Added installation manifest for 3.2 release (#4338)
Signed-off-by: Saranya-jena <saranya.jena@harness.io>
This commit is contained in:
Saranya Jena
GitHub
parent
e8258d6846
commit
6307a98f92
|
|
@ -0,0 +1,775 @@
|
|||
### RBAC Manifests
|
||||
## If SELF_AGENT="true" then these permissions are required to apply
|
||||
## https://github.com/litmuschaos/litmus/blob/master/chaoscenter/graphql/server/manifests/cluster/1b_argo_rbac.yaml
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: argo-cr-for-litmusportal-server
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: [pods, pods/exec]
|
||||
verbs: [create, get, list, watch, update, patch, delete]
|
||||
- apiGroups: [""]
|
||||
resources: [configmaps]
|
||||
verbs: [get, watch, list]
|
||||
- apiGroups: [""]
|
||||
resources: [persistentvolumeclaims]
|
||||
verbs: [create, delete]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources: [workflows, workflows/finalizers]
|
||||
verbs: [get, list, watch, update, patch, delete, create]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources:
|
||||
[
|
||||
workflowtemplates,
|
||||
workflowtemplates/finalizers,
|
||||
clusterworkflowtemplates,
|
||||
clusterworkflowtemplates/finalizers,
|
||||
workflowtasksets,
|
||||
]
|
||||
verbs: [get, list, watch]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources: [workflowtaskresults]
|
||||
verbs: [list, watch, deletecollection]
|
||||
- apiGroups: [""]
|
||||
resources: [serviceaccounts]
|
||||
verbs: [get, list]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources: [cronworkflows, cronworkflows/finalizers]
|
||||
verbs: [get, list, watch, update, patch, delete]
|
||||
- apiGroups: [""]
|
||||
resources: [events]
|
||||
verbs: [create, patch]
|
||||
- apiGroups: [policy]
|
||||
resources: [poddisruptionbudgets]
|
||||
verbs: [create, get, delete]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: argo-crb-for-litmusportal-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: argo-cr-for-litmusportal-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
namespace: litmus
|
||||
#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/2b_litmus_rbac.yaml
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: litmus-cluster-scope-for-litmusportal-server
|
||||
labels:
|
||||
app.kubernetes.io/name: litmus
|
||||
# provide unique instance-id if applicable
|
||||
# app.kubernetes.io/instance: litmus-abcxzy
|
||||
app.kubernetes.io/version: 3.2.0
|
||||
app.kubernetes.io/component: operator-clusterrole
|
||||
app.kubernetes.io/part-of: litmus
|
||||
app.kubernetes.io/managed-by: kubectl
|
||||
name: litmus-cluster-scope-for-litmusportal-server
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: [replicationcontrollers, secrets]
|
||||
verbs: [get, list]
|
||||
- apiGroups: [apps.openshift.io]
|
||||
resources: [deploymentconfigs]
|
||||
verbs: [get, list]
|
||||
- apiGroups: [apps]
|
||||
resources: [deployments, daemonsets, replicasets, statefulsets]
|
||||
verbs: [get, list]
|
||||
- apiGroups: [batch]
|
||||
resources: [jobs]
|
||||
verbs: [get, list, deletecollection]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources: [rollouts]
|
||||
verbs: [get, list]
|
||||
- apiGroups: [""]
|
||||
resources: [pods, configmaps, events, services]
|
||||
verbs: [get, create, update, patch, delete, list, watch, deletecollection]
|
||||
- apiGroups: [litmuschaos.io]
|
||||
resources: [chaosengines, chaosexperiments, chaosresults]
|
||||
verbs: [get, create, update, patch, delete, list, watch, deletecollection]
|
||||
- apiGroups: [apiextensions.k8s.io]
|
||||
resources: [customresourcedefinitions]
|
||||
verbs: [list, get]
|
||||
- apiGroups: ["litmuschaos.io"]
|
||||
resources: ["chaosengines/finalizers"]
|
||||
verbs: ["update"]
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leases"]
|
||||
verbs: ["get", "create", "list", "update", "delete"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: litmus-cluster-scope-crb-for-litmusportal-server
|
||||
labels:
|
||||
app.kubernetes.io/name: litmus
|
||||
# provide unique instance-id if applicable
|
||||
# app.kubernetes.io/instance: litmus-abcxzy
|
||||
app.kubernetes.io/version: 3.2.0
|
||||
app.kubernetes.io/component: operator-clusterrolebinding
|
||||
app.kubernetes.io/part-of: litmus
|
||||
app.kubernetes.io/managed-by: kubectl
|
||||
name: litmus-cluster-scope-crb-for-litmusportal-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: litmus-cluster-scope-for-litmusportal-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
namespace: litmus
|
||||
#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/3a_agents_rbac.yaml
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: litmus-admin-cr-for-litmusportal-server
|
||||
labels:
|
||||
name: litmus-admin-cr-for-litmusportal-server
|
||||
rules:
|
||||
# ***************************************************************************************
|
||||
# Permissions needed for preparing and monitor the chaos resources by chaos-runner
|
||||
# ***************************************************************************************
|
||||
|
||||
# The chaos operator watches the chaosengine resource and orchestartes the chaos experiment..
|
||||
## .. by creating the chaos-runner
|
||||
|
||||
# for creating and monitoring the chaos-runner pods
|
||||
- apiGroups: [""]
|
||||
resources: [pods, events]
|
||||
verbs: [create, delete, get, list, patch, update, deletecollection]
|
||||
|
||||
# for fetching configmaps and secrets to inject into chaos-runner pod (if specified)
|
||||
- apiGroups: [""]
|
||||
resources: [secrets, configmaps]
|
||||
verbs: [get, list]
|
||||
|
||||
# for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner
|
||||
- apiGroups: [""]
|
||||
resources: [pods/log]
|
||||
verbs: [get, list, watch]
|
||||
|
||||
# for configuring and monitor the experiment job by chaos-runner pod
|
||||
- apiGroups: [batch]
|
||||
resources: [jobs]
|
||||
verbs: [create, list, get, delete, deletecollection]
|
||||
|
||||
# ********************************************************************
|
||||
# Permissions needed for creation and discovery of chaos experiments
|
||||
# ********************************************************************
|
||||
|
||||
# The helper pods are created by experiment to perform the actual chaos injection ...
|
||||
# ... for a period of chaos duration
|
||||
|
||||
# for creating and deleting the helper or target app pod and events by experiment
|
||||
- apiGroups: [""]
|
||||
resources: [pods]
|
||||
verbs: [create, delete, deletecollection]
|
||||
|
||||
# for creating and monitoring the events for chaos operations
|
||||
- apiGroups: [""]
|
||||
resources: [events]
|
||||
verbs: [create, delete, get, list, patch, update, deletecollection]
|
||||
|
||||
# for monitoring the helper and target app pod
|
||||
- apiGroups: [""]
|
||||
resources: [pods]
|
||||
verbs: [get, list, patch, update]
|
||||
|
||||
# for creating and managing to execute comands inside target container
|
||||
- apiGroups: [""]
|
||||
resources: [pods/exec, pods/eviction, replicationcontrollers]
|
||||
verbs: [get, list, create]
|
||||
|
||||
# for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment
|
||||
- apiGroups: [""]
|
||||
resources: [pods/log]
|
||||
verbs: [get, list, watch]
|
||||
|
||||
# for creating and monitoring liveness services or monitoring target app services during chaos injection
|
||||
- apiGroups: [""]
|
||||
resources: [services]
|
||||
verbs: [create, delete, get, list, delete, deletecollection]
|
||||
|
||||
# for checking the app parent resources as deployments or sts and are eligible chaos candidates
|
||||
- apiGroups: [apps]
|
||||
resources: [deployments, statefulsets]
|
||||
verbs: [list, get, patch, update, create, delete]
|
||||
|
||||
# for checking the app parent resources as replicasets and are eligible chaos candidates
|
||||
- apiGroups: [apps]
|
||||
resources: [replicasets]
|
||||
verbs: [list, get]
|
||||
|
||||
# for checking the app parent resources as deamonsets and are eligible chaos candidates
|
||||
- apiGroups: [apps]
|
||||
resources: [daemonsets]
|
||||
verbs: [list, get, delete]
|
||||
|
||||
# for checking (openshift) app parent resources if they are eligible chaos candidates
|
||||
- apiGroups: [apps.openshift.io]
|
||||
resources: [deploymentconfigs]
|
||||
verbs: [list, get]
|
||||
|
||||
# for checking (argo) app parent resources if they are eligible chaos candidates
|
||||
- apiGroups: [argoproj.io]
|
||||
resources: [rollouts]
|
||||
verbs: [list, get]
|
||||
|
||||
# for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
|
||||
- apiGroups: [litmuschaos.io]
|
||||
resources: [chaosengines, chaosexperiments, chaosresults]
|
||||
verbs: [create, list, get, patch, update, delete]
