litmuschaos
/
litmus
mirror of https://github.com/litmuschaos/litmus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added Manifests for 2.0.0-RC1 & downgraded the Beta Manifest to Beta9 (#3102) 

* Added Manifests for 2.0.0 Chaos Center & downgraded the Beta Manifests to Beta9.

Signed-off-by: Jonsy13 <vedant.shrotria@chaosnative.com>

* Changed the version to 2.0.0-RC1.

Signed-off-by: Jonsy13 <vedant.shrotria@chaosnative.com>
This commit is contained in:
Vedant Shrotria 2021-08-09 12:20:31 +05:30 committed by GitHub
parent e5d5e00826
commit e0b53db70d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 1480 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
docs/2.0.0-Beta/litmus-2.0.0-Beta.yaml
View File

@ -116,7 +116,7 @@ metadata:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
app.kubernetes.io/version: v2.0.0-RC1
app.kubernetes.io/version: v1.13.6
app.kubernetes.io/component: operator-clusterrole
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
@ -143,9 +143,6 @@ rules:
- apiGroups: [litmuschaos.io]
resources: [chaosengines, chaosexperiments, chaosresults]
verbs: [get, create, update, patch, delete, list, watch, deletecollection]
- apiGroups: [apiextensions.k8s.io]
resources: [customresourcedefinitions]
verbs: [list, get]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@ -155,7 +152,7 @@ metadata:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
app.kubernetes.io/version: v2.0.0-RC1
app.kubernetes.io/version: v1.13.6
app.kubernetes.io/component: operator-clusterrolebinding
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
@ -442,7 +439,6 @@ subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
## Control plane manifests
---
apiVersion: v1
kind: Namespace
@ -467,7 +463,6 @@ data:
JWTSecret: "litmus-portal@123"
DB_USER: "admin"
DB_PASSWORD: "1234"
VERSION: "ci"
---
apiVersion: apps/v1
kind: Deployment
@ -488,7 +483,7 @@ spec:
spec:
containers:
- name: litmusportal-frontend
image: litmuschaos/litmusportal-frontend:2.0.0-RC1
image: litmuschaos/litmusportal-frontend:2.0.0-Beta9
imagePullPolicy: Always
ports:
- containerPort: 8080
@ -532,13 +527,8 @@ spec:
spec:
containers:
- name: graphql-server
image: litmuschaos/litmusportal-server:2.0.0-RC1
image: litmuschaos/litmusportal-server:2.0.0-Beta9
env:
- name: VERSION
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: VERSION
- name: DB_SERVER
valueFrom:
configMapKeyRef:
@ -578,23 +568,21 @@ spec:
- name: PORTAL_SCOPE
value: "cluster"
- name: SUBSCRIBER_IMAGE
value: "litmuschaos/litmusportal-subscriber:2.0.0-RC1"
value: "litmuschaos/litmusportal-subscriber:2.0.0-Beta9"
- name: EVENT_TRACKER_IMAGE
value: "litmuschaos/litmusportal-event-tracker:2.0.0-RC1"
value: "litmuschaos/litmusportal-event-tracker:2.0.0-Beta9"
- name: ARGO_WORKFLOW_CONTROLLER_IMAGE
value: "litmuschaos/workflow-controller:v2.11.0"
- name: ARGO_WORKFLOW_EXECUTOR_IMAGE
value: "litmuschaos/argoexec:v2.11.0"
- name: LITMUS_CHAOS_OPERATOR_IMAGE
value: "litmuschaos/chaos-operator:2.0.0-RC1"
value: "litmuschaos/chaos-operator:1.13.6"
- name: LITMUS_CHAOS_RUNNER_IMAGE
value: "litmuschaos/chaos-runner:2.0.0-RC1"
value: "litmuschaos/chaos-runner:1.13.6"
- name: LITMUS_CHAOS_EXPORTER_IMAGE
value: "litmuschaos/chaos-exporter:2.0.0-RC1"
value: "litmuschaos/chaos-exporter:1.13.6"
- name: SERVER_SERVICE_NAME
value: "litmusportal-server-service"
- name: AGENT_DEPLOYMENTS
value: "[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]"
- name: NODE_NAME
valueFrom:
fieldRef:
@ -606,15 +594,13 @@ spec:
- name: CONTAINER_RUNTIME_EXECUTOR
value: "k8sapi"
- name: HUB_BRANCH_NAME
value: "v2.0.x"
value: "v1.13.x"
ports:
- containerPort: 8080
imagePullPolicy: Always
- name: auth-server
image: litmuschaos/litmusportal-auth-server:2.0.0-RC1
image: litmuschaos/litmusportal-auth-server:2.0.0-Beta9
env:
- name: STRICT_PASSWORD_POLICY
value: "false"
- name: DB_SERVER
valueFrom:
configMapKeyRef:

50
docs/2.0.0-Beta/litmus-namespaced-2.0.0-Beta.yaml
View File

@ -132,7 +132,7 @@ metadata:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
app.kubernetes.io/version: v2.0.0-RC1
app.kubernetes.io/version: v1.13.6
app.kubernetes.io/component: operator-role
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
@ -168,7 +168,7 @@ metadata:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
app.kubernetes.io/version: v2.0.0-RC1
app.kubernetes.io/version: v1.13.6
app.kubernetes.io/component: operator-rolebinding
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
@ -474,7 +474,6 @@ data:
JWTSecret: "litmus-portal@123"
DB_USER: "admin"
DB_PASSWORD: "1234"
VERSION: "ci"
---
apiVersion: apps/v1
kind: Deployment
@ -494,7 +493,11 @@ spec:
spec:
containers:
- name: litmusportal-frontend
image: litmuschaos/litmusportal-frontend:2.0.0-RC1
image: litmuschaos/litmusportal-frontend:2.0.0-Beta9
resources:
limits:
cpu: 200m
memory: 400Mi
imagePullPolicy: Always
ports:
