kubeflow
/
manifests
mirror of https://github.com/kubeflow/manifests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update kfctl_ibm KfDef to kustomize v3 (#1246) 

* update kfctl_ibm kfdef to kustomize v3

* small update to README

* update to use katib, minio and mysql generic

* update after platform test

* fix test failure
This commit is contained in:
Adrian Zhuang 2020-06-22 11:12:36 -07:00 committed by GitHub
parent d6a25c64d7
commit bc5c7a72cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
643 changed files with 39966 additions and 321 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
application/v3/kustomization.yaml
View File

@ -7,6 +7,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: kubeflow namespace: kubeflow
nameprefix: application-controller- nameprefix: application-controller-
commonLabels:
app.kubernetes.io/component: kubeflow
app.kubernetes.io/name: kubeflow
resources: resources:
- ../application-crds/base - ../application-crds/base
- ../application/base/cluster-role.yaml - ../application/base/cluster-role.yaml

327
kfdef/kfctl_ibm.yaml
View File

@ -4,349 +4,96 @@ metadata:
namespace: kubeflow namespace: kubeflow
spec: spec:
applications: applications:
# Install istio in a different namespace: istio-system
# Remove this application if istio is already installed
- kustomizeConfig: - kustomizeConfig:
parameters:
- name: namespace
value: istio-system
repoRef: repoRef:
name: manifests name: manifests
path: istio/istio-crds path: stacks/ibm/application/istio-stack
name: istio-crds name: istio-stack
- kustomizeConfig: - kustomizeConfig:
parameters:
- name: namespace
value: istio-system
repoRef: repoRef:
name: manifests name: manifests
path: istio/istio-install path: stacks/ibm/application/cluster-local-gateway
name: istio-install
- kustomizeConfig:
parameters:
- name: namespace
value: istio-system
repoRef:
name: manifests
path: istio/cluster-local-gateway
name: cluster-local-gateway name: cluster-local-gateway
- kustomizeConfig: - kustomizeConfig:
parameters:
- name: clusterRbacConfig
value: 'OFF'
repoRef: repoRef:
name: manifests name: manifests
path: istio/istio path: stacks/ibm/application/istio
name: istio name: istio
- kustomizeConfig: - kustomizeConfig:
parameters:
- name: namespace
value: istio-system
repoRef: repoRef:
name: manifests name: manifests
path: istio/add-anonymous-user-filter path: stacks/ibm/application/add-anonymous-user-filter
name: add-anonymous-user-filter name: add-anonymous-user-filter
- kustomizeConfig: - kustomizeConfig:
repoRef: repoRef:
name: manifests name: manifests
path: application/application-crds path: application/v3
name: application-crds
- kustomizeConfig:
overlays:
- application
repoRef:
name: manifests
path: application/application
name: application name: application
- kustomizeConfig: - kustomizeConfig:
parameters:
- name: namespace
value: cert-manager
repoRef: repoRef:
name: manifests name: manifests
path: cert-manager/cert-manager-crds path: stacks/ibm/application/bootstrap
name: cert-manager-crds
- kustomizeConfig:
parameters:
- name: namespace
value: kube-system
repoRef:
name: manifests
path: cert-manager/cert-manager-kube-system-resources
name: cert-manager-kube-system-resources
- kustomizeConfig:
overlays:
- self-signed
- application
parameters:
- name: namespace
value: cert-manager
repoRef:
name: manifests
path: cert-manager/cert-manager
name: cert-manager
- kustomizeConfig:
repoRef:
name: manifests
path: metacontroller
name: metacontroller
- kustomizeConfig:
overlays:
- istio
- application
parameters:
- name: containerRuntimeExecutor
value: pns
repoRef:
name: manifests
path: argo
name: argo
- kustomizeConfig:
repoRef:
name: manifests
path: kubeflow-roles
name: kubeflow-roles
- kustomizeConfig:
overlays:
- istio
- application
repoRef:
name: manifests
path: common/centraldashboard
name: centraldashboard
- kustomizeConfig:
overlays:
- application
repoRef:
name: manifests
path: admission-webhook/bootstrap
name: bootstrap name: bootstrap
- kustomizeConfig: - kustomizeConfig:
overlays:
- application
repoRef: repoRef:
name: manifests name: manifests
path: admission-webhook/webhook path: stacks/ibm/application/cert-manager-crds
name: webhook name: cert-manager-crds
- kustomizeConfig: - kustomizeConfig:
overlays:
- istio
- application
parameters:
- name: userid-header
value: kubeflow-userid
repoRef: repoRef:
name: manifests name: manifests
path: jupyter/jupyter-web-app path: stacks/ibm/application/cert-manager-kube-system-resources
name: jupyter-web-app name: cert-manager-kube-system-resources
- kustomizeConfig: - kustomizeConfig:
overlays:
- application
repoRef: repoRef:
name: manifests name: manifests
path: spark/spark-operator path: stacks/ibm/application/cert-manager
name: spark-operator name: cert-manager
# Install Kubeflow applications.
- kustomizeConfig: - kustomizeConfig:
overlays:
- istio
- application
- ibm-storage-config
- db
repoRef: repoRef:
name: manifests name: manifests
path: metadata path: stacks/ibm
name: kubeflow-apps
- kustomizeConfig:
repoRef:
name: manifests
path: metacontroller/base
name: metacontroller
- kustomizeConfig:
repoRef:
name: manifests
path: stacks/ibm/application/metadata
name: metadata name: metadata
- kustomizeConfig: - kustomizeConfig:
overlays:
- istio
- application
repoRef: repoRef:
name: manifests name: manifests
path: jupyter/notebook-controller path: stacks/ibm/application/spark-operator
name: notebook-controller name: spark-operator
- kustomizeConfig: - kustomizeConfig:
overlays:
- application
repoRef: repoRef:
name: manifests name: manifests
path: pytorch-job/pytorch-job-crds path: knative/installs/generic
name: pytorch-job-crds name: knative
- kustomizeConfig: - kustomizeConfig:
overlays:
- application
repoRef: repoRef:
name: manifests name: manifests
path: pytorch-job/pytorch-operator path: kfserving/installs/generic
name: pytorch-operator name: kfserving
# Spartakus is a separate applications so that kfctl can remove it
# to disable usage reporting
- kustomizeConfig: - kustomizeConfig:
overlays:
- application
parameters:
- name: namespace
value: knative-serving
repoRef: repoRef:
name: manifests name: manifests
path: knative/knative-serving-crds path: stacks/ibm/application/spartakus
name: knative-crds
- kustomizeConfig:
overlays:
- application
parameters:
- name: namespace
value: knative-serving
repoRef:
name: manifests
path: knative/knative-serving-install
name: knative-install
- kustomizeConfig:
overlays:
- application
repoRef:
name: manifests
path: kfserving/kfserving-crds
name: kfserving-crds
- kustomizeConfig:
overlays:
- application
repoRef:
name: manifests
path: kfserving/kfserving-install
name: kfserving-install
- kustomizeConfig:
overlays:
- application
parameters:
- name: usageId
value: <randomly-generated-id>
- name: reportUsage
value: 'true'
repoRef:
name: manifests
path: common/spartakus
name: spartakus name: spartakus
- kustomizeConfig: - kustomizeConfig:
overlays:
- istio
repoRef: repoRef:
name: manifests name: manifests
path: tensorboard path: stacks/ibm/application/tensorboard
name: tensorboard name: tensorboard
- kustomizeConfig:
overlays:
- application
repoRef:
name: manifests
path: tf-training/tf-job-crds
name: tf-job-crds
- kustomizeConfig:
overlays:
- application
repoRef:
name: manifests
path: tf-training/tf-job-operator
name: tf-job-operator
- kustomizeConfig:
overlays:
- application
repoRef:
name: manifests
path: katib/katib-crds
name: katib-crds
- kustomizeConfig:
overlays:
- application
- istio
- ibm-storage-config
repoRef:
name: manifests
path: katib/katib-controller
name: katib-controller
- kustomizeConfig:
overlays:
- application
repoRef:
name: manifests
path: pipeline/api-service
name: api-service
- kustomizeConfig:
overlays:
- application
parameters:
- name: minioPvcName
value: minio-pv-claim
repoRef:
name: manifests
path: pipeline/minio
name: minio
- kustomizeConfig:
overlays:
- application
parameters:
- name: mysqlPvcName
value: mysql-pv-claim
repoRef:
name: manifests
path: pipeline/mysql
name: mysql
- kustomizeConfig:
overlays:
- application
repoRef:
name: manifests
path: pipeline/persistent-agent
name: persistent-agent
- kustomizeConfig:
overlays:
- application
repoRef:
name: manifests
path: pipeline/pipelines-runner
name: pipelines-runner
- kustomizeConfig:
overlays:
- istio
- application
repoRef:
name: manifests
path: pipeline/pipelines-ui
name: pipelines-ui
- kustomizeConfig:
overlays:
- application
repoRef:
name: manifests
path: pipeline/pipelines-viewer
name: pipelines-viewer
- kustomizeConfig:
overlays:
- application
repoRef:
name: manifests
path: pipeline/scheduledworkflow
name: scheduledworkflow
- kustomizeConfig:
overlays:
- application
repoRef:
name: manifests
path: pipeline/pipeline-visualization-service
name: pipeline-visualization-service
- kustomizeConfig:
overlays:
- application
- istio
parameters:
- name: admin
value: example@kubeflow.org
repoRef:
name: manifests
path: profiles
name: profiles
- kustomizeConfig:
overlays:
- application
repoRef:
name: manifests
path: seldon/seldon-core-operator
name: seldon-core-operator
repos: repos:
- name: manifests - name: manifests
uri: https://github.com/kubeflow/manifests/archive/master.tar.gz uri: https://github.com/kubeflow/manifests/archive/master.tar.gz