|
||||
|
||||
# for experiment to perform node status checks and other node level operations like taint, drain in the experiment.
|
||||
- apiGroups: [""]
|
||||
resources: [nodes]
|
||||
verbs: [patch, get, list, update]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: litmus-admin-crb-for-litmusportal-server
|
||||
labels:
|
||||
name: litmus-admin-crb-for-litmusportal-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: litmus-admin-cr-for-litmusportal-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
namespace: litmus
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: chaos-cr-for-litmusportal-server
|
||||
rules:
|
||||
# for managing the pods created by workflow controller to implement individual steps in the workflow
|
||||
- apiGroups: [""]
|
||||
resources: [pods, services, namespaces]
|
||||
verbs: [create, get, watch, patch, delete, list]
|
||||
|
||||
# for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow
|
||||
- apiGroups: [""]
|
||||
resources: [pods/log, secrets, configmaps]
|
||||
verbs: [get, watch, create, delete, patch]
|
||||
|
||||
# for creation & deletion of application in predefined workflows
|
||||
- apiGroups: [apps]
|
||||
resources: [deployments, statefulsets]
|
||||
verbs: [get, watch, patch, create, delete]
|
||||
|
||||
# for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
|
||||
- apiGroups: [litmuschaos.io]
|
||||
resources: [chaosengines, chaosexperiments, chaosresults, chaosschedules]
|
||||
verbs: [create, list, get, patch, delete, watch]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: chaos-crb-for-litmusportal-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: chaos-cr-for-litmusportal-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
namespace: litmus
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: subscriber-cr-for-litmusportal-server
|
||||
namespace: litmus
|
||||
labels:
|
||||
name: subscriber-cr-for-litmusportal-server
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: [configmaps, secrets]
|
||||
verbs: [get, create, delete, update]
|
||||
- apiGroups: [""]
|
||||
resources: [pods/log]
|
||||
verbs: [get, list, watch]
|
||||
- apiGroups: [""]
|
||||
resources: [pods, namespaces, nodes, services]
|
||||
verbs: [get, list, watch]
|
||||
- apiGroups: [litmuschaos.io]
|
||||
resources: [chaosengines, chaosschedules, chaosresults]
|
||||
verbs: [get, list, create, delete, update, watch]
|
||||
- apiGroups: [apps.openshift.io]
|
||||
resources: [deploymentconfigs]
|
||||
verbs: [get, list]
|
||||
- apiGroups: [apps]
|
||||
resources: [deployments, daemonsets, replicasets, statefulsets]
|
||||
verbs: [get, list, delete, deletecollection]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources:
|
||||
[
|
||||
workflows,
|
||||
workflows/finalizers,
|
||||
workflowtemplates,
|
||||
workflowtemplates/finalizers,
|
||||
cronworkflows,
|
||||
cronworkflows/finalizers,
|
||||
clusterworkflowtemplates,
|
||||
clusterworkflowtemplates/finalizers,
|
||||
rollouts,
|
||||
]
|
||||
verbs: [get, list, create, delete, update, watch]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: subscriber-crb-for-litmusportal-server
|
||||
namespace: litmus
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
namespace: litmus
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: subscriber-cr-for-litmusportal-server
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: event-tracker-cr-for-litmusportal-server
|
||||
rules:
|
||||
- apiGroups: [eventtracker.litmuschaos.io]
|
||||
resources: [eventtrackerpolicies]
|
||||
verbs: [create, delete, get, list, patch, update, watch]
|
||||
- apiGroups: [eventtracker.litmuschaos.io]
|
||||
resources: [eventtrackerpolicies/status]
|
||||
verbs: [get, patch, update]
|
||||
- apiGroups: ["", extensions, apps]
|
||||
resources:
|
||||
[deployments, daemonsets, statefulsets, pods, configmaps, secrets]
|
||||
verbs: [get, list, watch]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: event-tracker-crb-for-litmusportal-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: event-tracker-cr-for-litmusportal-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
namespace: litmus
|
||||
# litmus-server-cr is used by the litmusportal-server
|
||||
# If SELF_AGENT=false, then only litmus-server-cr and litmus-server-crb are required.
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: litmus-server-cr
|
||||
rules:
|
||||
- apiGroups: [networking.k8s.io, extensions]
|
||||
resources: [ingresses]
|
||||
verbs: [get]
|
||||
- apiGroups: [""]
|
||||
resources: [services, nodes, pods/log]
|
||||
verbs: [get, watch]
|
||||
- apiGroups: [apiextensions.k8s.io]
|
||||
resources: [customresourcedefinitions]
|
||||
verbs: [create]
|
||||
- apiGroups: [apps]
|
||||
resources: [deployments]
|
||||
verbs: [create]
|
||||
- apiGroups: [""]
|
||||
resources: [configmaps]
|
||||
verbs: [get]
|
||||
- apiGroups: [""]
|
||||
resources: [serviceaccounts]
|
||||
verbs: [create]
|
||||
- apiGroups: [rbac.authorization.k8s.io]
|
||||
resources: [rolebindings, roles, clusterrolebindings, clusterroles]
|
||||
verbs: [create]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: litmus-server-crb
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: litmus-server-cr
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
namespace: litmus
|
||||
## Control plane manifests
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: litmus
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: litmus-server-account
|
||||
namespace: litmus
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: litmus-portal-admin-secret
|
||||
namespace: litmus
|
||||
stringData:
|
||||
JWT_SECRET: "litmus-portal@123"
|
||||
DB_USER: "root"
|
||||
DB_PASSWORD: "1234"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: litmus-portal-admin-config
|
||||
namespace: litmus
|
||||
data:
|
||||
DB_SERVER: mongodb://my-release-mongodb-0.my-release-mongodb-headless:27017,my-release-mongodb-1.my-release-mongodb-headless:27017,my-release-mongodb-2.my-release-mongodb-headless:27017/admin
|
||||
VERSION: "3.2.0"
|
||||
SKIP_SSL_VERIFY: "false"
|
||||
# Configurations if you are using dex for OAuth
|
||||
DEX_ENABLED: "false"
|
||||
OIDC_ISSUER: "http://<Your Domain>:32000"
|
||||
DEX_OAUTH_CALLBACK_URL: "http://<litmus-portal frontend exposed URL>:8080/auth/dex/callback"
|
||||
DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend"
|
||||
DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0"
|
||||
OAuthJwtSecret: "litmus-oauth@123"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: litmusportal-frontend-nginx-configuration
|
||||
namespace: litmus
|
||||
data:
|
||||
nginx.conf: |
|
||||
pid /tmp/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
client_body_temp_path /tmp/client_temp;
|
||||
proxy_temp_path /tmp/proxy_temp_path;
|
||||
fastcgi_temp_path /tmp/fastcgi_temp;
|
||||
uwsgi_temp_path /tmp/uwsgi_temp;
|
||||
scgi_temp_path /tmp/scgi_temp;
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 2048;
|
||||
server_tokens off;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
server {
|
||||
listen 8185 default_server;
|
||||
root /opt/chaos;
|
||||
|
||||
location /health {
|
||||
return 200;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_http_version 1.1;
|
||||
add_header Cache-Control "no-cache";
|
||||
try_files $uri /index.html;
|
||||
autoindex on;
|
||||
}
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
location /auth/ {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass "http://litmusportal-auth-server-service:9003/";
|
||||
}
|
||||
|
||||
location /api/ {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass "http://litmusportal-server-service:9002/";
|
||||
}
|
||||
|
||||
location /ws/ {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass "http://litmusportal-server-service:9002/";
|
||||
}
|
||||
}
|
||||
}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: litmusportal-frontend
|
||||
namespace: litmus
|
||||
labels:
|
||||
component: litmusportal-frontend
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
component: litmusportal-frontend
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: litmusportal-frontend
|
||||
spec:
|
||||
automountServiceAccountToken: false
|
||||
containers:
|
||||
- name: litmusportal-frontend
|
||||
image: litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-frontend:3.2.0
|
||||
imagePullPolicy: Always
|
||||
# securityContext:
|
||||
# runAsUser: 2000
|
||||
# allowPrivilegeEscalation: false
|
||||
# runAsNonRoot: true
|
||||
ports:
|
||||
- containerPort: 8185
|
||||
volumeMounts:
|
||||
- name: nginx-config
|
||||
mountPath: /etc/nginx/nginx.conf
|
||||
subPath: nginx.conf
|
||||
volumes:
|
||||
- name: nginx-config
|
||||
configMap:
|
||||
name: litmusportal-frontend-nginx-configuration
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: litmusportal-frontend-service
|
||||
namespace: litmus
|
||||
spec:
|
||||
type: NodePort
|
||||
ports:
|
||||
- name: http
|
||||
port: 9091
|
||||
targetPort: 8185
|
||||
selector:
|
||||
component: litmusportal-frontend
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: litmusportal-server
|
||||
namespace: litmus
|
||||
labels:
|
||||
component: litmusportal-server
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
component: litmusportal-server
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: litmusportal-server
|
