From 9e1d6f1410256d0f2e5c22cebd3e16fb18f96dc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hugo=20Ar=C3=A8s?= Date: Wed, 18 Dec 2024 11:42:18 -0500 Subject: [PATCH] Increase release quota in large tiers (#5184) Increase from 1024 to 4096 and generate the tiers for both staging and production. KFLUXSPRT-1038 Signed-off-by: Hugo Ares --- .../production/appstudio/kustomization.yaml | 1 + .../appstudio/nstemplatetier-appstudio.yaml | 2 +- ...-appstudio-tenant-234313038-234313038.yaml | 278 +++++++++++++++++ .../appstudiolarge/kustomization.yaml | 6 + .../nstemplatetier-appstudiolarge.yaml | 12 +- ...tudiolarge-admin-3738936794-849337768.yaml | 281 ++++++++++++++++++ ...clusterresources-3738936794-593233715.yaml | 88 ++++++ ...arge-contributor-3738936794-829105171.yaml | 181 +++++++++++ ...large-maintainer-3738936794-341231795.yaml | 202 +++++++++++++ ...udiolarge-tenant-3738936794-234313038.yaml | 278 +++++++++++++++++ ...diolarge-viewer-3738936794-4256863455.yaml | 180 +++++++++++ .../appstudioxlarge/kustomization.yaml | 6 + .../nstemplatetier-appstudioxlarge.yaml | 12 +- ...studioxlarge-admin-97963453-849337768.yaml | 281 ++++++++++++++++++ ...e-clusterresources-97963453-593233715.yaml | 88 ++++++ ...xlarge-contributor-97963453-829105171.yaml | 181 +++++++++++ ...oxlarge-maintainer-97963453-341231795.yaml | 202 +++++++++++++ ...tudioxlarge-tenant-97963453-234313038.yaml | 278 +++++++++++++++++ ...udioxlarge-viewer-97963453-4256863455.yaml | 180 +++++++++++ .../tiers/src/appstudio/ns_tenant.yaml | 4 +- .../src/appstudiolarge/based_on_tier.yaml | 2 + .../src/appstudioxlarge/based_on_tier.yaml | 2 + .../staging/appstudio/kustomization.yaml | 1 + .../appstudio/nstemplatetier-appstudio.yaml | 2 +- ...-appstudio-tenant-234313038-234313038.yaml | 278 +++++++++++++++++ .../staging/appstudiolarge/kustomization.yaml | 6 + .../nstemplatetier-appstudiolarge.yaml | 12 +- ...tudiolarge-admin-3738936794-849337768.yaml | 281 ++++++++++++++++++ ...clusterresources-3738936794-593233715.yaml | 88 ++++++ ...arge-contributor-3738936794-829105171.yaml | 181 +++++++++++ ...large-maintainer-3738936794-341231795.yaml | 202 +++++++++++++ ...udiolarge-tenant-3738936794-234313038.yaml | 278 +++++++++++++++++ ...diolarge-viewer-3738936794-4256863455.yaml | 180 +++++++++++ .../appstudioxlarge/kustomization.yaml | 6 + .../nstemplatetier-appstudioxlarge.yaml | 12 +- ...studioxlarge-admin-97963453-849337768.yaml | 281 ++++++++++++++++++ ...e-clusterresources-97963453-593233715.yaml | 88 ++++++ ...xlarge-contributor-97963453-829105171.yaml | 181 +++++++++++ ...oxlarge-maintainer-97963453-341231795.yaml | 202 +++++++++++++ ...tudioxlarge-tenant-97963453-234313038.yaml | 278 +++++++++++++++++ ...udioxlarge-viewer-97963453-4256863455.yaml | 180 +++++++++++ 41 files changed, 5455 insertions(+), 27 deletions(-) create mode 100644 components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-tenant-234313038-234313038.yaml create mode 100644 components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-admin-3738936794-849337768.yaml create mode 100644 components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-clusterresources-3738936794-593233715.yaml create mode 100644 components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-contributor-3738936794-829105171.yaml create mode 100644 components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-maintainer-3738936794-341231795.yaml create mode 100644 components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-tenant-3738936794-234313038.yaml create mode 100644 components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-viewer-3738936794-4256863455.yaml create mode 100644 components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-admin-97963453-849337768.yaml create mode 100644 components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-clusterresources-97963453-593233715.yaml create mode 100644 components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-97963453-829105171.yaml create mode 100644 components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-97963453-341231795.yaml create mode 100644 components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-tenant-97963453-234313038.yaml create mode 100644 components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-97963453-4256863455.yaml create mode 100644 components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-tenant-234313038-234313038.yaml create mode 100644 components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-admin-3738936794-849337768.yaml create mode 100644 components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-clusterresources-3738936794-593233715.yaml create mode 100644 components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-contributor-3738936794-829105171.yaml create mode 100644 components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-maintainer-3738936794-341231795.yaml create mode 100644 components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-tenant-3738936794-234313038.yaml create mode 100644 components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-viewer-3738936794-4256863455.yaml create mode 100644 components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-admin-97963453-849337768.yaml create mode 100644 components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-clusterresources-97963453-593233715.yaml create mode 100644 components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-97963453-829105171.yaml create mode 100644 components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-97963453-341231795.yaml create mode 100644 components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-tenant-97963453-234313038.yaml create mode 100644 components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-97963453-4256863455.yaml diff --git a/components/sandbox/tiers/production/appstudio/kustomization.yaml b/components/sandbox/tiers/production/appstudio/kustomization.yaml index 801168712f1..4bd2dee31da 100644 --- a/components/sandbox/tiers/production/appstudio/kustomization.yaml +++ b/components/sandbox/tiers/production/appstudio/kustomization.yaml @@ -22,6 +22,7 @@ resources: - tiertemplate-appstudio-tenant-199961605-199961605.yaml - tiertemplate-appstudio-tenant-2246724155-2246724155.yaml - tiertemplate-appstudio-tenant-2313893948-2313893948.yaml +- tiertemplate-appstudio-tenant-234313038-234313038.yaml - tiertemplate-appstudio-tenant-3815075241-3815075241.yaml - tiertemplate-appstudio-tenant-4121561789-4121561789.yaml - tiertemplate-appstudio-tenant-649666048-649666048.yaml diff --git a/components/sandbox/tiers/production/appstudio/nstemplatetier-appstudio.yaml b/components/sandbox/tiers/production/appstudio/nstemplatetier-appstudio.yaml index f502eeba8b8..55a8645ffc9 100644 --- a/components/sandbox/tiers/production/appstudio/nstemplatetier-appstudio.yaml +++ b/components/sandbox/tiers/production/appstudio/nstemplatetier-appstudio.yaml @@ -11,7 +11,7 @@ spec: clusterResources: templateRef: appstudio-clusterresources-593233715-593233715 namespaces: - - templateRef: appstudio-tenant-1361763024-1361763024 + - templateRef: appstudio-tenant-234313038-234313038 spaceRoles: admin: templateRef: appstudio-admin-849337768-849337768 diff --git a/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-tenant-234313038-234313038.yaml b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-tenant-234313038-234313038.yaml new file mode 100644 index 00000000000..fa5dc94b85d --- /dev/null +++ b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-tenant-234313038-234313038.yaml @@ -0,0 +1,278 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-tenant-234313038-234313038 + namespace: toolchain-host-operator +spec: + revision: 234313038-234313038 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: v1 + kind: Namespace + metadata: + annotations: + openshift.io/description: ${SPACE_NAME} + openshift.io/display-name: ${SPACE_NAME} + openshift.io/requester: ${SPACE_NAME} + labels: + appstudio.redhat.com/workspace_name: ${SPACE_NAME} + argocd.argoproj.io/managed-by: gitops-service-argocd + name: ${SPACE_NAME}-tenant + name: ${SPACE_NAME}-tenant + - apiVersion: appstudio.redhat.com/v1alpha1 + kind: Environment + metadata: + name: development + namespace: ${SPACE_NAME}-tenant + spec: + deploymentStrategy: AppStudioAutomated + displayName: Development + type: Non-POC + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: compute-build + namespace: ${SPACE_NAME}-tenant + spec: + hard: + limits.cpu: ${CPU_BUILD_LIMIT} + limits.memory: ${MEMORY_BUILD_LIMIT} + requests.cpu: ${CPU_BUILD_REQUEST} + requests.memory: ${MEMORY_BUILD_REQUEST} + scopes: + - Terminating + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: storage + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/persistentvolumeclaims: ${COUNT_PVC} + limits.ephemeral-storage: 50Gi + requests.ephemeral-storage: 50Gi + requests.storage: ${REQUEST_STORAGE} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: toolchain-crds + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/spacerequests.toolchain.dev.openshift.com: "32" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/applications.appstudio.redhat.com: ${COUNT_APPLICATION} + count/componentdetectionqueries.appstudio.redhat.com: "512" + count/components.appstudio.redhat.com: ${COUNT_COMPONENT} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-build + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/buildpipelineselectors.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-gitops + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/deploymenttargetclaims.appstudio.redhat.com: "32" + count/deploymenttargetclasses.appstudio.redhat.com: "32" + count/deploymenttargets.appstudio.redhat.com: "32" + count/environments.appstudio.redhat.com: "512" + count/promotionruns.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-integration + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/integrationtestscenarios.appstudio.redhat.com: "512" + count/snapshotenvironmentbindings.appstudio.redhat.com: "512" + count/snapshots.appstudio.redhat.com: ${COUNT_SNAPSHOT} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-release + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/internalrequests.appstudio.redhat.com: "4096" + count/releaseplanadmissions.appstudio.redhat.com: "512" + count/releaseplans.appstudio.redhat.com: "512" + count/releases.appstudio.redhat.com: ${COUNT_RELEASE} + count/releasestrategies.