28
kfserving/kubeflow/kustomization.yaml → kfserving/installs/generic/kustomization.yaml
View File

@ -2,17 +2,17 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: kubeflow namespace: kubeflow
resources: resources:
- ../kfserving-crds/base - ../../kfserving-crds/base
- ../kfserving-crds/overlays/application - ../../kfserving-crds/overlays/application
- ../kfserving-install/base/cert.yaml - ../../kfserving-install/base/cert.yaml
- ../kfserving-install/base/config-map.yaml - ../../kfserving-install/base/config-map.yaml
- ../kfserving-install/base/cluster-role-binding.yaml - ../../kfserving-install/base/cluster-role-binding.yaml
- ../kfserving-install/base/cluster-role.yaml - ../../kfserving-install/base/cluster-role.yaml
- ../kfserving-install/base/secret.yaml - ../../kfserving-install/base/secret.yaml
- ../kfserving-install/base/statefulset.yaml - ../../kfserving-install/base/statefulset.yaml
- ../kfserving-install/base/service.yaml - ../../kfserving-install/base/service.yaml
- ../kfserving-install/base/webhook.yaml - ../../kfserving-install/base/webhook.yaml
- ../kfserving-install/overlays/application - ../../kfserving-install/overlays/application
commonLabels: commonLabels:
app: kfserving app: kfserving
kustomize.component: kfserving kustomize.component: kfserving
@ -21,9 +21,11 @@ commonLabels:
app.kuberenets.io/name: kfserving-install app.kuberenets.io/name: kfserving-install
app.kuberenets.io/managed-by: kfctl app.kuberenets.io/managed-by: kfctl
app.kuberenets.io/part-of: kubeflow app.kuberenets.io/part-of: kubeflow
generatorOptions:
disableNameSuffixHash: true
configMapGenerator: configMapGenerator:
- envs: - envs:
- ../kfserving-install/base/params.env - ../../kfserving-install/base/params.env
name: kfserving-config name: kfserving-config
vars: vars:
- name: registry - name: registry
@ -34,7 +36,7 @@ vars:
fieldref: fieldref:
fieldpath: data.registry fieldpath: data.registry
configurations: configurations:
- ../kfserving-install/base/params.yaml - ../../kfserving-install/base/params.yaml
images: images:
- name: gcr.io/kubebuilder/kube-rbac-proxy - name: gcr.io/kubebuilder/kube-rbac-proxy
newName: gcr.io/kubebuilder/kube-rbac-proxy newName: gcr.io/kubebuilder/kube-rbac-proxy

35
knative/kubeflow/kustomization.yaml → knative/installs/generic/kustomization.yaml
View File

@ -2,25 +2,24 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: knative-serving namespace: knative-serving
resources: resources:
- ../knative-serving-crds/base - ../../knative-serving-crds/base
- ../knative-serving-crds/overlays/application - ../../knative-serving-crds/overlays/application
- ../knative-serving-install/base/gateway.yaml - ../../knative-serving-install/base/gateway.yaml
- ../knative-serving-install/base/cluster-role.yaml - ../../knative-serving-install/base/cluster-role.yaml
- ../knative-serving-install/base/cluster-role-binding.yaml - ../../knative-serving-install/base/cluster-role-binding.yaml
- ../knative-serving-install/base/service-role.yaml - ../../knative-serving-install/base/service-role.yaml
- ../knative-serving-install/base/service-role-binding.yaml - ../../knative-serving-install/base/service-role-binding.yaml
- ../knative-serving-install/base/role-binding.yaml - ../../knative-serving-install/base/role-binding.yaml
- ../knative-serving-install/base/config-map.yaml - ../../knative-serving-install/base/config-map.yaml
- ../knative-serving-install/base/deployment.yaml - ../../knative-serving-install/base/deployment.yaml
- ../knative-serving-install/base/service-account.yaml - ../../knative-serving-install/base/service-account.yaml
- ../knative-serving-install/base/service.yaml - ../../knative-serving-install/base/service.yaml
- ../knative-serving-install/base/apiservice.yaml - ../../knative-serving-install/base/apiservice.yaml
- ../knative-serving-install/base/image.yaml - ../../knative-serving-install/base/image.yaml
- ../knative-serving-install/base/hpa.yaml - ../../knative-serving-install/base/hpa.yaml
- ../knative-serving-install/base/webhook-configuration.yaml - ../../knative-serving-install/base/webhook-configuration.yaml
- ../knative-serving-install/overlays/application - ../../knative-serving-install/overlays/application
commonLabels: commonLabels:
app: knative
kustomize.component: knative kustomize.component: knative
app.kubernetes.io/component: knative-serving-install app.kubernetes.io/component: knative-serving-install
app.kuberenets.io/instance: knative-serving-install app.kuberenets.io/instance: knative-serving-install

4
pipeline/minio/installs/ibm/OWNERS Normal file
View File

@ -0,0 +1,4 @@
approvers:
- adrian555
- animeshsingh
- tomcli

11
pipeline/minio/installs/ibm/deployment-patch.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio
spec:
template:
spec:
volumes:
- name: data
persistentVolumeClaim:
claimName: $(minioPvcName)

32
pipeline/minio/installs/ibm/kustomization.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
app.kubernetes.io/component: minio
app.kubernetes.io/name: minio
resources:
- ../../../upstream/env/platform-agnostic/minio/
- ../../../upstream/base/argo/minio-artifact-secret.yaml # TODO: move it to minio/ folder
- ../../overlays/application/application.yaml
- persistent-volume-claim.yaml
patchesStrategicMerge:
- deployment-patch.yaml
generatorOptions:
disableNameSuffixHash: true
configMapGenerator:
- name: pipeline-minio-parameters
envs:
- params.env
vars:
- name: minioPvcName
objref:
kind: ConfigMap
name: pipeline-minio-parameters
apiVersion: v1
fieldref:
fieldpath: data.minioPvcName
images:
- name: minio/minio
newTag: RELEASE.2018-02-09T22-40-05Z
newName: minio/minio
configurations:
- params.yaml

1
pipeline/minio/installs/ibm/params.env Normal file
View File

@ -0,0 +1 @@
minioPvcName=

5
pipeline/minio/installs/ibm/params.yaml Normal file
View File

@ -0,0 +1,5 @@
varReference:
- path: spec/template/spec/volumes/persistentVolumeClaim/claimName
kind: Deployment
- path: metadata/name
kind: PersistentVolumeClaim

10
pipeline/minio/installs/ibm/persistent-volume-claim.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: $(minioPvcName)
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi

4
pipeline/mysql/installs/ibm/OWNERS Normal file
View File

@ -0,0 +1,4 @@
approvers:
- adrian555
- animeshsingh
- tomcli

11
pipeline/mysql/installs/ibm/deployment-patch.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
spec:
template:
spec:
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: $(mysqlPvcName)

30
pipeline/mysql/installs/ibm/kustomization.yaml Normal file
View File

@ -0,0 +1,30 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
app: mysql
app.kubernetes.io/component: mysql
app.kubernetes.io/name: mysql
resources:
- ../generic
generatorOptions:
disableNameSuffixHash: true
configMapGenerator:
- name: pipeline-mysql-parameters
envs:
- params.env
vars:
- name: mysqlPvcName
objref:
kind: ConfigMap
name: pipeline-mysql-parameters
apiVersion: v1
fieldref:
fieldpath: data.mysqlPvcName
images:
- name: mysql
newTag: '5.6'
newName: mysql
configurations:
- params.yaml
patchesStrategicMerge:
- deployment-patch.yaml