||||
spec:
|
||||
volumes:
|
||||
- name: gitops-storage
|
||||
emptyDir: {}
|
||||
- name: hub-storage
|
||||
emptyDir: {}
|
||||
containers:
|
||||
- name: graphql-server
|
||||
image: litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-server:3.2.0
|
||||
volumeMounts:
|
||||
- mountPath: /tmp/
|
||||
name: gitops-storage
|
||||
- mountPath: /tmp/version
|
||||
name: hub-storage
|
||||
securityContext:
|
||||
runAsUser: 2000
|
||||
allowPrivilegeEscalation: false
|
||||
runAsNonRoot: true
|
||||
readOnlyRootFilesystem: true
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: litmus-portal-admin-config
|
||||
- secretRef:
|
||||
name: litmus-portal-admin-secret
|
||||
env:
|
||||
# if self-signed certificate are used pass the k8s tls secret name created in portal ns, to allow agents to use tls for communication
|
||||
- name: TLS_SECRET_NAME
|
||||
value: ""
|
||||
- name: LITMUS_PORTAL_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: CHAOS_CENTER_SCOPE
|
||||
value: "cluster"
|
||||
- name: SUBSCRIBER_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-subscriber:3.2.0"
|
||||
- name: EVENT_TRACKER_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-event-tracker:3.2.0"
|
||||
- name: ARGO_WORKFLOW_CONTROLLER_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/workflow-controller:v3.3.1"
|
||||
- name: ARGO_WORKFLOW_EXECUTOR_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/argoexec:v3.3.1"
|
||||
- name: LITMUS_CHAOS_OPERATOR_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/chaos-operator:3.2.0"
|
||||
- name: LITMUS_CHAOS_RUNNER_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/chaos-runner:3.2.0"
|
||||
- name: LITMUS_CHAOS_EXPORTER_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/chaos-exporter:3.2.0"
|
||||
- name: SERVER_SERVICE_NAME
|
||||
value: "litmusportal-server-service"
|
||||
- name: INFRA_DEPLOYMENTS
|
||||
value: '["app=chaos-exporter", "name=chaos-operator", "app=workflow-controller", "app=event-tracker"]'
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: CHAOS_CENTER_UI_ENDPOINT
|
||||
value: ""
|
||||
- name: INGRESS
|
||||
value: "false"
|
||||
- name: INGRESS_NAME
|
||||
value: "litmus-ingress"
|
||||
- name: CONTAINER_RUNTIME_EXECUTOR
|
||||
value: "k8sapi"
|
||||
- name: DEFAULT_HUB_BRANCH_NAME
|
||||
value: "v3.2.x"
|
||||
- name: LITMUS_AUTH_GRPC_ENDPOINT
|
||||
value: "litmusportal-auth-server-service"
|
||||
- name: LITMUS_AUTH_GRPC_PORT
|
||||
value: ":3030"
|
||||
- name: WORKFLOW_HELPER_IMAGE_VERSION
|
||||
value: "3.2.0"
|
||||
- name: REMOTE_HUB_MAX_SIZE
|
||||
value: "5000000"
|
||||
- name: INFRA_COMPATIBLE_VERSIONS
|
||||
value: '["3.2.0"]'
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
- containerPort: 8000
|
||||
imagePullPolicy: Always
|
||||
serviceAccountName: litmus-server-account
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: litmusportal-server-service
|
||||
namespace: litmus
|
||||
spec:
|
||||
type: NodePort
|
||||
ports:
|
||||
- name: graphql-server
|
||||
port: 9002
|
||||
targetPort: 8080
|
||||
- name: graphql-rpc-server
|
||||
port: 8000
|
||||
targetPort: 8000
|
||||
selector:
|
||||
component: litmusportal-server
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: litmusportal-auth-server
|
||||
namespace: litmus
|
||||
labels:
|
||||
component: litmusportal-auth-server
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
component: litmusportal-auth-server
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: litmusportal-auth-server
|
||||
spec:
|
||||
automountServiceAccountToken: false
|
||||
containers:
|
||||
- name: auth-server
|
||||
image: litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-auth-server:3.2.0
|
||||
securityContext:
|
||||
runAsUser: 2000
|
||||
allowPrivilegeEscalation: false
|
||||
runAsNonRoot: true
|
||||
readOnlyRootFilesystem: true
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: litmus-portal-admin-config
|
||||
- secretRef:
|
||||
name: litmus-portal-admin-secret
|
||||
env:
|
||||
- name: STRICT_PASSWORD_POLICY
|
||||
value: "false"
|
||||
- name: ADMIN_USERNAME
|
||||
value: "admin"
|
||||
- name: ADMIN_PASSWORD
|
||||
value: "litmus"
|
||||
- name: LITMUS_GQL_GRPC_ENDPOINT
|
||||
value: "litmusportal-server-service"
|
||||
- name: LITMUS_GQL_GRPC_PORT
|
||||
value: ":8000"
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
- containerPort: 3030
|
||||
imagePullPolicy: Always
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: litmusportal-auth-server-service
|
||||
namespace: litmus
|
||||
spec:
|
||||
type: NodePort
|
||||
ports:
|
||||
- name: auth-server
|
||||
port: 9003
|
||||
targetPort: 3000
|
||||
- name: auth-rpc-server
|
||||
port: 3030
|
||||
targetPort: 3030
|
||||
selector:
|
||||
component: litmusportal-auth-server
|
||||
|
|
@ -0,0 +1,802 @@
|
|||
### RBAC Manifests
|
||||
## If SELF_AGENT="true" then these permissions are required to apply
|
||||
## https://github.com/litmuschaos/litmus/blob/master/chaoscenter/graphql/server/manifests/cluster/1b_argo_rbac.yaml
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: argo-cr-for-litmusportal-server
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: [pods, pods/exec]
|
||||
verbs: [create, get, list, watch, update, patch, delete]
|
||||
- apiGroups: [""]
|
||||
resources: [configmaps]
|
||||
verbs: [get, watch, list]
|
||||
- apiGroups: [""]
|
||||
resources: [persistentvolumeclaims]
|
||||
verbs: [create, delete]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources: [workflows, workflows/finalizers]
|
||||
verbs: [get, list, watch, update, patch, delete, create]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources:
|
||||
[
|
||||
workflowtemplates,
|
||||
workflowtemplates/finalizers,
|
||||
clusterworkflowtemplates,
|
||||
clusterworkflowtemplates/finalizers,
|
||||
workflowtasksets,
|
||||
]
|
||||
verbs: [get, list, watch]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources: [workflowtaskresults]
|
||||
verbs: [list, watch, deletecollection]
|
||||
- apiGroups: [""]
|
||||
resources: [serviceaccounts]
|
||||
verbs: [get, list]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources: [cronworkflows, cronworkflows/finalizers]
|
||||
verbs: [get, list, watch, update, patch, delete]
|
||||
- apiGroups: [""]
|
||||
resources: [events]
|
||||
verbs: [create, patch]
|
||||
- apiGroups: [policy]
|
||||
resources: [poddisruptionbudgets]
|
||||
verbs: [create, get, delete]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: argo-crb-for-litmusportal-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: argo-cr-for-litmusportal-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
namespace: litmus
|
||||
#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/2b_litmus_rbac.yaml
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: litmus-cluster-scope-for-litmusportal-server
|
||||
labels:
|
||||
app.kubernetes.io/name: litmus
|
||||
# provide unique instance-id if applicable
|
||||
# app.kubernetes.io/instance: litmus-abcxzy
|
||||
app.kubernetes.io/version: 3.2.0
|
||||
app.kubernetes.io/component: operator-clusterrole
|
||||
app.kubernetes.io/part-of: litmus
|
||||
app.kubernetes.io/managed-by: kubectl
|
||||
name: litmus-cluster-scope-for-litmusportal-server
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: [replicationcontrollers, secrets]
|
||||
verbs: [get, list]
|
||||
- apiGroups: [apps.openshift.io]
|
||||
resources: [deploymentconfigs]
|
||||
verbs: [get, list]
|
||||
- apiGroups: [apps]
|
||||
resources: [deployments, daemonsets, replicasets, statefulsets]
|
||||
verbs: [get, list]
|
||||
- apiGroups: [batch]
|
||||
resources: [jobs]
|
||||
verbs: [get, list, deletecollection]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources: [rollouts]
|
||||
verbs: [get, list]
|
||||
- apiGroups: [""]
|
||||
resources: [pods, configmaps, events, services]
|
||||
verbs: [get, create, update, patch, delete, list, watch, deletecollection]
|
||||
- apiGroups: [litmuschaos.io]
|
||||
resources: [chaosengines, chaosexperiments, chaosresults]
|
||||
verbs: [get, create, update, patch, delete, list, watch, deletecollection]
|
||||
- apiGroups: [apiextensions.k8s.io]
|
||||
resources: [customresourcedefinitions]
|
||||
verbs: [list, get]
|
||||
- apiGroups: ["litmuschaos.io"]
|
||||
resources: ["chaosengines/finalizers"]
|
||||
verbs: ["update"]
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leases"]
|
||||
verbs: ["get", "create", "list", "update", "delete"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: litmus-cluster-scope-crb-for-litmusportal-server
|
||||
labels:
|
||||
app.kubernetes.io/name: litmus
|
||||
# provide unique instance-id if applicable
|
||||
# app.kubernetes.io/instance: litmus-abcxzy
|
||||
app.kubernetes.io/version: 3.2.0
|
||||
app.kubernetes.io/component: operator-clusterrolebinding
|
||||
app.kubernetes.io/part-of: litmus
|
||||
app.kubernetes.io/managed-by: kubectl
|
||||
name: litmus-cluster-scope-crb-for-litmusportal-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: litmus-cluster-scope-for-litmusportal-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
namespace: litmus
|
||||
#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/3a_agents_rbac.yaml
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: litmus-admin-cr-for-litmusportal-server
|
||||
labels:
|
||||
name: litmus-admin-cr-for-litmusportal-server
|
||||
rules:
