPos\": { \"h\": 6, \"w\": 12, \"x\": 0, \"y\": 26 }, \"id\": 80, \"legend\": + { \"avg\": false, \"current\": false, \"max\": false, \"min\": false, \"show\": + true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": 1, + \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"destination\\\", + connection_security_policy=\\\"mutual_tls\\\", destination_workload_namespace=~\\\"$namespace\\\", + destination_workload=~\\\"$workload\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace), 0.001)\", \"format\": \"time_series\", + \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload + }}.{{ source_workload_namespace}} (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": + 2 }, { \"expr\": \"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"destination\\\", + connection_security_policy!=\\\"mutual_tls\\\", destination_workload_namespace=~\\\"$namespace\\\", + destination_workload=~\\\"$workload\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace), 0.001)\", \"format\": \"time_series\", + \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload }}.{{ source_workload_namespace}}\", + \"refId\": \"B\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Bytes Received from Incoming TCP Connection\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"Bps\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": true } ] }, { \"aliasColors\": + {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 12, \"x\": 12, \"y\": 26 }, \"id\": + 82, \"legend\": { \"avg\": false, \"current\": false, \"max\": false, \"min\": + false, \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, + \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", \"percentage\": + false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\\\"mutual_tls\\\", + reporter=\\\"destination\\\", destination_workload_namespace=~\\\"$namespace\\\", + destination_workload=~\\\"$workload\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace), 0.001)\", \"format\": \"time_series\", + \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload }}.{{ source_workload_namespace}} + (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\\\"mutual_tls\\\", + reporter=\\\"destination\\\", destination_workload_namespace=~\\\"$namespace\\\", + destination_workload=~\\\"$workload\\\", source_workload=~\\\"$srcwl\\\", source_workload_namespace=~\\\"$srcns\\\"}[1m])) + by (source_workload, source_workload_namespace), 0.001)\", \"format\": \"time_series\", + \"intervalFactor\": 1, \"legendFormat\": \"{{ source_workload }}.{{ source_workload_namespace}}\", + \"refId\": \"B\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Bytes Sent to Incoming TCP Connection\", \"tooltip\": { \"shared\": + true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"Bps\", \"label\": null, \"logBase\": 1, \"max\": + null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": null, + \"logBase\": 1, \"max\": null, \"min\": null, \"show\": true } ] }, { \"content\": + \"
\\nOUTBOUND SERVICES\\n
\", + \"gridPos\": { \"h\": 3, \"w\": 24, \"x\": 0, \"y\": 32 }, \"id\": 69, \"links\": + [], \"mode\": \"html\", \"title\": \"\", \"transparent\": true, \"type\": \"text\" + }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, + \"datasource\": \"Prometheus\", \"fill\": 0, \"gridPos\": { \"h\": 6, \"w\": 12, + \"x\": 0, \"y\": 35 }, \"id\": 70, \"legend\": { \"avg\": false, \"current\": + false, \"hideEmpty\": true, \"max\": false, \"min\": false, \"show\": true, \"total\": + false, \"values\": false }, \"lines\": true, \"linewidth\": 1, \"links\": [], + \"nullPointMode\": \"null as zero\", \"percentage\": false, \"pointradius\": 5, + \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"round(sum(irate(istio_requests_total{connection_security_policy=\\\"mutual_tls\\\", + source_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$workload\\\", + reporter=\\\"source\\\", destination_service=~\\\"$dstsvc\\\"}[5m])) by (destination_service, + response_code), 0.001)\", \"format\": \"time_series\", \"intervalFactor\": 1, + \"legendFormat\": \"{{ destination_service }} : {{ response_code }} (\U0001F510mTLS)\", + \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_requests_total{connection_security_policy!=\\\"mutual_tls\\\", + source_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$workload\\\", + reporter=\\\"source\\\", destination_service=~\\\"$dstsvc\\\"}[5m])) by (destination_service, + response_code), 0.001)\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": + 1, \"legendFormat\": \"{{ destination_service }} : {{ response_code }}\", \"refId\": + \"A\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Outgoing Requests by Destination And Response Code\", \"tooltip\": + { \"shared\": false, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": + \"graph\", \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, + \"show\": true, \"values\": [ \"total\" ] }, \"yaxes\": [ { \"format\": \"ops\", + \"label\": null, \"logBase\": 1, \"max\": null, \"min\": \"0\", \"show\": true + }, { \"format\": \"short\", \"label\": null, \"logBase\": 1, \"max\": null, \"min\": + null, \"show\": false } ] }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": + 10, \"dashes\": false, \"datasource\": \"Prometheus\", \"fill\": 1, \"gridPos\": + { \"h\": 6, \"w\": 12, \"x\": 12, \"y\": 35 }, \"id\": 71, \"legend\": { \"avg\": + false, \"current\": false, \"hideEmpty\": true, \"hideZero\": false, \"max\": + false, \"min\": false, \"show\": true, \"total\": false, \"values\": false }, + \"lines\": true, \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", + \"percentage\": false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", + \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": + false, \"targets\": [ { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$workload\\\",response_code!~\\\"5.*\\\", destination_service=~\\\"$dstsvc\\\"}[5m])) + by (destination_service) / sum(irate(istio_requests_total{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$workload\\\", destination_service=~\\\"$dstsvc\\\"}[5m])) + by (destination_service)\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": + 1, \"legendFormat\": \"{{ destination_service }} (\U0001F510mTLS)\", \"refId\": + \"A\", \"step\": 2 }, { \"expr\": \"sum(irate(istio_requests_total{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$workload\\\",response_code!~\\\"5.*\\\", destination_service=~\\\"$dstsvc\\\"}[5m])) + by (destination_service) / sum(irate(istio_requests_total{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$workload\\\", destination_service=~\\\"$dstsvc\\\"}[5m])) + by (destination_service)\", \"format\": \"time_series\", \"hide\": false, \"intervalFactor\": + 1, \"legendFormat\": \"{{destination_service }}\", \"refId\": \"B\", \"step\": + 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": null, \"title\": + \"Outgoing Success Rate (non-5xx responses) By Destination\", \"tooltip\": { \"shared\": + true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"percentunit\", \"label\": null, \"logBase\": + 1, \"max\": \"1.01\", \"min\": \"0\", \"show\": true }, { \"format\": \"short\", + \"label\": null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false + } ] }, { \"aliasColors\": {}, \"bars\": false, \"dashLength\": 10, \"dashes\": + false, \"datasource\": \"Prometheus\", \"description\": \"\", \"fill\": 1, \"gridPos\": + { \"h\": 6, \"w\": 8, \"x\": 0, \"y\": 41 }, \"id\": 72, \"legend\": { \"alignAsTable\": + false, \"avg\": false, \"current\": false, \"hideEmpty\": true, \"hideZero\": + false, \"max\": false, \"min\": false, \"rightSide\": false, \"show\": true, \"total\": + false, \"values\": false }, \"lines\": true, \"linewidth\": 1, \"links\": [], + \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": 5, \"points\": + false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": 10, \"stack\": + false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\", + destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_service }} P50 (\U0001F510mTLS)\", \"refId\": \"D\", \"step\": 2 }, + { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P90 (\U0001F510mTLS)\", + \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P95 (\U0001F510mTLS)\", + \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P99 (\U0001F510mTLS)\", + \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P50\", \"refId\": + \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P90\", \"refId\": + \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P95\", \"refId\": + \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P99\", \"refId\": + \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Outgoing Request Duration by Destination\", \"tooltip\": { + \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"s\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ] }, { \"aliasColors\": + {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": 8, \"y\": 41 }, \"id\": + 73, \"legend\": { \"alignAsTable\": false, \"avg\": false, \"current\": false, + \"hideEmpty\": true, \"max\": false, \"min\": false, \"rightSide\": false, \"show\": + true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": 1, + \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\", + destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_service }} P50 (\U0001F510mTLS)\", \"refId\": \"D\", \"step\": 2 }, + { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P90 (\U0001F510mTLS)\", + \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P95 (\U0001F510mTLS)\", + \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P99 (\U0001F510mTLS)\", + \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P50\", \"refId\": + \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P90\", \"refId\": + \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P95\", \"refId\": + \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P99\", \"refId\": + \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Outgoing Request Size By Destination\", \"tooltip\": { \"shared\": + true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"decbytes\", \"label\": null, \"logBase\": 1, + \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ] }, { \"aliasColors\": + {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 8, \"x\": 16, \"y\": 41 }, \"id\": + 74, \"legend\": { \"alignAsTable\": false, \"avg\": false, \"current\": false, + \"hideEmpty\": true, \"max\": false, \"min\": false, \"rightSide\": false, \"show\": + true, \"total\": false, \"values\": false }, \"lines\": true, \"linewidth\": 1, + \"links\": [], \"nullPointMode\": \"null\", \"percentage\": false, \"pointradius\": + 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": [], \"spaceLength\": + 10, \"stack\": false, \"steppedLine\": false, \"targets\": [ { \"expr\": \"histogram_quantile(0.50, + sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", connection_security_policy=\\\"mutual_tls\\\", + source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\", + destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service, le))\", \"format\": + \"time_series\", \"hide\": false, \"intervalFactor\": 1, \"legendFormat\": \"{{ + destination_service }} P50 (\U0001F510mTLS)\", \"refId\": \"D\", \"step\": 2 }, + { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P90 (\U0001F510mTLS)\", + \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P95 (\U0001F510mTLS)\", + \"refId\": \"B\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P99 (\U0001F510mTLS)\", + \"refId\": \"C\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P50\", \"refId\": + \"E\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P90\", \"refId\": + \"F\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P95\", \"refId\": + \"G\", \"step\": 2 }, { \"expr\": \"histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload=~\\\"$workload\\\", + source_workload_namespace=~\\\"$namespace\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service, le))\", \"format\": \"time_series\", \"hide\": false, + \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service }} P99\", \"refId\": + \"H\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": + null, \"title\": \"Response Size By Destination\", \"tooltip\": { \"shared\": + true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"decbytes\", \"label\": null, \"logBase\": 1, + \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": false } ] }, { \"aliasColors\": + {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 12, \"x\": 0, \"y\": 47 }, \"id\": + 76, \"legend\": { \"avg\": false, \"current\": false, \"max\": false, \"min\": + false, \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, + \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", \"percentage\": + false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\\\"mutual_tls\\\", + reporter=\\\"source\\\", source_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$workload\\\", + destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service), 0.001)\", + \"format\": \"time_series\", \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service + }} (\U0001F510mTLS)\", \"refId\": \"A\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\\\"mutual_tls\\\", + reporter=\\\"source\\\", source_workload_namespace=~\\\"$namespace\\\", source_workload=~\\\"$workload\\\", + destination_service=~\\\"$dstsvc\\\"}[1m])) by (destination_service), 0.001)\", + \"format\": \"time_series\", \"intervalFactor\": 1, \"legendFormat\": \"{{ destination_service + }}\", \"refId\": \"B\", \"step\": 2 } ], \"thresholds\": [], \"timeFrom\": null, + \"timeShift\": null, \"title\": \"Bytes Sent on Outgoing TCP Connection\", \"tooltip\": + { \"shared\": true, \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", + \"xaxis\": { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": + true, \"values\": [] }, \"yaxes\": [ { \"format\": \"Bps\", \"label\": null, \"logBase\": + 1, \"max\": null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": + null, \"logBase\": 1, \"max\": null, \"min\": null, \"show\": true } ] }, { \"aliasColors\": + {}, \"bars\": false, \"dashLength\": 10, \"dashes\": false, \"datasource\": \"Prometheus\", + \"fill\": 1, \"gridPos\": { \"h\": 6, \"w\": 12, \"x\": 12, \"y\": 47 }, \"id\": + 78, \"legend\": { \"avg\": false, \"current\": false, \"max\": false, \"min\": + false, \"show\": true, \"total\": false, \"values\": false }, \"lines\": true, + \"linewidth\": 1, \"links\": [], \"nullPointMode\": \"null\", \"percentage\": + false, \"pointradius\": 5, \"points\": false, \"renderer\": \"flot\", \"seriesOverrides\": + [], \"spaceLength\": 10, \"stack\": false, \"steppedLine\": false, \"targets\": + [ { \"expr\": \"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"source\\\", + connection_security_policy=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$workload\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service), 0.001)\", \"format\": \"time_series\", \"intervalFactor\": + 1, \"legendFormat\": \"{{ destination_service }} (\U0001F510mTLS)\", \"refId\": + \"A\", \"step\": 2 }, { \"expr\": \"round(sum(irate(istio_tcp_received_bytes_total{reporter=\\\"source\\\", + connection_security_policy!=\\\"mutual_tls\\\", source_workload_namespace=~\\\"$namespace\\\", + source_workload=~\\\"$workload\\\", destination_service=~\\\"$dstsvc\\\"}[1m])) + by (destination_service), 0.001)\", \"format\": \"time_series\", \"intervalFactor\": + 1, \"legendFormat\": \"{{ destination_service }}\", \"refId\": \"B\", \"step\": + 2 } ], \"thresholds\": [], \"timeFrom\": null, \"timeShift\": null, \"title\": + \"Bytes Received from Outgoing TCP Connection\", \"tooltip\": { \"shared\": true, + \"sort\": 0, \"value_type\": \"individual\" }, \"type\": \"graph\", \"xaxis\": + { \"buckets\": null, \"mode\": \"time\", \"name\": null, \"show\": true, \"values\": + [] }, \"yaxes\": [ { \"format\": \"Bps\", \"label\": null, \"logBase\": 1, \"max\": + null, \"min\": \"0\", \"show\": true }, { \"format\": \"short\", \"label\": null, + \"logBase\": 1, \"max\": null, \"min\": null, \"show\": true } ] } ], \"refresh\": + \"10s\", \"schemaVersion\": 16, \"style\": \"dark\", \"tags\": [], \"templating\": + { \"list\": [ { \"allValue\": null, \"current\": {}, \"datasource\": \"Prometheus\", + \"hide\": 0, \"includeAll\": false, \"label\": \"Namespace\", \"multi\": false, + \"name\": \"namespace\", \"options\": [], \"query\": \"query_result(sum(istio_requests_total) + by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))\", + \"refresh\": 1, \"regex\": \"/.*_namespace=\\\"([^\\\"]*).*/\", \"sort\": 0, \"tagValuesQuery\": + \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": \"query\", \"useTags\": false + }, { \"allValue\": null, \"current\": {}, \"datasource\": \"Prometheus\", \"hide\": + 0, \"includeAll\": false, \"label\": \"Workload\", \"multi\": false, \"name\": + \"workload\", \"options\": [], \"query\": \"query_result((sum(istio_requests_total{destination_workload_namespace=~\\\"$namespace\\\"}) + by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\\\"$namespace\\\"}) + by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\\\"$namespace\\\"}) + by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\\\"$namespace\\\"}) + by (source_workload)))\", \"refresh\": 1, \"regex\": \"/.*workload=\\\"([^\\\"]*).*/\", + \"sort\": 1, \"tagValuesQuery\": \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": + \"query\", \"useTags\": false }, { \"allValue\": null, \"current\": {}, \"datasource\": + \"Prometheus\", \"hide\": 0, \"includeAll\": true, \"label\": \"Inbound Workload + Namespace\", \"multi\": true, \"name\": \"srcns\", \"options\": [], \"query\": + \"query_result( sum(istio_requests_total{reporter=\\\"destination\\\", destination_workload=\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\"}) by (source_workload_namespace) + or sum(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\", destination_workload=\\\"$workload\\\", + destination_workload_namespace=~\\\"$namespace\\\"}) by (source_workload_namespace))\", + \"refresh\": 1, \"regex\": \"/.*namespace=\\\"([^\\\"]*).*/\", \"sort\": 2, \"tagValuesQuery\": + \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": \"query\", \"useTags\": false + }, { \"allValue\": null, \"current\": {}, \"datasource\": \"Prometheus\", \"hide\": + 0, \"includeAll\": true, \"label\": \"Inbound Workload\", \"multi\": true, \"name\": + \"srcwl\", \"options\": [], \"query\": \"query_result( sum(istio_requests_total{reporter=\\\"destination\\\", + destination_workload=\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload_namespace=~\\\"$srcns\\\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\\\"destination\\\", + destination_workload=\\\"$workload\\\", destination_workload_namespace=~\\\"$namespace\\\", + source_workload_namespace=~\\\"$srcns\\\"}) by (source_workload))\", \"refresh\": + 1, \"regex\": \"/.*workload=\\\"([^\\\"]*).*/\", \"sort\": 3, \"tagValuesQuery\": + \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": \"query\", \"useTags\": false + }, { \"allValue\": null, \"current\": {}, \"datasource\": \"Prometheus\", \"hide\": + 0, \"includeAll\": true, \"label\": \"Destination Service\", \"multi\": true, + \"name\": \"dstsvc\", \"options\": [], \"query\": \"query_result( sum(istio_requests_total{reporter=\\\"source\\\", + source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\"}) + by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\\\"source\\\", + source_workload=~\\\"$workload\\\", source_workload_namespace=~\\\"$namespace\\\"}) + by (destination_service))\", \"refresh\": 1, \"regex\": \"/.*destination_service=\\\"([^\\\"]*).*/\", + \"sort\": 4, \"tagValuesQuery\": \"\", \"tags\": [], \"tagsQuery\": \"\", \"type\": + \"query\", \"useTags\": false } ] }, \"time\": { \"from\": \"now-5m\", \"to\": + \"now\" }, \"timepicker\": { \"refresh_intervals\": [ \"5s\", \"10s\", \"30s\", + \"1m\", \"5m\", \"15m\", \"30m\", \"1h\", \"2h\", \"1d\" ], \"time_options\": + [ \"5m\", \"15m\", \"1h\", \"6h\", \"12h\", \"24h\", \"2d\", \"7d\", \"30d\" ] + }, \"timezone\": \"\", \"title\": \"Istio Workload Dashboard\", \"uid\": \"UbsSZTDik\", + \"version\": 1 } " +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana-configuration-dashboards-istio-workload-dashboard + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-mixer-dashboard.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-mixer-dashboard.yaml new file mode 100644 index 000000000..9a7f42a25 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-mixer-dashboard.yaml @@ -0,0 +1,359 @@ +apiVersion: v1 +data: + mixer-dashboard.json: '{ "__inputs": [ { "name": "DS_PROMETHEUS", "label": "Prometheus", + "description": "", "type": "datasource", "pluginId": "prometheus", "pluginName": + "Prometheus" } ], "__requires": [ { "type": "grafana", "id": "grafana", "name": + "Grafana", "version": "5.2.3" }, { "type": "panel", "id": "graph", "name": "Graph", + "version": "5.0.0" }, { "type": "datasource", "id": "prometheus", "name": "Prometheus", + "version": "5.0.0" }, { "type": "panel", "id": "text", "name": "Text", "version": + "5.0.0" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana + --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "limit": + 100, "name": "Annotations & Alerts", "showIn": 0, "type": "dashboard" } ] }, "editable": + false, "gnetId": null, "graphTooltip": 1, "id": null, "iteration": 1543881232533, + "links": [], "panels": [ { "content": "

Deployed Versions

", + "gridPos": { "h": 3, "w": 24, "x": 0, "y": 0 }, "height": "40", "id": 62, "links": + [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 5, "w": 24, "x": 0, "y": 3 }, "id": 64, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "sum(istio_build{component=\"mixer\"}) by (tag)", "format": + "time_series", "intervalFactor": 1, "legendFormat": "{{ tag }}", "refId": "A" + } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Mixer Versions", + "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": + "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, + "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": + null } }, { "content": "

Resource Usage

", "gridPos": + { "h": 3, "w": 24, "x": 0, "y": 8 }, "height": "40", "id": 29, "links": [], "mode": + "html", "title": "", "transparent": true, "type": "text" }, { "aliasColors": {}, + "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 0, "y": 11 }, "id": 5, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) + by (job)", "format": "time_series", "instant": false, "intervalFactor": 2, "legendFormat": + "Virtual Memory ({{ job }})", "refId": "I" }, { "expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) + by (job)", "format": "time_series", "intervalFactor": 2, "legendFormat": "Resident + Memory ({{ job }})", "refId": "H" }, { "expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) + by (job)", "format": "time_series", "hide": true, "intervalFactor": 2, "legendFormat": + "heap sys ({{ job }})", "refId": "A" }, { "expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) + by (job)", "format": "time_series", "hide": true, "intervalFactor": 2, "legendFormat": + "heap alloc ({{ job }})", "refId": "D" }, { "expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) + by (job)", "format": "time_series", "intervalFactor": 2, "legendFormat": "Alloc + ({{ job }})", "refId": "F" }, { "expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) + by (job)", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": + "Heap in-use ({{ job }})", "refId": "E" }, { "expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) + by (job)", "format": "time_series", "intervalFactor": 2, "legendFormat": "Stack + in-use ({{ job }})", "refId": "G" }, { "expr": "sum(label_replace(container_memory_usage_bytes{container_name=~\"mixer|istio-proxy\", + pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", + \"(istio-telemetry|istio-policy)-.*\")) by (service)", "format": "time_series", + "hide": false, "intervalFactor": 2, "legendFormat": "{{ service }} total (k8s)", + "refId": "C" }, { "expr": "sum(label_replace(container_memory_usage_bytes{container_name=~\"mixer|istio-proxy\", + pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", + \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", "format": + "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "{{ service + }} - {{ container_name }} (k8s)", "refId": "B" } ], "thresholds": [], "timeFrom": + null, "timeShift": null, "title": "Memory", "tooltip": { "shared": true, "sort": + 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, + "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": + "bytes", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, + { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": + false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 6, "y": 11 }, "id": 6, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{container_name=~\"mixer|istio-proxy\", + pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod_name), \"service\", + \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", "format": "time_series", + "hide": false, "intervalFactor": 2, "legendFormat": "{{ service }} total (k8s)", + "refId": "A" }, { "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{container_name=~\"mixer|istio-proxy\", + pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container_name, pod_name), + \"service\", \"$1\" , \"pod_name\", \"(istio-telemetry|istio-policy)-.*\")", "format": + "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "{{ service + }} - {{ container_name }} (k8s)", "refId": "B" }, { "expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) + by (job)", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": + "{{ job }} (self-reported)", "refId": "C" } ], "thresholds": [], "timeFrom": null, + "timeShift": null, "title": "CPU", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 6, "x": 12, "y": 11 }, "id": 7, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)", "format": + "time_series", "hide": true, "instant": false, "interval": "", "intervalFactor": + 2, "legendFormat": "Open FDs ({{ job }})", "refId": "A" }, { "expr": "sum(label_replace(container_fs_usage_bytes{container_name=~\"mixer|istio-proxy\", + pod_name=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod_name\", + \"(istio-telemetry|istio-policy)-.*\")) by (container_name, service)", "format": + "time_series", "intervalFactor": 2, "legendFormat": "{{ service }} - {{ container_name + }}", "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeShift": null, + "title": "Disk", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "bytes", "label": "", "logBase": + 1, "max": null, "min": null, "show": true }, { "decimals": null, "format": "none", + "label": "", "logBase": 1024, "max": null, "min": null, "show": false } ], "yaxis": + { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, + "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": + { "h": 7, "w": 6, "x": 18, "y": 11 }, "id": 4, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": false, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)", "format": + "time_series", "intervalFactor": 2, "legendFormat": "Number of Goroutines ({{ + job }})", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, + "title": "Goroutines", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "", "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "content": "

Mixer Overview

", + "gridPos": { "h": 3, "w": 24, "x": 0, "y": 18 }, "height": "40px", "id": 30, "links": + [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 6, "w": 6, "x": 0, "y": 21 }, "id": 9, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))", "format": + "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "mixer (Total)", + "refId": "B" }, { "expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)", + "format": "time_series", "intervalFactor": 2, "legendFormat": "mixer ({{ grpc_server_method + }})", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeShift": null, + "title": "Incoming Requests", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "ops", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 6, "x": 6, "y": 21 }, "id": 8, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [ { + "alias": "{}", "yaxis": 1 } ], "spaceLength": 10, "stack": false, "steppedLine": + false, "targets": [ { "expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) + by (grpc_server_method, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": + "{{ grpc_server_method }} 0.5", "refId": "B" }, { "expr": "histogram_quantile(0.9, + sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, + le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ grpc_server_method + }} 0.9", "refId": "C" }, { "expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) + by (grpc_server_method, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": + "{{ grpc_server_method }} 0.99", "refId": "D" } ], "thresholds": [], "timeFrom": + null, "timeShift": null, "title": "Response Durations", "tooltip": { "shared": + true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "ms", "label": null, "logBase": 1, "max": null, "min": null, "show": + true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { + "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": + "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 6, "x": 12, "y": 21 }, "id": + 11, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": + true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": + [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": + false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": + false, "steppedLine": false, "targets": [ { "expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) + by (grpc_method)", "format": "time_series", "intervalFactor": 2, "legendFormat": + "Mixer {{ grpc_method }}", "refId": "B" } ], "thresholds": [], "timeFrom": null, + "timeShift": null, "title": "Server Error Rate (5xx responses)", "tooltip": { + "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": + { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, + "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": + null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 6, "x": 18, "y": + 21 }, "id": 12, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, + "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) + by (grpc_method)", "format": "time_series", "intervalFactor": 2, "legendFormat": + "Mixer {{ grpc_method }}", "refId": "B" } ], "thresholds": [], "timeFrom": null, + "timeShift": null, "title": "Non-successes (4xxs)", "tooltip": { "shared": true, + "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": + true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "content": + "

Adapters and Config

", "gridPos": { "h": 3, "w": 24, + "x": 0, "y": 27 }, "id": 28, "links": [], "mode": "html", "title": "", "transparent": + true, "type": "text" }, { "aliasColors": {}, "bars": false, "dashLength": 10, + "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": + 12, "x": 0, "y": 30 }, "id": 13, "legend": { "avg": false, "current": false, "max": + false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)", + "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ adapter }}", + "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": + "Adapter Dispatch Count", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 12, "x": 12, "y": 30 }, "id": 14, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) + by (adapter, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": + "{{ adapter }} - p50", "refId": "A" }, { "expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) + by (adapter, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": + "{{ adapter }} - p90 ", "refId": "B" }, { "expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) + by (adapter, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": + "{{ adapter }} - p99", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeShift": + null, "title": "Adapter Dispatch Duration", "tooltip": { "shared": true, "sort": + 1, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, + "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": + "s", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { + "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": + false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 0, "y": 37 }, "id": 60, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "scalar(topk(1, max(mixer_config_rule_config_count) by + (configID)))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Rules", + "refId": "A" }, { "expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) + by (configID)))", "format": "time_series", "intervalFactor": 1, "legendFormat": + "Config Errors", "refId": "B" }, { "expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) + by (configID)))", "format": "time_series", "intervalFactor": 1, "legendFormat": + "Match Errors", "refId": "C" }, { "expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) + by (configID)))", "format": "time_series", "intervalFactor": 1, "legendFormat": + "Unsatisfied Actions", "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeShift": + null, "title": "Rules", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 6, "x": 6, "y": 37 }, "id": 56, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))", "format": + "time_series", "intervalFactor": 1, "legendFormat": "Instances", "refId": "A" + } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Instances + in Latest Config", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 6, "x": 12, "y": 37 }, "id": 54, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))", "format": + "time_series", "intervalFactor": 1, "legendFormat": "Handlers", "refId": "A" } + ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Handlers in + Latest Config", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 6, "x": 18, "y": 37 }, "id": 58, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))", "format": + "time_series", "instant": false, "intervalFactor": 1, "legendFormat": "Attributes", + "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": + "Attributes in Latest Config", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "content": "

Individual Adapters

", + "gridPos": { "h": 3, "w": 24, "x": 0, "y": 44 }, "id": 23, "links": [], "mode": + "html", "title": "", "transparent": true, "type": "text" }, { "collapsed": false, + "gridPos": { "h": 1, "w": 24, "x": 0, "y": 47 }, "id": 46, "panels": [], "repeat": + "adapter", "title": "$adapter Adapter", "type": "row" }, { "aliasColors": {}, + "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 48 }, "id": 17, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=\"$adapter\"}[1m]),\"handler\", + \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", "format": "time_series", + "intervalFactor": 2, "legendFormat": "{{ handler }} (error: {{ error }})", "refId": + "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Dispatch + Count By Handler", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 12, "x": 12, "y": 48 }, "id": 18, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=\"$adapter\"}[1m])) + by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", + "format": "time_series", "intervalFactor": 2, "legendFormat": "p50 - {{ handler_short + }} (error: {{ error }})", "refId": "A" }, { "expr": "label_replace(histogram_quantile(0.9, + sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=\"$adapter\"}[1m])) + by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", + "format": "time_series", "intervalFactor": 2, "legendFormat": "p90 - {{ handler_short + }} (error: {{ error }})", "refId": "D" }, { "expr": "label_replace(histogram_quantile(0.99, + sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=\"$adapter\"}[1m])) + by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", + "format": "time_series", "intervalFactor": 2, "legendFormat": "p99 - {{ handler_short + }} (error: {{ error }})", "refId": "E" } ], "thresholds": [], "timeFrom": null, + "timeShift": null, "title": "Dispatch Duration By Handler", "tooltip": { "shared": + true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "s", "label": null, "logBase": 1, "max": null, "min": null, "show": + true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } } ], "refresh": + "5s", "schemaVersion": 16, "style": "dark", "tags": [], "templating": { "list": + [ { "allValue": null, "current": {}, "datasource": "Prometheus", "hide": 0, "includeAll": + true, "label": "Adapter", "multi": true, "name": "adapter", "options": [], "query": + "label_values(adapter)", "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": + "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false } ] }, "time": + { "from": "now-5m", "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", + "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ + "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "", + "title": "Istio Mixer Dashboard", "version": 4 } ' +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana-configuration-dashboards-mixer-dashboard + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-pilot-dashboard.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-pilot-dashboard.yaml new file mode 100644 index 000000000..32987ba7d --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-configuration-dashboards-pilot-dashboard.yaml @@ -0,0 +1,307 @@ +apiVersion: v1 +data: + pilot-dashboard.json: '{ "__inputs": [ { "name": "DS_PROMETHEUS", "label": "Prometheus", + "description": "", "type": "datasource", "pluginId": "prometheus", "pluginName": + "Prometheus" } ], "__requires": [ { "type": "grafana", "id": "grafana", "name": + "Grafana", "version": "5.2.3" }, { "type": "panel", "id": "graph", "name": "Graph", + "version": "5.0.0" }, { "type": "datasource", "id": "prometheus", "name": "Prometheus", + "version": "5.0.0" }, { "type": "panel", "id": "text", "name": "Text", "version": + "5.0.0" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana + --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": + "Annotations & Alerts", "type": "dashboard" } ] }, "editable": false, "gnetId": + null, "graphTooltip": 1, "id": null, "links": [], "panels": [ { "content": "

Deployed + Versions

", "gridPos": { "h": 3, "w": 24, "x": 0, "y": 0 }, "height": + "40", "id": 58, "links": [], "mode": "html", "title": "", "transparent": true, + "type": "text" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": + false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 5, "w": 24, "x": + 0, "y": 3 }, "id": 56, "legend": { "avg": false, "current": false, "max": false, + "min": false, "show": true, "total": false, "values": false }, "lines": true, + "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": + 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": + 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(istio_build{component=\"pilot\"}) + by (tag)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ tag + }}", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, + "title": "Pilot Versions", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } }, { "content": "