1
pipeline/mysql/installs/ibm/params.env Normal file
View File

@ -0,0 +1 @@
mysqlPvcName=

5
pipeline/mysql/installs/ibm/params.yaml Normal file
View File

@ -0,0 +1,5 @@
varReference:
- path: spec/template/spec/volumes/persistentVolumeClaim/claimName
kind: Deployment
- path: metadata/name
kind: PersistentVolumeClaim

4
stacks/ibm/OWNERS Normal file
View File

@ -0,0 +1,4 @@
approvers:
- adrian555
- animeshsingh
- tomcli

5
stacks/ibm/application/add-anonymous-user-filter/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: istio-system
resources:
- ../../../../istio/add-anonymous-user-filter/base

5
stacks/ibm/application/bootstrap/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubeflow
resources:
- ../../../../admission-webhook/bootstrap/overlays/application

5
stacks/ibm/application/cert-manager-crds/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cert-manager
resources:
- ../../../../cert-manager/cert-manager-crds/base

5
stacks/ibm/application/cert-manager-kube-system-resources/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kube-system
resources:
- ../../../../cert-manager/cert-manager-kube-system-resources/base

13
stacks/ibm/application/cert-manager/kustomization.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
commonLabels:
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
kind: Kustomization
namespace: cert-manager
resources:
- ../../../../cert-manager/cert-manager/base
- ../../../../cert-manager/cert-manager/overlays/application/application.yaml
- ../../../../cert-manager/cert-manager/overlays/self-signed/cluster-issuer.yaml
configurations:
- ../../../../cert-manager/cert-manager/overlays/application/params.yaml

5
stacks/ibm/application/cluster-local-gateway/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: istio-system
resources:
- ../../../../istio/cluster-local-gateway/base

6
stacks/ibm/application/istio-stack/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: istio-system
resources:
- ../../../../istio/istio-crds/base
- ../../../../istio/istio-install/base

12
stacks/ibm/application/istio/kustomization.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubeflow
resources:
- ../../../../istio/istio/base
configMapGenerator:
- name: istio-parameters
behavior: merge
envs:
- params.env
configurations:
- params.yaml

1
stacks/ibm/application/istio/params.env Normal file
View File

@ -0,0 +1 @@
clusterRbacConfig=OFF

3
stacks/ibm/application/istio/params.yaml Normal file
View File

@ -0,0 +1,3 @@
varReference:
- path: spec/mode
kind: ClusterRbacConfig

1
stacks/ibm/application/jupyter-web-app/README.md Normal file
View File

@ -0,0 +1 @@
Note: the approach to have the `base` in a sub-directory is to avoid the problem of current `namePrefix` incapability to skip adding to certain resources. In this case, they are `VirtualService` and `Application`. For these, we want the name to be `jupyter-web-app` instead of `jupyter-web-app-jupyter-web-app`.

33
stacks/ibm/application/jupyter-web-app/base/deployment_patch.yaml Normal file
View File

@ -0,0 +1,33 @@
# TODO(https://github.com/kubeflow/manifests/issues/774): This is a patch
# that pulls out from core the parts that should be in pulled into stacks.
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
spec:
template:
spec:
containers:
- name: jupyter-web-app
imagePullPolicy: $(policy)
env:
- name: ROK_SECRET_NAME
valueFrom:
configMapKeyRef:
name: jupyter-web-app-parameters
key: ROK_SECRET_NAME
- name: UI
valueFrom:
configMapKeyRef:
name: jupyter-web-app-parameters
key: UI
- name: USERID_HEADER
valueFrom:
configMapKeyRef:
name: kubeflow-config
key: userid-header
- name: USERID_PREFIX
valueFrom:
configMapKeyRef:
name: kubeflow-config
key: userid-prefix

49
stacks/ibm/application/jupyter-web-app/base/kustomization.yaml Normal file
View File

@ -0,0 +1,49 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
app.kubernetes.io/component: jupyter-web-app
app.kubernetes.io/name: jupyter-web-app
app: jupyter-web-app
kustomize.component: jupyter-web-app
namePrefix: jupyter-web-app-
namespace: kubeflow
images:
- name: gcr.io/kubeflow-images-public/jupyter-web-app
newName: gcr.io/kubeflow-images-public/jupyter-web-app
newTag: vmaster-gd9be4b9e
resources:
- ../../../../../jupyter/jupyter-web-app/base/cluster-role-binding.yaml
- ../../../../../jupyter/jupyter-web-app/base/cluster-role.yaml
- ../../../../../jupyter/jupyter-web-app/base/deployment.yaml
- ../../../../../jupyter/jupyter-web-app/base/role-binding.yaml
- ../../../../../jupyter/jupyter-web-app/base/role.yaml
- ../../../../../jupyter/jupyter-web-app/base/service-account.yaml
- ../../../../../jupyter/jupyter-web-app/base/service.yaml
patchesStrategicMerge:
- deployment_patch.yaml
generatorOptions:
disableNameSuffixHash: true
configMapGenerator:
- name: jupyter-web-app-config
files:
- ../../../../../jupyter/jupyter-web-app/base/configs/spawner_ui_config.yaml
- name: parameters
envs:
- params.env
vars:
- fieldref:
fieldPath: data.policy
name: policy
objref:
apiVersion: v1
kind: ConfigMap
name: parameters
- fieldref:
fieldPath: data.prefix
name: prefix
objref:
apiVersion: v1
kind: ConfigMap
name: parameters
configurations:
- params.yaml

4
stacks/ibm/application/jupyter-web-app/base/params.env Normal file
View File

@ -0,0 +1,4 @@
UI=default
ROK_SECRET_NAME=secret-rok-{username}
policy=Always
prefix=jupyter

7
stacks/ibm/application/jupyter-web-app/base/params.yaml Normal file
View File

@ -0,0 +1,7 @@
varReference:
- path: spec/template/spec/containers/imagePullPolicy
kind: Deployment
- path: metadata/annotations/getambassador.io\/config
kind: Service
- path: spec/http/route/destination/host
kind: VirtualService

7
stacks/ibm/application/jupyter-web-app/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubeflow
resources:
- base
- ../../../../jupyter/jupyter-web-app/overlays/istio
- ../../../../jupyter/jupyter-web-app/overlays/application

18
stacks/ibm/application/metadata/kustomization.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubeflow
commonLabels:
app.kubernetes.io/component: metadata
app.kubernetes.io/name: metadata
kustomize.component: metadata
resources:
- ../../../../metadata/overlays/db
- ../../../../metadata/overlays/application/application.yaml
- ../../../../metadata/overlays/istio/virtual-service.yaml
- ../../../../metadata/overlays/istio/virtual-service-metadata-grpc.yaml
configurations:
- ../../../../metadata/overlays/istio/params.yaml
images:
- name: mysql
newTag: "5.6"
newName: mysql

1
stacks/ibm/application/notebook-controller/README.md Normal file
View File

@ -0,0 +1 @@
Note: the approach to have the `base` in a sub-directory is to avoid the problem of current `namePrefix` incapability to skip adding to certain resources. In this case, they are `VirtualService` and `Application`. For these, we want the name to be `notebook-controller` instead of `notebook-controller-notebook-controller`.

