chore(3.0.0-beta3): adding release manifests for 3.0.0-beta3 (#3887)

* chore(3.0.0-beta3): adding release manifests for 3.0.0-beta3

Signed-off-by: Shubham Chaudhary <shubham.chaudhary@harness.io>

* updating readme for 3.0.0-beta3 installation

Signed-off-by: Shubham Chaudhary <shubham.chaudhary@harness.io>

* adding deletecollection permissions

Signed-off-by: Shubham Chaudhary <shubham.chaudhary@harness.io>

Signed-off-by: Shubham Chaudhary <shubham.chaudhary@harness.io>

litmus-portal/README.md

@@ -22,23 +22,23 @@ ChaosCenter provides console and UI experience for managing, monitoring, and eve
 
 #### Applying k8s manifest
 
-> Litmus-3.0-beta1 Cluster Scope manifest
+> Litmus-3.0.0-beta3 Cluster Scope manifest
 
 ```bash
-kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/dev-3.x/mkdocs/docs/3.0-beta1/litmus-3.0-beta1.yaml
+kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/3.0.0-beta3/mkdocs/docs/3.0.0-beta3/litmus-3.0.0-beta3.yaml
 ```
 
 Or
 
-> Litmus-3.0-beta1 Namespaced Scope manifest.
+> Litmus-3.0.0-beta3 Namespaced Scope manifest.
 
 ```bash
 #Create a namespace eg: litmus
 kubectl create ns litmus
 #Install CRDs, if SELF_AGENT env is set to TRUE
-kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/dev-3.x/mkdocs/docs/3.0-beta1/litmus-portal-crds-3.0-beta1.yml
+kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/3.0.0-beta3/mkdocs/docs/3.0.0-beta3/litmus-portal-crds-3.0.0-beta3.yml
 #Install ChaosCenter
-kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/dev-3.x/mkdocs/docs/3.0-beta1/litmus-namespaced-3.0-beta1.yaml -n litmus
+kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/3.0.0-beta3/mkdocs/docs/3.0.0-beta3/litmus-namespaced-3.0.0-beta3.yaml -n litmus
 ```
 
 Or
@@ -46,7 +46,7 @@ Or
 > Master (Latest) Cluster scope. Install in litmus namespace by default.
 
 ```bash
-kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/dev-3.x/litmus-portal/manifests/cluster-k8s-manifest.yml
+kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/litmus-portal/manifests/cluster-k8s-manifest.yml
 ```
 