|
||||
# ***************************************************************************************
|
||||
# Permissions needed for preparing and monitor the chaos resources by chaos-runner
|
||||
# ***************************************************************************************
|
||||
|
||||
# The chaos operator watches the chaosengine resource and orchestartes the chaos experiment..
|
||||
## .. by creating the chaos-runner
|
||||
|
||||
# for creating and monitoring the chaos-runner pods
|
||||
- apiGroups: [""]
|
||||
resources: [pods, events]
|
||||
verbs: [create, delete, get, list, patch, update, deletecollection]
|
||||
|
||||
# for fetching configmaps and secrets to inject into chaos-runner pod (if specified)
|
||||
- apiGroups: [""]
|
||||
resources: [secrets, configmaps]
|
||||
verbs: [get, list]
|
||||
|
||||
# for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner
|
||||
- apiGroups: [""]
|
||||
resources: [pods/log]
|
||||
verbs: [get, list, watch]
|
||||
|
||||
# for configuring and monitor the experiment job by chaos-runner pod
|
||||
- apiGroups: [batch]
|
||||
resources: [jobs]
|
||||
verbs: [create, list, get, delete, deletecollection]
|
||||
|
||||
# ********************************************************************
|
||||
# Permissions needed for creation and discovery of chaos experiments
|
||||
# ********************************************************************
|
||||
|
||||
# The helper pods are created by experiment to perform the actual chaos injection ...
|
||||
# ... for a period of chaos duration
|
||||
|
||||
# for creating and deleting the helper or target app pod and events by experiment
|
||||
- apiGroups: [""]
|
||||
resources: [pods]
|
||||
verbs: [create, delete, deletecollection]
|
||||
|
||||
# for creating and monitoring the events for chaos operations
|
||||
- apiGroups: [""]
|
||||
resources: [events]
|
||||
verbs: [create, delete, get, list, patch, update, deletecollection]
|
||||
|
||||
# for monitoring the helper and target app pod
|
||||
- apiGroups: [""]
|
||||
resources: [pods]
|
||||
verbs: [get, list, patch, update]
|
||||
|
||||
# for creating and managing to execute comands inside target container
|
||||
- apiGroups: [""]
|
||||
resources: [pods/exec, pods/eviction, replicationcontrollers]
|
||||
verbs: [get, list, create]
|
||||
|
||||
# for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment
|
||||
- apiGroups: [""]
|
||||
resources: [pods/log]
|
||||
verbs: [get, list, watch]
|
||||
|
||||
# for creating and monitoring liveness services or monitoring target app services during chaos injection
|
||||
- apiGroups: [""]
|
||||
resources: [services]
|
||||
verbs: [create, delete, get, list, delete, deletecollection]
|
||||
|
||||
# for checking the app parent resources as deployments or sts and are eligible chaos candidates
|
||||
- apiGroups: [apps]
|
||||
resources: [deployments, statefulsets]
|
||||
verbs: [list, get, patch, update, create, delete]
|
||||
|
||||
# for checking the app parent resources as replicasets and are eligible chaos candidates
|
||||
- apiGroups: [apps]
|
||||
resources: [replicasets]
|
||||
verbs: [list, get]
|
||||
|
||||
# for checking the app parent resources as deamonsets and are eligible chaos candidates
|
||||
- apiGroups: [apps]
|
||||
resources: [daemonsets]
|
||||
verbs: [list, get, delete]
|
||||
|
||||
# for checking (openshift) app parent resources if they are eligible chaos candidates
|
||||
- apiGroups: [apps.openshift.io]
|
||||
resources: [deploymentconfigs]
|
||||
verbs: [list, get]
|
||||
|
||||
# for checking (argo) app parent resources if they are eligible chaos candidates
|
||||
- apiGroups: [argoproj.io]
|
||||
resources: [rollouts]
|
||||
verbs: [list, get]
|
||||
|
||||
# for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
|
||||
- apiGroups: [litmuschaos.io]
|
||||
resources: [chaosengines, chaosexperiments, chaosresults]
|
||||
verbs: [create, list, get, patch, update, delete]
|
||||
|
||||
# for experiment to perform node status checks and other node level operations like taint, drain in the experiment.
|
||||
- apiGroups: [""]
|
||||
resources: [nodes]
|
||||
verbs: [patch, get, list, update]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: litmus-admin-crb-for-litmusportal-server
|
||||
labels:
|
||||
name: litmus-admin-crb-for-litmusportal-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: litmus-admin-cr-for-litmusportal-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
namespace: litmus
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: chaos-cr-for-litmusportal-server
|
||||
rules:
|
||||
# for managing the pods created by workflow controller to implement individual steps in the workflow
|
||||
- apiGroups: [""]
|
||||
resources: [pods, services, namespaces]
|
||||
verbs: [create, get, watch, patch, delete, list]
|
||||
|
||||
# for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow
|
||||
- apiGroups: [""]
|
||||
resources: [pods/log, secrets, configmaps]
|
||||
verbs: [get, watch, create, delete, patch]
|
||||
|
||||
# for creation & deletion of application in predefined workflows
|
||||
- apiGroups: [apps]
|
||||
resources: [deployments, statefulsets]
|
||||
verbs: [get, watch, patch, create, delete]
|
||||
|
||||
# for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
|
||||
- apiGroups: [litmuschaos.io]
|
||||
resources: [chaosengines, chaosexperiments, chaosresults, chaosschedules]
|
||||
verbs: [create, list, get, patch, delete, watch]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: chaos-crb-for-litmusportal-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: chaos-cr-for-litmusportal-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
namespace: litmus
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: subscriber-cr-for-litmusportal-server
|
||||
namespace: litmus
|
||||
labels:
|
||||
name: subscriber-cr-for-litmusportal-server
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: [configmaps, secrets]
|
||||
verbs: [get, create, delete, update]
|
||||
- apiGroups: [""]
|
||||
resources: [pods/log]
|
||||
verbs: [get, list, watch]
|
||||
- apiGroups: [""]
|
||||
resources: [pods, namespaces, nodes, services]
|
||||
verbs: [get, list, watch]
|
||||
- apiGroups: [litmuschaos.io]
|
||||
resources: [chaosengines, chaosschedules, chaosresults]
|
||||
verbs: [get, list, create, delete, update, watch]
|
||||
- apiGroups: [apps.openshift.io]
|
||||
resources: [deploymentconfigs]
|
||||
verbs: [get, list]
|
||||
- apiGroups: [apps]
|
||||
resources: [deployments, daemonsets, replicasets, statefulsets]
|
||||
verbs: [get, list, delete, deletecollection]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources:
|
||||
[
|
||||
workflows,
|
||||
workflows/finalizers,
|
||||
workflowtemplates,
|
||||
workflowtemplates/finalizers,
|
||||
cronworkflows,
|
||||
cronworkflows/finalizers,
|
||||
clusterworkflowtemplates,
|
||||
clusterworkflowtemplates/finalizers,
|
||||
rollouts,
|
||||
]
|
||||
verbs: [get, list, create, delete, update, watch]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: subscriber-crb-for-litmusportal-server
|
||||
namespace: litmus
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
namespace: litmus
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: subscriber-cr-for-litmusportal-server
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: event-tracker-cr-for-litmusportal-server
|
||||
rules:
|
||||
- apiGroups: [eventtracker.litmuschaos.io]
|
||||
resources: [eventtrackerpolicies]
|
||||
verbs: [create, delete, get, list, patch, update, watch]
|
||||
- apiGroups: [eventtracker.litmuschaos.io]
|
||||
resources: [eventtrackerpolicies/status]
|
||||
verbs: [get, patch, update]
|
||||
- apiGroups: ["", extensions, apps]
|
||||
resources:
|
||||
[deployments, daemonsets, statefulsets, pods, configmaps, secrets]
|
||||
verbs: [get, list, watch]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: event-tracker-crb-for-litmusportal-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: event-tracker-cr-for-litmusportal-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