21
stacks/ibm/application/notebook-controller/base/deployment_patch.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
spec:
template:
spec:
containers:
- name: manager
env:
- name: USE_ISTIO
valueFrom:
configMapKeyRef:
name: notebook-controller-config
key: USE_ISTIO
- name: ISTIO_GATEWAY
valueFrom:
configMapKeyRef:
name: notebook-controller-config
key: ISTIO_GATEWAY

29
stacks/ibm/application/notebook-controller/base/kustomization.yaml Normal file
View File

@ -0,0 +1,29 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: notebook-controller-
namespace: kubeflow
commonLabels:
app: notebook-controller
app.kubernetes.io/component: notebook-controller
app.kubernetes.io/name: notebook-controller
kustomize.component: notebook-controller
generatorOptions:
disableNameSuffixHash: true
configMapGenerator:
- literals:
- USE_ISTIO=true
- ISTIO_GATEWAY=kubeflow/kubeflow-gateway
name: config
images:
- name: gcr.io/kubeflow-images-public/notebook-controller
newName: gcr.io/kubeflow-images-public/notebook-controller
newTag: vmaster-gf39279c0
patchesStrategicMerge:
- deployment_patch.yaml
resources:
- ../../../../../jupyter/notebook-controller/base/cluster-role-binding.yaml
- ../../../../../jupyter/notebook-controller/base/cluster-role.yaml
- ../../../../../jupyter/notebook-controller/base/crd.yaml
- ../../../../../jupyter/notebook-controller/base/deployment.yaml
- ../../../../../jupyter/notebook-controller/base/service-account.yaml
- ../../../../../jupyter/notebook-controller/base/service.yaml

8
stacks/ibm/application/notebook-controller/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
app.kubernetes.io/component: notebook-controller
app.kubernetes.io/name: notebook-controller
resources:
- base
- ../../../../jupyter/notebook-controller/overlays/application/application.yaml

9
stacks/ibm/application/pipelines-ui/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubeflow
commonLabels:
app.kubernetes.io/component: pipelines-ui
app.kubernetes.io/name: pipelines-ui
resources:
- ../../../../pipeline/pipelines-ui/overlays/istio
- ../../../../pipeline/pipelines-ui/overlays/application/application.yaml

58
stacks/ibm/application/profiles/base/deployment_patch.yaml Normal file
View File

@ -0,0 +1,58 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
spec:
template:
spec:
containers:
- command:
- /manager
- -userid-header
- $(USERID_HEADER)
- -userid-prefix
- $(USERID_PREFIX)
- -workload-identity
- $(WORKLOAD_IDENTITY)
args: []
name: manager
env:
- name: USERID_HEADER
valueFrom:
configMapKeyRef:
name: kubeflow-config
key: userid-header
- name: USERID_PREFIX
valueFrom:
configMapKeyRef:
name: kubeflow-config
key: userid-prefix
- name: WORKLOAD_IDENTITY
valueFrom:
configMapKeyRef:
name: profiles-config
key: gcp-sa
- command:
- /access-management
- -cluster-admin
- $(CLUSTER_ADMIN)
- -userid-prefix
- $(USERID_PREFIX)
args: []
name: kfam
env:
- name: USERID_HEADER
valueFrom:
configMapKeyRef:
name: kubeflow-config
key: userid-header
- name: USERID_PREFIX
valueFrom:
configMapKeyRef:
name: kubeflow-config
key: userid-prefix
- name: CLUSTER_ADMIN
valueFrom:
configMapKeyRef:
name: profiles-config
key: admin

27
stacks/ibm/application/profiles/base/kustomization.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: profiles-
commonLabels:
kustomize.component: profiles
images:
- name: gcr.io/kubeflow-images-public/kfam
newName: gcr.io/kubeflow-images-public/kfam
newTag: vmaster-gf3e09203
- name: gcr.io/kubeflow-images-public/profile-controller
newName: gcr.io/kubeflow-images-public/profile-controller
newTag: vmaster-g34aa47c2
resources:
- ../../../../../profiles/base/cluster-role-binding.yaml
- ../../../../../profiles/base/crd.yaml
- ../../../../../profiles/base/deployment.yaml
- ../../../../../profiles/base/service.yaml
- ../../../../../profiles/base/service-account.yaml
patchesStrategicMerge:
- deployment_patch.yaml
configMapGenerator:
# We need the name to be unique without the suffix because the original name is what
# gets used with patches
- name: profiles-config
literals:
- admin=
- gcp-sa=

9
stacks/ibm/application/profiles/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
app.kubernetes.io/component: profiles
app.kubernetes.io/name: profiles
resources:
- base
- ../../../../profiles/overlays/istio/virtual-service.yaml
- ../../../../profiles/overlays/application/application.yaml

5
stacks/ibm/application/spark-operator/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubeflow
resources:
- ../../../../spark/spark-operator/overlays/application

10
stacks/ibm/application/spartakus/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubeflow
resources:
- ../../../../common/spartakus/overlays/application
configMapGenerator:
- name: spartakus-config
behavior: merge
literals:
- usageId=<randomly-generated-id>

10
stacks/ibm/application/tensorboard/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubeflow
resources:
- ../../../../tensorboard/overlays/istio
configMapGenerator:
- name: parameters
behavior: merge
literals:
- namespace=kubeflow

3
stacks/ibm/config/params.env Normal file
View File

@ -0,0 +1,3 @@
clusterDomain=cluster.local
userid-header=kubeflow-userid
userid-prefix=

70
stacks/ibm/kustomization.yaml Normal file
View File

@ -0,0 +1,70 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubeflow
resources:
- ../../admission-webhook/webhook/v3
- ../../common/centraldashboard/overlays/stacks
- ../../kubeflow-roles/base
- application/jupyter-web-app
- application/notebook-controller
- application/profiles
- ../../argo/base_v3
- ../../pipeline/api-service/overlays/application
- ../../pipeline/minio/installs/ibm
- ../../pipeline/mysql/installs/ibm
- ../../pipeline/persistent-agent/overlays/application
- ../../pipeline/pipelines-runner/overlays/application
- application/pipelines-ui
- ../../pipeline/pipelines-viewer/overlays/application
- ../../pipeline/scheduledworkflow/overlays/application
- ../../pipeline/pipeline-visualization-service/overlays/application
- ../../pytorch-job/pytorch-job-crds/overlays/application
- ../../pytorch-job/pytorch-operator/overlays/application
- ../../tf-training/tf-job-crds/overlays/application
- ../../tf-training/tf-job-operator/overlays/application
- ../../katib/installs/katib-standalone-ibm
- ../../seldon/seldon-core-operator/overlays/application
configMapGenerator:
- name: pipeline-mysql-parameters
behavior: merge
literals:
- mysqlPvcName=mysql-pv-claim
- name: pipeline-minio-parameters
behavior: merge
literals:
- minioPvcName=minio-pv-claim
- name: workflow-controller-parameters
behavior: merge
literals:
- containerRuntimeExecutor=pns
- name: profiles-config
behavior: merge
literals:
- admin=example@kubeflow.org
- name: kubeflow-config
envs:
- ./config/params.env
vars:
# We need to define vars at the top level otherwise we will get
# conflicts.
- fieldref:
fieldPath: data.clusterDomain
name: clusterDomain
objref:
apiVersion: v1
kind: ConfigMap
name: kubeflow-config
- fieldref:
fieldPath: metadata.namespace
name: namespace
objref:
apiVersion: v1
kind: ConfigMap
name: kubeflow-config
- fieldref:
fieldpath: metadata.namespace
name: katib-ui-namespace
objref:
kind: Service
name: katib-ui
apiVersion: v1

15
tests/stacks/ibm/application/add-anonymous-user-filter/kustomize_test.go Normal file
View File

@ -0,0 +1,15 @@
package add_anonymous_user_filter
import (
"github.com/kubeflow/manifests/tests"
"testing"
)
func TestKustomize(t *testing.T) {
testCase := &tests.KustomizeTestCase{
Package: "../../../../../stacks/ibm/application/add-anonymous-user-filter",
Expected: "test_data/expected",
}
tests.RunTestCase(t, testCase)
}

20
tests/stacks/ibm/application/add-anonymous-user-filter/test_data/expected/networking.istio.io_v1alpha3_envoyfilter_add-user-filter.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: add-user-filter
namespace: istio-system
spec:
filters:
- filterConfig:
inlineCode: |
function envoy_on_request(request_handle)
request_handle:headers():add("kubeflow-userid","anonymous@kubeflow.org")
end
filterName: envoy.lua
filterType: HTTP
insertPosition:
index: FIRST
listenerMatch:
listenerType: GATEWAY
workloadLabels:
app: istio-ingressgateway

15
tests/stacks/ibm/application/bootstrap/kustomize_test.go Normal file
View File

@ -0,0 +1,15 @@
package bootstrap
import (
"github.com/kubeflow/manifests/tests"
"testing"
)
func TestKustomize(t *testing.T) {
testCase := &tests.KustomizeTestCase{
Package: "../../../../../stacks/ibm/application/bootstrap",
Expected: "test_data/expected",
}
tests.RunTestCase(t, testCase)
}

37
tests/stacks/ibm/application/bootstrap/test_data/expected/app.k8s.io_v1beta1_application_bootstrap.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: app.k8s.io/v1beta1
kind: Application
metadata:
labels:
app.kubernetes.io/component: bootstrap
app.kubernetes.io/name: bootstrap
name: bootstrap
namespace: kubeflow
spec:
addOwnerRef: true
componentKinds:
- group: core
kind: ConfigMap
- group: apps
kind: StatefulSet
- group: core
kind: ServiceAccount
descriptor:
description: Bootstraps the admission-webhook controller
keywords:
- admission-webhook
- kubeflow
links:
- description: About
url: https://github.com/kubeflow/kubeflow/tree/master/components/admission-webhook
maintainers: []
owners: []
type: bootstrap
version: v1beta1
selector:
matchLabels:
app.kubernetes.io/component: bootstrap
app.kubernetes.io/instance: bootstrap-v0.7.0
app.kubernetes.io/managed-by: kfctl
app.kubernetes.io/name: bootstrap
app.kubernetes.io/part-of: kubeflow
app.kubernetes.io/version: v0.7.0