 Or
@@ -57,9 +57,9 @@ Or
 #Create a namespace eg: litmus
 kubectl create ns litmus
 #Install CRDs, if SELF_AGENT env is set to TRUE
-kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/dev-3.x/litmus-portal/manifests/litmus-portal-crds.yml
+kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/litmus-portal/manifests/litmus-portal-crds.yml
 #Install ChaosCenter
-kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/dev-3.x/litmus-portal/manifests/namespace-k8s-manifest.yml -n litmus
+kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/litmus-portal/manifests/namespace-k8s-manifest.yml -n litmus
 ```
 
 #### Configuration Options for Cluster scope.

litmus-portal/manifests/cluster-k8s-manifest.yml

@@ -583,7 +583,7 @@ spec:
     spec:
       initContainers:
         - name: wait-for-mongodb
-          image: litmuschaos/curl:3.0.0-beta2
+          image: litmuschaos/curl:3.0.0-beta3
           command: ["/bin/sh", "-c"]
           args:
             [
@@ -642,11 +642,11 @@ spec:
             - name: ARGO_WORKFLOW_EXECUTOR_IMAGE
               value: "litmuschaos/argoexec:v3.3.1"
             - name: LITMUS_CHAOS_OPERATOR_IMAGE
-              value: "litmuschaos/chaos-operator:3.0.0-beta2"
+              value: "litmuschaos/chaos-operator:3.0.0-beta3"
             - name: LITMUS_CHAOS_RUNNER_IMAGE
-              value: "litmuschaos/chaos-runner:3.0.0-beta2"
+              value: "litmuschaos/chaos-runner:3.0.0-beta3"
             - name: LITMUS_CHAOS_EXPORTER_IMAGE
-              value: "litmuschaos/chaos-exporter:3.0.0-beta2"
+              value: "litmuschaos/chaos-exporter:3.0.0-beta3"
             - name: SERVER_SERVICE_NAME
               value: "litmusportal-server-service"
             - name: AGENT_DEPLOYMENTS
@@ -674,7 +674,7 @@ spec:
             - name: LITMUS_AUTH_GRPC_PORT
               value: ":3030"
             - name: WORKFLOW_HELPER_IMAGE_VERSION
-              value: "3.0.0-beta2"
+              value: "3.0.0-beta3"
             - name: REMOTE_HUB_MAX_SIZE
               value: "5000000"
           ports:
@@ -729,7 +729,7 @@ spec:
       automountServiceAccountToken: false
       initContainers:
         - name: wait-for-mongodb
-          image: litmuschaos/curl:3.0.0-beta2
+          image: litmuschaos/curl:3.0.0-beta3
           command: ["/bin/sh", "-c"]
           args:
             [

litmus-portal/manifests/litmus-portal-crds.yml

@@ -670,9 +670,6 @@ spec:
                 #oneOf:
                 #  - pattern: '^delete$'
                 #  - pattern: '^retain$'
-              annotationCheck:
-                type: string
-                pattern: ^(true|false)$
               defaultHealthCheck:
                 type: string
                 pattern: ^(true|false)$
@@ -686,6 +683,44 @@ spec:
                     type: string
                   appns:
                     type: string
+              selectors:
+                type: object
+                properties:
+                  pods:
+                    items:
+                      properties:
+                        names:
+                          type: string
+                        namespace:
+                          type: string
+                      required:
+                        - names
+                        - namespace
+                      type: object
+                    type: array
+                  workloads:
+                    items:
+                      properties:
+                        kind:
+                          type: string
+                          pattern: ^(^$|deployment|statefulset|daemonset|deploymentconfig|rollout)$
+                        labels:
+                          type: string
+                        names:
+                          type: string
+                        namespace:
+                          type: string
+                      oneOf:
+                        - required: [ names ]
+                        - required: [ labels ]
+                      required:
+                        - kind
+                        - namespace
+                      type: object
+                    type: array
+                oneOf:
+                  - required: [ pods ]
+                  - required: [ workloads ]
               auxiliaryAppInfo:
                 type: string
               engineState:
@@ -698,6 +733,180 @@ spec:
               components:
                 type: object
                 properties:
+                  sidecar:
+                    type: array
+                    items:
+                      type: object
+                      properties:
+                        env:
+                          description: ENV contains ENV passed to the sidecar container
+                          items:
+                            description: EnvVar represents an environment variable
+                              present in a Container.
+                            properties:
+                              name:
+                                description: Name of the environment variable. Must
+                                  be a C_IDENTIFIER.
+                                type: string
+                              value:
+                                description: 'Variable references $(VAR_NAME) are
+                                  expanded using the previous defined environment
+                                  variables in the container and any service environment
+                                  variables. If a variable cannot be resolved, the
+                                  reference in the input string will be unchanged.
+                                  The $(VAR_NAME) syntax can be escaped with a double
+                                  $$, ie: $$(VAR_NAME). Escaped references will never
+                                  be expanded, regardless of whether the variable
+                                  exists or not. Defaults to "".'
+                                type: string
+                              valueFrom:
+                                description: Source for the environment variable's
+                                  value. Cannot be used if value is not empty.
+                                properties:
+                                  configMapKeyRef:
+                                    description: Selects a key of a ConfigMap.
+                                    properties:
+                                      key:
+                                        description: The key to select.
+                                        type: string
+                                      name:
+                                        description: 'Name of the referent. More info:
+                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Add other useful fields. apiVersion,
+                                          kind, uid?'
+                                        type: string
+                                      optional:
+                                        description: Specify whether the ConfigMap
+                                          or its key must be defined
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                  fieldRef:
+                                    description: 'Selects a field of the pod: supports
+                                      metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+                                      `metadata.annotations[''<KEY>'']`, spec.nodeName,
+                                      spec.serviceAccountName, status.hostIP, status.podIP,
+                                      status.podIPs.'
+                                    properties:
+                                      apiVersion:
+                                        description: Version of the schema the FieldPath
+                                          is written in terms of, defaults to "v1".
+                                        type: string
+                                      fieldPath:
+                                        description: Path of the field to select in
+                                          the specified API version.
+                                        type: string
+                                    required:
+                                      - fieldPath
+                                    type: object
+                                  resourceFieldRef:
+                                    description: 'Selects a resource of the container:
+                                      only resources limits and requests (limits.cpu,
+                                      limits.memory, limits.ephemeral-storage, requests.cpu,
+                                      requests.memory and requests.ephemeral-storage)
+                                      are currently supported.'
+                                    properties:
+                                      containerName:
+                                        description: 'Container name: required for
+                                          volumes, optional for env vars'
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        description: Specifies the output format of
+                                          the exposed resources, defaults to "1"
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        description: 'Required: resource to select'
+                                        type: string
+                                    required:
+                                      - resource
+                                    type: object
+                                  secretKeyRef:
+                                    description: Selects a key of a secret in the
+                                      pod's namespace
+                                    properties:
+                                      key:
+                                        description: The key of the secret to select
+                                          from.  Must be a valid secret key.
+                                        type: string
+                                      name:
+                                        description: 'Name of the referent. More info:
+                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Add other useful fields. apiVersion,
+                                          kind, uid?'
+                                        type: string
+                                      optional:
+                                        description: Specify whether the Secret or
+                                          its key must be defined
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                type: object
+                            required:
+                              - name
+                            type: object
+                          type: array
+                        envFrom:
+                          description: EnvFrom for the sidecar container
+                          items:
+                            description: EnvFromSource represents the source of a
+                              set of ConfigMaps
+                            properties:
+                              configMapRef:
+                                description: The ConfigMap to select from
+                                properties:
+                                  name:
+                                    description: 'Name of the referent. More info:
+                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                      TODO: Add other useful fields. apiVersion, kind,
+                                      uid?'
+                                    type: string
+                                  optional:
+                                    description: Specify whether the ConfigMap must
+                                      be defined
+                                    type: boolean
+                                type: object
+                              prefix:
+                                description: An optional identifier to prepend to
+                                  each key in the ConfigMap. Must be a C_IDENTIFIER.
+                                type: string
+                              secretRef:
+                                description: The Secret to select from
+                                properties:
+                                  name:
+                                    description: 'Name of the referent. More info:
+                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                      TODO: Add other useful fields. apiVersion, kind,
+                                      uid?'
+                                    type: string
+                                  optional:
+                                    description: Specify whether the Secret must be
+                                      defined
+                                    type: boolean
+                                type: object
+                            type: object