- containerPort: 8080
@ -536,13 +539,12 @@ spec:
spec:
containers:
- name: graphql-server
image: litmuschaos/litmusportal-server:2.0.0-RC1
image: litmuschaos/litmusportal-server:2.0.0-Beta9
resources:
limits:
cpu: 200m
memory: 400Mi
env:
- name: VERSION
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: VERSION
- name: DB_SERVER
valueFrom:
configMapKeyRef:
@ -581,36 +583,36 @@ spec:
key: DB_PASSWORD
- name: PORTAL_SCOPE
value: "namespace"
- name: AGENT_DEPLOYMENTS
value: "[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]"
- name: PORTAL_ENDPOINT
value: "http://litmusportal-server-service:9002"
- name: SUBSCRIBER_IMAGE
value: "litmuschaos/litmusportal-subscriber:2.0.0-RC1"
value: "litmuschaos/litmusportal-subscriber:2.0.0-Beta9"
- name: EVENT_TRACKER_IMAGE
value: "litmuschaos/litmusportal-event-tracker:2.0.0-RC1"
value: "litmuschaos/litmusportal-event-tracker:2.0.0-Beta9"
- name: ARGO_WORKFLOW_CONTROLLER_IMAGE
value: "litmuschaos/workflow-controller:v2.11.0"
- name: ARGO_WORKFLOW_EXECUTOR_IMAGE
value: "litmuschaos/argoexec:v2.11.0"
- name: LITMUS_CHAOS_OPERATOR_IMAGE
value: "litmuschaos/chaos-operator:2.0.0-RC1"
value: "litmuschaos/chaos-operator:1.13.6"
- name: LITMUS_CHAOS_RUNNER_IMAGE
value: "litmuschaos/chaos-runner:2.0.0-RC1"
value: "litmuschaos/chaos-runner:1.13.6"
- name: LITMUS_CHAOS_EXPORTER_IMAGE
value: "litmuschaos/chaos-exporter:2.0.0-RC1"
value: "litmuschaos/chaos-exporter:1.13.6"
- name: CONTAINER_RUNTIME_EXECUTOR
value: "k8sapi"
- name: HUB_BRANCH_NAME
value: "v2.0.x"
value: "v1.13.x"
ports:
- containerPort: 8080
imagePullPolicy: Always
- name: auth-server
image: litmuschaos/litmusportal-auth-server:2.0.0-RC1
image: litmuschaos/litmusportal-auth-server:2.0.0-Beta9
resources:
limits:
cpu: 200m
memory: 250Mi
env:
- name: STRICT_PASSWORD_POLICY
value: "false"
- name: DB_SERVER
valueFrom:
configMapKeyRef:
@ -676,6 +678,10 @@ spec:
containers:
- name: mongo
image: litmuschaos/mongo:4.2.8
resources:
limits:
cpu: 200m
memory: 400Mi
ports:
- containerPort: 27017
imagePullPolicy: Always
@ -714,4 +720,4 @@ spec:
- port: 27017
targetPort: 27017
selector:
component: database
component: database

724
docs/2.0.0/litmus-2.0.0.yaml Normal file
View File

@ -0,0 +1,724 @@
### RBAC Manifests
## If SELF_CLUSTER="true" then these permissions are required to apply
## https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/1b_argo_rbac.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: argo-aggregate-to-admin-for-litmusportal-server
rules:
- apiGroups: [argoproj.io]
resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers]
verbs: [create, delete, deletecollection, get, list, patch, update, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: argo-aggregate-to-edit-for-litmusportal-server
rules:
- apiGroups: [argoproj.io]
resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers]
verbs: [create, delete, deletecollection, get, list, patch, update, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: argo-aggregate-to-view-for-litmusportal-server
rules:
- apiGroups: [argoproj.io]
resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers]
verbs: [get, list, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argo-cr-for-litmusportal-server
rules:
- apiGroups: [""]
resources: [pods, pods/exec]
verbs: [create, get, list, watch, update, patch, delete]
- apiGroups: [""]
resources: [configmaps]
verbs: [get, watch, list]
- apiGroups: [""]
resources: [persistentvolumeclaims]
verbs: [create, delete]
- apiGroups: [argoproj.io]
resources: [workflows, workflows/finalizers]
verbs: [get, list, watch, update, patch, delete, create]
- apiGroups: [argoproj.io]
resources: [workflowtemplates, workflowtemplates/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers]
verbs: [get, list, watch]
- apiGroups: [""]
resources: [serviceaccounts]
verbs: [get, list]
- apiGroups: [argoproj.io]
resources: [cronworkflows, cronworkflows/finalizers]
verbs: [get, list, watch, update, patch, delete]
- apiGroups: [""]
resources: [events]
verbs: [create, patch]
- apiGroups: [policy]
resources: [poddisruptionbudgets]
verbs: [create, get, delete]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: argo-crb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argo-cr-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: argo-aggregate-to-view-crb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argo-aggregate-to-view-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: argo-aggregate-to-admin-crb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argo-aggregate-to-admin-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/2b_litmus_rbac.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: litmus-cluster-scope-for-litmusportal-server
labels:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
app.kubernetes.io/version: v2.0.0-RC1
app.kubernetes.io/component: operator-clusterrole