42
tests/stacks/ibm/application/bootstrap/test_data/expected/apps_v1_statefulset_admission-webhook-bootstrap-stateful-set.yaml Normal file
View File

@ -0,0 +1,42 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app.kubernetes.io/component: bootstrap
app.kubernetes.io/name: bootstrap
kustomize.component: admission-webhook-bootstrap
name: admission-webhook-bootstrap-stateful-set
namespace: kubeflow
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: bootstrap
app.kubernetes.io/name: bootstrap
kustomize.component: admission-webhook-bootstrap
serviceName: service
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
labels:
app.kubernetes.io/component: bootstrap
app.kubernetes.io/name: bootstrap
kustomize.component: admission-webhook-bootstrap
spec:
containers:
- command:
- sh
- /var/webhook-config/create_ca.sh
image: gcr.io/kubeflow-images-public/ingress-setup:latest
name: bootstrap
volumeMounts:
- mountPath: /var/webhook-config/
name: admission-webhook-config
restartPolicy: Always
serviceAccountName: admission-webhook-bootstrap-service-account
volumes:
- configMap:
name: admission-webhook-bootstrap-config-map
name: admission-webhook-config
volumeClaimTemplates: []

28
tests/stacks/ibm/application/bootstrap/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_admission-webhook-bootstrap-cluster-role.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: bootstrap
app.kubernetes.io/name: bootstrap
kustomize.component: admission-webhook-bootstrap
name: admission-webhook-bootstrap-cluster-role
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
verbs:
- '*'
- apiGroups:
- ""
resources:
- secrets
verbs:
- '*'
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- delete

16
tests/stacks/ibm/application/bootstrap/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_admission-webhook-bootstrap-cluster-role-binding.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: bootstrap
app.kubernetes.io/name: bootstrap
kustomize.component: admission-webhook-bootstrap
name: admission-webhook-bootstrap-cluster-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admission-webhook-bootstrap-cluster-role
subjects:
- kind: ServiceAccount
name: admission-webhook-bootstrap-service-account
namespace: kubeflow

139
tests/stacks/ibm/application/bootstrap/test_data/expected/~g_v1_configmap_admission-webhook-bootstrap-config-map.yaml Normal file
View File

@ -0,0 +1,139 @@
apiVersion: v1
data:
create_ca.sh: |
#!/bin/bash
set -e
usage() {
cat <<EOF
Generate certificate suitable for use with an sidecar-injector webhook service.
This script uses k8s' CertificateSigningRequest API to a generate a
certificate signed by k8s CA suitable for use with sidecar-injector webhook
services. This requires permissions to create and approve CSR. See
https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster for
detailed explantion and additional instructions.
The server key/cert k8s CA cert are stored in a k8s secret.
usage: ${0} [OPTIONS]
The following flags are required.
--service Service name of webhook.
--namespace Namespace where webhook service and secret reside.
--secret Secret name for CA certificate and server certificate/key pair.
EOF
exit 1
}
while [[ $# -gt 0 ]]; do
case ${1} in
--service)
service="$2"
shift
;;
--secret)
secret="$2"
shift
;;
--namespace)
namespace="$2"
shift
;;
*)
usage
;;
esac
shift
done
[ -z ${service} ] && service=admission-webhook-service
[ -z ${secret} ] && secret=webhook-certs
[ -z ${namespace} ] && namespace=kubeflow
[ -z ${namespace} ] && namespace=default
webhookDeploymentName=admission-webhook-deployment
mutatingWebhookConfigName=admission-webhook-mutating-webhook-configuration
echo ${service}
echo ${namespace}
echo ${secret}
echo ${webhookDeploymentName}
echo ${mutatingWebhookconfigName}
if [ ! -x "$(command -v openssl)" ]; then
echo "openssl not found"
exit 1
fi
csrName=${service}.${namespace}
tmpdir=$(mktemp -d)
echo "creating certs in tmpdir ${tmpdir} "
# x509 outputs a self signed certificate instead of certificate request, later used as self signed root CA
openssl req -x509 -newkey rsa:2048 -keyout ${tmpdir}/self_ca.key -out ${tmpdir}/self_ca.crt -days 365 -nodes -subj /C=/ST=/L=/O=/OU=/CN=test-certificate-authority
cat <<EOF >> ${tmpdir}/csr.conf
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${service}
DNS.2 = ${service}.${namespace}
DNS.3 = ${service}.${namespace}.svc
EOF
openssl genrsa -out ${tmpdir}/server-key.pem 2048
openssl req -new -key ${tmpdir}/server-key.pem -subj "/CN=${service}.${namespace}.svc" -out ${tmpdir}/server.csr -config ${tmpdir}/csr.conf
# Self sign
openssl x509 -req -days 365 -in ${tmpdir}/server.csr -CA ${tmpdir}/self_ca.crt -CAkey ${tmpdir}/self_ca.key -CAcreateserial -out ${tmpdir}/server-cert.pem
# create the secret with CA cert and server cert/key
kubectl create secret generic ${secret} \
--from-file=key.pem=${tmpdir}/server-key.pem \
--from-file=cert.pem=${tmpdir}/server-cert.pem \
--dry-run -o yaml |
kubectl -n ${namespace} apply -f -
# Webhook pod needs to be restarted so that the service reload the secret
# http://github.com/kueflow/kubeflow/issues/3227
webhookPod=$(kubectl get pods -n ${namespace} |grep ${webhookDeploymentName} |awk '{print $1;}')
# ignore error if webhook pod does not exist
kubectl delete pod ${webhookPod} 2>/dev/null || true
echo "webhook ${webhookPod} is restarted to utilize the new secret"
cat ${tmpdir}/self_ca.crt
# -a means base64 encode
caBundle=$(cat ${tmpdir}/self_ca.crt | openssl enc -a -A)
echo ${caBundle}
patchString='[{"op": "replace", "path": "/webhooks/0/clientConfig/caBundle", "value":"{{CA_BUNDLE}}"}]'
patchString=$(echo ${patchString} | sed "s|{{CA_BUNDLE}}|${caBundle}|g")
echo ${patchString}
checkWebhookConfig() {
currentBundle=$(kubectl get mutatingwebhookconfigurations -n ${namespace} ${mutatingWebhookConfigName} -o jsonpath='{.webhooks[0].clientConfig.caBundle}')
[[ "$currentBundle" == "$caBundle" ]]
}
while true; do
if ! checkWebhookConfig; then
echo "patching ca bundle for webhook configuration..."
kubectl patch mutatingwebhookconfiguration ${mutatingWebhookConfigName} \
--type='json' -p="${patchString}"
fi
sleep 10
done
namespace: kubeflow
webhookNamePrefix: admission-webhook-
kind: ConfigMap
metadata:
annotations: {}
labels:
app.kubernetes.io/component: bootstrap
app.kubernetes.io/name: bootstrap
kustomize.component: admission-webhook-bootstrap
name: admission-webhook-bootstrap-config-map
namespace: kubeflow

9
tests/stacks/ibm/application/bootstrap/test_data/expected/~g_v1_serviceaccount_admission-webhook-bootstrap-service-account.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: bootstrap
app.kubernetes.io/name: bootstrap
kustomize.component: admission-webhook-bootstrap
name: admission-webhook-bootstrap-service-account
namespace: kubeflow

15
tests/stacks/ibm/application/cert-manager-crds/kustomize_test.go Normal file
View File

@ -0,0 +1,15 @@
package cert_manager_crds
import (
"github.com/kubeflow/manifests/tests"
"testing"
)
func TestKustomize(t *testing.T) {
testCase := &tests.KustomizeTestCase{
Package: "../../../../../stacks/ibm/application/cert-manager-crds",
Expected: "test_data/expected",
}
tests.RunTestCase(t, testCase)
}

181
tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificaterequests.cert-manager.io.yaml Normal file
View File