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-enterprisecontract + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/enterprisecontractpolicies.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: LimitRange + metadata: + name: resource-limits + namespace: ${SPACE_NAME}-tenant + spec: + limits: + - default: + cpu: 2000m + memory: 2Gi + defaultRequest: + cpu: 100m + memory: 256Mi + type: Container + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-same-namespace + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - podSelector: {} + podSelector: {} + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-ingress + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: ingress + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-monitoring + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: monitoring + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-codeready-workspaces-operator + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: codeready-workspaces + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-olm-namespaces + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + openshift.io/scc: anyuid + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-console-namespaces + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: console + podSelector: {} + policyTypes: + - Ingress + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: appstudio-pipeline + namespace: ${SPACE_NAME}-tenant + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-pipelines-runner-rolebinding + namespace: ${SPACE_NAME}-tenant + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: appstudio-pipelines-runner + subjects: + - kind: ServiceAccount + name: appstudio-pipeline + namespace: ${SPACE_NAME}-tenant + - apiVersion: v1 + data: {} + kind: ConfigMap + metadata: + labels: + config.openshift.io/inject-trusted-cabundle: "true" + name: trusted-ca + namespace: ${SPACE_NAME}-tenant + parameters: + - name: SPACE_NAME + required: true + - name: MEMORY_LIMIT + value: 32Gi + - name: MEMORY_REQUEST + value: 32Gi + - name: CPU_BUILD_LIMIT + value: "120" + - name: CPU_BUILD_REQUEST + value: "60" + - name: MEMORY_BUILD_LIMIT + value: 128Gi + - name: MEMORY_BUILD_REQUEST + value: 64Gi + - name: COUNT_PVC + value: "90" + - name: REQUEST_STORAGE + value: 200Gi + - name: COUNT_APPLICATION + value: "512" + - name: COUNT_COMPONENT + value: "512" + - name: COUNT_RELEASE + value: "1024" + - name: COUNT_SNAPSHOT + value: "1024" + tierName: appstudio + type: tenant diff --git a/components/sandbox/tiers/production/appstudiolarge/kustomization.yaml b/components/sandbox/tiers/production/appstudiolarge/kustomization.yaml index fa424065778..faa09297d00 100644 --- a/components/sandbox/tiers/production/appstudiolarge/kustomization.yaml +++ b/components/sandbox/tiers/production/appstudiolarge/kustomization.yaml @@ -12,12 +12,14 @@ resources: - tiertemplate-appstudiolarge-admin-1893065526-849337768.yaml - tiertemplate-appstudiolarge-admin-1929014883-1876853981.yaml - tiertemplate-appstudiolarge-admin-1929014883-849337768.yaml +- tiertemplate-appstudiolarge-admin-3738936794-849337768.yaml - tiertemplate-appstudiolarge-admin-3971529334-849337768.yaml - tiertemplate-appstudiolarge-admin-3994678728-849337768.yaml - tiertemplate-appstudiolarge-clusterresources-130270397-593233715.yaml - tiertemplate-appstudiolarge-clusterresources-1884308846-809836689.yaml - tiertemplate-appstudiolarge-clusterresources-1893065526-593233715.yaml - tiertemplate-appstudiolarge-clusterresources-1929014883-3180033938.yaml +- tiertemplate-appstudiolarge-clusterresources-3738936794-593233715.yaml - tiertemplate-appstudiolarge-clusterresources-3971529334-593233715.yaml - tiertemplate-appstudiolarge-clusterresources-3994678728-3180033938.yaml - tiertemplate-appstudiolarge-contributor-130270397-829105171.yaml @@ -25,6 +27,7 @@ resources: - tiertemplate-appstudiolarge-contributor-1893065526-829105171.yaml - tiertemplate-appstudiolarge-contributor-1929014883-1817914940.yaml - tiertemplate-appstudiolarge-contributor-1929014883-829105171.yaml +- tiertemplate-appstudiolarge-contributor-3738936794-829105171.yaml - tiertemplate-appstudiolarge-contributor-3971529334-829105171.yaml - tiertemplate-appstudiolarge-contributor-3994678728-829105171.yaml - tiertemplate-appstudiolarge-maintainer-130270397-474752551.yaml @@ -33,6 +36,7 @@ resources: - tiertemplate-appstudiolarge-maintainer-1893065526-474752551.yaml - tiertemplate-appstudiolarge-maintainer-1929014883-1904354742.yaml - tiertemplate-appstudiolarge-maintainer-1929014883-293087644.yaml +- tiertemplate-appstudiolarge-maintainer-3738936794-341231795.yaml - tiertemplate-appstudiolarge-maintainer-3971529334-474752551.yaml - tiertemplate-appstudiolarge-maintainer-3994678728-1904354742.yaml - tiertemplate-appstudiolarge-maintainer-3994678728-474752551.yaml @@ -42,6 +46,7 @@ resources: - tiertemplate-appstudiolarge-tenant-1893065526-1361763024.yaml - tiertemplate-appstudiolarge-tenant-1929014883-3815075241.yaml - tiertemplate-appstudiolarge-tenant-1929014883-649666048.yaml +- tiertemplate-appstudiolarge-tenant-3738936794-234313038.yaml - tiertemplate-appstudiolarge-tenant-3971529334-4121561789.yaml - tiertemplate-appstudiolarge-tenant-3994678728-4121561789.yaml - tiertemplate-appstudiolarge-tenant-3994678728-649666048.yaml @@ -50,5 +55,6 @@ resources: - tiertemplate-appstudiolarge-viewer-1893065526-4256863455.yaml - tiertemplate-appstudiolarge-viewer-1929014883-4059797645.yaml - tiertemplate-appstudiolarge-viewer-1929014883-4256863455.yaml +- tiertemplate-appstudiolarge-viewer-3738936794-4256863455.yaml - tiertemplate-appstudiolarge-viewer-3971529334-4256863455.yaml - tiertemplate-appstudiolarge-viewer-3994678728-4256863455.yaml diff --git a/components/sandbox/tiers/production/appstudiolarge/nstemplatetier-appstudiolarge.yaml b/components/sandbox/tiers/production/appstudiolarge/nstemplatetier-appstudiolarge.yaml index 406df1a88c6..57e31e41661 100644 --- a/components/sandbox/tiers/production/appstudiolarge/nstemplatetier-appstudiolarge.yaml +++ b/components/sandbox/tiers/production/appstudiolarge/nstemplatetier-appstudiolarge.yaml @@ -9,16 +9,16 @@ metadata: namespace: toolchain-host-operator spec: clusterResources: - templateRef: appstudiolarge-clusterresources-1893065526-593233715 + templateRef: appstudiolarge-clusterresources-3738936794-593233715 namespaces: - - templateRef: appstudiolarge-tenant-1893065526-1361763024 + - templateRef: appstudiolarge-tenant-3738936794-234313038 spaceRoles: admin: - templateRef: appstudiolarge-admin-1893065526-849337768 + templateRef: appstudiolarge-admin-3738936794-849337768 contributor: - templateRef: appstudiolarge-contributor-1893065526-829105171 + templateRef: appstudiolarge-contributor-3738936794-829105171 maintainer: - templateRef: appstudiolarge-maintainer-1893065526-341231795 + templateRef: appstudiolarge-maintainer-3738936794-341231795 viewer: - templateRef: appstudiolarge-viewer-1893065526-4256863455 + templateRef: appstudiolarge-viewer-3738936794-4256863455 status: {} diff --git a/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-admin-3738936794-849337768.yaml b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-admin-3738936794-849337768.yaml new file mode 100644 index 00000000000..52417a8fdb5 --- /dev/null +++ b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-admin-3738936794-849337768.yaml @@ -0,0 +1,281 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-admin-3738936794-849337768 + namespace: toolchain-host-operator +spec: + revision: 3738936794-849337768 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-admin-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - integrationtestscenarios + - releases + - releasestrategies + - releaseplans + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - appstudio-pipeline + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - external-secrets.io + resources: + - secretstores + - externalsecrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-admin-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-admin-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: admin diff --git a/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-clusterresources-3738936794-593233715.yaml b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-clusterresources-3738936794-593233715.yaml new file mode 100644 index 00000000000..0a20e1d01e2 --- /dev/null +++ b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-clusterresources-3738936794-593233715.yaml @@ -0,0 +1,88 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-clusterresources-3738936794-593233715 + namespace: toolchain-host-operator +spec: + revision: 3738936794-593233715 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: quota.openshift.io/v1 + kind: ClusterResourceQuota + metadata: + name: for-${SPACE_NAME}-jobs + spec: + quota: + hard: + count/cronjobs.batch: "30" + count/daemonsets.apps: "30" + count/jobs.batch: "30" + count/statefulsets.apps: "30" + selector: + annotations: null + labels: + matchLabels: + toolchain.dev.openshift.com/space: ${SPACE_NAME} + - apiVersion: quota.openshift.io/v1 + kind: ClusterResourceQuota + metadata: + name: for-${SPACE_NAME}-bc + spec: + quota: + hard: + count/buildconfigs.build.openshift.io: "30" + selector: + annotations: null + labels: + matchLabels: + toolchain.dev.openshift.com/space: ${SPACE_NAME} + - apiVersion: quota.openshift.io/v1 + kind: ClusterResourceQuota + metadata: + name: for-${SPACE_NAME}-secrets + spec: + quota: + hard: + count/secrets: ${{SECRET_QUOTA}} + selector: + annotations: null + labels: + matchLabels: + toolchain.dev.openshift.com/space: ${SPACE_NAME} + - apiVersion: quota.openshift.io/v1 + kind: ClusterResourceQuota + metadata: + name: for-${SPACE_NAME}-cm + spec: + quota: + hard: + count/configmaps: ${{CONFIGMAP_QUOTA}} + selector: + annotations: null + labels: + matchLabels: + toolchain.dev.openshift.com/space: ${SPACE_NAME} + - apiVersion: toolchain.dev.openshift.com/v1alpha1 + kind: Idler + metadata: + name: ${SPACE_NAME} + spec: + timeoutSeconds: ${{IDLER_TIMEOUT_SECONDS}} + parameters: + - name: SPACE_NAME + required: true + - name: IDLER_TIMEOUT_SECONDS + value: "0" + - name: CONFIGMAP_QUOTA + value: "300" + - name: SECRET_QUOTA + value: "3000" + tierName: appstudiolarge + type: clusterresources diff --git a/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-contributor-3738936794-829105171.yaml b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-contributor-3738936794-829105171.yaml new file mode 100644 index 00000000000..5d530b77e7b --- /dev/null +++ b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-contributor-3738936794-829105171.yaml @@ -0,0 +1,181 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-contributor-3738936794-829105171 + namespace: toolchain-host-operator +spec: + revision: 3738936794-829105171 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-contributor-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-contributor-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-contributor-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: contributor diff --git a/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-maintainer-3738936794-341231795.yaml b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-maintainer-3738936794-341231795.yaml new file mode 100644 index 00000000000..9780954d5d7 --- /dev/null +++ b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-maintainer-3738936794-341231795.yaml @@ -0,0 +1,202 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-maintainer-3738936794-341231795 + namespace: toolchain-host-operator +spec: + revision: 3738936794-341231795 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-maintainer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + - snapshots + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-maintainer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-maintainer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: maintainer diff --git a/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-tenant-3738936794-234313038.yaml b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-tenant-3738936794-234313038.yaml new file mode 100644 index 00000000000..2df81cc32b5 --- /dev/null +++ b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-tenant-3738936794-234313038.yaml @@ -0,0 +1,278 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-tenant-3738936794-234313038 + namespace: toolchain-host-operator +spec: + revision: 3738936794-234313038 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: v1 + kind: Namespace + metadata: + annotations: + openshift.io/description: ${SPACE_NAME} + openshift.io/display-name: ${SPACE_NAME} + openshift.io/requester: ${SPACE_NAME} + labels: + appstudio.redhat.com/workspace_name: ${SPACE_NAME} + argocd.argoproj.io/managed-by: gitops-service-argocd + name: ${SPACE_NAME}-tenant + name: ${SPACE_NAME}-tenant + - apiVersion: appstudio.redhat.com/v1alpha1 + kind: Environment + metadata: + name: development + namespace: ${SPACE_NAME}-tenant + spec: + deploymentStrategy: AppStudioAutomated + displayName: Development + type: Non-POC + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: compute-build + namespace: ${SPACE_NAME}-tenant + spec: + hard: + limits.cpu: ${CPU_BUILD_LIMIT} + limits.memory: ${MEMORY_BUILD_LIMIT} + requests.cpu: ${CPU_BUILD_REQUEST} + requests.memory: ${MEMORY_BUILD_REQUEST} + scopes: + - Terminating + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: storage + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/persistentvolumeclaims: ${COUNT_PVC} + limits.ephemeral-storage: 50Gi + requests.ephemeral-storage: 50Gi + requests.storage: ${REQUEST_STORAGE} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: toolchain-crds + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/spacerequests.toolchain.dev.openshift.com: "32" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/applications.appstudio.redhat.com: ${COUNT_APPLICATION} + count/componentdetectionqueries.appstudio.redhat.com: "512" + count/components.appstudio.redhat.com: ${COUNT_COMPONENT} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-build + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/buildpipelineselectors.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-gitops + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/deploymenttargetclaims.appstudio.redhat.com: "32" + count/deploymenttargetclasses.appstudio.redhat.com: "32" + count/deploymenttargets.appstudio.redhat.com: "32" + count/environments.appstudio.redhat.com: "512" + count/promotionruns.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-integration + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/integrationtestscenarios.appstudio.redhat.com: "512" + count/snapshotenvironmentbindings.appstudio.redhat.com: "512" + count/snapshots.appstudio.redhat.com: ${COUNT_SNAPSHOT} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-release + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/internalrequests.appstudio.redhat.com: "4096" + count/releaseplanadmissions.appstudio.redhat.com: "512" + count/releaseplans.appstudio.redhat.com: "512" + count/releases.appstudio.redhat.com: ${COUNT_RELEASE} + count/releasestrategies.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-enterprisecontract + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/enterprisecontractpolicies.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: LimitRange + metadata: + name: resource-limits + namespace: ${SPACE_NAME}-tenant + spec: + limits: + - default: + cpu: 2000m + memory: 2Gi + defaultRequest: + cpu: 100m + memory: 256Mi + type: Container + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-same-namespace + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - podSelector: {} + podSelector: {} + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-ingress + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: ingress + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-monitoring + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: monitoring + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-codeready-workspaces-operator + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: codeready-workspaces + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-olm-namespaces + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + openshift.io/scc: anyuid + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-console-namespaces + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: console + podSelector: {} + policyTypes: + - Ingress + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: appstudio-pipeline + namespace: ${SPACE_NAME}-tenant + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-pipelines-runner-rolebinding + namespace: ${SPACE_NAME}-tenant + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: appstudio-pipelines-runner + subjects: + - kind: ServiceAccount + name: appstudio-pipeline + namespace: ${SPACE_NAME}-tenant + - apiVersion: v1 + data: {} + kind: ConfigMap + metadata: + labels: + config.openshift.io/inject-trusted-cabundle: "true" + name: trusted-ca + namespace: ${SPACE_NAME}-tenant + parameters: + - name: SPACE_NAME + required: true + - name: MEMORY_LIMIT + value: 32Gi + - name: MEMORY_REQUEST + value: 32Gi + - name: CPU_BUILD_LIMIT + value: "480" + - name: CPU_BUILD_REQUEST + value: "240" + - name: MEMORY_BUILD_LIMIT + value: 512Gi + - name: MEMORY_BUILD_REQUEST + value: 256Gi + - name: COUNT_PVC + value: "360" + - name: REQUEST_STORAGE + value: 400Gi + - name: COUNT_APPLICATION + value: "2048" + - name: COUNT_COMPONENT + value: "2048" + - name: COUNT_RELEASE + value: "4096" + - name: COUNT_SNAPSHOT + value: "2048" + tierName: appstudiolarge + type: tenant diff --git a/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-viewer-3738936794-4256863455.yaml b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-viewer-3738936794-4256863455.yaml new file mode 100644 index 00000000000..e68e35cc8a7 --- /dev/null +++ b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-viewer-3738936794-4256863455.yaml @@ -0,0 +1,180 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-viewer-3738936794-4256863455 + namespace: toolchain-host-operator +spec: + revision: 3738936794-4256863455 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-viewer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-viewer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-viewer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: viewer diff --git a/components/sandbox/tiers/production/appstudioxlarge/kustomization.yaml b/components/sandbox/tiers/production/appstudioxlarge/kustomization.yaml index 5fd00104024..9e8f1b6520d 100644 --- a/components/sandbox/tiers/production/appstudioxlarge/kustomization.yaml +++ b/components/sandbox/tiers/production/appstudioxlarge/kustomization.yaml @@ -11,16 +11,19 @@ resources: - tiertemplate-appstudioxlarge-admin-2011494876-849337768.yaml - tiertemplate-appstudioxlarge-admin-409719430-849337768.yaml - tiertemplate-appstudioxlarge-admin-884010306-849337768.yaml +- tiertemplate-appstudioxlarge-admin-97963453-849337768.yaml - tiertemplate-appstudioxlarge-clusterresources-1579464439-593233715.yaml - tiertemplate-appstudioxlarge-clusterresources-1655178728-593233715.yaml - tiertemplate-appstudioxlarge-clusterresources-2011494876-593233715.yaml - tiertemplate-appstudioxlarge-clusterresources-409719430-593233715.yaml - tiertemplate-appstudioxlarge-clusterresources-884010306-3180033938.yaml +- tiertemplate-appstudioxlarge-clusterresources-97963453-593233715.yaml - tiertemplate-appstudioxlarge-contributor-1579464439-829105171.yaml - tiertemplate-appstudioxlarge-contributor-1655178728-829105171.yaml - tiertemplate-appstudioxlarge-contributor-2011494876-829105171.yaml - tiertemplate-appstudioxlarge-contributor-409719430-829105171.yaml - tiertemplate-appstudioxlarge-contributor-884010306-829105171.yaml +- tiertemplate-appstudioxlarge-contributor-97963453-829105171.yaml - tiertemplate-appstudioxlarge-maintainer-1579464439-474752551.yaml - tiertemplate-appstudioxlarge-maintainer-1655178728-474752551.yaml - tiertemplate-appstudioxlarge-maintainer-2011494876-341231795.yaml @@ -28,14 +31,17 @@ resources: - tiertemplate-appstudioxlarge-maintainer-409719430-474752551.yaml - tiertemplate-appstudioxlarge-maintainer-884010306-1904354742.yaml - tiertemplate-appstudioxlarge-maintainer-884010306-474752551.yaml +- tiertemplate-appstudioxlarge-maintainer-97963453-341231795.yaml - tiertemplate-appstudioxlarge-tenant-1579464439-2246724155.yaml - tiertemplate-appstudioxlarge-tenant-1655178728-4121561789.yaml - tiertemplate-appstudioxlarge-tenant-2011494876-1361763024.yaml - tiertemplate-appstudioxlarge-tenant-409719430-4121561789.yaml - tiertemplate-appstudioxlarge-tenant-884010306-4121561789.yaml - tiertemplate-appstudioxlarge-tenant-884010306-649666048.yaml +- tiertemplate-appstudioxlarge-tenant-97963453-234313038.yaml - tiertemplate-appstudioxlarge-viewer-1579464439-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-1655178728-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-2011494876-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-409719430-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-884010306-4256863455.yaml +- tiertemplate-appstudioxlarge-viewer-97963453-4256863455.yaml diff --git a/components/sandbox/tiers/production/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml b/components/sandbox/tiers/production/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml index e41bf234641..4af015bae32 100644 --- a/components/sandbox/tiers/production/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml +++ b/components/sandbox/tiers/production/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml @@ -9,16 +9,16 @@ metadata: namespace: toolchain-host-operator spec: clusterResources: - templateRef: appstudioxlarge-clusterresources-2011494876-593233715 + templateRef: appstudioxlarge-clusterresources-97963453-593233715 namespaces: - - templateRef: appstudioxlarge-tenant-2011494876-1361763024 + - templateRef: appstudioxlarge-tenant-97963453-234313038 spaceRoles: admin: - templateRef: appstudioxlarge-admin-2011494876-849337768 + templateRef: appstudioxlarge-admin-97963453-849337768 contributor: - templateRef: appstudioxlarge-contributor-2011494876-829105171 + templateRef: appstudioxlarge-contributor-97963453-829105171 maintainer: - templateRef: appstudioxlarge-maintainer-2011494876-341231795 + templateRef: appstudioxlarge-maintainer-97963453-341231795 viewer: - templateRef: appstudioxlarge-viewer-2011494876-4256863455 + templateRef: appstudioxlarge-viewer-97963453-4256863455 status: {} diff --git a/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-admin-97963453-849337768.yaml b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-admin-97963453-849337768.yaml new file mode 100644 index 00000000000..60187e78d0b --- /dev/null +++ b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-admin-97963453-849337768.yaml @@ -0,0 +1,281 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-admin-97963453-849337768 + namespace: toolchain-host-operator +spec: + revision: 97963453-849337768 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-admin-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - integrationtestscenarios + - releases + - releasestrategies + - releaseplans + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - appstudio-pipeline + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - external-secrets.io + resources: + - secretstores + - externalsecrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-admin-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-admin-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: admin diff --git a/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-clusterresources-97963453-593233715.yaml b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-clusterresources-97963453-593233715.yaml new file mode 100644 index 00000000000..1d2efff5641 --- /dev/null +++ b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-clusterresources-97963453-593233715.yaml @@ -0,0 +1,88 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-clusterresources-97963453-593233715 + namespace: toolchain-host-operator +spec: + revision: 97963453-593233715 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: quota.openshift.io/v1 + kind: ClusterResourceQuota + metadata: + name: for-${SPACE_NAME}-jobs + spec: + quota: + hard: + count/cronjobs.batch: "30" + count/daemonsets.apps: "30" + count/jobs.batch: "30" + count/statefulsets.apps: "30" + selector: + annotations: null + labels: + matchLabels: + toolchain.dev.openshift.com/space: ${SPACE_NAME} + - apiVersion: quota.openshift.io/v1 + kind: ClusterResourceQuota + metadata: + name: for-${SPACE_NAME}-bc + spec: + quota: + hard: + count/buildconfigs.build.openshift.io: "30" + selector: + annotations: null + labels: + matchLabels: + toolchain.dev.openshift.com/space: ${SPACE_NAME} + - apiVersion: quota.openshift.io/v1 + kind: ClusterResourceQuota + metadata: + name: for-${SPACE_NAME}-secrets + spec: + quota: + hard: + count/secrets: ${{SECRET_QUOTA}} + selector: + annotations: null + labels: + matchLabels: + toolchain.dev.openshift.com/space: ${SPACE_NAME} + - apiVersion: quota.openshift.io/v1 + kind: ClusterResourceQuota + metadata: + name: for-${SPACE_NAME}-cm + spec: + quota: + hard: + count/configmaps: ${{CONFIGMAP_QUOTA}} + selector: + annotations: null + labels: + matchLabels: + toolchain.dev.openshift.com/space: ${SPACE_NAME} + - apiVersion: toolchain.dev.openshift.com/v1alpha1 + kind: Idler + metadata: + name: ${SPACE_NAME} + spec: + timeoutSeconds: ${{IDLER_TIMEOUT_SECONDS}} + parameters: + - name: SPACE_NAME + required: true + - name: IDLER_TIMEOUT_SECONDS + value: "0" + - name: CONFIGMAP_QUOTA + value: "300" + - name: SECRET_QUOTA + value: "3000" + tierName: appstudioxlarge + type: clusterresources diff --git a/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-97963453-829105171.yaml b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-97963453-829105171.yaml new file mode 100644 index 00000000000..5a068916e62 --- /dev/null +++ b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-97963453-829105171.yaml @@ -0,0 +1,181 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-contributor-97963453-829105171 + namespace: toolchain-host-operator +spec: + revision: 97963453-829105171 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-contributor-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-contributor-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-contributor-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: contributor diff --git a/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-97963453-341231795.yaml b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-97963453-341231795.yaml new file mode 100644 index 00000000000..12bbf7c15d0 --- /dev/null +++ b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-97963453-341231795.yaml @@ -0,0 +1,202 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-maintainer-97963453-341231795 + namespace: toolchain-host-operator +spec: + revision: 97963453-341231795 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-maintainer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + - snapshots + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-maintainer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-maintainer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: maintainer diff --git a/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-tenant-97963453-234313038.yaml b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-tenant-97963453-234313038.yaml new file mode 100644 index 00000000000..756f0946a6d --- /dev/null +++ b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-tenant-97963453-234313038.yaml @@ -0,0 +1,278 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-tenant-97963453-234313038 + namespace: toolchain-host-operator +spec: + revision: 97963453-234313038 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: v1 + kind: Namespace + metadata: + annotations: + openshift.io/description: ${SPACE_NAME} + openshift.io/display-name: ${SPACE_NAME} + openshift.io/requester: ${SPACE_NAME} + labels: + appstudio.redhat.com/workspace_name: ${SPACE_NAME} + argocd.argoproj.io/managed-by: gitops-service-argocd + name: ${SPACE_NAME}-tenant + name: ${SPACE_NAME}-tenant + - apiVersion: appstudio.redhat.com/v1alpha1 + kind: Environment + metadata: + name: development + namespace: ${SPACE_NAME}-tenant + spec: + deploymentStrategy: AppStudioAutomated + displayName: Development + type: Non-POC + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: compute-build + namespace: ${SPACE_NAME}-tenant + spec: + hard: + limits.cpu: ${CPU_BUILD_LIMIT} + limits.memory: ${MEMORY_BUILD_LIMIT} + requests.cpu: ${CPU_BUILD_REQUEST} + requests.memory: ${MEMORY_BUILD_REQUEST} + scopes: + - Terminating + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: storage + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/persistentvolumeclaims: ${COUNT_PVC} + limits.ephemeral-storage: 50Gi + requests.ephemeral-storage: 50Gi + requests.storage: ${REQUEST_STORAGE} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: toolchain-crds + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/spacerequests.toolchain.dev.openshift.com: "32" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/applications.appstudio.redhat.com: ${COUNT_APPLICATION} + count/componentdetectionqueries.appstudio.redhat.com: "512" + count/components.appstudio.redhat.com: ${COUNT_COMPONENT} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-build + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/buildpipelineselectors.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-gitops + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/deploymenttargetclaims.appstudio.redhat.com: "32" + count/deploymenttargetclasses.appstudio.redhat.com: "32" + count/deploymenttargets.appstudio.redhat.com: "32" + count/environments.appstudio.redhat.com: "512" + count/promotionruns.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-integration + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/integrationtestscenarios.appstudio.redhat.com: "512" + count/snapshotenvironmentbindings.appstudio.redhat.com: "512" + count/snapshots.appstudio.redhat.com: ${COUNT_SNAPSHOT} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-release + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/internalrequests.appstudio.redhat.com: "4096" + count/releaseplanadmissions.appstudio.redhat.com: "512" + count/releaseplans.appstudio.redhat.com: "512" + count/releases.appstudio.redhat.com: ${COUNT_RELEASE} + count/releasestrategies.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-enterprisecontract + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/enterprisecontractpolicies.