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
name: litmus-cluster-scope-for-litmusportal-server
rules:
- apiGroups: [""]
resources: [replicationcontrollers, secrets]
verbs: [get, list]
- apiGroups: [apps.openshift.io]
resources: [deploymentconfigs]
verbs: [get, list]
- apiGroups: [apps]
resources: [deployments, daemonsets, replicasets, statefulsets]
verbs: [get, list]
- apiGroups: [batch]
resources: [jobs]
verbs: [get, list, deletecollection]
- apiGroups: [argoproj.io]
resources: [rollouts]
verbs: [get, list]
- apiGroups: [""]
resources: [pods, configmaps, events, services]
verbs: [get, create, update, patch, delete, list, watch, deletecollection]
- apiGroups: [litmuschaos.io]
resources: [chaosengines, chaosexperiments, chaosresults]
verbs: [get, create, update, patch, delete, list, watch, deletecollection]
- apiGroups: [apiextensions.k8s.io]
resources: [customresourcedefinitions]
verbs: [list, get]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: litmus-cluster-scope-crb-for-litmusportal-server
labels:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
app.kubernetes.io/version: v2.0.0-RC1
app.kubernetes.io/component: operator-clusterrolebinding
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
name: litmus-cluster-scope-crb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: litmus-cluster-scope-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/3a_agents_rbac.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: litmus-admin-cr-for-litmusportal-server
labels:
name: litmus-admin-cr-for-litmusportal-server
rules:
# ***************************************************************************************
# Permissions needed for preparing and monitor the chaos resources by chaos-runner
# ***************************************************************************************
# The chaos operator watches the chaosengine resource and orchestartes the chaos experiment..
## .. by creating the chaos-runner
# for creating and monitoring the chaos-runner pods
- apiGroups: [""]
resources: [pods,events]
verbs: [create, delete, get, list, patch, update, deletecollection]
# for fetching configmaps and secrets to inject into chaos-runner pod (if specified)
- apiGroups: [""]
resources: [secrets, configmaps]
verbs: [get, list]
# for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner
- apiGroups: [""]
resources: [pods/log]
verbs: [get, list, watch]
# for configuring and monitor the experiment job by chaos-runner pod
- apiGroups: [batch]
resources: [jobs]
verbs: [create, list, get, delete, deletecollection]
# ********************************************************************
# Permissions needed for creation and discovery of chaos experiments
# ********************************************************************
# The helper pods are created by experiment to perform the actual chaos injection ...
# ... for a period of chaos duration
# for creating and deleting the helper or target app pod and events by experiment
- apiGroups: [""]
resources: [pods]
verbs: [create, delete, deletecollection]
# for creating and monitoring the events for chaos operations
- apiGroups: [""]
resources: [events]
verbs: [create, delete, get, list, patch, update, deletecollection]
# for monitoring the helper and target app pod
- apiGroups: [""]
resources: [pods]
verbs: [get, list, patch, update]
# for creating and managing to execute comands inside target container
- apiGroups: [""]
resources: [pods/exec, pods/eviction, replicationcontrollers]
verbs: [get,list,create]
# for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment
- apiGroups: [""]
resources: [pods/log]
verbs: [get, list, watch]
# for creating and monitoring liveness services or monitoring target app services during chaos injection
- apiGroups: [""]
resources: [services]
verbs: [create, delete, get, list, delete, deletecollection]
# for checking the app parent resources as deployments or sts and are eligible chaos candidates
- apiGroups: [apps]
resources: [deployments, statefulsets]
verbs: [list, get, patch, update]
# for checking the app parent resources as replicasets and are eligible chaos candidates
- apiGroups: [apps]
resources: [replicasets]
verbs: [list, get]
# for checking the app parent resources as deamonsets and are eligible chaos candidates
- apiGroups: [apps]
resources: [daemonsets]
verbs: [list, get, delete]
# for checking (openshift) app parent resources if they are eligible chaos candidates
- apiGroups: [apps.openshift.io]
resources: [deploymentconfigs]
verbs: [list, get]
# for checking (argo) app parent resources if they are eligible chaos candidates
- apiGroups: [argoproj.io]
resources: [rollouts]
verbs: [list, get]
# for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
- apiGroups: [litmuschaos.io]
resources: [chaosengines, chaosexperiments, chaosresults]
verbs: [create, list, get, patch, update, delete]