@ -0,0 +1,181 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: certificaterequests.cert-manager.io
spec:
additionalPrinterColumns:
- JSONPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- JSONPath: .spec.issuerRef.name
name: Issuer
priority: 1
type: string
- JSONPath: .status.conditions[?(@.type=="Ready")].message
name: Status
priority: 1
type: string
- JSONPath: .metadata.creationTimestamp
description: CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC.
name: Age
type: date
group: cert-manager.io
names:
kind: CertificateRequest
listKind: CertificateRequestList
plural: certificaterequests
shortNames:
- cr
- crs
singular: certificaterequest
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: CertificateRequest is a type to represent a Certificate Signing
Request
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: CertificateRequestSpec defines the desired state of CertificateRequest
properties:
csr:
description: Byte slice containing the PEM encoded CertificateSigningRequest
format: byte
type: string
duration:
description: Requested certificate default Duration
type: string
isCA:
description: IsCA will mark the resulting certificate as valid for signing.
This implies that the 'cert sign' usage is set
type: boolean
issuerRef:
description: IssuerRef is a reference to the issuer for this CertificateRequest. If
the 'kind' field is not set, or set to 'Issuer', an Issuer resource
with the given name in the same namespace as the CertificateRequest
will be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer
with the provided name will be used. The 'name' field in this stanza
is required at all times. The group field refers to the API group
of the issuer which defaults to 'cert-manager.io' if empty.
properties:
group:
type: string
kind:
type: string
name:
type: string
required:
- name
type: object
usages:
description: Usages is the set of x509 actions that are enabled for
a given key. Defaults are ('digital signature', 'key encipherment')
if empty
items:
description: 'KeyUsage specifies valid usage contexts for keys. See:
https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12'
enum:
- signing
- digital signature
- content commitment
- key encipherment
- key agreement
- data encipherment
- cert sign
- crl sign
- encipher only
- decipher only
- any
- server auth
- client auth
- code signing
- email protection
- s/mime
- ipsec end system
- ipsec tunnel
- ipsec user
- timestamping
- ocsp signing
- microsoft sgc
- netscape sgc
type: string
type: array
required:
- issuerRef
type: object
status:
description: CertificateStatus defines the observed state of CertificateRequest
and resulting signed certificate.
properties:
ca:
description: Byte slice containing the PEM encoded certificate authority
of the signed certificate.
format: byte
type: string
certificate:
description: Byte slice containing a PEM encoded signed certificate
resulting from the given certificate signing request.
format: byte
type: string
conditions:
items:
description: CertificateRequestCondition contains condition information
for a CertificateRequest.
properties:
lastTransitionTime:
description: LastTransitionTime is the timestamp corresponding
to the last status change of this condition.
format: date-time
type: string
message:
description: Message is a human readable description of the details
of the last transition, complementing reason.
type: string
reason:
description: Reason is a brief machine readable explanation for
the condition's last transition.
type: string
status:
description: Status of the condition, one of ('True', 'False',
'Unknown').
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: Type of the condition, currently ('Ready').
type: string
required:
- status
- type
type: object
type: array
failureTime:
description: FailureTime stores the time that this CertificateRequest
failed. This is used to influence garbage collection and back-off.
format: date-time
type: string
type: object
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true

235
tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_certificates.cert-manager.io.yaml Normal file
View File

@ -0,0 +1,235 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: certificates.cert-manager.io
spec:
additionalPrinterColumns:
- JSONPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- JSONPath: .spec.secretName
name: Secret
type: string
- JSONPath: .spec.issuerRef.name
name: Issuer
priority: 1
type: string
- JSONPath: .status.conditions[?(@.type=="Ready")].message
name: Status
priority: 1
type: string
- JSONPath: .metadata.creationTimestamp
description: CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC.
name: Age
type: date
group: cert-manager.io
names:
kind: Certificate
listKind: CertificateList
plural: certificates
shortNames:
- cert
- certs
singular: certificate
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: Certificate is a type to represent a Certificate from ACME
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: CertificateSpec defines the desired state of Certificate. A
valid Certificate requires at least one of a CommonName, DNSName, or URISAN
to be valid.
properties:
commonName:
description: CommonName is a common name to be used on the Certificate.
The CommonName should have a length of 64 characters or fewer to avoid
generating invalid CSRs.
type: string
dnsNames:
description: DNSNames is a list of subject alt names to be used on the
Certificate.
items:
type: string
type: array
duration:
description: Certificate default Duration
type: string
ipAddresses:
description: IPAddresses is a list of IP addresses to be used on the
Certificate
items:
type: string
type: array
isCA:
description: IsCA will mark this Certificate as valid for signing. This
implies that the 'cert sign' usage is set
type: boolean
issuerRef:
description: IssuerRef is a reference to the issuer for this certificate.
If the 'kind' field is not set, or set to 'Issuer', an Issuer resource
with the given name in the same namespace as the Certificate will
be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer
with the provided name will be used. The 'name' field in this stanza
is required at all times.
properties:
group:
type: string
kind:
type: string
name:
type: string
required:
- name
type: object
keyAlgorithm:
description: KeyAlgorithm is the private key algorithm of the corresponding
private key for this certificate. If provided, allowed values are
either "rsa" or "ecdsa" If KeyAlgorithm is specified and KeySize is
not provided, key size of 256 will be used for "ecdsa" key algorithm
and key size of 2048 will be used for "rsa" key algorithm.
enum:
- rsa
- ecdsa
type: string
keyEncoding:
description: KeyEncoding is the private key cryptography standards (PKCS)
for this certificate's private key to be encoded in. If provided,
allowed values are "pkcs1" and "pkcs8" standing for PKCS#1 and PKCS#8,
respectively. If KeyEncoding is not specified, then PKCS#1 will be
used by default.
enum:
- pkcs1
- pkcs8
type: string
keySize:
description: KeySize is the key bit size of the corresponding private
key for this certificate. If provided, value must be between 2048
and 8192 inclusive when KeyAlgorithm is empty or is set to "rsa",
and value must be one of (256, 384, 521) when KeyAlgorithm is set
to "ecdsa".
type: integer
organization:
description: Organization is the organization to be used on the Certificate
items:
type: string
type: array
renewBefore:
description: Certificate renew before expiration duration
type: string
secretName:
description: SecretName is the name of the secret resource to store
this secret in
type: string
uriSANs:
description: URISANs is a list of URI Subject Alternative Names to be
set on this Certificate.
items:
type: string
type: array
usages:
description: Usages is the set of x509 actions that are enabled for
a given key. Defaults are ('digital signature', 'key encipherment')
if empty
items:
description: 'KeyUsage specifies valid usage contexts for keys. See:
https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12'
enum:
- signing
- digital signature
- content commitment
- key encipherment
- key agreement
- data encipherment
- cert sign
- crl sign
- encipher only
- decipher only
- any
- server auth
- client auth
- code signing
- email protection
- s/mime
- ipsec end system
- ipsec tunnel
- ipsec user
- timestamping
- ocsp signing
- microsoft sgc
- netscape sgc
type: string
type: array
required:
- issuerRef
- secretName
type: object
status:
description: CertificateStatus defines the observed state of Certificate
properties:
conditions:
items:
description: CertificateCondition contains condition information for
an Certificate.
properties:
lastTransitionTime:
description: LastTransitionTime is the timestamp corresponding
to the last status change of this condition.
format: date-time
type: string
message:
description: Message is a human readable description of the details
of the last transition, complementing reason.
type: string
reason:
description: Reason is a brief machine readable explanation for
the condition's last transition.
type: string
status:
description: Status of the condition, one of ('True', 'False',
'Unknown').
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: Type of the condition, currently ('Ready').
type: string
required:
- status
- type
type: object
type: array
lastFailureTime:
format: date-time
type: string
notAfter:
description: The expiration time of the certificate stored in the secret
named by this resource in spec.secretName.
format: date-time
type: string
type: object
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true

1369
tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_challenges.acme.cert-manager.io.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1655
tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_clusterissuers.cert-manager.io.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1655
tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_issuers.cert-manager.io.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

200
tests/stacks/ibm/application/cert-manager-crds/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_orders.acme.cert-manager.io.yaml Normal file
View File