namespace: litmus
|
||||
# litmus-server-cr is used by the litmusportal-server
|
||||
# If SELF_AGENT=false, then only litmus-server-cr and litmus-server-crb are required.
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: litmus-server-cr
|
||||
rules:
|
||||
- apiGroups: [networking.k8s.io, extensions]
|
||||
resources: [ingresses]
|
||||
verbs: [get]
|
||||
- apiGroups: [""]
|
||||
resources: [services, nodes, pods/log]
|
||||
verbs: [get, watch]
|
||||
- apiGroups: [apiextensions.k8s.io]
|
||||
resources: [customresourcedefinitions]
|
||||
verbs: [create]
|
||||
- apiGroups: [apps]
|
||||
resources: [deployments]
|
||||
verbs: [create]
|
||||
- apiGroups: [""]
|
||||
resources: [configmaps]
|
||||
verbs: [get]
|
||||
- apiGroups: [""]
|
||||
resources: [serviceaccounts]
|
||||
verbs: [create]
|
||||
- apiGroups: [rbac.authorization.k8s.io]
|
||||
resources: [rolebindings, roles, clusterrolebindings, clusterroles]
|
||||
verbs: [create]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: litmus-server-crb
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: litmus-server-cr
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
namespace: litmus
|
||||
## Control plane manifests
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: litmus
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: litmus-server-account
|
||||
namespace: litmus
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: litmus-portal-admin-secret
|
||||
namespace: litmus
|
||||
stringData:
|
||||
JWT_SECRET: "litmus-portal@123"
|
||||
DB_USER: "root"
|
||||
DB_PASSWORD: "1234"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: litmus-portal-admin-config
|
||||
namespace: litmus
|
||||
data:
|
||||
DB_SERVER: mongodb://my-release-mongodb-0.my-release-mongodb-headless:27017,my-release-mongodb-1.my-release-mongodb-headless:27017,my-release-mongodb-2.my-release-mongodb-headless:27017/admin
|
||||
VERSION: "3.2.0"
|
||||
SKIP_SSL_VERIFY: "false"
|
||||
# Configurations if you are using dex for OAuth
|
||||
DEX_ENABLED: "false"
|
||||
OIDC_ISSUER: "http://<Your Domain>:32000"
|
||||
DEX_OAUTH_CALLBACK_URL: "http://<litmus-portal frontend exposed URL>:8080/auth/dex/callback"
|
||||
DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend"
|
||||
DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0"
|
||||
OAuthJwtSecret: "litmus-oauth@123"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: litmusportal-frontend-nginx-configuration
|
||||
namespace: litmus
|
||||
data:
|
||||
nginx.conf: |
|
||||
pid /tmp/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
client_body_temp_path /tmp/client_temp;
|
||||
proxy_temp_path /tmp/proxy_temp_path;
|
||||
fastcgi_temp_path /tmp/fastcgi_temp;
|
||||
uwsgi_temp_path /tmp/uwsgi_temp;
|
||||
scgi_temp_path /tmp/scgi_temp;
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 2048;
|
||||
server_tokens off;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
server {
|
||||
listen 8185 default_server;
|
||||
root /opt/chaos;
|
||||
|
||||
location /health {
|
||||
return 200;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_http_version 1.1;
|
||||
add_header Cache-Control "no-cache";
|
||||
try_files $uri /index.html;
|
||||
autoindex on;
|
||||
}
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
location /auth/ {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass "http://litmusportal-auth-server-service:9003/";
|
||||
}
|
||||
|
||||
location /api/ {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass "http://litmusportal-server-service:9002/";
|
||||
}
|
||||
|
||||
location /ws/ {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass "http://litmusportal-server-service:9002/";
|
||||
}
|
||||
}
|
||||
}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: litmusportal-frontend
|
||||
namespace: litmus
|
||||
labels:
|
||||
component: litmusportal-frontend
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
component: litmusportal-frontend
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: litmusportal-frontend
|
||||
spec:
|
||||
automountServiceAccountToken: false
|
||||
containers:
|
||||
- name: litmusportal-frontend
|
||||
image: litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-frontend:3.2.0
|
||||
imagePullPolicy: Always
|
||||
# securityContext:
|
||||
# runAsUser: 2000
|
||||
# allowPrivilegeEscalation: false
|
||||
# runAsNonRoot: true
|
||||
ports:
|
||||
- containerPort: 8185
|
||||
resources:
|
||||
requests:
|
||||
memory: "150Mi"
|
||||
cpu: "125m"
|
||||
ephemeral-storage: "500Mi"
|
||||
limits:
|
||||
memory: "512Mi"
|
||||
cpu: "550m"
|
||||
ephemeral-storage: "1Gi"
|
||||
volumeMounts:
|
||||
- name: nginx-config
|
||||
mountPath: /etc/nginx/nginx.conf
|
||||
subPath: nginx.conf
|
||||
volumes:
|
||||
- name: nginx-config
|
||||
configMap:
|
||||
name: litmusportal-frontend-nginx-configuration
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: litmusportal-frontend-service
|
||||
namespace: litmus
|
||||
spec:
|
||||
type: NodePort
|
||||
ports:
|
||||
- name: http
|
||||
port: 9091
|
||||
targetPort: 8185
|
||||
selector:
|
||||
component: litmusportal-frontend
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: litmusportal-server
|
||||
namespace: litmus
|
||||
labels:
|
||||
component: litmusportal-server
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
component: litmusportal-server
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: litmusportal-server
|
||||
spec:
|
||||
volumes:
|
||||
- name: gitops-storage
|
||||
emptyDir: {}
|
||||
- name: hub-storage
|
||||
emptyDir: {}
|
||||
containers:
|
||||
- name: graphql-server
|
||||
image: litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-server:3.2.0
|
||||
volumeMounts:
|
||||
- mountPath: /tmp/
|
||||
name: gitops-storage
|
||||
- mountPath: /tmp/version
|
||||
name: hub-storage
|
||||
securityContext:
|
||||
runAsUser: 2000
|
||||
allowPrivilegeEscalation: false
|
||||
runAsNonRoot: true
|
||||
readOnlyRootFilesystem: true
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: litmus-portal-admin-config
|
||||
- secretRef:
|
||||
name: litmus-portal-admin-secret
|
||||
env:
|
||||
# if self-signed certificate are used pass the k8s tls secret name created in portal ns, to allow agents to use tls for communication
|
||||
- name: TLS_SECRET_NAME
|
||||
value: ""
|
||||
- name: LITMUS_PORTAL_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: CHAOS_CENTER_SCOPE
|
||||
value: "cluster"
|
||||
- name: SUBSCRIBER_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-subscriber:3.2.0"
|
||||
- name: EVENT_TRACKER_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-event-tracker:3.2.0"
|
||||
- name: ARGO_WORKFLOW_CONTROLLER_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/workflow-controller:v3.3.1"
|
||||
- name: ARGO_WORKFLOW_EXECUTOR_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/argoexec:v3.3.1"
|
||||
- name: LITMUS_CHAOS_OPERATOR_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/chaos-operator:3.2.0"
|
||||
- name: LITMUS_CHAOS_RUNNER_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/chaos-runner:3.2.0"
|
||||
- name: LITMUS_CHAOS_EXPORTER_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/chaos-exporter:3.2.0"
|
||||
- name: SERVER_SERVICE_NAME
|
||||
value: "litmusportal-server-service"
|
||||
- name: INFRA_DEPLOYMENTS
|
||||
value: '["app=chaos-exporter", "name=chaos-operator", "app=workflow-controller", "app=event-tracker"]'
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: CHAOS_CENTER_UI_ENDPOINT
|
||||
value: ""
|
||||
- name: INGRESS
|
||||
value: "false"
|
||||
- name: INGRESS_NAME
|
||||
value: "litmus-ingress"
|
||||
- name: CONTAINER_RUNTIME_EXECUTOR
|
||||
value: "k8sapi"
|
||||
- name: DEFAULT_HUB_BRANCH_NAME
|
||||
value: "v3.2.x"
|
||||
- name: LITMUS_AUTH_GRPC_ENDPOINT
|
||||
value: "litmusportal-auth-server-service"
|
||||
- name: LITMUS_AUTH_GRPC_PORT
|
||||
value: ":3030"
|
||||
- name: WORKFLOW_HELPER_IMAGE_VERSION
|
||||
value: "3.2.0"
|
||||
- name: REMOTE_HUB_MAX_SIZE
|
||||
value: "5000000"
|
||||
- name: INFRA_COMPATIBLE_VERSIONS
|
||||
value: '["3.2.0"]'
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