# for experiment to perform node status checks and other node level operations like taint, drain in the experiment.
- apiGroups: [""]
resources: [nodes]
verbs: [patch, get, list, update]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: litmus-admin-crb-for-litmusportal-server
labels:
name: litmus-admin-crb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: litmus-admin-cr-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: chaos-cr-for-litmusportal-server
rules:
# for managing the pods created by workflow controller to implement individual steps in the workflow
- apiGroups: [""]
resources: [pods, services, namespaces]
verbs: [create, get, watch, patch, delete, list]
# for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow
- apiGroups: [""]
resources: [pods/log, secrets, configmaps]
verbs: [get, watch, create, delete, patch]
# for creation & deletion of application in predefined workflows
- apiGroups: [apps]
resources: [deployments, statefulsets]
verbs: [get, watch, patch, create, delete]
# for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
- apiGroups: [litmuschaos.io]
resources: [chaosengines, chaosexperiments, chaosresults, chaosschedules]
verbs: [create, list, get, patch, delete, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: chaos-crb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: chaos-cr-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: subscriber-cr-for-litmusportal-server
namespace: litmus
labels:
name: subscriber-cr-for-litmusportal-server
rules:
- apiGroups: [""]
resources: [configmaps]
verbs: [get, create, delete, update]
- apiGroups: [""]
resources: [pods/log]
verbs: [get, list, watch]
- apiGroups: [""]
resources: [pods, namespaces, nodes, services]
verbs: [get, list, watch]
- apiGroups: [litmuschaos.io]
resources: [chaosengines, chaosschedules, chaosresults]
verbs: [get, list, create, delete, update, watch]
- apiGroups: [apps.openshift.io]
resources: [deploymentconfigs]
verbs: [get, list]
- apiGroups: [apps]
resources: [deployments, daemonsets, replicasets, statefulsets]
verbs: [get, list]
- apiGroups: [argoproj.io]
resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, rollouts]
verbs: [get, list, create, delete, update, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: subscriber-crb-for-litmusportal-server
namespace: litmus
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
roleRef:
kind: ClusterRole
name: subscriber-cr-for-litmusportal-server
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: event-tracker-cr-for-litmusportal-server
rules:
- apiGroups: [eventtracker.litmuschaos.io]
resources: [eventtrackerpolicies]
verbs: [create, delete, get, list, patch, update, watch]
- apiGroups: [eventtracker.litmuschaos.io]
resources: [eventtrackerpolicies/status]
verbs: [get, patch, update]
- apiGroups: ["", extensions, apps]
resources: [deployments, daemonsets, statefulsets, pods, configmaps]
verbs: [get, list, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: event-tracker-crb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: event-tracker-cr-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
# litmus-server-cr is used by the litmusportal-server
# If SELF_CLUSTER=false, then only litmus-server-cr and litmus-server-crb are required.
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: litmus-server-cr
rules:
- apiGroups: [networking.k8s.io, extensions]
resources: [ingresses]
verbs: [get]
- apiGroups: [""]
resources: [services, nodes, pods/log]
verbs: [get, watch]
- apiGroups: [apiextensions.k8s.io]
resources: [customresourcedefinitions]
verbs: [create]
- apiGroups: [apps]
resources: [deployments]
verbs: [create]
- apiGroups: [""]
resources: [configmaps]
verbs: [get]
- apiGroups: [""]
resources: [serviceaccounts]
verbs: [create]
- apiGroups: [rbac.authorization.k8s.io]
resources: [rolebindings, roles, clusterrolebindings, clusterroles]
verbs: [create]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: litmus-server-crb
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: litmus-server-cr
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: litmus
## Control plane manifests
---
apiVersion: v1
kind: Namespace
metadata:
name: litmus
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: litmus-server-account
namespace: litmus
---
apiVersion: v1
kind: ConfigMap
metadata:
name: litmus-portal-admin-config
namespace: litmus
data:
AgentScope: cluster
AgentNamespace: litmus
DataBaseServer: "mongodb://mongo-service:27017"
JWTSecret: "litmus-portal@123"
DB_USER: "admin"
DB_PASSWORD: "1234"
VERSION: "2.0.0-RC1"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: litmusportal-frontend
namespace: litmus
labels:
component: litmusportal-frontend
spec:
replicas: 1
selector:
matchLabels:
component: litmusportal-frontend
template:
metadata:
labels:
component: litmusportal-frontend
spec:
containers:
- name: litmusportal-frontend
image: litmuschaos/litmusportal-frontend:2.0.0-RC1
imagePullPolicy: Always
ports:
- containerPort: 8080
env:
- name: AGENT_SCOPE
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: AgentScope
---
apiVersion: v1
kind: Service
metadata:
name: litmusportal-frontend-service
namespace: litmus
spec:
type: NodePort
ports:
- name: http
port: 9091
targetPort: 8080
selector:
component: litmusportal-frontend
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: litmusportal-server
namespace: litmus
labels:
component: litmusportal-server
spec:
replicas: 1
selector:
matchLabels:
component: litmusportal-server
template:
metadata:
labels:
component: litmusportal-server
spec:
containers:
- name: graphql-server
image: litmuschaos/litmusportal-server:2.0.0-RC1
env:
- name: VERSION
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: VERSION
- name: DB_SERVER
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: DataBaseServer
- name: JWT_SECRET
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: JWTSecret
- name: SELF_CLUSTER
value: "true"
- name: AGENT_SCOPE
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: AgentScope
- name: AGENT_NAMESPACE
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: AgentNamespace
- name: LITMUS_PORTAL_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: DB_USER
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: DB_USER
- name: DB_PASSWORD
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: DB_PASSWORD
- name: PORTAL_SCOPE
value: "cluster"
- name: SUBSCRIBER_IMAGE
value: "litmuschaos/litmusportal-subscriber:2.0.0-RC1"
- name: EVENT_TRACKER_IMAGE
value: "litmuschaos/litmusportal-event-tracker:2.0.0-RC1"
- name: ARGO_WORKFLOW_CONTROLLER_IMAGE
value: "litmuschaos/workflow-controller:v2.11.0"
- name: ARGO_WORKFLOW_EXECUTOR_IMAGE
value: "litmuschaos/argoexec:v2.11.0"
- name: LITMUS_CHAOS_OPERATOR_IMAGE
value: "litmuschaos/chaos-operator:2.0.0-RC1"
- name: LITMUS_CHAOS_RUNNER_IMAGE
value: "litmuschaos/chaos-runner:2.0.0-RC1"
- name: LITMUS_CHAOS_EXPORTER_IMAGE
value: "litmuschaos/chaos-exporter:2.0.0-RC1"
- name: SERVER_SERVICE_NAME
value: "litmusportal-server-service"
- name: AGENT_DEPLOYMENTS
value: "[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]"
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: INGRESS
value: "false"
- name: INGRESS_NAME
value: "litmus-ingress"
- name: CONTAINER_RUNTIME_EXECUTOR
value: "k8sapi"
- name: HUB_BRANCH_NAME
value: "v2.0.x"
ports:
- containerPort: 8080
imagePullPolicy: Always
- name: auth-server
image: litmuschaos/litmusportal-auth-server:2.0.0-RC1
env:
- name: STRICT_PASSWORD_POLICY
value: "false"
- name: DB_SERVER
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: DataBaseServer
- name: JWT_SECRET
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: JWTSecret
- name: DB_USER
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: DB_USER
- name: DB_PASSWORD
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: DB_PASSWORD
- name: ADMIN_USERNAME
value: "admin"
- name: ADMIN_PASSWORD
value: "litmus"
ports:
- containerPort: 3000
imagePullPolicy: Always
serviceAccountName: litmus-server-account
---
apiVersion: v1
kind: Service
metadata:
name: litmusportal-server-service
namespace: litmus
spec:
type: NodePort
ports:
- name: graphql-server
port: 9002
targetPort: 8080
- name: auth-server
port: 9003
targetPort: 3000
selector:
component: litmusportal-server
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mongo
namespace: litmus
labels:
app: mongo
spec:
selector:
matchLabels:
component: database
serviceName: mongo
replicas: 1
template:
metadata:
labels:
component: database
spec:
containers:
- name: mongo
image: litmuschaos/mongo:4.2.8
ports:
- containerPort: 27017
imagePullPolicy: Always
volumeMounts:
- name: mongo-persistent-storage
mountPath: /data/db
env:
- name: MONGO_INITDB_ROOT_USERNAME
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: DB_USER
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: DB_PASSWORD
volumeClaimTemplates:
- metadata:
name: mongo-persistent-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: Service
metadata:
labels:
app: mongo
name: mongo-service
namespace: litmus
spec:
ports:
- port: 27017
targetPort: 27017
selector:
component: database

717
docs/2.0.0/litmus-namespaced-2.0.0.yaml Normal file
View File

@ -0,0 +1,717 @@
### RBAC Manifests
## If SELF_CLUSTER="true" then these permissions are required to apply
## https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/namespace/1b_argo_rbac.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: argo-aggregate-to-admin-for-litmusportal-server
rules:
- apiGroups: [argoproj.io]
resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers]
verbs: [create, delete, deletecollection, get, list, patch, update, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: argo-aggregate-to-edit-for-litmusportal-server
rules:
- apiGroups: [argoproj.io]
resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers]
verbs: [create, delete, deletecollection, get, list, patch, update, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: argo-aggregate-to-view-for-litmusportal-server
rules:
- apiGroups: [argoproj.io]
resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers]
verbs: [get, list, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argo-role-for-litmusportal-server
rules:
- apiGroups: [""]
resources: [pods, pods/exec]
verbs: [create, get, list, watch, update, patch, delete]
- apiGroups: [""]
resources: [configmaps]
verbs: [get, watch, list]
- apiGroups: [""]
resources: [persistentvolumeclaims]
verbs: [create, delete]
- apiGroups: [argoproj.io]
resources: [workflows, workflows/finalizers]
verbs: [get, list, watch, update, patch, delete, create]
- apiGroups: [argoproj.io]
resources: [workflowtemplates, workflowtemplates/finalizers]
verbs: [get, list, watch]
- apiGroups: [""]
resources: [serviceaccounts]
verbs: [get, list]
- apiGroups: [""]
resources: [secrets]
verbs: [get]
- apiGroups: [argoproj.io]
resources: [cronworkflows, cronworkflows/finalizers]
verbs: [get, list, watch, update, patch, delete]
- apiGroups: [""]
resources: [events]
verbs: [create, patch]
- apiGroups: [policy]
resources: [poddisruptionbudgets]
verbs: [create, get, delete]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-rb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-role-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: ${LITMUS_PORTAL_NAMESPACE}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-aggregate-to-admin-rb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-aggregate-to-admin-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: ${LITMUS_PORTAL_NAMESPACE}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-aggregate-to-edit-rb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-aggregate-to-edit-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: ${LITMUS_PORTAL_NAMESPACE}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-aggregate-to-view-rb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-aggregate-to-view-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: ${LITMUS_PORTAL_NAMESPACE}
#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/namespace/2a_litmus_rbac.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: litmus-namespace-scope-for-litmusportal-server
labels:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
app.kubernetes.io/version: v2.0.0-RC1
app.kubernetes.io/component: operator-role
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
name: litmus-namespace-scope-for-litmusportal-server
rules:
- apiGroups: [""]
resources: [replicationcontrollers, secrets]
verbs: [get, list]
- apiGroups: [apps.openshift.io]
resources: [deploymentconfigs]
verbs: [get, list]
- apiGroups: [apps]
resources: [deployments, daemonsets, replicasets, statefulsets]
verbs: [get, list, update]
- apiGroups: [batch]
resources: [jobs]
verbs: [get, list, create, deletecollection]
- apiGroups: [argoproj.io]
resources: [rollouts]
verbs: [get, list]
- apiGroups: [""]
resources: [pods, pods/exec, configmaps, events, services]
verbs: [get, create, update, patch, delete, list, watch, deletecollection]
- apiGroups: [litmuschaos.io]
resources: [chaosengines, chaosexperiments, chaosresults]
verbs: [get, create, update, patch, delete, list, watch, deletecollection]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: litmus-namespace-scope-rb-for-litmusportal-server
labels:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
app.kubernetes.io/version: v2.0.0-RC1
app.kubernetes.io/component: operator-rolebinding
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
name: litmus-namespace-scope-rb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: litmus-namespace-scope-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: ${LITMUS_PORTAL_NAMESPACE}
#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/namespace/3a_agents_rbac.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: subscriber-role-for-litmusportal-server
labels:
name: subscriber-role-for-litmusportal-server
rules:
- apiGroups: [""]
resources: [configmaps]
verbs: [get, create, delete, update]
- apiGroups: [""]
resources: [pods/log]
verbs: [get, list, watch]
- apiGroups: [""]
resources: [pods, namespaces, nodes, services]
verbs: [get, list, watch]
- apiGroups: [litmuschaos.io]
resources: [chaosengines, chaosschedules, chaosresults]
verbs: [get, list, create, delete, update, watch]
- apiGroups: [apps.openshift.io]
resources: [deploymentconfigs]
verbs: [get, list]
- apiGroups: [apps]
resources: [deployments, daemonsets, replicasets, statefulsets]
verbs: [get, list]
- apiGroups: [argoproj.io]
resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, rollouts]
verbs: [get, list, create, delete, update, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: subscriber-rb-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: ${LITMUS_PORTAL_NAMESPACE}
roleRef:
kind: Role
name: subscriber-role-for-litmusportal-server
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: litmus-admin-role-for-litmusportal-server
labels:
name: litmus-admin-role-for-litmusportal-server
rules:
# ***************************************************************************************
# Permissions needed for preparing and monitor the chaos resources by chaos-runner
# ***************************************************************************************
# The chaos operator watches the chaosengine resource and orchestartes the chaos experiment..
## .. by creating the chaos-runner
# for creating and monitoring the chaos-runner pods
- apiGroups: [""]
resources: [pods, events]
verbs: [create, delete, get, list, patch, update, deletecollection]
# for fetching configmaps and secrets to inject into chaos-runner pod (if specified)
- apiGroups: [""]
resources: [secrets, configmaps]
verbs: [get, list]
# for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner
- apiGroups: [""]
resources: [pods/log]
verbs: [get, list, watch]
# for configuring and monitor the experiment job by chaos-runner pod
- apiGroups: [batch]
resources: [jobs]
verbs: [create, list, get, delete, deletecollection]
# ********************************************************************
# Permissions needed for creation and discovery of chaos experiments
# ********************************************************************
# The helper pods are created by experiment to perform the actual chaos injection ...
# ... for a period of chaos duration
# for creating and deleting the helper or target app pod and events by experiment
- apiGroups: [""]
resources: [pods]
verbs: [create, delete, deletecollection]
# for creating and monitoring the events for chaos operations
- apiGroups: [""]
resources: [events]
verbs: [create, delete, get, list, patch, update, deletecollection]
# for monitoring the helper and target app pod
- apiGroups: [""]
resources: [pods]
verbs: [get, list, patch, update]
# for creating and managing to execute comands inside target container
- apiGroups: [""]
resources: [pods/exec, pods/eviction, replicationcontrollers]
verbs: [get, list, create]
# for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment
- apiGroups: [""]
resources: [pods/log]
verbs: [get, list, watch]
# for creating and monitoring liveness services or monitoring target app services during chaos injection
- apiGroups: [""]
resources: [services]
verbs: [create, delete, get, list, delete, deletecollection]
# for checking the app parent resources as deployments or sts and are eligible chaos candidates
- apiGroups: [apps]
resources: [deployments, statefulsets]
verbs: [list, get, patch, update]
# for checking the app parent resources as replicasets and are eligible chaos candidates
- apiGroups: [apps]
resources: [replicasets]
verbs: [list, get]
# for checking the app parent resources as deamonsets and are eligible chaos candidates
- apiGroups: [apps]
resources: [daemonsets]
verbs: [list, get, delete]
# for checking (openshift) app parent resources if they are eligible chaos candidates
- apiGroups: [apps.openshift.io]
resources: [deploymentconfigs]
verbs: [list, get]
# for checking (argo) app parent resources if they are eligible chaos candidates
- apiGroups: [argoproj.io]
resources: [rollouts]
verbs: [list, get]
# for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
- apiGroups: [litmuschaos.io]
resources: [chaosengines, chaosexperiments, chaosresults]
verbs: [create, list, get, patch, update, delete]
# for experiment to perform node status checks and other node level operations like taint, drain in the experiment.
- apiGroups: [""]
resources: [nodes]
verbs: [patch, get, list, update]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: litmus-admin-rb-for-litmusportal-server
labels:
name: litmus-admin-rb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: litmus-admin-role-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: ${LITMUS_PORTAL_NAMESPACE}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: chaos-role-for-litmusportal-server
rules:
# for managing the pods created by workflow controller to implement individual steps in the workflow
- apiGroups: [""]
resources: [pods, services]
verbs: [create, get, watch, patch, delete, list]
# for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow
- apiGroups: [""]
resources: [pods/log, secrets, configmaps]
verbs: [get, watch, create, delete, patch]
# for creation & deletion of application in predefined workflows
- apiGroups: [apps]
resources: [deployments, statefulsets]
verbs: [get, watch, patch , create, delete]
# for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
- apiGroups: [litmuschaos.io]
resources:
[chaosengines, chaosexperiments, chaosresults, chaosschedules]
verbs: [create, list, get, patch, delete, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: chaos-rb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: chaos-role-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: ${LITMUS_PORTAL_NAMESPACE}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: event-tracker-role-for-litmusportal-server
rules:
- apiGroups: [eventtracker.litmuschaos.io]
resources: [eventtrackerpolicies]
verbs: [create, delete, get, list, patch, update, watch]
- apiGroups: [eventtracker.litmuschaos.io]
resources: [eventtrackerpolicies/status]
verbs: [get, patch, update]
- apiGroups: ["", extensions, apps]
resources: [deployments, daemonsets, statefulsets, pods, configmaps]
verbs: [get, list, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: event-tracker-rb-for-litmusportal-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: event-tracker-role-for-litmusportal-server
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: ${LITMUS_PORTAL_NAMESPACE}
# litmus-server-role is used by the litmusportal-server
# If SELF_CLUSTER=false, then only litmus-server-role and litmus-server-rb are required.
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: litmus-server-role
rules:
- apiGroups: [networking.k8s.io, extensions]
resources: [ingresses]
verbs: [get]
- apiGroups: [""]
resources: [services, pods/log]
verbs: [get, watch]
- apiGroups: [apps]
resources: [deployments]
verbs: [create]
- apiGroups: [""]
resources: [configmaps]
verbs: [get]
- apiGroups: [""]
resources: [serviceaccounts]
verbs: [create]
- apiGroups: [rbac.authorization.k8s.io]
resources: [rolebindings, roles]
verbs: [create]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: litmus-server-rb
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: litmus-server-role
subjects:
- kind: ServiceAccount
name: litmus-server-account
namespace: ${LITMUS_PORTAL_NAMESPACE}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: litmus-server-account
---
apiVersion: v1
kind: ConfigMap
metadata:
name: litmus-portal-admin-config
data:
AgentScope: namespace
AgentNamespace: ${LITMUS_PORTAL_NAMESPACE}
DataBaseServer: "mongodb://mongo-service:27017"
JWTSecret: "litmus-portal@123"
DB_USER: "admin"
DB_PASSWORD: "1234"
VERSION: "2.0.0-RC1"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: litmusportal-frontend
labels:
component: litmusportal-frontend
spec:
replicas: 1
selector:
matchLabels:
component: litmusportal-frontend
template:
metadata:
labels:
component: litmusportal-frontend
spec:
containers:
- name: litmusportal-frontend
image: litmuschaos/litmusportal-frontend:2.0.0-RC1
imagePullPolicy: Always
ports:
- containerPort: 8080
env:
- name: AGENT_SCOPE
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: AgentScope
---
apiVersion: v1
kind: Service
metadata:
name: litmusportal-frontend-service
spec:
type: NodePort
ports:
- name: http
port: 9091
targetPort: 8080
selector:
component: litmusportal-frontend
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: litmusportal-server
labels:
component: litmusportal-server
spec:
replicas: 1
selector:
matchLabels:
component: litmusportal-server
template:
metadata:
labels:
component: litmusportal-server
spec:
containers:
- name: graphql-server
image: litmuschaos/litmusportal-server:2.0.0-RC1
env:
- name: VERSION
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: VERSION
- name: DB_SERVER
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: DataBaseServer
- name: JWT_SECRET
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: JWTSecret
- name: LITMUS_PORTAL_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SELF_CLUSTER
value: "true"
- name: AGENT_SCOPE
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: AgentScope
- name: AGENT_NAMESPACE
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: AgentNamespace
- name: DB_USER
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: DB_USER
- name: DB_PASSWORD
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: DB_PASSWORD
- name: PORTAL_SCOPE
value: "namespace"
- name: AGENT_DEPLOYMENTS
value: "[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]"
- name: PORTAL_ENDPOINT
value: "http://litmusportal-server-service:9002"
- name: SUBSCRIBER_IMAGE
value: "litmuschaos/litmusportal-subscriber:2.0.0-RC1"
- name: EVENT_TRACKER_IMAGE
value: "litmuschaos/litmusportal-event-tracker:2.0.0-RC1"
- name: ARGO_WORKFLOW_CONTROLLER_IMAGE
value: "litmuschaos/workflow-controller:v2.11.0"
- name: ARGO_WORKFLOW_EXECUTOR_IMAGE
value: "litmuschaos/argoexec:v2.11.0"
- name: LITMUS_CHAOS_OPERATOR_IMAGE
value: "litmuschaos/chaos-operator:2.0.0-RC1"
- name: LITMUS_CHAOS_RUNNER_IMAGE
value: "litmuschaos/chaos-runner:2.0.0-RC1"
- name: LITMUS_CHAOS_EXPORTER_IMAGE
value: "litmuschaos/chaos-exporter:2.0.0-RC1"
- name: CONTAINER_RUNTIME_EXECUTOR
value: "k8sapi"
- name: HUB_BRANCH_NAME
value: "v2.0.x"
ports:
- containerPort: 8080
imagePullPolicy: Always
- name: auth-server
image: litmuschaos/litmusportal-auth-server:2.0.0-RC1
env:
- name: STRICT_PASSWORD_POLICY
value: "false"
- name: DB_SERVER
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: DataBaseServer
- name: JWT_SECRET
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: JWTSecret
- name: ADMIN_USERNAME
value: "admin"
- name: ADMIN_PASSWORD
value: "litmus"
- name: DB_USER
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: DB_USER
- name: DB_PASSWORD
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: DB_PASSWORD
ports:
- containerPort: 3000
imagePullPolicy: Always
serviceAccountName: litmus-server-account
---
apiVersion: v1
kind: Service
metadata:
name: litmusportal-server-service
spec:
type: NodePort
ports:
- name: graphql-server
port: 9002
targetPort: 8080
- name: auth-server
port: 9003
targetPort: 3000
selector:
component: litmusportal-server
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mongo
labels:
app: mongo
spec:
selector:
matchLabels:
component: database
serviceName: mongo
replicas: 1
template:
metadata:
labels:
component: database
spec:
containers:
- name: mongo
image: litmuschaos/mongo:4.2.8
ports:
- containerPort: 27017
imagePullPolicy: Always
volumeMounts:
- name: mongo-persistent-storage
mountPath: /data/db
env:
- name: MONGO_INITDB_ROOT_USERNAME
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: DB_USER
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
configMapKeyRef:
name: litmus-portal-admin-config
key: DB_PASSWORD
volumeClaimTemplates:
- metadata:
name: mongo-persistent-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: Service
metadata:
labels:
app: mongo
name: mongo-service
spec:
ports:
- port: 27017
targetPort: 27017
selector:
component: database