@ -0,0 +1,200 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: orders.acme.cert-manager.io
spec:
additionalPrinterColumns:
- JSONPath: .status.state
name: State
type: string
- JSONPath: .spec.issuerRef.name
name: Issuer
priority: 1
type: string
- JSONPath: .status.reason
name: Reason
priority: 1
type: string
- JSONPath: .metadata.creationTimestamp
description: CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC.
name: Age
type: date
group: acme.cert-manager.io
names:
kind: Order
listKind: OrderList
plural: orders
singular: order
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: Order is a type to represent an Order with an ACME server
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
commonName:
description: CommonName is the common name as specified on the DER encoded
CSR. If CommonName is not specified, the first DNSName specified will
be used as the CommonName. At least one of CommonName or a DNSNames
must be set. This field must match the corresponding field on the
DER encoded CSR.
type: string
csr:
description: Certificate signing request bytes in DER encoding. This
will be used when finalizing the order. This field must be set on
the order.
format: byte
type: string
dnsNames:
description: DNSNames is a list of DNS names that should be included
as part of the Order validation process. If CommonName is not specified,
the first DNSName specified will be used as the CommonName. At least
one of CommonName or a DNSNames must be set. This field must match
the corresponding field on the DER encoded CSR.
items:
type: string
type: array
issuerRef:
description: IssuerRef references a properly configured ACME-type Issuer
which should be used to create this Order. If the Issuer does not
exist, processing will be retried. If the Issuer is not an 'ACME'
Issuer, an error will be returned and the Order will be marked as
failed.
properties:
group:
type: string
kind:
type: string
name:
type: string
required:
- name
type: object
required:
- csr
- issuerRef
type: object
status:
properties:
authorizations:
description: Authorizations contains data returned from the ACME server
on what authoriations must be completed in order to validate the DNS
names specified on the Order.
items:
description: ACMEAuthorization contains data returned from the ACME
server on an authorization that must be completed in order validate
a DNS name on an ACME Order resource.
properties:
challenges:
description: Challenges specifies the challenge types offered
by the ACME server. One of these challenge types will be selected
when validating the DNS name and an appropriate Challenge resource
will be created to perform the ACME challenge process.
items:
description: Challenge specifies a challenge offered by the
ACME server for an Order. An appropriate Challenge resource
can be created to perform the ACME challenge process.
properties:
token:
description: Token is the token that must be presented for
this challenge. This is used to compute the 'key' that
must also be presented.
type: string
type:
description: Type is the type of challenge being offered,
e.g. http-01, dns-01
type: string
url:
description: URL is the URL of this challenge. It can be
used to retrieve additional metadata about the Challenge
from the ACME server.
type: string
required:
- token
- type
- url
type: object
type: array
identifier:
description: Identifier is the DNS name to be validated as part
of this authorization
type: string
url:
description: URL is the URL of the Authorization that must be
completed
type: string
wildcard:
description: Wildcard will be true if this authorization is for
a wildcard DNS name. If this is true, the identifier will be
the *non-wildcard* version of the DNS name. For example, if
'*.example.com' is the DNS name being validated, this field
will be 'true' and the 'identifier' field will be 'example.com'.
type: boolean
required:
- url
type: object
type: array
certificate:
description: Certificate is a copy of the PEM encoded certificate for
this Order. This field will be populated after the order has been
successfully finalized with the ACME server, and the order has transitioned
to the 'valid' state.
format: byte
type: string
failureTime:
description: FailureTime stores the time that this order failed. This
is used to influence garbage collection and back-off.
format: date-time
type: string
finalizeURL:
description: FinalizeURL of the Order. This is used to obtain certificates
for this order once it has been completed.
type: string
reason:
description: Reason optionally provides more information about a why
the order is in the current state.
type: string
state:
description: State contains the current state of this Order resource.
States 'success' and 'expired' are 'final'
enum:
- valid
- ready
- pending
- processing
- invalid
- expired
- errored
type: string
url:
description: URL of the Order. This will initially be empty when the
resource is first created. The Order controller will populate this
field when the Order is first processed. This field will be immutable
after it is initially set.
type: string
type: object
required:
- metadata
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true

15
tests/stacks/ibm/application/cert-manager-kube-system-resources/kustomize_test.go Normal file
View File

@ -0,0 +1,15 @@
package cert_manager_kube_system_resources
import (
"github.com/kubeflow/manifests/tests"
"testing"
)
func TestKustomize(t *testing.T) {
testCase := &tests.KustomizeTestCase{
Package: "../../../../../stacks/ibm/application/cert-manager-kube-system-resources",
Expected: "test_data/expected",
}
tests.RunTestCase(t, testCase)
}

18
tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager-cainjector:leaderelection.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
labels:
app: cainjector
kustomize.component: cert-manager
name: cert-manager-cainjector:leaderelection
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- create
- update
- patch

18
tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_cert-manager:leaderelection.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
labels:
app: cert-manager
kustomize.component: cert-manager
name: cert-manager:leaderelection
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- create
- update
- patch

17
tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-cainjector:leaderelection.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
labels:
app: cainjector
kustomize.component: cert-manager
name: cert-manager-cainjector:leaderelection
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cert-manager-cainjector:leaderelection
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cert-manager-cainjector
namespace: cert-manager

17
tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager-webhook:webhook-authentication-reader.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
labels:
app: webhook
kustomize.component: cert-manager
name: cert-manager-webhook:webhook-authentication-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cert-manager-webhook
namespace: cert-manager

17
tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_cert-manager:leaderelection.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
labels:
app: cert-manager
kustomize.component: cert-manager
name: cert-manager:leaderelection
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cert-manager:leaderelection
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cert-manager
namespace: cert-manager

9
tests/stacks/ibm/application/cert-manager-kube-system-resources/test_data/expected/~g_v1_configmap_cert-manager-kube-params-parameters.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
data:
certManagerNamespace: cert-manager
kind: ConfigMap
metadata:
labels:
kustomize.component: cert-manager
name: cert-manager-kube-params-parameters
namespace: kube-system

15
tests/stacks/ibm/application/cert-manager/kustomize_test.go Normal file
View File

@ -0,0 +1,15 @@
package cert_manager
import (
"github.com/kubeflow/manifests/tests"
"testing"
)
func TestKustomize(t *testing.T) {
testCase := &tests.KustomizeTestCase{
Package: "../../../../../stacks/ibm/application/cert-manager",
Expected: "test_data/expected",
}
tests.RunTestCase(t, testCase)
}

35
tests/stacks/ibm/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_cert-manager-webhook.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-apiserver-ca: "true"
labels:
app: webhook
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-webhook
webhooks:
- clientConfig:
caBundle: ""
service:
name: kubernetes
namespace: default
path: /apis/webhook.cert-manager.io/v1beta1/mutations
failurePolicy: Fail
name: webhook.cert-manager.io
rules:
- apiGroups:
- cert-manager.io
apiVersions:
- v1alpha2
operations:
- CREATE
- UPDATE
resources:
- certificates
- issuers
- clusterissuers
- orders
- challenges
- certificaterequests

34
tests/stacks/ibm/application/cert-manager/test_data/expected/admissionregistration.k8s.io_v1beta1_validatingwebhookconfiguration_cert-manager-webhook.yaml Normal file
View File

@ -0,0 +1,34 @@
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-apiserver-ca: "true"
labels:
app: webhook
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-webhook
webhooks:
- clientConfig:
caBundle: ""
service:
name: kubernetes
namespace: default
path: /apis/webhook.cert-manager.io/v1beta1/validations
failurePolicy: Fail
name: webhook.certmanager.k8s.io
rules:
- apiGroups:
- cert-manager.io
apiVersions:
- v1alpha2
operations:
- CREATE
- UPDATE
resources:
- certificates
- issuers
- clusterissuers
- certificaterequests
sideEffects: None

19
tests/stacks/ibm/application/cert-manager/test_data/expected/apiregistration.k8s.io_v1beta1_apiservice_v1beta1.webhook.cert-manager.io.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-tls
labels:
app: webhook
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: v1beta1.webhook.cert-manager.io
spec:
group: webhook.cert-manager.io
groupPriorityMinimum: 1000
service:
name: cert-manager-webhook
namespace: cert-manager
version: v1beta1
versionPriority: 15

40
tests/stacks/ibm/application/cert-manager/test_data/expected/app.k8s.io_v1beta1_application_cert-manager.yaml Normal file
View File

@ -0,0 +1,40 @@
apiVersion: app.k8s.io/v1beta1
kind: Application
metadata:
labels:
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager
namespace: cert-manager
spec:
componentKinds:
- group: rbac
kind: ClusterRole
- group: rbac
kind: ClusterRoleBinding
- group: core
kind: Namespace
- group: core
kind: Service
- group: apps
kind: Deployment
- group: core
kind: ServiceAccount
descriptor:
description: Automatically provision and manage TLS certificates in Kubernetes
https://jetstack.io.
keywords:
- cert-manager
links:
- description: About
url: https://github.com/jetstack/cert-manager
type: ""
version: v0.10.0
selector:
matchLabels:
app.kubernetes.io/component: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: kfctl
app.kubernetes.io/name: cert-manager
app.kubernetes.io/part-of: kubeflow

41
tests/stacks/ibm/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-cainjector.yaml Normal file
View File

@ -0,0 +1,41 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: cainjector
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-cainjector
namespace: cert-manager
spec:
replicas: 1
selector:
matchLabels:
app: cainjector
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
template:
metadata:
annotations: null
labels:
app: cainjector
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
spec:
containers:
- args:
- --v=2
- --leader-election-namespace=kube-system
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v0.11.0
imagePullPolicy: IfNotPresent
name: cainjector
resources: {}
serviceAccountName: cert-manager-cainjector

50
tests/stacks/ibm/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager-webhook.yaml Normal file
View File

@ -0,0 +1,50 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: webhook
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-webhook
namespace: cert-manager
spec:
replicas: 1
selector:
matchLabels:
app: webhook
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
template:
metadata:
annotations: null
labels:
app: webhook
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
spec:
containers:
- args:
- --v=2
- --secure-port=6443
- --tls-cert-file=/certs/tls.crt
- --tls-private-key-file=/certs/tls.key
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v0.11.0
imagePullPolicy: IfNotPresent
name: cert-manager
resources: {}
volumeMounts:
- mountPath: /certs
name: certs
serviceAccountName: cert-manager-webhook
volumes:
- name: certs
secret:
secretName: cert-manager-webhook-tls

54
tests/stacks/ibm/application/cert-manager/test_data/expected/apps_v1_deployment_cert-manager.yaml Normal file
View File

@ -0,0 +1,54 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager
namespace: cert-manager
spec:
replicas: 1
selector:
matchLabels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
template:
metadata:
annotations:
prometheus.io/path: /metrics
prometheus.io/port: "9402"
prometheus.io/scrape: "true"
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
spec:
containers:
- args:
- --v=2
- --cluster-resource-namespace=$(POD_NAMESPACE)
- --leader-election-namespace=kube-system
- --webhook-namespace=$(POD_NAMESPACE)
- --webhook-ca-secret=cert-manager-webhook-ca
- --webhook-serving-secret=cert-manager-webhook-tls
- --webhook-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.cert-manager.svc
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v0.11.0
imagePullPolicy: IfNotPresent
name: cert-manager
ports:
- containerPort: 9402
resources:
requests:
cpu: 10m
memory: 32Mi
serviceAccountName: cert-manager

11
tests/stacks/ibm/application/cert-manager/test_data/expected/cert-manager.io_v1alpha2_clusterissuer_kubeflow-self-signing-issuer.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
labels:
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: kubeflow-self-signing-issuer
namespace: cert-manager
spec:
selfSigned: {}

24
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-edit.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit
rules:
- apiGroups:
- cert-manager.io
resources:
- certificates
- certificaterequests
- issuers
verbs:
- create
- delete
- deletecollection
- patch
- update

23
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-view.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: cert-manager-view
rules:
- apiGroups:
- cert-manager.io
resources:
- certificates
- certificaterequests
- issuers
verbs:
- get
- list
- watch

19
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-webhook:webhook-requester.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: webhook
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-webhook:webhook-requester
rules:
- apiGroups:
- admission.cert-manager.io
resources:
- certificates
- certificaterequests
- issuers
- clusterissuers
verbs:
- create

63
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-cainjector.yaml Normal file
View File

@ -0,0 +1,63 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: cainjector
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-cainjector
rules:
- apiGroups:
- cert-manager.io
resources:
- certificates
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- get
- create
- update
- patch
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- get
- list
- watch
- update
- apiGroups:
- apiregistration.k8s.io
resources:
- apiservices
verbs:
- get
- list
- watch
- update
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- update

64
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-certificates.yaml Normal file
View File

@ -0,0 +1,64 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-controller-certificates
rules:
- apiGroups:
- cert-manager.io
resources:
- certificates
- certificates/status
- certificaterequests
- certificaterequests/status
verbs:
- update
- apiGroups:
- cert-manager.io
resources:
- certificates
- certificaterequests
- clusterissuers
- issuers
verbs:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- certificates/finalizers
verbs:
- update
- apiGroups:
- acme.cert-manager.io
resources:
- orders
verbs:
- create
- delete
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

86
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-challenges.yaml Normal file
View File

@ -0,0 +1,86 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-controller-challenges
rules:
- apiGroups:
- acme.cert-manager.io
resources:
- challenges
- challenges/status
verbs:
- update
- apiGroups:
- acme.cert-manager.io
resources:
- challenges
verbs:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- issuers
- clusterissuers
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- pods
- services
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- extensions
- networking.k8s.io/v1
resources:
- ingresses
verbs:
- get
- list
- watch
- create
- delete
- update
- apiGroups:
- acme.cert-manager.io
resources:
- challenges/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch

43
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-clusterissuers.yaml Normal file
View File

@ -0,0 +1,43 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-controller-clusterissuers
rules:
- apiGroups:
- cert-manager.io
resources:
- clusterissuers
- clusterissuers/status
verbs:
- update
- apiGroups:
- cert-manager.io
resources:
- clusterissuers
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

51
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-ingress-shim.yaml Normal file
View File

@ -0,0 +1,51 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-controller-ingress-shim
rules:
- apiGroups:
- cert-manager.io
resources:
- certificates
- certificaterequests
verbs:
- create
- update
- delete
- apiGroups:
- cert-manager.io
resources:
- certificates
- certificaterequests
- issuers
- clusterissuers
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io/v1
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io/v1
resources:
- ingresses/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

43
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-issuers.yaml Normal file
View File

@ -0,0 +1,43 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-controller-issuers
rules:
- apiGroups:
- cert-manager.io
resources:
- issuers
- issuers/status
verbs:
- update
- apiGroups:
- cert-manager.io
resources:
- issuers
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

63
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_cert-manager-controller-orders.yaml Normal file
View File

@ -0,0 +1,63 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-controller-orders
rules:
- apiGroups:
- acme.cert-manager.io
resources:
- orders
- orders/status
verbs:
- update
- apiGroups:
- acme.cert-manager.io
resources:
- orders
- challenges
verbs:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- clusterissuers
- issuers
verbs:
- get
- list
- watch
- apiGroups:
- acme.cert-manager.io
resources:
- challenges
verbs:
- create
- delete
- apiGroups:
- acme.cert-manager.io
resources:
- orders/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

17
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-cainjector.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
app: cainjector
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-cainjector
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager-cainjector
subjects:
- kind: ServiceAccount
name: cert-manager-cainjector
namespace: cert-manager

17
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-certificates.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-controller-certificates
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager-controller-certificates
subjects:
- kind: ServiceAccount
name: cert-manager
namespace: cert-manager

17
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-challenges.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-controller-challenges
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager-controller-challenges
subjects:
- kind: ServiceAccount
name: cert-manager
namespace: cert-manager

17
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-clusterissuers.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-controller-clusterissuers
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager-controller-clusterissuers
subjects:
- kind: ServiceAccount
name: cert-manager
namespace: cert-manager

17
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-ingress-shim.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-controller-ingress-shim
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager-controller-ingress-shim
subjects:
- kind: ServiceAccount
name: cert-manager
namespace: cert-manager

17
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-issuers.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-controller-issuers
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager-controller-issuers
subjects:
- kind: ServiceAccount
name: cert-manager
namespace: cert-manager

17
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-controller-orders.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-controller-orders
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager-controller-orders
subjects:
- kind: ServiceAccount
name: cert-manager
namespace: cert-manager

18
tests/stacks/ibm/application/cert-manager/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_cert-manager-webhook:auth-delegator.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
app: webhook
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-webhook:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cert-manager-webhook
namespace: cert-manager

11
tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_configmap_cert-manager-parameters.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
data:
namespace: cert-manager
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-parameters
namespace: cert-manager

8
tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_namespace_cert-manager.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager

21
tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_service_cert-manager-webhook.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: v1
kind: Service
metadata:
labels:
app: webhook
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager-webhook
namespace: cert-manager
spec:
ports:
- name: https
port: 443
targetPort: 6443
selector:
app: webhook
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
type: ClusterIP

21
tests/stacks/ibm/application/cert-manager/test_data/expected/~g_v1_service_cert-manager.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: v1
kind: Service
metadata:
labels:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
name: cert-manager
namespace: cert-manager
spec:
ports:
- port: 9402
protocol: TCP
targetPort: 9402
selector:
app: cert-manager
app.kubernetes.io/component: cert-manager
app.kubernetes.io/name: cert-manager
kustomize.component: cert-manager
type: ClusterIP

Some files were not shown because too many files have changed in this diff Show More