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: LimitRange + metadata: + name: resource-limits + namespace: ${SPACE_NAME}-tenant + spec: + limits: + - default: + cpu: 2000m + memory: 2Gi + defaultRequest: + cpu: 100m + memory: 256Mi + type: Container + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-same-namespace + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - podSelector: {} + podSelector: {} + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-ingress + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: ingress + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-monitoring + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: monitoring + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-codeready-workspaces-operator + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: codeready-workspaces + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-olm-namespaces + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + openshift.io/scc: anyuid + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-console-namespaces + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: console + podSelector: {} + policyTypes: + - Ingress + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: appstudio-pipeline + namespace: ${SPACE_NAME}-tenant + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-pipelines-runner-rolebinding + namespace: ${SPACE_NAME}-tenant + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: appstudio-pipelines-runner + subjects: + - kind: ServiceAccount + name: appstudio-pipeline + namespace: ${SPACE_NAME}-tenant + - apiVersion: v1 + data: {} + kind: ConfigMap + metadata: + labels: + config.openshift.io/inject-trusted-cabundle: "true" + name: trusted-ca + namespace: ${SPACE_NAME}-tenant + parameters: + - name: SPACE_NAME + required: true + - name: MEMORY_LIMIT + value: 32Gi + - name: MEMORY_REQUEST + value: 32Gi + - name: CPU_BUILD_LIMIT + value: 4k + - name: CPU_BUILD_REQUEST + value: 2k + - name: MEMORY_BUILD_LIMIT + value: 8Ti + - name: MEMORY_BUILD_REQUEST + value: 4Ti + - name: COUNT_PVC + value: "360" + - name: REQUEST_STORAGE + value: 400Gi + - name: COUNT_APPLICATION + value: "2048" + - name: COUNT_COMPONENT + value: "2048" + - name: COUNT_RELEASE + value: "4096" + - name: COUNT_SNAPSHOT + value: "2048" + tierName: appstudioxlarge + type: tenant diff --git a/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-97963453-4256863455.yaml b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-97963453-4256863455.yaml new file mode 100644 index 00000000000..86abb75d99d --- /dev/null +++ b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-97963453-4256863455.yaml @@ -0,0 +1,180 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-viewer-97963453-4256863455 + namespace: toolchain-host-operator +spec: + revision: 97963453-4256863455 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-viewer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-viewer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-viewer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: viewer diff --git a/components/sandbox/tiers/src/appstudio/ns_tenant.yaml b/components/sandbox/tiers/src/appstudio/ns_tenant.yaml index 1e38e948170..613bad82450 100644 --- a/components/sandbox/tiers/src/appstudio/ns_tenant.yaml +++ b/components/sandbox/tiers/src/appstudio/ns_tenant.yaml @@ -109,7 +109,7 @@ objects: hard: count/releaseplanadmissions.appstudio.redhat.com: "512" count/releaseplans.appstudio.redhat.com: "512" - count/releases.appstudio.redhat.com: "1024" + count/releases.appstudio.redhat.com: "${COUNT_RELEASE}" count/releasestrategies.appstudio.redhat.com: "512" count/internalrequests.appstudio.redhat.com: "4096" - apiVersion: v1 @@ -266,5 +266,7 @@ parameters: value: "512" - name: COUNT_COMPONENT value: "512" +- name: COUNT_RELEASE + value: "1024" - name: COUNT_SNAPSHOT value: "1024" diff --git a/components/sandbox/tiers/src/appstudiolarge/based_on_tier.yaml b/components/sandbox/tiers/src/appstudiolarge/based_on_tier.yaml index cfe7f0f3cf3..0a1be9e1c52 100644 --- a/components/sandbox/tiers/src/appstudiolarge/based_on_tier.yaml +++ b/components/sandbox/tiers/src/appstudiolarge/based_on_tier.yaml @@ -20,5 +20,7 @@ parameters: value: "2048" - name: COUNT_COMPONENT value: "2048" +- name: COUNT_RELEASE + value: "4096" - name: COUNT_SNAPSHOT value: "2048" diff --git a/components/sandbox/tiers/src/appstudioxlarge/based_on_tier.yaml b/components/sandbox/tiers/src/appstudioxlarge/based_on_tier.yaml index c047216ff84..e2ea449818a 100644 --- a/components/sandbox/tiers/src/appstudioxlarge/based_on_tier.yaml +++ b/components/sandbox/tiers/src/appstudioxlarge/based_on_tier.yaml @@ -20,5 +20,7 @@ parameters: value: "2048" - name: COUNT_COMPONENT value: "2048" +- name: COUNT_RELEASE + value: "4096" - name: COUNT_SNAPSHOT value: "2048" diff --git a/components/sandbox/tiers/staging/appstudio/kustomization.yaml b/components/sandbox/tiers/staging/appstudio/kustomization.yaml index 801168712f1..4bd2dee31da 100644 --- a/components/sandbox/tiers/staging/appstudio/kustomization.yaml +++ b/components/sandbox/tiers/staging/appstudio/kustomization.yaml @@ -22,6 +22,7 @@ resources: - tiertemplate-appstudio-tenant-199961605-199961605.yaml - tiertemplate-appstudio-tenant-2246724155-2246724155.yaml - tiertemplate-appstudio-tenant-2313893948-2313893948.yaml +- tiertemplate-appstudio-tenant-234313038-234313038.yaml - tiertemplate-appstudio-tenant-3815075241-3815075241.yaml - tiertemplate-appstudio-tenant-4121561789-4121561789.yaml - tiertemplate-appstudio-tenant-649666048-649666048.yaml diff --git a/components/sandbox/tiers/staging/appstudio/nstemplatetier-appstudio.yaml b/components/sandbox/tiers/staging/appstudio/nstemplatetier-appstudio.yaml index f502eeba8b8..55a8645ffc9 100644 --- a/components/sandbox/tiers/staging/appstudio/nstemplatetier-appstudio.yaml +++ b/components/sandbox/tiers/staging/appstudio/nstemplatetier-appstudio.yaml @@ -11,7 +11,7 @@ spec: clusterResources: templateRef: appstudio-clusterresources-593233715-593233715 namespaces: - - templateRef: appstudio-tenant-1361763024-1361763024 + - templateRef: appstudio-tenant-234313038-234313038 spaceRoles: admin: templateRef: appstudio-admin-849337768-849337768 diff --git a/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-tenant-234313038-234313038.yaml b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-tenant-234313038-234313038.yaml new file mode 100644 index 00000000000..fa5dc94b85d --- /dev/null +++ b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-tenant-234313038-234313038.yaml @@ -0,0 +1,278 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-tenant-234313038-234313038 + namespace: toolchain-host-operator +spec: + revision: 234313038-234313038 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: v1 + kind: Namespace + metadata: + annotations: + openshift.io/description: ${SPACE_NAME} + openshift.io/display-name: ${SPACE_NAME} + openshift.io/requester: ${SPACE_NAME} + labels: + appstudio.redhat.com/workspace_name: ${SPACE_NAME} + argocd.argoproj.io/managed-by: gitops-service-argocd + name: ${SPACE_NAME}-tenant + name: ${SPACE_NAME}-tenant + - apiVersion: appstudio.redhat.com/v1alpha1 + kind: Environment + metadata: + name: development + namespace: ${SPACE_NAME}-tenant + spec: + deploymentStrategy: AppStudioAutomated + displayName: Development + type: Non-POC + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: compute-build + namespace: ${SPACE_NAME}-tenant + spec: + hard: + limits.cpu: ${CPU_BUILD_LIMIT} + limits.memory: ${MEMORY_BUILD_LIMIT} + requests.cpu: ${CPU_BUILD_REQUEST} + requests.memory: ${MEMORY_BUILD_REQUEST} + scopes: + - Terminating + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: storage + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/persistentvolumeclaims: ${COUNT_PVC} + limits.ephemeral-storage: 50Gi + requests.ephemeral-storage: 50Gi + requests.storage: ${REQUEST_STORAGE} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: toolchain-crds + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/spacerequests.toolchain.dev.openshift.com: "32" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/applications.appstudio.redhat.com: ${COUNT_APPLICATION} + count/componentdetectionqueries.appstudio.redhat.com: "512" + count/components.appstudio.redhat.com: ${COUNT_COMPONENT} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-build + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/buildpipelineselectors.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-gitops + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/deploymenttargetclaims.appstudio.redhat.com: "32" + count/deploymenttargetclasses.appstudio.redhat.com: "32" + count/deploymenttargets.appstudio.redhat.com: "32" + count/environments.appstudio.redhat.com: "512" + count/promotionruns.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-integration + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/integrationtestscenarios.appstudio.redhat.com: "512" + count/snapshotenvironmentbindings.appstudio.redhat.com: "512" + count/snapshots.appstudio.redhat.com: ${COUNT_SNAPSHOT} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-release + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/internalrequests.appstudio.redhat.com: "4096" + count/releaseplanadmissions.appstudio.redhat.com: "512" + count/releaseplans.appstudio.redhat.com: "512" + count/releases.appstudio.redhat.com: ${COUNT_RELEASE} + count/releasestrategies.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-enterprisecontract + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/enterprisecontractpolicies.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: LimitRange + metadata: + name: resource-limits + namespace: ${SPACE_NAME}-tenant + spec: + limits: + - default: + cpu: 2000m + memory: 2Gi + defaultRequest: + cpu: 100m + memory: 256Mi + type: Container + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-same-namespace + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - podSelector: {} + podSelector: {} + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-ingress + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: ingress + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-monitoring + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: monitoring + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-codeready-workspaces-operator + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: codeready-workspaces + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-olm-namespaces + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + openshift.io/scc: anyuid + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-console-namespaces + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: console + podSelector: {} + policyTypes: + - Ingress + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: appstudio-pipeline + namespace: ${SPACE_NAME}-tenant + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-pipelines-runner-rolebinding + namespace: ${SPACE_NAME}-tenant + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: appstudio-pipelines-runner + subjects: + - kind: ServiceAccount + name: appstudio-pipeline + namespace: ${SPACE_NAME}-tenant + - apiVersion: v1 + data: {} + kind: ConfigMap + metadata: + labels: + config.openshift.io/inject-trusted-cabundle: "true" + name: trusted-ca + namespace: ${SPACE_NAME}-tenant + parameters: + - name: SPACE_NAME + required: true + - name: MEMORY_LIMIT + value: 32Gi + - name: MEMORY_REQUEST + value: 32Gi + - name: CPU_BUILD_LIMIT + value: "120" + - name: CPU_BUILD_REQUEST + value: "60" + - name: MEMORY_BUILD_LIMIT + value: 128Gi + - name: MEMORY_BUILD_REQUEST + value: 64Gi + - name: COUNT_PVC + value: "90" + - name: REQUEST_STORAGE + value: 200Gi + - name: COUNT_APPLICATION + value: "512" + - name: COUNT_COMPONENT + value: "512" + - name: COUNT_RELEASE + value: "1024" + - name: COUNT_SNAPSHOT + value: "1024" + tierName: appstudio + type: tenant diff --git a/components/sandbox/tiers/staging/appstudiolarge/kustomization.yaml b/components/sandbox/tiers/staging/appstudiolarge/kustomization.yaml index 0d20728d9a0..76c05e142ac 100644 --- a/components/sandbox/tiers/staging/appstudiolarge/kustomization.yaml +++ b/components/sandbox/tiers/staging/appstudiolarge/kustomization.yaml @@ -12,12 +12,14 @@ resources: - tiertemplate-appstudiolarge-admin-1893065526-849337768.yaml - tiertemplate-appstudiolarge-admin-1929014883-1876853981.yaml - tiertemplate-appstudiolarge-admin-1929014883-849337768.yaml +- tiertemplate-appstudiolarge-admin-3738936794-849337768.yaml - tiertemplate-appstudiolarge-admin-3971529334-849337768.yaml - tiertemplate-appstudiolarge-admin-3994678728-849337768.yaml - tiertemplate-appstudiolarge-clusterresources-130270397-593233715.yaml - tiertemplate-appstudiolarge-clusterresources-1884308846-809836689.yaml - tiertemplate-appstudiolarge-clusterresources-1893065526-593233715.yaml - tiertemplate-appstudiolarge-clusterresources-1929014883-3180033938.yaml +- tiertemplate-appstudiolarge-clusterresources-3738936794-593233715.yaml - tiertemplate-appstudiolarge-clusterresources-3971529334-593233715.yaml - tiertemplate-appstudiolarge-clusterresources-3994678728-3180033938.yaml - tiertemplate-appstudiolarge-contributor-130270397-829105171.yaml @@ -25,6 +27,7 @@ resources: - tiertemplate-appstudiolarge-contributor-1893065526-829105171.yaml - tiertemplate-appstudiolarge-contributor-1929014883-1817914940.yaml - tiertemplate-appstudiolarge-contributor-1929014883-829105171.yaml +- tiertemplate-appstudiolarge-contributor-3738936794-829105171.yaml - tiertemplate-appstudiolarge-contributor-3971529334-829105171.yaml - tiertemplate-appstudiolarge-contributor-3994678728-829105171.yaml - tiertemplate-appstudiolarge-maintainer-130270397-474752551.yaml @@ -33,6 +36,7 @@ resources: - tiertemplate-appstudiolarge-maintainer-1893065526-474752551.yaml - tiertemplate-appstudiolarge-maintainer-1929014883-1904354742.yaml - tiertemplate-appstudiolarge-maintainer-1929014883-293087644.yaml +- tiertemplate-appstudiolarge-maintainer-3738936794-341231795.yaml - tiertemplate-appstudiolarge-maintainer-3971529334-474752551.yaml - tiertemplate-appstudiolarge-maintainer-3994678728-1904354742.yaml - tiertemplate-appstudiolarge-maintainer-3994678728-474752551.yaml @@ -43,6 +47,7 @@ resources: - tiertemplate-appstudiolarge-tenant-1929014883-2313893948.yaml - tiertemplate-appstudiolarge-tenant-1929014883-3815075241.yaml - tiertemplate-appstudiolarge-tenant-1929014883-649666048.yaml +- tiertemplate-appstudiolarge-tenant-3738936794-234313038.yaml - tiertemplate-appstudiolarge-tenant-3971529334-4121561789.yaml - tiertemplate-appstudiolarge-tenant-3994678728-4121561789.yaml - tiertemplate-appstudiolarge-tenant-3994678728-649666048.yaml @@ -51,5 +56,6 @@ resources: - tiertemplate-appstudiolarge-viewer-1893065526-4256863455.yaml - tiertemplate-appstudiolarge-viewer-1929014883-4059797645.yaml - tiertemplate-appstudiolarge-viewer-1929014883-4256863455.yaml +- tiertemplate-appstudiolarge-viewer-3738936794-4256863455.yaml - tiertemplate-appstudiolarge-viewer-3971529334-4256863455.yaml - tiertemplate-appstudiolarge-viewer-3994678728-4256863455.yaml diff --git a/components/sandbox/tiers/staging/appstudiolarge/nstemplatetier-appstudiolarge.yaml b/components/sandbox/tiers/staging/appstudiolarge/nstemplatetier-appstudiolarge.yaml index 406df1a88c6..57e31e41661 100644 --- a/components/sandbox/tiers/staging/appstudiolarge/nstemplatetier-appstudiolarge.yaml +++ b/components/sandbox/tiers/staging/appstudiolarge/nstemplatetier-appstudiolarge.yaml @@ -9,16 +9,16 @@ metadata: namespace: toolchain-host-operator spec: clusterResources: - templateRef: appstudiolarge-clusterresources-1893065526-593233715 + templateRef: appstudiolarge-clusterresources-3738936794-593233715 namespaces: - - templateRef: appstudiolarge-tenant-1893065526-1361763024 + - templateRef: appstudiolarge-tenant-3738936794-234313038 spaceRoles: admin: - templateRef: appstudiolarge-admin-1893065526-849337768 + templateRef: appstudiolarge-admin-3738936794-849337768 contributor: - templateRef: appstudiolarge-contributor-1893065526-829105171 + templateRef: appstudiolarge-contributor-3738936794-829105171 maintainer: - templateRef: appstudiolarge-maintainer-1893065526-341231795 + templateRef: appstudiolarge-maintainer-3738936794-341231795 viewer: - templateRef: appstudiolarge-viewer-1893065526-4256863455 + templateRef: appstudiolarge-viewer-3738936794-4256863455 status: {} diff --git a/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-admin-3738936794-849337768.yaml b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-admin-3738936794-849337768.yaml new file mode 100644 index 00000000000..52417a8fdb5 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-admin-3738936794-849337768.yaml @@ -0,0 +1,281 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-admin-3738936794-849337768 + namespace: toolchain-host-operator +spec: + revision: 3738936794-849337768 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-admin-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - integrationtestscenarios + - releases + - releasestrategies + - releaseplans + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - appstudio-pipeline + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - external-secrets.io + resources: + - secretstores + - externalsecrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-admin-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-admin-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: admin diff --git a/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-clusterresources-3738936794-593233715.yaml b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-clusterresources-3738936794-593233715.yaml new file mode 100644 index 00000000000..0a20e1d01e2 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-clusterresources-3738936794-593233715.yaml @@ -0,0 +1,88 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-clusterresources-3738936794-593233715 + namespace: toolchain-host-operator +spec: + revision: 3738936794-593233715 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: quota.openshift.io/v1 + kind: ClusterResourceQuota + metadata: + name: for-${SPACE_NAME}-jobs + spec: + quota: + hard: + count/cronjobs.batch: "30" + count/daemonsets.apps: "30" + count/jobs.batch: "30" + count/statefulsets.apps: "30" + selector: + annotations: null + labels: + matchLabels: + toolchain.dev.openshift.com/space: ${SPACE_NAME} + - apiVersion: quota.openshift.io/v1 + kind: ClusterResourceQuota + metadata: + name: for-${SPACE_NAME}-bc + spec: + quota: + hard: + count/buildconfigs.build.openshift.io: "30" + selector: + annotations: null + labels: + matchLabels: + toolchain.dev.openshift.com/space: ${SPACE_NAME} + - apiVersion: quota.openshift.io/v1 + kind: ClusterResourceQuota + metadata: + name: for-${SPACE_NAME}-secrets + spec: + quota: + hard: + count/secrets: ${{SECRET_QUOTA}} + selector: + annotations: null + labels: + matchLabels: + toolchain.dev.openshift.com/space: ${SPACE_NAME} + - apiVersion: quota.openshift.io/v1 + kind: ClusterResourceQuota + metadata: + name: for-${SPACE_NAME}-cm + spec: + quota: + hard: + count/configmaps: ${{CONFIGMAP_QUOTA}} + selector: + annotations: null + labels: + matchLabels: + toolchain.dev.openshift.com/space: ${SPACE_NAME} + - apiVersion: toolchain.dev.openshift.com/v1alpha1 + kind: Idler + metadata: + name: ${SPACE_NAME} + spec: + timeoutSeconds: ${{IDLER_TIMEOUT_SECONDS}} + parameters: + - name: SPACE_NAME + required: true + - name: IDLER_TIMEOUT_SECONDS + value: "0" + - name: CONFIGMAP_QUOTA + value: "300" + - name: SECRET_QUOTA + value: "3000" + tierName: appstudiolarge + type: clusterresources diff --git a/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-contributor-3738936794-829105171.yaml b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-contributor-3738936794-829105171.yaml new file mode 100644 index 00000000000..5d530b77e7b --- /dev/null +++ b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-contributor-3738936794-829105171.yaml @@ -0,0 +1,181 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-contributor-3738936794-829105171 + namespace: toolchain-host-operator +spec: + revision: 3738936794-829105171 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-contributor-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-contributor-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-contributor-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: contributor diff --git a/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-maintainer-3738936794-341231795.yaml b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-maintainer-3738936794-341231795.yaml new file mode 100644 index 00000000000..9780954d5d7 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-maintainer-3738936794-341231795.yaml @@ -0,0 +1,202 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-maintainer-3738936794-341231795 + namespace: toolchain-host-operator +spec: + revision: 3738936794-341231795 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-maintainer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + - snapshots + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-maintainer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-maintainer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: maintainer diff --git a/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-tenant-3738936794-234313038.yaml b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-tenant-3738936794-234313038.yaml new file mode 100644 index 00000000000..2df81cc32b5 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-tenant-3738936794-234313038.yaml @@ -0,0 +1,278 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-tenant-3738936794-234313038 + namespace: toolchain-host-operator +spec: + revision: 3738936794-234313038 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: v1 + kind: Namespace + metadata: + annotations: + openshift.io/description: ${SPACE_NAME} + openshift.io/display-name: ${SPACE_NAME} + openshift.io/requester: ${SPACE_NAME} + labels: + appstudio.redhat.com/workspace_name: ${SPACE_NAME} + argocd.argoproj.io/managed-by: gitops-service-argocd + name: ${SPACE_NAME}-tenant + name: ${SPACE_NAME}-tenant + - apiVersion: appstudio.redhat.com/v1alpha1 + kind: Environment + metadata: + name: development + namespace: ${SPACE_NAME}-tenant + spec: + deploymentStrategy: AppStudioAutomated + displayName: Development + type: Non-POC + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: compute-build + namespace: ${SPACE_NAME}-tenant + spec: + hard: + limits.cpu: ${CPU_BUILD_LIMIT} + limits.memory: ${MEMORY_BUILD_LIMIT} + requests.cpu: ${CPU_BUILD_REQUEST} + requests.memory: ${MEMORY_BUILD_REQUEST} + scopes: + - Terminating + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: storage + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/persistentvolumeclaims: ${COUNT_PVC} + limits.ephemeral-storage: 50Gi + requests.ephemeral-storage: 50Gi + requests.storage: ${REQUEST_STORAGE} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: toolchain-crds + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/spacerequests.toolchain.dev.openshift.com: "32" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/applications.appstudio.redhat.com: ${COUNT_APPLICATION} + count/componentdetectionqueries.appstudio.redhat.com: "512" + count/components.appstudio.redhat.com: ${COUNT_COMPONENT} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-build + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/buildpipelineselectors.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-gitops + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/deploymenttargetclaims.appstudio.redhat.com: "32" + count/deploymenttargetclasses.appstudio.redhat.com: "32" + count/deploymenttargets.appstudio.redhat.com: "32" + count/environments.appstudio.redhat.com: "512" + count/promotionruns.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-integration + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/integrationtestscenarios.appstudio.redhat.com: "512" + count/snapshotenvironmentbindings.appstudio.redhat.com: "512" + count/snapshots.appstudio.redhat.com: ${COUNT_SNAPSHOT} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-release + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/internalrequests.appstudio.redhat.com: "4096" + count/releaseplanadmissions.appstudio.redhat.com: "512" + count/releaseplans.appstudio.redhat.com: "512" + count/releases.appstudio.redhat.com: ${COUNT_RELEASE} + count/releasestrategies.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-enterprisecontract + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/enterprisecontractpolicies.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: LimitRange + metadata: + name: resource-limits + namespace: ${SPACE_NAME}-tenant + spec: + limits: + - default: + cpu: 2000m + memory: 2Gi + defaultRequest: + cpu: 100m + memory: 256Mi + type: Container + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-same-namespace + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - podSelector: {} + podSelector: {} + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-ingress + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: ingress + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-monitoring + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: monitoring + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-codeready-workspaces-operator + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: codeready-workspaces + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-olm-namespaces + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + openshift.io/scc: anyuid + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-console-namespaces + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: console + podSelector: {} + policyTypes: + - Ingress + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: appstudio-pipeline + namespace: ${SPACE_NAME}-tenant + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-pipelines-runner-rolebinding + namespace: ${SPACE_NAME}-tenant + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: appstudio-pipelines-runner + subjects: + - kind: ServiceAccount + name: appstudio-pipeline + namespace: ${SPACE_NAME}-tenant + - apiVersion: v1 + data: {} + kind: ConfigMap + metadata: + labels: + config.openshift.io/inject-trusted-cabundle: "true" + name: trusted-ca + namespace: ${SPACE_NAME}-tenant + parameters: + - name: SPACE_NAME + required: true + - name: MEMORY_LIMIT + value: 32Gi + - name: MEMORY_REQUEST + value: 32Gi + - name: CPU_BUILD_LIMIT + value: "480" + - name: CPU_BUILD_REQUEST + value: "240" + - name: MEMORY_BUILD_LIMIT + value: 512Gi + - name: MEMORY_BUILD_REQUEST + value: 256Gi + - name: COUNT_PVC + value: "360" + - name: REQUEST_STORAGE + value: 400Gi + - name: COUNT_APPLICATION + value: "2048" + - name: COUNT_COMPONENT + value: "2048" + - name: COUNT_RELEASE + value: "4096" + - name: COUNT_SNAPSHOT + value: "2048" + tierName: appstudiolarge + type: tenant diff --git a/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-viewer-3738936794-4256863455.yaml b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-viewer-3738936794-4256863455.yaml new file mode 100644 index 00000000000..e68e35cc8a7 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-viewer-3738936794-4256863455.yaml @@ -0,0 +1,180 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-viewer-3738936794-4256863455 + namespace: toolchain-host-operator +spec: + revision: 3738936794-4256863455 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-viewer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-viewer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-viewer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: viewer diff --git a/components/sandbox/tiers/staging/appstudioxlarge/kustomization.yaml b/components/sandbox/tiers/staging/appstudioxlarge/kustomization.yaml index 5fd00104024..9e8f1b6520d 100644 --- a/components/sandbox/tiers/staging/appstudioxlarge/kustomization.yaml +++ b/components/sandbox/tiers/staging/appstudioxlarge/kustomization.yaml @@ -11,16 +11,19 @@ resources: - tiertemplate-appstudioxlarge-admin-2011494876-849337768.yaml - tiertemplate-appstudioxlarge-admin-409719430-849337768.yaml - tiertemplate-appstudioxlarge-admin-884010306-849337768.yaml +- tiertemplate-appstudioxlarge-admin-97963453-849337768.yaml - tiertemplate-appstudioxlarge-clusterresources-1579464439-593233715.yaml - tiertemplate-appstudioxlarge-clusterresources-1655178728-593233715.yaml - tiertemplate-appstudioxlarge-clusterresources-2011494876-593233715.yaml - tiertemplate-appstudioxlarge-clusterresources-409719430-593233715.yaml - tiertemplate-appstudioxlarge-clusterresources-884010306-3180033938.yaml +- tiertemplate-appstudioxlarge-clusterresources-97963453-593233715.yaml - tiertemplate-appstudioxlarge-contributor-1579464439-829105171.yaml - tiertemplate-appstudioxlarge-contributor-1655178728-829105171.yaml - tiertemplate-appstudioxlarge-contributor-2011494876-829105171.yaml - tiertemplate-appstudioxlarge-contributor-409719430-829105171.yaml - tiertemplate-appstudioxlarge-contributor-884010306-829105171.yaml +- tiertemplate-appstudioxlarge-contributor-97963453-829105171.yaml - tiertemplate-appstudioxlarge-maintainer-1579464439-474752551.yaml - tiertemplate-appstudioxlarge-maintainer-1655178728-474752551.yaml - tiertemplate-appstudioxlarge-maintainer-2011494876-341231795.yaml @@ -28,14 +31,17 @@ resources: - tiertemplate-appstudioxlarge-maintainer-409719430-474752551.yaml - tiertemplate-appstudioxlarge-maintainer-884010306-1904354742.yaml - tiertemplate-appstudioxlarge-maintainer-884010306-474752551.yaml +- tiertemplate-appstudioxlarge-maintainer-97963453-341231795.yaml - tiertemplate-appstudioxlarge-tenant-1579464439-2246724155.yaml - tiertemplate-appstudioxlarge-tenant-1655178728-4121561789.yaml - tiertemplate-appstudioxlarge-tenant-2011494876-1361763024.yaml - tiertemplate-appstudioxlarge-tenant-409719430-4121561789.yaml - tiertemplate-appstudioxlarge-tenant-884010306-4121561789.yaml - tiertemplate-appstudioxlarge-tenant-884010306-649666048.yaml +- tiertemplate-appstudioxlarge-tenant-97963453-234313038.yaml - tiertemplate-appstudioxlarge-viewer-1579464439-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-1655178728-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-2011494876-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-409719430-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-884010306-4256863455.yaml +- tiertemplate-appstudioxlarge-viewer-97963453-4256863455.yaml diff --git a/components/sandbox/tiers/staging/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml b/components/sandbox/tiers/staging/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml index e41bf234641..4af015bae32 100644 --- a/components/sandbox/tiers/staging/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml +++ b/components/sandbox/tiers/staging/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml @@ -9,16 +9,16 @@ metadata: namespace: toolchain-host-operator spec: clusterResources: - templateRef: appstudioxlarge-clusterresources-2011494876-593233715 + templateRef: appstudioxlarge-clusterresources-97963453-593233715 namespaces: - - templateRef: appstudioxlarge-tenant-2011494876-1361763024 + - templateRef: appstudioxlarge-tenant-97963453-234313038 spaceRoles: admin: - templateRef: appstudioxlarge-admin-2011494876-849337768 + templateRef: appstudioxlarge-admin-97963453-849337768 contributor: - templateRef: appstudioxlarge-contributor-2011494876-829105171 + templateRef: appstudioxlarge-contributor-97963453-829105171 maintainer: - templateRef: appstudioxlarge-maintainer-2011494876-341231795 + templateRef: appstudioxlarge-maintainer-97963453-341231795 viewer: - templateRef: appstudioxlarge-viewer-2011494876-4256863455 + templateRef: appstudioxlarge-viewer-97963453-4256863455 status: {} diff --git a/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-admin-97963453-849337768.yaml b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-admin-97963453-849337768.yaml new file mode 100644 index 00000000000..60187e78d0b --- /dev/null +++ b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-admin-97963453-849337768.yaml @@ -0,0 +1,281 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-admin-97963453-849337768 + namespace: toolchain-host-operator +spec: + revision: 97963453-849337768 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-admin-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - integrationtestscenarios + - releases + - releasestrategies + - releaseplans + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - appstudio-pipeline + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - external-secrets.io + resources: + - secretstores + - externalsecrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-admin-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-admin-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: admin diff --git a/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-clusterresources-97963453-593233715.yaml b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-clusterresources-97963453-593233715.yaml new file mode 100644 index 00000000000..1d2efff5641 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-clusterresources-97963453-593233715.yaml @@ -0,0 +1,88 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-clusterresources-97963453-593233715 + namespace: toolchain-host-operator +spec: + revision: 97963453-593233715 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: quota.openshift.io/v1 + kind: ClusterResourceQuota + metadata: + name: for-${SPACE_NAME}-jobs + spec: + quota: + hard: + count/cronjobs.batch: "30" + count/daemonsets.apps: "30" + count/jobs.batch: "30" + count/statefulsets.apps: "30" + selector: + annotations: null + labels: + matchLabels: + toolchain.dev.openshift.com/space: ${SPACE_NAME} + - apiVersion: quota.openshift.io/v1 + kind: ClusterResourceQuota + metadata: + name: for-${SPACE_NAME}-bc + spec: + quota: + hard: + count/buildconfigs.build.openshift.io: "30" + selector: + annotations: null + labels: + matchLabels: + toolchain.dev.openshift.com/space: ${SPACE_NAME} + - apiVersion: quota.openshift.io/v1 + kind: ClusterResourceQuota + metadata: + name: for-${SPACE_NAME}-secrets + spec: + quota: + hard: + count/secrets: ${{SECRET_QUOTA}} + selector: + annotations: null + labels: + matchLabels: + toolchain.dev.openshift.com/space: ${SPACE_NAME} + - apiVersion: quota.openshift.io/v1 + kind: ClusterResourceQuota + metadata: + name: for-${SPACE_NAME}-cm + spec: + quota: + hard: + count/configmaps: ${{CONFIGMAP_QUOTA}} + selector: + annotations: null + labels: + matchLabels: + toolchain.dev.openshift.com/space: ${SPACE_NAME} + - apiVersion: toolchain.dev.openshift.com/v1alpha1 + kind: Idler + metadata: + name: ${SPACE_NAME} + spec: + timeoutSeconds: ${{IDLER_TIMEOUT_SECONDS}} + parameters: + - name: SPACE_NAME + required: true + - name: IDLER_TIMEOUT_SECONDS + value: "0" + - name: CONFIGMAP_QUOTA + value: "300" + - name: SECRET_QUOTA + value: "3000" + tierName: appstudioxlarge + type: clusterresources diff --git a/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-97963453-829105171.yaml b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-97963453-829105171.yaml new file mode 100644 index 00000000000..5a068916e62 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-97963453-829105171.yaml @@ -0,0 +1,181 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-contributor-97963453-829105171 + namespace: toolchain-host-operator +spec: + revision: 97963453-829105171 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-contributor-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-contributor-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-contributor-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: contributor diff --git a/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-97963453-341231795.yaml b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-97963453-341231795.yaml new file mode 100644 index 00000000000..12bbf7c15d0 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-97963453-341231795.yaml @@ -0,0 +1,202 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-maintainer-97963453-341231795 + namespace: toolchain-host-operator +spec: + revision: 97963453-341231795 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-maintainer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + - snapshots + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-maintainer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-maintainer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: maintainer diff --git a/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-tenant-97963453-234313038.yaml b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-tenant-97963453-234313038.yaml new file mode 100644 index 00000000000..756f0946a6d --- /dev/null +++ b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-tenant-97963453-234313038.yaml @@ -0,0 +1,278 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-tenant-97963453-234313038 + namespace: toolchain-host-operator +spec: + revision: 97963453-234313038 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: v1 + kind: Namespace + metadata: + annotations: + openshift.io/description: ${SPACE_NAME} + openshift.io/display-name: ${SPACE_NAME} + openshift.io/requester: ${SPACE_NAME} + labels: + appstudio.redhat.com/workspace_name: ${SPACE_NAME} + argocd.argoproj.io/managed-by: gitops-service-argocd + name: ${SPACE_NAME}-tenant + name: ${SPACE_NAME}-tenant + - apiVersion: appstudio.redhat.com/v1alpha1 + kind: Environment + metadata: + name: development + namespace: ${SPACE_NAME}-tenant + spec: + deploymentStrategy: AppStudioAutomated + displayName: Development + type: Non-POC + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: compute-build + namespace: ${SPACE_NAME}-tenant + spec: + hard: + limits.cpu: ${CPU_BUILD_LIMIT} + limits.memory: ${MEMORY_BUILD_LIMIT} + requests.cpu: ${CPU_BUILD_REQUEST} + requests.memory: ${MEMORY_BUILD_REQUEST} + scopes: + - Terminating + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: storage + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/persistentvolumeclaims: ${COUNT_PVC} + limits.ephemeral-storage: 50Gi + requests.ephemeral-storage: 50Gi + requests.storage: ${REQUEST_STORAGE} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: toolchain-crds + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/spacerequests.toolchain.dev.openshift.com: "32" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/applications.appstudio.redhat.com: ${COUNT_APPLICATION} + count/componentdetectionqueries.appstudio.redhat.com: "512" + count/components.appstudio.redhat.com: ${COUNT_COMPONENT} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-build + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/buildpipelineselectors.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-gitops + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/deploymenttargetclaims.appstudio.redhat.com: "32" + count/deploymenttargetclasses.appstudio.redhat.com: "32" + count/deploymenttargets.appstudio.redhat.com: "32" + count/environments.appstudio.redhat.com: "512" + count/promotionruns.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-integration + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/integrationtestscenarios.appstudio.redhat.com: "512" + count/snapshotenvironmentbindings.appstudio.redhat.com: "512" + count/snapshots.appstudio.redhat.com: ${COUNT_SNAPSHOT} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-release + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/internalrequests.appstudio.redhat.com: "4096" + count/releaseplanadmissions.appstudio.redhat.com: "512" + count/releaseplans.appstudio.redhat.com: "512" + count/releases.appstudio.redhat.com: ${COUNT_RELEASE} + count/releasestrategies.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-enterprisecontract + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/enterprisecontractpolicies.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: LimitRange + metadata: + name: resource-limits + namespace: ${SPACE_NAME}-tenant + spec: + limits: + - default: + cpu: 2000m + memory: 2Gi + defaultRequest: + cpu: 100m + memory: 256Mi + type: Container + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-same-namespace + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - podSelector: {} + podSelector: {} + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-ingress + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: ingress + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-monitoring + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: monitoring + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-codeready-workspaces-operator + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: codeready-workspaces + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-olm-namespaces + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + openshift.io/scc: anyuid + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-console-namespaces + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: console + podSelector: {} + policyTypes: + - Ingress + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: appstudio-pipeline + namespace: ${SPACE_NAME}-tenant + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-pipelines-runner-rolebinding + namespace: ${SPACE_NAME}-tenant + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: appstudio-pipelines-runner + subjects: + - kind: ServiceAccount + name: appstudio-pipeline + namespace: ${SPACE_NAME}-tenant + - apiVersion: v1 + data: {} + kind: ConfigMap + metadata: + labels: + config.openshift.io/inject-trusted-cabundle: "true" + name: trusted-ca + namespace: ${SPACE_NAME}-tenant + parameters: + - name: SPACE_NAME + required: true + - name: MEMORY_LIMIT + value: 32Gi + - name: MEMORY_REQUEST + value: 32Gi + - name: CPU_BUILD_LIMIT + value: 4k + - name: CPU_BUILD_REQUEST + value: 2k + - name: MEMORY_BUILD_LIMIT + value: 8Ti + - name: MEMORY_BUILD_REQUEST + value: 4Ti + - name: COUNT_PVC + value: "360" + - name: REQUEST_STORAGE + value: 400Gi + - name: COUNT_APPLICATION + value: "2048" + - name: COUNT_COMPONENT + value: "2048" + - name: COUNT_RELEASE + value: "4096" + - name: COUNT_SNAPSHOT + value: "2048" + tierName: appstudioxlarge + type: tenant diff --git a/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-97963453-4256863455.yaml b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-97963453-4256863455.yaml new file mode 100644 index 00000000000..86abb75d99d --- /dev/null +++ b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-97963453-4256863455.yaml @@ -0,0 +1,180 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-viewer-97963453-4256863455 + namespace: toolchain-host-operator +spec: + revision: 97963453-4256863455 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-viewer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-viewer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-viewer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: viewer