+                          type: array
+                        image:
+                          type: string
+                        imagePullPolicy:
+                          type: string
+                        secrets:
+                          items:
+                            properties:
+                              mountPath:
+                                type: string
+                              name:
+                                type: string
+                            required:
+                              - mountPath
+                              - name
+                            type: object
+                          type: array
                   runner:
                     x-kubernetes-preserve-unknown-fields: true
                     type: object

litmus-portal/manifests/namespace-k8s-manifest.yml

@@ -555,7 +555,7 @@ spec:
     spec:
       initContainers:
         - name: wait-for-mongodb
-          image: litmuschaos/curl:3.0.0-beta2
+          image: litmuschaos/curl:3.0.0-beta3
           command: ["/bin/sh", "-c"]
           args:
             [
@@ -628,11 +628,11 @@ spec:
             - name: ARGO_WORKFLOW_EXECUTOR_IMAGE
               value: "litmuschaos/argoexec:v3.3.1"
             - name: LITMUS_CHAOS_OPERATOR_IMAGE
-              value: "litmuschaos/chaos-operator:3.0.0-beta2"
+              value: "litmuschaos/chaos-operator:3.0.0-beta3"
             - name: LITMUS_CHAOS_RUNNER_IMAGE
-              value: "litmuschaos/chaos-runner:3.0.0-beta2"
+              value: "litmuschaos/chaos-runner:3.0.0-beta3"
             - name: LITMUS_CHAOS_EXPORTER_IMAGE
-              value: "litmuschaos/chaos-exporter:3.0.0-beta2"
+              value: "litmuschaos/chaos-exporter:3.0.0-beta3"
             - name: CONTAINER_RUNTIME_EXECUTOR
               value: "k8sapi"
             - name: HUB_BRANCH_NAME
@@ -642,7 +642,7 @@ spec:
             - name: LITMUS_AUTH_GRPC_PORT
               value: ":3030"
             - name: WORKFLOW_HELPER_IMAGE_VERSION
-              value: "3.0.0-beta2"
+              value: "3.0.0-beta3"
             - name: REMOTE_HUB_MAX_SIZE
               value: "5000000"
             - name: INGRESS
@@ -699,7 +699,7 @@ spec:
       automountServiceAccountToken: false
       initContainers:
         - name: wait-for-mongodb
-          image: litmuschaos/curl:3.0.0-beta2
+          image: litmuschaos/curl:3.0.0-beta3
           command: ["/bin/sh", "-c"]
           args:
             [

mkdocs/docs/3.0.0-beta3/litmus-3.0.0-beta3-without-resources.yaml

@@ -0,0 +1,838 @@
+### RBAC Manifests
+## If SELF_AGENT="true" then these permissions are required to apply
+## https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/1b_argo_rbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: argo-cr-for-litmusportal-server
+rules:
+- apiGroups: [""]
+  resources: [pods, pods/exec]
+  verbs: [create, get, list, watch, update, patch, delete]
+- apiGroups: [""]
+  resources: [configmaps]
+  verbs: [get, watch, list]
+- apiGroups: [""]
+  resources: [persistentvolumeclaims]
+  verbs: [create, delete]
+- apiGroups: [argoproj.io]
+  resources: [workflows, workflows/finalizers]
+  verbs: [get, list, watch, update, patch, delete, create]
+- apiGroups: [argoproj.io]
+  resources: [workflowtemplates, workflowtemplates/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, workflowtasksets]
+  verbs: [get, list, watch]
+- apiGroups: [argoproj.io]
+  resources: [workflowtaskresults]
+  verbs: [list, watch, deletecollection]
+- apiGroups: [""]
+  resources: [serviceaccounts]
+  verbs: [get, list]
+- apiGroups: [argoproj.io]
+  resources: [cronworkflows, cronworkflows/finalizers]
+  verbs: [get, list, watch, update, patch, delete]
+- apiGroups: [""]
+  resources: [events]
+  verbs: [create, patch]
+- apiGroups: [policy]
+  resources: [poddisruptionbudgets]
+  verbs: [create, get, delete]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: argo-crb-for-litmusportal-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: argo-cr-for-litmusportal-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+    namespace: litmus
+#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/2b_litmus_rbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: litmus-cluster-scope-for-litmusportal-server
+  labels:
+    app.kubernetes.io/name: litmus
+    # provide unique instance-id if applicable
+    # app.kubernetes.io/instance: litmus-abcxzy
+    app.kubernetes.io/version: 3.0.0-beta3
+    app.kubernetes.io/component: operator-clusterrole
+    app.kubernetes.io/part-of: litmus
+    app.kubernetes.io/managed-by: kubectl
+    name: litmus-cluster-scope-for-litmusportal-server
+rules:
+  - apiGroups: [""]
+    resources: [replicationcontrollers, secrets]
+    verbs: [get, list]
+  - apiGroups: [apps.openshift.io]
+    resources: [deploymentconfigs]
+    verbs: [get, list]
+  - apiGroups: [apps]
+    resources: [deployments, daemonsets, replicasets, statefulsets]
+    verbs: [get, list]
+  - apiGroups: [batch]
+    resources: [jobs]
+    verbs: [get, list, deletecollection]
+  - apiGroups: [argoproj.io]
+    resources: [rollouts]
+    verbs: [get, list]
+  - apiGroups: [""]
+    resources: [pods, configmaps, events, services]
+    verbs: [get, create, update, patch, delete, list, watch, deletecollection]
+  - apiGroups: [litmuschaos.io]
+    resources: [chaosengines, chaosexperiments, chaosresults]
+    verbs: [get, create, update, patch, delete, list, watch, deletecollection]
+  - apiGroups: [apiextensions.k8s.io]
+    resources: [customresourcedefinitions]
+    verbs: [list, get]
+  - apiGroups: ["litmuschaos.io"]
+    resources: ["chaosengines/finalizers"]
+    verbs: ["update"]
+  - apiGroups: [ "coordination.k8s.io" ]
+    resources: [ "leases" ]
+    verbs: [ "get","create","list","update","delete" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: litmus-cluster-scope-crb-for-litmusportal-server
+  labels:
+    app.kubernetes.io/name: litmus
+    # provide unique instance-id if applicable
+    # app.kubernetes.io/instance: litmus-abcxzy
+    app.kubernetes.io/version: 3.0.0-beta3
+    app.kubernetes.io/component: operator-clusterrolebinding
+    app.kubernetes.io/part-of: litmus
+    app.kubernetes.io/managed-by: kubectl
+    name: litmus-cluster-scope-crb-for-litmusportal-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: litmus-cluster-scope-for-litmusportal-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+    namespace: litmus
+#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/3a_agents_rbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: litmus-admin-cr-for-litmusportal-server
+  labels:
+    name: litmus-admin-cr-for-litmusportal-server
+rules:
+  # ***************************************************************************************
+  # Permissions needed for preparing and monitor the chaos resources by chaos-runner
+  # ***************************************************************************************
+
+  # The chaos operator watches the chaosengine resource and orchestartes the chaos experiment..
+  ## .. by creating the chaos-runner
+
+  # for creating and monitoring the chaos-runner pods
+- apiGroups: [""]
+  resources: [pods,events]
+  verbs: [create, delete, get, list, patch, update, deletecollection]
+
+  # for fetching configmaps and secrets to inject into chaos-runner pod (if specified)
+- apiGroups: [""]
+  resources: [secrets, configmaps]
+  verbs: [get, list]
+
+  # for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner
+- apiGroups: [""]
+  resources: [pods/log]
+  verbs: [get, list, watch]
+
+  # for configuring and monitor the experiment job by chaos-runner pod
+- apiGroups: [batch]
+  resources: [jobs]
+  verbs: [create, list, get, delete, deletecollection]
+
+  # ********************************************************************
+  # Permissions needed for creation and discovery of chaos experiments
+  # ********************************************************************
+
+  # The helper pods are created by experiment to perform the actual chaos injection ...
+  # ... for a period of chaos duration
+
+  # for creating and deleting the helper or target app pod and events by experiment
+- apiGroups: [""]
+  resources: [pods]
+  verbs: [create, delete, deletecollection]
+
+  # for creating and monitoring the events for chaos operations
+- apiGroups: [""]
+  resources: [events]
+  verbs: [create, delete, get, list, patch, update, deletecollection]
+
+  # for monitoring the helper and target app pod
+- apiGroups: [""]
+  resources: [pods]
+  verbs: [get, list, patch, update]
+
+  # for creating and managing to execute comands inside target container
+- apiGroups: [""]
+  resources: [pods/exec, pods/eviction, replicationcontrollers]
+  verbs: [get,list,create]
+
+  # for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment
+- apiGroups: [""]
+  resources: [pods/log]
+  verbs: [get, list, watch]
+
+  # for creating and monitoring liveness services or monitoring target app services during chaos injection
+- apiGroups: [""]
+  resources: [services]
+  verbs: [create, delete, get, list, delete, deletecollection]
+
+  # for checking the app parent resources as deployments or sts and are eligible chaos candidates
+- apiGroups: [apps]
+  resources: [deployments, statefulsets]
+  verbs: [list, get, patch, update, create, delete, deletecollection]
+
+  # for checking the app parent resources as replicasets and are eligible chaos candidates
+- apiGroups: [apps]
+  resources: [replicasets]
+  verbs: [list, get]
+
+  # for checking the app parent resources as deamonsets and are eligible chaos candidates
+- apiGroups: [apps]
+  resources: [daemonsets]
+  verbs: [list, get, delete]
+
+  # for checking (openshift) app parent resources if they are eligible chaos candidates
+- apiGroups: [apps.openshift.io]
+  resources: [deploymentconfigs]
+  verbs: [list, get]
+
+  # for checking (argo) app parent resources if they are eligible chaos candidates
+- apiGroups: [argoproj.io]
+  resources: [rollouts]
+  verbs: [list, get]
+
+  # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
+- apiGroups: [litmuschaos.io]
+  resources: [chaosengines, chaosexperiments, chaosresults]
+  verbs: [create, list, get, patch, update, delete]
+
+  # for experiment to perform node status checks and other node level operations like taint, drain in the experiment.
+- apiGroups: [""]
+  resources: [nodes]
+  verbs: [patch, get, list, update]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: litmus-admin-crb-for-litmusportal-server
+  labels:
+    name: litmus-admin-crb-for-litmusportal-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: litmus-admin-cr-for-litmusportal-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+    namespace: litmus
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: chaos-cr-for-litmusportal-server
+rules:
+  # for managing the pods created by workflow controller to implement individual steps in the workflow
+  - apiGroups: [""]
+    resources: [pods, services, namespaces]
+    verbs: [create, get, watch, patch, delete, list]
+
+  # for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow
+  - apiGroups: [""]
+    resources: [pods/log, secrets, configmaps]
+    verbs: [get, watch, create, delete, patch]
+
+  # for creation & deletion of application in predefined workflows
+  - apiGroups: [apps]
+    resources: [deployments, statefulsets]
+    verbs: [get, watch, patch, create, delete]
+
+  # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
+  - apiGroups: [litmuschaos.io]
+    resources: [chaosengines, chaosexperiments, chaosresults, chaosschedules]
+    verbs: [create, list, get, patch, delete, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: chaos-crb-for-litmusportal-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: chaos-cr-for-litmusportal-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+    namespace: litmus
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: subscriber-cr-for-litmusportal-server
+  namespace: litmus
+  labels:
+    name: subscriber-cr-for-litmusportal-server
+rules:
+- apiGroups: [""]
+  resources: [configmaps, secrets]
+  verbs: [get, create, delete, update]
+- apiGroups: [""]
+  resources: [pods/log]
+  verbs: [get, list, watch]
+- apiGroups: [""]
+  resources: [pods, namespaces, nodes, services]
+  verbs: [get, list, watch]
+- apiGroups: [litmuschaos.io]
+  resources: [chaosengines, chaosschedules, chaosresults]
+  verbs: [get, list, create, delete, update, watch]
+- apiGroups: [apps.openshift.io]
+  resources: [deploymentconfigs]
+  verbs: [get, list]
+- apiGroups: [apps]
+  resources: [deployments, daemonsets, replicasets, statefulsets]
+  verbs: [get, list, delete]
+- apiGroups: [argoproj.io]
+  resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, rollouts]
+  verbs: [get, list, create, delete, update, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: subscriber-crb-for-litmusportal-server
+  namespace: litmus
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+    namespace: litmus
+roleRef:
+  kind: ClusterRole
+  name: subscriber-cr-for-litmusportal-server
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: event-tracker-cr-for-litmusportal-server
+rules:
+- apiGroups: [eventtracker.litmuschaos.io]
+  resources: [eventtrackerpolicies]
+  verbs: [create, delete, get, list, patch, update, watch]
+- apiGroups: [eventtracker.litmuschaos.io]
+  resources: [eventtrackerpolicies/status]
+  verbs: [get, patch, update]
+- apiGroups: ["", extensions, apps]
+  resources: [deployments, daemonsets, statefulsets, pods, configmaps, secrets]
+  verbs: [get, list, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: event-tracker-crb-for-litmusportal-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: event-tracker-cr-for-litmusportal-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+    namespace: litmus
+# litmus-server-cr is used by the litmusportal-server
+# If SELF_AGENT=false, then only litmus-server-cr and litmus-server-crb are required.
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: litmus-server-cr
+rules:
+  - apiGroups: [networking.k8s.io, extensions]
+    resources: [ingresses]
+    verbs: [get]
+  - apiGroups: [""]
+    resources: [services, nodes, pods/log]
+    verbs: [get, watch]
+  - apiGroups: [apiextensions.k8s.io]
+    resources: [customresourcedefinitions]
+    verbs: [create]
+  - apiGroups: [apps]
+    resources: [deployments]
+    verbs: [create]
+  - apiGroups: [""]
+    resources: [configmaps]
+    verbs: [get]
+  - apiGroups: [""]
+    resources: [serviceaccounts]
+    verbs: [create]
+  - apiGroups: [rbac.authorization.k8s.io]
+    resources: [rolebindings, roles, clusterrolebindings, clusterroles]
+    verbs: [create]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: litmus-server-crb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: litmus-server-cr
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+    namespace: litmus
+## Control plane manifests
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: litmus
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: litmus-server-account
+  namespace: litmus
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: litmus-portal-admin-secret
+  namespace: litmus
+stringData:
+  JWT_SECRET: "litmus-portal@123"
+  DB_USER: "admin"
+  DB_PASSWORD: "1234"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: litmus-portal-admin-config
+  namespace: litmus
+data:
+  DB_SERVER: "mongodb://mongo-service:27017"
+  AGENT_SCOPE: cluster
+  AGENT_NAMESPACE: litmus
+  VERSION: "3.0.0-beta3"
+  SKIP_SSL_VERIFY: "false"
+  # Configurations if you are using dex for OAuth
+  DEX_ENABLED: "false"
+  OIDC_ISSUER: "http://<Your Domain>:32000"
+  DEX_OAUTH_CALLBACK_URL: "http://<litmus-portal frontend exposed URL>:8080/auth/dex/callback"
+  DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend"
+  DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0"
+  OAuthJwtSecret: "litmus-oauth@123"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: litmusportal-frontend-nginx-configuration
+  namespace: litmus
+data:
+  default.conf: |
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        '' close;
+    }
+    server {
+        listen       8080;
+        server_name  localhost;
+        #charset koi8-r;
+        #access_log  /var/log/nginx/host.access.log  main;
+
+        location / {
+            proxy_http_version 1.1;
+            root   /usr/share/nginx/html;
+            index  index.html index.htm;
+            try_files $uri /index.html;
+        }
+
+        #error_page  404              /404.html;
+
+        # redirect server error pages to the static page /50x.html
+        #
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/share/nginx/html;
+        }
+
+        # deny access to .htaccess files, if Apache's document root
+        # concurs with nginx's one
+        #
+        #location ~ /\.ht {
+        #    deny  all;
+        #}
+
+        location /auth/ {
+            proxy_http_version 1.1;
+            proxy_set_header   Host                 $host;
+            proxy_set_header   X-Real-IP            $remote_addr;
+            proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Proto    $scheme;
+            proxy_pass "http://litmusportal-auth-server-service:9003/";
+        }
+
+        location /api/ {
+            proxy_http_version 1.1;
+            proxy_set_header   Host                 $host;
+            proxy_set_header   X-Real-IP            $remote_addr;
+            proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Proto    $scheme;
+            proxy_pass "http://litmusportal-server-service:9002/";
+        }
+
+        location /ws/ {
+            proxy_http_version 1.1;
+            proxy_set_header   Upgrade              $http_upgrade;
+            proxy_set_header   Connection           $connection_upgrade;
+            proxy_set_header   Host                 $host;
+            proxy_set_header   X-Real-IP            $remote_addr;
+            proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Proto    $scheme;
+            proxy_pass "http://litmusportal-server-service:9002/";
+        }
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: litmusportal-frontend
+  namespace: litmus
+  labels:
+    component: litmusportal-frontend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: litmusportal-frontend
+  template:
+    metadata:
+      labels:
+        component: litmusportal-frontend
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - name: litmusportal-frontend
+          image: litmuschaos/litmusportal-frontend:3.0.0-beta3
+          imagePullPolicy: Always
+          securityContext:
+            runAsUser: 2000
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+          ports:
+            - containerPort: 8080
+          volumeMounts:
+          - name: nginx-config
+            mountPath: /etc/nginx/conf.d/default.conf
+            subPath: default.conf
+      volumes:
+        - name: nginx-config
+          configMap:
+            name: litmusportal-frontend-nginx-configuration
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: litmusportal-frontend-service
+  namespace: litmus
+spec:
+  type: NodePort
+  ports:
+    - name: http
+      port: 9091
+      targetPort: 8080
+  selector:
+    component: litmusportal-frontend
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: litmusportal-server
+  namespace: litmus
+  labels:
+    component: litmusportal-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: litmusportal-server
+  template:
+    metadata:
+      labels:
+        component: litmusportal-server
+    spec:
+      initContainers:
+        - name: wait-for-mongodb
+          image: litmuschaos/curl:3.0.0-beta3
+          command: ["/bin/sh", "-c"]
+          args:
+            [
+              "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'",
+            ]
+      volumes:
+        - name: gitops-storage
+          emptyDir: {}
+        - name: hub-storage
+          emptyDir: {}
+      containers:
+        - name: graphql-server
+          image: litmuschaos/litmusportal-server:3.0.0-beta3
+          volumeMounts:
+            - mountPath: /tmp/
+              name: gitops-storage
+            - mountPath: /tmp/version
+              name: hub-storage
+          securityContext:
+            runAsUser: 2000
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            readOnlyRootFilesystem: true
+          envFrom:
+            - configMapRef:
+                name: litmus-portal-admin-config
+            - secretRef:
+                name: litmus-portal-admin-secret
+          env:
+            - name: SELF_AGENT
+              value: "true"
+            # if self-signed certificate are used pass the k8s tls secret name created in portal ns, to allow agents to use tls for communication
+            - name: TLS_SECRET_NAME
+              value: ""
+            - name: LITMUS_PORTAL_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: CHAOS_CENTER_SCOPE
+              value: "cluster"
+            - name: SUBSCRIBER_IMAGE
+              value: "litmuschaos/litmusportal-subscriber:3.0.0-beta3"
+            - name: EVENT_TRACKER_IMAGE
+              value: "litmuschaos/litmusportal-event-tracker:3.0.0-beta3"
+            - name: ARGO_WORKFLOW_CONTROLLER_IMAGE
+              value: "litmuschaos/workflow-controller:v3.3.1"
+            - name: ARGO_WORKFLOW_EXECUTOR_IMAGE
+              value: "litmuschaos/argoexec:v3.3.1"
+            - name: LITMUS_CHAOS_OPERATOR_IMAGE
+              value: "litmuschaos/chaos-operator:3.0.0-beta3"
+            - name: LITMUS_CHAOS_RUNNER_IMAGE
+              value: "litmuschaos/chaos-runner:3.0.0-beta3"
+            - name: LITMUS_CHAOS_EXPORTER_IMAGE
+              value: "litmuschaos/chaos-exporter:3.0.0-beta3"
+            - name: SERVER_SERVICE_NAME
+              value: "litmusportal-server-service"
+            - name: AGENT_DEPLOYMENTS
+              value: "[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]"
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: SELF_AGENT_NODE_SELECTOR
+              value: ""
+            - name: SELF_AGENT_TOLERATIONS
+              value: ""
+            - name: CHAOS_CENTER_UI_ENDPOINT
+              value: ""
+            - name: INGRESS
+              value: "false"
+            - name: INGRESS_NAME
+              value: "litmus-ingress"
+            - name: CONTAINER_RUNTIME_EXECUTOR
+              value: "k8sapi"
+            - name: HUB_BRANCH_NAME
+              value: "v3.0.0-beta3"
+            - name: LITMUS_AUTH_GRPC_ENDPOINT
+              value: "litmusportal-auth-server-service.litmus.svc.cluster.local"
+            - name: LITMUS_AUTH_GRPC_PORT
+              value: ":3030"
+            - name: WORKFLOW_HELPER_IMAGE_VERSION
+              value: "3.0.0-beta3"
+            - name: REMOTE_HUB_MAX_SIZE
+              value: "5000000"
+          ports:
+            - containerPort: 8080
+            - containerPort: 8000
+          imagePullPolicy: Always
+      serviceAccountName: litmus-server-account
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: litmusportal-server-service
+  namespace: litmus
+spec:
+  type: NodePort
+  ports:
+    - name: graphql-server
+      port: 9002
+      targetPort: 8080
+    - name: graphql-rpc-server
+      port: 8000
+      targetPort: 8000
+  selector:
+    component: litmusportal-server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: litmusportal-auth-server
+  namespace: litmus
+  labels:
+    component: litmusportal-auth-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: litmusportal-auth-server
+  template:
+    metadata:
+      labels:
+        component: litmusportal-auth-server
+    spec:
+      automountServiceAccountToken: false
+      initContainers:
+        - name: wait-for-mongodb
+          image: litmuschaos/curl:3.0.0-beta3
+          command: ["/bin/sh", "-c"]
+          args:
+            [
+              "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'",
+            ]
+      containers:
+        - name: auth-server
+          image: litmuschaos/litmusportal-auth-server:3.0.0-beta3
+          securityContext:
+            runAsUser: 2000
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            readOnlyRootFilesystem: true
+          envFrom:
+            - configMapRef:
+                name: litmus-portal-admin-config
+            - secretRef:
+                name: litmus-portal-admin-secret
+          env:
+            - name: STRICT_PASSWORD_POLICY
+              value: "false"
+            - name: ADMIN_USERNAME
+              value: "admin"
+            - name: ADMIN_PASSWORD
+              value: "litmus"
+            - name: LITMUS_GQL_GRPC_ENDPOINT
+              value: "litmusportal-server-service.litmus.svc.cluster.local"
+            - name: LITMUS_GQL_GRPC_PORT
+              value: ":8000"
+          ports:
+            - containerPort: 3000
+            - containerPort: 3030
+          imagePullPolicy: Always
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: litmusportal-auth-server-service
+  namespace: litmus
+spec:
+  type: NodePort
+  ports:
+    - name: auth-server
+      port: 9003
+      targetPort: 3000
+    - name: auth-rpc-server
+      port: 3030
+      targetPort: 3030
+  selector:
+    component: litmusportal-auth-server
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mongo
+  namespace: litmus
+  labels:
+    app: mongo
+spec:
+  selector:
+    matchLabels:
+      component: database
+  serviceName: mongo-headless-service
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        component: database
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - name: mongo
+          image: litmuschaos/mongo:4.2.8
+          securityContext:
+#            runAsUser: 2000
+            allowPrivilegeEscalation: false
+#            runAsNonRoot: true
+          args: ["--ipv6"]
+          ports:
+            - containerPort: 27017
+          imagePullPolicy: Always
+          volumeMounts:
+            - name: mongo-persistent-storage
+              mountPath: /data/db
+          env:
+            - name: MONGO_INITDB_ROOT_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: litmus-portal-admin-secret
+                  key: DB_USER
+            - name: MONGO_INITDB_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: litmus-portal-admin-secret
+                  key: DB_PASSWORD
+  volumeClaimTemplates:
+    - metadata:
+        name: mongo-persistent-storage
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 20Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: mongo
+  name: mongo-service
+  namespace: litmus
+spec:
+  ports:
+    - port: 27017
+      targetPort: 27017
+  selector:
+    component: database
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: mongo
+  name: mongo-headless-service
+  namespace: litmus
+spec:
+  clusterIP: None
+  ports:
+    - port: 27017
+      targetPort: 27017
+  selector:
+    component: database

mkdocs/docs/3.0.0-beta3/litmus-3.0.0-beta3.yaml

@@ -0,0 +1,892 @@
+### RBAC Manifests
+## If SELF_AGENT="true" then these permissions are required to apply
+## https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/1b_argo_rbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: argo-cr-for-litmusportal-server
+rules:
+- apiGroups: [""]
+  resources: [pods, pods/exec]
+  verbs: [create, get, list, watch, update, patch, delete]
+- apiGroups: [""]
+  resources: [configmaps]
+  verbs: [get, watch, list]
+- apiGroups: [""]
+  resources: [persistentvolumeclaims]
+  verbs: [create, delete]
+- apiGroups: [argoproj.io]
+  resources: [workflows, workflows/finalizers]
+  verbs: [get, list, watch, update, patch, delete, create]
+- apiGroups: [argoproj.io]
+  resources: [workflowtemplates, workflowtemplates/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, workflowtasksets]
+  verbs: [get, list, watch]
+- apiGroups: [argoproj.io]
+  resources: [workflowtaskresults]
+  verbs: [list, watch, deletecollection]
+- apiGroups: [""]
+  resources: [serviceaccounts]
+  verbs: [get, list]
+- apiGroups: [argoproj.io]
+  resources: [cronworkflows, cronworkflows/finalizers]
+  verbs: [get, list, watch, update, patch, delete]
+- apiGroups: [""]
+  resources: [events]
+  verbs: [create, patch]
+- apiGroups: [policy]
+  resources: [poddisruptionbudgets]
+  verbs: [create, get, delete]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: argo-crb-for-litmusportal-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: argo-cr-for-litmusportal-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+    namespace: litmus
+#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/2b_litmus_rbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: litmus-cluster-scope-for-litmusportal-server
+  labels:
+    app.kubernetes.io/name: litmus
+    # provide unique instance-id if applicable
+    # app.kubernetes.io/instance: litmus-abcxzy
+    app.kubernetes.io/version: 3.0.0-beta3
+    app.kubernetes.io/component: operator-clusterrole
+    app.kubernetes.io/part-of: litmus
+    app.kubernetes.io/managed-by: kubectl
+    name: litmus-cluster-scope-for-litmusportal-server
+rules:
+  - apiGroups: [""]
+    resources: [replicationcontrollers, secrets]
+    verbs: [get, list]
+  - apiGroups: [apps.openshift.io]
+    resources: [deploymentconfigs]
+    verbs: [get, list]
+  - apiGroups: [apps]
+    resources: [deployments, daemonsets, replicasets, statefulsets]
+    verbs: [get, list]
+  - apiGroups: [batch]
+    resources: [jobs]
+    verbs: [get, list, deletecollection]
+  - apiGroups: [argoproj.io]
+    resources: [rollouts]
+    verbs: [get, list]
+  - apiGroups: [""]
+    resources: [pods, configmaps, events, services]
+    verbs: [get, create, update, patch, delete, list, watch, deletecollection]
+  - apiGroups: [litmuschaos.io]
+    resources: [chaosengines, chaosexperiments, chaosresults]
+    verbs: [get, create, update, patch, delete, list, watch, deletecollection]
+  - apiGroups: [apiextensions.k8s.io]
+    resources: [customresourcedefinitions]
+    verbs: [list, get]
+  - apiGroups: ["litmuschaos.io"]
+    resources: ["chaosengines/finalizers"]
+    verbs: ["update"]
+  - apiGroups: [ "coordination.k8s.io" ]
+    resources: [ "leases" ]
+    verbs: [ "get","create","list","update","delete" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: litmus-cluster-scope-crb-for-litmusportal-server
+  labels:
+    app.kubernetes.io/name: litmus
+    # provide unique instance-id if applicable
+    # app.kubernetes.io/instance: litmus-abcxzy
+    app.kubernetes.io/version: 3.0.0-beta3
+    app.kubernetes.io/component: operator-clusterrolebinding
+    app.kubernetes.io/part-of: litmus
+    app.kubernetes.io/managed-by: kubectl
+    name: litmus-cluster-scope-crb-for-litmusportal-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: litmus-cluster-scope-for-litmusportal-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+    namespace: litmus
+#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/3a_agents_rbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: litmus-admin-cr-for-litmusportal-server
+  labels:
+    name: litmus-admin-cr-for-litmusportal-server
+rules:
+  # ***************************************************************************************
+  # Permissions needed for preparing and monitor the chaos resources by chaos-runner
+  # ***************************************************************************************
+
+  # The chaos operator watches the chaosengine resource and orchestartes the chaos experiment..
+  ## .. by creating the chaos-runner
+
+  # for creating and monitoring the chaos-runner pods
+- apiGroups: [""]
+  resources: [pods,events]
+  verbs: [create, delete, get, list, patch, update, deletecollection]
+
+  # for fetching configmaps and secrets to inject into chaos-runner pod (if specified)
+- apiGroups: [""]
+  resources: [secrets, configmaps]
+  verbs: [get, list]
+
+  # for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner
+- apiGroups: [""]
+  resources: [pods/log]
+  verbs: [get, list, watch]
+
+  # for configuring and monitor the experiment job by chaos-runner pod
+- apiGroups: [batch]
+  resources: [jobs]
+  verbs: [create, list, get, delete, deletecollection]
+
+  # ********************************************************************
+  # Permissions needed for creation and discovery of chaos experiments
+  # ********************************************************************
+
+  # The helper pods are created by experiment to perform the actual chaos injection ...
+  # ... for a period of chaos duration
+
+  # for creating and deleting the helper or target app pod and events by experiment
+- apiGroups: [""]
+  resources: [pods]
+  verbs: [create, delete, deletecollection]
+
+  # for creating and monitoring the events for chaos operations
+- apiGroups: [""]
+  resources: [events]
+  verbs: [create, delete, get, list, patch, update, deletecollection]
+
+  # for monitoring the helper and target app pod
+- apiGroups: [""]
+  resources: [pods]
+  verbs: [get, list, patch, update]
+
+  # for creating and managing to execute comands inside target container
+- apiGroups: [""]
+  resources: [pods/exec, pods/eviction, replicationcontrollers]
+  verbs: [get,list,create]
+
+  # for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment
+- apiGroups: [""]
+  resources: [pods/log]
+  verbs: [get, list, watch]
+
+  # for creating and monitoring liveness services or monitoring target app services during chaos injection
+- apiGroups: [""]
+  resources: [services]
+  verbs: [create, delete, get, list, delete, deletecollection]
+
+  # for checking the app parent resources as deployments or sts and are eligible chaos candidates
+- apiGroups: [apps]
+  resources: [deployments, statefulsets]
+  verbs: [list, get, patch, update, create, delete, deletecollection]
+
+  # for checking the app parent resources as replicasets and are eligible chaos candidates
+- apiGroups: [apps]
+  resources: [replicasets]
+  verbs: [list, get]
+
+  # for checking the app parent resources as deamonsets and are eligible chaos candidates
+- apiGroups: [apps]
+  resources: [daemonsets]
+  verbs: [list, get, delete]
+
+  # for checking (openshift) app parent resources if they are eligible chaos candidates
+- apiGroups: [apps.openshift.io]
+  resources: [deploymentconfigs]
+  verbs: [list, get]
+
+  # for checking (argo) app parent resources if they are eligible chaos candidates
+- apiGroups: [argoproj.io]
+  resources: [rollouts]
+  verbs: [list, get]
+
+  # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
+- apiGroups: [litmuschaos.io]
+  resources: [chaosengines, chaosexperiments, chaosresults]
+  verbs: [create, list, get, patch, update, delete]
+
+  # for experiment to perform node status checks and other node level operations like taint, drain in the experiment.
+- apiGroups: [""]
+  resources: [nodes]
+  verbs: [patch, get, list, update]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: litmus-admin-crb-for-litmusportal-server
+  labels:
+    name: litmus-admin-crb-for-litmusportal-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: litmus-admin-cr-for-litmusportal-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+    namespace: litmus
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: chaos-cr-for-litmusportal-server
+rules:
+  # for managing the pods created by workflow controller to implement individual steps in the workflow
+  - apiGroups: [""]
+    resources: [pods, services, namespaces]
+    verbs: [create, get, watch, patch, delete, list]
+
+  # for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow
+  - apiGroups: [""]
+    resources: [pods/log, secrets, configmaps]
+    verbs: [get, watch, create, delete, patch]
+
+  # for creation & deletion of application in predefined workflows
+  - apiGroups: [apps]
+    resources: [deployments, statefulsets]
+    verbs: [get, watch, patch, create, delete]
+
+  # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
+  - apiGroups: [litmuschaos.io]
+    resources: [chaosengines, chaosexperiments, chaosresults, chaosschedules]
+    verbs: [create, list, get, patch, delete, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: chaos-crb-for-litmusportal-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: chaos-cr-for-litmusportal-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+    namespace: litmus
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: subscriber-cr-for-litmusportal-server
+  namespace: litmus
+  labels:
+    name: subscriber-cr-for-litmusportal-server
+rules:
+- apiGroups: [""]
+  resources: [configmaps, secrets]
+  verbs: [get, create, delete, update]
+- apiGroups: [""]
+  resources: [pods/log]
+  verbs: [get, list, watch]
+- apiGroups: [""]
+  resources: [pods, namespaces, nodes, services]
+  verbs: [get, list, watch]
+- apiGroups: [litmuschaos.io]
+  resources: [chaosengines, chaosschedules, chaosresults]
+  verbs: [get, list, create, delete, update, watch]
+- apiGroups: [apps.openshift.io]
+  resources: [deploymentconfigs]
+  verbs: [get, list]
+- apiGroups: [apps]
+  resources: [deployments, daemonsets, replicasets, statefulsets]
+  verbs: [get, list, delete]
+- apiGroups: [argoproj.io]
+  resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, rollouts]
+  verbs: [get, list, create, delete, update, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: subscriber-crb-for-litmusportal-server
+  namespace: litmus
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+    namespace: litmus
+roleRef:
+  kind: ClusterRole
+  name: subscriber-cr-for-litmusportal-server
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: event-tracker-cr-for-litmusportal-server
+rules:
+- apiGroups: [eventtracker.litmuschaos.io]
+  resources: [eventtrackerpolicies]
+  verbs: [create, delete, get, list, patch, update, watch]
+- apiGroups: [eventtracker.litmuschaos.io]
+  resources: [eventtrackerpolicies/status]
+  verbs: [get, patch, update]
+- apiGroups: ["", extensions, apps]
+  resources: [deployments, daemonsets, statefulsets, pods, configmaps, secrets]
+  verbs: [get, list, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: event-tracker-crb-for-litmusportal-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: event-tracker-cr-for-litmusportal-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+    namespace: litmus
+# litmus-server-cr is used by the litmusportal-server
+# If SELF_AGENT=false, then only litmus-server-cr and litmus-server-crb are required.
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: litmus-server-cr
+rules:
+  - apiGroups: [networking.k8s.io, extensions]
+    resources: [ingresses]
+    verbs: [get]
+  - apiGroups: [""]
+    resources: [services, nodes, pods/log]
+    verbs: [get, watch]
+  - apiGroups: [apiextensions.k8s.io]
+    resources: [customresourcedefinitions]
+    verbs: [create]
+  - apiGroups: [apps]
+    resources: [deployments]
+    verbs: [create]
+  - apiGroups: [""]
+    resources: [configmaps]
+    verbs: [get]
+  - apiGroups: [""]
+    resources: [serviceaccounts]
+    verbs: [create]
+  - apiGroups: [rbac.authorization.k8s.io]
+    resources: [rolebindings, roles, clusterrolebindings, clusterroles]
+    verbs: [create]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: litmus-server-crb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: litmus-server-cr
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+    namespace: litmus
+## Control plane manifests
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: litmus
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: litmus-server-account
+  namespace: litmus
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: litmus-portal-admin-secret
+  namespace: litmus
+stringData:
+  JWT_SECRET: "litmus-portal@123"
+  DB_USER: "admin"
+  DB_PASSWORD: "1234"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: litmus-portal-admin-config
+  namespace: litmus
+data:
+  DB_SERVER: "mongodb://mongo-service:27017"
+  AGENT_SCOPE: cluster
+  AGENT_NAMESPACE: litmus
+  VERSION: "3.0.0-beta3"
+  SKIP_SSL_VERIFY: "false"
+  # Configurations if you are using dex for OAuth
+  DEX_ENABLED: "false"
+  OIDC_ISSUER: "http://<Your Domain>:32000"
+  DEX_OAUTH_CALLBACK_URL: "http://<litmus-portal frontend exposed URL>:8080/auth/dex/callback"
+  DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend"
+  DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0"
+  OAuthJwtSecret: "litmus-oauth@123"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: litmusportal-frontend-nginx-configuration
+  namespace: litmus
+data:
+  default.conf: |
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        '' close;
+    }
+    server {
+        listen       8080;
+        server_name  localhost;
+        #charset koi8-r;
+        #access_log  /var/log/nginx/host.access.log  main;
+
+        location / {
+            proxy_http_version 1.1;
+            root   /usr/share/nginx/html;
+            index  index.html index.htm;
+            try_files $uri /index.html;
+        }
+
+        #error_page  404              /404.html;
+
+        # redirect server error pages to the static page /50x.html
+        #
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/share/nginx/html;
+        }
+
+        # deny access to .htaccess files, if Apache's document root
+        # concurs with nginx's one
+        #
+        #location ~ /\.ht {
+        #    deny  all;
+        #}
+
+        location /auth/ {
+            proxy_http_version 1.1;
+            proxy_set_header   Host                 $host;
+            proxy_set_header   X-Real-IP            $remote_addr;
+            proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Proto    $scheme;
+            proxy_pass "http://litmusportal-auth-server-service:9003/";
+        }
+
+        location /api/ {
+            proxy_http_version 1.1;
+            proxy_set_header   Host                 $host;
+            proxy_set_header   X-Real-IP            $remote_addr;
+            proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Proto    $scheme;
+            proxy_pass "http://litmusportal-server-service:9002/";
+        }
+
+        location /ws/ {
+            proxy_http_version 1.1;
+            proxy_set_header   Upgrade              $http_upgrade;
+            proxy_set_header   Connection           $connection_upgrade;
+            proxy_set_header   Host                 $host;
+            proxy_set_header   X-Real-IP            $remote_addr;
+            proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Proto    $scheme;
+            proxy_pass "http://litmusportal-server-service:9002/";
+        }
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: litmusportal-frontend
+  namespace: litmus
+  labels:
+    component: litmusportal-frontend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: litmusportal-frontend
+  template:
+    metadata:
+      labels:
+        component: litmusportal-frontend
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - name: litmusportal-frontend
+          image: litmuschaos/litmusportal-frontend:3.0.0-beta3
+          imagePullPolicy: Always
+          securityContext:
+            runAsUser: 2000
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+          ports:
+            - containerPort: 8080
+          resources:
+            requests:
+              memory: "150Mi"
+              cpu: "125m"
+              ephemeral-storage: "500Mi"
+            limits:
+              memory: "512Mi"
+              cpu: "550m"
+              ephemeral-storage: "1Gi"
+          volumeMounts:
+          - name: nginx-config
+            mountPath: /etc/nginx/conf.d/default.conf
+            subPath: default.conf
+      volumes:
+        - name: nginx-config
+          configMap:
+            name: litmusportal-frontend-nginx-configuration
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: litmusportal-frontend-service
+  namespace: litmus
+spec:
+  type: NodePort
+  ports:
+    - name: http
+      port: 9091
+      targetPort: 8080
+  selector:
+    component: litmusportal-frontend
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: litmusportal-server
+  namespace: litmus
+  labels:
+    component: litmusportal-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: litmusportal-server
+  template:
+    metadata:
+      labels:
+        component: litmusportal-server
+    spec:
+      initContainers:
+        - name: wait-for-mongodb
+          image: litmuschaos/curl:3.0.0-beta3
+          command: ["/bin/sh", "-c"]
+          args:
+            [
+              "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'",
+            ]
+          resources:
+            requests:
+              memory: "150Mi"
+              cpu: "25m"
+              ephemeral-storage: "500Mi"
+            limits:
+              memory: "512Mi"
+              cpu: "250m"
+              ephemeral-storage: "1Gi"
+      volumes:
+        - name: gitops-storage
+          emptyDir: {}
+        - name: hub-storage
+          emptyDir: {}
+      containers:
+        - name: graphql-server
+          image: litmuschaos/litmusportal-server:3.0.0-beta3
+          volumeMounts:
+            - mountPath: /tmp/
+              name: gitops-storage
+            - mountPath: /tmp/version
+              name: hub-storage
+          securityContext:
+            runAsUser: 2000
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            readOnlyRootFilesystem: true
+          envFrom:
+            - configMapRef:
+                name: litmus-portal-admin-config
+            - secretRef:
+                name: litmus-portal-admin-secret
+          env:
+            - name: SELF_AGENT
+              value: "true"
+            # if self-signed certificate are used pass the k8s tls secret name created in portal ns, to allow agents to use tls for communication
+            - name: TLS_SECRET_NAME
+              value: ""
+            - name: LITMUS_PORTAL_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: CHAOS_CENTER_SCOPE
+              value: "cluster"
+            - name: SUBSCRIBER_IMAGE
+              value: "litmuschaos/litmusportal-subscriber:3.0.0-beta3"
+            - name: EVENT_TRACKER_IMAGE
+              value: "litmuschaos/litmusportal-event-tracker:3.0.0-beta3"
+            - name: ARGO_WORKFLOW_CONTROLLER_IMAGE
+              value: "litmuschaos/workflow-controller:v3.3.1"
+            - name: ARGO_WORKFLOW_EXECUTOR_IMAGE
+              value: "litmuschaos/argoexec:v3.3.1"
+            - name: LITMUS_CHAOS_OPERATOR_IMAGE
+              value: "litmuschaos/chaos-operator:3.0.0-beta3"
+            - name: LITMUS_CHAOS_RUNNER_IMAGE
+              value: "litmuschaos/chaos-runner:3.0.0-beta3"
+            - name: LITMUS_CHAOS_EXPORTER_IMAGE
+              value: "litmuschaos/chaos-exporter:3.0.0-beta3"
+            - name: SERVER_SERVICE_NAME
+              value: "litmusportal-server-service"
+            - name: AGENT_DEPLOYMENTS
+              value: "[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]"
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: SELF_AGENT_NODE_SELECTOR
+              value: ""
+            - name: SELF_AGENT_TOLERATIONS
+              value: ""
+            - name: CHAOS_CENTER_UI_ENDPOINT
+              value: ""
+            - name: INGRESS
+              value: "false"
+            - name: INGRESS_NAME
+              value: "litmus-ingress"
+            - name: CONTAINER_RUNTIME_EXECUTOR
+              value: "k8sapi"
+            - name: HUB_BRANCH_NAME
+              value: "v3.0.0-beta3"
+            - name: LITMUS_AUTH_GRPC_ENDPOINT
+              value: "litmusportal-auth-server-service.litmus.svc.cluster.local"
+            - name: LITMUS_AUTH_GRPC_PORT
+              value: ":3030"
+            - name: WORKFLOW_HELPER_IMAGE_VERSION
+              value: "3.0.0-beta3"
+            - name: REMOTE_HUB_MAX_SIZE
+              value: "5000000"
+          ports:
+            - containerPort: 8080
+            - containerPort: 8000
+          imagePullPolicy: Always
+          resources:
+            requests:
+              memory: "250Mi"
+              cpu: "225m"
+              ephemeral-storage: "500Mi"
+            limits:
+              memory: "712Mi"
+              cpu: "550m"
+              ephemeral-storage: "1Gi"
+      serviceAccountName: litmus-server-account
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: litmusportal-server-service
+  namespace: litmus
+spec:
+  type: NodePort
+  ports:
+    - name: graphql-server
+      port: 9002
+      targetPort: 8080
+    - name: graphql-rpc-server
+      port: 8000
+      targetPort: 8000
+  selector:
+    component: litmusportal-server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: litmusportal-auth-server
+  namespace: litmus
+  labels:
+    component: litmusportal-auth-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: litmusportal-auth-server
+  template:
+    metadata:
+      labels:
+        component: litmusportal-auth-server
+    spec:
+      automountServiceAccountToken: false
+      initContainers:
+        - name: wait-for-mongodb
+          image: litmuschaos/curl:3.0.0-beta3
+          command: ["/bin/sh", "-c"]
+          args:
+            [
+              "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'",
+            ]
+          resources:
+            requests:
+              memory: "150Mi"
+              cpu: "25m"
+              ephemeral-storage: "500Mi"
+            limits:
+              memory: "225Mi"
+              cpu: "250m"
+              ephemeral-storage: "1Gi"
+      containers:
+        - name: auth-server
+          image: litmuschaos/litmusportal-auth-server:3.0.0-beta3
+          securityContext:
+            runAsUser: 2000
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            readOnlyRootFilesystem: true
+          envFrom:
+            - configMapRef:
+                name: litmus-portal-admin-config
+            - secretRef:
+                name: litmus-portal-admin-secret
+          env:
+            - name: STRICT_PASSWORD_POLICY
+              value: "false"
+            - name: ADMIN_USERNAME
+              value: "admin"
+            - name: ADMIN_PASSWORD
+              value: "litmus"
+            - name: LITMUS_GQL_GRPC_ENDPOINT
+              value: "litmusportal-server-service.litmus.svc.cluster.local"
+            - name: LITMUS_GQL_GRPC_PORT
+              value: ":8000"
+          resources:
+            requests:
+              memory: "250Mi"
+              cpu: "225m"
+              ephemeral-storage: "500Mi"
+            limits:
+              memory: "712Mi"
+              cpu: "550m"
+              ephemeral-storage: "1Gi"
+          ports:
+            - containerPort: 3000
+            - containerPort: 3030
+          imagePullPolicy: Always
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: litmusportal-auth-server-service
+  namespace: litmus
+spec:
+  type: NodePort
+  ports:
+    - name: auth-server
+      port: 9003
+      targetPort: 3000
+    - name: auth-rpc-server
+      port: 3030
+      targetPort: 3030
+  selector:
+    component: litmusportal-auth-server
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mongo
+  namespace: litmus
+  labels:
+    app: mongo
+spec:
+  selector:
+    matchLabels:
+      component: database
+  serviceName: mongo-headless-service
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        component: database
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - name: mongo
+          image: litmuschaos/mongo:4.2.8
+          securityContext:
+#            runAsUser: 2000
+            allowPrivilegeEscalation: false
+#            runAsNonRoot: true
+          args: ["--ipv6"]
+          ports:
+            - containerPort: 27017
+          imagePullPolicy: Always
+          volumeMounts:
+            - name: mongo-persistent-storage
+              mountPath: /data/db
+          resources:
+            requests:
+              memory: "550Mi"
+              cpu: "225m"
+              ephemeral-storage: "1Gi"
+            limits:
+              memory: "1Gi"
+              cpu: "750m"
+              ephemeral-storage: "3Gi"
+          env:
+            - name: MONGO_INITDB_ROOT_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: litmus-portal-admin-secret
+                  key: DB_USER
+            - name: MONGO_INITDB_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: litmus-portal-admin-secret
+                  key: DB_PASSWORD
+  volumeClaimTemplates:
+    - metadata:
+        name: mongo-persistent-storage
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 20Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: mongo
+  name: mongo-service
+  namespace: litmus
+spec:
+  ports:
+    - port: 27017
+      targetPort: 27017
+  selector:
+    component: database
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: mongo
+  name: mongo-headless-service
+  namespace: litmus
+spec:
+  clusterIP: None
+  ports:
+    - port: 27017
+      targetPort: 27017
+  selector:
+    component: database

mkdocs/docs/3.0.0-beta3/litmus-namespaced-3.0.0-beta3.yaml

@@ -0,0 +1,857 @@
+### RBAC Manifests
+## If SELF_AGENT="true" then these permissions are required to apply
+## https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/namespace/1b_argo_rbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: argo-role-for-litmusportal-server
+rules:
+  - apiGroups: [""]
+    resources: [pods, pods/exec]
+    verbs: [create, get, list, watch, update, patch, delete]
+  - apiGroups: [""]
+    resources: [configmaps]
+    verbs: [get, watch, list]
+  - apiGroups: [""]
+    resources: [persistentvolumeclaims]
+    verbs: [create, delete]
+  - apiGroups: [argoproj.io]
+    resources: [workflows, workflows/finalizers]
+    verbs: [get, list, watch, update, patch, delete, create]
+  - apiGroups: [argoproj.io]
+    resources: [workflowtemplates, workflowtemplates/finalizers,workflowtasksets]
+    verbs: [get, list, watch]
+  - apiGroups: [argoproj.io]
+    resources: [workflowtaskresults]
+    verbs: [list, watch, deletecollection]
+  - apiGroups: [""]
+    resources: [serviceaccounts]
+    verbs: [get, list]
+  - apiGroups: [""]
+    resources: [secrets]
+    verbs: [get]
+  - apiGroups: [argoproj.io]
+    resources: [cronworkflows, cronworkflows/finalizers]
+    verbs: [get, list, watch, update, patch, delete]
+  - apiGroups: [""]
+    resources: [events]
+    verbs: [create, patch]
+  - apiGroups: [policy]
+    resources: [poddisruptionbudgets]
+    verbs: [create, get, delete]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: argo-rb-for-litmusportal-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: argo-role-for-litmusportal-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: litmus-namespace-scope-for-litmusportal-server
+  labels:
+    app.kubernetes.io/name: litmus
+    # provide unique instance-id if applicable
+    # app.kubernetes.io/instance: litmus-abcxzy
+    app.kubernetes.io/version: 3.0.0-beta3
+    app.kubernetes.io/component: operator-role
+    app.kubernetes.io/part-of: litmus
+    app.kubernetes.io/managed-by: kubectl
+    name: litmus-namespace-scope-for-litmusportal-server
+rules:
+  - apiGroups: [""]
+    resources: [replicationcontrollers, secrets]
+    verbs: [get, list]
+  - apiGroups: [apps.openshift.io]
+    resources: [deploymentconfigs]
+    verbs: [get, list]
+  - apiGroups: [apps]
+    resources: [deployments, daemonsets, replicasets, statefulsets]
+    verbs: [get, list, update]
+  - apiGroups: [batch]
+    resources: [jobs]
+    verbs: [get, list, create, deletecollection]
+  - apiGroups: [argoproj.io]
+    resources: [rollouts]
+    verbs: [get, list]
+  - apiGroups: [""]
+    resources: [pods, pods/exec, configmaps, events, services]
+    verbs: [get, create, update, patch, delete, list, watch, deletecollection]
+  - apiGroups: [litmuschaos.io]
+    resources: [chaosengines, chaosexperiments, chaosresults]
+    verbs: [get, create, update, patch, delete, list, watch, deletecollection]
+  - apiGroups: ["litmuschaos.io"]
+    resources: ["chaosengines/finalizers"]
+    verbs: ["update"]
+  - apiGroups: [ "coordination.k8s.io" ]
+    resources: [ "leases" ]
+    verbs: [ "get","create","list","update","delete" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: litmus-namespace-scope-rb-for-litmusportal-server
+  labels:
+    app.kubernetes.io/name: litmus
+    # provide unique instance-id if applicable
+    # app.kubernetes.io/instance: litmus-abcxzy
+    app.kubernetes.io/version: 3.0.0-beta3
+    app.kubernetes.io/component: operator-rolebinding
+    app.kubernetes.io/part-of: litmus
+    app.kubernetes.io/managed-by: kubectl
+    name: litmus-namespace-scope-rb-for-litmusportal-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: litmus-namespace-scope-for-litmusportal-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/namespace/3a_agents_rbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: subscriber-role-for-litmusportal-server
+  labels:
+    name: subscriber-role-for-litmusportal-server
+rules:
+  - apiGroups: [""]
+    resources: [configmaps, secrets]
+    verbs: [get, create, delete, update]
+
+  - apiGroups: [""]
+    resources: [pods/log]
+    verbs: [get, list, watch]
+
+  - apiGroups: [""]
+    resources: [pods, services]
+    verbs: [get, list, watch]
+
+  - apiGroups: [litmuschaos.io]
+    resources: [chaosengines, chaosschedules, chaosresults]
+    verbs: [get, list, create, delete, update, watch]
+
+  - apiGroups: [apps.openshift.io]
+    resources: [deploymentconfigs]
+    verbs: [get, list]
+
+  - apiGroups: [apps]
+    resources: [deployments, daemonsets, replicasets, statefulsets]
+    verbs: [get, list, delete]
+
+  - apiGroups: [argoproj.io]
+    resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, rollouts]
+    verbs: [get, list, create, delete, update, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: subscriber-rb-for-litmusportal-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+roleRef:
+  kind: Role
+  name: subscriber-role-for-litmusportal-server
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: litmus-admin-role-for-litmusportal-server
+  labels:
+    name: litmus-admin-role-for-litmusportal-server
+rules:
+  # ***************************************************************************************
+  # Permissions needed for preparing and monitor the chaos resources by chaos-runner
+  # ***************************************************************************************
+
+  # The chaos operator watches the chaosengine resource and orchestartes the chaos experiment..
+  ## .. by creating the chaos-runner
+
+  # for creating and monitoring the chaos-runner pods
+  - apiGroups: [""]
+    resources: [pods, events]
+    verbs: [create, delete, get, list, patch, update, deletecollection]
+
+    # for fetching configmaps and secrets to inject into chaos-runner pod (if specified)
+  - apiGroups: [""]
+    resources: [secrets, configmaps]
+    verbs: [get, list]
+
+    # for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner
+  - apiGroups: [""]
+    resources: [pods/log]
+    verbs: [get, list, watch]
+
+    # for configuring and monitor the experiment job by chaos-runner pod
+  - apiGroups: [batch]
+    resources: [jobs]
+    verbs: [create, list, get, delete, deletecollection]
+
+    # ********************************************************************
+    # Permissions needed for creation and discovery of chaos experiments
+    # ********************************************************************
+
+    # The helper pods are created by experiment to perform the actual chaos injection ...
+    # ... for a period of chaos duration
+
+    # for creating and deleting the helper or target app pod and events by experiment
+  - apiGroups: [""]
+    resources: [pods]
+    verbs: [create, delete, deletecollection]
+
+    # for creating and monitoring the events for chaos operations
+  - apiGroups: [""]
+    resources: [events]
+    verbs: [create, delete, get, list, patch, update, deletecollection]
+
+    # for monitoring the helper and target app pod
+  - apiGroups: [""]
+    resources: [pods]
+    verbs: [get, list, patch, update]
+
+    # for creating and managing to execute comands inside target container
+  - apiGroups: [""]
+    resources: [pods/exec, pods/eviction, replicationcontrollers]
+    verbs: [get, list, create]
+
+    # for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment
+  - apiGroups: [""]
+    resources: [pods/log]
+    verbs: [get, list, watch]
+
+    # for creating and monitoring liveness services or monitoring target app services during chaos injection
+  - apiGroups: [""]
+    resources: [services]
+    verbs: [create, delete, get, list, delete, deletecollection]
+
+    # for checking the app parent resources as deployments or sts and are eligible chaos candidates
+  - apiGroups: [apps]
+    resources: [deployments, statefulsets]
+    verbs: [list, get, patch, update, create, delete, deletecollection]
+
+    # for checking the app parent resources as replicasets and are eligible chaos candidates
+  - apiGroups: [apps]
+    resources: [replicasets]
+    verbs: [list, get]
+
+    # for checking the app parent resources as deamonsets and are eligible chaos candidates
+  - apiGroups: [apps]
+    resources: [daemonsets]
+    verbs: [list, get, delete]
+
+    # for checking (openshift) app parent resources if they are eligible chaos candidates
+  - apiGroups: [apps.openshift.io]
+    resources: [deploymentconfigs]
+    verbs: [list, get]
+
+    # for checking (argo) app parent resources if they are eligible chaos candidates
+  - apiGroups: [argoproj.io]
+    resources: [rollouts]
+    verbs: [list, get]
+
+    # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
+  - apiGroups: [litmuschaos.io]
+    resources: [chaosengines, chaosexperiments, chaosresults]
+    verbs: [create, list, get, patch, update, delete]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: litmus-admin-rb-for-litmusportal-server
+  labels:
+    name: litmus-admin-rb-for-litmusportal-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: litmus-admin-role-for-litmusportal-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: chaos-role-for-litmusportal-server
+rules:
+  # for managing the pods created by workflow controller to implement individual steps in the workflow
+  - apiGroups: [""]
+    resources: [pods, services]
+    verbs: [create, get, watch, patch, delete, list]
+
+  # for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow
+  - apiGroups: [""]
+    resources: [pods/log, secrets, configmaps]
+    verbs: [get, watch, create, delete, patch]
+
+  # for creation & deletion of application in predefined workflows
+  - apiGroups: [apps]
+    resources: [deployments, statefulsets]
+    verbs: [get, watch, patch , create, delete]
+
+  # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
+  - apiGroups: [litmuschaos.io]
+    resources:
+      [chaosengines, chaosexperiments, chaosresults, chaosschedules]
+    verbs: [create, list, get, patch, delete, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: chaos-rb-for-litmusportal-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: chaos-role-for-litmusportal-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: event-tracker-role-for-litmusportal-server
+rules:
+  - apiGroups: [eventtracker.litmuschaos.io]
+    resources: [eventtrackerpolicies]
+    verbs: [create, delete, get, list, patch, update, watch]
+  - apiGroups: [eventtracker.litmuschaos.io]
+    resources: [eventtrackerpolicies/status]
+    verbs: [get, patch, update]
+  - apiGroups: [""]
+    resources: [pods, configmaps, secrets]
+    verbs: [get, list, watch]
+  - apiGroups: [extensions, apps]
+    resources: [deployments, daemonsets, statefulsets]
+    verbs: [get, list, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: event-tracker-rb-for-litmusportal-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: event-tracker-role-for-litmusportal-server
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+# litmus-server-role is used by the litmusportal-server
+# If SELF_AGENT=false, then only litmus-server-role and litmus-server-rb are required.
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: litmus-server-role
+rules:
+  - apiGroups: [networking.k8s.io, extensions]
+    resources: [ingresses]
+    verbs: [get]
+  - apiGroups: [""]
+    resources: [services,  pods/log]
+    verbs: [get, watch]
+  - apiGroups: [apps]
+    resources: [deployments]
+    verbs: [create]
+  - apiGroups: [""]
+    resources: [configmaps]
+    verbs: [get]
+  - apiGroups: [""]
+    resources: [serviceaccounts]
+    verbs: [create]
+  - apiGroups: [rbac.authorization.k8s.io]
+    resources: [rolebindings, roles]
+    verbs: [create]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: litmus-server-rb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: litmus-server-role
+subjects:
+  - kind: ServiceAccount
+    name: litmus-server-account
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: litmus-server-account
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: litmus-portal-admin-secret
+stringData:
+  JWT_SECRET: "litmus-portal@123"
+  DB_USER: "admin"
+  DB_PASSWORD: "1234"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: litmus-portal-admin-config
+data:
+  AGENT_SCOPE: namespace
+  DB_SERVER: "mongodb://mongo-service:27017"
+  VERSION: "3.0.0-beta3"
+  SKIP_SSL_VERIFY: "false"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: litmusportal-frontend-nginx-configuration
+data:
+  default.conf: |
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        '' close;
+    }
+    server {
+        listen       8080;
+        server_name  localhost;
+        #charset koi8-r;
+        #access_log  /var/log/nginx/host.access.log  main;
+
+        location / {
+            proxy_http_version 1.1;
+            root   /usr/share/nginx/html;
+            index  index.html index.htm;
+            try_files $uri /index.html;
+        }
+
+        #error_page  404              /404.html;
+
+        # redirect server error pages to the static page /50x.html
+        #
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/share/nginx/html;
+        }
+
+        # deny access to .htaccess files, if Apache's document root
+        # concurs with nginx's one
+        #
+        #location ~ /\.ht {
+        #    deny  all;
+        #}
+
+        location /auth/ {
+            proxy_http_version 1.1;
+            proxy_set_header   Host                 $host;
+            proxy_set_header   X-Real-IP            $remote_addr;
+            proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Proto    $scheme;
+            proxy_pass "http://litmusportal-auth-server-service:9003/";
+        }
+
+        location /api/ {
+            proxy_http_version 1.1;
+            proxy_set_header   Host                 $host;
+            proxy_set_header   X-Real-IP            $remote_addr;
+            proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Proto    $scheme;
+            proxy_pass "http://litmusportal-server-service:9002/";
+        }
+
+        location /ws/ {
+            proxy_http_version 1.1;
+            proxy_set_header   Upgrade              $http_upgrade;
+            proxy_set_header   Connection           $connection_upgrade;
+            proxy_set_header   Host                 $host;
+            proxy_set_header   X-Real-IP            $remote_addr;
+            proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Proto    $scheme;
+            proxy_pass "http://litmusportal-server-service:9002/";
+        }
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: litmusportal-frontend
+  labels:
+    component: litmusportal-frontend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: litmusportal-frontend
+  template:
+    metadata:
+      labels:
+        component: litmusportal-frontend
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - name: litmusportal-frontend
+          image: litmuschaos/litmusportal-frontend:3.0.0-beta3
+          securityContext:
+            runAsUser: 2000
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+          volumeMounts:
+            - name: nginx-config
+              mountPath: /etc/nginx/conf.d/default.conf
+              subPath: default.conf
+          resources:
+            requests:
+              memory: "250Mi"
+              cpu: "125m"
+              ephemeral-storage: "500Mi"
+            limits:
+              memory: "512Mi"
+              cpu: "550m"
+              ephemeral-storage: "1Gi"
+      volumes:
+        - name: nginx-config
+          configMap:
+            name: litmusportal-frontend-nginx-configuration
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: litmusportal-frontend-service
+spec:
+  type: NodePort
+  ports:
+    - name: http
+      port: 9091
+      targetPort: 8080
+  selector:
+    component: litmusportal-frontend
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: litmusportal-server
+  labels:
+    component: litmusportal-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: litmusportal-server
+  template:
+    metadata:
+      labels:
+        component: litmusportal-server
+    spec:
+      initContainers:
+        - name: wait-for-mongodb
+          image: litmuschaos/curl:3.0.0-beta3
+          command: ["/bin/sh", "-c"]
+          args:
+            [
+                "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'",
+            ]
+          resources:
+            requests:
+              memory: "150Mi"
+              cpu: "25m"
+              ephemeral-storage: "500Mi"
+            limits:
+              memory: "512Mi"
+              cpu: "250m"
+              ephemeral-storage: "1Gi"
+      volumes:
+        - name: gitops-storage
+          emptyDir: {}
+        - name: hub-storage
+          emptyDir: {}
+      containers:
+        - name: graphql-server
+          image: litmuschaos/litmusportal-server:3.0.0-beta3
+          volumeMounts:
+            - mountPath: /tmp/gitops
+              name: gitops-storage
+            - mountPath: /tmp/version
+              name: hub-storage
+          securityContext:
+            runAsUser: 2000
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            readOnlyRootFilesystem: true
+          envFrom:
+            - configMapRef:
+                name: litmus-portal-admin-config
+            - secretRef:
+                name: litmus-portal-admin-secret
+          env:
+            - name: LITMUS_PORTAL_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: AGENT_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: SELF_AGENT
+              value: "true"
+            - name: SELF_AGENT_NODE_SELECTOR
+              value: ""
+            - name: SELF_AGENT_TOLERATIONS
+              value: ""
+            # if self-signed certificate are used pass the base64 tls certificate, to allow agents to use tls for communication
+            - name: TLS_CERT_B64
+              value: ""
+            - name: CHAOS_CENTER_SCOPE
+              value: "namespace"
+            - name: AGENT_DEPLOYMENTS
+              value: "[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]"
+            - name: SERVER_SERVICE_NAME
+              value: "litmusportal-server-service"
+            - name: CHAOS_CENTER_UI_ENDPOINT
+              value: ""
+            - name: SUBSCRIBER_IMAGE
+              value: "litmuschaos/litmusportal-subscriber:3.0.0-beta3"
+            - name: EVENT_TRACKER_IMAGE
+              value: "litmuschaos/litmusportal-event-tracker:3.0.0-beta3"
+            - name: ARGO_WORKFLOW_CONTROLLER_IMAGE
+              value: "litmuschaos/workflow-controller:v3.3.1"
+            - name: ARGO_WORKFLOW_EXECUTOR_IMAGE
+              value: "litmuschaos/argoexec:v3.3.1"
+            - name: LITMUS_CHAOS_OPERATOR_IMAGE
+              value: "litmuschaos/chaos-operator:3.0.0-beta3"
+            - name: LITMUS_CHAOS_RUNNER_IMAGE
+              value: "litmuschaos/chaos-runner:3.0.0-beta3"
+            - name: LITMUS_CHAOS_EXPORTER_IMAGE
+              value: "litmuschaos/chaos-exporter:3.0.0-beta3"
+            - name: CONTAINER_RUNTIME_EXECUTOR
+              value: "k8sapi"
+            - name: HUB_BRANCH_NAME
+              value: "v3.0.0-beta3"
+            - name: LITMUS_AUTH_GRPC_ENDPOINT
+              value: "litmusportal-auth-server-service"
+            - name: LITMUS_AUTH_GRPC_PORT
+              value: ":3030"
+            - name: WORKFLOW_HELPER_IMAGE_VERSION
+              value: "3.0.0-beta3"
+            - name: REMOTE_HUB_MAX_SIZE
+              value: "5000000"
+            - name: INGRESS
+              value: "false"
+            - name: INGRESS_NAME
+              value: "litmus-ingress"
+          ports:
+            - containerPort: 8080
+            - containerPort: 8000
+          imagePullPolicy: Always
+          resources:
+            requests:
+              memory: "250Mi"
+              cpu: "225m"
+              ephemeral-storage: "500Mi"
+            limits:
+              memory: "712Mi"
+              cpu: "550m"
+              ephemeral-storage: "1Gi"
+      serviceAccountName: litmus-server-account
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: litmusportal-server-service
+spec:
+  type: NodePort
+  ports:
+    - name: graphql-server
+      port: 9002
+      targetPort: 8080
+    - name: graphql-rpc-server
+      port: 8000
+      targetPort: 8000
+  selector:
+    component: litmusportal-server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: litmusportal-auth-server
+  labels:
+    component: litmusportal-auth-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: litmusportal-auth-server
+  template:
+    metadata:
+      labels:
+        component: litmusportal-auth-server
+    spec:
+      automountServiceAccountToken: false
+      initContainers:
+        - name: wait-for-mongodb
+          image: litmuschaos/curl:3.0.0-beta3
+          command: ["/bin/sh", "-c"]
+          args:
+            [
+                "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'",
+            ]
+          resources:
+            requests:
+              memory: "150Mi"
+              cpu: "25m"
+              ephemeral-storage: "500Mi"
+            limits:
+              memory: "512Mi"
+              cpu: "250m"
+              ephemeral-storage: "1Gi"
+      containers:
+        - name: auth-server
+          image: litmuschaos/litmusportal-auth-server:3.0.0-beta3
+          securityContext:
+            runAsUser: 2000
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            readOnlyRootFilesystem: true
+          envFrom:
+            - configMapRef:
+                name: litmus-portal-admin-config
+            - secretRef:
+                name: litmus-portal-admin-secret
+          env:
+            - name: STRICT_PASSWORD_POLICY
+              value: "false"
+            - name: ADMIN_USERNAME
+              value: "admin"
+            - name: ADMIN_PASSWORD
+              value: "litmus"
+            - name: LITMUS_GQL_GRPC_ENDPOINT
+              value: "litmusportal-server-service"
+            - name: LITMUS_GQL_GRPC_PORT
+              value: ":8000"
+          ports:
+            - containerPort: 3000
+            - containerPort: 3030
+          imagePullPolicy: Always
+          resources:
+            requests:
+              memory: "250Mi"
+              cpu: "125m"
+              ephemeral-storage: "500Mi"
+            limits:
+              memory: "712Mi"
+              cpu: "550m"
+              ephemeral-storage: "1Gi"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: litmusportal-auth-server-service
+spec:
+  type: NodePort
+  ports:
+    - name: auth-server
+      port: 9003
+      targetPort: 3000
+    - name: auth-rpc-server
+      port: 3030
+      targetPort: 3030
+  selector:
+    component: litmusportal-auth-server
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mongo
+  labels:
+    app: mongo
+spec:
+  selector:
+    matchLabels:
+      component: database
+  serviceName: mongo-headless-service
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        component: database
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - name: mongo
+          image: litmuschaos/mongo:4.2.8
+          securityContext:
+            #            runAsUser: 2000
+            allowPrivilegeEscalation: false
+          args: ["--ipv6"]
+          ports:
+            - containerPort: 27017
+          imagePullPolicy: Always
+          volumeMounts:
+            - name: mongo-persistent-storage
+              mountPath: /data/db
+          env:
+            - name: MONGO_INITDB_ROOT_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: litmus-portal-admin-secret
+                  key: DB_USER
+            - name: MONGO_INITDB_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: litmus-portal-admin-secret
+                  key: DB_PASSWORD
+          resources:
+            requests:
+              memory: "250Mi"
+              cpu: "125m"
+              ephemeral-storage: "500Mi"
+            limits:
+              memory: "712Mi"
+              cpu: "550m"
+              ephemeral-storage: "3Gi"
+  volumeClaimTemplates:
+    - metadata:
+        name: mongo-persistent-storage
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 20Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: mongo
+  name: mongo-service
+spec:
+  ports:
+    - port: 27017
+      targetPort: 27017
+  selector:
+    component: database
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: mongo
+  name: mongo-headless-service
+spec:
+  clusterIP: None
+  ports:
+    - port: 27017
+      targetPort: 27017
+  selector:
+    component: database

mkdocs/docs/3.0.0-beta3/upgrade-agent.yaml

@@ -0,0 +1,19 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: upgrade-agent
+spec:
+  ttlSecondsAfterFinished: 60
+  backoffLimit: 0
+  template:
+    spec:
+      containers:
+        - name: upgrade-agent
+          image: litmuschaos/upgrade-agent-cp:3.0.0-beta3
+          envFrom:
+            - configMapRef:
+                name: litmus-portal-admin-config
+            - secretRef:
+                name: litmus-portal-admin-secret
+          imagePullPolicy: Always
+      restartPolicy: Never