- containerPort: 8000
|
||||
imagePullPolicy: Always
|
||||
resources:
|
||||
requests:
|
||||
memory: "250Mi"
|
||||
cpu: "225m"
|
||||
ephemeral-storage: "500Mi"
|
||||
limits:
|
||||
memory: "712Mi"
|
||||
cpu: "550m"
|
||||
ephemeral-storage: "1Gi"
|
||||
serviceAccountName: litmus-server-account
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: litmusportal-server-service
|
||||
namespace: litmus
|
||||
spec:
|
||||
type: NodePort
|
||||
ports:
|
||||
- name: graphql-server
|
||||
port: 9002
|
||||
targetPort: 8080
|
||||
- name: graphql-rpc-server
|
||||
port: 8000
|
||||
targetPort: 8000
|
||||
selector:
|
||||
component: litmusportal-server
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: litmusportal-auth-server
|
||||
namespace: litmus
|
||||
labels:
|
||||
component: litmusportal-auth-server
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
component: litmusportal-auth-server
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: litmusportal-auth-server
|
||||
spec:
|
||||
automountServiceAccountToken: false
|
||||
containers:
|
||||
- name: auth-server
|
||||
image: litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-auth-server:3.2.0
|
||||
securityContext:
|
||||
runAsUser: 2000
|
||||
allowPrivilegeEscalation: false
|
||||
runAsNonRoot: true
|
||||
readOnlyRootFilesystem: true
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: litmus-portal-admin-config
|
||||
- secretRef:
|
||||
name: litmus-portal-admin-secret
|
||||
env:
|
||||
- name: STRICT_PASSWORD_POLICY
|
||||
value: "false"
|
||||
- name: ADMIN_USERNAME
|
||||
value: "admin"
|
||||
- name: ADMIN_PASSWORD
|
||||
value: "litmus"
|
||||
- name: LITMUS_GQL_GRPC_ENDPOINT
|
||||
value: "litmusportal-server-service"
|
||||
- name: LITMUS_GQL_GRPC_PORT
|
||||
value: ":8000"
|
||||
resources:
|
||||
requests:
|
||||
memory: "250Mi"
|
||||
cpu: "225m"
|
||||
ephemeral-storage: "500Mi"
|
||||
limits:
|
||||
memory: "712Mi"
|
||||
cpu: "550m"
|
||||
ephemeral-storage: "1Gi"
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
- containerPort: 3030
|
||||
imagePullPolicy: Always
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: litmusportal-auth-server-service
|
||||
namespace: litmus
|
||||
spec:
|
||||
type: NodePort
|
||||
ports:
|
||||
- name: auth-server
|
||||
port: 9003
|
||||
targetPort: 3000
|
||||
- name: auth-rpc-server
|
||||
port: 3030
|
||||
targetPort: 3030
|
||||
selector:
|
||||
component: litmusportal-auth-server
|
||||
|
|
@ -0,0 +1,763 @@
|
|||
### RBAC Manifests
|
||||
## If SELF_AGENT="true" then these permissions are required to apply
|
||||
## https://github.com/litmuschaos/litmus/blob/master/chaoscenter/graphql/server/manifests/cluster/1b_argo_rbac.yaml
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: argo-role-for-litmusportal-server
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: [pods, pods/exec]
|
||||
verbs: [create, get, list, watch, update, patch, delete]
|
||||
- apiGroups: [""]
|
||||
resources: [configmaps]
|
||||
verbs: [get, watch, list]
|
||||
- apiGroups: [""]
|
||||
resources: [persistentvolumeclaims]
|
||||
verbs: [create, delete]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources: [workflows, workflows/finalizers]
|
||||
verbs: [get, list, watch, update, patch, delete, create]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources:
|
||||
[workflowtemplates, workflowtemplates/finalizers, workflowtasksets]
|
||||
verbs: [get, list, watch]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources: [workflowtaskresults]
|
||||
verbs: [list, watch, deletecollection]
|
||||
- apiGroups: [""]
|
||||
resources: [serviceaccounts]
|
||||
verbs: [get, list]
|
||||
- apiGroups: [""]
|
||||
resources: [secrets]
|
||||
verbs: [get]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources: [cronworkflows, cronworkflows/finalizers]
|
||||
verbs: [get, list, watch, update, patch, delete]
|
||||
- apiGroups: [""]
|
||||
resources: [events]
|
||||
verbs: [create, patch]
|
||||
- apiGroups: [policy]
|
||||
resources: [poddisruptionbudgets]
|
||||
verbs: [create, get, delete]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: argo-rb-for-litmusportal-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: argo-role-for-litmusportal-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: litmus-namespace-scope-for-litmusportal-server
|
||||
labels:
|
||||
app.kubernetes.io/name: litmus
|
||||
# provide unique instance-id if applicable
|
||||
# app.kubernetes.io/instance: litmus-abcxzy
|
||||
app.kubernetes.io/version: 3.2.0
|
||||
app.kubernetes.io/component: operator-role
|
||||
app.kubernetes.io/part-of: litmus
|
||||
app.kubernetes.io/managed-by: kubectl
|
||||
name: litmus-namespace-scope-for-litmusportal-server
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: [replicationcontrollers, secrets]
|
||||
verbs: [get, list]
|
||||
- apiGroups: [apps.openshift.io]
|
||||
resources: [deploymentconfigs]
|
||||
verbs: [get, list]
|
||||
- apiGroups: [apps]
|
||||
resources: [deployments, daemonsets, replicasets, statefulsets]
|
||||
verbs: [get, list, update]
|
||||
- apiGroups: [batch]
|
||||
resources: [jobs]
|
||||
verbs: [get, list, create, deletecollection]
|
||||
- apiGroups: [argoproj.io]
|
||||
resources: [rollouts]
|
||||
verbs: [get, list]
|
||||
- apiGroups: [""]
|
||||
resources: [pods, pods/exec, configmaps, events, services]
|
||||
verbs: [get, create, update, patch, delete, list, watch, deletecollection]
|
||||
- apiGroups: [litmuschaos.io]
|
||||
resources: [chaosengines, chaosexperiments, chaosresults]
|
||||
verbs: [get, create, update, patch, delete, list, watch, deletecollection]
|
||||
- apiGroups: ["litmuschaos.io"]
|
||||
resources: ["chaosengines/finalizers"]
|
||||
verbs: ["update"]
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leases"]
|
||||
verbs: ["get", "create", "list", "update", "delete"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: litmus-namespace-scope-rb-for-litmusportal-server
|
||||
labels:
|
||||
app.kubernetes.io/name: litmus
|
||||
# provide unique instance-id if applicable
|
||||
# app.kubernetes.io/instance: litmus-abcxzy
|
||||
app.kubernetes.io/version: 3.2.0
|
||||
app.kubernetes.io/component: operator-rolebinding
|
||||
app.kubernetes.io/part-of: litmus
|
||||
app.kubernetes.io/managed-by: kubectl
|
||||
name: litmus-namespace-scope-rb-for-litmusportal-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: litmus-namespace-scope-for-litmusportal-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/namespace/3a_agents_rbac.yaml
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: subscriber-role-for-litmusportal-server
|
||||
labels:
|
||||
name: subscriber-role-for-litmusportal-server
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: [configmaps, secrets]
|
||||
verbs: [get, create, delete, update]
|
||||
|
||||
- apiGroups: [""]
|
||||
resources: [pods/log]
|
||||
verbs: [get, list, watch]
|
||||
|
||||
- apiGroups: [""]
|
||||
resources: [pods, services]
|
||||
verbs: [get, list, watch]
|
||||
|
||||
- apiGroups: [litmuschaos.io]
|
||||
resources: [chaosengines, chaosschedules, chaosresults]
|
||||
verbs: [get, list, create, delete, update, watch]
|
||||
|
||||
- apiGroups: [apps.openshift.io]
|
||||
resources: [deploymentconfigs]
|
||||
verbs: [get, list]
|
||||
|
||||
- apiGroups: [apps]
|
||||
resources: [deployments, daemonsets, replicasets, statefulsets]
|
||||
verbs: [get, list, delete, deletecollection]
|
||||
|
||||
- apiGroups: [argoproj.io]
|
||||
resources:
|
||||
[
|
||||
workflows,
|
||||
workflows/finalizers,
|
||||
workflowtemplates,
|
||||
workflowtemplates/finalizers,
|
||||
cronworkflows,
|
||||
cronworkflows/finalizers,
|
||||
rollouts,
|
||||
]
|
||||
verbs: [get, list, create, delete, update, watch]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: subscriber-rb-for-litmusportal-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: subscriber-role-for-litmusportal-server
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: litmus-admin-role-for-litmusportal-server
|
||||
labels:
|
||||
name: litmus-admin-role-for-litmusportal-server
|
||||
rules:
|
||||
# ***************************************************************************************
|
||||
# Permissions needed for preparing and monitor the chaos resources by chaos-runner
|
||||
# ***************************************************************************************
|
||||
|
||||
# The chaos operator watches the chaosengine resource and orchestartes the chaos experiment..
|
||||
## .. by creating the chaos-runner
|
||||
|
||||
# for creating and monitoring the chaos-runner pods
|
||||
- apiGroups: [""]
|
||||
resources: [pods, events]
|
||||
verbs: [create, delete, get, list, patch, update, deletecollection]
|
||||
|
||||
# for fetching configmaps and secrets to inject into chaos-runner pod (if specified)
|
||||
- apiGroups: [""]
|
||||
resources: [secrets, configmaps]
|
||||
verbs: [get, list]
|
||||
|
||||
# for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner
|
||||
- apiGroups: [""]
|
||||
resources: [pods/log]
|
||||
verbs: [get, list, watch]
|
||||
|
||||
# for configuring and monitor the experiment job by chaos-runner pod
|
||||
- apiGroups: [batch]
|
||||
resources: [jobs]
|
||||
verbs: [create, list, get, delete, deletecollection]
|
||||
|
||||
# ********************************************************************
|
||||
# Permissions needed for creation and discovery of chaos experiments
|
||||
# ********************************************************************
|
||||
|
||||
# The helper pods are created by experiment to perform the actual chaos injection ...
|
||||
# ... for a period of chaos duration
|
||||
|
||||
# for creating and deleting the helper or target app pod and events by experiment
|
||||
- apiGroups: [""]
|
||||
resources: [pods]
|
||||
verbs: [create, delete, deletecollection]
|
||||
|
||||
# for creating and monitoring the events for chaos operations
|
||||
- apiGroups: [""]
|
||||
resources: [events]
|
||||
verbs: [create, delete, get, list, patch, update, deletecollection]
|
||||
|
||||
# for monitoring the helper and target app pod
|
||||
- apiGroups: [""]
|
||||
resources: [pods]
|
||||
verbs: [get, list, patch, update]
|
||||
|
||||
# for creating and managing to execute comands inside target container
|
||||
- apiGroups: [""]
|
||||
resources: [pods/exec, pods/eviction, replicationcontrollers]
|
||||
verbs: [get, list, create]
|
||||
|
||||
# for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment
|
||||
- apiGroups: [""]
|
||||
resources: [pods/log]
|
||||
verbs: [get, list, watch]
|
||||
|
||||
# for creating and monitoring liveness services or monitoring target app services during chaos injection
|
||||
- apiGroups: [""]
|
||||
resources: [services]
|
||||
verbs: [create, delete, get, list, delete, deletecollection]
|
||||
|
||||
# for checking the app parent resources as deployments or sts and are eligible chaos candidates
|
||||
- apiGroups: [apps]
|
||||
resources: [deployments, statefulsets]
|
||||
verbs: [list, get, patch, update, create, delete]
|
||||
|
||||
# for checking the app parent resources as replicasets and are eligible chaos candidates
|
||||
- apiGroups: [apps]
|
||||
resources: [replicasets]
|
||||
verbs: [list, get]
|
||||
|
||||
# for checking the app parent resources as deamonsets and are eligible chaos candidates
|
||||
- apiGroups: [apps]
|
||||
resources: [daemonsets]
|
||||
verbs: [list, get, delete]
|
||||
|
||||
# for checking (openshift) app parent resources if they are eligible chaos candidates
|
||||
- apiGroups: [apps.openshift.io]
|
||||
resources: [deploymentconfigs]
|
||||
verbs: [list, get]
|
||||
|
||||
# for checking (argo) app parent resources if they are eligible chaos candidates
|
||||
- apiGroups: [argoproj.io]
|
||||
resources: [rollouts]
|
||||
verbs: [list, get]
|
||||
|
||||
# for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
|
||||
- apiGroups: [litmuschaos.io]
|
||||
resources: [chaosengines, chaosexperiments, chaosresults]
|
||||
verbs: [create, list, get, patch, update, delete]
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: litmus-admin-rb-for-litmusportal-server
|
||||
labels:
|
||||
name: litmus-admin-rb-for-litmusportal-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: litmus-admin-role-for-litmusportal-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: chaos-role-for-litmusportal-server
|
||||
rules:
|
||||
# for managing the pods created by workflow controller to implement individual steps in the workflow
|
||||
- apiGroups: [""]
|
||||
resources: [pods, services]
|
||||
verbs: [create, get, watch, patch, delete, list]
|
||||
|
||||
# for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow
|
||||
- apiGroups: [""]
|
||||
resources: [pods/log, secrets, configmaps]
|
||||
verbs: [get, watch, create, delete, patch]
|
||||
|
||||
# for creation & deletion of application in predefined workflows
|
||||
- apiGroups: [apps]
|
||||
resources: [deployments, statefulsets]
|
||||
verbs: [get, watch, patch, create, delete]
|
||||
|
||||
# for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
|
||||
- apiGroups: [litmuschaos.io]
|
||||
resources: [chaosengines, chaosexperiments, chaosresults, chaosschedules]
|
||||
verbs: [create, list, get, patch, delete, watch]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: chaos-rb-for-litmusportal-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: chaos-role-for-litmusportal-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: event-tracker-role-for-litmusportal-server
|
||||
rules:
|
||||
- apiGroups: [eventtracker.litmuschaos.io]
|
||||
resources: [eventtrackerpolicies]
|
||||
verbs: [create, delete, get, list, patch, update, watch]
|
||||
- apiGroups: [eventtracker.litmuschaos.io]
|
||||
resources: [eventtrackerpolicies/status]
|
||||
verbs: [get, patch, update]
|
||||
- apiGroups: [""]
|
||||
resources: [pods, configmaps, secrets]
|
||||
verbs: [get, list, watch]
|
||||
- apiGroups: [extensions, apps]
|
||||
resources: [deployments, daemonsets, statefulsets]
|
||||
verbs: [get, list, watch]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: event-tracker-rb-for-litmusportal-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: event-tracker-role-for-litmusportal-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