Resource Usage

", + "gridPos": { "h": 3, "w": 24, "x": 0, "y": 8 }, "height": "40", "id": 29, "links": + [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 0, "y": 11 }, "id": 5, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "process_virtual_memory_bytes{job=\"pilot\"}", "format": + "time_series", "instant": false, "intervalFactor": 2, "legendFormat": "Virtual + Memory", "refId": "I", "step": 2 }, { "expr": "process_resident_memory_bytes{job=\"pilot\"}", + "format": "time_series", "intervalFactor": 2, "legendFormat": "Resident Memory", + "refId": "H", "step": 2 }, { "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", + "format": "time_series", "hide": true, "intervalFactor": 2, "legendFormat": "heap + sys", "refId": "A" }, { "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", + "format": "time_series", "hide": true, "intervalFactor": 2, "legendFormat": "heap + alloc", "refId": "D" }, { "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", "format": + "time_series", "intervalFactor": 2, "legendFormat": "Alloc", "refId": "F", "step": + 2 }, { "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", "format": "time_series", + "hide": false, "intervalFactor": 2, "legendFormat": "Heap in-use", "refId": "E", + "step": 2 }, { "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", "format": + "time_series", "intervalFactor": 2, "legendFormat": "Stack in-use", "refId": "G", + "step": 2 }, { "expr": "sum(container_memory_usage_bytes{container_name=~\"discovery|istio-proxy\", + pod_name=~\"istio-pilot-.*\"})", "format": "time_series", "hide": false, "intervalFactor": + 2, "legendFormat": "Total (k8s)", "refId": "C", "step": 2 }, { "expr": "container_memory_usage_bytes{container_name=~\"discovery|istio-proxy\", + pod_name=~\"istio-pilot-.*\"}", "format": "time_series", "hide": false, "intervalFactor": + 2, "legendFormat": "{{ container_name }} (k8s)", "refId": "B", "step": 2 } ], + "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Memory", "tooltip": + { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": + { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, + "yaxes": [ { "format": "bytes", "label": null, "logBase": 1, "max": null, "min": + null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": + null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 6, "y": + 11 }, "id": 6, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, + "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(rate(container_cpu_usage_seconds_total{container_name=~\"discovery|istio-proxy\", + pod_name=~\"istio-pilot-.*\"}[1m]))", "format": "time_series", "hide": false, + "intervalFactor": 2, "legendFormat": "Total (k8s)", "refId": "A", "step": 2 }, + { "expr": "sum(rate(container_cpu_usage_seconds_total{container_name=~\"discovery|istio-proxy\", + pod_name=~\"istio-pilot-.*\"}[1m])) by (container_name)", "format": "time_series", + "hide": false, "intervalFactor": 2, "legendFormat": "{{ container_name }} (k8s)", + "refId": "B", "step": 2 }, { "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", + "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "pilot + (self-reported)", "refId": "C", "step": 2 } ], "thresholds": [], "timeFrom": null, + "timeShift": null, "title": "CPU", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 6, "x": 12, "y": 11 }, "id": 7, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "process_open_fds{job=\"pilot\"}", "format": "time_series", "hide": true, "instant": + false, "interval": "", "intervalFactor": 2, "legendFormat": "Open FDs (pilot)", + "refId": "A" }, { "expr": "container_fs_usage_bytes{container_name=~\"discovery|istio-proxy\", + pod_name=~\"istio-pilot-.*\"}", "format": "time_series", "intervalFactor": 2, + "legendFormat": "{{ container_name }}", "refId": "B", "step": 2 } ], "thresholds": + [], "timeFrom": null, "timeShift": null, "title": "Disk", "tooltip": { "shared": + true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": + null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { + "format": "bytes", "label": "", "logBase": 1, "max": null, "min": null, "show": + true }, { "decimals": null, "format": "none", "label": "", "logBase": 1024, "max": + null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": + null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 18, "y": + 11 }, "id": 4, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": false, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, + "stack": false, "steppedLine": false, "targets": [ { "expr": "go_goroutines{job=\"pilot\"}", + "format": "time_series", "intervalFactor": 2, "legendFormat": "Number of Goroutines", + "refId": "A", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": + null, "title": "Goroutines", "tooltip": { "shared": true, "sort": 0, "value_type": + "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": + null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "", + "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": + null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "content": "

xDS

", "gridPos": + { "h": 3, "w": 24, "x": 0, "y": 18 }, "id": 28, "links": [], "mode": "html", "title": + "", "transparent": true, "type": "text" }, { "aliasColors": {}, "bars": false, + "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": + { "h": 6, "w": 8, "x": 0, "y": 21 }, "id": 40, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(irate(envoy_cluster_update_success{cluster_name=\"xds-grpc\"}[1m]))", "format": + "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "XDS GRPC Successes", + "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": + "Updates", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "ops", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "ops", "label": null, + "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 8, "x": 8, "y": 21 }, "id": 42, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "round(sum(rate(envoy_cluster_update_attempt{cluster_name=\"xds-grpc\"}[1m])) + - sum(rate(envoy_cluster_update_success{cluster_name=\"xds-grpc\"}[1m])))", "format": + "time_series", "intervalFactor": 2, "legendFormat": "XDS GRPC ", "refId": "A", + "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": + "Failures", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "ops", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 6, "w": 8, "x": 16, "y": 21 }, "id": 41, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})", "format": + "time_series", "intervalFactor": 2, "legendFormat": "Pilot (XDS GRPC)", "refId": + "C", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": + "Active Connections", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 8, "w": 8, "x": 0, "y": 27 }, "id": 45, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "pilot_conflict_inbound_listener{job=\"pilot\"}", "format": "time_series", "intervalFactor": + 1, "legendFormat": "Inbound Listeners", "refId": "B" }, { "expr": "pilot_conflict_outbound_listener_http_over_current_tcp{job=\"pilot\"}", + "format": "time_series", "intervalFactor": 1, "legendFormat": "Outbound Listeners + (http over current tcp)", "refId": "A" }, { "expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{job=\"pilot\"}", + "format": "time_series", "intervalFactor": 1, "legendFormat": "Outbound Listeners + (tcp over current tcp)", "refId": "C" }, { "expr": "pilot_conflict_outbound_listener_tcp_over_current_http{job=\"pilot\"}", + "format": "time_series", "intervalFactor": 1, "legendFormat": "Outbound Listeners + (tcp over current http)", "refId": "D" } ], "thresholds": [], "timeFrom": null, + "timeShift": null, "title": "Conflicts", "tooltip": { "shared": true, "sort": + 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, + "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": + "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, + { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": + true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": + {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", + "fill": 1, "gridPos": { "h": 8, "w": 8, "x": 8, "y": 27 }, "id": 47, "legend": + { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": + false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": + "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, + "targets": [ { "expr": "pilot_virt_services{job=\"pilot\"}", "format": "time_series", + "intervalFactor": 1, "legendFormat": "Virtual Services", "refId": "A" }, { "expr": + "pilot_services{job=\"pilot\"}", "format": "time_series", "intervalFactor": 1, + "legendFormat": "Services", "refId": "B" }, { "expr": "label_replace(sum(pilot_xds_cds_reject{job=\"pilot\"}) + by (node, err), \"node\", \"$1\", \"node\", \".*~.*~(.*)~.*\")", "format": "time_series", + "hide": true, "intervalFactor": 1, "legendFormat": "Rejected CDS Configs - {{ + node }}: {{ err }}", "refId": "C" }, { "expr": "pilot_xds_eds_reject{job=\"pilot\"}", + "format": "time_series", "hide": true, "intervalFactor": 1, "legendFormat": "Rejected + EDS Configs", "refId": "D" }, { "expr": "pilot_xds{job=\"pilot\"}", "format": + "time_series", "intervalFactor": 1, "legendFormat": "Connected Endpoints", "refId": + "E" }, { "expr": "rate(pilot_xds_write_timeout{job=\"pilot\"}[1m])", "format": + "time_series", "intervalFactor": 1, "legendFormat": "Write Timeouts", "refId": + "F" }, { "expr": "rate(pilot_xds_push_timeout{job=\"pilot\"}[1m])", "format": + "time_series", "intervalFactor": 1, "legendFormat": "Push Timeouts", "refId": + "G" }, { "expr": "rate(pilot_xds_pushes{job=\"pilot\"}[1m])", "format": "time_series", + "intervalFactor": 1, "legendFormat": "Pushes ({{ type }})", "refId": "H" }, { + "expr": "rate(pilot_xds_push_errors{job=\"pilot\"}[1m])", "format": "time_series", + "intervalFactor": 1, "legendFormat": "Push Errors ({{ type }})", "refId": "I" + } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "ADS Monitoring", + "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": + "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, + "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": + null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 8, "w": 8, "x": 16, "y": + 27 }, "id": 49, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, + "stack": false, "steppedLine": false, "targets": [ { "expr": "label_replace(sum(pilot_xds_cds_reject{job=\"pilot\"}) + by (node, err), \"node\", \"$1\", \"node\", \".*~.*~(.*)~.*\")", "format": "time_series", + "intervalFactor": 1, "legendFormat": "{{ node }} ({{ err }})", "refId": "A" } + ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Rejected CDS + Configs", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, + "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": + true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 8, "x": 0, "y": 35 }, "id": 52, "legend": { "avg": false, "current": false, + "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": + true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, + "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], + "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "label_replace(sum(pilot_xds_eds_reject{job=\"pilot\"}) by (node, err), \"node\", + \"$1\", \"node\", \".*~.*~(.*)~.*\")", "format": "time_series", "intervalFactor": + 1, "legendFormat": "{{ node }} ({{err}})", "refId": "A" } ], "thresholds": [], + "timeFrom": null, "timeShift": null, "title": "Rejected EDS Configs", "tooltip": + { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": + { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, + "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": + null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 8, "x": 8, "y": + 35 }, "id": 54, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, + "stack": false, "steppedLine": false, "targets": [ { "expr": "label_replace(sum(pilot_xds_lds_reject{job=\"pilot\"}) + by (node, err), \"node\", \"$1\", \"node\", \".*~.*~(.*)~.*\")", "format": "time_series", + "intervalFactor": 1, "legendFormat": "{{ node }} ({{err}})", "refId": "A" } ], + "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Rejected LDS + Configs", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, + "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": + true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": + 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": + 7, "w": 8, "x": 16, "y": 35 }, "id": 53, "legend": { "avg": false, "current": + false, "max": false, "min": false, "show": true, "total": false, "values": false + }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": + false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": + [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": + "label_replace(sum(pilot_xds_rds_reject{job=\"pilot\"}) by (node, err), \"node\", + \"$1\", \"node\", \".*~.*~(.*)~.*\")", "format": "time_series", "intervalFactor": + 1, "legendFormat": "{{ node }} ({{err}})", "refId": "A" } ], "thresholds": [], + "timeFrom": null, "timeShift": null, "title": "Rejected RDS Configs", "tooltip": + { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": + { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, + "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": + null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": + null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": + null } }, { "aliasColors": { "outbound|80||default-http-backend.kube-system.svc.cluster.local": + "rgba(255, 255, 255, 0.97)" }, "bars": false, "dashLength": 10, "dashes": false, + "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 8, "x": 0, "y": + 42 }, "id": 51, "legend": { "avg": false, "current": false, "max": false, "min": + false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": + 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, + "points": false, "renderer": "flot", "seriesOverrides": [ { "alias": "outbound|80||default-http-backend.kube-system.svc.cluster.local", + "yaxis": 1 } ], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": + [ { "expr": "sum(pilot_xds_eds_instances{job=\"pilot\"}) by (cluster)", "format": + "time_series", "intervalFactor": 1, "legendFormat": "{{ cluster }}", "refId": + "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "EDS + Instances", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" + }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, + "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": + 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, + "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": + false, "alignLevel": null } } ], "refresh": "5s", "schemaVersion": 16, "style": + "dark", "tags": [], "templating": { "list": [] }, "time": { "from": "now-5m", + "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", "10s", "30s", "1m", + "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ "5m", "15m", "1h", "6h", + "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "browser", "title": "Istio Pilot + Dashboard", "version": 4 } ' +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana-configuration-dashboards-pilot-dashboard + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-custom-resources.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-custom-resources.yaml new file mode 100644 index 000000000..6329dad86 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana-custom-resources.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +data: + custom-resources.yaml: |- + apiVersion: authentication.istio.io/v1alpha1 + kind: Policy + metadata: + name: grafana-ports-mtls-disabled + namespace: istio-system + labels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + spec: + targets: + - name: grafana + ports: + - number: 3000 + run.sh: |- + #!/bin/sh + + set -x + + if [ "$#" -ne "1" ]; then + echo "first argument should be path to custom resource yaml" + exit 1 + fi + + pathToResourceYAML=${1} + + kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null + if [ "$?" -eq 0 ]; then + echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" + while true; do + kubectl -n istio-system get deployment istio-galley 2>/dev/null + if [ "$?" -eq 0 ]; then + break + fi + sleep 1 + done + kubectl -n istio-system rollout status deployment istio-galley + if [ "$?" -ne 0 ]; then + echo "istio-galley deployment rollout status check failed" + exit 1 + fi + echo "istio-galley deployment ready for configuration validation" + fi + sleep 5 + kubectl apply -f ${pathToResourceYAML} +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana-custom-resources + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana.yaml new file mode 100644 index 000000000..251c4e266 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-grafana.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +data: + dashboardproviders.yaml: | + apiVersion: 1 + providers: + - disableDeletion: false + folder: istio + name: istio + options: + path: /var/lib/grafana/dashboards/istio + orgId: 1 + type: file + datasources.yaml: | + apiVersion: 1 + datasources: + - access: proxy + editable: true + isDefault: true + jsonData: + timeInterval: 5s + name: Prometheus + orgId: 1 + type: prometheus + url: http://prometheus:9090 +kind: ConfigMap +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + istio: grafana + release: istio + name: istio-grafana + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-security-custom-resources.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-security-custom-resources.yaml new file mode 100644 index 000000000..337758a25 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-security-custom-resources.yaml @@ -0,0 +1,58 @@ +apiVersion: v1 +data: + custom-resources.yaml: |- + # Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. + apiVersion: "authentication.istio.io/v1alpha1" + kind: "MeshPolicy" + metadata: + name: "default" + labels: + app: security + chart: security + heritage: Tiller + release: istio + spec: + peers: + - mtls: + mode: PERMISSIVE + run.sh: |- + #!/bin/sh + + set -x + + if [ "$#" -ne "1" ]; then + echo "first argument should be path to custom resource yaml" + exit 1 + fi + + pathToResourceYAML=${1} + + kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null + if [ "$?" -eq 0 ]; then + echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" + while true; do + kubectl -n istio-system get deployment istio-galley 2>/dev/null + if [ "$?" -eq 0 ]; then + break + fi + sleep 1 + done + kubectl -n istio-system rollout status deployment istio-galley + if [ "$?" -ne 0 ]; then + echo "istio-galley deployment rollout status check failed" + exit 1 + fi + echo "istio-galley deployment ready for configuration validation" + fi + sleep 5 + kubectl apply -f ${pathToResourceYAML} +kind: ConfigMap +metadata: + labels: + app: security + chart: security + heritage: Tiller + istio: citadel + release: istio + name: istio-security-custom-resources + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-sidecar-injector.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-sidecar-injector.yaml new file mode 100644 index 000000000..03832c472 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio-sidecar-injector.yaml @@ -0,0 +1,102 @@ +apiVersion: v1 +data: + config: "policy: enabled\ntemplate: |-\n rewriteAppHTTPProbe: false\n initContainers:\n + \ [[ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) + \"NONE\" ]]\n - name: istio-init\n image: \"docker.io/istio/proxy_init:1.1.6\"\n + \ args:\n - \"-p\"\n - [[ .MeshConfig.ProxyListenPort ]]\n - \"-u\"\n + \ - 1337\n - \"-m\"\n - [[ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` + .ProxyConfig.InterceptionMode ]]\n - \"-i\"\n - \"[[ annotation .ObjectMeta + `traffic.sidecar.istio.io/includeOutboundIPRanges` \"*\" ]]\"\n - \"-x\"\n + \ - \"[[ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` + \ \"\" ]]\"\n - \"-b\"\n - \"[[ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` + (includeInboundPorts .Spec.Containers) ]]\"\n - \"-d\"\n - \"[[ excludeInboundPort + (annotation .ObjectMeta `status.sidecar.istio.io/port` 15020 ) (annotation .ObjectMeta + `traffic.sidecar.istio.io/excludeInboundPorts` \"\" ) ]]\"\n [[ if (isset + .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -]]\n - + \"-k\"\n - \"[[ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` + ]]\"\n [[ end -]]\n imagePullPolicy: IfNotPresent\n resources:\n requests:\n + \ cpu: 10m\n memory: 10Mi\n limits:\n cpu: 100m\n memory: + 50Mi\n securityContext:\n runAsUser: 0\n runAsNonRoot: false\n capabilities:\n + \ add:\n - NET_ADMIN\n restartPolicy: Always\n [[ end -]]\n containers:\n + \ - name: istio-proxy\n image: [[ annotation .ObjectMeta `sidecar.istio.io/proxyImage` + \ \"docker.io/istio/proxyv2:1.1.6\" ]]\n ports:\n - containerPort: 15090\n + \ protocol: TCP\n name: http-envoy-prom\n args:\n - proxy\n - + sidecar\n - --domain\n - $(POD_NAMESPACE).svc.cluster.local\n - --configPath\n + \ - [[ .ProxyConfig.ConfigPath ]]\n - --binaryPath\n - [[ .ProxyConfig.BinaryPath + ]]\n - --serviceCluster\n [[ if ne \"\" (index .ObjectMeta.Labels \"app\") + -]]\n - [[ index .ObjectMeta.Labels \"app\" ]].$(POD_NAMESPACE)\n [[ else + -]]\n - [[ valueOrDefault .DeploymentMeta.Name \"istio-proxy\" ]].[[ valueOrDefault + .DeploymentMeta.Namespace \"default\" ]]\n [[ end -]]\n - --drainDuration\n + \ - [[ formatDuration .ProxyConfig.DrainDuration ]]\n - --parentShutdownDuration\n + \ - [[ formatDuration .ProxyConfig.ParentShutdownDuration ]]\n - --discoveryAddress\n + \ - [[ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress + ]]\n - --zipkinAddress\n - [[ .ProxyConfig.GetTracing.GetZipkin.GetAddress + ]]\n - --connectTimeout\n - [[ formatDuration .ProxyConfig.ConnectTimeout + ]]\n - --proxyAdminPort\n - [[ .ProxyConfig.ProxyAdminPort ]]\n [[ if + gt .ProxyConfig.Concurrency 0 -]]\n - --concurrency\n - [[ .ProxyConfig.Concurrency + ]]\n [[ end -]]\n - --controlPlaneAuthPolicy\n - [[ annotation .ObjectMeta + `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy + ]]\n [[- if (ne (annotation .ObjectMeta `status.sidecar.istio.io/port` 15020 + ) \"0\") ]]\n - --statusPort\n - [[ annotation .ObjectMeta `status.sidecar.istio.io/port` + \ 15020 ]]\n - --applicationPorts\n - \"[[ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` + (applicationPorts .Spec.Containers) ]]\"\n [[- end ]]\n env:\n - name: + POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n + \ - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: + metadata.namespace\n - name: INSTANCE_IP\n valueFrom:\n fieldRef:\n + \ fieldPath: status.podIP\n \n - name: ISTIO_META_POD_NAME\n valueFrom:\n + \ fieldRef:\n fieldPath: metadata.name\n - name: ISTIO_META_CONFIG_NAMESPACE\n + \ valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n + \ - name: ISTIO_META_INTERCEPTION_MODE\n value: [[ or (index .ObjectMeta.Annotations + \"sidecar.istio.io/interceptionMode\") .ProxyConfig.InterceptionMode.String ]]\n + \ [[ if .ObjectMeta.Annotations ]]\n - name: ISTIO_METAJSON_ANNOTATIONS\n + \ value: |\n [[ toJSON .ObjectMeta.Annotations ]]\n [[ end + ]]\n [[ if .ObjectMeta.Labels ]]\n - name: ISTIO_METAJSON_LABELS\n value: + |\n [[ toJSON .ObjectMeta.Labels ]]\n [[ end ]]\n [[- if (isset + .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) ]]\n - name: + ISTIO_BOOTSTRAP_OVERRIDE\n value: \"/etc/istio/custom-bootstrap/custom_bootstrap.json\"\n + \ [[- end ]]\n imagePullPolicy: IfNotPresent\n [[ if (ne (annotation .ObjectMeta + `status.sidecar.istio.io/port` 15020 ) \"0\") ]]\n readinessProbe:\n httpGet:\n + \ path: /healthz/ready\n port: [[ annotation .ObjectMeta `status.sidecar.istio.io/port` + \ 15020 ]]\n initialDelaySeconds: [[ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` + \ 1 ]]\n periodSeconds: [[ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` + \ 2 ]]\n failureThreshold: [[ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` + \ 30 ]]\n [[ end -]]securityContext:\n readOnlyRootFilesystem: true\n + \ [[ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) + \"TPROXY\" -]]\n capabilities:\n add:\n - NET_ADMIN\n runAsGroup: + 1337\n [[ else -]]\n \n runAsUser: 1337\n [[- end ]]\n resources:\n + \ [[ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset + .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -]]\n requests:\n + \ [[ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -]]\n + \ cpu: \"[[ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` ]]\"\n + \ [[ end ]]\n [[ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) + -]]\n memory: \"[[ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` + ]]\"\n [[ end ]]\n [[ else -]]\n limits:\n cpu: 2000m\n + \ memory: 128Mi\n requests:\n cpu: 10m\n memory: 40Mi\n + \ \n [[ end -]]\n volumeMounts:\n [[- if (isset .ObjectMeta.Annotations + `sidecar.istio.io/bootstrapOverride`) ]]\n - mountPath: /etc/istio/custom-bootstrap\n + \ name: custom-bootstrap-volume\n [[- end ]]\n - mountPath: /etc/istio/proxy\n + \ name: istio-envoy\n - mountPath: /etc/certs/\n name: istio-certs\n + \ readOnly: true\n [[- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` + ]]\n [[ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) + ]]\n - name: \"[[ $index ]]\"\n [[ toYaml $value | indent 4 ]]\n [[ + end ]]\n [[- end ]]\n volumes:\n [[- if (isset .ObjectMeta.Annotations + `sidecar.istio.io/bootstrapOverride`) ]]\n - name: custom-bootstrap-volume\n + \ configMap:\n name: [[ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` + `` ]]\n [[- end ]]\n - emptyDir:\n medium: Memory\n name: istio-envoy\n + \ - name: istio-certs\n secret:\n optional: true\n [[ if eq .Spec.ServiceAccountName + \"\" -]]\n secretName: istio.default\n [[ else -]]\n secretName: + [[ printf \"istio.%s\" .Spec.ServiceAccountName ]]\n [[ end -]]\n [[- + if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` ]]\n [[ range + $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) + ]]\n - name: \"[[ $index ]]\"\n [[ toYaml $value | indent 2 ]]\n [[ end + ]]\n [[ end ]]" +kind: ConfigMap +metadata: + labels: + app: istio + chart: istio + heritage: Tiller + istio: sidecar-injector + release: istio + name: istio-sidecar-injector + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio.yaml new file mode 100644 index 000000000..be0ffff1a --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_istio.yaml @@ -0,0 +1,77 @@ +apiVersion: v1 +data: + mesh: "# Set the following variable to true to disable policy checks by the Mixer.\n# + Note that metrics will still be reported to the Mixer.\ndisablePolicyChecks: false\n\n# + Set enableTracing to false to disable request tracing.\nenableTracing: true\n\n# + Set accessLogFile to empty string to disable access log.\naccessLogFile: \"/dev/stdout\"\n\n# + If accessLogEncoding is TEXT, value will be used directly as the log format\n# + example: \"[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\\n\"\n# + If AccessLogEncoding is JSON, value will be parsed as map[string]string\n# example: + '{\"start_time\": \"%START_TIME%\", \"req_method\": \"%REQ(:METHOD)%\"}'\n# Leave + empty to use default log format\naccessLogFormat: \"\"\n\n# Set accessLogEncoding + to JSON or TEXT to configure sidecar access log\naccessLogEncoding: 'TEXT'\nmixerCheckServer: + istio-policy.istio-system.svc.cluster.local:9091\nmixerReportServer: istio-telemetry.istio-system.svc.cluster.local:9091\n# + policyCheckFailOpen allows traffic in cases when the mixer policy service cannot + be reached.\n# Default is false which means the traffic is denied when the client + is unable to connect to Mixer.\npolicyCheckFailOpen: false\n# Let Pilot give ingresses + the public IP of the Istio ingressgateway\ningressService: istio-ingressgateway\n\n# + Default connect timeout for dynamic clusters generated by Pilot and returned via + XDS\nconnectTimeout: 10s\n\n# DNS refresh rate for Envoy clusters of type STRICT_DNS\ndnsRefreshRate: + 5s\n\n# Unix Domain Socket through which envoy communicates with NodeAgent SDS + to get\n# key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. + \nsdsUdsPath: \n\n# This flag is used by secret discovery service(SDS). \n# If + set to true(prerequisite: https://kubernetes.io/docs/concepts/storage/volumes/#projected), + Istio will inject volumes mount \n# for k8s service account JWT, so that K8s API + server mounts k8s service account JWT to envoy container, which \n# will be used + to generate key/cert eventually. This isn't supported for non-k8s case.\nenableSdsTokenMount: + false\n\n# This flag is used by secret discovery service(SDS). \n# If set to true, + envoy will fetch normal k8s service account JWT from '/var/run/secrets/kubernetes.io/serviceaccount/token' + \n# (https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod) + \n# and pass to sds server, which will be used to request key/cert eventually. + \n# this flag is ignored if enableSdsTokenMount is set.\n# This isn't supported + for non-k8s case.\nsdsUseK8sSaJwt: false\n\n# The trust domain corresponds to + the trust root of a system.\n# Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain\ntrustDomain: + \n\n# Set the default behavior of the sidecar for handling outbound traffic from + the application:\n# ALLOW_ANY - outbound traffic to unknown destinations will + be allowed, in case there are no\n# services or ServiceEntries for the destination + port\n# REGISTRY_ONLY - restrict outbound traffic to services defined in the service + registry as well\n# as those defined through ServiceEntries \noutboundTrafficPolicy:\n + \ mode: ALLOW_ANY\n\nlocalityLbSetting:\n {}\n \n\n# The namespace to treat + as the administrative root namespace for istio\n# configuration. \nrootNamespace: + istio-system\nconfigSources:\n- address: istio-galley.istio-system.svc:9901\n\ndefaultConfig:\n + \ #\n # TCP connection timeout between Envoy & the application, and between Envoys. + \ Used for static clusters\n # defined in Envoy's configuration file\n connectTimeout: + 10s\n #\n ### ADVANCED SETTINGS #############\n # Where should envoy's configuration + be stored in the istio-proxy container\n configPath: \"/etc/istio/proxy\"\n binaryPath: + \"/usr/local/bin/envoy\"\n # The pseudo service name used for Envoy.\n serviceCluster: + istio-proxy\n # These settings that determine how long an old Envoy\n # process + should be kept alive after an occasional reload.\n drainDuration: 45s\n parentShutdownDuration: + 1m0s\n #\n # The mode used to redirect inbound connections to Envoy. This setting\n + \ # has no effect on outbound traffic: iptables REDIRECT is always used for\n + \ # outbound connections.\n # If \"REDIRECT\", use iptables REDIRECT to NAT and + redirect to Envoy.\n # The \"REDIRECT\" mode loses source addresses during redirection.\n + \ # If \"TPROXY\", use iptables TPROXY to redirect to Envoy.\n # The \"TPROXY\" + mode preserves both the source and destination IP\n # addresses and ports, so + that they can be used for advanced filtering\n # and manipulation.\n # The \"TPROXY\" + mode also configures the sidecar to run with the\n # CAP_NET_ADMIN capability, + which is required to use TPROXY.\n #interceptionMode: REDIRECT\n #\n # Port + where Envoy listens (on local host) for admin commands\n # You can exec into + the istio-proxy container in a pod and\n # curl the admin port (curl http://localhost:15000/) + to obtain\n # diagnostic information from Envoy. See\n # https://lyft.github.io/envoy/docs/operations/admin.html\n + \ # for more details\n proxyAdminPort: 15000\n #\n # Set concurrency to a specific + number to control the number of Proxy worker threads.\n # If set to 0 (default), + then start worker thread for each CPU thread/core.\n concurrency: 2\n #\n tracing:\n + \ zipkin:\n # Address of the Zipkin collector\n address: zipkin.istio-system:9411\n + \ #\n # Mutual TLS authentication between sidecars and istio control plane.\n + \ controlPlaneAuthPolicy: NONE\n #\n # Address where istio Pilot service is + running\n discoveryAddress: istio-pilot.istio-system:15010" + meshNetworks: 'networks: {}' +kind: ConfigMap +metadata: + labels: + app: istio + chart: istio + heritage: Tiller + release: istio + name: istio + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_kiali.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_kiali.yaml new file mode 100644 index 000000000..ec52e4be5 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_kiali.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: + config.yaml: "istio_namespace: istio-system\nserver:\n port: 20001\nexternal_services:\n + \ istio:\n url_service_version: http://istio-pilot:8080/version\n jaeger:\n + \ url: \n grafana:\n url: \n" +kind: ConfigMap +metadata: + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: kiali + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_prometheus.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_prometheus.yaml new file mode 100644 index 000000000..1a06e2ff6 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_configmap_prometheus.yaml @@ -0,0 +1,313 @@ +apiVersion: v1 +data: + prometheus.yml: |- + global: + scrape_interval: 15s + scrape_configs: + + - job_name: 'istio-mesh' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-telemetry;prometheus + + # Scrape config for envoy stats + - job_name: 'envoy-stats' + metrics_path: /stats/prometheus + kubernetes_sd_configs: + - role: pod + + relabel_configs: + - source_labels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:15090 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod_name + + metric_relabel_configs: + # Exclude some of the envoy metrics that have massive cardinality + # This list may need to be pruned further moving forward, as informed + # by performance and scalability testing. + - source_labels: [ cluster_name ] + regex: '(outbound|inbound|prometheus_stats).*' + action: drop + - source_labels: [ tcp_prefix ] + regex: '(outbound|inbound|prometheus_stats).*' + action: drop + - source_labels: [ listener_address ] + regex: '(.+)' + action: drop + - source_labels: [ http_conn_manager_listener_prefix ] + regex: '(.+)' + action: drop + - source_labels: [ http_conn_manager_prefix ] + regex: '(.+)' + action: drop + - source_labels: [ __name__ ] + regex: 'envoy_tls.*' + action: drop + - source_labels: [ __name__ ] + regex: 'envoy_tcp_downstream.*' + action: drop + - source_labels: [ __name__ ] + regex: 'envoy_http_(stats|admin).*' + action: drop + - source_labels: [ __name__ ] + regex: 'envoy_cluster_(lb|retry|bind|internal|max|original).*' + action: drop + + - job_name: 'istio-policy' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-policy;http-monitoring + + - job_name: 'istio-telemetry' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-telemetry;http-monitoring + + - job_name: 'pilot' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-pilot;http-monitoring + + - job_name: 'galley' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-galley;http-monitoring + + - job_name: 'citadel' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-citadel;http-monitoring + + # scrape config for API servers + - job_name: 'kubernetes-apiservers' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - default + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: kubernetes;https + + # scrape config for nodes (kubelet) + - job_name: 'kubernetes-nodes' + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/${1}/proxy/metrics + + # Scrape config for Kubelet cAdvisor. + # + # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics + # (those whose names begin with 'container_') have been removed from the + # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to + # retrieve those metrics. + # + # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor + # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" + # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with + # the --cadvisor-port=0 Kubelet flag). + # + # This job is not necessary and should be removed in Kubernetes 1.6 and + # earlier versions, or it will cause the metrics to be scraped twice. + - job_name: 'kubernetes-cadvisor' + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor + + # scrape config for service endpoints. + - job_name: 'kubernetes-service-endpoints' + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: kubernetes_name + + - job_name: 'kubernetes-pods' + kubernetes_sd_configs: + - role: pod + relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + # Keep target if there's no sidecar or if prometheus.io/scheme is explicitly set to "http" + - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] + action: keep + regex: ((;.*)|(.*;http)) + - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] + action: drop + regex: (true) + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod_name + + - job_name: 'kubernetes-pods-istio-secure' + scheme: https + tls_config: + ca_file: /etc/istio-certs/root-cert.pem + cert_file: /etc/istio-certs/cert-chain.pem + key_file: /etc/istio-certs/key.pem + insecure_skip_verify: true # prometheus does not support secure naming. + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + # sidecar status annotation is added by sidecar injector and + # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. + - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] + action: keep + regex: (([^;]+);([^;]*))|(([^;]*);(true)) + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] + action: drop + regex: (http) + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__] # Only keep address that is host:port + action: keep # otherwise an extra target with ':443' is added for https scheme + regex: ([^:]+):(\d+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod_name +kind: ConfigMap +metadata: + labels: + app: prometheus + chart: prometheus + heritage: Tiller + release: istio + name: prometheus + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_namespace_istio-system.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_namespace_istio-system.yaml new file mode 100644 index 000000000..072bd0fd7 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_namespace_istio-system.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + istio-injection: disabled + name: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_secret_kiali.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_secret_kiali.yaml new file mode 100644 index 000000000..c96321c01 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_secret_kiali.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: + passphrase: YWRtaW4= + username: YWRtaW4= +kind: Secret +metadata: + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: kiali + namespace: istio-system +type: Opaque diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_grafana.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_grafana.yaml new file mode 100644 index 000000000..ddc7dbff7 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_grafana.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + name: grafana + namespace: istio-system +spec: + ports: + - name: http + port: 3000 + protocol: TCP + targetPort: 3000 + selector: + app: grafana + type: ClusterIP diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-citadel.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-citadel.yaml new file mode 100644 index 000000000..4215ecb03 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-citadel.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: security + chart: security + heritage: Tiller + istio: citadel + release: istio + name: istio-citadel + namespace: istio-system +spec: + ports: + - name: grpc-citadel + port: 8060 + protocol: TCP + targetPort: 8060 + - name: http-monitoring + port: 15014 + selector: + istio: citadel diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-egressgateway.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-egressgateway.yaml new file mode 100644 index 000000000..4998a7f87 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-egressgateway.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: istio-egressgateway + chart: gateways + heritage: Tiller + istio: egressgateway + release: istio + name: istio-egressgateway + namespace: istio-system +spec: + ports: + - name: http2 + port: 80 + - name: https + port: 443 + - name: tls + port: 15443 + targetPort: 15443 + selector: + app: istio-egressgateway + istio: egressgateway + release: istio + type: ClusterIP diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-galley.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-galley.yaml new file mode 100644 index 000000000..e037f828d --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-galley.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: galley + chart: galley + heritage: Tiller + istio: galley + release: istio + name: istio-galley + namespace: istio-system +spec: + ports: + - name: https-validation + port: 443 + - name: http-monitoring + port: 15014 + - name: grpc-mcp + port: 9901 + selector: + istio: galley diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-ingressgateway.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-ingressgateway.yaml new file mode 100644 index 000000000..5833ac81f --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-ingressgateway.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + beta.cloud.google.com/backend-config: '{"ports": {"http2":"iap-backendconfig"}}' + labels: + app: istio-ingressgateway + chart: gateways + heritage: Tiller + istio: ingressgateway + release: istio + name: istio-ingressgateway + namespace: istio-system +spec: + ports: + - name: status-port + port: 15020 + targetPort: 15020 + - name: http2 + nodePort: 31380 + port: 80 + targetPort: 80 + - name: https + nodePort: 31390 + port: 443 + - name: tcp + nodePort: 31400 + port: 31400 + - name: https-kiali + port: 15029 + targetPort: 15029 + - name: https-prometheus + port: 15030 + targetPort: 15030 + - name: https-grafana + port: 15031 + targetPort: 15031 + - name: https-tracing + port: 15032 + targetPort: 15032 + - name: tls + port: 15443 + targetPort: 15443 + selector: + app: istio-ingressgateway + istio: ingressgateway + release: istio + type: NodePort diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-pilot.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-pilot.yaml new file mode 100644 index 000000000..20b0a6b50 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-pilot.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: pilot + chart: pilot + heritage: Tiller + istio: pilot + release: istio + name: istio-pilot + namespace: istio-system +spec: + ports: + - name: grpc-xds + port: 15010 + - name: https-xds + port: 15011 + - name: http-legacy-discovery + port: 8080 + - name: http-monitoring + port: 15014 + selector: + istio: pilot diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-policy.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-policy.yaml new file mode 100644 index 000000000..31ff71c40 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-policy.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + networking.istio.io/exportTo: '*' + labels: + app: mixer + chart: mixer + heritage: Tiller + istio: mixer + release: istio + name: istio-policy + namespace: istio-system +spec: + ports: + - name: grpc-mixer + port: 9091 + - name: grpc-mixer-mtls + port: 15004 + - name: http-monitoring + port: 15014 + selector: + istio: mixer + istio-mixer-type: policy diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-sidecar-injector.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-sidecar-injector.yaml new file mode 100644 index 000000000..877561ec4 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-sidecar-injector.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: sidecarInjectorWebhook + chart: sidecarInjectorWebhook + heritage: Tiller + istio: sidecar-injector + release: istio + name: istio-sidecar-injector + namespace: istio-system +spec: + ports: + - port: 443 + selector: + istio: sidecar-injector diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-telemetry.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-telemetry.yaml new file mode 100644 index 000000000..eebbbe697 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_istio-telemetry.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + networking.istio.io/exportTo: '*' + labels: + app: mixer + chart: mixer + heritage: Tiller + istio: mixer + release: istio + name: istio-telemetry + namespace: istio-system +spec: + ports: + - name: grpc-mixer + port: 9091 + - name: grpc-mixer-mtls + port: 15004 + - name: http-monitoring + port: 15014 + - name: prometheus + port: 42422 + selector: + istio: mixer + istio-mixer-type: telemetry diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_jaeger-agent.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_jaeger-agent.yaml new file mode 100644 index 000000000..1dfd5cd65 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_jaeger-agent.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: jaeger + chart: tracing + heritage: Tiller + jaeger-infra: agent-service + release: istio + name: jaeger-agent + namespace: istio-system +spec: + clusterIP: None + ports: + - name: agent-zipkin-thrift + port: 5775 + protocol: UDP + targetPort: 5775 + - name: agent-compact + port: 6831 + protocol: UDP + targetPort: 6831 + - name: agent-binary + port: 6832 + protocol: UDP + targetPort: 6832 + selector: + app: jaeger diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_jaeger-collector.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_jaeger-collector.yaml new file mode 100644 index 000000000..5f4aeccfb --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_jaeger-collector.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: jaeger + chart: tracing + heritage: Tiller + jaeger-infra: collector-service + release: istio + name: jaeger-collector + namespace: istio-system +spec: + ports: + - name: jaeger-collector-tchannel + port: 14267 + protocol: TCP + targetPort: 14267 + - name: jaeger-collector-http + port: 14268 + protocol: TCP + targetPort: 14268 + selector: + app: jaeger + type: ClusterIP diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_jaeger-query.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_jaeger-query.yaml new file mode 100644 index 000000000..94a9e9d15 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_jaeger-query.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: jaeger + chart: tracing + heritage: Tiller + jaeger-infra: jaeger-service + release: istio + name: jaeger-query + namespace: istio-system +spec: + ports: + - name: query-http + port: 16686 + protocol: TCP + targetPort: 16686 + selector: + app: jaeger diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_kiali.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_kiali.yaml new file mode 100644 index 000000000..049f4c74d --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_kiali.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: kiali + namespace: istio-system +spec: + ports: + - name: http-kiali + port: 20001 + protocol: TCP + selector: + app: kiali diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_prometheus.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_prometheus.yaml new file mode 100644 index 000000000..f0ecb03d6 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_prometheus.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/scrape: "true" + labels: + app: prometheus + chart: prometheus + heritage: Tiller + release: istio + name: prometheus + namespace: istio-system +spec: + ports: + - name: http-prometheus + port: 9090 + protocol: TCP + selector: + app: prometheus diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_tracing.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_tracing.yaml new file mode 100644 index 000000000..973e98032 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_tracing.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app: jaeger + chart: tracing + heritage: Tiller + release: istio + name: tracing + namespace: istio-system +spec: + ports: + - name: http-query + port: 80 + protocol: TCP + targetPort: 16686 + selector: + app: jaeger diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_zipkin.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_zipkin.yaml new file mode 100644 index 000000000..43acf0214 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_service_zipkin.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: jaeger + chart: tracing + heritage: Tiller + release: istio + name: zipkin + namespace: istio-system +spec: + ports: + - name: http + port: 9411 + protocol: TCP + targetPort: 9411 + selector: + app: jaeger + type: ClusterIP diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-citadel-service-account.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-citadel-service-account.yaml new file mode 100644 index 000000000..8cf250f0d --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-citadel-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-citadel-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-cleanup-secrets-service-account.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-cleanup-secrets-service-account.yaml new file mode 100644 index 000000000..ab525f7ce --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-cleanup-secrets-service-account.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + helm.sh/hook: post-delete + helm.sh/hook-delete-policy: hook-succeeded + helm.sh/hook-weight: "1" + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-cleanup-secrets-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-egressgateway-service-account.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-egressgateway-service-account.yaml new file mode 100644 index 000000000..5581b918c --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-egressgateway-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: istio-egressgateway + chart: gateways + heritage: Tiller + release: istio + name: istio-egressgateway-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-galley-service-account.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-galley-service-account.yaml new file mode 100644 index 000000000..adb8c1a61 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-galley-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: galley + chart: galley + heritage: Tiller + release: istio + name: istio-galley-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-grafana-post-install-account.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-grafana-post-install-account.yaml new file mode 100644 index 000000000..94a0b1f0a --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-grafana-post-install-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: grafana + chart: grafana + heritage: Tiller + release: istio + name: istio-grafana-post-install-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-ingressgateway-service-account.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-ingressgateway-service-account.yaml new file mode 100644 index 000000000..ad9a81526 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-ingressgateway-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: istio-ingressgateway + chart: gateways + heritage: Tiller + release: istio + name: istio-ingressgateway-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-mixer-service-account.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-mixer-service-account.yaml new file mode 100644 index 000000000..c0c452e95 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-mixer-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: mixer + chart: mixer + heritage: Tiller + release: istio + name: istio-mixer-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-multi.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-multi.yaml new file mode 100644 index 000000000..2ae58c18b --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-multi.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-multi + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-pilot-service-account.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-pilot-service-account.yaml new file mode 100644 index 000000000..e6b9404cd --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-pilot-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: pilot + chart: pilot + heritage: Tiller + release: istio + name: istio-pilot-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-security-post-install-account.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-security-post-install-account.yaml new file mode 100644 index 000000000..c844263f9 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-security-post-install-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: security + chart: security + heritage: Tiller + release: istio + name: istio-security-post-install-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-sidecar-injector-service-account.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-sidecar-injector-service-account.yaml new file mode 100644 index 000000000..e40f71183 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_istio-sidecar-injector-service-account.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: sidecarInjectorWebhook + chart: sidecarInjectorWebhook + heritage: Tiller + istio: sidecar-injector + release: istio + name: istio-sidecar-injector-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_kiali-service-account.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_kiali-service-account.yaml new file mode 100644 index 000000000..6a40ec814 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_kiali-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: kiali + chart: kiali + heritage: Tiller + release: istio + name: kiali-service-account + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_prometheus.yaml b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_prometheus.yaml new file mode 100644 index 000000000..2ad4d9880 --- /dev/null +++ b/tests/stacks/ibm/application/istio-stack/test_data/expected/~g_v1_serviceaccount_prometheus.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: prometheus + chart: prometheus + heritage: Tiller + release: istio + name: prometheus + namespace: istio-system diff --git a/tests/stacks/ibm/application/istio/kustomize_test.go b/tests/stacks/ibm/application/istio/kustomize_test.go new file mode 100644 index 000000000..75fe33be3 --- /dev/null +++ b/tests/stacks/ibm/application/istio/kustomize_test.go @@ -0,0 +1,15 @@ +package istio + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/ibm/application/istio", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_gateway_kubeflow-gateway.yaml b/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_gateway_kubeflow-gateway.yaml new file mode 100644 index 000000000..761c72b28 --- /dev/null +++ b/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_gateway_kubeflow-gateway.yaml @@ -0,0 +1,15 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: kubeflow-gateway + namespace: kubeflow +spec: + selector: + istio: ingressgateway + servers: + - hosts: + - '*' + port: + name: http + number: 80 + protocol: HTTP diff --git a/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-api-entry.yaml b/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-api-entry.yaml new file mode 100644 index 000000000..8b72b89b4 --- /dev/null +++ b/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-api-entry.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: ServiceEntry +metadata: + name: google-api-entry + namespace: kubeflow +spec: + hosts: + - www.googleapis.com + location: MESH_EXTERNAL + ports: + - name: https + number: 443 + protocol: HTTPS + resolution: DNS diff --git a/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-storage-api-entry.yaml b/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-storage-api-entry.yaml new file mode 100644 index 000000000..25a4323d9 --- /dev/null +++ b/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_serviceentry_google-storage-api-entry.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: ServiceEntry +metadata: + name: google-storage-api-entry + namespace: kubeflow +spec: + hosts: + - storage.googleapis.com + location: MESH_EXTERNAL + ports: + - name: https + number: 443 + protocol: HTTPS + resolution: DNS diff --git a/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-api-vs.yaml b/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-api-vs.yaml new file mode 100644 index 000000000..962ff0ad0 --- /dev/null +++ b/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-api-vs.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: google-api-vs + namespace: kubeflow +spec: + hosts: + - www.googleapis.com + tls: + - match: + - port: 443 + sni_hosts: + - www.googleapis.com + route: + - destination: + host: www.googleapis.com + port: + number: 443 + weight: 100 diff --git a/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-storage-api-vs.yaml b/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-storage-api-vs.yaml new file mode 100644 index 000000000..0a36119b5 --- /dev/null +++ b/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_google-storage-api-vs.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: google-storage-api-vs + namespace: kubeflow +spec: + hosts: + - storage.googleapis.com + tls: + - match: + - port: 443 + sni_hosts: + - storage.googleapis.com + route: + - destination: + host: storage.googleapis.com + port: + number: 443 + weight: 100 diff --git a/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_grafana-vs.yaml b/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_grafana-vs.yaml new file mode 100644 index 000000000..f3c49cca8 --- /dev/null +++ b/tests/stacks/ibm/application/istio/test_data/expected/networking.istio.io_v1alpha3_virtualservice_grafana-vs.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: grafana-vs + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - method: + exact: GET + uri: + prefix: /istio/grafana/ + rewrite: + uri: / + route: + - destination: + host: grafana.istio-system.svc.cluster.local + port: + number: 3000 diff --git a/tests/stacks/ibm/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-admin.yaml b/tests/stacks/ibm/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-admin.yaml new file mode 100644 index 000000000..b9f424a12 --- /dev/null +++ b/tests/stacks/ibm/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-admin.yaml @@ -0,0 +1,11 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-istio-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-istio-admin +rules: [] diff --git a/tests/stacks/ibm/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-edit.yaml b/tests/stacks/ibm/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-edit.yaml new file mode 100644 index 000000000..fa0a1943e --- /dev/null +++ b/tests/stacks/ibm/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-edit.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-istio-admin: "true" + name: kubeflow-istio-edit +rules: +- apiGroups: + - istio.io + - networking.istio.io + resources: + - '*' + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/ibm/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-view.yaml b/tests/stacks/ibm/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-view.yaml new file mode 100644 index 000000000..daf441919 --- /dev/null +++ b/tests/stacks/ibm/application/istio/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-istio-view.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-istio-view +rules: +- apiGroups: + - istio.io + - networking.istio.io + resources: + - '*' + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/application/istio/test_data/expected/rbac.istio.io_v1alpha1_clusterrbacconfig_default.yaml b/tests/stacks/ibm/application/istio/test_data/expected/rbac.istio.io_v1alpha1_clusterrbacconfig_default.yaml new file mode 100644 index 000000000..9c7e471eb --- /dev/null +++ b/tests/stacks/ibm/application/istio/test_data/expected/rbac.istio.io_v1alpha1_clusterrbacconfig_default.yaml @@ -0,0 +1,10 @@ +apiVersion: rbac.istio.io/v1alpha1 +kind: ClusterRbacConfig +metadata: + name: default + namespace: kubeflow +spec: + exclusion: + namespaces: + - istio-system + mode: "OFF" diff --git a/tests/stacks/ibm/application/istio/test_data/expected/~g_v1_configmap_istio-parameters-t6hhgfg9k2.yaml b/tests/stacks/ibm/application/istio/test_data/expected/~g_v1_configmap_istio-parameters-t6hhgfg9k2.yaml new file mode 100644 index 000000000..ccc61b697 --- /dev/null +++ b/tests/stacks/ibm/application/istio/test_data/expected/~g_v1_configmap_istio-parameters-t6hhgfg9k2.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + clusterRbacConfig: "OFF" + gatewaySelector: ingressgateway +kind: ConfigMap +metadata: + annotations: {} + labels: {} + name: istio-parameters-t6hhgfg9k2 + namespace: kubeflow diff --git a/tests/stacks/ibm/application/jupyter-web-app/base/kustomize_test.go b/tests/stacks/ibm/application/jupyter-web-app/base/kustomize_test.go new file mode 100644 index 000000000..16726854a --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/base/kustomize_test.go @@ -0,0 +1,15 @@ +package base + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../../stacks/ibm/application/jupyter-web-app/base", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml new file mode 100644 index 000000000..7c172e2e6 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + spec: + containers: + - env: + - name: ROK_SECRET_NAME + valueFrom: + configMapKeyRef: + key: ROK_SECRET_NAME + name: jupyter-web-app-parameters + - name: UI + valueFrom: + configMapKeyRef: + key: UI + name: jupyter-web-app-parameters + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config + image: gcr.io/kubeflow-images-public/jupyter-web-app:vmaster-gd9be4b9e + imagePullPolicy: Always + name: jupyter-web-app + ports: + - containerPort: 5000 + volumeMounts: + - mountPath: /etc/config + name: config-volume + serviceAccountName: jupyter-web-app-service-account + volumes: + - configMap: + name: jupyter-web-app-jupyter-web-app-config + name: config-volume diff --git a/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml new file mode 100644 index 000000000..0c0539fd4 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml @@ -0,0 +1,59 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - create + - delete +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml new file mode 100644 index 000000000..7372f11b7 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: jupyter-web-app-kubeflow-notebook-ui-admin +rules: [] diff --git a/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml new file mode 100644 index 000000000..6e3413fe9 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: jupyter-web-app-kubeflow-notebook-ui-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete diff --git a/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml new file mode 100644 index 000000000..7efa2fe3c --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: jupyter-web-app-kubeflow-notebook-ui-view +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml new file mode 100644 index 000000000..c5aa98870 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jupyter-web-app-cluster-role +subjects: +- kind: ServiceAccount + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml new file mode 100644 index 000000000..569a985b1 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml @@ -0,0 +1,41 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + - secrets + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' diff --git a/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml new file mode 100644 index 000000000..4bf3335ba --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jupyter-web-app-jupyter-notebook-role +subjects: +- kind: ServiceAccount + name: jupyter-notebook diff --git a/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml new file mode 100644 index 000000000..60115c258 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml @@ -0,0 +1,140 @@ +apiVersion: v1 +data: + spawner_ui_config.yaml: |- + # Configuration file for the Jupyter UI. + # + # Each Jupyter UI option is configured by two keys: 'value' and 'readOnly' + # - The 'value' key contains the default value + # - The 'readOnly' key determines if the option will be available to users + # + # If the 'readOnly' key is present and set to 'true', the respective option + # will be disabled for users and only set by the admin. Also when a + # Notebook is POSTED to the API if a necessary field is not present then + # the value from the config will be used. + # + # If the 'readOnly' key is missing (defaults to 'false'), the respective option + # will be available for users to edit. + # + # Note that some values can be templated. Such values are the names of the + # Volumes as well as their StorageClass + spawnerFormDefaults: + image: + # The container Image for the user's Jupyter Notebook + # If readonly, this value must be a member of the list below + value: gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + # The list of available standard container Images + options: + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-gpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-gpu:1.0.0 + # By default, custom container Images are allowed + # Uncomment the following line to only enable standard container Images + readOnly: false + cpu: + # CPU for user's Notebook + value: '0.5' + readOnly: false + memory: + # Memory for user's Notebook + value: 1.0Gi + readOnly: false + workspaceVolume: + # Workspace Volume to be attached to user's Notebook + # Each Workspace Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + value: + type: + # The Type of the Workspace Volume + # Supported values: 'New', 'Existing' + value: New + name: + # The Name of the Workspace Volume + # Note that this is a templated value. Special values: + # {notebook-name}: Replaced with the name of the Notebook. The frontend + # will replace this value as the user types the name + value: 'workspace-{notebook-name}' + size: + # The Size of the Workspace Volume (in Gi) + value: '10Gi' + mountPath: + # The Path that the Workspace Volume will be mounted + value: /home/jovyan + accessModes: + # The Access Mode of the Workspace Volume + # Supported values: 'ReadWriteOnce', 'ReadWriteMany', 'ReadOnlyMany' + value: ReadWriteOnce + class: + # The StrageClass the PVC will use if type is New. Special values are: + # {none}: default StorageClass + # {empty}: empty string "" + value: '{none}' + readOnly: false + dataVolumes: + # List of additional Data Volumes to be attached to the user's Notebook + value: [] + # Each Data Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + # + # For example, a list with 2 Data Volumes: + # value: + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-1' + # size: + # value: '10Gi' + # class: + # value: standard + # mountPath: + # value: /home/jovyan/vol-1 + # accessModes: + # value: ReadWriteOnce + # class: + # value: {none} + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-2' + # size: + # value: '10Gi' + # mountPath: + # value: /home/jovyan/vol-2 + # accessModes: + # value: ReadWriteMany + # class: + # value: {none} + readOnly: false + gpus: + # Number of GPUs to be assigned to the Notebook Container + value: + # values: "none", "1", "2", "4", "8" + num: "none" + # Determines what the UI will show and send to the backend + vendors: + - limitsKey: "nvidia.com/gpu" + uiName: "NVIDIA" + # Values: "" or a `limits-key` from the vendors list + vendor: "" + readOnly: false + shm: + value: true + readOnly: false + configurations: + # List of labels to be selected, these are the labels from PodDefaults + # value: + # - add-gcp-secret + # - default-editor + value: [] + readOnly: false +kind: ConfigMap +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app-config + namespace: kubeflow diff --git a/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml new file mode 100644 index 000000000..e089825a8 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + ROK_SECRET_NAME: secret-rok-{username} + UI: default + policy: Always + prefix: jupyter +kind: ConfigMap +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-parameters + namespace: kubeflow diff --git a/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml new file mode 100644 index 000000000..098ea28b6 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + getambassador.io/config: |- + --- + apiVersion: ambassador/v0 + kind: Mapping + name: webapp_mapping + prefix: /jupyter/ + service: jupyter-web-app-service.$(namespace) + add_request_headers: + x-forwarded-prefix: /jupyter + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + run: jupyter-web-app + name: jupyter-web-app-service + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 5000 + selector: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + type: ClusterIP diff --git a/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml new file mode 100644 index 000000000..0c1492772 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/base/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/application/jupyter-web-app/kustomize_test.go b/tests/stacks/ibm/application/jupyter-web-app/kustomize_test.go new file mode 100644 index 000000000..7fea301ad --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/kustomize_test.go @@ -0,0 +1,15 @@ +package jupyter_web_app + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/ibm/application/jupyter-web-app", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app.yaml b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app.yaml new file mode 100644 index 000000000..cef234ad8 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app.yaml @@ -0,0 +1,53 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + name: jupyter-web-app + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: rbac.authorization.k8s.io + kind: RoleBinding + - group: rbac.authorization.k8s.io + kind: Role + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Provides a UI which allows the user to create/conect/delete jupyter + notebooks. + keywords: + - jupyterhub + - jupyter ui + - notebooks + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/jupyter-web-app + - description: Docs + url: https://www.kubeflow.org/docs/notebooks + maintainers: + - email: kimwnasptd@arrikto.com + name: Kimonas Sotirchos + owners: + - email: kimwnasptd@arrikto.com + name: Kimonas Sotirchos + type: jupyter-web-app + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/instance: jupyter-web-app-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: jupyter-web-app + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml new file mode 100644 index 000000000..7c172e2e6 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + spec: + containers: + - env: + - name: ROK_SECRET_NAME + valueFrom: + configMapKeyRef: + key: ROK_SECRET_NAME + name: jupyter-web-app-parameters + - name: UI + valueFrom: + configMapKeyRef: + key: UI + name: jupyter-web-app-parameters + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config + image: gcr.io/kubeflow-images-public/jupyter-web-app:vmaster-gd9be4b9e + imagePullPolicy: Always + name: jupyter-web-app + ports: + - containerPort: 5000 + volumeMounts: + - mountPath: /etc/config + name: config-volume + serviceAccountName: jupyter-web-app-service-account + volumes: + - configMap: + name: jupyter-web-app-jupyter-web-app-config + name: config-volume diff --git a/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app.yaml b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app.yaml new file mode 100644 index 000000000..df4b224d4 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: jupyter-web-app + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - headers: + request: + add: + x-forwarded-prefix: /jupyter + match: + - uri: + prefix: /jupyter/ + rewrite: + uri: / + route: + - destination: + host: jupyter-web-app-service.$(namespace).svc.$(clusterDomain) + port: + number: 80 diff --git a/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml new file mode 100644 index 000000000..0c0539fd4 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml @@ -0,0 +1,59 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - create + - delete +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml new file mode 100644 index 000000000..7372f11b7 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: jupyter-web-app-kubeflow-notebook-ui-admin +rules: [] diff --git a/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml new file mode 100644 index 000000000..6e3413fe9 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: jupyter-web-app-kubeflow-notebook-ui-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete diff --git a/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml new file mode 100644 index 000000000..7efa2fe3c --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: jupyter-web-app-kubeflow-notebook-ui-view +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml new file mode 100644 index 000000000..c5aa98870 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jupyter-web-app-cluster-role +subjects: +- kind: ServiceAccount + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml new file mode 100644 index 000000000..569a985b1 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml @@ -0,0 +1,41 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + - secrets + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' diff --git a/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml new file mode 100644 index 000000000..4bf3335ba --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jupyter-web-app-jupyter-notebook-role +subjects: +- kind: ServiceAccount + name: jupyter-notebook diff --git a/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml new file mode 100644 index 000000000..60115c258 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml @@ -0,0 +1,140 @@ +apiVersion: v1 +data: + spawner_ui_config.yaml: |- + # Configuration file for the Jupyter UI. + # + # Each Jupyter UI option is configured by two keys: 'value' and 'readOnly' + # - The 'value' key contains the default value + # - The 'readOnly' key determines if the option will be available to users + # + # If the 'readOnly' key is present and set to 'true', the respective option + # will be disabled for users and only set by the admin. Also when a + # Notebook is POSTED to the API if a necessary field is not present then + # the value from the config will be used. + # + # If the 'readOnly' key is missing (defaults to 'false'), the respective option + # will be available for users to edit. + # + # Note that some values can be templated. Such values are the names of the + # Volumes as well as their StorageClass + spawnerFormDefaults: + image: + # The container Image for the user's Jupyter Notebook + # If readonly, this value must be a member of the list below + value: gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + # The list of available standard container Images + options: + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-gpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-gpu:1.0.0 + # By default, custom container Images are allowed + # Uncomment the following line to only enable standard container Images + readOnly: false + cpu: + # CPU for user's Notebook + value: '0.5' + readOnly: false + memory: + # Memory for user's Notebook + value: 1.0Gi + readOnly: false + workspaceVolume: + # Workspace Volume to be attached to user's Notebook + # Each Workspace Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + value: + type: + # The Type of the Workspace Volume + # Supported values: 'New', 'Existing' + value: New + name: + # The Name of the Workspace Volume + # Note that this is a templated value. Special values: + # {notebook-name}: Replaced with the name of the Notebook. The frontend + # will replace this value as the user types the name + value: 'workspace-{notebook-name}' + size: + # The Size of the Workspace Volume (in Gi) + value: '10Gi' + mountPath: + # The Path that the Workspace Volume will be mounted + value: /home/jovyan + accessModes: + # The Access Mode of the Workspace Volume + # Supported values: 'ReadWriteOnce', 'ReadWriteMany', 'ReadOnlyMany' + value: ReadWriteOnce + class: + # The StrageClass the PVC will use if type is New. Special values are: + # {none}: default StorageClass + # {empty}: empty string "" + value: '{none}' + readOnly: false + dataVolumes: + # List of additional Data Volumes to be attached to the user's Notebook + value: [] + # Each Data Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + # + # For example, a list with 2 Data Volumes: + # value: + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-1' + # size: + # value: '10Gi' + # class: + # value: standard + # mountPath: + # value: /home/jovyan/vol-1 + # accessModes: + # value: ReadWriteOnce + # class: + # value: {none} + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-2' + # size: + # value: '10Gi' + # mountPath: + # value: /home/jovyan/vol-2 + # accessModes: + # value: ReadWriteMany + # class: + # value: {none} + readOnly: false + gpus: + # Number of GPUs to be assigned to the Notebook Container + value: + # values: "none", "1", "2", "4", "8" + num: "none" + # Determines what the UI will show and send to the backend + vendors: + - limitsKey: "nvidia.com/gpu" + uiName: "NVIDIA" + # Values: "" or a `limits-key` from the vendors list + vendor: "" + readOnly: false + shm: + value: true + readOnly: false + configurations: + # List of labels to be selected, these are the labels from PodDefaults + # value: + # - add-gcp-secret + # - default-editor + value: [] + readOnly: false +kind: ConfigMap +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app-config + namespace: kubeflow diff --git a/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml new file mode 100644 index 000000000..e089825a8 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + ROK_SECRET_NAME: secret-rok-{username} + UI: default + policy: Always + prefix: jupyter +kind: ConfigMap +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-parameters + namespace: kubeflow diff --git a/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml new file mode 100644 index 000000000..098ea28b6 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + getambassador.io/config: |- + --- + apiVersion: ambassador/v0 + kind: Mapping + name: webapp_mapping + prefix: /jupyter/ + service: jupyter-web-app-service.$(namespace) + add_request_headers: + x-forwarded-prefix: /jupyter + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + run: jupyter-web-app + name: jupyter-web-app-service + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 5000 + selector: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + type: ClusterIP diff --git a/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml new file mode 100644 index 000000000..0c1492772 --- /dev/null +++ b/tests/stacks/ibm/application/jupyter-web-app/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/application/metadata/kustomize_test.go b/tests/stacks/ibm/application/metadata/kustomize_test.go new file mode 100644 index 000000000..d0b22fce2 --- /dev/null +++ b/tests/stacks/ibm/application/metadata/kustomize_test.go @@ -0,0 +1,15 @@ +package metadata + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/ibm/application/metadata", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/app.k8s.io_v1beta1_application_metadata.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/app.k8s.io_v1beta1_application_metadata.yaml new file mode 100644 index 000000000..96083e85b --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/app.k8s.io_v1beta1_application_metadata.yaml @@ -0,0 +1,45 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: metadata + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ConfigMap + - group: core + kind: ServiceAccount + descriptor: + description: Tracking and managing metadata of machine learning workflows in Kubeflow. + keywords: + - metadata + links: + - description: Docs + url: https://www.kubeflow.org/docs/components/misc/metadata/ + maintainers: + - email: zhenghui@google.com + name: Zhenghui Wang + owners: + - email: ajaygopinathan@google.com + name: Ajay Gopinathan + - email: zhenghui@google.com + name: Zhenghui Wang + type: metadata + version: alpha + selector: + matchLabels: + app.kubernetes.io/component: metadata + app.kubernetes.io/instance: metadata-0.2.1 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: metadata + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: 0.2.1 diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/apps_v1_deployment_metadata-db.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/apps_v1_deployment_metadata-db.yaml new file mode 100644 index 000000000..420c69c4d --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/apps_v1_deployment_metadata-db.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: db + kustomize.component: metadata + name: metadata-db + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: db + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: db + kustomize.component: metadata + name: db + spec: + containers: + - args: + - --datadir + - /var/lib/mysql/datadir + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + image: mysql:5.6 + name: db-container + ports: + - containerPort: 3306 + name: dbapi + readinessProbe: + exec: + command: + - /bin/bash + - -c + - mysql -D $$MYSQL_DATABASE -p$$MYSQL_ROOT_PASSWORD -e 'SELECT 1' + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/lib/mysql + name: metadata-mysql + volumes: + - name: metadata-mysql + persistentVolumeClaim: + claimName: metadata-mysql diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/apps_v1_deployment_metadata-deployment.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/apps_v1_deployment_metadata-deployment.yaml new file mode 100644 index 000000000..936db258c --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/apps_v1_deployment_metadata-deployment.yaml @@ -0,0 +1,67 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: server + kustomize.component: metadata + name: metadata-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: server + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: server + kustomize.component: metadata + spec: + containers: + - command: + - ./server/server + - --http_port=8080 + - --mysql_service_host=metadata-db + - --mysql_service_port=$(MYSQL_PORT) + - --mysql_service_user=$(MYSQL_USER_NAME) + - --mysql_service_password=$(MYSQL_ROOT_PASSWORD) + - --mlmd_db_name=$(MYSQL_DATABASE) + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + image: gcr.io/kubeflow-images-public/metadata:v0.1.11 + livenessProbe: + httpGet: + httpHeaders: + - name: ContentType + value: application/json + path: /api/v1alpha1/artifact_types + port: backendapi + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: container + ports: + - containerPort: 8080 + name: backendapi + readinessProbe: + httpGet: + httpHeaders: + - name: ContentType + value: application/json + path: /api/v1alpha1/artifact_types + port: backendapi + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml new file mode 100644 index 000000000..318cb9dca --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: envoy + kustomize.component: metadata + name: metadata-envoy-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: envoy + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: envoy + kustomize.component: metadata + spec: + containers: + - image: gcr.io/ml-pipeline/envoy:metadata-grpc + name: container + ports: + - containerPort: 9090 + name: md-envoy + - containerPort: 9901 + name: envoy-admin diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml new file mode 100644 index 000000000..19a8c7af5 --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: grpc-server + kustomize.component: metadata + name: metadata-grpc-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: grpc-server + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: grpc-server + kustomize.component: metadata + spec: + containers: + - args: + - --grpc_port=$(METADATA_GRPC_SERVICE_PORT) + - --mysql_config_host=metadata-db + - --mysql_config_database=$(MYSQL_DATABASE) + - --mysql_config_port=$(MYSQL_PORT) + - --mysql_config_user=$(MYSQL_USER_NAME) + - --mysql_config_password=$(MYSQL_ROOT_PASSWORD) + command: + - /bin/metadata_store_server + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + - configMapRef: + name: metadata-grpc-configmap + image: gcr.io/tfx-oss-public/ml_metadata_store_server:v0.21.1 + name: container + ports: + - containerPort: 8080 + name: grpc-backendapi diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/apps_v1_deployment_metadata-ui.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/apps_v1_deployment_metadata-ui.yaml new file mode 100644 index 000000000..4e61f6e8f --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/apps_v1_deployment_metadata-ui.yaml @@ -0,0 +1,35 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metadata-ui + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: metadata-ui + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: metadata-ui + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: ui + spec: + containers: + - image: gcr.io/kubeflow-images-public/metadata-frontend:v0.1.8 + imagePullPolicy: IfNotPresent + name: metadata-ui + ports: + - containerPort: 3000 + serviceAccountName: metadata-ui diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml new file mode 100644 index 000000000..b26c52c9c --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: metadata-grpc + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /ml_metadata + rewrite: + uri: /ml_metadata + route: + - destination: + host: metadata-envoy-service.kubeflow.svc.cluster.local + port: + number: 9090 + timeout: 300s diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml new file mode 100644 index 000000000..bd49b9c61 --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /metadata + rewrite: + uri: /metadata + route: + - destination: + host: metadata-ui.kubeflow.svc.cluster.local + port: + number: 80 + timeout: 300s diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml new file mode 100644 index 000000000..12d83cc35 --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml @@ -0,0 +1,30 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: metadata-ui + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - create + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml new file mode 100644 index 000000000..fd0a06f4c --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: metadata-ui + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: metadata-ui +subjects: +- kind: ServiceAccount + name: ui + namespace: kubeflow diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml new file mode 100644 index 000000000..ceb1d41db --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + MYSQL_ALLOW_EMPTY_PASSWORD: "true" + MYSQL_DATABASE: metadb + MYSQL_PORT: "3306" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: metadata-db-parameters + namespace: kubeflow diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml new file mode 100644 index 000000000..d3c9bb36c --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + METADATA_GRPC_SERVICE_HOST: metadata-grpc-service + METADATA_GRPC_SERVICE_PORT: "8080" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: metadata-grpc-configmap + namespace: kubeflow diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml new file mode 100644 index 000000000..4712d44a4 --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + uiClusterDomain: cluster.local +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: metadata-ui-parameters + namespace: kubeflow diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml new file mode 100644 index 000000000..40d6ad36e --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: metadata-mysql + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml new file mode 100644 index 000000000..0f332f2bc --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + MYSQL_ROOT_PASSWORD: dGVzdA== + MYSQL_USER_NAME: cm9vdA== +kind: Secret +metadata: + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: metadata-db-secrets + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_service_metadata-db.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_service_metadata-db.yaml new file mode 100644 index 000000000..7bf24ae24 --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_service_metadata-db.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: db + kustomize.component: metadata + name: metadata-db + namespace: kubeflow +spec: + ports: + - name: dbapi + port: 3306 + protocol: TCP + selector: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: db + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_service_metadata-envoy-service.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_service_metadata-envoy-service.yaml new file mode 100644 index 000000000..882bac7aa --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_service_metadata-envoy-service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: metadata-envoy-service + namespace: kubeflow +spec: + ports: + - name: md-envoy + port: 9090 + protocol: TCP + selector: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: envoy + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_service_metadata-grpc-service.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_service_metadata-grpc-service.yaml new file mode 100644 index 000000000..a1ace55dd --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_service_metadata-grpc-service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: grpc-metadata + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: metadata-grpc-service + namespace: kubeflow +spec: + ports: + - name: grpc-backendapi + port: 8080 + protocol: TCP + selector: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: grpc-server + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_service_metadata-service.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_service_metadata-service.yaml new file mode 100644 index 000000000..86921bd72 --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_service_metadata-service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: metadata-service + namespace: kubeflow +spec: + ports: + - name: backendapi + port: 8080 + protocol: TCP + selector: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + component: server + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_service_metadata-ui.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_service_metadata-ui.yaml new file mode 100644 index 000000000..a88021db5 --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_service_metadata-ui.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata-ui + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: metadata-ui + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata diff --git a/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml new file mode 100644 index 000000000..79eca1798 --- /dev/null +++ b/tests/stacks/ibm/application/metadata/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: metadata + app.kubernetes.io/name: metadata + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow diff --git a/tests/stacks/ibm/application/notebook-controller/base/kustomize_test.go b/tests/stacks/ibm/application/notebook-controller/base/kustomize_test.go new file mode 100644 index 000000000..9ff6339ab --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/base/kustomize_test.go @@ -0,0 +1,15 @@ +package base + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../../stacks/ibm/application/notebook-controller/base", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml new file mode 100644 index 000000000..1e031ae88 --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml @@ -0,0 +1,69 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebooks.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Notebook + plural: notebooks + singular: notebook + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + template: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + properties: + spec: + type: object + type: object + type: object + status: + properties: + conditions: + description: Conditions is an array of current conditions + items: + properties: + type: + description: Type of the confition/ + type: string + required: + - type + type: object + type: array + required: + - conditions + type: object + versions: + - name: v1alpha1 + served: true + storage: false + - name: v1beta1 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml new file mode 100644 index 000000000..6895e4e65 --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-deployment + namespace: kubeflow +spec: + selector: + matchLabels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + spec: + containers: + - command: + - /manager + env: + - name: USE_ISTIO + valueFrom: + configMapKeyRef: + key: USE_ISTIO + name: notebook-controller-config + - name: ISTIO_GATEWAY + valueFrom: + configMapKeyRef: + key: ISTIO_GATEWAY + name: notebook-controller-config + image: gcr.io/kubeflow-images-public/notebook-controller:vmaster-gf39279c0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + name: manager + serviceAccountName: notebook-controller-service-account diff --git a/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml new file mode 100644 index 000000000..41459ef30 --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml @@ -0,0 +1,15 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-notebooks-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: notebook-controller-kubeflow-notebooks-admin +rules: [] diff --git a/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml new file mode 100644 index 000000000..3ae0c1cd8 --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-notebooks-admin: "true" + name: notebook-controller-kubeflow-notebooks-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml new file mode 100644 index 000000000..9e28e0829 --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: notebook-controller-kubeflow-notebooks-view +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml new file mode 100644 index 000000000..02d880f8e --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-role +rules: +- apiGroups: + - apps + resources: + - statefulsets + - deployments + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + - notebooks/finalizers + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - '*' diff --git a/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml new file mode 100644 index 000000000..30d3f08b7 --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: notebook-controller-role +subjects: +- kind: ServiceAccount + name: notebook-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/~g_v1_configmap_notebook-controller-config.yaml b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/~g_v1_configmap_notebook-controller-config.yaml new file mode 100644 index 000000000..a4144c9bb --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/~g_v1_configmap_notebook-controller-config.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + ISTIO_GATEWAY: kubeflow/kubeflow-gateway + USE_ISTIO: "true" +kind: ConfigMap +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-config + namespace: kubeflow diff --git a/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/~g_v1_service_notebook-controller-service.yaml b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/~g_v1_service_notebook-controller-service.yaml new file mode 100644 index 000000000..a9f1b4b8e --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/~g_v1_service_notebook-controller-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-service + namespace: kubeflow +spec: + ports: + - port: 443 + selector: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller diff --git a/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml new file mode 100644 index 000000000..d34df9217 --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/base/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/application/notebook-controller/kustomize_test.go b/tests/stacks/ibm/application/notebook-controller/kustomize_test.go new file mode 100644 index 000000000..0af784f85 --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/kustomize_test.go @@ -0,0 +1,15 @@ +package notebook_controller + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/ibm/application/notebook-controller", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/notebook-controller/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml b/tests/stacks/ibm/application/notebook-controller/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml new file mode 100644 index 000000000..1e031ae88 --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml @@ -0,0 +1,69 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebooks.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Notebook + plural: notebooks + singular: notebook + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + template: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + properties: + spec: + type: object + type: object + type: object + status: + properties: + conditions: + description: Conditions is an array of current conditions + items: + properties: + type: + description: Type of the confition/ + type: string + required: + - type + type: object + type: array + required: + - conditions + type: object + versions: + - name: v1alpha1 + served: true + storage: false + - name: v1beta1 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/tests/stacks/ibm/application/notebook-controller/test_data/expected/default_app.k8s.io_v1beta1_application_notebook-controller.yaml b/tests/stacks/ibm/application/notebook-controller/test_data/expected/default_app.k8s.io_v1beta1_application_notebook-controller.yaml new file mode 100644 index 000000000..f22d4368e --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/test_data/expected/default_app.k8s.io_v1beta1_application_notebook-controller.yaml @@ -0,0 +1,43 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + name: notebook-controller +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + descriptor: + description: Notebooks controller allows users to create a custom resource \"Notebook\" + (jupyter notebook). + keywords: + - jupyter + - notebook + - notebook-controller + - jupyterhub + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/notebook-controller + maintainers: + - email: lunkai@google.com + name: Lun-kai Hsu + owners: + - email: lunkai@gogle.com + name: Lun-kai Hsu + type: notebook-controller + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/instance: notebook-controller-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: notebook-controller + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/ibm/application/notebook-controller/test_data/expected/kubeflow_apps_v1_deployment_notebook-controller-deployment.yaml b/tests/stacks/ibm/application/notebook-controller/test_data/expected/kubeflow_apps_v1_deployment_notebook-controller-deployment.yaml new file mode 100644 index 000000000..6895e4e65 --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/test_data/expected/kubeflow_apps_v1_deployment_notebook-controller-deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-deployment + namespace: kubeflow +spec: + selector: + matchLabels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + spec: + containers: + - command: + - /manager + env: + - name: USE_ISTIO + valueFrom: + configMapKeyRef: + key: USE_ISTIO + name: notebook-controller-config + - name: ISTIO_GATEWAY + valueFrom: + configMapKeyRef: + key: ISTIO_GATEWAY + name: notebook-controller-config + image: gcr.io/kubeflow-images-public/notebook-controller:vmaster-gf39279c0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + name: manager + serviceAccountName: notebook-controller-service-account diff --git a/tests/stacks/ibm/application/notebook-controller/test_data/expected/kubeflow_~g_v1_configmap_notebook-controller-config.yaml b/tests/stacks/ibm/application/notebook-controller/test_data/expected/kubeflow_~g_v1_configmap_notebook-controller-config.yaml new file mode 100644 index 000000000..a4144c9bb --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/test_data/expected/kubeflow_~g_v1_configmap_notebook-controller-config.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + ISTIO_GATEWAY: kubeflow/kubeflow-gateway + USE_ISTIO: "true" +kind: ConfigMap +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-config + namespace: kubeflow diff --git a/tests/stacks/ibm/application/notebook-controller/test_data/expected/kubeflow_~g_v1_service_notebook-controller-service.yaml b/tests/stacks/ibm/application/notebook-controller/test_data/expected/kubeflow_~g_v1_service_notebook-controller-service.yaml new file mode 100644 index 000000000..a9f1b4b8e --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/test_data/expected/kubeflow_~g_v1_service_notebook-controller-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-service + namespace: kubeflow +spec: + ports: + - port: 443 + selector: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller diff --git a/tests/stacks/ibm/application/notebook-controller/test_data/expected/kubeflow_~g_v1_serviceaccount_notebook-controller-service-account.yaml b/tests/stacks/ibm/application/notebook-controller/test_data/expected/kubeflow_~g_v1_serviceaccount_notebook-controller-service-account.yaml new file mode 100644 index 000000000..d34df9217 --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/test_data/expected/kubeflow_~g_v1_serviceaccount_notebook-controller-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml b/tests/stacks/ibm/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml new file mode 100644 index 000000000..41459ef30 --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml @@ -0,0 +1,15 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-notebooks-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: notebook-controller-kubeflow-notebooks-admin +rules: [] diff --git a/tests/stacks/ibm/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml b/tests/stacks/ibm/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml new file mode 100644 index 000000000..3ae0c1cd8 --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-notebooks-admin: "true" + name: notebook-controller-kubeflow-notebooks-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/ibm/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml b/tests/stacks/ibm/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml new file mode 100644 index 000000000..9e28e0829 --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: notebook-controller-kubeflow-notebooks-view +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml b/tests/stacks/ibm/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml new file mode 100644 index 000000000..02d880f8e --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-role +rules: +- apiGroups: + - apps + resources: + - statefulsets + - deployments + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + - notebooks/finalizers + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - '*' diff --git a/tests/stacks/ibm/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml b/tests/stacks/ibm/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml new file mode 100644 index 000000000..30d3f08b7 --- /dev/null +++ b/tests/stacks/ibm/application/notebook-controller/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: notebook-controller-role +subjects: +- kind: ServiceAccount + name: notebook-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/application/pipelines-ui/kustomize_test.go b/tests/stacks/ibm/application/pipelines-ui/kustomize_test.go new file mode 100644 index 000000000..25ebd19cc --- /dev/null +++ b/tests/stacks/ibm/application/pipelines-ui/kustomize_test.go @@ -0,0 +1,15 @@ +package pipelines_ui + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/ibm/application/pipelines-ui", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/pipelines-ui/test_data/expected/app.k8s.io_v1beta1_application_pipelines-ui.yaml b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/app.k8s.io_v1beta1_application_pipelines-ui.yaml new file mode 100644 index 000000000..92c48cfed --- /dev/null +++ b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/app.k8s.io_v1beta1_application_pipelines-ui.yaml @@ -0,0 +1,35 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: pipelines-ui + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - pipelines-ui + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: pipelines-ui + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/instance: pipelines-ui-0.2.5 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: pipelines-ui + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: 0.2.5 diff --git a/tests/stacks/ibm/application/pipelines-ui/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml new file mode 100644 index 000000000..7079de947 --- /dev/null +++ b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + spec: + containers: + - env: + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" + image: gcr.io/ml-pipeline/frontend:0.2.5 + imagePullPolicy: IfNotPresent + name: ml-pipeline-ui + ports: + - containerPort: 3000 + serviceAccountName: ml-pipeline-ui diff --git a/tests/stacks/ibm/application/pipelines-ui/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-tensorboard-ui.yaml b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-tensorboard-ui.yaml new file mode 100644 index 000000000..44ded1bce --- /dev/null +++ b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-tensorboard-ui.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ml-pipeline-tensorboard-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /data + rewrite: + uri: /data + route: + - destination: + host: ml-pipeline-tensorboard-ui.kubeflow.svc.cluster.local + port: + number: 80 + timeout: 300s diff --git a/tests/stacks/ibm/application/pipelines-ui/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml new file mode 100644 index 000000000..542999df1 --- /dev/null +++ b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /pipeline + rewrite: + uri: /pipeline + route: + - destination: + host: ml-pipeline-ui.kubeflow.svc.cluster.local + port: + number: 80 + timeout: 300s diff --git a/tests/stacks/ibm/application/pipelines-ui/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_ml-pipeline-ui.yaml b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_ml-pipeline-ui.yaml new file mode 100644 index 000000000..861465a25 --- /dev/null +++ b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_ml-pipeline-ui.yaml @@ -0,0 +1,29 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ml-pipeline-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - create + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete diff --git a/tests/stacks/ibm/application/pipelines-ui/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_ml-pipeline-ui.yaml b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_ml-pipeline-ui.yaml new file mode 100644 index 000000000..b09ce2c4c --- /dev/null +++ b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_ml-pipeline-ui.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ml-pipeline-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/ibm/application/pipelines-ui/test_data/expected/~g_v1_configmap_ui-parameters-hb792fcf5d.yaml b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/~g_v1_configmap_ui-parameters-hb792fcf5d.yaml new file mode 100644 index 000000000..d4a8c570b --- /dev/null +++ b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/~g_v1_configmap_ui-parameters-hb792fcf5d.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + uiClusterDomain: cluster.local +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ui-parameters-hb792fcf5d + namespace: kubeflow diff --git a/tests/stacks/ibm/application/pipelines-ui/test_data/expected/~g_v1_service_ml-pipeline-tensorboard-ui.yaml b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/~g_v1_service_ml-pipeline-tensorboard-ui.yaml new file mode 100644 index 000000000..01adf7506 --- /dev/null +++ b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/~g_v1_service_ml-pipeline-tensorboard-ui.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-tensorboard-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ml-pipeline-tensorboard-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: ml-pipeline-tensorboard-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui diff --git a/tests/stacks/ibm/application/pipelines-ui/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml new file mode 100644 index 000000000..92069c23d --- /dev/null +++ b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: ml-pipeline-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui diff --git a/tests/stacks/ibm/application/pipelines-ui/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml new file mode 100644 index 000000000..93f0f29ba --- /dev/null +++ b/tests/stacks/ibm/application/pipelines-ui/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/ibm/application/profiles/base/kustomize_test.go b/tests/stacks/ibm/application/profiles/base/kustomize_test.go new file mode 100644 index 000000000..1352ae503 --- /dev/null +++ b/tests/stacks/ibm/application/profiles/base/kustomize_test.go @@ -0,0 +1,15 @@ +package base + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../../stacks/ibm/application/profiles/base", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/profiles/base/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml b/tests/stacks/ibm/application/profiles/base/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml new file mode 100644 index 000000000..c299e9115 --- /dev/null +++ b/tests/stacks/ibm/application/profiles/base/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml @@ -0,0 +1,158 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + kustomize.component: profiles + name: profiles.kubeflow.org +spec: + conversion: + strategy: None + group: kubeflow.org + names: + kind: Profile + plural: profiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProfileSpec defines the desired state of Profile + properties: + owner: + description: The profile owner + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. + Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" + for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by + this API group are "User", "Group", and "ServiceAccount". If the + Authorizer does not recognized the kind value, the Authorizer + should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + required: + - kind + - name + type: object + plugins: + items: + description: Plugin is for customize actions on different platform. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + spec: + type: object + type: object + type: array + resourceQuotaSpec: + description: Resourcequota that will be applied to target namespace + properties: + hard: + additionalProperties: + type: string + description: 'hard is the set of desired hard limits for each named + resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + scopeSelector: + description: scopeSelector is also a collection of filters like + scopes that must match each object tracked by a quota but expressed + using ScopeSelectorOperator in combination with possible values. + For a resource to match, both scopes AND scopeSelector (if specified + in spec), must be matched. + properties: + matchExpressions: + description: A list of scope selector requirements by scope + of the resources. + items: + description: A scoped-resource selector requirement is a selector + that contains values, a scope name, and an operator that + relates the scope name and values. + properties: + operator: + description: Represents a scope's relationship to a set + of values. Valid operators are In, NotIn, Exists, DoesNotExist. + type: string + scopeName: + description: The name of the scope that the selector applies + to. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - operator + - scopeName + type: object + type: array + type: object + scopes: + description: A collection of filters that must match each object + tracked by a quota. If not specified, the quota matches all objects. + items: + description: A ResourceQuotaScope defines a filter that must match + each object tracked by a quota + type: string + type: array + type: object + type: object + status: + description: ProfileStatus defines the observed state of Profile + properties: + conditions: + items: + properties: + message: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true + - name: v1beta1 + served: true + storage: false diff --git a/tests/stacks/ibm/application/profiles/base/test_data/expected/apps_v1_deployment_profiles-deployment.yaml b/tests/stacks/ibm/application/profiles/base/test_data/expected/apps_v1_deployment_profiles-deployment.yaml new file mode 100644 index 000000000..c6b0fa70b --- /dev/null +++ b/tests/stacks/ibm/application/profiles/base/test_data/expected/apps_v1_deployment_profiles-deployment.yaml @@ -0,0 +1,94 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + kustomize.component: profiles + name: profiles-deployment +spec: + replicas: 1 + selector: + matchLabels: + kustomize.component: profiles + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + kustomize.component: profiles + spec: + containers: + - args: [] + command: + - /manager + - -userid-header + - $(USERID_HEADER) + - -userid-prefix + - $(USERID_PREFIX) + - -workload-identity + - $(WORKLOAD_IDENTITY) + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config + - name: WORKLOAD_IDENTITY + valueFrom: + configMapKeyRef: + key: gcp-sa + name: profiles-profiles-config-4mgcmtgk6t + image: gcr.io/kubeflow-images-public/profile-controller:vmaster-g34aa47c2 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + name: manager + ports: + - containerPort: 8080 + name: manager-http + protocol: TCP + - args: [] + command: + - /access-management + - -cluster-admin + - $(CLUSTER_ADMIN) + - -userid-prefix + - $(USERID_PREFIX) + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config + - name: CLUSTER_ADMIN + valueFrom: + configMapKeyRef: + key: admin + name: profiles-profiles-config-4mgcmtgk6t + image: gcr.io/kubeflow-images-public/kfam:vmaster-gf3e09203 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8081 + initialDelaySeconds: 30 + periodSeconds: 30 + name: kfam + ports: + - containerPort: 8081 + name: kfam-http + protocol: TCP + serviceAccountName: profiles-controller-service-account diff --git a/tests/stacks/ibm/application/profiles/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml b/tests/stacks/ibm/application/profiles/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml new file mode 100644 index 000000000..2c1655364 --- /dev/null +++ b/tests/stacks/ibm/application/profiles/base/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + kustomize.component: profiles + name: profiles-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: profiles-controller-service-account diff --git a/tests/stacks/ibm/application/profiles/base/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml b/tests/stacks/ibm/application/profiles/base/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml new file mode 100644 index 000000000..c5ce8d570 --- /dev/null +++ b/tests/stacks/ibm/application/profiles/base/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + admin: "" + gcp-sa: "" +kind: ConfigMap +metadata: + labels: + kustomize.component: profiles + name: profiles-profiles-config-4mgcmtgk6t diff --git a/tests/stacks/ibm/application/profiles/base/test_data/expected/~g_v1_service_profiles-kfam.yaml b/tests/stacks/ibm/application/profiles/base/test_data/expected/~g_v1_service_profiles-kfam.yaml new file mode 100644 index 000000000..8ba4c1e03 --- /dev/null +++ b/tests/stacks/ibm/application/profiles/base/test_data/expected/~g_v1_service_profiles-kfam.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + kustomize.component: profiles + name: profiles-kfam +spec: + ports: + - port: 8081 + selector: + kustomize.component: profiles diff --git a/tests/stacks/ibm/application/profiles/base/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml b/tests/stacks/ibm/application/profiles/base/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml new file mode 100644 index 000000000..931e09da9 --- /dev/null +++ b/tests/stacks/ibm/application/profiles/base/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + kustomize.component: profiles + name: profiles-controller-service-account diff --git a/tests/stacks/ibm/application/profiles/kustomize_test.go b/tests/stacks/ibm/application/profiles/kustomize_test.go new file mode 100644 index 000000000..d1b349e78 --- /dev/null +++ b/tests/stacks/ibm/application/profiles/kustomize_test.go @@ -0,0 +1,15 @@ +package profiles + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/ibm/application/profiles", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/profiles/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml b/tests/stacks/ibm/application/profiles/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml new file mode 100644 index 000000000..5c7023cb1 --- /dev/null +++ b/tests/stacks/ibm/application/profiles/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml @@ -0,0 +1,160 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles + name: profiles.kubeflow.org +spec: + conversion: + strategy: None + group: kubeflow.org + names: + kind: Profile + plural: profiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProfileSpec defines the desired state of Profile + properties: + owner: + description: The profile owner + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. + Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" + for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by + this API group are "User", "Group", and "ServiceAccount". If the + Authorizer does not recognized the kind value, the Authorizer + should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + required: + - kind + - name + type: object + plugins: + items: + description: Plugin is for customize actions on different platform. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + spec: + type: object + type: object + type: array + resourceQuotaSpec: + description: Resourcequota that will be applied to target namespace + properties: + hard: + additionalProperties: + type: string + description: 'hard is the set of desired hard limits for each named + resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + scopeSelector: + description: scopeSelector is also a collection of filters like + scopes that must match each object tracked by a quota but expressed + using ScopeSelectorOperator in combination with possible values. + For a resource to match, both scopes AND scopeSelector (if specified + in spec), must be matched. + properties: + matchExpressions: + description: A list of scope selector requirements by scope + of the resources. + items: + description: A scoped-resource selector requirement is a selector + that contains values, a scope name, and an operator that + relates the scope name and values. + properties: + operator: + description: Represents a scope's relationship to a set + of values. Valid operators are In, NotIn, Exists, DoesNotExist. + type: string + scopeName: + description: The name of the scope that the selector applies + to. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - operator + - scopeName + type: object + type: array + type: object + scopes: + description: A collection of filters that must match each object + tracked by a quota. If not specified, the quota matches all objects. + items: + description: A ResourceQuotaScope defines a filter that must match + each object tracked by a quota + type: string + type: array + type: object + type: object + status: + description: ProfileStatus defines the observed state of Profile + properties: + conditions: + items: + properties: + message: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true + - name: v1beta1 + served: true + storage: false diff --git a/tests/stacks/ibm/application/profiles/test_data/expected/app.k8s.io_v1beta1_application_profiles.yaml b/tests/stacks/ibm/application/profiles/test_data/expected/app.k8s.io_v1beta1_application_profiles.yaml new file mode 100644 index 000000000..e0b680573 --- /dev/null +++ b/tests/stacks/ibm/application/profiles/test_data/expected/app.k8s.io_v1beta1_application_profiles.yaml @@ -0,0 +1,44 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + name: profiles +spec: + addOwnerRef: true + componentKinds: + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: kubeflow.org + kind: Profile + descriptor: + description: "" + keywords: + - profiles + - kubeflow + links: + - description: profiles + url: https://github.com/kubeflow/kubeflow/tree/master/components/profile-controller + - description: kfam + url: https://github.com/kubeflow/kubeflow/tree/master/components/access-management + maintainers: + - email: kunming@google.com + name: Kunming Qu + owners: + - email: kunming@google.com + name: Kunming Qu + type: profiles + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: profiles + app.kubernetes.io/instance: profiles-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: profiles + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/ibm/application/profiles/test_data/expected/apps_v1_deployment_profiles-deployment.yaml b/tests/stacks/ibm/application/profiles/test_data/expected/apps_v1_deployment_profiles-deployment.yaml new file mode 100644 index 000000000..14f8922c7 --- /dev/null +++ b/tests/stacks/ibm/application/profiles/test_data/expected/apps_v1_deployment_profiles-deployment.yaml @@ -0,0 +1,100 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles + name: profiles-deployment +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles + spec: + containers: + - args: [] + command: + - /manager + - -userid-header + - $(USERID_HEADER) + - -userid-prefix + - $(USERID_PREFIX) + - -workload-identity + - $(WORKLOAD_IDENTITY) + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config + - name: WORKLOAD_IDENTITY + valueFrom: + configMapKeyRef: + key: gcp-sa + name: profiles-profiles-config-4mgcmtgk6t + image: gcr.io/kubeflow-images-public/profile-controller:vmaster-g34aa47c2 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + name: manager + ports: + - containerPort: 8080 + name: manager-http + protocol: TCP + - args: [] + command: + - /access-management + - -cluster-admin + - $(CLUSTER_ADMIN) + - -userid-prefix + - $(USERID_PREFIX) + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config + - name: CLUSTER_ADMIN + valueFrom: + configMapKeyRef: + key: admin + name: profiles-profiles-config-4mgcmtgk6t + image: gcr.io/kubeflow-images-public/kfam:vmaster-gf3e09203 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8081 + initialDelaySeconds: 30 + periodSeconds: 30 + name: kfam + ports: + - containerPort: 8081 + name: kfam-http + protocol: TCP + serviceAccountName: profiles-controller-service-account diff --git a/tests/stacks/ibm/application/profiles/test_data/expected/networking.istio.io_v1alpha3_virtualservice_kfam.yaml b/tests/stacks/ibm/application/profiles/test_data/expected/networking.istio.io_v1alpha3_virtualservice_kfam.yaml new file mode 100644 index 000000000..69dd58ef2 --- /dev/null +++ b/tests/stacks/ibm/application/profiles/test_data/expected/networking.istio.io_v1alpha3_virtualservice_kfam.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + name: kfam +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - headers: + request: + add: + x-forwarded-prefix: /kfam + match: + - uri: + prefix: /kfam/ + rewrite: + uri: /kfam/ + route: + - destination: + host: profiles-kfam.$(namespace).svc.cluster.local + port: + number: 8081 diff --git a/tests/stacks/ibm/application/profiles/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml b/tests/stacks/ibm/application/profiles/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml new file mode 100644 index 000000000..6d35b6c9c --- /dev/null +++ b/tests/stacks/ibm/application/profiles/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles + name: profiles-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: profiles-controller-service-account diff --git a/tests/stacks/ibm/application/profiles/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml b/tests/stacks/ibm/application/profiles/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml new file mode 100644 index 000000000..36882cc61 --- /dev/null +++ b/tests/stacks/ibm/application/profiles/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + admin: "" + gcp-sa: "" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles + name: profiles-profiles-config-4mgcmtgk6t diff --git a/tests/stacks/ibm/application/profiles/test_data/expected/~g_v1_service_profiles-kfam.yaml b/tests/stacks/ibm/application/profiles/test_data/expected/~g_v1_service_profiles-kfam.yaml new file mode 100644 index 000000000..62f471588 --- /dev/null +++ b/tests/stacks/ibm/application/profiles/test_data/expected/~g_v1_service_profiles-kfam.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles + name: profiles-kfam +spec: + ports: + - port: 8081 + selector: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles diff --git a/tests/stacks/ibm/application/profiles/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml b/tests/stacks/ibm/application/profiles/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml new file mode 100644 index 000000000..28247f5e1 --- /dev/null +++ b/tests/stacks/ibm/application/profiles/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles + name: profiles-controller-service-account diff --git a/tests/stacks/ibm/application/spark-operator/kustomize_test.go b/tests/stacks/ibm/application/spark-operator/kustomize_test.go new file mode 100644 index 000000000..7d14618bf --- /dev/null +++ b/tests/stacks/ibm/application/spark-operator/kustomize_test.go @@ -0,0 +1,15 @@ +package spark_operator + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/ibm/application/spark-operator", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/spark-operator/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledsparkapplications.sparkoperator.k8s.io.yaml b/tests/stacks/ibm/application/spark-operator/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledsparkapplications.sparkoperator.k8s.io.yaml new file mode 100644 index 000000000..ddd151fa4 --- /dev/null +++ b/tests/stacks/ibm/application/spark-operator/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledsparkapplications.sparkoperator.k8s.io.yaml @@ -0,0 +1,2550 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: scheduledsparkapplications.sparkoperator.k8s.io +spec: + group: sparkoperator.k8s.io + names: + kind: ScheduledSparkApplication + listKind: ScheduledSparkApplicationList + plural: scheduledsparkapplications + shortNames: + - scheduledsparkapp + singular: scheduledsparkapplication + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + concurrencyPolicy: + type: string + failedRunHistoryLimit: + format: int32 + type: integer + schedule: + type: string + successfulRunHistoryLimit: + format: int32 + type: integer + suspend: + type: boolean + template: + properties: + arguments: + items: + type: string + type: array + batchScheduler: + type: string + batchSchedulerOptions: + properties: + priorityClassName: + type: string + queue: + type: string + type: object + deps: + properties: + downloadTimeout: + format: int32 + minimum: 1 + type: integer + files: + items: + type: string + type: array + filesDownloadDir: + type: string + jars: + items: + type: string + type: array + jarsDownloadDir: + type: string + maxSimultaneousDownloads: + format: int32 + minimum: 1 + type: integer + pyFiles: + items: + type: string + type: array + type: object + driver: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + configMaps: + items: + properties: + name: + type: string + path: + type: string + required: + - name + - path + type: object + type: array + coreLimit: + type: string + cores: + format: int32 + minimum: 1 + type: integer + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + envSecretKeyRefs: + additionalProperties: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + type: object + envVars: + additionalProperties: + type: string + type: object + gpu: + properties: + name: + type: string + quantity: + format: int64 + type: integer + required: + - name + - quantity + type: object + hostNetwork: + type: boolean + image: + type: string + javaOptions: + type: string + labels: + additionalProperties: + type: string + type: object + memory: + type: string + memoryOverhead: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podName: + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' + type: string + schedulerName: + type: string + secrets: + items: + properties: + name: + type: string + path: + type: string + secretType: + type: string + required: + - name + - path + - secretType + type: object + type: array + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + serviceAccount: + type: string + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + executor: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + configMaps: + items: + properties: + name: + type: string + path: + type: string + required: + - name + - path + type: object + type: array + coreLimit: + type: string + coreRequest: + type: string + cores: + format: int32 + minimum: 1 + type: integer + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + envSecretKeyRefs: + additionalProperties: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + type: object + envVars: + additionalProperties: + type: string + type: object + gpu: + properties: + name: + type: string + quantity: + format: int64 + type: integer + required: + - name + - quantity + type: object + hostNetwork: + type: boolean + image: + type: string + instances: + format: int32 + minimum: 1 + type: integer + javaOptions: + type: string + labels: + additionalProperties: + type: string + type: object + memory: + type: string + memoryOverhead: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + schedulerName: + type: string + secrets: + items: + properties: + name: + type: string + path: + type: string + secretType: + type: string + required: + - name + - path + - secretType + type: object + type: array + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + failureRetries: + format: int32 + type: integer + hadoopConf: + additionalProperties: + type: string + type: object + hadoopConfigMap: + type: string + image: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + initContainerImage: + type: string + mainApplicationFile: + type: string + mainClass: + type: string + memoryOverheadFactor: + type: string + mode: + enum: + - cluster + - client + type: string + monitoring: + properties: + exposeDriverMetrics: + type: boolean + exposeExecutorMetrics: + type: boolean + metricsProperties: + type: string + prometheus: + properties: + configFile: + type: string + configuration: + type: string + jmxExporterJar: + type: string + port: + format: int32 + maximum: 49151 + minimum: 1024 + type: integer + required: + - jmxExporterJar + type: object + required: + - exposeDriverMetrics + - exposeExecutorMetrics + type: object + nodeSelector: + additionalProperties: + type: string + type: object + pythonVersion: + enum: + - "2" + - "3" + type: string + restartPolicy: + properties: + onFailureRetries: + format: int32 + minimum: 0 + type: integer + onFailureRetryInterval: + format: int64 + minimum: 1 + type: integer + onSubmissionFailureRetries: + format: int32 + minimum: 0 + type: integer + onSubmissionFailureRetryInterval: + format: int64 + minimum: 1 + type: integer + type: + enum: + - Never + - Always + - OnFailure + type: string + type: object + retryInterval: + format: int64 + type: integer + sparkConf: + additionalProperties: + type: string + type: object + sparkConfigMap: + type: string + sparkVersion: + type: string + timeToLiveSeconds: + format: int64 + type: integer + type: + enum: + - Java + - Python + - Scala + - R + type: string + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - driver + - executor + - mainApplicationFile + - sparkVersion + - type + type: object + required: + - schedule + - template + type: object + required: + - metadata + - spec + type: object + version: v1beta2 + versions: + - name: v1beta2 + served: true + storage: true diff --git a/tests/stacks/ibm/application/spark-operator/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sparkapplications.sparkoperator.k8s.io.yaml b/tests/stacks/ibm/application/spark-operator/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sparkapplications.sparkoperator.k8s.io.yaml new file mode 100644 index 000000000..bf9aacd2f --- /dev/null +++ b/tests/stacks/ibm/application/spark-operator/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_sparkapplications.sparkoperator.k8s.io.yaml @@ -0,0 +1,2532 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: sparkapplications.sparkoperator.k8s.io +spec: + group: sparkoperator.k8s.io + names: + kind: SparkApplication + listKind: SparkApplicationList + plural: sparkapplications + shortNames: + - sparkapp + singular: sparkapplication + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + arguments: + items: + type: string + type: array + batchScheduler: + type: string + batchSchedulerOptions: + properties: + priorityClassName: + type: string + queue: + type: string + type: object + deps: + properties: + downloadTimeout: + format: int32 + minimum: 1 + type: integer + files: + items: + type: string + type: array + filesDownloadDir: + type: string + jars: + items: + type: string + type: array + jarsDownloadDir: + type: string + maxSimultaneousDownloads: + format: int32 + minimum: 1 + type: integer + pyFiles: + items: + type: string + type: array + type: object + driver: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + configMaps: + items: + properties: + name: + type: string + path: + type: string + required: + - name + - path + type: object + type: array + coreLimit: + type: string + cores: + format: int32 + minimum: 1 + type: integer + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + envSecretKeyRefs: + additionalProperties: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + type: object + envVars: + additionalProperties: + type: string + type: object + gpu: + properties: + name: + type: string + quantity: + format: int64 + type: integer + required: + - name + - quantity + type: object + hostNetwork: + type: boolean + image: + type: string + javaOptions: + type: string + labels: + additionalProperties: + type: string + type: object + memory: + type: string + memoryOverhead: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podName: + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' + type: string + schedulerName: + type: string + secrets: + items: + properties: + name: + type: string + path: + type: string + secretType: + type: string + required: + - name + - path + - secretType + type: object + type: array + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + serviceAccount: + type: string + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + executor: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + configMaps: + items: + properties: + name: + type: string + path: + type: string + required: + - name + - path + type: object + type: array + coreLimit: + type: string + coreRequest: + type: string + cores: + format: int32 + minimum: 1 + type: integer + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + envSecretKeyRefs: + additionalProperties: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + type: object + envVars: + additionalProperties: + type: string + type: object + gpu: + properties: + name: + type: string + quantity: + format: int64 + type: integer + required: + - name + - quantity + type: object + hostNetwork: + type: boolean + image: + type: string + instances: + format: int32 + minimum: 1 + type: integer + javaOptions: + type: string + labels: + additionalProperties: + type: string + type: object + memory: + type: string + memoryOverhead: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + schedulerName: + type: string + secrets: + items: + properties: + name: + type: string + path: + type: string + secretType: + type: string + required: + - name + - path + - secretType + type: object + type: array + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + failureRetries: + format: int32 + type: integer + hadoopConf: + additionalProperties: + type: string + type: object + hadoopConfigMap: + type: string + image: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + initContainerImage: + type: string + mainApplicationFile: + type: string + mainClass: + type: string + memoryOverheadFactor: + type: string + mode: + enum: + - cluster + - client + type: string + monitoring: + properties: + exposeDriverMetrics: + type: boolean + exposeExecutorMetrics: + type: boolean + metricsProperties: + type: string + prometheus: + properties: + configFile: + type: string + configuration: + type: string + jmxExporterJar: + type: string + port: + format: int32 + maximum: 49151 + minimum: 1024 + type: integer + required: + - jmxExporterJar + type: object + required: + - exposeDriverMetrics + - exposeExecutorMetrics + type: object + nodeSelector: + additionalProperties: + type: string + type: object + pythonVersion: + enum: + - "2" + - "3" + type: string + restartPolicy: + properties: + onFailureRetries: + format: int32 + minimum: 0 + type: integer + onFailureRetryInterval: + format: int64 + minimum: 1 + type: integer + onSubmissionFailureRetries: + format: int32 + minimum: 0 + type: integer + onSubmissionFailureRetryInterval: + format: int64 + minimum: 1 + type: integer + type: + enum: + - Never + - Always + - OnFailure + type: string + type: object + retryInterval: + format: int64 + type: integer + sparkConf: + additionalProperties: + type: string + type: object + sparkConfigMap: + type: string + sparkVersion: + type: string + timeToLiveSeconds: + format: int64 + type: integer + type: + enum: + - Java + - Python + - Scala + - R + type: string + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - driver + - executor + - mainApplicationFile + - sparkVersion + - type + type: object + required: + - metadata + - spec + type: object + version: v1beta2 + versions: + - name: v1beta2 + served: true + storage: true diff --git a/tests/stacks/ibm/application/spark-operator/test_data/expected/app.k8s.io_v1beta1_application_spark-operator.yaml b/tests/stacks/ibm/application/spark-operator/test_data/expected/app.k8s.io_v1beta1_application_spark-operator.yaml new file mode 100644 index 000000000..47bbe36a1 --- /dev/null +++ b/tests/stacks/ibm/application/spark-operator/test_data/expected/app.k8s.io_v1beta1_application_spark-operator.yaml @@ -0,0 +1,42 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + name: spark-operator + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ConfigMap + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: SparkOperator + descriptor: + description: Spark-operator allows users to create and manage the "SparkApplication" + custom resource. + keywords: + - spark + maintainers: + - email: holden@pigscanfly.ca + name: Holden Karau + owners: + - email: holden@pigscanfly.ca + name: Holden Karau + type: spark-operator + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: sppark-operator + app.kubernetes.io/instance: spark-operator-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: sparkoperator + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/ibm/application/spark-operator/test_data/expected/apps_v1_deployment_spark-operatorsparkoperator.yaml b/tests/stacks/ibm/application/spark-operator/test_data/expected/apps_v1_deployment_spark-operatorsparkoperator.yaml new file mode 100644 index 000000000..8f9cf5203 --- /dev/null +++ b/tests/stacks/ibm/application/spark-operator/test_data/expected/apps_v1_deployment_spark-operatorsparkoperator.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatorsparkoperator + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + app.kubernetes.io/version: v1beta2-1.1.0-2.4.5 + kustomize.component: spark-operator + strategy: + type: Recreate + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "10254" + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + app.kubernetes.io/version: v1beta2-1.1.0-2.4.5 + kustomize.component: spark-operator + spec: + containers: + - args: + - -v=2 + - -namespace= + - -ingress-url-format= + - -controller-threads=10 + - -resync-interval=30 + - -logtostderr + - -enable-metrics=true + - -metrics-labels=app_type + - -metrics-port=10254 + - -metrics-endpoint=/metrics + - -metrics-prefix= + image: gcr.io/spark-operator/spark-operator:v1beta2-1.1.0-2.4.5 + imagePullPolicy: IfNotPresent + name: sparkoperator + ports: + - containerPort: 10254 + serviceAccountName: spark-operatoroperator-sa diff --git a/tests/stacks/ibm/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_spark-operatoroperator-cr.yaml b/tests/stacks/ibm/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_spark-operatoroperator-cr.yaml new file mode 100644 index 000000000..8f7eabad5 --- /dev/null +++ b/tests/stacks/ibm/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_spark-operatoroperator-cr.yaml @@ -0,0 +1,76 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatoroperator-cr +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - '*' +- apiGroups: + - "" + resources: + - services + - configmaps + - secrets + verbs: + - create + - get + - delete + - update +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - get + - delete +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - create + - update + - patch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get + - update + - delete +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - get + - update + - delete +- apiGroups: + - sparkoperator.k8s.io + resources: + - sparkapplications + - scheduledsparkapplications + - sparkapplications/status + - scheduledsparkapplications/status + verbs: + - '*' diff --git a/tests/stacks/ibm/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_spark-operatorsparkoperator-crb.yaml b/tests/stacks/ibm/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_spark-operatorsparkoperator-crb.yaml new file mode 100644 index 000000000..7b3d77da2 --- /dev/null +++ b/tests/stacks/ibm/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_spark-operatorsparkoperator-crb.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatorsparkoperator-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: spark-operatoroperator-cr +subjects: +- kind: ServiceAccount + name: spark-operatoroperator-sa + namespace: kubeflow diff --git a/tests/stacks/ibm/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_role_spark-operatorspark-role.yaml b/tests/stacks/ibm/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_role_spark-operatorspark-role.yaml new file mode 100644 index 000000000..e4a3af18c --- /dev/null +++ b/tests/stacks/ibm/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_role_spark-operatorspark-role.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatorspark-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/ibm/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_spark-operatorspark-role-binding.yaml b/tests/stacks/ibm/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_spark-operatorspark-role-binding.yaml new file mode 100644 index 000000000..ed9bb0d46 --- /dev/null +++ b/tests/stacks/ibm/application/spark-operator/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_spark-operatorspark-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatorspark-role-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: spark-operatorspark-role +subjects: +- kind: ServiceAccount + name: spark-operatorspark + namespace: kubeflow diff --git a/tests/stacks/ibm/application/spark-operator/test_data/expected/~g_v1_serviceaccount_spark-operatoroperator-sa.yaml b/tests/stacks/ibm/application/spark-operator/test_data/expected/~g_v1_serviceaccount_spark-operatoroperator-sa.yaml new file mode 100644 index 000000000..b089a63b4 --- /dev/null +++ b/tests/stacks/ibm/application/spark-operator/test_data/expected/~g_v1_serviceaccount_spark-operatoroperator-sa.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatoroperator-sa + namespace: kubeflow diff --git a/tests/stacks/ibm/application/spark-operator/test_data/expected/~g_v1_serviceaccount_spark-operatorspark.yaml b/tests/stacks/ibm/application/spark-operator/test_data/expected/~g_v1_serviceaccount_spark-operatorspark.yaml new file mode 100644 index 000000000..eb8308400 --- /dev/null +++ b/tests/stacks/ibm/application/spark-operator/test_data/expected/~g_v1_serviceaccount_spark-operatorspark.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: spark-operator + app.kubernetes.io/name: sparkoperator + kustomize.component: spark-operator + name: spark-operatorspark + namespace: kubeflow diff --git a/tests/stacks/ibm/application/spartakus/kustomize_test.go b/tests/stacks/ibm/application/spartakus/kustomize_test.go new file mode 100644 index 000000000..ff8fdb8f2 --- /dev/null +++ b/tests/stacks/ibm/application/spartakus/kustomize_test.go @@ -0,0 +1,15 @@ +package spartakus + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/ibm/application/spartakus", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/spartakus/test_data/expected/app.k8s.io_v1beta1_application_spartakus.yaml b/tests/stacks/ibm/application/spartakus/test_data/expected/app.k8s.io_v1beta1_application_spartakus.yaml new file mode 100644 index 000000000..531fe0dac --- /dev/null +++ b/tests/stacks/ibm/application/spartakus/test_data/expected/app.k8s.io_v1beta1_application_spartakus.yaml @@ -0,0 +1,37 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + name: spartakus + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + descriptor: + description: "" + keywords: + - spartakus + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: spartakus + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: spartakus + app.kubernetes.io/instance: spartakus-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: spartakus + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/ibm/application/spartakus/test_data/expected/apps_v1_deployment_spartakus-volunteer.yaml b/tests/stacks/ibm/application/spartakus/test_data/expected/apps_v1_deployment_spartakus-volunteer.yaml new file mode 100644 index 000000000..6a4c55826 --- /dev/null +++ b/tests/stacks/ibm/application/spartakus/test_data/expected/apps_v1_deployment_spartakus-volunteer.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: spartakus + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + name: spartakus-volunteer + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: spartakus-volunteer + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + spec: + containers: + - args: + - volunteer + - --cluster-id=$(USAGE_ID) + - --database=https://stats-collector.kubeflow.org + env: + - name: USAGE_ID + valueFrom: + configMapKeyRef: + key: usageId + name: spartakus-config + image: gcr.io/google_containers/spartakus-amd64:v1.1.0 + name: volunteer + serviceAccountName: spartakus diff --git a/tests/stacks/ibm/application/spartakus/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_spartakus.yaml b/tests/stacks/ibm/application/spartakus/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_spartakus.yaml new file mode 100644 index 000000000..f2e0bb974 --- /dev/null +++ b/tests/stacks/ibm/application/spartakus/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_spartakus.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: spartakus + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + name: spartakus +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list diff --git a/tests/stacks/ibm/application/spartakus/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_spartakus.yaml b/tests/stacks/ibm/application/spartakus/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_spartakus.yaml new file mode 100644 index 000000000..9cad7bb14 --- /dev/null +++ b/tests/stacks/ibm/application/spartakus/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_spartakus.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: spartakus + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + name: spartakus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: spartakus +subjects: +- kind: ServiceAccount + name: spartakus + namespace: kubeflow diff --git a/tests/stacks/ibm/application/spartakus/test_data/expected/~g_v1_configmap_spartakus-config.yaml b/tests/stacks/ibm/application/spartakus/test_data/expected/~g_v1_configmap_spartakus-config.yaml new file mode 100644 index 000000000..8572b4390 --- /dev/null +++ b/tests/stacks/ibm/application/spartakus/test_data/expected/~g_v1_configmap_spartakus-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + usageId: +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + name: spartakus-config + namespace: kubeflow diff --git a/tests/stacks/ibm/application/spartakus/test_data/expected/~g_v1_serviceaccount_spartakus.yaml b/tests/stacks/ibm/application/spartakus/test_data/expected/~g_v1_serviceaccount_spartakus.yaml new file mode 100644 index 000000000..be719e775 --- /dev/null +++ b/tests/stacks/ibm/application/spartakus/test_data/expected/~g_v1_serviceaccount_spartakus.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: spartakus + app.kubernetes.io/component: spartakus + app.kubernetes.io/name: spartakus + kustomize.component: spartakus + name: spartakus + namespace: kubeflow diff --git a/tests/stacks/ibm/application/tensorboard/kustomize_test.go b/tests/stacks/ibm/application/tensorboard/kustomize_test.go new file mode 100644 index 000000000..2722e5798 --- /dev/null +++ b/tests/stacks/ibm/application/tensorboard/kustomize_test.go @@ -0,0 +1,15 @@ +package tensorboard + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../../stacks/ibm/application/tensorboard", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/application/tensorboard/test_data/expected/apps_v1_deployment_tensorboard.yaml b/tests/stacks/ibm/application/tensorboard/test_data/expected/apps_v1_deployment_tensorboard.yaml new file mode 100644 index 000000000..a6ad25166 --- /dev/null +++ b/tests/stacks/ibm/application/tensorboard/test_data/expected/apps_v1_deployment_tensorboard.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: tensorboard + kustomize.component: tensorboard + name: tensorboard + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + kustomize.component: tensorboard + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: tensorboard + kustomize.component: tensorboard + spec: + containers: + - args: + - --logdir=logs + - --port=6006 + command: + - /usr/local/bin/tensorboard + image: tensorflow/tensorflow:1.8.0 + imagePullPolicy: IfNotPresent + name: tensorboard + ports: + - containerPort: 6006 + resources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: "1" + memory: 1Gi diff --git a/tests/stacks/ibm/application/tensorboard/test_data/expected/networking.istio.io_v1alpha3_virtualservice_tensorboard.yaml b/tests/stacks/ibm/application/tensorboard/test_data/expected/networking.istio.io_v1alpha3_virtualservice_tensorboard.yaml new file mode 100644 index 000000000..80ccfcf02 --- /dev/null +++ b/tests/stacks/ibm/application/tensorboard/test_data/expected/networking.istio.io_v1alpha3_virtualservice_tensorboard.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: tensorboard + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /tensorboard/tensorboard/ + rewrite: + uri: / + route: + - destination: + host: tensorboard.kubeflow.svc.cluster.local + port: + number: 9000 diff --git a/tests/stacks/ibm/application/tensorboard/test_data/expected/~g_v1_configmap_parameters-dgd4h256h5.yaml b/tests/stacks/ibm/application/tensorboard/test_data/expected/~g_v1_configmap_parameters-dgd4h256h5.yaml new file mode 100644 index 000000000..dd33d34fc --- /dev/null +++ b/tests/stacks/ibm/application/tensorboard/test_data/expected/~g_v1_configmap_parameters-dgd4h256h5.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + clusterDomain: cluster.local + namespace: kubeflow +kind: ConfigMap +metadata: + annotations: {} + labels: + kustomize.component: tensorboard + name: parameters-dgd4h256h5 + namespace: kubeflow diff --git a/tests/stacks/ibm/application/tensorboard/test_data/expected/~g_v1_service_tensorboard.yaml b/tests/stacks/ibm/application/tensorboard/test_data/expected/~g_v1_service_tensorboard.yaml new file mode 100644 index 000000000..39720d9df --- /dev/null +++ b/tests/stacks/ibm/application/tensorboard/test_data/expected/~g_v1_service_tensorboard.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + getambassador.io/config: |- + --- + apiVersion: ambassador/v0 + kind: Mapping + name: tb-mapping-tensorboard-get + prefix: /tensorboard/ tensorboard/ + rewrite: / + method: GET + service: tensorboard.kubeflow:9000 + labels: + app: tensorboard + kustomize.component: tensorboard + name: tensorboard + namespace: kubeflow +spec: + ports: + - name: tb + port: 9000 + targetPort: 6006 + selector: + app: tensorboard + kustomize.component: tensorboard + type: ClusterIP diff --git a/tests/stacks/ibm/kustomize_test.go b/tests/stacks/ibm/kustomize_test.go new file mode 100644 index 000000000..c6e3743c5 --- /dev/null +++ b/tests/stacks/ibm/kustomize_test.go @@ -0,0 +1,15 @@ +package ibm + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../stacks/ibm", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} diff --git a/tests/stacks/ibm/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml b/tests/stacks/ibm/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml new file mode 100644 index 000000000..979166425 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml @@ -0,0 +1,28 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/admission-webhook-cert + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-mutating-webhook-configuration +webhooks: +- clientConfig: + caBundle: "" + service: + name: admission-webhook-service + namespace: kubeflow + path: /apply-poddefault + name: admission-webhook-deployment.kubeflow.org + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods diff --git a/tests/stacks/ibm/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_seldon-mutating-webhook-configuration-kubeflow.yaml b/tests/stacks/ibm/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_seldon-mutating-webhook-configuration-kubeflow.yaml new file mode 100644 index 000000000..27ca459f1 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_seldon-mutating-webhook-configuration-kubeflow.yaml @@ -0,0 +1,86 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/seldon-serving-cert + creationTimestamp: null + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + name: seldon-mutating-webhook-configuration-kubeflow +webhooks: +- clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCRENDQWV5Z0F3SUJBZ0lRUzQ4aWc4UDJxYytTZ2o1dXBXcllDekFOQmdrcWhraUc5dzBCQVFzRkFEQWMKTVJvd0dBWURWUVFERXhGamRYTjBiMjB0YldWMGNtbGpjeTFqWVRBZUZ3MHlNREEwTVRjd09UQTROREZhRncweQpNVEEwTVRjd09UQTROREZhTUJ3eEdqQVlCZ05WQkFNVEVXTjFjM1J2YlMxdFpYUnlhV056TFdOaE1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXV4L0wzb2F6N1JkVGhWc3dKV1JJZVhjV1RLYS8KbDZaK0kxZVIxUEZKd0gwZko5aisrWjdTMWxsMGRxT3ZiZUxmejJ4cHpaNGZZdy9zZFhkYSswd2xxTHVxdmJJbgpUL0hJRTA0aFFBYW1zcXBFRzFlR3RrSkpuTXMxTTRiSUVPT0tjZHkyNlNYN3JmV2cxaHZBdmJ3ekExY0hMQklsCk1kZmxSUDFyVmNZWFNRNmNhWDNWK1d0YnhZbWcvT3RsRHR5bGxISGlGQld0d2ZyaTlNVjJZbitQQ2lZZllUTzUKOEp2VXFxcHYrS3R2UmxrVUxPZzVLeUJzZlk3SGdaK1B6ZzJHZ2NZc2ZDeHdQMFFrRVpQZEpZeWZxSm9Dd3U0cQpWdVJTRWVGRSt4bnhpcnZRQUhSRTFpTFFjQ2IrQ2lOQWR3aU5hano4cHFiTmhJeXFQZUo3MjRIM0tRSURBUUFCCm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FxUXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUYKQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFETlhYTzBvNzVOUgpQWmRDNks2Y2g5bUlJWlV5dFJ0QnVrK0tLVHFtMk5kOW5lVFFoRUg5dGl0eGZjRmNEMmUyOVdnSjBvTDlaNkFUCnZEbUVrQ3pxbm11K3hHRjdJR2ZGZ0t1ZGFpVU9LZXVMazNVeVVDeXI1VVVHUWRUWDI2cFVrd011RllHSTU5ZU4KY0gxeUI4VDZaQ1dtYWhzZTJHU2hkVVVZNmYyYytDNmJTZ3owZDNnMnVSVk5kc1RjVjV2amczVGd2a3VIUlZNZQp0UXJDeFRJV005VUEwUWo4VUdQKzNCVGNhZlE0LzIzTVczTWxiZTBOVG9McTNiMHZ0ZFhNbmlFb1ZrUmJpaDNsClA4dnhTVXFmQ2JlbFF0ZXBhdWZxRTJXb25WWDRha092dnNKVUtpcmcxbENoZ3k3YXJwMjhydmQxdkMwVDJqdHYKMW9nSlh6Sk5MUlk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + service: + name: seldon-webhook-service + namespace: kubeflow + path: /mutate-machinelearning-seldon-io-v1-seldondeployment + failurePolicy: Fail + name: v1.mseldondeployment.kb.io + namespaceSelector: + matchExpressions: + - key: seldon.io/controller-id + operator: DoesNotExist + matchLabels: + serving.kubeflow.org/inferenceservice: enabled + rules: + - apiGroups: + - machinelearning.seldon.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - seldondeployments +- clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCRENDQWV5Z0F3SUJBZ0lRUzQ4aWc4UDJxYytTZ2o1dXBXcllDekFOQmdrcWhraUc5dzBCQVFzRkFEQWMKTVJvd0dBWURWUVFERXhGamRYTjBiMjB0YldWMGNtbGpjeTFqWVRBZUZ3MHlNREEwTVRjd09UQTROREZhRncweQpNVEEwTVRjd09UQTROREZhTUJ3eEdqQVlCZ05WQkFNVEVXTjFjM1J2YlMxdFpYUnlhV056TFdOaE1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXV4L0wzb2F6N1JkVGhWc3dKV1JJZVhjV1RLYS8KbDZaK0kxZVIxUEZKd0gwZko5aisrWjdTMWxsMGRxT3ZiZUxmejJ4cHpaNGZZdy9zZFhkYSswd2xxTHVxdmJJbgpUL0hJRTA0aFFBYW1zcXBFRzFlR3RrSkpuTXMxTTRiSUVPT0tjZHkyNlNYN3JmV2cxaHZBdmJ3ekExY0hMQklsCk1kZmxSUDFyVmNZWFNRNmNhWDNWK1d0YnhZbWcvT3RsRHR5bGxISGlGQld0d2ZyaTlNVjJZbitQQ2lZZllUTzUKOEp2VXFxcHYrS3R2UmxrVUxPZzVLeUJzZlk3SGdaK1B6ZzJHZ2NZc2ZDeHdQMFFrRVpQZEpZeWZxSm9Dd3U0cQpWdVJTRWVGRSt4bnhpcnZRQUhSRTFpTFFjQ2IrQ2lOQWR3aU5hano4cHFiTmhJeXFQZUo3MjRIM0tRSURBUUFCCm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FxUXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUYKQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFETlhYTzBvNzVOUgpQWmRDNks2Y2g5bUlJWlV5dFJ0QnVrK0tLVHFtMk5kOW5lVFFoRUg5dGl0eGZjRmNEMmUyOVdnSjBvTDlaNkFUCnZEbUVrQ3pxbm11K3hHRjdJR2ZGZ0t1ZGFpVU9LZXVMazNVeVVDeXI1VVVHUWRUWDI2cFVrd011RllHSTU5ZU4KY0gxeUI4VDZaQ1dtYWhzZTJHU2hkVVVZNmYyYytDNmJTZ3owZDNnMnVSVk5kc1RjVjV2amczVGd2a3VIUlZNZQp0UXJDeFRJV005VUEwUWo4VUdQKzNCVGNhZlE0LzIzTVczTWxiZTBOVG9McTNiMHZ0ZFhNbmlFb1ZrUmJpaDNsClA4dnhTVXFmQ2JlbFF0ZXBhdWZxRTJXb25WWDRha092dnNKVUtpcmcxbENoZ3k3YXJwMjhydmQxdkMwVDJqdHYKMW9nSlh6Sk5MUlk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + service: + name: seldon-webhook-service + namespace: kubeflow + path: /mutate-machinelearning-seldon-io-v1alpha2-seldondeployment + failurePolicy: Fail + name: v1alpha2.mseldondeployment.kb.io + namespaceSelector: + matchExpressions: + - key: seldon.io/controller-id + operator: DoesNotExist + matchLabels: + serving.kubeflow.org/inferenceservice: enabled + rules: + - apiGroups: + - machinelearning.seldon.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - seldondeployments +- clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCRENDQWV5Z0F3SUJBZ0lRUzQ4aWc4UDJxYytTZ2o1dXBXcllDekFOQmdrcWhraUc5dzBCQVFzRkFEQWMKTVJvd0dBWURWUVFERXhGamRYTjBiMjB0YldWMGNtbGpjeTFqWVRBZUZ3MHlNREEwTVRjd09UQTROREZhRncweQpNVEEwTVRjd09UQTROREZhTUJ3eEdqQVlCZ05WQkFNVEVXTjFjM1J2YlMxdFpYUnlhV056TFdOaE1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXV4L0wzb2F6N1JkVGhWc3dKV1JJZVhjV1RLYS8KbDZaK0kxZVIxUEZKd0gwZko5aisrWjdTMWxsMGRxT3ZiZUxmejJ4cHpaNGZZdy9zZFhkYSswd2xxTHVxdmJJbgpUL0hJRTA0aFFBYW1zcXBFRzFlR3RrSkpuTXMxTTRiSUVPT0tjZHkyNlNYN3JmV2cxaHZBdmJ3ekExY0hMQklsCk1kZmxSUDFyVmNZWFNRNmNhWDNWK1d0YnhZbWcvT3RsRHR5bGxISGlGQld0d2ZyaTlNVjJZbitQQ2lZZllUTzUKOEp2VXFxcHYrS3R2UmxrVUxPZzVLeUJzZlk3SGdaK1B6ZzJHZ2NZc2ZDeHdQMFFrRVpQZEpZeWZxSm9Dd3U0cQpWdVJTRWVGRSt4bnhpcnZRQUhSRTFpTFFjQ2IrQ2lOQWR3aU5hano4cHFiTmhJeXFQZUo3MjRIM0tRSURBUUFCCm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FxUXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUYKQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFETlhYTzBvNzVOUgpQWmRDNks2Y2g5bUlJWlV5dFJ0QnVrK0tLVHFtMk5kOW5lVFFoRUg5dGl0eGZjRmNEMmUyOVdnSjBvTDlaNkFUCnZEbUVrQ3pxbm11K3hHRjdJR2ZGZ0t1ZGFpVU9LZXVMazNVeVVDeXI1VVVHUWRUWDI2cFVrd011RllHSTU5ZU4KY0gxeUI4VDZaQ1dtYWhzZTJHU2hkVVVZNmYyYytDNmJTZ3owZDNnMnVSVk5kc1RjVjV2amczVGd2a3VIUlZNZQp0UXJDeFRJV005VUEwUWo4VUdQKzNCVGNhZlE0LzIzTVczTWxiZTBOVG9McTNiMHZ0ZFhNbmlFb1ZrUmJpaDNsClA4dnhTVXFmQ2JlbFF0ZXBhdWZxRTJXb25WWDRha092dnNKVUtpcmcxbENoZ3k3YXJwMjhydmQxdkMwVDJqdHYKMW9nSlh6Sk5MUlk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + service: + name: seldon-webhook-service + namespace: kubeflow + path: /mutate-machinelearning-seldon-io-v1alpha3-seldondeployment + failurePolicy: Fail + name: v1alpha3.mseldondeployment.kb.io + namespaceSelector: + matchExpressions: + - key: seldon.io/controller-id + operator: DoesNotExist + matchLabels: + serving.kubeflow.org/inferenceservice: enabled + rules: + - apiGroups: + - machinelearning.seldon.io + apiVersions: + - v1alpha3 + operations: + - CREATE + - UPDATE + resources: + - seldondeployments diff --git a/tests/stacks/ibm/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_seldon-validating-webhook-configuration-kubeflow.yaml b/tests/stacks/ibm/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_seldon-validating-webhook-configuration-kubeflow.yaml new file mode 100644 index 000000000..87f81d933 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_seldon-validating-webhook-configuration-kubeflow.yaml @@ -0,0 +1,86 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/seldon-serving-cert + creationTimestamp: null + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + name: seldon-validating-webhook-configuration-kubeflow +webhooks: +- clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCRENDQWV5Z0F3SUJBZ0lRUzQ4aWc4UDJxYytTZ2o1dXBXcllDekFOQmdrcWhraUc5dzBCQVFzRkFEQWMKTVJvd0dBWURWUVFERXhGamRYTjBiMjB0YldWMGNtbGpjeTFqWVRBZUZ3MHlNREEwTVRjd09UQTROREZhRncweQpNVEEwTVRjd09UQTROREZhTUJ3eEdqQVlCZ05WQkFNVEVXTjFjM1J2YlMxdFpYUnlhV056TFdOaE1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXV4L0wzb2F6N1JkVGhWc3dKV1JJZVhjV1RLYS8KbDZaK0kxZVIxUEZKd0gwZko5aisrWjdTMWxsMGRxT3ZiZUxmejJ4cHpaNGZZdy9zZFhkYSswd2xxTHVxdmJJbgpUL0hJRTA0aFFBYW1zcXBFRzFlR3RrSkpuTXMxTTRiSUVPT0tjZHkyNlNYN3JmV2cxaHZBdmJ3ekExY0hMQklsCk1kZmxSUDFyVmNZWFNRNmNhWDNWK1d0YnhZbWcvT3RsRHR5bGxISGlGQld0d2ZyaTlNVjJZbitQQ2lZZllUTzUKOEp2VXFxcHYrS3R2UmxrVUxPZzVLeUJzZlk3SGdaK1B6ZzJHZ2NZc2ZDeHdQMFFrRVpQZEpZeWZxSm9Dd3U0cQpWdVJTRWVGRSt4bnhpcnZRQUhSRTFpTFFjQ2IrQ2lOQWR3aU5hano4cHFiTmhJeXFQZUo3MjRIM0tRSURBUUFCCm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FxUXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUYKQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFETlhYTzBvNzVOUgpQWmRDNks2Y2g5bUlJWlV5dFJ0QnVrK0tLVHFtMk5kOW5lVFFoRUg5dGl0eGZjRmNEMmUyOVdnSjBvTDlaNkFUCnZEbUVrQ3pxbm11K3hHRjdJR2ZGZ0t1ZGFpVU9LZXVMazNVeVVDeXI1VVVHUWRUWDI2cFVrd011RllHSTU5ZU4KY0gxeUI4VDZaQ1dtYWhzZTJHU2hkVVVZNmYyYytDNmJTZ3owZDNnMnVSVk5kc1RjVjV2amczVGd2a3VIUlZNZQp0UXJDeFRJV005VUEwUWo4VUdQKzNCVGNhZlE0LzIzTVczTWxiZTBOVG9McTNiMHZ0ZFhNbmlFb1ZrUmJpaDNsClA4dnhTVXFmQ2JlbFF0ZXBhdWZxRTJXb25WWDRha092dnNKVUtpcmcxbENoZ3k3YXJwMjhydmQxdkMwVDJqdHYKMW9nSlh6Sk5MUlk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + service: + name: seldon-webhook-service + namespace: kubeflow + path: /validate-machinelearning-seldon-io-v1-seldondeployment + failurePolicy: Fail + name: v1.vseldondeployment.kb.io + namespaceSelector: + matchExpressions: + - key: seldon.io/controller-id + operator: DoesNotExist + matchLabels: + serving.kubeflow.org/inferenceservice: enabled + rules: + - apiGroups: + - machinelearning.seldon.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - seldondeployments +- clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCRENDQWV5Z0F3SUJBZ0lRUzQ4aWc4UDJxYytTZ2o1dXBXcllDekFOQmdrcWhraUc5dzBCQVFzRkFEQWMKTVJvd0dBWURWUVFERXhGamRYTjBiMjB0YldWMGNtbGpjeTFqWVRBZUZ3MHlNREEwTVRjd09UQTROREZhRncweQpNVEEwTVRjd09UQTROREZhTUJ3eEdqQVlCZ05WQkFNVEVXTjFjM1J2YlMxdFpYUnlhV056TFdOaE1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXV4L0wzb2F6N1JkVGhWc3dKV1JJZVhjV1RLYS8KbDZaK0kxZVIxUEZKd0gwZko5aisrWjdTMWxsMGRxT3ZiZUxmejJ4cHpaNGZZdy9zZFhkYSswd2xxTHVxdmJJbgpUL0hJRTA0aFFBYW1zcXBFRzFlR3RrSkpuTXMxTTRiSUVPT0tjZHkyNlNYN3JmV2cxaHZBdmJ3ekExY0hMQklsCk1kZmxSUDFyVmNZWFNRNmNhWDNWK1d0YnhZbWcvT3RsRHR5bGxISGlGQld0d2ZyaTlNVjJZbitQQ2lZZllUTzUKOEp2VXFxcHYrS3R2UmxrVUxPZzVLeUJzZlk3SGdaK1B6ZzJHZ2NZc2ZDeHdQMFFrRVpQZEpZeWZxSm9Dd3U0cQpWdVJTRWVGRSt4bnhpcnZRQUhSRTFpTFFjQ2IrQ2lOQWR3aU5hano4cHFiTmhJeXFQZUo3MjRIM0tRSURBUUFCCm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FxUXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUYKQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFETlhYTzBvNzVOUgpQWmRDNks2Y2g5bUlJWlV5dFJ0QnVrK0tLVHFtMk5kOW5lVFFoRUg5dGl0eGZjRmNEMmUyOVdnSjBvTDlaNkFUCnZEbUVrQ3pxbm11K3hHRjdJR2ZGZ0t1ZGFpVU9LZXVMazNVeVVDeXI1VVVHUWRUWDI2cFVrd011RllHSTU5ZU4KY0gxeUI4VDZaQ1dtYWhzZTJHU2hkVVVZNmYyYytDNmJTZ3owZDNnMnVSVk5kc1RjVjV2amczVGd2a3VIUlZNZQp0UXJDeFRJV005VUEwUWo4VUdQKzNCVGNhZlE0LzIzTVczTWxiZTBOVG9McTNiMHZ0ZFhNbmlFb1ZrUmJpaDNsClA4dnhTVXFmQ2JlbFF0ZXBhdWZxRTJXb25WWDRha092dnNKVUtpcmcxbENoZ3k3YXJwMjhydmQxdkMwVDJqdHYKMW9nSlh6Sk5MUlk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + service: + name: seldon-webhook-service + namespace: kubeflow + path: /validate-machinelearning-seldon-io-v1alpha2-seldondeployment + failurePolicy: Fail + name: v1alpha2.vseldondeployment.kb.io + namespaceSelector: + matchExpressions: + - key: seldon.io/controller-id + operator: DoesNotExist + matchLabels: + serving.kubeflow.org/inferenceservice: enabled + rules: + - apiGroups: + - machinelearning.seldon.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - seldondeployments +- clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCRENDQWV5Z0F3SUJBZ0lRUzQ4aWc4UDJxYytTZ2o1dXBXcllDekFOQmdrcWhraUc5dzBCQVFzRkFEQWMKTVJvd0dBWURWUVFERXhGamRYTjBiMjB0YldWMGNtbGpjeTFqWVRBZUZ3MHlNREEwTVRjd09UQTROREZhRncweQpNVEEwTVRjd09UQTROREZhTUJ3eEdqQVlCZ05WQkFNVEVXTjFjM1J2YlMxdFpYUnlhV056TFdOaE1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXV4L0wzb2F6N1JkVGhWc3dKV1JJZVhjV1RLYS8KbDZaK0kxZVIxUEZKd0gwZko5aisrWjdTMWxsMGRxT3ZiZUxmejJ4cHpaNGZZdy9zZFhkYSswd2xxTHVxdmJJbgpUL0hJRTA0aFFBYW1zcXBFRzFlR3RrSkpuTXMxTTRiSUVPT0tjZHkyNlNYN3JmV2cxaHZBdmJ3ekExY0hMQklsCk1kZmxSUDFyVmNZWFNRNmNhWDNWK1d0YnhZbWcvT3RsRHR5bGxISGlGQld0d2ZyaTlNVjJZbitQQ2lZZllUTzUKOEp2VXFxcHYrS3R2UmxrVUxPZzVLeUJzZlk3SGdaK1B6ZzJHZ2NZc2ZDeHdQMFFrRVpQZEpZeWZxSm9Dd3U0cQpWdVJTRWVGRSt4bnhpcnZRQUhSRTFpTFFjQ2IrQ2lOQWR3aU5hano4cHFiTmhJeXFQZUo3MjRIM0tRSURBUUFCCm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FxUXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUYKQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFETlhYTzBvNzVOUgpQWmRDNks2Y2g5bUlJWlV5dFJ0QnVrK0tLVHFtMk5kOW5lVFFoRUg5dGl0eGZjRmNEMmUyOVdnSjBvTDlaNkFUCnZEbUVrQ3pxbm11K3hHRjdJR2ZGZ0t1ZGFpVU9LZXVMazNVeVVDeXI1VVVHUWRUWDI2cFVrd011RllHSTU5ZU4KY0gxeUI4VDZaQ1dtYWhzZTJHU2hkVVVZNmYyYytDNmJTZ3owZDNnMnVSVk5kc1RjVjV2amczVGd2a3VIUlZNZQp0UXJDeFRJV005VUEwUWo4VUdQKzNCVGNhZlE0LzIzTVczTWxiZTBOVG9McTNiMHZ0ZFhNbmlFb1ZrUmJpaDNsClA4dnhTVXFmQ2JlbFF0ZXBhdWZxRTJXb25WWDRha092dnNKVUtpcmcxbENoZ3k3YXJwMjhydmQxdkMwVDJqdHYKMW9nSlh6Sk5MUlk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + service: + name: seldon-webhook-service + namespace: kubeflow + path: /validate-machinelearning-seldon-io-v1alpha3-seldondeployment + failurePolicy: Fail + name: v1alpha3.vseldondeployment.kb.io + namespaceSelector: + matchExpressions: + - key: seldon.io/controller-id + operator: DoesNotExist + matchLabels: + serving.kubeflow.org/inferenceservice: enabled + rules: + - apiGroups: + - machinelearning.seldon.io + apiVersions: + - v1alpha3 + operations: + - CREATE + - UPDATE + resources: + - seldondeployments diff --git a/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml new file mode 100644 index 000000000..8412945bc --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml @@ -0,0 +1,28 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: experiments.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + categories: + - all + - kubeflow + - katib + kind: Experiment + plural: experiments + singular: experiment + scope: Namespaced + subresources: + status: {} + version: v1alpha3 diff --git a/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml new file mode 100644 index 000000000..1e031ae88 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml @@ -0,0 +1,69 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebooks.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Notebook + plural: notebooks + singular: notebook + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + template: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + properties: + spec: + type: object + type: object + type: object + status: + properties: + conditions: + description: Conditions is an array of current conditions + items: + properties: + type: + description: Type of the confition/ + type: string + required: + - type + type: object + type: array + required: + - conditions + type: object + versions: + - name: v1alpha1 + served: true + storage: false + - name: v1beta1 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml new file mode 100644 index 000000000..808eb4db0 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml @@ -0,0 +1,56 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: poddefaults.kubeflow.org +spec: + group: kubeflow.org + names: + kind: PodDefault + plural: poddefaults + singular: poddefault + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + desc: + type: string + env: + items: + type: object + type: array + envFrom: + items: + type: object + type: array + selector: + type: object + serviceAccountName: + type: string + volumeMounts: + items: + type: object + type: array + volumes: + items: + type: object + type: array + required: + - selector + type: object + status: + type: object + type: object + version: v1alpha1 diff --git a/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml new file mode 100644 index 000000000..5c7023cb1 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml @@ -0,0 +1,160 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles + name: profiles.kubeflow.org +spec: + conversion: + strategy: None + group: kubeflow.org + names: + kind: Profile + plural: profiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProfileSpec defines the desired state of Profile + properties: + owner: + description: The profile owner + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. + Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" + for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by + this API group are "User", "Group", and "ServiceAccount". If the + Authorizer does not recognized the kind value, the Authorizer + should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + required: + - kind + - name + type: object + plugins: + items: + description: Plugin is for customize actions on different platform. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + spec: + type: object + type: object + type: array + resourceQuotaSpec: + description: Resourcequota that will be applied to target namespace + properties: + hard: + additionalProperties: + type: string + description: 'hard is the set of desired hard limits for each named + resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + scopeSelector: + description: scopeSelector is also a collection of filters like + scopes that must match each object tracked by a quota but expressed + using ScopeSelectorOperator in combination with possible values. + For a resource to match, both scopes AND scopeSelector (if specified + in spec), must be matched. + properties: + matchExpressions: + description: A list of scope selector requirements by scope + of the resources. + items: + description: A scoped-resource selector requirement is a selector + that contains values, a scope name, and an operator that + relates the scope name and values. + properties: + operator: + description: Represents a scope's relationship to a set + of values. Valid operators are In, NotIn, Exists, DoesNotExist. + type: string + scopeName: + description: The name of the scope that the selector applies + to. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - operator + - scopeName + type: object + type: array + type: object + scopes: + description: A collection of filters that must match each object + tracked by a quota. If not specified, the quota matches all objects. + items: + description: A ResourceQuotaScope defines a filter that must match + each object tracked by a quota + type: string + type: array + type: object + type: object + status: + description: ProfileStatus defines the observed state of Profile + properties: + conditions: + items: + properties: + message: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true + - name: v1beta1 + served: true + storage: false diff --git a/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml new file mode 100644 index 000000000..2dc516cbc --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml @@ -0,0 +1,45 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-job-crds + name: pytorchjobs.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: State + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + kind: PyTorchJob + plural: pytorchjobs + singular: pytorchjob + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + pytorchReplicaSpecs: + properties: + Master: + properties: + replicas: + maximum: 1 + minimum: 1 + type: integer + Worker: + properties: + replicas: + minimum: 1 + type: integer + versions: + - name: v1 + served: true + storage: true diff --git a/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml new file mode 100644 index 000000000..afa2f6547 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: ml-pipeline-scheduledworkflow + app.kubernetes.io/component: scheduledworkflow + app.kubernetes.io/name: scheduledworkflow + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_seldondeployments.machinelearning.seldon.io.yaml b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_seldondeployments.machinelearning.seldon.io.yaml new file mode 100644 index 000000000..7ef6effa2 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_seldondeployments.machinelearning.seldon.io.yaml @@ -0,0 +1,6922 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/seldon-serving-cert + controller-gen.kubebuilder.io/version: v0.2.5 + creationTimestamp: null + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + name: seldondeployments.machinelearning.seldon.io +spec: + group: machinelearning.seldon.io + names: + kind: SeldonDeployment + listKind: SeldonDeploymentList + plural: seldondeployments + shortNames: + - sdep + singular: seldondeployment + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: SeldonDeployment is the Schema for the seldondeployments API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SeldonDeploymentSpec defines the desired state of SeldonDeployment + properties: + annotations: + additionalProperties: + type: string + type: object + name: + description: Name is Deprecated will be removed in future + type: string + oauth_key: + type: string + oauth_secret: + type: string + predictors: + items: + properties: + annotations: + additionalProperties: + type: string + type: object + componentSpecs: + items: + properties: + hpaSpec: + properties: + maxReplicas: + format: int32 + type: integer + metrics: + items: + description: MetricSpec specifies how to scale based + on a single metric (only `type` and one other matching + field should be set at once). + properties: + external: + description: external refers to a global metric + that is not associated with any Kubernetes object. + It allows autoscaling based on information coming + from components running outside of cluster (for + example length of queue in cloud messaging service, + or QPS from loadbalancer running outside of + cluster). + properties: + metricName: + description: metricName is the name of the + metric in question. + type: string + metricSelector: + description: metricSelector is used to identify + a specific time series within a given metric. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + targetAverageValue: + anyOf: + - type: integer + - type: string + description: targetAverageValue is the target + per-pod value of global metric (as a quantity). + Mutually exclusive with TargetValue. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + targetValue: + anyOf: + - type: integer + - type: string + description: targetValue is the target value + of the metric (as a quantity). Mutually + exclusive with TargetAverageValue. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - metricName + type: object + object: + description: object refers to a metric describing + a single kubernetes object (for example, hits-per-second + on an Ingress object). + properties: + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all + relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + metricName: + description: metricName is the name of the + metric in question. + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping + When unset, just the metricName will be + used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + target: + description: target is the described Kubernetes + object. + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: 'Kind of the referent; More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"' + type: string + name: + description: 'Name of the referent; More + info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + required: + - kind + - name + type: object + targetValue: + anyOf: + - type: integer + - type: string + description: targetValue is the target value + of the metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - metricName + - target + - targetValue + type: object + pods: + description: pods refers to a metric describing + each pod in the current scale target (for example, + transactions-processed-per-second). The values + will be averaged together before being compared + to the target value. + properties: + metricName: + description: metricName is the name of the + metric in question + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping + When unset, just the metricName will be + used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + targetAverageValue: + anyOf: + - type: integer + - type: string + description: targetAverageValue is the target + value of the average of the metric across + all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - metricName + - targetAverageValue + type: object + resource: + description: resource refers to a resource metric + (such as those specified in requests and limits) + known to Kubernetes describing each pod in the + current scale target (e.g. CPU or memory). Such + metrics are built in to Kubernetes, and have + special scaling options on top of those available + to normal per-pod metrics using the "pods" source. + properties: + name: + description: name is the name of the resource + in question. + type: string + targetAverageUtilization: + description: targetAverageUtilization is the + target value of the average of the resource + metric across all relevant pods, represented + as a percentage of the requested value of + the resource for the pods. + format: int32 + type: integer + targetAverageValue: + anyOf: + - type: integer + - type: string + description: targetAverageValue is the target + value of the average of the resource metric + across all relevant pods, as a raw value + (instead of as a percentage of the request), + similar to the "pods" metric source type. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - name + type: object + type: + description: type is the type of metric source. It + should be one of "Object", "Pods" or "Resource", + each mapping to a matching field in the object. + type: string + required: + - type + type: object + type: array + minReplicas: + format: int32 + type: integer + required: + - maxReplicas + type: object + metadata: + type: object + replicas: + format: int32 + type: integer + spec: + description: PodSpec is a description of a pod. + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may + be active on the node relative to StartTime before + the system will actively try to mark it failed and + kill associated containers. Value must be a positive + integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most + preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit weight + 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to an update), the + system may or may not try to eventually evict + the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); null + or empty list means "this pod's + namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to a pod label update), + the system may or may not try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which + namespaces the labelSelector applies + to (matches against); null or empty + list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it + may choose a node that violates one or more + of the expressions. The node that is most + preferred is the one with the greatest sum + of weights, i.e. for each node that meets + all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); null + or empty list means "this pod's + namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the + node. If the anti-affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod label + update), the system may or may not try to + eventually evict the pod from its node. When + there are multiple elements, the lists of + nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which + namespaces the labelSelector applies + to (matches against); null or empty + list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: List of containers belonging to the pod. + Containers cannot currently be added or removed. There + must be at least one container in a Pod. Cannot be + updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The + docker image''s CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable + cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used + if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. The $(VAR_NAME) syntax can + be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined + within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when + the container is starting. When a key exists + in multiple sources, the value associated with + the last source will take precedence. Values + defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level + config management to default or override container + images in workload controllers like Deployments + and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, + Never, IfNotPresent. Defaults to Always if :latest + tag is specified, or IfNotPresent otherwise. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system + should take in response to container lifecycle + events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately + after a container is created. If the handler + fails, the container is terminated and restarted + according to its restart policy. Other management + of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies + the action to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not + yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately + before a container is terminated due to + an API request or management event such + as liveness/startup probe failure, preemption, + resource contention, etc. The handler is + not called if the container crashes or exits. + The reason for termination is passed to + the handler. The Pod''s termination grace + period countdown begins before the PreStop + hooked is executed. Regardless of the outcome + of the handler, the container will eventually + terminate within the Pod''s termination + grace period. Other management of the container + blocks until the hook completes or until + the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies + the action to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not + yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as + a DNS_LABEL. Each container in a pod must have + a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the + container. Exposing a port here gives the system + additional information about the network connections + a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which + is listening on the default "0.0.0.0" address + inside a container will be accessible from the + network. Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose on + the pod's IP address. This must be a valid + port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on + the host. If specified, this must be a + valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be + an IANA_SVC_NAME and unique within the + pod. Each named port in a pod must have + a unique name. Name for the port that + can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be + UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service + readiness. Container will be removed from service + endpoints if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this + container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should + run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges + than its parent process. This bool directly + controls if the no_new_privs flag will be + set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) + run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop + when running containers. Defaults to the + default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults + to false. + type: boolean + procMount: + description: procMount denotes the type of + proc mount to use for the containers. The + default is DefaultProcMount which uses the + container runtime defaults for readonly + paths and masked paths. This requires the + ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a + read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If true, the + Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 + (root) and fail to start the container if + it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults to user + specified in image metadata if unspecified. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to the container. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings + applied to all containers. If unspecified, + the options from the PodSecurityContext + will be used. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. This field is alpha-level and + is only honored by servers that enable + the WindowsGMSA feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. This field is alpha-level and + is only honored by servers that enable + the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to + run the entrypoint of the container + process. Defaults to the user specified + in image metadata if unspecified. May + also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. This field is beta-level + and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the + Pod has successfully initialized. If specified, + no other probes are executed until this completes + successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. + This can be used to provide different probe + parameters at the beginning of a Pod''s lifecycle, + when it might take a long time to load data + or warm a cache, than during steady-state operation. + This cannot be updated. This is an alpha feature + enabled by the StartupProbe feature flag. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. + If this is not set, reads from stdin in the + container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been opened + by a single attach. When stdin is true the stdin + stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until + the first client attaches to stdin, and then + remains open and accepts data until the client + disconnects, at which time stdin is closed and + remains closed until the container is restarted. + If this flag is false, a container processes + that reads from stdin will never receive an + EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file + to which the container''s termination message + will be written is mounted into the container''s + filesystem. Message written is intended to be + brief final status, such as an assertion failure + message. Will be truncated by the node if greater + than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the container + status message on both success and failure. + FallbackToLogsOnError will use the last chunk + of container log output if the termination message + file is empty and the container exited with + an error. The log output is limited to 2048 + bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be + true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. This is + a beta feature. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: Path within the container at + which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines + how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is + used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: Mounted read-only if true, + read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: Path within the volume from + which the container's volume should be + mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume + from which the container's volume should + be mounted. Behaves similarly to SubPath + but environment variable references $(VAR_NAME) + are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If + not specified, the container runtime's default + will be used, which might be configured in the + container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated + DNS configuration based on DNSPolicy. + properties: + nameservers: + description: A list of DNS name server IP addresses. + This will be appended to the base nameservers + generated from DNSPolicy. Duplicated nameservers + will be removed. + items: + type: string + type: array + options: + description: A list of DNS resolver options. This + will be merged with the base options generated + from DNSPolicy. Duplicated entries will be removed. + Resolution options given in Options will override + those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name + lookup. This will be appended to the base search + paths generated from DNSPolicy. Duplicated search + paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to + "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', + 'ClusterFirst', 'Default' or 'None'. DNS parameters + given in DNSConfig will be merged with the policy + selected with DNSPolicy. To have DNS options set along + with hostNetwork, you have to specify DNS policy explicitly + to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information + about services should be injected into pod''s environment + variables, matching the syntax of Docker links. Optional: + Defaults to true.' + type: boolean + ephemeralContainers: + description: List of ephemeral containers run in this + pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. + This list cannot be specified when creating a pod, + and it cannot be modified by updating the pod spec. + In order to add an ephemeral container to an existing + pod, use the pod's ephemeralcontainers subresource. + This field is alpha-level and is only honored by servers + that enable the EphemeralContainers feature. + items: + description: An EphemeralContainer is a container + that may be added temporarily to an existing pod + for user-initiated activities such as debugging. + Ephemeral containers have no resource or scheduling + guarantees, and they will not be restarted when + they exit or when a pod is removed or restarted. + If an ephemeral container causes a pod to exceed + its resource allocation, the pod may be evicted. + Ephemeral containers may not be added by directly + updating the pod spec. They must be added via the + pod's ephemeralcontainers subresource, and they + will appear in the pod spec once added. This is + an alpha feature enabled by the EphemeralContainers + feature flag. + properties: + args: + description: 'Arguments to the entrypoint. The + docker image''s CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable + cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used + if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. The $(VAR_NAME) syntax can + be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined + within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when + the container is starting. When a key exists + in multiple sources, the value associated with + the last source will take precedence. Values + defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, + Never, IfNotPresent. Defaults to Always if :latest + tag is specified, or IfNotPresent otherwise. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: 'PostStart is called immediately + after a container is created. If the handler + fails, the container is terminated and restarted + according to its restart policy. Other management + of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies + the action to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not + yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately + before a container is terminated due to + an API request or management event such + as liveness/startup probe failure, preemption, + resource contention, etc. The handler is + not called if the container crashes or exits. + The reason for termination is passed to + the handler. The Pod''s termination grace + period countdown begins before the PreStop + hooked is executed. Regardless of the outcome + of the handler, the container will eventually + terminate within the Pod''s termination + grace period. Other management of the container + blocks until the hook completes or until + the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies + the action to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not + yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the ephemeral container specified + as a DNS_LABEL. This name must be unique among + all containers, init containers and ephemeral + containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose on + the pod's IP address. This must be a valid + port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on + the host. If specified, this must be a + valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be + an IANA_SVC_NAME and unique within the + pod. Each named port in a pod must have + a unique name. Name for the port that + can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be + UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: Resources are not allowed for ephemeral + containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: SecurityContext is not allowed for + ephemeral containers. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges + than its parent process. This bool directly + controls if the no_new_privs flag will be + set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) + run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop + when running containers. Defaults to the + default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults + to false. + type: boolean + procMount: + description: procMount denotes the type of + proc mount to use for the containers. The + default is DefaultProcMount which uses the + container runtime defaults for readonly + paths and masked paths. This requires the + ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a + read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If true, the + Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 + (root) and fail to start the container if + it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults to user + specified in image metadata if unspecified. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to the container. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings + applied to all containers. If unspecified, + the options from the PodSecurityContext + will be used. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. This field is alpha-level and + is only honored by servers that enable + the WindowsGMSA feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. This field is alpha-level and + is only honored by servers that enable + the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to + run the entrypoint of the container + process. Defaults to the user specified + in image metadata if unspecified. May + also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. This field is beta-level + and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. + If this is not set, reads from stdin in the + container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been opened + by a single attach. When stdin is true the stdin + stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until + the first client attaches to stdin, and then + remains open and accepts data until the client + disconnects, at which time stdin is closed and + remains closed until the container is restarted. + If this flag is false, a container processes + that reads from stdin will never receive an + EOF. Default is false + type: boolean + targetContainerName: + description: If set, the name of the container + from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces + (IPC, PID, etc) of this container. If not set + then the ephemeral container is run in whatever + namespaces are shared for the pod. Note that + the container runtime must support this feature. + type: string + terminationMessagePath: + description: 'Optional: Path at which the file + to which the container''s termination message + will be written is mounted into the container''s + filesystem. Message written is intended to be + brief final status, such as an assertion failure + message. Will be truncated by the node if greater + than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the container + status message on both success and failure. + FallbackToLogsOnError will use the last chunk + of container log output if the termination message + file is empty and the container exited with + an error. The log output is limited to 2048 + bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be + true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. This is + a beta feature. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: Path within the container at + which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines + how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is + used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: Mounted read-only if true, + read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: Path within the volume from + which the container's volume should be + mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume + from which the container's volume should + be mounted. Behaves similarly to SubPath + but environment variable references $(VAR_NAME) + are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If + not specified, the container runtime's default + will be used, which might be configured in the + container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + hostAliases: + description: HostAliases is an optional list of hosts + and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork + pods. + items: + description: HostAlias holds the mapping between IP + and hostnames that will be injected as an entry + in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. Optional: + Default to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. + Use the host's network namespace. If this option is + set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: + Default to false.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not + specified, the pod's hostname will be set to a system-defined + value. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of + references to secrets in the same namespace to use + for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual + puller implementations for them to use. For example, + in the case of docker, only DockerConfig type secrets + are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough + information to let you locate the referenced object + inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + type: array + initContainers: + description: 'List of initialization containers belonging + to the pod. Init containers are executed in order + prior to containers being started. If any init container + fails, the pod is considered to have failed and is + handled according to its restartPolicy. The name for + an init container or normal container must be unique + among all containers. Init containers may not have + Lifecycle actions, Readiness probes, Liveness probes, + or Startup probes. The resourceRequirements of an + init container are taken into account during scheduling + by finding the highest request/limit for each resource + type, and then using the max of of that value or the + sum of the normal containers. Limits are applied to + init containers in a similar fashion. Init containers + cannot currently be added or removed. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The + docker image''s CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable + cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used + if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. The $(VAR_NAME) syntax can + be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined + within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when + the container is starting. When a key exists + in multiple sources, the value associated with + the last source will take precedence. Values + defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level + config management to default or override container + images in workload controllers like Deployments + and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, + Never, IfNotPresent. Defaults to Always if :latest + tag is specified, or IfNotPresent otherwise. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system + should take in response to container lifecycle + events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately + after a container is created. If the handler + fails, the container is terminated and restarted + according to its restart policy. Other management + of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies + the action to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not + yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately + before a container is terminated due to + an API request or management event such + as liveness/startup probe failure, preemption, + resource contention, etc. The handler is + not called if the container crashes or exits. + The reason for termination is passed to + the handler. The Pod''s termination grace + period countdown begins before the PreStop + hooked is executed. Regardless of the outcome + of the handler, the container will eventually + terminate within the Pod''s termination + grace period. Other management of the container + blocks until the hook completes or until + the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies + the action to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not + yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as + a DNS_LABEL. Each container in a pod must have + a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the + container. Exposing a port here gives the system + additional information about the network connections + a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which + is listening on the default "0.0.0.0" address + inside a container will be accessible from the + network. Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose on + the pod's IP address. This must be a valid + port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on + the host. If specified, this must be a + valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be + an IANA_SVC_NAME and unique within the + pod. Each named port in a pod must have + a unique name. Name for the port that + can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be + UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service + readiness. Container will be removed from service + endpoints if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this + container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should + run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges + than its parent process. This bool directly + controls if the no_new_privs flag will be + set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) + run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop + when running containers. Defaults to the + default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults + to false. + type: boolean + procMount: + description: procMount denotes the type of + proc mount to use for the containers. The + default is DefaultProcMount which uses the + container runtime defaults for readonly + paths and masked paths. This requires the + ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a + read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If true, the + Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 + (root) and fail to start the container if + it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults to user + specified in image metadata if unspecified. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to the container. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings + applied to all containers. If unspecified, + the options from the PodSecurityContext + will be used. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. This field is alpha-level and + is only honored by servers that enable + the WindowsGMSA feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. This field is alpha-level and + is only honored by servers that enable + the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to + run the entrypoint of the container + process. Defaults to the user specified + in image metadata if unspecified. May + also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. This field is beta-level + and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the + Pod has successfully initialized. If specified, + no other probes are executed until this completes + successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. + This can be used to provide different probe + parameters at the beginning of a Pod''s lifecycle, + when it might take a long time to load data + or warm a cache, than during steady-state operation. + This cannot be updated. This is an alpha feature + enabled by the StartupProbe feature flag. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. + If this is not set, reads from stdin in the + container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been opened + by a single attach. When stdin is true the stdin + stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until + the first client attaches to stdin, and then + remains open and accepts data until the client + disconnects, at which time stdin is closed and + remains closed until the container is restarted. + If this flag is false, a container processes + that reads from stdin will never receive an + EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file + to which the container''s termination message + will be written is mounted into the container''s + filesystem. Message written is intended to be + brief final status, such as an assertion failure + message. Will be truncated by the node if greater + than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the container + status message on both success and failure. + FallbackToLogsOnError will use the last chunk + of container log output if the termination message + file is empty and the container exited with + an error. The log output is limited to 2048 + bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be + true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. This is + a beta feature. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: Path within the container at + which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines + how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is + used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: Mounted read-only if true, + read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: Path within the volume from + which the container's volume should be + mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume + from which the container's volume should + be mounted. Behaves similarly to SubPath + but environment variable references $(VAR_NAME) + are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If + not specified, the container runtime's default + will be used, which might be configured in the + container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + nodeName: + description: NodeName is a request to schedule this + pod onto a specific node. If it is non-empty, the + scheduler simply schedules this pod onto that node, + assuming that it fits resource requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must + be true for the pod to fit on a node. Selector which + must match a node''s labels for the pod to be scheduled + on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Overhead represents the resource overhead + associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time + by the RuntimeClass admission controller. If the RuntimeClass + admission controller is enabled, overhead must not + be set in Pod create requests. The RuntimeClass admission + controller will reject Pod create requests which have + the overhead already set. If RuntimeClass is configured + and selected in the PodSpec, Overhead will be set + to the value defined in the corresponding RuntimeClass, + otherwise it will remain unset and treated as zero. + More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md + This field is alpha-level as of Kubernetes v1.16, + and is only honored by servers that enable the PodOverhead + feature.' + type: object + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting + pods with lower priority. One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. This field + is alpha-level and is only honored by servers that + enable the NonPreemptingPriority feature. + type: string + priority: + description: The priority value. Various system components + use this field to find the priority of the pod. When + Priority Admission Controller is enabled, it prevents + users from setting this field. The admission controller + populates this field from PriorityClassName. The higher + the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. + "system-node-critical" and "system-cluster-critical" + are two special keywords which indicate the highest + priorities with the former being the highest priority. + Any other name must be defined by creating a PriorityClass + object with that name. If not specified, the pod priority + will be default or zero if there is no default. + type: string + readinessGates: + description: 'If specified, all readiness gates will + be evaluated for pod readiness. A pod is ready when + all its containers are ready AND all conditions specified + in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + description: 'Restart policy for all containers within + the pod. One of Always, OnFailure, Never. Default + to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' + type: string + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass + object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches + the named class, the pod will not be run. If unset + or empty, the "legacy" RuntimeClass will be used, + which is an implicit class with an empty definition + that uses the default runtime handler. More info: + https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md + This is a beta feature as of Kubernetes v1.14.' + type: string + schedulerName: + description: If specified, the pod will be dispatched + by specified scheduler. If not specified, the pod + will be dispatched by default scheduler. + type: string + securityContext: + description: 'SecurityContext holds pod-level security + attributes and common container settings. Optional: + Defaults to empty. See type description for default + values of each field.' + properties: + fsGroup: + description: "A special supplemental group that + applies to all containers in a pod. Some volume + types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The + owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be + owned by FSGroup) 3. The permission bits are OR'd + with rw-rw---- \n If unset, the Kubelet will not + modify the ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence + for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + all containers. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first + process run in each container, in addition to + the container's primary GID. If unspecified, + no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls + (by the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + This field is alpha-level and is only honored + by servers that enable the WindowsGMSA feature + flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. This field + is alpha-level and is only honored by servers + that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. Defaults + to the user specified in image metadata if + unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. This field is beta-level and may + be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccount: + description: 'DeprecatedServiceAccount is a depreciated + alias for ServiceAccountName. Deprecated: Use serviceAccountName + instead.' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the + ServiceAccount to use to run this pod. More info: + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + shareProcessNamespace: + description: 'Share a single process namespace between + all of the containers in a pod. When this is set containers + will be able to view and signal processes from other + containers in the same pod, and the first process + in each container will not be assigned PID 1. HostPID + and ShareProcessNamespace cannot both be set. Optional: + Default to false.' + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname + will be "...svc.". If not specified, the pod will not have + a domainname at all. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully. May be decreased in delete + request. Value must be non-negative integer. The value + zero indicates delete immediately. If this value is + nil, the default grace period will be used instead. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer than + the expected cleanup time for your process. Defaults + to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to + tolerates any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must be + of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever + (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how + a group of pods ought to spread across topology domains. + Scheduler will schedule pods in a way which abides + by the constraints. This field is alpha-level and + is only honored by clusters that enables the EvenPodsSpread + feature. All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are + counted to determine the number of pods in their + corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to + which pods may be unevenly distributed. It''s + the maximum permitted difference between the + number of matching pods in any two topology + domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and + pods with the same labelSelector spread as 1/1/0: + | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be + scheduled to zone3 to become 1/1/1; scheduling + it onto zone1(zone2) would make the ActualSkew(2-0) + on zone1(zone2) violate MaxSkew(1). - if MaxSkew + is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value + is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", + and try to put balanced number of pods into + each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how + to deal with a pod if it doesn''t satisfy the + spread constraint. - DoNotSchedule (default) + tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s + considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates + "MaxSkew". For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only + be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can + still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: 'List of volumes that can be mounted by + containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + items: + type: object + type: array + required: + - containers + type: object + type: object + type: array + engineResources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + explainer: + properties: + config: + additionalProperties: + type: string + type: object + containerSpec: + description: A single application container that you want + to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a + shell. The docker image''s ENTRYPOINT is used if this + is not provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string + will be unchanged. The $(VAR_NAME) syntax can be escaped + with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, metadata.labels, + metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported + as an event when the container is starting. When a key + exists in multiple sources, the value associated with + the last source will take precedence. Values defined + by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images in + workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is specified, + or IfNotPresent otherwise. Cannot be updated. More info: + https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. + properties: + postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, the + container is terminated and restarted according + to its restart policy. Other management of the container + blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness/startup probe + failure, preemption, resource contention, etc. The + handler is not called if the container crashes or + exits. The reason for termination is passed to the + handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will + eventually terminate within the Pod''s termination + grace period. Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. + Exposing a port here gives the system additional information + about the network connections a container uses, but + is primarily informational. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port + which is listening on the default "0.0.0.0" address + inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port + to. + type: string + hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, this + must match ContainerPort. Most containers do not + need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the port + that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. + More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent + process. This bool directly controls if the no_new_privs + flag will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as + Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not + run as UID 0 (root) and fail to start the container + if it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified in + image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options from + the PodSecurityContext will be used. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + This field is alpha-level and is only honored + by servers that enable the WindowsGMSA feature + flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. This field + is alpha-level and is only honored by servers + that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. Defaults + to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. This field is beta-level and may + be disabled with the WindowsRunAsUserName feature + flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has + successfully initialized. If specified, no other probes + are executed until this completes successfully. If this + probe fails, the Pod will be restarted, just as if the + livenessProbe failed. This can be used to provide different + probe parameters at the beginning of a Pod''s lifecycle, + when it might take a long time to load data or warm + a cache, than during steady-state operation. This cannot + be updated. This is an alpha feature enabled by the + StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a + buffer for stdin in the container runtime. If this is + not set, reads from stdin in the container will always + result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce is + set to true, stdin is opened on container start, is + empty until the first client attaches to stdin, and + then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such as + an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length + across all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a + TTY for itself, also requires 'stdin' to be true. Default + is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw + block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the + container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which the + container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable + references $(VAR_NAME) are expanded using the + container's environment. Defaults to "" (volume's + root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot be + updated. + type: string + required: + - name + type: object + endpoint: + properties: + service_host: + type: string + service_port: + format: int32 + type: integer + type: + type: string + type: object + envSecretRefName: + type: string + modelUri: + type: string + serviceAccountName: + type: string + type: + type: string + type: object + graph: + properties: + children: + items: + properties: + children: + items: + properties: + children: + items: + properties: + children: + items: + properties: + endpoint: + properties: + service_host: + type: string + service_port: + format: int32 + type: integer + type: + type: string + type: object + envSecretRefName: + type: string + implementation: + type: string + logger: + description: Request/response payload + logging. v2alpha1 feature that is + added to v1 for backwards compatibility + while v1 is the storage version. + properties: + mode: + description: What payloads to + log + type: string + url: + description: URL to send request + logging CloudEvents + type: string + type: object + methods: + items: + type: string + type: array + modelUri: + type: string + name: + type: string + parameters: + items: + properties: + name: + type: string + type: + type: string + value: + type: string + type: object + type: array + serviceAccountName: + type: string + type: + type: string + type: object + type: array + endpoint: + properties: + service_host: + type: string + service_port: + format: int32 + type: integer + type: + type: string + type: object + envSecretRefName: + type: string + implementation: + type: string + logger: + description: Request/response payload logging. + v2alpha1 feature that is added to v1 for + backwards compatibility while v1 is the + storage version. + properties: + mode: + description: What payloads to log + type: string + url: + description: URL to send request logging + CloudEvents + type: string + type: object + methods: + items: + type: string + type: array + modelUri: + type: string + name: + type: string + parameters: + items: + properties: + name: + type: string + type: + type: string + value: + type: string + type: object + type: array + serviceAccountName: + type: string + type: + type: string + type: object + type: array + endpoint: + properties: + service_host: + type: string + service_port: + format: int32 + type: integer + type: + type: string + type: object + envSecretRefName: + type: string + implementation: + type: string + logger: + description: Request/response payload logging. + v2alpha1 feature that is added to v1 for backwards + compatibility while v1 is the storage version. + properties: + mode: + description: What payloads to log + type: string + url: + description: URL to send request logging CloudEvents + type: string + type: object + methods: + items: + type: string + type: array + modelUri: + type: string + name: + type: string + parameters: + items: + properties: + name: + type: string + type: + type: string + value: + type: string + type: object + type: array + serviceAccountName: + type: string + type: + type: string + type: object + type: array + endpoint: + properties: + service_host: + type: string + service_port: + format: int32 + type: integer + type: + type: string + type: object + envSecretRefName: + type: string + implementation: + type: string + logger: + description: Request/response payload logging. v2alpha1 + feature that is added to v1 for backwards compatibility + while v1 is the storage version. + properties: + mode: + description: What payloads to log + type: string + url: + description: URL to send request logging CloudEvents + type: string + type: object + methods: + items: + type: string + type: array + modelUri: + type: string + name: + type: string + parameters: + items: + properties: + name: + type: string + type: + type: string + value: + type: string + type: object + type: array + serviceAccountName: + type: string + type: + type: string + type: object + type: array + endpoint: + properties: + service_host: + type: string + service_port: + format: int32 + type: integer + type: + type: string + type: object + envSecretRefName: + type: string + implementation: + type: string + logger: + description: Request/response payload logging. v2alpha1 feature + that is added to v1 for backwards compatibility while v1 + is the storage version. + properties: + mode: + description: What payloads to log + type: string + url: + description: URL to send request logging CloudEvents + type: string + type: object + methods: + items: + type: string + type: array + modelUri: + type: string + name: + type: string + parameters: + items: + properties: + name: + type: string + type: + type: string + value: + type: string + required: + - name + - type + - value + type: object + type: array + serviceAccountName: + type: string + type: + type: string + required: + - name + type: object + labels: + additionalProperties: + type: string + type: object + name: + type: string + replicas: + format: int32 + type: integer + shadow: + type: boolean + svcOrchSpec: + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, metadata.labels, + metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + replicas: + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + type: object + traffic: + format: int32 + type: integer + required: + - graph + - name + type: object + type: array + protocol: + type: string + replicas: + format: int32 + type: integer + transport: + type: string + required: + - predictors + type: object + status: + description: SeldonDeploymentStatus defines the observed state of SeldonDeployment + properties: + address: + description: 'Addressable placeholder until duckv1 issue is fixed: https://github.com/kubernetes-sigs/controller-tools/issues/391' + properties: + url: + type: string + type: object + deploymentStatus: + additionalProperties: + properties: + availableReplicas: + format: int32 + type: integer + description: + type: string + explainerFor: + type: string + name: + type: string + replicas: + format: int32 + type: integer + status: + type: string + type: object + type: object + description: + type: string + replicas: + format: int32 + type: integer + serviceStatus: + additionalProperties: + properties: + explainerFor: + type: string + grpcEndpoint: + type: string + httpEndpoint: + type: string + svcName: + type: string + type: object + type: object + state: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true + - name: v1alpha2 + served: true + storage: false + - name: v1alpha3 + served: true + storage: false diff --git a/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml new file mode 100644 index 000000000..9f1cabef7 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: suggestions.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: Type + type: string + - JSONPath: .status.conditions[-1:].status + name: Status + type: string + - JSONPath: .spec.requests + name: Requested + type: string + - JSONPath: .status.suggestionCount + name: Assigned + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + categories: + - all + - kubeflow + - katib + kind: Suggestion + plural: suggestions + singular: suggestion + scope: Namespaced + subresources: + status: {} + version: v1alpha3 diff --git a/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml new file mode 100644 index 000000000..ebfcefbc9 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-crds + name: tfjobs.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: State + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + kind: TFJob + plural: tfjobs + singular: tfjob + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + tfReplicaSpecs: + properties: + Chief: + properties: + replicas: + maximum: 1 + minimum: 1 + type: integer + PS: + properties: + replicas: + minimum: 1 + type: integer + Worker: + properties: + replicas: + minimum: 1 + type: integer + versions: + - name: v1 + served: true + storage: true diff --git a/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml new file mode 100644 index 000000000..5c42ede72 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: trials.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: Type + type: string + - JSONPath: .status.conditions[-1:].status + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + categories: + - all + - kubeflow + - katib + kind: Trial + plural: trials + singular: trial + scope: Namespaced + subresources: + status: {} + version: v1alpha3 diff --git a/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml new file mode 100644 index 000000000..bbb5ae71a --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: ml-pipeline-viewer-crd + app.kubernetes.io/component: pipelines-viewer + app.kubernetes.io/name: pipelines-viewer + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml new file mode 100644 index 000000000..08f6d1185 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml @@ -0,0 +1,19 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_api-service.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_api-service.yaml new file mode 100644 index 000000000..68ebdcc32 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_api-service.yaml @@ -0,0 +1,35 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: api-service + app.kubernetes.io/name: api-service + name: api-service + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - api-service + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: api-service + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: api-service + app.kubernetes.io/instance: api-service-0.2.5 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: api-service + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: 0.2.5 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml new file mode 100644 index 000000000..4c20d279d --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml @@ -0,0 +1,39 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Argo Workflows is an open source container-native workflow engine + for orchestrating parallel jobs on Kubernetes + keywords: + - argo + - kubeflow + links: + - description: About + url: https://github.com/argoproj/argo + maintainers: [] + owners: [] + type: argo + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml new file mode 100644 index 000000000..a77aa9583 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml @@ -0,0 +1,57 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: rbac.authorization.k8s.io + kind: RoleBinding + - group: rbac.authorization.k8s.io + kind: Role + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Provides a Dashboard UI for kubeflow + keywords: + - centraldashboard + - kubeflow + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/centraldashboard + maintainers: + - email: prodonjs@gmail.com + name: Jason Prodonovich + - email: apverma@google.com + name: Apoorv Verma + - email: adhita94@gmail.com + name: Adhita Selvaraj + owners: + - email: prodonjs@gmail.com + name: Jason Prodonovich + - email: apverma@google.com + name: Apoorv Verma + - email: adhita94@gmail.com + name: Adhita Selvaraj + type: centraldashboard + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/instance: centraldashboard-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: centraldashboard + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app.yaml new file mode 100644 index 000000000..cef234ad8 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app.yaml @@ -0,0 +1,53 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + name: jupyter-web-app + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: rbac.authorization.k8s.io + kind: RoleBinding + - group: rbac.authorization.k8s.io + kind: Role + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Provides a UI which allows the user to create/conect/delete jupyter + notebooks. + keywords: + - jupyterhub + - jupyter ui + - notebooks + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/jupyter-web-app + - description: Docs + url: https://www.kubeflow.org/docs/notebooks + maintainers: + - email: kimwnasptd@arrikto.com + name: Kimonas Sotirchos + owners: + - email: kimwnasptd@arrikto.com + name: Kimonas Sotirchos + type: jupyter-web-app + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/instance: jupyter-web-app-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: jupyter-web-app + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml new file mode 100644 index 000000000..d104a5737 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml @@ -0,0 +1,70 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: Secret + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: Experiment + - group: kubeflow.org + kind: Suggestion + - group: kubeflow.org + kind: Trial + descriptor: + description: Katib is a service for hyperparameter tuning and neural architecture + search. + keywords: + - katib + - katib-controller + - hyperparameter tuning + links: + - description: About + url: https://github.com/kubeflow/katib + maintainers: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + owners: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + type: katib + version: v1alpha3 + selector: + matchLabels: + app.kubernetes.io/component: katib + app.kubernetes.io/instance: katib-controller + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: katib-controller + app.kubernetes.io/part-of: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml new file mode 100644 index 000000000..017c6c72f --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml @@ -0,0 +1,68 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: katib-crds + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: Experiment + - group: kubeflow.org + kind: Suggestion + - group: kubeflow.org + kind: Trial + descriptor: + description: Katib is a service for hyperparameter tuning and neural architecture + search. + keywords: + - katib + - katib-controller + - hyperparameter tuning + links: + - description: About + url: https://github.com/kubeflow/katib + maintainers: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + owners: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + type: katib + version: v1alpha3 + selector: + matchLabels: + app.kubernetes.io/component: katib + app.kubernetes.io/instance: katib-crds + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: katib-crds + app.kubernetes.io/part-of: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml new file mode 100644 index 000000000..e1b386dfb --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml @@ -0,0 +1,31 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - minio + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: minio + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml new file mode 100644 index 000000000..d4db45829 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml @@ -0,0 +1,32 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - mysql + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: mysql + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller.yaml new file mode 100644 index 000000000..b02490a44 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller.yaml @@ -0,0 +1,44 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + name: notebook-controller + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + descriptor: + description: Notebooks controller allows users to create a custom resource \"Notebook\" + (jupyter notebook). + keywords: + - jupyter + - notebook + - notebook-controller + - jupyterhub + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/notebook-controller + maintainers: + - email: lunkai@google.com + name: Lun-kai Hsu + owners: + - email: lunkai@gogle.com + name: Lun-kai Hsu + type: notebook-controller + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/instance: notebook-controller-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: notebook-controller + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_persistent-agent.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_persistent-agent.yaml new file mode 100644 index 000000000..e1aedbe94 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_persistent-agent.yaml @@ -0,0 +1,35 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: persistent-agent + app.kubernetes.io/name: persistent-agent + name: persistent-agent + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - persistent-agent + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: persistent-agent + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: persistent-agent + app.kubernetes.io/instance: persistent-agent-0.2.5 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: persistent-agent + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: 0.2.5 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pipeline-visualization-service.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pipeline-visualization-service.yaml new file mode 100644 index 000000000..f4dac896c --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pipeline-visualization-service.yaml @@ -0,0 +1,35 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: pipeline-visualization-service + app.kubernetes.io/name: pipeline-visualization-service + name: pipeline-visualization-service + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - pipeline-visualization-service + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: pipeline-visualization-service + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: pipeline-visualization-service + app.kubernetes.io/instance: pipeline-visualization-service-0.2.5 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: pipeline-visualization-service + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: 0.2.5 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pipelines-runner.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pipelines-runner.yaml new file mode 100644 index 000000000..1ff76f4d8 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pipelines-runner.yaml @@ -0,0 +1,35 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: pipelines-runner + app.kubernetes.io/name: pipelines-runner + name: pipelines-runner + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - pipelines-runner + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: pipelines-runner + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: pipelines-runner + app.kubernetes.io/instance: pipelines-runner-0.2.5 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: pipelines-runner + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: 0.2.5 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pipelines-ui.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pipelines-ui.yaml new file mode 100644 index 000000000..92c48cfed --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pipelines-ui.yaml @@ -0,0 +1,35 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: pipelines-ui + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - pipelines-ui + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: pipelines-ui + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/instance: pipelines-ui-0.2.5 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: pipelines-ui + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: 0.2.5 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pipelines-viewer.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pipelines-viewer.yaml new file mode 100644 index 000000000..2789c1395 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pipelines-viewer.yaml @@ -0,0 +1,35 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: pipelines-viewer + app.kubernetes.io/name: pipelines-viewer + name: pipelines-viewer + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - pipelines-viewer + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: pipelines-viewer + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: pipelines-viewer + app.kubernetes.io/instance: pipelines-viewer-0.2.5 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: pipelines-viewer + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: 0.2.5 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_profiles.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_profiles.yaml new file mode 100644 index 000000000..c668c0e5c --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_profiles.yaml @@ -0,0 +1,45 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + name: profiles + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: kubeflow.org + kind: Profile + descriptor: + description: "" + keywords: + - profiles + - kubeflow + links: + - description: profiles + url: https://github.com/kubeflow/kubeflow/tree/master/components/profile-controller + - description: kfam + url: https://github.com/kubeflow/kubeflow/tree/master/components/access-management + maintainers: + - email: kunming@google.com + name: Kunming Qu + owners: + - email: kunming@google.com + name: Kunming Qu + type: profiles + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: profiles + app.kubernetes.io/instance: profiles-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: profiles + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml new file mode 100644 index 000000000..56a145757 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml @@ -0,0 +1,46 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-job-crds + name: pytorch-job-crds + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: PyTorchJob + descriptor: + description: Pytorch-job-crds contains the "PyTorchJob" custom resource definition. + keywords: + - pytorchjob + - pytorch-operator + - pytorch-training + links: + - description: About + url: https://github.com/kubeflow/pytorch-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/pytorchjob/v1/pytorch/ + maintainers: + - email: johnugeo@cisco.com + name: Johnu George + owners: + - email: johnugeo@cisco.com + name: Johnu George + type: pytorch-job-crds + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/instance: pytorch-job-crds-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: pytorch-job-crds + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml new file mode 100644 index 000000000..44ea79a4b --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml @@ -0,0 +1,49 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + name: pytorch-operator + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ConfigMap + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: PyTorchJob + descriptor: + description: Pytorch-operator allows users to create and manage the "PyTorchJob" + custom resource. + keywords: + - pytorchjob + - pytorch-operator + - pytorch-training + links: + - description: About + url: https://github.com/kubeflow/pytorch-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/pytorchjob/v1/pytorch/ + maintainers: + - email: johnugeo@cisco.com + name: Johnu George + owners: + - email: johnugeo@cisco.com + name: Johnu George + type: pytorch-operator + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/instance: pytorch-operator-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: pytorch-operator + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_scheduledworkflow.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_scheduledworkflow.yaml new file mode 100644 index 000000000..6304b0751 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_scheduledworkflow.yaml @@ -0,0 +1,35 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: scheduledworkflow + app.kubernetes.io/name: scheduledworkflow + name: scheduledworkflow + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - scheduledworkflow + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: scheduledworkflow + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: scheduledworkflow + app.kubernetes.io/instance: scheduledworkflow-0.2.5 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: scheduledworkflow + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: 0.2.5 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_seldon-core-operator.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_seldon-core-operator.yaml new file mode 100644 index 000000000..3c02b324c --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_seldon-core-operator.yaml @@ -0,0 +1,45 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: seldon + app.kubernetes.io/name: seldon-core-operator + name: seldon-core-operator + namespace: kubeflow +spec: + componentKinds: + - group: apps/v1 + kind: StatefulSet + - group: v1 + kind: Service + - group: apps/v1 + kind: Deployment + - group: v1 + kind: Secret + - group: v1 + kind: ConfigMap + description: Seldon allows users to create ML Inference Graphs to deploy their models + and serve predictions + icons: null + keywords: + - seldon + - inference + links: + - description: Docs + url: https://docs.seldon.io/projects/seldon-core/en/v1.1.0/ + maintainers: + - email: dev@seldon.io + name: Seldon + owners: + - email: dev@seldon.io + name: Seldon + selector: + matchLabels: + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-1.15 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: seldon + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: "1.15" + type: seldon-core-operator + version: v1 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml new file mode 100644 index 000000000..fc9715bb5 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml @@ -0,0 +1,46 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-crds + name: tf-job-crds + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: TFJob + descriptor: + description: Tf-job-crds contains the "TFJob" custom resource definition. + keywords: + - tfjob + - tf-operator + - tf-training + links: + - description: About + url: https://github.com/kubeflow/tf-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/tfjob/v1/tensorflow/ + maintainers: + - email: ricliu@google.com + name: Richard Liu + owners: + - email: ricliu@google.com + name: Richard Liu + type: tf-job-crds + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/instance: tf-job-crds-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: tf-job-crds + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml new file mode 100644 index 000000000..6e38dd861 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml @@ -0,0 +1,47 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + name: tf-job-operator + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: TFJob + descriptor: + description: Tf-operator allows users to create and manage the "TFJob" custom + resource. + keywords: + - tfjob + - tf-operator + - tf-training + links: + - description: About + url: https://github.com/kubeflow/tf-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/tfjob/v1/tensorflow/ + maintainers: + - email: ricliu@google.com + name: Richard Liu + owners: + - email: ricliu@google.com + name: Richard Liu + type: tf-job-operator + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/instance: tf-job-operator-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: tf-job-operator + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml new file mode 100644 index 000000000..fcf807af2 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml @@ -0,0 +1,39 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + name: webhook + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: StatefulSet + - group: core + kind: Service + - group: core + kind: ServiceAccount + descriptor: + description: injects volume, volume mounts, env vars into PodDefault + keywords: + - admission-webhook + - kubeflow + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/admission-webhook + maintainers: [] + owners: [] + type: bootstrap + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: bootstrap + app.kubernetes.io/instance: webhook-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: webhook + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml new file mode 100644 index 000000000..8b8111f51 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-deployment + namespace: kubeflow +spec: + selector: + matchLabels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + spec: + containers: + - args: + - --tlsCertFile=/etc/webhook/certs/tls.crt + - --tlsKeyFile=/etc/webhook/certs/tls.key + image: gcr.io/kubeflow-images-public/admission-webhook:vmaster-gaf96e4e3 + name: admission-webhook + volumeMounts: + - mountPath: /etc/webhook/certs + name: webhook-cert + readOnly: true + serviceAccountName: admission-webhook-service-account + volumes: + - name: webhook-cert + secret: + secretName: webhook-certs diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_argo-ui.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_argo-ui.yaml new file mode 100644 index 000000000..94c841f16 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_argo-ui.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + creationTimestamp: null + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + spec: + containers: + - env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: IN_CLUSTER + value: "true" + - name: ENABLE_WEB_CONSOLE + value: "false" + - name: BASE_HREF + value: /argo/ + image: argoproj/argoui:v2.3.0 + imagePullPolicy: IfNotPresent + name: argo-ui + readinessProbe: + httpGet: + path: / + port: 8001 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo-ui + serviceAccountName: argo-ui + terminationGracePeriodSeconds: 30 diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_centraldashboard.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_centraldashboard.yaml new file mode 100644 index 000000000..b226db2cb --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_centraldashboard.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + spec: + containers: + - env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-d7dttg89h2 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-d7dttg89h2 + image: gcr.io/kubeflow-images-public/centraldashboard:vmaster-gf39279c0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 8082 + initialDelaySeconds: 30 + periodSeconds: 30 + name: centraldashboard + ports: + - containerPort: 8082 + protocol: TCP + serviceAccountName: centraldashboard diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml new file mode 100644 index 000000000..f8d39bf87 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + spec: + containers: + - env: + - name: ROK_SECRET_NAME + valueFrom: + configMapKeyRef: + key: ROK_SECRET_NAME + name: jupyter-web-app-parameters + - name: UI + valueFrom: + configMapKeyRef: + key: UI + name: jupyter-web-app-parameters + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-d7dttg89h2 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-d7dttg89h2 + image: gcr.io/kubeflow-images-public/jupyter-web-app:vmaster-gd9be4b9e + imagePullPolicy: Always + name: jupyter-web-app + ports: + - containerPort: 5000 + volumeMounts: + - mountPath: /etc/config + name: config-volume + serviceAccountName: jupyter-web-app-service-account + volumes: + - configMap: + name: jupyter-web-app-jupyter-web-app-config + name: config-volume diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-controller.yaml new file mode 100644 index 000000000..517b53a1c --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + template: + metadata: + annotations: + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + labels: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + spec: + containers: + - args: + - --webhook-port=8443 + command: + - ./katib-controller + env: + - name: KATIB_CORE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/kubeflow-images-public/katib/v1alpha3/katib-controller:917164a + imagePullPolicy: IfNotPresent + name: katib-controller + ports: + - containerPort: 8443 + name: webhook + protocol: TCP + - containerPort: 8080 + name: metrics + protocol: TCP + volumeMounts: + - mountPath: /tmp/cert + name: cert + readOnly: true + serviceAccountName: katib-controller + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: katib-controller diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-db-manager.yaml new file mode 100644 index 000000000..1fe98f228 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + name: katib-db-manager + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + name: katib-db-manager + spec: + containers: + - command: + - ./katib-db-manager + env: + - name: DB_NAME + value: mysql + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: MYSQL_ROOT_PASSWORD + name: katib-mysql-secrets + image: gcr.io/kubeflow-images-public/katib/v1alpha3/katib-db-manager:917164a + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/grpc_health_probe + - -addr=:6789 + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 60 + name: katib-db-manager + ports: + - containerPort: 6789 + name: api + readinessProbe: + exec: + command: + - /bin/grpc_health_probe + - -addr=:6789 + initialDelaySeconds: 5 diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-mysql.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-mysql.yaml new file mode 100644 index 000000000..be2e9e2b1 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-mysql.yaml @@ -0,0 +1,65 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + name: katib-mysql + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + name: katib-mysql + spec: + containers: + - args: + - --datadir + - /var/lib/mysql/datadir + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: MYSQL_ROOT_PASSWORD + name: katib-mysql-secrets + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + - name: MYSQL_DATABASE + value: katib + image: mysql:5.6 + name: katib-mysql + ports: + - containerPort: 3306 + name: dbapi + readinessProbe: + exec: + command: + - /bin/bash + - -c + - mysql -D ${MYSQL_DATABASE} -u root -p${MYSQL_ROOT_PASSWORD} -e 'SELECT + 1' + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/lib/mysql + name: katib-mysql + volumes: + - name: katib-mysql + persistentVolumeClaim: + claimName: katib-mysql diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-ui.yaml new file mode 100644 index 000000000..1b9998781 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + name: katib-ui + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + name: katib-ui + spec: + containers: + - args: + - --port=8080 + command: + - ./katib-ui + env: + - name: KATIB_CORE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/kubeflow-images-public/katib/v1alpha3/katib-ui:917164a + imagePullPolicy: IfNotPresent + name: katib-ui + ports: + - containerPort: 8080 + name: ui + serviceAccountName: katib-ui diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_minio.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_minio.yaml new file mode 100644 index 000000000..5a08f8f36 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_minio.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio + namespace: kubeflow +spec: + selector: + matchLabels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + spec: + containers: + - args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + value: minio + - name: MINIO_SECRET_KEY + value: minio123 + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + name: minio + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /data + name: data + subPath: minio + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-pv-claim diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml new file mode 100644 index 000000000..de0670ce2 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-persistenceagent + app.kubernetes.io/component: persistent-agent + app.kubernetes.io/name: persistent-agent + name: ml-pipeline-persistenceagent + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-persistenceagent + app.kubernetes.io/component: persistent-agent + app.kubernetes.io/name: persistent-agent + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: ml-pipeline-persistenceagent + app.kubernetes.io/component: persistent-agent + app.kubernetes.io/name: persistent-agent + spec: + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/persistenceagent:0.2.5 + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + serviceAccountName: ml-pipeline-persistenceagent diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 000000000..ca8ab366e --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-scheduledworkflow + app.kubernetes.io/component: scheduledworkflow + app.kubernetes.io/name: scheduledworkflow + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + app.kubernetes.io/component: scheduledworkflow + app.kubernetes.io/name: scheduledworkflow + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: ml-pipeline-scheduledworkflow + app.kubernetes.io/component: scheduledworkflow + app.kubernetes.io/name: scheduledworkflow + spec: + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/scheduledworkflow:0.2.5 + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml new file mode 100644 index 000000000..7079de947 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + spec: + containers: + - env: + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" + image: gcr.io/ml-pipeline/frontend:0.2.5 + imagePullPolicy: IfNotPresent + name: ml-pipeline-ui + ports: + - containerPort: 3000 + serviceAccountName: ml-pipeline-ui diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-controller-deployment.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-controller-deployment.yaml new file mode 100644 index 000000000..99a1c818e --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-controller-deployment.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-viewer-crd + app.kubernetes.io/component: pipelines-viewer + app.kubernetes.io/name: pipelines-viewer + name: ml-pipeline-viewer-controller-deployment + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-viewer-crd + app.kubernetes.io/component: pipelines-viewer + app.kubernetes.io/name: pipelines-viewer + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: ml-pipeline-viewer-crd + app.kubernetes.io/component: pipelines-viewer + app.kubernetes.io/name: pipelines-viewer + spec: + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/viewer-crd-controller:0.2.5 + imagePullPolicy: Always + name: ml-pipeline-viewer-controller + serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml new file mode 100644 index 000000000..dc5386b65 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-visualizationserver + app.kubernetes.io/component: pipeline-visualization-service + app.kubernetes.io/name: pipeline-visualization-service + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-visualizationserver + app.kubernetes.io/component: pipeline-visualization-service + app.kubernetes.io/name: pipeline-visualization-service + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: ml-pipeline-visualizationserver + app.kubernetes.io/component: pipeline-visualization-service + app.kubernetes.io/name: pipeline-visualization-service + spec: + containers: + - image: gcr.io/ml-pipeline/visualization-server:0.2.5 + imagePullPolicy: IfNotPresent + name: ml-pipeline-visualizationserver + ports: + - containerPort: 8888 diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline.yaml new file mode 100644 index 000000000..1c851b75e --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline + app.kubernetes.io/component: api-service + app.kubernetes.io/name: api-service + name: ml-pipeline + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline + app.kubernetes.io/component: api-service + app.kubernetes.io/name: api-service + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: ml-pipeline + app.kubernetes.io/component: api-service + app.kubernetes.io/name: api-service + spec: + containers: + - command: + - apiserver + - --config=/etc/ml-pipeline-config + - --sampleconfig=/config/sample_config.json + - -logtostderr=true + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/api-server:0.2.5 + imagePullPolicy: IfNotPresent + name: ml-pipeline-api-server + ports: + - containerPort: 8888 + - containerPort: 8887 + volumeMounts: + - mountPath: /etc/ml-pipeline-config + name: config-volume + serviceAccountName: ml-pipeline + volumes: + - configMap: + name: ml-pipeline-config + name: config-volume diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_mysql.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_mysql.yaml new file mode 100644 index 000000000..b47bdbb60 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_mysql.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + selector: + matchLabels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + spec: + containers: + - env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: gcr.io/ml-pipeline/mysql:5.6 + name: mysql + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml new file mode 100644 index 000000000..6895e4e65 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-deployment + namespace: kubeflow +spec: + selector: + matchLabels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + spec: + containers: + - command: + - /manager + env: + - name: USE_ISTIO + valueFrom: + configMapKeyRef: + key: USE_ISTIO + name: notebook-controller-config + - name: ISTIO_GATEWAY + valueFrom: + configMapKeyRef: + key: ISTIO_GATEWAY + name: notebook-controller-config + image: gcr.io/kubeflow-images-public/notebook-controller:vmaster-gf39279c0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + name: manager + serviceAccountName: notebook-controller-service-account diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_profiles-deployment.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_profiles-deployment.yaml new file mode 100644 index 000000000..ebfadee6b --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_profiles-deployment.yaml @@ -0,0 +1,101 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles + name: profiles-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles + spec: + containers: + - args: null + command: + - /manager + - -userid-header + - $(USERID_HEADER) + - -userid-prefix + - $(USERID_PREFIX) + - -workload-identity + - $(WORKLOAD_IDENTITY) + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-d7dttg89h2 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-d7dttg89h2 + - name: WORKLOAD_IDENTITY + valueFrom: + configMapKeyRef: + key: gcp-sa + name: profiles-profiles-config-h7dck95hm2 + image: gcr.io/kubeflow-images-public/profile-controller:vmaster-g34aa47c2 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + name: manager + ports: + - containerPort: 8080 + name: manager-http + protocol: TCP + - args: null + command: + - /access-management + - -cluster-admin + - $(CLUSTER_ADMIN) + - -userid-prefix + - $(USERID_PREFIX) + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-d7dttg89h2 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-d7dttg89h2 + - name: CLUSTER_ADMIN + valueFrom: + configMapKeyRef: + key: admin + name: profiles-profiles-config-h7dck95hm2 + image: gcr.io/kubeflow-images-public/kfam:vmaster-gf3e09203 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8081 + initialDelaySeconds: 30 + periodSeconds: 30 + name: kfam + ports: + - containerPort: 8081 + name: kfam-http + protocol: TCP + serviceAccountName: profiles-controller-service-account diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_pytorch-operator.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_pytorch-operator.yaml new file mode 100644 index 000000000..8897df4a5 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_pytorch-operator.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + spec: + containers: + - command: + - /pytorch-operator.v1 + - --alsologtostderr + - -v=1 + - --monitoring-port=8443 + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: gcr.io/kubeflow-images-public/pytorch-operator:vmaster-g047cf0f + name: pytorch-operator + serviceAccountName: pytorch-operator diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_seldon-controller-manager.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_seldon-controller-manager.yaml new file mode 100644 index 000000000..963864204 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_seldon-controller-manager.yaml @@ -0,0 +1,136 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + control-plane: seldon-controller-manager + name: seldon-controller-manager + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon1 + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: v0.5 + control-plane: seldon-controller-manager + template: + metadata: + annotations: + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon1 + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: v0.5 + control-plane: seldon-controller-manager + spec: + containers: + - args: + - --enable-leader-election + - --webhook-port=443 + - --create-resources=$(CREATE_RESOURCES) + - "" + command: + - /manager + env: + - name: WATCH_NAMESPACE + value: "" + - name: RELATED_IMAGE_EXECUTOR + value: "" + - name: RELATED_IMAGE_ENGINE + value: "" + - name: CREATE_RESOURCES + value: "false" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONTROLLER_ID + value: "" + - name: AMBASSADOR_ENABLED + value: "true" + - name: AMBASSADOR_SINGLE_NAMESPACE + value: "false" + - name: ENGINE_CONTAINER_IMAGE_AND_VERSION + value: docker.io/seldonio/engine:1.1.0 + - name: ENGINE_CONTAINER_IMAGE_PULL_POLICY + value: IfNotPresent + - name: ENGINE_CONTAINER_SERVICE_ACCOUNT_NAME + value: default + - name: ENGINE_CONTAINER_USER + value: "8888" + - name: ENGINE_LOG_MESSAGES_EXTERNALLY + value: "false" + - name: PREDICTIVE_UNIT_SERVICE_PORT + value: "9000" + - name: PREDICTIVE_UNIT_DEFAULT_ENV_SECRET_REF_NAME + value: "" + - name: ENGINE_SERVER_GRPC_PORT + value: "5001" + - name: ENGINE_SERVER_PORT + value: "8000" + - name: ENGINE_PROMETHEUS_PATH + value: /prometheus + - name: ISTIO_ENABLED + value: "true" + - name: ISTIO_GATEWAY + value: kubeflow/kubeflow-gateway + - name: ISTIO_TLS_MODE + value: "" + - name: USE_EXECUTOR + value: "true" + - name: EXECUTOR_CONTAINER_IMAGE_AND_VERSION + value: docker.io/seldonio/seldon-core-executor:1.1.0 + - name: EXECUTOR_CONTAINER_IMAGE_PULL_POLICY + value: IfNotPresent + - name: EXECUTOR_PROMETHEUS_PATH + value: /prometheus + - name: EXECUTOR_SERVER_GRPC_PORT + value: "5001" + - name: EXECUTOR_SERVER_PORT + value: "8000" + - name: EXECUTOR_CONTAINER_USER + value: "8888" + - name: EXECUTOR_CONTAINER_SERVICE_ACCOUNT_NAME + value: default + - name: EXECUTOR_REQUEST_LOGGER_DEFAULT_ENDPOINT_PREFIX + value: http://default-broker. + - name: DEFAULT_USER_ID + value: "" + image: docker.io/seldonio/seldon-core-operator:1.1.0 + imagePullPolicy: IfNotPresent + name: manager + ports: + - containerPort: 443 + name: webhook-server + protocol: TCP + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 500m + memory: 300Mi + requests: + cpu: 100m + memory: 200Mi + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + serviceAccountName: seldon-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: seldon-webhook-server-cert diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_tf-job-operator.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_tf-job-operator.yaml new file mode 100644 index 000000000..4c6c1acaf --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_tf-job-operator.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + spec: + containers: + - args: + - --alsologtostderr + - -v=1 + - --monitoring-port=8443 + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: gcr.io/kubeflow-images-public/tf_operator:vmaster-gd455e6ef + name: tf-job-operator + serviceAccountName: tf-job-operator diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_workflow-controller.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_workflow-controller.yaml new file mode 100644 index 000000000..a7fdf681e --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_workflow-controller.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller + namespace: kubeflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + creationTimestamp: null + labels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + command: + - workflow-controller + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: argoproj/workflow-controller:v2.3.0 + imagePullPolicy: IfNotPresent + name: workflow-controller + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo + serviceAccountName: argo + terminationGracePeriodSeconds: 30 diff --git a/tests/stacks/ibm/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml b/tests/stacks/ibm/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml new file mode 100644 index 000000000..c9e1f4f03 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + labels: + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + name: admission-webhook-cert + namespace: kubeflow +spec: + commonName: admission-webhook-service.kubeflow.svc + dnsNames: + - admission-webhook-service.kubeflow.svc + - admission-webhook-service.kubeflow.svc.cluster.local + isCA: true + issuerRef: + kind: ClusterIssuer + name: kubeflow-self-signing-issuer + secretName: webhook-certs diff --git a/tests/stacks/ibm/test_data/expected/cert-manager.io_v1alpha2_certificate_seldon-serving-cert.yaml b/tests/stacks/ibm/test_data/expected/cert-manager.io_v1alpha2_certificate_seldon-serving-cert.yaml new file mode 100644 index 000000000..acae256e4 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/cert-manager.io_v1alpha2_certificate_seldon-serving-cert.yaml @@ -0,0 +1,20 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + name: seldon-serving-cert + namespace: kubeflow +spec: + commonName: seldon-webhook-service.kubeflow.svc + dnsNames: + - seldon-webhook-service.kubeflow.svc.cluster.local + - seldon-webhook-service.kubeflow.svc + issuerRef: + kind: Issuer + name: seldon-selfsigned-issuer + secretName: seldon-webhook-server-cert diff --git a/tests/stacks/ibm/test_data/expected/cert-manager.io_v1alpha2_issuer_seldon-selfsigned-issuer.yaml b/tests/stacks/ibm/test_data/expected/cert-manager.io_v1alpha2_issuer_seldon-selfsigned-issuer.yaml new file mode 100644 index 000000000..aef0b604c --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/cert-manager.io_v1alpha2_issuer_seldon-selfsigned-issuer.yaml @@ -0,0 +1,13 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Issuer +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + name: seldon-selfsigned-issuer + namespace: kubeflow +spec: + selfSigned: {} diff --git a/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml b/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml new file mode 100644 index 000000000..a5ab61a1c --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /argo/ + rewrite: + uri: / + route: + - destination: + host: argo-ui.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml b/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml new file mode 100644 index 000000000..b08a52c19 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: / + rewrite: + uri: / + route: + - destination: + host: centraldashboard.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app.yaml b/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app.yaml new file mode 100644 index 000000000..0a002320c --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: jupyter-web-app + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - headers: + request: + add: + x-forwarded-prefix: /jupyter + match: + - uri: + prefix: /jupyter/ + rewrite: + uri: / + route: + - destination: + host: jupyter-web-app-service.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml b/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml new file mode 100644 index 000000000..6bb614b82 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /katib/ + rewrite: + uri: /katib/ + route: + - destination: + host: katib-ui.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_kfam.yaml b/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_kfam.yaml new file mode 100644 index 000000000..549822217 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_kfam.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + name: kfam + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - headers: + request: + add: + x-forwarded-prefix: /kfam + match: + - uri: + prefix: /kfam/ + rewrite: + uri: /kfam/ + route: + - destination: + host: profiles-kfam.kubeflow.svc.cluster.local + port: + number: 8081 diff --git a/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-tensorboard-ui.yaml b/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-tensorboard-ui.yaml new file mode 100644 index 000000000..44ded1bce --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-tensorboard-ui.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ml-pipeline-tensorboard-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /data + rewrite: + uri: /data + route: + - destination: + host: ml-pipeline-tensorboard-ui.kubeflow.svc.cluster.local + port: + number: 80 + timeout: 300s diff --git a/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml b/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml new file mode 100644 index 000000000..542999df1 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /pipeline + rewrite: + uri: /pipeline + route: + - destination: + host: ml-pipeline-ui.kubeflow.svc.cluster.local + port: + number: 80 + timeout: 300s diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml new file mode 100644 index 000000000..3ed69a58a --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-cluster-role +rules: +- apiGroups: + - kubeflow.org + resources: + - poddefaults + verbs: + - get + - watch + - list + - update + - create + - patch + - delete diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml new file mode 100644 index 000000000..ae97df8cf --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml @@ -0,0 +1,15 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-poddefaults-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: admission-webhook-kubeflow-poddefaults-admin +rules: [] diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml new file mode 100644 index 000000000..09813d57a --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml @@ -0,0 +1,15 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-poddefaults-edit: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: admission-webhook-kubeflow-poddefaults-edit +rules: [] diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml new file mode 100644 index 000000000..1a80b4660 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-poddefaults-admin: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-poddefaults-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: admission-webhook-kubeflow-poddefaults-view +rules: +- apiGroups: + - kubeflow.org + resources: + - poddefaults + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml new file mode 100644 index 000000000..7491bff88 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard +rules: +- apiGroups: + - "" + resources: + - events + - namespaces + - nodes + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml new file mode 100644 index 000000000..0c0539fd4 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml @@ -0,0 +1,59 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - create + - delete +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml new file mode 100644 index 000000000..7372f11b7 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: jupyter-web-app-kubeflow-notebook-ui-admin +rules: [] diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml new file mode 100644 index 000000000..6e3413fe9 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: jupyter-web-app-kubeflow-notebook-ui-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml new file mode 100644 index 000000000..7efa2fe3c --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: jupyter-web-app-kubeflow-notebook-ui-view +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml new file mode 100644 index 000000000..1a465d66a --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + - serviceaccounts + - services + - secrets + - events + - namespaces + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - pods/log + - pods/status + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - experiments + - experiments/status + - trials + - trials/status + - suggestions + - suggestions/status + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - pytorchjobs + verbs: + - '*' diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml new file mode 100644 index 000000000..66faccefb --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - '*' diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml new file mode 100644 index 000000000..0520bc0bc --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml @@ -0,0 +1,9 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeflow-admin +rules: [] diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml new file mode 100644 index 000000000..7f472eddd --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml @@ -0,0 +1,11 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-edit +rules: [] diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml new file mode 100644 index 000000000..45d4cb184 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml @@ -0,0 +1,13 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-katib-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-katib-admin +rules: [] diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml new file mode 100644 index 000000000..11ad89cab --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-katib-admin: "true" + name: kubeflow-katib-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml new file mode 100644 index 000000000..95b524a46 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-katib-view +rules: +- apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml new file mode 100644 index 000000000..d879f2f6c --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml @@ -0,0 +1,27 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-kubernetes-admin +rules: +- apiGroups: + - authorization.k8s.io + resources: + - localsubjectaccessreviews + verbs: + - create +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml new file mode 100644 index 000000000..8343f92fd --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml @@ -0,0 +1,135 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: kubeflow-kubernetes-edit +rules: +- apiGroups: + - "" + resources: + - pods/attach + - pods/exec + - pods/portforward + - pods/proxy + - secrets + - services/proxy + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - impersonate +- apiGroups: + - "" + resources: + - pods + - pods/attach + - pods/exec + - pods/portforward + - pods/proxy + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - persistentvolumeclaims + - replicationcontrollers + - replicationcontrollers/scale + - secrets + - serviceaccounts + - services + - services/proxy + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - apps + resources: + - daemonsets + - deployments + - deployments/rollback + - deployments/scale + - replicasets + - replicasets/scale + - statefulsets + - statefulsets/scale + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - extensions + resources: + - daemonsets + - deployments + - deployments/rollback + - deployments/scale + - ingresses + - networkpolicies + - replicasets + - replicasets/scale + - replicationcontrollers/scale + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml new file mode 100644 index 000000000..d8a396b9d --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml @@ -0,0 +1,125 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-kubernetes-view +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - persistentvolumeclaims + - persistentvolumeclaims/status + - pods + - replicationcontrollers + - replicationcontrollers/scale + - serviceaccounts + - services + - services/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - bindings + - events + - limitranges + - namespaces/status + - pods/log + - pods/status + - replicationcontrollers/status + - resourcequotas + - resourcequotas/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - controllerrevisions + - daemonsets + - daemonsets/status + - deployments + - deployments/scale + - deployments/status + - replicasets + - replicasets/scale + - replicasets/status + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + - horizontalpodautoscalers/status + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - cronjobs/status + - jobs + - jobs/status + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - daemonsets + - daemonsets/status + - deployments + - deployments/scale + - deployments/status + - ingresses + - ingresses/status + - networkpolicies + - replicasets + - replicasets/scale + - replicasets/status + - replicationcontrollers/scale + verbs: + - get + - list + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + - poddisruptionbudgets/status + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + - networkpolicies + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml new file mode 100644 index 000000000..161f232e5 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml @@ -0,0 +1,14 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pytorchjobs-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-pytorchjobs-admin +rules: [] diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml new file mode 100644 index 000000000..dc3ff5e79 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pytorchjobs-admin: "true" + name: kubeflow-pytorchjobs-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml new file mode 100644 index 000000000..39daa100a --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-pytorchjobs-view +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-scheduledworkflows-admin.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-scheduledworkflows-admin.yaml new file mode 100644 index 000000000..8d8eebfa4 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-scheduledworkflows-admin.yaml @@ -0,0 +1,14 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-scheduledworkflows-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: ml-pipeline-scheduledworkflow + app.kubernetes.io/component: scheduledworkflow + app.kubernetes.io/name: scheduledworkflow + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-scheduledworkflows-admin +rules: [] diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-scheduledworkflows-edit.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-scheduledworkflows-edit.yaml new file mode 100644 index 000000000..1aa2edf3a --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-scheduledworkflows-edit.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: ml-pipeline-scheduledworkflow + app.kubernetes.io/component: scheduledworkflow + app.kubernetes.io/name: scheduledworkflow + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-scheduledworkflows-admin: "true" + name: kubeflow-scheduledworkflows-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-scheduledworkflows-view.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-scheduledworkflows-view.yaml new file mode 100644 index 000000000..57b8d01c9 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-scheduledworkflows-view.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: ml-pipeline-scheduledworkflow + app.kubernetes.io/component: scheduledworkflow + app.kubernetes.io/name: scheduledworkflow + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-scheduledworkflows-view +rules: +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml new file mode 100644 index 000000000..03147422e --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml @@ -0,0 +1,14 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-tfjobs-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-tfjobs-admin +rules: [] diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml new file mode 100644 index 000000000..942e4a625 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-tfjobs-admin: "true" + name: kubeflow-tfjobs-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - tfjobs/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml new file mode 100644 index 000000000..3ebf508e0 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-tfjobs-view +rules: +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - tfjobs/status + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml new file mode 100644 index 000000000..5420a1067 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml @@ -0,0 +1,11 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: kubeflow-view +rules: [] diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-viewer-kubeflow-pipeline-viewers-admin.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-viewer-kubeflow-pipeline-viewers-admin.yaml new file mode 100644 index 000000000..f5b1c7c60 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-viewer-kubeflow-pipeline-viewers-admin.yaml @@ -0,0 +1,14 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pipeline-viewers-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: ml-pipeline-viewer-crd + app.kubernetes.io/component: pipelines-viewer + app.kubernetes.io/name: pipelines-viewer + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: ml-pipeline-viewer-kubeflow-pipeline-viewers-admin +rules: [] diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-viewer-kubeflow-pipeline-viewers-edit.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-viewer-kubeflow-pipeline-viewers-edit.yaml new file mode 100644 index 000000000..fdd315ecf --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-viewer-kubeflow-pipeline-viewers-edit.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: ml-pipeline-viewer-crd + app.kubernetes.io/component: pipelines-viewer + app.kubernetes.io/name: pipelines-viewer + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pipeline-viewers-admin: "true" + name: ml-pipeline-viewer-kubeflow-pipeline-viewers-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-viewer-kubeflow-pipeline-viewers-view.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-viewer-kubeflow-pipeline-viewers-view.yaml new file mode 100644 index 000000000..688947f4c --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-viewer-kubeflow-pipeline-viewers-view.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: ml-pipeline-viewer-crd + app.kubernetes.io/component: pipelines-viewer + app.kubernetes.io/name: pipelines-viewer + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: ml-pipeline-viewer-kubeflow-pipeline-viewers-view +rules: +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml new file mode 100644 index 000000000..41459ef30 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml @@ -0,0 +1,15 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-notebooks-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: notebook-controller-kubeflow-notebooks-admin +rules: [] diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml new file mode 100644 index 000000000..3ae0c1cd8 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-notebooks-admin: "true" + name: notebook-controller-kubeflow-notebooks-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml new file mode 100644 index 000000000..9e28e0829 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: notebook-controller-kubeflow-notebooks-view +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml new file mode 100644 index 000000000..02d880f8e --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-role +rules: +- apiGroups: + - apps + resources: + - statefulsets + - deployments + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + - notebooks/finalizers + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - '*' diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_seldon-manager-role-kubeflow.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_seldon-manager-role-kubeflow.yaml new file mode 100644 index 000000000..f64da28c0 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_seldon-manager-role-kubeflow.yaml @@ -0,0 +1,175 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + name: seldon-manager-role-kubeflow +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get + - patch + - update +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments/finalizers + verbs: + - get + - patch + - update +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.istio.io + resources: + - destinationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.istio.io + resources: + - destinationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.istio.io + resources: + - virtualservices/status + verbs: + - get + - patch + - update +- apiGroups: + - v1 + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - v1 + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - v1 + resources: + - services/status + verbs: + - get + - patch + - update diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_seldon-manager-sas-role-kubeflow.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_seldon-manager-sas-role-kubeflow.yaml new file mode 100644 index 000000000..cc8dc5fd5 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_seldon-manager-sas-role-kubeflow.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + name: seldon-manager-sas-role-kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_seldon-webhook-role-kubeflow.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_seldon-webhook-role-kubeflow.yaml new file mode 100644 index 000000000..df8a1e2e6 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_seldon-webhook-role-kubeflow.yaml @@ -0,0 +1,45 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + name: seldon-webhook-role-kubeflow +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - get + - list + - create + - update +- apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - get + - patch + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/finalizers + verbs: + - get + - patch + - update diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml new file mode 100644 index 000000000..48bed8ccb --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: admission-webhook-cluster-role +subjects: +- kind: ServiceAccount + name: admission-webhook-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml new file mode 100644 index 000000000..d06cac3fd --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: centraldashboard +subjects: +- kind: ServiceAccount + name: centraldashboard + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml new file mode 100644 index 000000000..c5aa98870 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jupyter-web-app-cluster-role +subjects: +- kind: ServiceAccount + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml new file mode 100644 index 000000000..908f9dad4 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: katib-controller +subjects: +- kind: ServiceAccount + name: katib-controller + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml new file mode 100644 index 000000000..e9f5ce250 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: katib-ui +subjects: +- kind: ServiceAccount + name: katib-ui + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml new file mode 100644 index 000000000..30d3f08b7 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: notebook-controller-role +subjects: +- kind: ServiceAccount + name: notebook-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml new file mode 100644 index 000000000..6422f0343 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles + name: profiles-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: profiles-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_seldon-manager-rolebinding-kubeflow.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_seldon-manager-rolebinding-kubeflow.yaml new file mode 100644 index 000000000..108480c62 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_seldon-manager-rolebinding-kubeflow.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + name: seldon-manager-rolebinding-kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: seldon-manager-role-kubeflow +subjects: +- kind: ServiceAccount + name: seldon-manager + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_seldon-manager-sas-rolebinding-kubeflow.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_seldon-manager-sas-rolebinding-kubeflow.yaml new file mode 100644 index 000000000..a78901e5f --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_seldon-manager-sas-rolebinding-kubeflow.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + name: seldon-manager-sas-rolebinding-kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: seldon-manager-sas-role-kubeflow +subjects: +- kind: ServiceAccount + name: seldon-manager + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_seldon-webhook-rolebinding-kubeflow.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_seldon-webhook-rolebinding-kubeflow.yaml new file mode 100644 index 000000000..1c6b71207 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_seldon-webhook-rolebinding-kubeflow.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + name: seldon-webhook-rolebinding-kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: seldon-webhook-role-kubeflow +subjects: +- kind: ServiceAccount + name: seldon-manager + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml new file mode 100644 index 000000000..2bfa19ba0 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +rules: +- apiGroups: + - "" + - app.k8s.io + resources: + - applications + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_role_seldon-leader-election-role.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_role_seldon-leader-election-role.yaml new file mode 100644 index 000000000..eaa944118 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_role_seldon-leader-election-role.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + name: seldon-leader-election-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml new file mode 100644 index 000000000..c1c4c3079 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: centraldashboard +subjects: +- kind: ServiceAccount + name: centraldashboard + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_seldon-leader-election-rolebinding.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_seldon-leader-election-rolebinding.yaml new file mode 100644 index 000000000..0cb9ac4df --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_seldon-leader-election-rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + name: seldon-leader-election-rolebinding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: seldon-leader-election-role +subjects: +- kind: ServiceAccount + name: seldon-manager + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml new file mode 100644 index 000000000..c9e39f461 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml new file mode 100644 index 000000000..7651a6568 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - sparkoperator.k8s.io + resources: + - sparkapplications + verbs: + - '*' diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline-persistenceagent.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline-persistenceagent.yaml new file mode 100644 index 000000000..55100e495 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline-persistenceagent.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: ml-pipeline-persistenceagent + app.kubernetes.io/component: persistent-agent + app.kubernetes.io/name: persistent-agent + name: ml-pipeline-persistenceagent +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline-viewer-controller-role.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline-viewer-controller-role.yaml new file mode 100644 index 000000000..f62b8e68a --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline-viewer-controller-role.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: ml-pipeline-viewer-crd + app.kubernetes.io/component: pipelines-viewer + app.kubernetes.io/name: pipelines-viewer + name: ml-pipeline-viewer-controller-role +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pipeline-runner.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pipeline-runner.yaml new file mode 100644 index 000000000..71d677998 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pipeline-runner.yaml @@ -0,0 +1,97 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: pipeline-runner + app.kubernetes.io/component: pipelines-runner + app.kubernetes.io/name: pipelines-runner + name: pipeline-runner +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + - serving.kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - '*' +- apiGroups: + - sparkoperator.k8s.io + resources: + - sparkapplications + verbs: + - '*' diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml new file mode 100644 index 000000000..7cf436802 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - events + verbs: + - '*' diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml new file mode 100644 index 000000000..ac48bdc24 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml @@ -0,0 +1,40 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator +rules: +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - tfjobs/status + - tfjobs/finalizers + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - events + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - '*' diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml new file mode 100644 index 000000000..f1df09722 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-ui +subjects: +- kind: ServiceAccount + name: argo-ui + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml new file mode 100644 index 000000000..266bc01c4 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo +subjects: +- kind: ServiceAccount + name: argo + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline-persistenceagent.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline-persistenceagent.yaml new file mode 100644 index 000000000..86eb7f9a0 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline-persistenceagent.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: ml-pipeline-persistenceagent + app.kubernetes.io/component: persistent-agent + app.kubernetes.io/name: persistent-agent + name: ml-pipeline-persistenceagent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 000000000..51700d6b9 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: ml-pipeline-scheduledworkflow + app.kubernetes.io/component: scheduledworkflow + app.kubernetes.io/name: scheduledworkflow + name: ml-pipeline-scheduledworkflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline-viewer-crd-role-binding.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline-viewer-crd-role-binding.yaml new file mode 100644 index 000000000..5487362ae --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline-viewer-crd-role-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: ml-pipeline-viewer-crd + app.kubernetes.io/component: pipelines-viewer + app.kubernetes.io/name: pipelines-viewer + name: ml-pipeline-viewer-crd-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pipeline-runner.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pipeline-runner.yaml new file mode 100644 index 000000000..bca151efa --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pipeline-runner.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: pipeline-runner + app.kubernetes.io/component: pipelines-runner + app.kubernetes.io/name: pipelines-runner + name: pipeline-runner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml new file mode 100644 index 000000000..cefdad39e --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pytorch-operator +subjects: +- kind: ServiceAccount + name: pytorch-operator + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml new file mode 100644 index 000000000..b69f8e4e4 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tf-job-operator +subjects: +- kind: ServiceAccount + name: tf-job-operator + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml new file mode 100644 index 000000000..569a985b1 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml @@ -0,0 +1,41 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + - secrets + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 000000000..ce956a52a --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: ml-pipeline-scheduledworkflow + app.kubernetes.io/component: scheduledworkflow + app.kubernetes.io/name: scheduledworkflow + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_ml-pipeline-ui.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_ml-pipeline-ui.yaml new file mode 100644 index 000000000..861465a25 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_ml-pipeline-ui.yaml @@ -0,0 +1,29 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ml-pipeline-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - create + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_ml-pipeline.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_ml-pipeline.yaml new file mode 100644 index 000000000..38a397fbe --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_ml-pipeline.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: ml-pipeline + app.kubernetes.io/component: api-service + app.kubernetes.io/name: api-service + name: ml-pipeline + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - delete diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml new file mode 100644 index 000000000..4bf3335ba --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jupyter-web-app-jupyter-notebook-role +subjects: +- kind: ServiceAccount + name: jupyter-notebook diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_ml-pipeline-ui.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_ml-pipeline-ui.yaml new file mode 100644 index 000000000..b09ce2c4c --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_ml-pipeline-ui.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ml-pipeline-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_ml-pipeline.yaml b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_ml-pipeline.yaml new file mode 100644 index 000000000..f4500bc6a --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_ml-pipeline.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline + app.kubernetes.io/component: api-service + app.kubernetes.io/name: api-service + name: ml-pipeline + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml new file mode 100644 index 000000000..1dd6173c0 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: + issuer: kubeflow-self-signing-issuer + namespace: kubeflow +kind: ConfigMap +metadata: + annotations: {} + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-admission-webhook-parameters + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml new file mode 100644 index 000000000..60115c258 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config.yaml @@ -0,0 +1,140 @@ +apiVersion: v1 +data: + spawner_ui_config.yaml: |- + # Configuration file for the Jupyter UI. + # + # Each Jupyter UI option is configured by two keys: 'value' and 'readOnly' + # - The 'value' key contains the default value + # - The 'readOnly' key determines if the option will be available to users + # + # If the 'readOnly' key is present and set to 'true', the respective option + # will be disabled for users and only set by the admin. Also when a + # Notebook is POSTED to the API if a necessary field is not present then + # the value from the config will be used. + # + # If the 'readOnly' key is missing (defaults to 'false'), the respective option + # will be available for users to edit. + # + # Note that some values can be templated. Such values are the names of the + # Volumes as well as their StorageClass + spawnerFormDefaults: + image: + # The container Image for the user's Jupyter Notebook + # If readonly, this value must be a member of the list below + value: gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + # The list of available standard container Images + options: + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-gpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-gpu:1.0.0 + # By default, custom container Images are allowed + # Uncomment the following line to only enable standard container Images + readOnly: false + cpu: + # CPU for user's Notebook + value: '0.5' + readOnly: false + memory: + # Memory for user's Notebook + value: 1.0Gi + readOnly: false + workspaceVolume: + # Workspace Volume to be attached to user's Notebook + # Each Workspace Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + value: + type: + # The Type of the Workspace Volume + # Supported values: 'New', 'Existing' + value: New + name: + # The Name of the Workspace Volume + # Note that this is a templated value. Special values: + # {notebook-name}: Replaced with the name of the Notebook. The frontend + # will replace this value as the user types the name + value: 'workspace-{notebook-name}' + size: + # The Size of the Workspace Volume (in Gi) + value: '10Gi' + mountPath: + # The Path that the Workspace Volume will be mounted + value: /home/jovyan + accessModes: + # The Access Mode of the Workspace Volume + # Supported values: 'ReadWriteOnce', 'ReadWriteMany', 'ReadOnlyMany' + value: ReadWriteOnce + class: + # The StrageClass the PVC will use if type is New. Special values are: + # {none}: default StorageClass + # {empty}: empty string "" + value: '{none}' + readOnly: false + dataVolumes: + # List of additional Data Volumes to be attached to the user's Notebook + value: [] + # Each Data Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + # + # For example, a list with 2 Data Volumes: + # value: + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-1' + # size: + # value: '10Gi' + # class: + # value: standard + # mountPath: + # value: /home/jovyan/vol-1 + # accessModes: + # value: ReadWriteOnce + # class: + # value: {none} + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-2' + # size: + # value: '10Gi' + # mountPath: + # value: /home/jovyan/vol-2 + # accessModes: + # value: ReadWriteMany + # class: + # value: {none} + readOnly: false + gpus: + # Number of GPUs to be assigned to the Notebook Container + value: + # values: "none", "1", "2", "4", "8" + num: "none" + # Determines what the UI will show and send to the backend + vendors: + - limitsKey: "nvidia.com/gpu" + uiName: "NVIDIA" + # Values: "" or a `limits-key` from the vendors list + vendor: "" + readOnly: false + shm: + value: true + readOnly: false + configurations: + # List of labels to be selected, these are the labels from PodDefaults + # value: + # - add-gcp-secret + # - default-editor + value: [] + readOnly: false +kind: ConfigMap +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app-config + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml new file mode 100644 index 000000000..e089825a8 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_jupyter-web-app-parameters.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + ROK_SECRET_NAME: secret-rok-{username} + UI: default + policy: Always + prefix: jupyter +kind: ConfigMap +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-parameters + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_katib-config.yaml new file mode 100644 index 000000000..3d25f1c35 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +data: + metrics-collector-sidecar: |- + { + "StdOut": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/file-metrics-collector:917164a" + }, + "File": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/file-metrics-collector:917164a" + }, + "TensorFlowEvent": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/tfevent-metrics-collector:917164a", + "resources": { + "limits": { + "memory": "1Gi" + } + } + } + } + suggestion: |- + { + "random": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-hyperopt:917164a" + }, + "grid": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-chocolate:917164a" + }, + "hyperband": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-hyperband:917164a" + }, + "bayesianoptimization": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-skopt:917164a" + }, + "tpe": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-hyperopt:917164a" + }, + "enas": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-enas:917164a", + "imagePullPolicy": "Always", + "resources": { + "limits": { + "memory": "200Mi" + } + } + }, + "cmaes": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-goptuna:917164a" + }, + "darts": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-darts:917164a" + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-config + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_kubeflow-config-d7dttg89h2.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_kubeflow-config-d7dttg89h2.yaml new file mode 100644 index 000000000..e37cc3dac --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_kubeflow-config-d7dttg89h2.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + clusterDomain: cluster.local + userid-header: kubeflow-userid + userid-prefix: "" +kind: ConfigMap +metadata: + name: kubeflow-config-d7dttg89h2 + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_ml-pipeline-config.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_ml-pipeline-config.yaml new file mode 100644 index 000000000..9a03881ef --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_ml-pipeline-config.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +data: + config.json: | + { + "DBConfig": { + "DriverName": "mysql", + "DataSourceName": "", + "DBName": "mlpipeline", + "GroupConcatMaxLen": "4194304" + }, + "ObjectStoreConfig":{ + "AccessKey": "minio", + "SecretAccessKey": "minio123", + "BucketName": "mlpipeline", + "Secure": false + }, + "InitConnectionTimeout": "6m", + "DefaultPipelineRunnerServiceAccount": "pipeline-runner", + "ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_HOST": "ml-pipeline-ml-pipeline-visualizationserver", + "ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_PORT": 8888 + } +kind: ConfigMap +metadata: + labels: + app: ml-pipeline + app.kubernetes.io/component: api-service + app.kubernetes.io/name: api-service + name: ml-pipeline-config + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_notebook-controller-config.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_notebook-controller-config.yaml new file mode 100644 index 000000000..a4144c9bb --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_notebook-controller-config.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + ISTIO_GATEWAY: kubeflow/kubeflow-gateway + USE_ISTIO: "true" +kind: ConfigMap +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-config + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_pipeline-minio-parameters.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_pipeline-minio-parameters.yaml new file mode 100644 index 000000000..b2cd7cdbe --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_pipeline-minio-parameters.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + minioPvcName: minio-pv-claim +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: pipeline-minio-parameters + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_pipeline-mysql-parameters.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_pipeline-mysql-parameters.yaml new file mode 100644 index 000000000..7d9e9da8f --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_pipeline-mysql-parameters.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + mysqlPvcName: mysql-pv-claim +kind: ConfigMap +metadata: + annotations: {} + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: pipeline-mysql-parameters + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_profiles-profiles-config-h7dck95hm2.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_profiles-profiles-config-h7dck95hm2.yaml new file mode 100644 index 000000000..025efc06a --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_profiles-profiles-config-h7dck95hm2.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + admin: example@kubeflow.org + gcp-sa: "" +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles + name: profiles-profiles-config-h7dck95hm2 + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_seldon-config.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_seldon-config.yaml new file mode 100644 index 000000000..852f8ece3 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_seldon-config.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +data: + credentials: '{"gcs":{"gcsCredentialFileName":"gcloud-application-credentials.json"},"s3":{"s3AccessKeyIDName":"awsAccessKeyID","s3SecretAccessKeyName":"awsSecretAccessKey"}}' + predictor_servers: '{"MLFLOW_SERVER":{"grpc":{"defaultImageVersion":"0.4","image":"seldonio/mlflowserver_grpc"},"rest":{"defaultImageVersion":"0.4","image":"seldonio/mlflowserver_rest"}},"SKLEARN_SERVER":{"grpc":{"defaultImageVersion":"0.2","image":"seldonio/sklearnserver_grpc"},"rest":{"defaultImageVersion":"0.2","image":"seldonio/sklearnserver_rest"}},"TENSORFLOW_SERVER":{"grpc":{"defaultImageVersion":"0.7","image":"seldonio/tfserving-proxy_grpc"},"rest":{"defaultImageVersion":"0.7","image":"seldonio/tfserving-proxy_rest"},"tensorflow":true,"tfImage":"tensorflow/serving:2.1.0"},"XGBOOST_SERVER":{"grpc":{"defaultImageVersion":"0.3","image":"seldonio/xgboostserver_grpc"},"rest":{"defaultImageVersion":"0.3","image":"seldonio/xgboostserver_rest"}}}' + storageInitializer: '{"cpuLimit":"1","cpuRequest":"100m","image":"gcr.io/kfserving/storage-initializer:0.2.2","memoryLimit":"1Gi","memoryRequest":"100Mi"}' +kind: ConfigMap +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + control-plane: seldon-controller-manager + name: seldon-config + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_trial-template-labeled.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_trial-template-labeled.yaml new file mode 100644 index 000000000..51936282a --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_trial-template-labeled.yaml @@ -0,0 +1,97 @@ +apiVersion: v1 +data: + defaultTrialTemplate.yaml: |- + apiVersion: batch/v1 + kind: Job + metadata: + name: {{.Trial}} + namespace: {{.NameSpace}} + spec: + template: + spec: + containers: + - name: {{.Trial}} + image: docker.io/kubeflowkatib/mxnet-mnist + command: + - "python3" + - "/opt/mxnet-mnist/mnist.py" + - "--batch-size=64" + {{- with .HyperParameters}} + {{- range .}} + - "{{.Name}}={{.Value}}" + {{- end}} + {{- end}} + restartPolicy: Never + enasCPUTemplate: |- + apiVersion: batch/v1 + kind: Job + metadata: + name: {{.Trial}} + namespace: {{.NameSpace}} + spec: + template: + spec: + containers: + - name: {{.Trial}} + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu + command: + - "python3.5" + - "-u" + - "RunTrial.py" + {{- with .HyperParameters}} + {{- range .}} + - "--{{.Name}}=\"{{.Value}}\"" + {{- end}} + {{- end}} + - "--num_epochs=1" + restartPolicy: Never + pytorchJobTemplate: |- + apiVersion: "kubeflow.org/v1" + kind: PyTorchJob + metadata: + name: {{.Trial}} + namespace: {{.NameSpace}} + spec: + pytorchReplicaSpecs: + Master: + replicas: 1 + restartPolicy: OnFailure + template: + spec: + containers: + - name: pytorch + image: gcr.io/kubeflow-ci/pytorch-dist-mnist-test:v1.0 + imagePullPolicy: Always + command: + - "python" + - "/var/mnist.py" + {{- with .HyperParameters}} + {{- range .}} + - "{{.Name}}={{.Value}}" + {{- end}} + {{- end}} + Worker: + replicas: 2 + restartPolicy: OnFailure + template: + spec: + containers: + - name: pytorch + image: gcr.io/kubeflow-ci/pytorch-dist-mnist-test:v1.0 + imagePullPolicy: Always + command: + - "python" + - "/var/mnist.py" + {{- with .HyperParameters}} + {{- range .}} + - "{{.Name}}={{.Value}}" + {{- end}} + {{- end}} +kind: ConfigMap +metadata: + labels: + app: katib-trial-templates + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: trial-template-labeled + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_trial-template.yaml new file mode 100644 index 000000000..5a69403a9 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +data: + defaultTrialTemplate.yaml: |- + apiVersion: batch/v1 + kind: Job + metadata: + name: {{.Trial}} + namespace: {{.NameSpace}} + spec: + template: + spec: + containers: + - name: {{.Trial}} + image: docker.io/kubeflowkatib/mxnet-mnist + command: + - "python3" + - "/opt/mxnet-mnist/mnist.py" + - "--batch-size=64" + {{- with .HyperParameters}} + {{- range .}} + - "{{.Name}}={{.Value}}" + {{- end}} + {{- end}} + restartPolicy: Never +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: trial-template + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_ui-parameters-hb792fcf5d.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_ui-parameters-hb792fcf5d.yaml new file mode 100644 index 000000000..d4a8c570b --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_ui-parameters-hb792fcf5d.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + uiClusterDomain: cluster.local +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ui-parameters-hb792fcf5d + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml new file mode 100644 index 000000000..025357f80 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +data: + config: | + { + executorImage: argoproj/argoexec:v2.3.0, + containerRuntimeExecutor: pns, + artifactRepository: + { + s3: { + bucket: mlpipeline, + keyPrefix: artifacts, + endpoint: minio-service.kubeflow:9000, + insecure: true, + accessKeySecret: { + name: mlpipeline-minio-artifact, + key: accesskey + }, + secretKeySecret: { + name: mlpipeline-minio-artifact, + key: secretkey + } + } + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller-configmap + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml new file mode 100644 index 000000000..a3eff6111 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +data: + artifactRepositoryAccessKeySecretKey: accesskey + artifactRepositoryAccessKeySecretName: mlpipeline-minio-artifact + artifactRepositoryBucket: mlpipeline + artifactRepositoryEndpoint: minio-service.kubeflow:9000 + artifactRepositoryInsecure: "true" + artifactRepositoryKeyPrefix: artifacts + artifactRepositorySecretKeySecretKey: secretkey + artifactRepositorySecretKeySecretName: mlpipeline-minio-artifact + clusterDomain: cluster.local + containerRuntimeExecutor: pns + executorImage: argoproj/argoexec:v2.3.0 + namespace: "" +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller-parameters + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml new file mode 100644 index 000000000..f07c33245 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-mysql + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_persistentvolumeclaim_minio-pv-claim.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_persistentvolumeclaim_minio-pv-claim.yaml new file mode 100644 index 000000000..e1792aa3a --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_persistentvolumeclaim_minio-pv-claim.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-pv-claim + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml new file mode 100644 index 000000000..0dd834403 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-pvc + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml new file mode 100644 index 000000000..bf0c560da --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql-pv-claim + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_secret_katib-controller.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_secret_katib-controller.yaml new file mode 100644 index 000000000..debbabb43 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_secret_katib-controller.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml new file mode 100644 index 000000000..8394d22cf --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ROOT_PASSWORD: dGVzdA== +kind: Secret +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-mysql-secrets + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml new file mode 100644 index 000000000..2c774e447 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + accesskey: bWluaW8= + secretkey: bWluaW8xMjM= +kind: Secret +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: mlpipeline-minio-artifact + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_admission-webhook-service.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_admission-webhook-service.yaml new file mode 100644 index 000000000..1636dc952 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_admission-webhook-service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-service + namespace: kubeflow +spec: + ports: + - port: 443 + targetPort: 443 + selector: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_argo-ui.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_argo-ui.yaml new file mode 100644 index 000000000..0e091e089 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_argo-ui.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 8001 + selector: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + sessionAffinity: None + type: NodePort diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_centraldashboard.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_centraldashboard.yaml new file mode 100644 index 000000000..bd90cfa4c --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_centraldashboard.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + getambassador.io/config: |- + --- + apiVersion: ambassador/v0 + kind: Mapping + name: centralui-mapping + prefix: / + rewrite: / + service: centraldashboard.kubeflow + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 8082 + selector: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + sessionAffinity: None + type: ClusterIP diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml new file mode 100644 index 000000000..f70426fc0 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + getambassador.io/config: |- + --- + apiVersion: ambassador/v0 + kind: Mapping + name: webapp_mapping + prefix: /jupyter/ + service: jupyter-web-app-service.kubeflow + add_request_headers: + x-forwarded-prefix: /jupyter + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + run: jupyter-web-app + name: jupyter-web-app-service + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 5000 + selector: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + type: ClusterIP diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_katib-controller.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_katib-controller.yaml new file mode 100644 index 000000000..59c34c786 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_katib-controller.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: 8443 + - name: metrics + port: 8080 + targetPort: 8080 + selector: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_katib-db-manager.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_katib-db-manager.yaml new file mode 100644 index 000000000..ff2e1df9a --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_katib-db-manager.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + name: katib-db-manager + namespace: kubeflow +spec: + ports: + - name: api + port: 6789 + protocol: TCP + selector: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + type: ClusterIP diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_katib-mysql.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_katib-mysql.yaml new file mode 100644 index 000000000..5b3c87b53 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_katib-mysql.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + name: katib-mysql + namespace: kubeflow +spec: + ports: + - name: dbapi + port: 3306 + protocol: TCP + selector: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + type: ClusterIP diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_katib-ui.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_katib-ui.yaml new file mode 100644 index 000000000..399b6e164 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_katib-ui.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + name: katib-ui + namespace: kubeflow +spec: + ports: + - name: ui + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + type: ClusterIP diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_minio-service.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_minio-service.yaml new file mode 100644 index 000000000..626f8bf50 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_minio-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-service + namespace: kubeflow +spec: + ports: + - port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_ml-pipeline-tensorboard-ui.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_ml-pipeline-tensorboard-ui.yaml new file mode 100644 index 000000000..01adf7506 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_ml-pipeline-tensorboard-ui.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-tensorboard-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ml-pipeline-tensorboard-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: ml-pipeline-tensorboard-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml new file mode 100644 index 000000000..92069c23d --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: ml-pipeline-ui + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml new file mode 100644 index 000000000..7f1ad6f44 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-visualizationserver + app.kubernetes.io/component: pipeline-visualization-service + app.kubernetes.io/name: pipeline-visualization-service + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: ml-pipeline-visualizationserver + app.kubernetes.io/component: pipeline-visualization-service + app.kubernetes.io/name: pipeline-visualization-service diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_ml-pipeline.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_ml-pipeline.yaml new file mode 100644 index 000000000..eddeb2a13 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_ml-pipeline.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline + app.kubernetes.io/component: api-service + app.kubernetes.io/name: api-service + name: ml-pipeline + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline + app.kubernetes.io/component: api-service + app.kubernetes.io/name: api-service diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_mysql.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_mysql.yaml new file mode 100644 index 000000000..8b23a44b1 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_mysql.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + ports: + - port: 3306 + selector: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_notebook-controller-service.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_notebook-controller-service.yaml new file mode 100644 index 000000000..a9f1b4b8e --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_notebook-controller-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-service + namespace: kubeflow +spec: + ports: + - port: 443 + selector: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_profiles-kfam.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_profiles-kfam.yaml new file mode 100644 index 000000000..84f28c447 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_profiles-kfam.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles + name: profiles-kfam + namespace: kubeflow +spec: + ports: + - port: 8081 + selector: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_pytorch-operator.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_pytorch-operator.yaml new file mode 100644 index 000000000..4114ea5f9 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_pytorch-operator.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8443" + prometheus.io/scrape: "true" + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + namespace: kubeflow +spec: + ports: + - name: monitoring-port + port: 8443 + targetPort: 8443 + selector: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + type: ClusterIP diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_seldon-webhook-service.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_seldon-webhook-service.yaml new file mode 100644 index 000000000..2aa608a97 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_seldon-webhook-service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + name: seldon-webhook-service + namespace: kubeflow +spec: + ports: + - port: 443 + targetPort: 443 + selector: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon1 + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: v0.5 + control-plane: seldon-controller-manager diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_service_tf-job-operator.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_service_tf-job-operator.yaml new file mode 100644 index 000000000..a13b8ac44 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_service_tf-job-operator.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8443" + prometheus.io/scrape: "true" + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + namespace: kubeflow +spec: + ports: + - name: monitoring-port + port: 8443 + targetPort: 8443 + selector: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + type: ClusterIP diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml new file mode 100644 index 000000000..6f41ce954 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml new file mode 100644 index 000000000..c58dd0a3d --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_argo.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_argo.yaml new file mode 100644 index 000000000..ad307ff2c --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_argo.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml new file mode 100644 index 000000000..55deba785 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml new file mode 100644 index 000000000..0c1492772 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml new file mode 100644 index 000000000..bfbc7b770 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml new file mode 100644 index 000000000..16c2b4541 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml new file mode 100644 index 000000000..646d8a333 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: ml-pipeline-persistenceagent + app.kubernetes.io/component: persistent-agent + app.kubernetes.io/name: persistent-agent + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 000000000..f6ba58ed2 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: ml-pipeline-scheduledworkflow + app.kubernetes.io/component: scheduledworkflow + app.kubernetes.io/name: scheduledworkflow + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml new file mode 100644 index 000000000..93f0f29ba --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: pipelines-ui + app.kubernetes.io/name: pipelines-ui + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml new file mode 100644 index 000000000..7e08d5b9b --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: ml-pipeline-viewer-crd + app.kubernetes.io/component: pipelines-viewer + app.kubernetes.io/name: pipelines-viewer + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml new file mode 100644 index 000000000..ba8865c65 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: ml-pipeline + app.kubernetes.io/component: api-service + app.kubernetes.io/name: api-service + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml new file mode 100644 index 000000000..d34df9217 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml new file mode 100644 index 000000000..190650272 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: pipeline-runner + app.kubernetes.io/component: pipelines-runner + app.kubernetes.io/name: pipelines-runner + name: pipeline-runner + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml new file mode 100644 index 000000000..6b8e8f370 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: profiles + app.kubernetes.io/name: profiles + kustomize.component: profiles + name: profiles-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml new file mode 100644 index 000000000..3d3555c2b --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_seldon-manager.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_seldon-manager.yaml new file mode 100644 index 000000000..8036b6fc5 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_seldon-manager.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: seldon + app.kubernetes.io/component: seldon + app.kubernetes.io/instance: seldon-core + app.kubernetes.io/name: seldon-core-operator + app.kubernetes.io/version: 1.1.0 + name: seldon-manager + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml new file mode 100644 index 000000000..3e0982e27 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: tf-job-dashboard + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-dashboard + namespace: kubeflow diff --git a/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml new file mode 100644 index 000000000..f7bf874b7 --- /dev/null +++ b/tests/stacks/ibm/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + namespace: kubeflow