# litmus-server-role is used by the litmusportal-server
|
||||
# If SELF_AGENT=false, then only litmus-server-role and litmus-server-rb are required.
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: litmus-server-role
|
||||
rules:
|
||||
- apiGroups: [networking.k8s.io, extensions]
|
||||
resources: [ingresses]
|
||||
verbs: [get]
|
||||
- apiGroups: [""]
|
||||
resources: [services, pods/log]
|
||||
verbs: [get, watch]
|
||||
- apiGroups: [apps]
|
||||
resources: [deployments]
|
||||
verbs: [create]
|
||||
- apiGroups: [""]
|
||||
resources: [configmaps]
|
||||
verbs: [get]
|
||||
- apiGroups: [""]
|
||||
resources: [serviceaccounts]
|
||||
verbs: [create]
|
||||
- apiGroups: [rbac.authorization.k8s.io]
|
||||
resources: [rolebindings, roles]
|
||||
verbs: [create]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: litmus-server-rb
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: litmus-server-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: litmus-server-account
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: litmus-server-account
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: litmus-portal-admin-secret
|
||||
stringData:
|
||||
JWT_SECRET: "litmus-portal@123"
|
||||
DB_USER: "root"
|
||||
DB_PASSWORD: "1234"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: litmus-portal-admin-config
|
||||
data:
|
||||
DB_SERVER: mongodb://my-release-mongodb-0.my-release-mongodb-headless:27017,my-release-mongodb-1.my-release-mongodb-headless:27017,my-release-mongodb-2.my-release-mongodb-headless:27017/admin
|
||||
VERSION: "3.2.0"
|
||||
SKIP_SSL_VERIFY: "false"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: litmusportal-frontend-nginx-configuration
|
||||
data:
|
||||
nginx.conf: |
|
||||
pid /tmp/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
client_body_temp_path /tmp/client_temp;
|
||||
proxy_temp_path /tmp/proxy_temp_path;
|
||||
fastcgi_temp_path /tmp/fastcgi_temp;
|
||||
uwsgi_temp_path /tmp/uwsgi_temp;
|
||||
scgi_temp_path /tmp/scgi_temp;
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 2048;
|
||||
server_tokens off;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
server {
|
||||
listen 8185 default_server;
|
||||
root /opt/chaos;
|
||||
|
||||
location /health {
|
||||
return 200;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_http_version 1.1;
|
||||
add_header Cache-Control "no-cache";
|
||||
try_files $uri /index.html;
|
||||
autoindex on;
|
||||
}
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
location /auth/ {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass "http://litmusportal-auth-server-service:9003/";
|
||||
}
|
||||
|
||||
location /api/ {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass "http://litmusportal-server-service:9002/";
|
||||
}
|
||||
|
||||
location /ws/ {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass "http://litmusportal-server-service:9002/";
|
||||
}
|
||||
}
|
||||
}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: litmusportal-frontend
|
||||
labels:
|
||||
component: litmusportal-frontend
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
component: litmusportal-frontend
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: litmusportal-frontend
|
||||
spec:
|
||||
automountServiceAccountToken: false
|
||||
containers:
|
||||
- name: litmusportal-frontend
|
||||
image: litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-frontend:3.2.0
|
||||
# securityContext:
|
||||
# runAsUser: 2000
|
||||
# allowPrivilegeEscalation: false
|
||||
# runAsNonRoot: true
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 8185
|
||||
resources:
|
||||
requests:
|
||||
memory: "250Mi"
|
||||
cpu: "125m"
|
||||
ephemeral-storage: "500Mi"
|
||||
limits:
|
||||
memory: "512Mi"
|
||||
cpu: "550m"
|
||||
ephemeral-storage: "1Gi"
|
||||
volumeMounts:
|
||||
- name: nginx-config
|
||||
mountPath: /etc/nginx/nginx.conf
|
||||
subPath: nginx.conf
|
||||
volumes:
|
||||
- name: nginx-config
|
||||
configMap:
|
||||
name: litmusportal-frontend-nginx-configuration
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: litmusportal-frontend-service
|
||||
spec:
|
||||
type: NodePort
|
||||
ports:
|
||||
- name: http
|
||||
port: 9091
|
||||
targetPort: 8185
|
||||
selector:
|
||||
component: litmusportal-frontend
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: litmusportal-server
|
||||
labels:
|
||||
component: litmusportal-server
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
component: litmusportal-server
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: litmusportal-server
|
||||
spec:
|
||||
volumes:
|
||||
- name: gitops-storage
|
||||
emptyDir: {}
|
||||
- name: hub-storage
|
||||
emptyDir: {}
|
||||
containers:
|
||||
- name: graphql-server
|
||||
image: litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-server:3.2.0
|
||||
volumeMounts:
|
||||
- mountPath: /tmp/
|
||||
name: gitops-storage
|
||||
- mountPath: /tmp/version
|
||||
name: hub-storage
|
||||
securityContext:
|
||||
runAsUser: 2000
|
||||
allowPrivilegeEscalation: false
|
||||
runAsNonRoot: true
|
||||
readOnlyRootFilesystem: true
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: litmus-portal-admin-config
|
||||
- secretRef:
|
||||
name: litmus-portal-admin-secret
|
||||
env:
|
||||
- name: LITMUS_PORTAL_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: INFRA_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
# if self-signed certificate are used pass the base64 tls certificate, to allow agents to use tls for communication
|
||||
- name: TLS_CERT_B64
|
||||
value: ""
|
||||
- name: CHAOS_CENTER_SCOPE
|
||||
value: "namespace"
|
||||
- name: INFRA_DEPLOYMENTS
|
||||
value: '["app=chaos-exporter", "name=chaos-operator", "app=workflow-controller", "app=event-tracker"]'
|
||||
- name: SERVER_SERVICE_NAME
|
||||
value: "litmusportal-server-service"
|
||||
- name: CHAOS_CENTER_UI_ENDPOINT
|
||||
value: ""
|
||||
- name: SUBSCRIBER_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-subscriber:3.2.0"
|
||||
- name: EVENT_TRACKER_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-event-tracker:3.2.0"
|
||||
- name: ARGO_WORKFLOW_CONTROLLER_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/workflow-controller:v3.3.1"
|
||||
- name: ARGO_WORKFLOW_EXECUTOR_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/argoexec:v3.3.1"
|
||||
- name: LITMUS_CHAOS_OPERATOR_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/chaos-operator:3.2.0"
|
||||
- name: LITMUS_CHAOS_RUNNER_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/chaos-runner:3.2.0"
|
||||
- name: LITMUS_CHAOS_EXPORTER_IMAGE
|
||||
value: "litmuschaos.docker.scarf.sh/litmuschaos/chaos-exporter:3.2.0"
|
||||
- name: CONTAINER_RUNTIME_EXECUTOR
|
||||
value: "k8sapi"
|
||||
- name: DEFAULT_HUB_BRANCH_NAME
|
||||
value: "v3.2.x"
|
||||
- name: LITMUS_AUTH_GRPC_ENDPOINT
|
||||
value: "litmusportal-auth-server-service"
|
||||
- name: LITMUS_AUTH_GRPC_PORT
|
||||
value: ":3030"
|
||||
- name: WORKFLOW_HELPER_IMAGE_VERSION
|
||||
value: "3.2.0"
|
||||
- name: REMOTE_HUB_MAX_SIZE
|
||||
value: "5000000"
|
||||
- name: INGRESS
|
||||
value: "false"
|
||||
- name: INGRESS_NAME
|
||||
value: "litmus-ingress"
|
||||
- name: INFRA_COMPATIBLE_VERSIONS
|
||||
value: '["3.2.0"]'
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
- containerPort: 8000
|
||||
imagePullPolicy: Always
|
||||
resources:
|
||||
requests:
|
||||
memory: "250Mi"
|
||||
cpu: "225m"
|
||||
ephemeral-storage: "500Mi"
|
||||
limits:
|
||||
memory: "712Mi"
|
||||
cpu: "550m"
|
||||
ephemeral-storage: "1Gi"
|
||||
serviceAccountName: litmus-server-account
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: litmusportal-server-service
|
||||
spec:
|
||||
type: NodePort
|
||||
ports:
|
||||
- name: graphql-server
|
||||
port: 9002
|
||||
targetPort: 8080
|
||||
- name: graphql-rpc-server
|
||||
port: 8000
|
||||
targetPort: 8000
|
||||
selector:
|
||||
component: litmusportal-server
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: litmusportal-auth-server
|
||||
labels:
|
||||
component: litmusportal-auth-server
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
component: litmusportal-auth-server
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: litmusportal-auth-server
|
||||
spec:
|
||||
automountServiceAccountToken: false
|
||||
containers:
|
||||
- name: auth-server
|
||||
image: litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-auth-server:3.2.0
|
||||
securityContext:
|
||||
runAsUser: 2000
|
||||
allowPrivilegeEscalation: false
|
||||
runAsNonRoot: true
|
||||
readOnlyRootFilesystem: true
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: litmus-portal-admin-config
|
||||
- secretRef:
|
||||
name: litmus-portal-admin-secret
|
||||
env:
|
||||
- name: STRICT_PASSWORD_POLICY
|
||||
value: "false"
|
||||
- name: ADMIN_USERNAME
|
||||
value: "admin"
|
||||
- name: ADMIN_PASSWORD
|
||||
value: "litmus"
|
||||
- name: LITMUS_GQL_GRPC_ENDPOINT
|
||||
value: "litmusportal-server-service"
|
||||
- name: LITMUS_GQL_GRPC_PORT
|
||||
value: ":8000"
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
- containerPort: 3030
|
||||
imagePullPolicy: Always
|
||||
resources:
|
||||
requests:
|
||||
memory: "250Mi"
|
||||
cpu: "125m"
|
||||
ephemeral-storage: "500Mi"
|
||||
limits:
|
||||
memory: "712Mi"
|
||||
cpu: "550m"
|
||||
ephemeral-storage: "1Gi"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: litmusportal-auth-server-service
|
||||
spec:
|
||||
type: NodePort
|
||||
ports:
|
||||
- name: auth-server
|
||||
port: 9003
|
||||
targetPort: 3000
|
||||
- name: auth-rpc-server
|
||||
port: 3030
|
||||
targetPort: 3030
|
||||
selector:
|
||||
component: litmusportal-auth-server
|
||||
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue