From 2bca4789b71a0a777c049657c34063f0a21b8f0f Mon Sep 17 00:00:00 2001 From: "lukasz.widera@vshn.ch" Date: Fri, 6 Oct 2023 16:25:40 +0200 Subject: [PATCH 1/6] adding VSHNRedis ServiceMonitor --- .../10_appcat_billing_recording_rule.yaml | 85 ++++++ .../10_appcat_maintenance_recording_rule.yaml | 15 + .../appcat/appcat/10_appcat_namespace.yaml | 8 + .../appcat/10_clusterrole_services_read.yaml | 44 +++ .../appcat/appcat/10_clusterrole_view.yaml | 20 ++ compiled/appcat/appcat/10_mailgun_secret.yaml | 12 + .../appcat/10_namespace_vshn_control.yaml | 7 + compiled/appcat/appcat/10_provider_helm.yaml | 136 +++++++++ .../appcat/appcat/10_provider_kubernetes.yaml | 289 ++++++++++++++++++ ...helm_service_maintenance_cluster_role.yaml | 18 ++ ...vice_maintenance_cluster_role_binding.yaml | 15 + .../10_rbac_helm_service_maintenance_sa.yaml | 8 + .../appcat/appcat/20_rbac_vshn_minio.yaml | 36 +++ compiled/appcat/appcat/20_xrd_vshn_minio.yaml | 226 ++++++++++++++ .../appcat/21_composition_vshn_minio.yaml | 48 +++ .../appcat/apiserver/10_apiserver_envs.yaml | 12 + .../apiserver/10_cluster_role_api_server.yaml | 80 +++++ .../10_cluster_role_basic_users.yaml | 17 ++ .../apiserver/10_cluster_role_binding.yaml | 15 + .../apiserver/10_cluster_role_view.yaml | 18 ++ .../appcat/apiserver/20_service_account.yaml | 5 + .../appcat/apiserver/30_api_service.yaml | 17 ++ .../appcat/apiserver/30_deployment.yaml | 52 ++++ .../appcat/appcat/apiserver/30_service.yaml | 16 + .../appcat/apiserver/31_api_certificate.yaml | 25 ++ .../appcat/apiserver/31_api_issuer.yaml | 7 + .../controllers/appcat/10_cluster_role.yaml | 33 ++ .../appcat/10_cluster_role_binding.yaml | 12 + .../controllers/appcat/10_pg_webhooks.yaml | 29 ++ .../controllers/appcat/10_redis_webhooks.yaml | 29 ++ .../10_role_binding_leader_election.yaml | 13 + .../appcat/10_role_leader_election.yaml | 37 +++ .../appcat/10_webhook_certificate.yaml | 25 ++ .../controllers/appcat/10_webhook_issuer.yaml | 7 + .../appcat/10_webhook_service.yaml | 13 + .../appcat/20_service_account.yaml | 5 + .../controllers/appcat/30_deployment.yaml | 57 ++++ .../appcat/sla_reporter/01_cronjob.yaml | 48 +++ .../appcat/sla_reporter/02_object_bucket.yaml | 14 + .../sla_reporter/03_network_policy.yaml | 18 ++ ...appcat-sliexporter-controller-manager.yaml | 68 +++++ ...er-controller-manager-metrics-monitor.yaml | 19 ++ ...ppcat-sliexporter-appcat-sli-exporter.yaml | 77 +++++ ...ole_appcat-sliexporter-metrics-reader.yaml | 9 + ...terrole_appcat-sliexporter-proxy-role.yaml | 17 ++ ...ppcat-sliexporter-appcat-sli-exporter.yaml | 12 + ..._appcat-sliexporter-proxy-rolebinding.yaml | 12 + .../v1_namespace_appcat-slos.yaml | 6 + ...er-controller-manager-metrics-service.yaml | 15 + ...appcat-sliexporter-controller-manager.yaml | 5 + .../statefuleset-resize-controller.yaml | 0 compiled/appcat/apps/appcat.yaml | 0 component/component/vshn_redis.jsonnet | 29 ++ ...bac_vshn_redis_metrics_servicemonitor.yaml | 30 ++ .../appcat/21_composition_vshn_redis.yaml | 13 + .../appcat-apiserver/manifests/v0.1.2 | 1 + .../statefulset-resize-controller/v0.3.0 | 1 + dependencies/appcat/manifests/v4.34.0 | 1 + vendor/lib/crossplane.libsonnet | 80 +++++ 59 files changed, 1966 insertions(+) create mode 100644 compiled/appcat/appcat/10_appcat_billing_recording_rule.yaml create mode 100644 compiled/appcat/appcat/10_appcat_maintenance_recording_rule.yaml create mode 100644 compiled/appcat/appcat/10_appcat_namespace.yaml create mode 100644 compiled/appcat/appcat/10_clusterrole_services_read.yaml create mode 100644 compiled/appcat/appcat/10_clusterrole_view.yaml create mode 100644 compiled/appcat/appcat/10_mailgun_secret.yaml create mode 100644 compiled/appcat/appcat/10_namespace_vshn_control.yaml create mode 100644 compiled/appcat/appcat/10_provider_helm.yaml create mode 100644 compiled/appcat/appcat/10_provider_kubernetes.yaml create mode 100644 compiled/appcat/appcat/10_rbac_helm_service_maintenance_cluster_role.yaml create mode 100644 compiled/appcat/appcat/10_rbac_helm_service_maintenance_cluster_role_binding.yaml create mode 100644 compiled/appcat/appcat/10_rbac_helm_service_maintenance_sa.yaml create mode 100644 compiled/appcat/appcat/20_rbac_vshn_minio.yaml create mode 100644 compiled/appcat/appcat/20_xrd_vshn_minio.yaml create mode 100644 compiled/appcat/appcat/21_composition_vshn_minio.yaml create mode 100644 compiled/appcat/appcat/apiserver/10_apiserver_envs.yaml create mode 100644 compiled/appcat/appcat/apiserver/10_cluster_role_api_server.yaml create mode 100644 compiled/appcat/appcat/apiserver/10_cluster_role_basic_users.yaml create mode 100644 compiled/appcat/appcat/apiserver/10_cluster_role_binding.yaml create mode 100644 compiled/appcat/appcat/apiserver/10_cluster_role_view.yaml create mode 100644 compiled/appcat/appcat/apiserver/20_service_account.yaml create mode 100644 compiled/appcat/appcat/apiserver/30_api_service.yaml create mode 100644 compiled/appcat/appcat/apiserver/30_deployment.yaml create mode 100644 compiled/appcat/appcat/apiserver/30_service.yaml create mode 100644 compiled/appcat/appcat/apiserver/31_api_certificate.yaml create mode 100644 compiled/appcat/appcat/apiserver/31_api_issuer.yaml create mode 100644 compiled/appcat/appcat/controllers/appcat/10_cluster_role.yaml create mode 100644 compiled/appcat/appcat/controllers/appcat/10_cluster_role_binding.yaml create mode 100644 compiled/appcat/appcat/controllers/appcat/10_pg_webhooks.yaml create mode 100644 compiled/appcat/appcat/controllers/appcat/10_redis_webhooks.yaml create mode 100644 compiled/appcat/appcat/controllers/appcat/10_role_binding_leader_election.yaml create mode 100644 compiled/appcat/appcat/controllers/appcat/10_role_leader_election.yaml create mode 100644 compiled/appcat/appcat/controllers/appcat/10_webhook_certificate.yaml create mode 100644 compiled/appcat/appcat/controllers/appcat/10_webhook_issuer.yaml create mode 100644 compiled/appcat/appcat/controllers/appcat/10_webhook_service.yaml create mode 100644 compiled/appcat/appcat/controllers/appcat/20_service_account.yaml create mode 100644 compiled/appcat/appcat/controllers/appcat/30_deployment.yaml create mode 100644 compiled/appcat/appcat/sla_reporter/01_cronjob.yaml create mode 100644 compiled/appcat/appcat/sla_reporter/02_object_bucket.yaml create mode 100644 compiled/appcat/appcat/sla_reporter/03_network_policy.yaml create mode 100644 compiled/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml create mode 100644 compiled/appcat/appcat/sli_exporter/monitoring.coreos.com_v1_servicemonitor_appcat-sliexporter-controller-manager-metrics-monitor.yaml create mode 100644 compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-appcat-sli-exporter.yaml create mode 100644 compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-metrics-reader.yaml create mode 100644 compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-proxy-role.yaml create mode 100644 compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrolebinding_appcat-sliexporter-appcat-sli-exporter.yaml create mode 100644 compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrolebinding_appcat-sliexporter-proxy-rolebinding.yaml create mode 100644 compiled/appcat/appcat/sli_exporter/v1_namespace_appcat-slos.yaml create mode 100644 compiled/appcat/appcat/sli_exporter/v1_service_appcat-sliexporter-controller-manager-metrics-service.yaml create mode 100644 compiled/appcat/appcat/sli_exporter/v1_serviceaccount_appcat-sliexporter-controller-manager.yaml create mode 100644 compiled/appcat/appcat/statefuleset-resize-controller.yaml create mode 100644 compiled/appcat/apps/appcat.yaml create mode 100644 component/tests/golden/vshn/appcat/appcat/20_rbac_vshn_redis_metrics_servicemonitor.yaml create mode 160000 dependencies/appcat-apiserver/manifests/v0.1.2 create mode 160000 dependencies/appcat/manifests/statefulset-resize-controller/v0.3.0 create mode 160000 dependencies/appcat/manifests/v4.34.0 create mode 100644 vendor/lib/crossplane.libsonnet diff --git a/compiled/appcat/appcat/10_appcat_billing_recording_rule.yaml b/compiled/appcat/appcat/10_appcat_billing_recording_rule.yaml new file mode 100644 index 000000000..3e7109308 --- /dev/null +++ b/compiled/appcat/appcat/10_appcat_billing_recording_rule.yaml @@ -0,0 +1,85 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + annotations: {} + labels: + name: appcat-billing + name: appcat-billing + namespace: syn-appcat +spec: + groups: + - name: appcat-billing-rules + rules: + - expr: | + sum by (label_appcat_vshn_io_claim_namespace,label_appcat_vshn_io_sla,product,provider,architecture, category, claim_namespace,tenant_id) ( + # Sum values over one hour and get mean + sum_over_time( + # Udpate label product: $product:$provider:$tenant_id:$claim_namespace:$architecture + label_join( + # Add label category: $provider:$claim_namespace + label_join( + # Add label architecture: $SLA, where $SLA is the content of label appcat.vshn.io/sla + label_replace( + # Add label provider: vshn + label_replace( + # Add label product: postgres + label_replace( + # Default appcat.vshn.io/sla to besteffort if it is not set + label_replace( + # Copy label appcat.vshn.io/namespace to label claim_namespace + label_replace( + # Populate tenant_id + label_replace( + # Fetch all namespaces with label label_appuio_io_billing_name=~"appcat-.+" + kube_namespace_labels{ label_appuio_io_billing_name=~"appcat-.+"} * + on (namespace) group_right(label_appuio_io_organization,label_appcat_vshn_io_claim_namespace,label_appcat_vshn_io_sla, label_appuio_io_billing_name) + kube_pod_info{created_by_kind!="Job"}, + "tenant_id", + "t-silent-test-1234", + "", + "" + + ), + "claim_namespace", + "$1", + "label_appcat_vshn_io_claim_namespace", + "(.*)" + ), + "label_appcat_vshn_io_sla", + "besteffort", + "label_appcat_vshn_io_sla", + "^$" + ), + "product", + "appcat_$1", + "label_appuio_io_billing_name", + "appcat-(.+)" + ), + "provider", + "vshn", + "", + "" + ), + "sla", + "$1", + "label_appcat_vshn_io_sla", + "(.*)" + ), + "category", + ":", + "provider", + "claim_namespace" + ), + "product", + ":", + "product", + "provider", + "tenant_id", + "claim_namespace", + "sla" + # other billing queries have [59m:1m] here. This is due to some + # obscure discrepancies between how the cloud-reporting evaluates the query + # and how the GUI/recording rules evaluate the query. + )[60m:1m] + )/60 ) + record: appcat:billing diff --git a/compiled/appcat/appcat/10_appcat_maintenance_recording_rule.yaml b/compiled/appcat/appcat/10_appcat_maintenance_recording_rule.yaml new file mode 100644 index 000000000..534448600 --- /dev/null +++ b/compiled/appcat/appcat/10_appcat_maintenance_recording_rule.yaml @@ -0,0 +1,15 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + annotations: {} + labels: + name: appcat-maintenance + name: appcat-maintenance + namespace: syn-appcat +spec: + groups: + - name: appcat-cluster-maintenance + rules: + - expr: max(max_over_time(openshift_upgrade_controller_upgradejob_state{state="active"}[10m])) + or vector(0) + record: appcat:cluster:maintenance diff --git a/compiled/appcat/appcat/10_appcat_namespace.yaml b/compiled/appcat/appcat/10_appcat_namespace.yaml new file mode 100644 index 000000000..5ec3065df --- /dev/null +++ b/compiled/appcat/appcat/10_appcat_namespace.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: {} + labels: + name: syn-appcat + openshift.io/cluster-monitoring: 'true' + name: syn-appcat diff --git a/compiled/appcat/appcat/10_clusterrole_services_read.yaml b/compiled/appcat/appcat/10_clusterrole_services_read.yaml new file mode 100644 index 000000000..a2c3bdfe5 --- /dev/null +++ b/compiled/appcat/appcat/10_clusterrole_services_read.yaml @@ -0,0 +1,44 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + name: appcat-services-read + name: appcat:services:read +rules: + - apiGroups: + - '' + resources: + - pods + - pods/log + - pods/status + - events + - services + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - pods/portforward + verbs: + - get + - list + - create + - apiGroups: + - '' + - project.openshift.io + resources: + - projects + verbs: + - get diff --git a/compiled/appcat/appcat/10_clusterrole_view.yaml b/compiled/appcat/appcat/10_clusterrole_view.yaml new file mode 100644 index 000000000..b107c243a --- /dev/null +++ b/compiled/appcat/appcat/10_clusterrole_view.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + rbac.authorization.k8s.io/aggregate-to-admin: 'true' + rbac.authorization.k8s.io/aggregate-to-edit: 'true' + rbac.authorization.k8s.io/aggregate-to-view: 'true' + name: appcat:browse +rules: + - apiGroups: + - apiextensions.crossplane.io + resources: + - compositions + - compositionrevisions + - compositeresourcedefinitions + verbs: + - get + - list + - watch diff --git a/compiled/appcat/appcat/10_mailgun_secret.yaml b/compiled/appcat/appcat/10_mailgun_secret.yaml new file mode 100644 index 000000000..3f3808429 --- /dev/null +++ b/compiled/appcat/appcat/10_mailgun_secret.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: {} +kind: Secret +metadata: + annotations: {} + labels: + name: mailgun-smtp-credentials + name: mailgun-smtp-credentials + namespace: syn-appcat +stringData: + password: whatever +type: Opaque diff --git a/compiled/appcat/appcat/10_namespace_vshn_control.yaml b/compiled/appcat/appcat/10_namespace_vshn_control.yaml new file mode 100644 index 000000000..e2ca65a95 --- /dev/null +++ b/compiled/appcat/appcat/10_namespace_vshn_control.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: {} + labels: + name: syn-appcat-control + name: syn-appcat-control diff --git a/compiled/appcat/appcat/10_provider_helm.yaml b/compiled/appcat/appcat/10_provider_helm.yaml new file mode 100644 index 000000000..9e537bf7e --- /dev/null +++ b/compiled/appcat/appcat/10_provider_helm.yaml @@ -0,0 +1,136 @@ +apiVersion: pkg.crossplane.io/v1 +kind: Provider +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: '10' + labels: + name: helm + name: helm +spec: + controllerConfigRef: + name: helm + package: xpkg.upbound.io/crossplane-contrib/provider-helm:v0.15.0 +--- +apiVersion: pkg.crossplane.io/v1alpha1 +kind: ControllerConfig +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: '10' + labels: + name: helm + name: helm +spec: + serviceAccountName: provider-helm +--- +apiVersion: helm.crossplane.io/v1beta1 +kind: ProviderConfig +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: '10' + labels: + name: helm + name: helm +spec: + credentials: + source: InjectedIdentity +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + name: provider-helm + name: provider-helm + namespace: syn-crossplane +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + name: crossplane-provider-provider-helm-system-custom + name: crossplane:provider:provider-helm:system:custom +rules: + - apiGroups: + - helm.crossplane.io + resources: + - '*' + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - '' + resources: + - namespaces + - serviceaccounts + - services + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - watch + - patch + - update + - delete + - apiGroups: + - apps + resources: + - statefulsets + - deployments + verbs: + - get + - list + - watch + - create + - watch + - patch + - update + - delete + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: {} + labels: + name: crossplane-provider-provider-helm-system-custom + name: crossplane:provider:provider-helm:system:custom +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: crossplane:provider:provider-helm:system:custom +subjects: + - kind: ServiceAccount + name: provider-helm + namespace: syn-crossplane diff --git a/compiled/appcat/appcat/10_provider_kubernetes.yaml b/compiled/appcat/appcat/10_provider_kubernetes.yaml new file mode 100644 index 000000000..5d62bf97a --- /dev/null +++ b/compiled/appcat/appcat/10_provider_kubernetes.yaml @@ -0,0 +1,289 @@ +apiVersion: pkg.crossplane.io/v1 +kind: Provider +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: '10' + labels: + name: kubernetes + name: kubernetes +spec: + controllerConfigRef: + name: kubernetes + package: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.9.0 +--- +apiVersion: pkg.crossplane.io/v1alpha1 +kind: ControllerConfig +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: '10' + labels: + name: kubernetes + name: kubernetes +spec: + serviceAccountName: provider-kubernetes +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: ProviderConfig +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: '10' + labels: + name: kubernetes + name: kubernetes +spec: + credentials: + source: InjectedIdentity +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + name: provider-kubernetes + name: provider-kubernetes + namespace: syn-crossplane +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + name: crossplane-provider-provider-kubernetes-system-custom + name: crossplane:provider:provider-kubernetes:system:custom +rules: + - apiGroups: + - kubernetes.crossplane.io + resources: + - '*' + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - helm.crossplane.io + resources: + - releases + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - '' + - coordination.k8s.io + resources: + - secrets + - configmaps + - events + - leases + verbs: + - '*' + - apiGroups: + - '' + resources: + - namespaces + - serviceaccounts + - secrets + - pods + - pods/log + - pods/portforward + - pods/status + - services + verbs: + - get + - list + - watch + - create + - watch + - patch + - update + - delete + - apiGroups: + - apps + resources: + - statefulsets/scale + verbs: + - update + - patch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - delete + - watch + - list + - apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - appcat:services:read + resources: + - clusterroles + verbs: + - bind + - apiGroups: + - stackgres.io + resources: + - sginstanceprofiles + - sgclusters + - sgpgconfigs + - sgobjectstorages + - sgbackups + - sgdbops + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - appcat.vshn.io + resources: + - xobjectbuckets + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - cert-manager.io + resources: + - issuers + - certificates + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - roles + - rolebindings + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - vshn.appcat.vshn.io + resources: + - vshnpostgresqls + verbs: + - get + - update + - apiGroups: + - vshn.appcat.vshn.io + resources: + - vshnredis + verbs: + - get + - update + - apiGroups: + - monitoring.coreos.com + resources: + - prometheusrules + - podmonitors + - alertmanagerconfigs + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - k8up.io + resources: + - schedules + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - k8up.io + resources: + - snapshots + verbs: + - get + - apiGroups: + - minio.crossplane.io + resources: + - providerconfigs + verbs: + - get + - list + - watch + - update + - patch + - create + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: {} + labels: + name: crossplane-provider-provider-kubernetes-system-custom + name: crossplane:provider:provider-kubernetes:system:custom +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: crossplane:provider:provider-kubernetes:system:custom +subjects: + - kind: ServiceAccount + name: provider-kubernetes + namespace: syn-crossplane diff --git a/compiled/appcat/appcat/10_rbac_helm_service_maintenance_cluster_role.yaml b/compiled/appcat/appcat/10_rbac_helm_service_maintenance_cluster_role.yaml new file mode 100644 index 000000000..9e7df4dc7 --- /dev/null +++ b/compiled/appcat/appcat/10_rbac_helm_service_maintenance_cluster_role.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + name: crossplane-appcat-job-helm-maintenance + name: crossplane:appcat:job:helm:maintenance +rules: + - apiGroups: + - helm.crossplane.io + resources: + - releases + verbs: + - patch + - get + - list + - watch + - update diff --git a/compiled/appcat/appcat/10_rbac_helm_service_maintenance_cluster_role_binding.yaml b/compiled/appcat/appcat/10_rbac_helm_service_maintenance_cluster_role_binding.yaml new file mode 100644 index 000000000..19c9a3224 --- /dev/null +++ b/compiled/appcat/appcat/10_rbac_helm_service_maintenance_cluster_role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: {} + labels: + name: crossplane-appcat-job-helm-maintenance + name: crossplane:appcat:job:helm:maintenance +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: crossplane:appcat:job:helm:maintenance +subjects: + - kind: ServiceAccount + name: helm-based-service-maintenance + namespace: syn-appcat-control diff --git a/compiled/appcat/appcat/10_rbac_helm_service_maintenance_sa.yaml b/compiled/appcat/appcat/10_rbac_helm_service_maintenance_sa.yaml new file mode 100644 index 000000000..fbd75e4f7 --- /dev/null +++ b/compiled/appcat/appcat/10_rbac_helm_service_maintenance_sa.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + name: helm-based-service-maintenance + name: helm-based-service-maintenance + namespace: syn-appcat-control diff --git a/compiled/appcat/appcat/20_rbac_vshn_minio.yaml b/compiled/appcat/appcat/20_rbac_vshn_minio.yaml new file mode 100644 index 000000000..e09b3c14a --- /dev/null +++ b/compiled/appcat/appcat/20_rbac_vshn_minio.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + rbac.authorization.k8s.io/aggregate-to-view: 'true' + name: appcat:composite:xvshnminios.vshn.appcat.vshn.io:claim-view +rules: + - apiGroups: + - vshn.appcat.vshn.io + resources: + - vshnminios + - vshnminios/status + - vshnminios/finalizers + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + rbac.authorization.k8s.io/aggregate-to-admin: 'true' + rbac.authorization.k8s.io/aggregate-to-edit: 'true' + name: appcat:composite:xvshnminios.vshn.appcat.vshn.io:claim-edit +rules: + - apiGroups: + - vshn.appcat.vshn.io + resources: + - vshnminios + - vshnminios/status + - vshnminios/finalizers + verbs: + - '*' diff --git a/compiled/appcat/appcat/20_xrd_vshn_minio.yaml b/compiled/appcat/appcat/20_xrd_vshn_minio.yaml new file mode 100644 index 000000000..2fb9595e1 --- /dev/null +++ b/compiled/appcat/appcat/20_xrd_vshn_minio.yaml @@ -0,0 +1,226 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: CompositeResourceDefinition +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: '10' + labels: + name: xvshnminios.vshn.appcat.vshn.io + name: xvshnminios.vshn.appcat.vshn.io +spec: + claimNames: + kind: VSHNMinio + plural: vshnminios + connectionSecretKeys: + - MINIO_URL + - AWS_SECRET_ACCESS_KEY + - AWS_ACCESS_KEY_ID + defaultCompositionRef: + name: vshnminio.vshn.appcat.vshn.io + group: vshn.appcat.vshn.io + names: + kind: XVSHNMinio + plural: xvshnminios + versions: + - name: v1 + referenceable: true + schema: + openAPIV3Schema: + description: VSHNMinio is the API for creating Minio instances. + properties: + spec: + description: Spec defines the desired state of a VSHNMinio. + properties: + parameters: + default: {} + description: Parameters are the configurable fields of a VSHNMinio. + properties: + backup: + default: {} + description: Backup contains settings to control how the instance + should get backed up. + properties: + retention: + description: K8upRetentionPolicy describes the retention + configuration for a K8up backup. + properties: + keepDaily: + default: 6 + type: integer + keepHourly: + type: integer + keepLast: + type: integer + keepMonthly: + type: integer + keepWeekly: + type: integer + keepYearly: + type: integer + type: object + schedule: + pattern: ^(\*|([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])|\*\/([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])) + (\*|([0-9]|1[0-9]|2[0-3])|\*\/([0-9]|1[0-9]|2[0-3])) (\*|([1-9]|1[0-9]|2[0-9]|3[0-1])|\*\/([1-9]|1[0-9]|2[0-9]|3[0-1])) + (\*|([1-9]|1[0-2])|\*\/([1-9]|1[0-2])) (\*|([0-6])|\*\/([0-6]))$ + type: string + type: object + instances: + default: 4 + description: Instances configures the number of Minio instances + for the cluster. Each instance contains one Minio server. + minimum: 4 + type: integer + maintenance: + description: Maintenance contains settings to control the maintenance + of an instance. + properties: + dayOfWeek: + description: DayOfWeek specifies at which weekday the maintenance + is held place. Allowed values are [monday, tuesday, wednesday, + thursday, friday, saturday, sunday] + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + timeOfDay: + description: 'TimeOfDay for installing updates in UTC. Format: + "hh:mm:ss".' + pattern: ^([0-1]?[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$ + type: string + type: object + restore: + description: Restore contains settings to control the restore + of an instance. + properties: + backupName: + description: BackupName is the name of the specific backup + you want to restore. + type: string + claimName: + description: ClaimName specifies the name of the instance + you want to restore from. The claim has to be in the same + namespace as this new instance. + type: string + type: object + service: + description: Service contains the Minio specific configurations + properties: + mode: + default: distributed + description: Mode configures the mode of MinIO. Valid values + are "distributed" and "standalone". + enum: + - distributed + - standalone + type: string + type: object + size: + default: {} + description: Size contains settings to control the sizing of + a service. + properties: + cpu: + description: CPU defines the amount of Kubernetes CPUs for + an instance. + type: string + disk: + description: Disk defines the amount of disk space for an + instance. + type: string + memory: + description: Memory defines the amount of memory in units + of bytes for an instance. + type: string + plan: + default: standard-1 + description: | + Plan is the name of the resource plan that defines the compute resources. + + The following plans are available: + + standard-1 - CPU: 1; Memory: 1Gi; Disk: 50Gi + enum: + - standard-1 + type: string + requests: + description: Requests defines CPU and memory requests for + an instance + properties: + cpu: + description: CPU defines the amount of Kubernetes CPUs + for an instance. + type: string + memory: + description: Memory defines the amount of memory in + units of bytes for an instance. + type: string + type: object + type: object + storageClass: + description: StorageClass configures the storageClass to use + for the PVC used by MinIO. + type: string + type: object + type: object + status: + description: Status reflects the observed state of a VSHNMinio. + properties: + instanceNamespace: + description: InstanceNamespace contains the name of the namespace + where the instance resides + type: string + namespaceConditions: + description: MinioConditions contains the status conditions of the + backing object. + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating + the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - 'True' + - 'False' + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true diff --git a/compiled/appcat/appcat/21_composition_vshn_minio.yaml b/compiled/appcat/appcat/21_composition_vshn_minio.yaml new file mode 100644 index 000000000..90075b948 --- /dev/null +++ b/compiled/appcat/appcat/21_composition_vshn_minio.yaml @@ -0,0 +1,48 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: Composition +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: '10' + metadata.appcat.vshn.io/description: Minio instances by VSHN + metadata.appcat.vshn.io/displayname: Minio by VSHN + metadata.appcat.vshn.io/end-user-docs-url: https://vs.hn/vshn-minio + metadata.appcat.vshn.io/flavor: distributed + metadata.appcat.vshn.io/plans: '{"standard-1":{"size":{"cpu":"1","disk":"50Gi","enabled":true,"memory":"1Gi"}}}' + metadata.appcat.vshn.io/product-description: https://products.docs.vshn.ch/products/appcat/minio.html + labels: + metadata.appcat.vshn.io/offered: 'false' + metadata.appcat.vshn.io/serviceID: vshn-minio + name: vshnminio.vshn.appcat.vshn.io + name: vshnminio.vshn.appcat.vshn.io +spec: + compositeTypeRef: + apiVersion: vshn.appcat.vshn.io/v1 + kind: XVSHNMinio + functions: + - config: + apiVersion: v1 + data: + controlNamespace: syn-appcat-control + defaultPlan: standard-1 + imageTag: v4.34.0 + maintenanceSA: helm-based-service-maintenance + minioChartRepository: https://charts.min.io + minioChartVersion: 5.0.13 + plans: '{"standard-1": {"size": {"cpu": "1", "disk": "50Gi", "enabled": + true, "memory": "1Gi"}}}' + providerEnabled: 'false' + kind: ConfigMap + metadata: + labels: + name: xfn-config + name: xfn-config + container: + image: minio + imagePullPolicy: IfNotPresent + runner: + endpoint: 172.18.0.1:9547 + timeout: 20s + name: minio-func + type: Container + writeConnectionSecretsToNamespace: syn-crossplane diff --git a/compiled/appcat/appcat/apiserver/10_apiserver_envs.yaml b/compiled/appcat/appcat/apiserver/10_apiserver_envs.yaml new file mode 100644 index 000000000..2e308c878 --- /dev/null +++ b/compiled/appcat/appcat/apiserver/10_apiserver_envs.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + APPCAT_HANDLER_ENABLED: 'true' + VSHN_POSTGRES_BACKUP_HANDLER_ENABLED: 'true' + VSHN_REDIS_BACKUP_HANDLER_ENABLED: 'true' +kind: ConfigMap +metadata: + labels: + api: appcat + apiserver: 'true' + name: apiserver-envs + namespace: appcat-apiserver diff --git a/compiled/appcat/appcat/apiserver/10_cluster_role_api_server.yaml b/compiled/appcat/appcat/apiserver/10_cluster_role_api_server.yaml new file mode 100644 index 000000000..78a2445f9 --- /dev/null +++ b/compiled/appcat/appcat/apiserver/10_cluster_role_api_server.yaml @@ -0,0 +1,80 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: appcat +rules: + - apiGroups: + - '' + resourceNames: + - extension-apiserver-authentication + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.crossplane.io + resources: + - compositions + verbs: + - get + - list + - watch + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - k8up.io + resources: + - snapshots + verbs: + - get + - list + - watch + - apiGroups: + - stackgres.io + resources: + - sgbackups + verbs: + - get + - list + - watch + - apiGroups: + - vshn.appcat.vshn.io + resources: + - vshnredis + - xvshnpostgresqls + verbs: + - get + - list + - watch diff --git a/compiled/appcat/appcat/apiserver/10_cluster_role_basic_users.yaml b/compiled/appcat/appcat/apiserver/10_cluster_role_basic_users.yaml new file mode 100644 index 000000000..d88a538b2 --- /dev/null +++ b/compiled/appcat/appcat/apiserver/10_cluster_role_basic_users.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + authorization.openshift.io/aggregate-to-basic-user: 'true' + name: system-test-distribution-aggregate-appcat-to-basic-user + name: system:test-distribution:aggregate-appcat-to-basic-user +rules: + - apiGroups: + - api.appcat.vshn.io + resources: + - appcats + verbs: + - get + - list + - watch diff --git a/compiled/appcat/appcat/apiserver/10_cluster_role_binding.yaml b/compiled/appcat/appcat/apiserver/10_cluster_role_binding.yaml new file mode 100644 index 000000000..a5e26b0c9 --- /dev/null +++ b/compiled/appcat/appcat/apiserver/10_cluster_role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: {} + labels: + name: appcat + name: appcat +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: appcat +subjects: + - kind: ServiceAccount + name: appcat-apiserver + namespace: appcat-apiserver diff --git a/compiled/appcat/appcat/apiserver/10_cluster_role_view.yaml b/compiled/appcat/appcat/apiserver/10_cluster_role_view.yaml new file mode 100644 index 000000000..cbb1dfab6 --- /dev/null +++ b/compiled/appcat/appcat/apiserver/10_cluster_role_view.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + name: appcat-api-view + rbac.authorization.k8s.io/aggregate-to-view: 'true' + name: appcat:api:view +rules: + - apiGroups: + - api.appcat.vshn.io + resources: + - vshnpostgresbackups + - vshnredisbackups + verbs: + - get + - list + - watch diff --git a/compiled/appcat/appcat/apiserver/20_service_account.yaml b/compiled/appcat/appcat/apiserver/20_service_account.yaml new file mode 100644 index 000000000..da1654252 --- /dev/null +++ b/compiled/appcat/appcat/apiserver/20_service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: appcat-apiserver + namespace: appcat-apiserver diff --git a/compiled/appcat/appcat/apiserver/30_api_service.yaml b/compiled/appcat/appcat/apiserver/30_api_service.yaml new file mode 100644 index 000000000..5ee968325 --- /dev/null +++ b/compiled/appcat/appcat/apiserver/30_api_service.yaml @@ -0,0 +1,17 @@ +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + annotations: + cert-manager.io/inject-ca-from: appcat-apiserver/apiserver-certificate + labels: + api: appcat + apiserver: 'true' + name: v1.api.appcat.vshn.io +spec: + group: api.appcat.vshn.io + groupPriorityMinimum: 2000 + service: + name: appcat + namespace: appcat-apiserver + version: v1 + versionPriority: 10 diff --git a/compiled/appcat/appcat/apiserver/30_deployment.yaml b/compiled/appcat/appcat/apiserver/30_deployment.yaml new file mode 100644 index 000000000..7e442824e --- /dev/null +++ b/compiled/appcat/appcat/apiserver/30_deployment.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + api: appcat + apiserver: 'true' + name: appcat-apiserver + namespace: appcat-apiserver +spec: + replicas: 1 + selector: + matchLabels: + api: appcat + apiserver: 'true' + template: + metadata: + labels: + api: appcat + apiserver: 'true' + spec: + containers: + - args: + - apiserver + - --audit-log-maxage=0 + - --audit-log-maxbackup=0 + - --audit-log-path=- + - --feature-gates=APIPriorityAndFairness=false + - --secure-port=9443 + - --tls-cert-file=/apiserver.local.config/certificates/tls.crt + - --tls-private-key-file=/apiserver.local.config/certificates/tls.key + env: [] + envFrom: + - configMapRef: + name: apiserver-envs + image: ghcr.io/vshn/appcat-apiserver:v0.1.2 + name: apiserver + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 50Mi + volumeMounts: + - mountPath: /apiserver.local.config/certificates + name: apiserver-certs + readOnly: true + serviceAccountName: appcat-apiserver + volumes: + - name: apiserver-certs + secret: + secretName: appcat-apiserver-tls diff --git a/compiled/appcat/appcat/apiserver/30_service.yaml b/compiled/appcat/appcat/apiserver/30_service.yaml new file mode 100644 index 000000000..578bfed39 --- /dev/null +++ b/compiled/appcat/appcat/apiserver/30_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + api: appcat + apiserver: 'true' + name: appcat + namespace: appcat-apiserver +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + api: appcat + apiserver: 'true' diff --git a/compiled/appcat/appcat/apiserver/31_api_certificate.yaml b/compiled/appcat/appcat/apiserver/31_api_certificate.yaml new file mode 100644 index 000000000..02bd07549 --- /dev/null +++ b/compiled/appcat/appcat/apiserver/31_api_certificate.yaml @@ -0,0 +1,25 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: apiserver-certificate + namespace: appcat-apiserver +spec: + dnsNames: + - appcat.appcat-apiserver.svc + duration: 87600h0m0s + issuerRef: + group: cert-manager.io + kind: Issuer + name: api-server-issuer + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 4096 + renewBefore: 2400h0m0s + secretName: appcat-apiserver-tls + subject: + organizations: + - vshn-appcat + usages: + - server auth + - client auth diff --git a/compiled/appcat/appcat/apiserver/31_api_issuer.yaml b/compiled/appcat/appcat/apiserver/31_api_issuer.yaml new file mode 100644 index 000000000..2531c0713 --- /dev/null +++ b/compiled/appcat/appcat/apiserver/31_api_issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: api-server-issuer + namespace: appcat-apiserver +spec: + selfSigned: {} diff --git a/compiled/appcat/appcat/controllers/appcat/10_cluster_role.yaml b/compiled/appcat/appcat/controllers/appcat/10_cluster_role.yaml new file mode 100644 index 000000000..50ca69f8f --- /dev/null +++ b/compiled/appcat/appcat/controllers/appcat/10_cluster_role.yaml @@ -0,0 +1,33 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: appcat-controller +rules: + - apiGroups: + - vshn.appcat.vshn.io + resources: + - xvshnpostgresqls + - xvshnpostgresqls/finalizers + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - kubernetes.crossplane.io + resources: + - objects + verbs: + - delete + - apiGroups: + - '' + resources: + - namespaces + - configmaps + verbs: + - get + - update + - list + - watch + - delete diff --git a/compiled/appcat/appcat/controllers/appcat/10_cluster_role_binding.yaml b/compiled/appcat/appcat/controllers/appcat/10_cluster_role_binding.yaml new file mode 100644 index 000000000..c3fcdc368 --- /dev/null +++ b/compiled/appcat/appcat/controllers/appcat/10_cluster_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: appcat-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: appcat-controller +subjects: + - kind: ServiceAccount + name: appcat-controller + namespace: syn-appcat diff --git a/compiled/appcat/appcat/controllers/appcat/10_pg_webhooks.yaml b/compiled/appcat/appcat/controllers/appcat/10_pg_webhooks.yaml new file mode 100644 index 000000000..2d43785d0 --- /dev/null +++ b/compiled/appcat/appcat/controllers/appcat/10_pg_webhooks.yaml @@ -0,0 +1,29 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: syn-appcat/webhook-certificate + creationTimestamp: null + name: appcat-pg-validation +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: syn-appcat + path: /validate-vshn-appcat-vshn-io-v1-vshnpostgresql + failurePolicy: Fail + name: postgresql.vshn.appcat.vshn.io + rules: + - apiGroups: + - vshn.appcat.vshn.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - vshnpostgresqls + sideEffects: None diff --git a/compiled/appcat/appcat/controllers/appcat/10_redis_webhooks.yaml b/compiled/appcat/appcat/controllers/appcat/10_redis_webhooks.yaml new file mode 100644 index 000000000..27d097ded --- /dev/null +++ b/compiled/appcat/appcat/controllers/appcat/10_redis_webhooks.yaml @@ -0,0 +1,29 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: syn-appcat/webhook-certificate + creationTimestamp: null + name: appcat-redis-validation +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: syn-appcat + path: /validate-vshn-appcat-vshn-io-v1-vshnredis + failurePolicy: Fail + name: vshnredis.vshn.appcat.vshn.io + rules: + - apiGroups: + - vshn.appcat.vshn.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - vshnredis + sideEffects: None diff --git a/compiled/appcat/appcat/controllers/appcat/10_role_binding_leader_election.yaml b/compiled/appcat/appcat/controllers/appcat/10_role_binding_leader_election.yaml new file mode 100644 index 000000000..bfff674b0 --- /dev/null +++ b/compiled/appcat/appcat/controllers/appcat/10_role_binding_leader_election.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: appcat-controller-leader-election-rolebinding + namespace: syn-appcat +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appcat-controller-leader-election-role +subjects: + - kind: ServiceAccount + name: appcat-controller + namespace: syn-appcat diff --git a/compiled/appcat/appcat/controllers/appcat/10_role_leader_election.yaml b/compiled/appcat/appcat/controllers/appcat/10_role_leader_election.yaml new file mode 100644 index 000000000..99db74fb8 --- /dev/null +++ b/compiled/appcat/appcat/controllers/appcat/10_role_leader_election.yaml @@ -0,0 +1,37 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: appcat-controller-leader-election-role + namespace: syn-appcat +rules: + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - '' + resources: + - events + verbs: + - create + - patch diff --git a/compiled/appcat/appcat/controllers/appcat/10_webhook_certificate.yaml b/compiled/appcat/appcat/controllers/appcat/10_webhook_certificate.yaml new file mode 100644 index 000000000..795cdab8f --- /dev/null +++ b/compiled/appcat/appcat/controllers/appcat/10_webhook_certificate.yaml @@ -0,0 +1,25 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: webhook-certificate + namespace: syn-appcat +spec: + dnsNames: + - webhook-service.syn-appcat.svc + duration: 87600h0m0s + issuerRef: + group: cert-manager.io + kind: Issuer + name: webhook-server-issuer + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 4096 + renewBefore: 2400h0m0s + secretName: webhook-cert + subject: + organizations: + - vshn-appcat + usages: + - server auth + - client auth diff --git a/compiled/appcat/appcat/controllers/appcat/10_webhook_issuer.yaml b/compiled/appcat/appcat/controllers/appcat/10_webhook_issuer.yaml new file mode 100644 index 000000000..990e0aca7 --- /dev/null +++ b/compiled/appcat/appcat/controllers/appcat/10_webhook_issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: webhook-server-issuer + namespace: syn-appcat +spec: + selfSigned: {} diff --git a/compiled/appcat/appcat/controllers/appcat/10_webhook_service.yaml b/compiled/appcat/appcat/controllers/appcat/10_webhook_service.yaml new file mode 100644 index 000000000..baa4924f3 --- /dev/null +++ b/compiled/appcat/appcat/controllers/appcat/10_webhook_service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: webhook-service + namespace: syn-appcat +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: 9443 + selector: + appcat-controller: appcat-controller diff --git a/compiled/appcat/appcat/controllers/appcat/20_service_account.yaml b/compiled/appcat/appcat/controllers/appcat/20_service_account.yaml new file mode 100644 index 000000000..3aee318d9 --- /dev/null +++ b/compiled/appcat/appcat/controllers/appcat/20_service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: appcat-controller + namespace: syn-appcat diff --git a/compiled/appcat/appcat/controllers/appcat/30_deployment.yaml b/compiled/appcat/appcat/controllers/appcat/30_deployment.yaml new file mode 100644 index 000000000..b2e495054 --- /dev/null +++ b/compiled/appcat/appcat/controllers/appcat/30_deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + appcat-controller: appcat-controller + name: appcat-controller + namespace: syn-appcat +spec: + replicas: 2 + selector: + matchLabels: + appcat-controller: appcat-controller + template: + metadata: + labels: + appcat-controller: appcat-controller + spec: + containers: + - args: + - controller + - --leader-elect + - --quotas=false + env: + - name: PLANS_NAMESPACE + value: syn-appcat + image: ghcr.io/vshn/appcat:v4.34.0 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 50Mi + volumeMounts: + - mountPath: /etc/webhook/certs + name: webhook-certs + securityContext: + runAsNonRoot: true + serviceAccountName: appcat-controller + terminationGracePeriodSeconds: 10 + volumes: + - name: webhook-certs + secret: + secretName: webhook-cert diff --git a/compiled/appcat/appcat/sla_reporter/01_cronjob.yaml b/compiled/appcat/appcat/sla_reporter/01_cronjob.yaml new file mode 100644 index 000000000..6358d8b55 --- /dev/null +++ b/compiled/appcat/appcat/sla_reporter/01_cronjob.yaml @@ -0,0 +1,48 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + annotations: {} + labels: + name: appcat-sla-reporter + name: appcat-sla-reporter + namespace: appcat-slos +spec: + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 3 + jobTemplate: + spec: + completions: 1 + parallelism: 1 + template: + metadata: + labels: + name: appcat-sla-reporter + spec: + containers: + - args: + - slareport + - --previousmonth + - --mimirorg + - appuio-managed-openshift-metrics + env: + - name: PROM_URL + value: http://vshn-appuio-mimir-query-frontend.vshn-appuio-mimir.svc.cluster.local:8080/prometheus + envFrom: + - secretRef: + name: appcat-sla-reports-creds + image: ghcr.io/vshn/appcat:v4.34.0 + name: sla-reporter + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 10m + memory: 200Mi + imagePullSecrets: [] + initContainers: [] + restartPolicy: OnFailure + terminationGracePeriodSeconds: 30 + volumes: [] + schedule: 0 9 1 * * + successfulJobsHistoryLimit: 0 diff --git a/compiled/appcat/appcat/sla_reporter/02_object_bucket.yaml b/compiled/appcat/appcat/sla_reporter/02_object_bucket.yaml new file mode 100644 index 000000000..d4140582e --- /dev/null +++ b/compiled/appcat/appcat/sla_reporter/02_object_bucket.yaml @@ -0,0 +1,14 @@ +apiVersion: appcat.vshn.io/v1 +kind: ObjectBucket +metadata: + annotations: + argocd.argoproj.io/compare-options: IgnoreExtraneous + argocd.argoproj.io/sync-options: Prune=false + name: appcat-sla-reports + namespace: appcat-slos +spec: + parameters: + bucketName: appcat-sla-reports + region: lpg + writeConnectionSecretToRef: + name: appcat-sla-reports-creds diff --git a/compiled/appcat/appcat/sla_reporter/03_network_policy.yaml b/compiled/appcat/appcat/sla_reporter/03_network_policy.yaml new file mode 100644 index 000000000..8c06f27f0 --- /dev/null +++ b/compiled/appcat/appcat/sla_reporter/03_network_policy.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + annotations: {} + labels: + name: allow-from-appcat-slos + name: allow-from-appcat-slos + namespace: vshn-appuio-mimir +spec: + egress: [] + ingress: + - from: + - namespaceSelector: + matchLabels: + name: appcat-slos + podSelector: {} + policyTypes: + - Ingress diff --git a/compiled/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/compiled/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml new file mode 100644 index 000000000..0a67b8bd2 --- /dev/null +++ b/compiled/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + name: controller-manager + name: appcat-sliexporter-controller-manager + namespace: appcat-slos +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - sliprober + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + env: + - name: APPCAT_SLI_VSHNPOSTGRESQL + value: "false" + - name: APPCAT_SLI_VSHNREDIS + value: "false" + image: ghcr.io/vshn/appcat:v4.34.0 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 10m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + securityContext: + runAsNonRoot: true + serviceAccountName: appcat-sliexporter-controller-manager + terminationGracePeriodSeconds: 10 diff --git a/compiled/appcat/appcat/sli_exporter/monitoring.coreos.com_v1_servicemonitor_appcat-sliexporter-controller-manager-metrics-monitor.yaml b/compiled/appcat/appcat/sli_exporter/monitoring.coreos.com_v1_servicemonitor_appcat-sliexporter-controller-manager-metrics-monitor.yaml new file mode 100644 index 000000000..726aa1020 --- /dev/null +++ b/compiled/appcat/appcat/sli_exporter/monitoring.coreos.com_v1_servicemonitor_appcat-sliexporter-controller-manager-metrics-monitor.yaml @@ -0,0 +1,19 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + name: appcat-sliexporter-controller-manager-metrics-monitor + namespace: appcat-slos +spec: + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + honorLabels: true + path: /metrics + port: https + scheme: https + tlsConfig: + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager diff --git a/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-appcat-sli-exporter.yaml b/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-appcat-sli-exporter.yaml new file mode 100644 index 000000000..aea288f1b --- /dev/null +++ b/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-appcat-sli-exporter.yaml @@ -0,0 +1,77 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: appcat-sliexporter-appcat-sli-exporter +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - vshn.appcat.vshn.io + resources: + - vshnpostgresqls + verbs: + - get + - list + - watch +- apiGroups: + - vshn.appcat.vshn.io + resources: + - vshnpostgresqls/status + verbs: + - get +- apiGroups: + - vshn.appcat.vshn.io + resources: + - vshnredis + verbs: + - get + - list + - watch +- apiGroups: + - vshn.appcat.vshn.io + resources: + - vshnredis/status + verbs: + - get +- apiGroups: + - vshn.appcat.vshn.io + resources: + - xvshnpostgresqls + verbs: + - get + - list + - watch +- apiGroups: + - vshn.appcat.vshn.io + resources: + - xvshnpostgresqls/status + verbs: + - get +- apiGroups: + - vshn.appcat.vshn.io + resources: + - xvshnredis + verbs: + - get + - list + - watch +- apiGroups: + - vshn.appcat.vshn.io + resources: + - xvshnredis/status + verbs: + - get diff --git a/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-metrics-reader.yaml b/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-metrics-reader.yaml new file mode 100644 index 000000000..2e537691f --- /dev/null +++ b/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-metrics-reader.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: appcat-sliexporter-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-proxy-role.yaml b/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-proxy-role.yaml new file mode 100644 index 000000000..5e8f92f8d --- /dev/null +++ b/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-proxy-role.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: appcat-sliexporter-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrolebinding_appcat-sliexporter-appcat-sli-exporter.yaml b/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrolebinding_appcat-sliexporter-appcat-sli-exporter.yaml new file mode 100644 index 000000000..ab3bd597f --- /dev/null +++ b/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrolebinding_appcat-sliexporter-appcat-sli-exporter.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: appcat-sliexporter-appcat-sli-exporter +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: appcat-sliexporter-appcat-sli-exporter +subjects: +- kind: ServiceAccount + name: appcat-sliexporter-controller-manager + namespace: appcat-slos diff --git a/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrolebinding_appcat-sliexporter-proxy-rolebinding.yaml b/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrolebinding_appcat-sliexporter-proxy-rolebinding.yaml new file mode 100644 index 000000000..f80a89762 --- /dev/null +++ b/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrolebinding_appcat-sliexporter-proxy-rolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: appcat-sliexporter-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: appcat-sliexporter-proxy-role +subjects: +- kind: ServiceAccount + name: appcat-sliexporter-controller-manager + namespace: appcat-slos diff --git a/compiled/appcat/appcat/sli_exporter/v1_namespace_appcat-slos.yaml b/compiled/appcat/appcat/sli_exporter/v1_namespace_appcat-slos.yaml new file mode 100644 index 000000000..cf3df2a41 --- /dev/null +++ b/compiled/appcat/appcat/sli_exporter/v1_namespace_appcat-slos.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: appcat-slos diff --git a/compiled/appcat/appcat/sli_exporter/v1_service_appcat-sliexporter-controller-manager-metrics-service.yaml b/compiled/appcat/appcat/sli_exporter/v1_service_appcat-sliexporter-controller-manager-metrics-service.yaml new file mode 100644 index 000000000..17a01dc8f --- /dev/null +++ b/compiled/appcat/appcat/sli_exporter/v1_service_appcat-sliexporter-controller-manager-metrics-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: appcat-sliexporter-controller-manager-metrics-service + namespace: appcat-slos +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager diff --git a/compiled/appcat/appcat/sli_exporter/v1_serviceaccount_appcat-sliexporter-controller-manager.yaml b/compiled/appcat/appcat/sli_exporter/v1_serviceaccount_appcat-sliexporter-controller-manager.yaml new file mode 100644 index 000000000..b6f125cea --- /dev/null +++ b/compiled/appcat/appcat/sli_exporter/v1_serviceaccount_appcat-sliexporter-controller-manager.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: appcat-sliexporter-controller-manager + namespace: appcat-slos diff --git a/compiled/appcat/appcat/statefuleset-resize-controller.yaml b/compiled/appcat/appcat/statefuleset-resize-controller.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/compiled/appcat/apps/appcat.yaml b/compiled/appcat/apps/appcat.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/component/component/vshn_redis.jsonnet b/component/component/vshn_redis.jsonnet index 96dd09f66..cc26ca27b 100644 --- a/component/component/vshn_redis.jsonnet +++ b/component/component/vshn_redis.jsonnet @@ -93,6 +93,25 @@ local restoreRole = kube.ClusterRole(restoreRoleName) { }, ], }; +local helmMonitoringClusterRoleName = 'allow-helm-monitoring-resources'; +local helmMonitoringClusterRole = kube.ClusterRole(helmMonitoringClusterRoleName) { + rules: [ + { + apiGroups: [ 'monitoring.coreos.com' ], + resources: [ 'servicemonitors' ], + verbs: [ '*' ], + }, + ], +}; +local helmMonitoringServiceAccount = kube.ServiceAccount('provider-helm') + { + metadata+: { + namespace: "syn-crossplane", + }, +}; +local helmMonitoringClusterRoleBinding = kube.ClusterRoleBinding('system:serviceaccount:syn-crossplane:provider-helm') + { + roleRef_: helmMonitoringClusterRole, + subjects_: [ helmMonitoringServiceAccount ], +}; local restoreClusterRoleBinding = kube.ClusterRoleBinding('appcat:job:redis:restorejob') + { roleRef_: restoreRole, @@ -377,6 +396,13 @@ local composition = version: redisParams.helmChartVersion, }, values: { + metrics: { + enabled: true, + serviceMonitor: { + enabled: true, + namespace: '', // patched + }, + }, fullnameOverride: 'redis', global: { imageRegistry: redisParams.imageRegistry, @@ -613,6 +639,8 @@ local composition = comp.FromCompositeFieldPath('spec.parameters.tls.enabled', 'spec.forProvider.values.tls.enabled'), comp.FromCompositeFieldPath('spec.parameters.tls.authClients', 'spec.forProvider.values.tls.authClients'), + comp.FromCompositeFieldPathWithTransformPrefix('metadata.labels[crossplane.io/composite]', 'spec.forProvider.values.metrics.serviceMonitor.namespace', 'vshn-redis'), + comp.FromCompositeFieldPathWithTransformMap('spec.parameters.size.plan', 'spec.forProvider.values.master.nodeSelector', std.mapWithKey(function(key, x) @@ -691,6 +719,7 @@ if params.services.vshn.enabled && redisParams.enabled then { '20_rbac_vshn_redis': xrds.CompositeClusterRoles(xrd), '20_role_vshn_redisrestore': [ restoreRole, restoreServiceAccount, restoreClusterRoleBinding ], '20_rbac_vshn_redis_resize': [ resizeClusterRole, resizeServiceAccount, resizeClusterRoleBinding ], + '20_rbac_vshn_redis_metrics_servicemonitor': [ helmMonitoringClusterRole, helmMonitoringClusterRoleBinding ], '20_plans_vshn_redis': plansCM, '21_composition_vshn_redis': composition, '22_prom_rule_sla_redis': promRuleRedisSLA, diff --git a/component/tests/golden/vshn/appcat/appcat/20_rbac_vshn_redis_metrics_servicemonitor.yaml b/component/tests/golden/vshn/appcat/appcat/20_rbac_vshn_redis_metrics_servicemonitor.yaml new file mode 100644 index 000000000..f74431b83 --- /dev/null +++ b/component/tests/golden/vshn/appcat/appcat/20_rbac_vshn_redis_metrics_servicemonitor.yaml @@ -0,0 +1,30 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + name: allow-helm-monitoring-resources + name: allow-helm-monitoring-resources +rules: + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: {} + labels: + name: system-serviceaccount-syn-crossplane-provider-helm + name: system:serviceaccount:syn-crossplane:provider-helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: allow-helm-monitoring-resources +subjects: + - kind: ServiceAccount + name: provider-helm + namespace: syn-crossplane diff --git a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml index 1a9c3f1fd..818b5f09f 100644 --- a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml +++ b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml @@ -699,6 +699,11 @@ spec: requests: cpu: '' memory: '' + metrics: + enabled: true + serviceMonitor: + enabled: true + namespace: '' networkPolicy: allowExternal: false enabled: true @@ -837,6 +842,14 @@ spec: - fromFieldPath: spec.parameters.tls.authClients toFieldPath: spec.forProvider.values.tls.authClients type: FromCompositeFieldPath + - fromFieldPath: metadata.labels[crossplane.io/composite] + toFieldPath: spec.forProvider.values.metrics.serviceMonitor.namespace + transforms: + - string: + fmt: vshn-redis-%s + type: Format + type: string + type: FromCompositeFieldPath - fromFieldPath: spec.parameters.size.plan toFieldPath: spec.forProvider.values.master.nodeSelector transforms: diff --git a/dependencies/appcat-apiserver/manifests/v0.1.2 b/dependencies/appcat-apiserver/manifests/v0.1.2 new file mode 160000 index 000000000..13926a313 --- /dev/null +++ b/dependencies/appcat-apiserver/manifests/v0.1.2 @@ -0,0 +1 @@ +Subproject commit 13926a313dff9533e3f2409b7cdc5a943977ac1a diff --git a/dependencies/appcat/manifests/statefulset-resize-controller/v0.3.0 b/dependencies/appcat/manifests/statefulset-resize-controller/v0.3.0 new file mode 160000 index 000000000..6335cd6e5 --- /dev/null +++ b/dependencies/appcat/manifests/statefulset-resize-controller/v0.3.0 @@ -0,0 +1 @@ +Subproject commit 6335cd6e51a98e4d6e1f8fa8f766574dc6b54cd2 diff --git a/dependencies/appcat/manifests/v4.34.0 b/dependencies/appcat/manifests/v4.34.0 new file mode 160000 index 000000000..a3ca24333 --- /dev/null +++ b/dependencies/appcat/manifests/v4.34.0 @@ -0,0 +1 @@ +Subproject commit a3ca24333b1dd8e3bb4f2119a1a02d3be55d983e diff --git a/vendor/lib/crossplane.libsonnet b/vendor/lib/crossplane.libsonnet new file mode 100644 index 000000000..226f62d43 --- /dev/null +++ b/vendor/lib/crossplane.libsonnet @@ -0,0 +1,80 @@ +/** + * \file crossplane.libsonnet + * \brief Helpers to create Crossplane CRs. + * API reference: https://doc.crds.dev/github.com/crossplane/crossplane + */ + +local kube = import 'lib/kube.libjsonnet'; + +// Define Crossplane API versions +local api_version = { + pkg: 'pkg.crossplane.io/v1', + apiextensions: 'apiextensions.crossplane.io/v1', +}; + +local sync_options = { + metadata+: { + annotations+: { + 'argocd.argoproj.io/sync-options': 'SkipDryRunOnMissingResource=true', + 'argocd.argoproj.io/sync-wave': '10', + }, + }, +}; + +{ + api_version: api_version, + + /** + * \brief Helper to create Provider objects. + * + * \arg The name of the Provider. + * \return A Provider object. + */ + Provider(name): + kube._Object(api_version.pkg, 'Provider', name) + sync_options, + + /** + * \brief Helper to create ProviderConfig objects. + * + * \arg The name of the ProviderConfig. + * \return A ProviderConfig object. + */ + ProviderConfig(name): + kube._Object('', 'ProviderConfig', name) + sync_options, + + /** + * \brief Helper to create Configuration objects. + * + * \arg The name of the Configuration. + * \return A Configuration object. + */ + Configuration(name): + kube._Object(api_version.pkg, 'Configuration', name) + sync_options, + + /** + * \brief Helper to create ControllerConfig objects. + * + * \arg The name of the ControllerConfig. + * \return A ControllerConfig object. + */ + ControllerConfig(name): + kube._Object('pkg.crossplane.io/v1alpha1', 'ControllerConfig', name) + sync_options, + + /** + * \brief Helper to create Composition objects. + * + * \arg The name of the Composition. + * \return A Composition object. + */ + Composition(name): + kube._Object(api_version.apiextensions, 'Composition', name) + sync_options, + + /** + * \brief Helper to create CompositeResourceDefinition objects. + * + * \arg The name of the CompositeResourceDefinition. + * \return A CompositeResourceDefinition object. + */ + CompositeResourceDefinition(name): + kube._Object(api_version.apiextensions, 'CompositeResourceDefinition', name) + sync_options, +} From 46125587f4c6d7f05005d761e0f393ccd3ef6a99 Mon Sep 17 00:00:00 2001 From: "lukasz.widera@vshn.ch" Date: Mon, 9 Oct 2023 14:38:45 +0200 Subject: [PATCH 2/6] fixing linter --- component/component/vshn_redis.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/component/component/vshn_redis.jsonnet b/component/component/vshn_redis.jsonnet index cc26ca27b..bfc5d0ca7 100644 --- a/component/component/vshn_redis.jsonnet +++ b/component/component/vshn_redis.jsonnet @@ -105,7 +105,7 @@ local helmMonitoringClusterRole = kube.ClusterRole(helmMonitoringClusterRoleName }; local helmMonitoringServiceAccount = kube.ServiceAccount('provider-helm') + { metadata+: { - namespace: "syn-crossplane", + namespace: 'syn-crossplane', }, }; local helmMonitoringClusterRoleBinding = kube.ClusterRoleBinding('system:serviceaccount:syn-crossplane:provider-helm') + { From c1dddf09fa6968f385db2b714735cd23d5af935b Mon Sep 17 00:00:00 2001 From: "lukasz.widera@vshn.ch" Date: Tue, 10 Oct 2023 09:53:44 +0200 Subject: [PATCH 3/6] disabling scc --- component/component/vshn_redis.jsonnet | 3 +++ .../golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml | 2 ++ 2 files changed, 5 insertions(+) diff --git a/component/component/vshn_redis.jsonnet b/component/component/vshn_redis.jsonnet index bfc5d0ca7..21893ef98 100644 --- a/component/component/vshn_redis.jsonnet +++ b/component/component/vshn_redis.jsonnet @@ -398,6 +398,9 @@ local composition = values: { metrics: { enabled: true, + containerSecurityContext: { + enabled: false, + }, serviceMonitor: { enabled: true, namespace: '', // patched diff --git a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml index 818b5f09f..19525974e 100644 --- a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml +++ b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml @@ -700,6 +700,8 @@ spec: cpu: '' memory: '' metrics: + containerSecurityContext: + enabled: false enabled: true serviceMonitor: enabled: true From f7edaecc1f275b64322d9c125b80dc448f4a552d Mon Sep 17 00:00:00 2001 From: "lukasz.widera@vshn.ch" Date: Tue, 10 Oct 2023 11:18:58 +0200 Subject: [PATCH 4/6] cleanup --- .../10_appcat_billing_recording_rule.yaml | 85 ------ .../10_appcat_maintenance_recording_rule.yaml | 15 - .../appcat/appcat/10_appcat_namespace.yaml | 8 - .../appcat/10_clusterrole_services_read.yaml | 44 --- .../appcat/appcat/10_clusterrole_view.yaml | 20 -- compiled/appcat/appcat/10_mailgun_secret.yaml | 12 - .../appcat/10_namespace_vshn_control.yaml | 7 - compiled/appcat/appcat/10_provider_helm.yaml | 136 --------- .../appcat/appcat/10_provider_kubernetes.yaml | 289 ------------------ ...helm_service_maintenance_cluster_role.yaml | 18 -- ...vice_maintenance_cluster_role_binding.yaml | 15 - .../10_rbac_helm_service_maintenance_sa.yaml | 8 - .../appcat/appcat/20_rbac_vshn_minio.yaml | 36 --- compiled/appcat/appcat/20_xrd_vshn_minio.yaml | 226 -------------- .../appcat/21_composition_vshn_minio.yaml | 48 --- .../appcat/apiserver/10_apiserver_envs.yaml | 12 - .../apiserver/10_cluster_role_api_server.yaml | 80 ----- .../10_cluster_role_basic_users.yaml | 17 -- .../apiserver/10_cluster_role_binding.yaml | 15 - .../apiserver/10_cluster_role_view.yaml | 18 -- .../appcat/apiserver/20_service_account.yaml | 5 - .../appcat/apiserver/30_api_service.yaml | 17 -- .../appcat/apiserver/30_deployment.yaml | 52 ---- .../appcat/appcat/apiserver/30_service.yaml | 16 - .../appcat/apiserver/31_api_certificate.yaml | 25 -- .../appcat/apiserver/31_api_issuer.yaml | 7 - .../controllers/appcat/10_cluster_role.yaml | 33 -- .../appcat/10_cluster_role_binding.yaml | 12 - .../controllers/appcat/10_pg_webhooks.yaml | 29 -- .../controllers/appcat/10_redis_webhooks.yaml | 29 -- .../10_role_binding_leader_election.yaml | 13 - .../appcat/10_role_leader_election.yaml | 37 --- .../appcat/10_webhook_certificate.yaml | 25 -- .../controllers/appcat/10_webhook_issuer.yaml | 7 - .../appcat/10_webhook_service.yaml | 13 - .../appcat/20_service_account.yaml | 5 - .../controllers/appcat/30_deployment.yaml | 57 ---- .../appcat/sla_reporter/01_cronjob.yaml | 48 --- .../appcat/sla_reporter/02_object_bucket.yaml | 14 - .../sla_reporter/03_network_policy.yaml | 18 -- ...appcat-sliexporter-controller-manager.yaml | 68 ----- ...er-controller-manager-metrics-monitor.yaml | 19 -- ...ppcat-sliexporter-appcat-sli-exporter.yaml | 77 ----- ...ole_appcat-sliexporter-metrics-reader.yaml | 9 - ...terrole_appcat-sliexporter-proxy-role.yaml | 17 -- ...ppcat-sliexporter-appcat-sli-exporter.yaml | 12 - ..._appcat-sliexporter-proxy-rolebinding.yaml | 12 - .../v1_namespace_appcat-slos.yaml | 6 - ...er-controller-manager-metrics-service.yaml | 15 - ...appcat-sliexporter-controller-manager.yaml | 5 - .../statefuleset-resize-controller.yaml | 0 compiled/appcat/apps/appcat.yaml | 0 .../appcat-apiserver/manifests/v0.1.2 | 1 - .../statefulset-resize-controller/v0.3.0 | 1 - dependencies/appcat/manifests/v4.34.0 | 1 - vendor/lib/crossplane.libsonnet | 80 ----- 56 files changed, 1894 deletions(-) delete mode 100644 compiled/appcat/appcat/10_appcat_billing_recording_rule.yaml delete mode 100644 compiled/appcat/appcat/10_appcat_maintenance_recording_rule.yaml delete mode 100644 compiled/appcat/appcat/10_appcat_namespace.yaml delete mode 100644 compiled/appcat/appcat/10_clusterrole_services_read.yaml delete mode 100644 compiled/appcat/appcat/10_clusterrole_view.yaml delete mode 100644 compiled/appcat/appcat/10_mailgun_secret.yaml delete mode 100644 compiled/appcat/appcat/10_namespace_vshn_control.yaml delete mode 100644 compiled/appcat/appcat/10_provider_helm.yaml delete mode 100644 compiled/appcat/appcat/10_provider_kubernetes.yaml delete mode 100644 compiled/appcat/appcat/10_rbac_helm_service_maintenance_cluster_role.yaml delete mode 100644 compiled/appcat/appcat/10_rbac_helm_service_maintenance_cluster_role_binding.yaml delete mode 100644 compiled/appcat/appcat/10_rbac_helm_service_maintenance_sa.yaml delete mode 100644 compiled/appcat/appcat/20_rbac_vshn_minio.yaml delete mode 100644 compiled/appcat/appcat/20_xrd_vshn_minio.yaml delete mode 100644 compiled/appcat/appcat/21_composition_vshn_minio.yaml delete mode 100644 compiled/appcat/appcat/apiserver/10_apiserver_envs.yaml delete mode 100644 compiled/appcat/appcat/apiserver/10_cluster_role_api_server.yaml delete mode 100644 compiled/appcat/appcat/apiserver/10_cluster_role_basic_users.yaml delete mode 100644 compiled/appcat/appcat/apiserver/10_cluster_role_binding.yaml delete mode 100644 compiled/appcat/appcat/apiserver/10_cluster_role_view.yaml delete mode 100644 compiled/appcat/appcat/apiserver/20_service_account.yaml delete mode 100644 compiled/appcat/appcat/apiserver/30_api_service.yaml delete mode 100644 compiled/appcat/appcat/apiserver/30_deployment.yaml delete mode 100644 compiled/appcat/appcat/apiserver/30_service.yaml delete mode 100644 compiled/appcat/appcat/apiserver/31_api_certificate.yaml delete mode 100644 compiled/appcat/appcat/apiserver/31_api_issuer.yaml delete mode 100644 compiled/appcat/appcat/controllers/appcat/10_cluster_role.yaml delete mode 100644 compiled/appcat/appcat/controllers/appcat/10_cluster_role_binding.yaml delete mode 100644 compiled/appcat/appcat/controllers/appcat/10_pg_webhooks.yaml delete mode 100644 compiled/appcat/appcat/controllers/appcat/10_redis_webhooks.yaml delete mode 100644 compiled/appcat/appcat/controllers/appcat/10_role_binding_leader_election.yaml delete mode 100644 compiled/appcat/appcat/controllers/appcat/10_role_leader_election.yaml delete mode 100644 compiled/appcat/appcat/controllers/appcat/10_webhook_certificate.yaml delete mode 100644 compiled/appcat/appcat/controllers/appcat/10_webhook_issuer.yaml delete mode 100644 compiled/appcat/appcat/controllers/appcat/10_webhook_service.yaml delete mode 100644 compiled/appcat/appcat/controllers/appcat/20_service_account.yaml delete mode 100644 compiled/appcat/appcat/controllers/appcat/30_deployment.yaml delete mode 100644 compiled/appcat/appcat/sla_reporter/01_cronjob.yaml delete mode 100644 compiled/appcat/appcat/sla_reporter/02_object_bucket.yaml delete mode 100644 compiled/appcat/appcat/sla_reporter/03_network_policy.yaml delete mode 100644 compiled/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml delete mode 100644 compiled/appcat/appcat/sli_exporter/monitoring.coreos.com_v1_servicemonitor_appcat-sliexporter-controller-manager-metrics-monitor.yaml delete mode 100644 compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-appcat-sli-exporter.yaml delete mode 100644 compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-metrics-reader.yaml delete mode 100644 compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-proxy-role.yaml delete mode 100644 compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrolebinding_appcat-sliexporter-appcat-sli-exporter.yaml delete mode 100644 compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrolebinding_appcat-sliexporter-proxy-rolebinding.yaml delete mode 100644 compiled/appcat/appcat/sli_exporter/v1_namespace_appcat-slos.yaml delete mode 100644 compiled/appcat/appcat/sli_exporter/v1_service_appcat-sliexporter-controller-manager-metrics-service.yaml delete mode 100644 compiled/appcat/appcat/sli_exporter/v1_serviceaccount_appcat-sliexporter-controller-manager.yaml delete mode 100644 compiled/appcat/appcat/statefuleset-resize-controller.yaml delete mode 100644 compiled/appcat/apps/appcat.yaml delete mode 160000 dependencies/appcat-apiserver/manifests/v0.1.2 delete mode 160000 dependencies/appcat/manifests/statefulset-resize-controller/v0.3.0 delete mode 160000 dependencies/appcat/manifests/v4.34.0 delete mode 100644 vendor/lib/crossplane.libsonnet diff --git a/compiled/appcat/appcat/10_appcat_billing_recording_rule.yaml b/compiled/appcat/appcat/10_appcat_billing_recording_rule.yaml deleted file mode 100644 index 3e7109308..000000000 --- a/compiled/appcat/appcat/10_appcat_billing_recording_rule.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - annotations: {} - labels: - name: appcat-billing - name: appcat-billing - namespace: syn-appcat -spec: - groups: - - name: appcat-billing-rules - rules: - - expr: | - sum by (label_appcat_vshn_io_claim_namespace,label_appcat_vshn_io_sla,product,provider,architecture, category, claim_namespace,tenant_id) ( - # Sum values over one hour and get mean - sum_over_time( - # Udpate label product: $product:$provider:$tenant_id:$claim_namespace:$architecture - label_join( - # Add label category: $provider:$claim_namespace - label_join( - # Add label architecture: $SLA, where $SLA is the content of label appcat.vshn.io/sla - label_replace( - # Add label provider: vshn - label_replace( - # Add label product: postgres - label_replace( - # Default appcat.vshn.io/sla to besteffort if it is not set - label_replace( - # Copy label appcat.vshn.io/namespace to label claim_namespace - label_replace( - # Populate tenant_id - label_replace( - # Fetch all namespaces with label label_appuio_io_billing_name=~"appcat-.+" - kube_namespace_labels{ label_appuio_io_billing_name=~"appcat-.+"} * - on (namespace) group_right(label_appuio_io_organization,label_appcat_vshn_io_claim_namespace,label_appcat_vshn_io_sla, label_appuio_io_billing_name) - kube_pod_info{created_by_kind!="Job"}, - "tenant_id", - "t-silent-test-1234", - "", - "" - - ), - "claim_namespace", - "$1", - "label_appcat_vshn_io_claim_namespace", - "(.*)" - ), - "label_appcat_vshn_io_sla", - "besteffort", - "label_appcat_vshn_io_sla", - "^$" - ), - "product", - "appcat_$1", - "label_appuio_io_billing_name", - "appcat-(.+)" - ), - "provider", - "vshn", - "", - "" - ), - "sla", - "$1", - "label_appcat_vshn_io_sla", - "(.*)" - ), - "category", - ":", - "provider", - "claim_namespace" - ), - "product", - ":", - "product", - "provider", - "tenant_id", - "claim_namespace", - "sla" - # other billing queries have [59m:1m] here. This is due to some - # obscure discrepancies between how the cloud-reporting evaluates the query - # and how the GUI/recording rules evaluate the query. - )[60m:1m] - )/60 ) - record: appcat:billing diff --git a/compiled/appcat/appcat/10_appcat_maintenance_recording_rule.yaml b/compiled/appcat/appcat/10_appcat_maintenance_recording_rule.yaml deleted file mode 100644 index 534448600..000000000 --- a/compiled/appcat/appcat/10_appcat_maintenance_recording_rule.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - annotations: {} - labels: - name: appcat-maintenance - name: appcat-maintenance - namespace: syn-appcat -spec: - groups: - - name: appcat-cluster-maintenance - rules: - - expr: max(max_over_time(openshift_upgrade_controller_upgradejob_state{state="active"}[10m])) - or vector(0) - record: appcat:cluster:maintenance diff --git a/compiled/appcat/appcat/10_appcat_namespace.yaml b/compiled/appcat/appcat/10_appcat_namespace.yaml deleted file mode 100644 index 5ec3065df..000000000 --- a/compiled/appcat/appcat/10_appcat_namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - annotations: {} - labels: - name: syn-appcat - openshift.io/cluster-monitoring: 'true' - name: syn-appcat diff --git a/compiled/appcat/appcat/10_clusterrole_services_read.yaml b/compiled/appcat/appcat/10_clusterrole_services_read.yaml deleted file mode 100644 index a2c3bdfe5..000000000 --- a/compiled/appcat/appcat/10_clusterrole_services_read.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - labels: - name: appcat-services-read - name: appcat:services:read -rules: - - apiGroups: - - '' - resources: - - pods - - pods/log - - pods/status - - events - - services - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - pods/portforward - verbs: - - get - - list - - create - - apiGroups: - - '' - - project.openshift.io - resources: - - projects - verbs: - - get diff --git a/compiled/appcat/appcat/10_clusterrole_view.yaml b/compiled/appcat/appcat/10_clusterrole_view.yaml deleted file mode 100644 index b107c243a..000000000 --- a/compiled/appcat/appcat/10_clusterrole_view.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - labels: - rbac.authorization.k8s.io/aggregate-to-admin: 'true' - rbac.authorization.k8s.io/aggregate-to-edit: 'true' - rbac.authorization.k8s.io/aggregate-to-view: 'true' - name: appcat:browse -rules: - - apiGroups: - - apiextensions.crossplane.io - resources: - - compositions - - compositionrevisions - - compositeresourcedefinitions - verbs: - - get - - list - - watch diff --git a/compiled/appcat/appcat/10_mailgun_secret.yaml b/compiled/appcat/appcat/10_mailgun_secret.yaml deleted file mode 100644 index 3f3808429..000000000 --- a/compiled/appcat/appcat/10_mailgun_secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -data: {} -kind: Secret -metadata: - annotations: {} - labels: - name: mailgun-smtp-credentials - name: mailgun-smtp-credentials - namespace: syn-appcat -stringData: - password: whatever -type: Opaque diff --git a/compiled/appcat/appcat/10_namespace_vshn_control.yaml b/compiled/appcat/appcat/10_namespace_vshn_control.yaml deleted file mode 100644 index e2ca65a95..000000000 --- a/compiled/appcat/appcat/10_namespace_vshn_control.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - annotations: {} - labels: - name: syn-appcat-control - name: syn-appcat-control diff --git a/compiled/appcat/appcat/10_provider_helm.yaml b/compiled/appcat/appcat/10_provider_helm.yaml deleted file mode 100644 index 9e537bf7e..000000000 --- a/compiled/appcat/appcat/10_provider_helm.yaml +++ /dev/null @@ -1,136 +0,0 @@ -apiVersion: pkg.crossplane.io/v1 -kind: Provider -metadata: - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - argocd.argoproj.io/sync-wave: '10' - labels: - name: helm - name: helm -spec: - controllerConfigRef: - name: helm - package: xpkg.upbound.io/crossplane-contrib/provider-helm:v0.15.0 ---- -apiVersion: pkg.crossplane.io/v1alpha1 -kind: ControllerConfig -metadata: - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - argocd.argoproj.io/sync-wave: '10' - labels: - name: helm - name: helm -spec: - serviceAccountName: provider-helm ---- -apiVersion: helm.crossplane.io/v1beta1 -kind: ProviderConfig -metadata: - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - argocd.argoproj.io/sync-wave: '10' - labels: - name: helm - name: helm -spec: - credentials: - source: InjectedIdentity ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - name: provider-helm - name: provider-helm - namespace: syn-crossplane ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - labels: - name: crossplane-provider-provider-helm-system-custom - name: crossplane:provider:provider-helm:system:custom -rules: - - apiGroups: - - helm.crossplane.io - resources: - - '*' - verbs: - - get - - list - - watch - - update - - patch - - create - - delete - - apiGroups: - - '' - resources: - - namespaces - - serviceaccounts - - services - - persistentvolumeclaims - verbs: - - get - - list - - watch - - create - - watch - - patch - - update - - delete - - apiGroups: - - apps - resources: - - statefulsets - - deployments - verbs: - - get - - list - - watch - - create - - watch - - patch - - update - - delete - - apiGroups: - - networking.k8s.io - resources: - - networkpolicies - verbs: - - get - - list - - watch - - update - - patch - - create - - delete - - apiGroups: - - batch - resources: - - jobs - verbs: - - get - - list - - watch - - create - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - labels: - name: crossplane-provider-provider-helm-system-custom - name: crossplane:provider:provider-helm:system:custom -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: crossplane:provider:provider-helm:system:custom -subjects: - - kind: ServiceAccount - name: provider-helm - namespace: syn-crossplane diff --git a/compiled/appcat/appcat/10_provider_kubernetes.yaml b/compiled/appcat/appcat/10_provider_kubernetes.yaml deleted file mode 100644 index 5d62bf97a..000000000 --- a/compiled/appcat/appcat/10_provider_kubernetes.yaml +++ /dev/null @@ -1,289 +0,0 @@ -apiVersion: pkg.crossplane.io/v1 -kind: Provider -metadata: - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - argocd.argoproj.io/sync-wave: '10' - labels: - name: kubernetes - name: kubernetes -spec: - controllerConfigRef: - name: kubernetes - package: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.9.0 ---- -apiVersion: pkg.crossplane.io/v1alpha1 -kind: ControllerConfig -metadata: - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - argocd.argoproj.io/sync-wave: '10' - labels: - name: kubernetes - name: kubernetes -spec: - serviceAccountName: provider-kubernetes ---- -apiVersion: kubernetes.crossplane.io/v1alpha1 -kind: ProviderConfig -metadata: - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - argocd.argoproj.io/sync-wave: '10' - labels: - name: kubernetes - name: kubernetes -spec: - credentials: - source: InjectedIdentity ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - name: provider-kubernetes - name: provider-kubernetes - namespace: syn-crossplane ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - labels: - name: crossplane-provider-provider-kubernetes-system-custom - name: crossplane:provider:provider-kubernetes:system:custom -rules: - - apiGroups: - - kubernetes.crossplane.io - resources: - - '*' - verbs: - - get - - list - - watch - - update - - patch - - create - - delete - - apiGroups: - - helm.crossplane.io - resources: - - releases - verbs: - - get - - list - - watch - - update - - patch - - create - - delete - - apiGroups: - - '' - - coordination.k8s.io - resources: - - secrets - - configmaps - - events - - leases - verbs: - - '*' - - apiGroups: - - '' - resources: - - namespaces - - serviceaccounts - - secrets - - pods - - pods/log - - pods/portforward - - pods/status - - services - verbs: - - get - - list - - watch - - create - - watch - - patch - - update - - delete - - apiGroups: - - apps - resources: - - statefulsets/scale - verbs: - - update - - patch - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - get - - delete - - watch - - list - - apiGroups: - - rbac.authorization.k8s.io - resourceNames: - - appcat:services:read - resources: - - clusterroles - verbs: - - bind - - apiGroups: - - stackgres.io - resources: - - sginstanceprofiles - - sgclusters - - sgpgconfigs - - sgobjectstorages - - sgbackups - - sgdbops - verbs: - - get - - list - - watch - - update - - patch - - create - - delete - - apiGroups: - - networking.k8s.io - resources: - - networkpolicies - verbs: - - get - - list - - watch - - update - - patch - - create - - delete - - apiGroups: - - appcat.vshn.io - resources: - - xobjectbuckets - verbs: - - get - - list - - watch - - update - - patch - - create - - delete - - apiGroups: - - cert-manager.io - resources: - - issuers - - certificates - verbs: - - get - - list - - watch - - update - - patch - - create - - delete - - apiGroups: - - batch - resources: - - jobs - - cronjobs - verbs: - - get - - list - - watch - - update - - patch - - create - - delete - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - roles - - rolebindings - verbs: - - get - - list - - watch - - update - - patch - - create - - delete - - apiGroups: - - vshn.appcat.vshn.io - resources: - - vshnpostgresqls - verbs: - - get - - update - - apiGroups: - - vshn.appcat.vshn.io - resources: - - vshnredis - verbs: - - get - - update - - apiGroups: - - monitoring.coreos.com - resources: - - prometheusrules - - podmonitors - - alertmanagerconfigs - verbs: - - get - - list - - watch - - update - - patch - - create - - delete - - apiGroups: - - k8up.io - resources: - - schedules - verbs: - - get - - list - - watch - - update - - patch - - create - - delete - - apiGroups: - - k8up.io - resources: - - snapshots - verbs: - - get - - apiGroups: - - minio.crossplane.io - resources: - - providerconfigs - verbs: - - get - - list - - watch - - update - - patch - - create - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - labels: - name: crossplane-provider-provider-kubernetes-system-custom - name: crossplane:provider:provider-kubernetes:system:custom -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: crossplane:provider:provider-kubernetes:system:custom -subjects: - - kind: ServiceAccount - name: provider-kubernetes - namespace: syn-crossplane diff --git a/compiled/appcat/appcat/10_rbac_helm_service_maintenance_cluster_role.yaml b/compiled/appcat/appcat/10_rbac_helm_service_maintenance_cluster_role.yaml deleted file mode 100644 index 9e7df4dc7..000000000 --- a/compiled/appcat/appcat/10_rbac_helm_service_maintenance_cluster_role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - labels: - name: crossplane-appcat-job-helm-maintenance - name: crossplane:appcat:job:helm:maintenance -rules: - - apiGroups: - - helm.crossplane.io - resources: - - releases - verbs: - - patch - - get - - list - - watch - - update diff --git a/compiled/appcat/appcat/10_rbac_helm_service_maintenance_cluster_role_binding.yaml b/compiled/appcat/appcat/10_rbac_helm_service_maintenance_cluster_role_binding.yaml deleted file mode 100644 index 19c9a3224..000000000 --- a/compiled/appcat/appcat/10_rbac_helm_service_maintenance_cluster_role_binding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - labels: - name: crossplane-appcat-job-helm-maintenance - name: crossplane:appcat:job:helm:maintenance -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: crossplane:appcat:job:helm:maintenance -subjects: - - kind: ServiceAccount - name: helm-based-service-maintenance - namespace: syn-appcat-control diff --git a/compiled/appcat/appcat/10_rbac_helm_service_maintenance_sa.yaml b/compiled/appcat/appcat/10_rbac_helm_service_maintenance_sa.yaml deleted file mode 100644 index fbd75e4f7..000000000 --- a/compiled/appcat/appcat/10_rbac_helm_service_maintenance_sa.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - name: helm-based-service-maintenance - name: helm-based-service-maintenance - namespace: syn-appcat-control diff --git a/compiled/appcat/appcat/20_rbac_vshn_minio.yaml b/compiled/appcat/appcat/20_rbac_vshn_minio.yaml deleted file mode 100644 index e09b3c14a..000000000 --- a/compiled/appcat/appcat/20_rbac_vshn_minio.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - labels: - rbac.authorization.k8s.io/aggregate-to-view: 'true' - name: appcat:composite:xvshnminios.vshn.appcat.vshn.io:claim-view -rules: - - apiGroups: - - vshn.appcat.vshn.io - resources: - - vshnminios - - vshnminios/status - - vshnminios/finalizers - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - labels: - rbac.authorization.k8s.io/aggregate-to-admin: 'true' - rbac.authorization.k8s.io/aggregate-to-edit: 'true' - name: appcat:composite:xvshnminios.vshn.appcat.vshn.io:claim-edit -rules: - - apiGroups: - - vshn.appcat.vshn.io - resources: - - vshnminios - - vshnminios/status - - vshnminios/finalizers - verbs: - - '*' diff --git a/compiled/appcat/appcat/20_xrd_vshn_minio.yaml b/compiled/appcat/appcat/20_xrd_vshn_minio.yaml deleted file mode 100644 index 2fb9595e1..000000000 --- a/compiled/appcat/appcat/20_xrd_vshn_minio.yaml +++ /dev/null @@ -1,226 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: CompositeResourceDefinition -metadata: - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - argocd.argoproj.io/sync-wave: '10' - labels: - name: xvshnminios.vshn.appcat.vshn.io - name: xvshnminios.vshn.appcat.vshn.io -spec: - claimNames: - kind: VSHNMinio - plural: vshnminios - connectionSecretKeys: - - MINIO_URL - - AWS_SECRET_ACCESS_KEY - - AWS_ACCESS_KEY_ID - defaultCompositionRef: - name: vshnminio.vshn.appcat.vshn.io - group: vshn.appcat.vshn.io - names: - kind: XVSHNMinio - plural: xvshnminios - versions: - - name: v1 - referenceable: true - schema: - openAPIV3Schema: - description: VSHNMinio is the API for creating Minio instances. - properties: - spec: - description: Spec defines the desired state of a VSHNMinio. - properties: - parameters: - default: {} - description: Parameters are the configurable fields of a VSHNMinio. - properties: - backup: - default: {} - description: Backup contains settings to control how the instance - should get backed up. - properties: - retention: - description: K8upRetentionPolicy describes the retention - configuration for a K8up backup. - properties: - keepDaily: - default: 6 - type: integer - keepHourly: - type: integer - keepLast: - type: integer - keepMonthly: - type: integer - keepWeekly: - type: integer - keepYearly: - type: integer - type: object - schedule: - pattern: ^(\*|([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])|\*\/([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])) - (\*|([0-9]|1[0-9]|2[0-3])|\*\/([0-9]|1[0-9]|2[0-3])) (\*|([1-9]|1[0-9]|2[0-9]|3[0-1])|\*\/([1-9]|1[0-9]|2[0-9]|3[0-1])) - (\*|([1-9]|1[0-2])|\*\/([1-9]|1[0-2])) (\*|([0-6])|\*\/([0-6]))$ - type: string - type: object - instances: - default: 4 - description: Instances configures the number of Minio instances - for the cluster. Each instance contains one Minio server. - minimum: 4 - type: integer - maintenance: - description: Maintenance contains settings to control the maintenance - of an instance. - properties: - dayOfWeek: - description: DayOfWeek specifies at which weekday the maintenance - is held place. Allowed values are [monday, tuesday, wednesday, - thursday, friday, saturday, sunday] - enum: - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - - sunday - type: string - timeOfDay: - description: 'TimeOfDay for installing updates in UTC. Format: - "hh:mm:ss".' - pattern: ^([0-1]?[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$ - type: string - type: object - restore: - description: Restore contains settings to control the restore - of an instance. - properties: - backupName: - description: BackupName is the name of the specific backup - you want to restore. - type: string - claimName: - description: ClaimName specifies the name of the instance - you want to restore from. The claim has to be in the same - namespace as this new instance. - type: string - type: object - service: - description: Service contains the Minio specific configurations - properties: - mode: - default: distributed - description: Mode configures the mode of MinIO. Valid values - are "distributed" and "standalone". - enum: - - distributed - - standalone - type: string - type: object - size: - default: {} - description: Size contains settings to control the sizing of - a service. - properties: - cpu: - description: CPU defines the amount of Kubernetes CPUs for - an instance. - type: string - disk: - description: Disk defines the amount of disk space for an - instance. - type: string - memory: - description: Memory defines the amount of memory in units - of bytes for an instance. - type: string - plan: - default: standard-1 - description: | - Plan is the name of the resource plan that defines the compute resources. - - The following plans are available: - - standard-1 - CPU: 1; Memory: 1Gi; Disk: 50Gi - enum: - - standard-1 - type: string - requests: - description: Requests defines CPU and memory requests for - an instance - properties: - cpu: - description: CPU defines the amount of Kubernetes CPUs - for an instance. - type: string - memory: - description: Memory defines the amount of memory in - units of bytes for an instance. - type: string - type: object - type: object - storageClass: - description: StorageClass configures the storageClass to use - for the PVC used by MinIO. - type: string - type: object - type: object - status: - description: Status reflects the observed state of a VSHNMinio. - properties: - instanceNamespace: - description: InstanceNamespace contains the name of the namespace - where the instance resides - type: string - namespaceConditions: - description: MinioConditions contains the status conditions of the - backing object. - items: - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human-readable message indicating - details about the transition. - maxLength: 32768 - type: string - observedGeneration: - description: ObservedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: Reason contains a programmatic identifier indicating - the reason for the condition's last transition. - maxLength: 1024 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: Status of the condition, one of True, False, - Unknown. - enum: - - 'True' - - 'False' - - Unknown - type: string - type: - description: Type of condition. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - type: object - type: array - type: object - required: - - spec - type: object - served: true diff --git a/compiled/appcat/appcat/21_composition_vshn_minio.yaml b/compiled/appcat/appcat/21_composition_vshn_minio.yaml deleted file mode 100644 index 90075b948..000000000 --- a/compiled/appcat/appcat/21_composition_vshn_minio.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: Composition -metadata: - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - argocd.argoproj.io/sync-wave: '10' - metadata.appcat.vshn.io/description: Minio instances by VSHN - metadata.appcat.vshn.io/displayname: Minio by VSHN - metadata.appcat.vshn.io/end-user-docs-url: https://vs.hn/vshn-minio - metadata.appcat.vshn.io/flavor: distributed - metadata.appcat.vshn.io/plans: '{"standard-1":{"size":{"cpu":"1","disk":"50Gi","enabled":true,"memory":"1Gi"}}}' - metadata.appcat.vshn.io/product-description: https://products.docs.vshn.ch/products/appcat/minio.html - labels: - metadata.appcat.vshn.io/offered: 'false' - metadata.appcat.vshn.io/serviceID: vshn-minio - name: vshnminio.vshn.appcat.vshn.io - name: vshnminio.vshn.appcat.vshn.io -spec: - compositeTypeRef: - apiVersion: vshn.appcat.vshn.io/v1 - kind: XVSHNMinio - functions: - - config: - apiVersion: v1 - data: - controlNamespace: syn-appcat-control - defaultPlan: standard-1 - imageTag: v4.34.0 - maintenanceSA: helm-based-service-maintenance - minioChartRepository: https://charts.min.io - minioChartVersion: 5.0.13 - plans: '{"standard-1": {"size": {"cpu": "1", "disk": "50Gi", "enabled": - true, "memory": "1Gi"}}}' - providerEnabled: 'false' - kind: ConfigMap - metadata: - labels: - name: xfn-config - name: xfn-config - container: - image: minio - imagePullPolicy: IfNotPresent - runner: - endpoint: 172.18.0.1:9547 - timeout: 20s - name: minio-func - type: Container - writeConnectionSecretsToNamespace: syn-crossplane diff --git a/compiled/appcat/appcat/apiserver/10_apiserver_envs.yaml b/compiled/appcat/appcat/apiserver/10_apiserver_envs.yaml deleted file mode 100644 index 2e308c878..000000000 --- a/compiled/appcat/appcat/apiserver/10_apiserver_envs.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -data: - APPCAT_HANDLER_ENABLED: 'true' - VSHN_POSTGRES_BACKUP_HANDLER_ENABLED: 'true' - VSHN_REDIS_BACKUP_HANDLER_ENABLED: 'true' -kind: ConfigMap -metadata: - labels: - api: appcat - apiserver: 'true' - name: apiserver-envs - namespace: appcat-apiserver diff --git a/compiled/appcat/appcat/apiserver/10_cluster_role_api_server.yaml b/compiled/appcat/appcat/apiserver/10_cluster_role_api_server.yaml deleted file mode 100644 index 78a2445f9..000000000 --- a/compiled/appcat/appcat/apiserver/10_cluster_role_api_server.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: appcat -rules: - - apiGroups: - - '' - resourceNames: - - extension-apiserver-authentication - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - namespaces - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.crossplane.io - resources: - - compositions - verbs: - - get - - list - - watch - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - k8up.io - resources: - - snapshots - verbs: - - get - - list - - watch - - apiGroups: - - stackgres.io - resources: - - sgbackups - verbs: - - get - - list - - watch - - apiGroups: - - vshn.appcat.vshn.io - resources: - - vshnredis - - xvshnpostgresqls - verbs: - - get - - list - - watch diff --git a/compiled/appcat/appcat/apiserver/10_cluster_role_basic_users.yaml b/compiled/appcat/appcat/apiserver/10_cluster_role_basic_users.yaml deleted file mode 100644 index d88a538b2..000000000 --- a/compiled/appcat/appcat/apiserver/10_cluster_role_basic_users.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - labels: - authorization.openshift.io/aggregate-to-basic-user: 'true' - name: system-test-distribution-aggregate-appcat-to-basic-user - name: system:test-distribution:aggregate-appcat-to-basic-user -rules: - - apiGroups: - - api.appcat.vshn.io - resources: - - appcats - verbs: - - get - - list - - watch diff --git a/compiled/appcat/appcat/apiserver/10_cluster_role_binding.yaml b/compiled/appcat/appcat/apiserver/10_cluster_role_binding.yaml deleted file mode 100644 index a5e26b0c9..000000000 --- a/compiled/appcat/appcat/apiserver/10_cluster_role_binding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - labels: - name: appcat - name: appcat -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: appcat -subjects: - - kind: ServiceAccount - name: appcat-apiserver - namespace: appcat-apiserver diff --git a/compiled/appcat/appcat/apiserver/10_cluster_role_view.yaml b/compiled/appcat/appcat/apiserver/10_cluster_role_view.yaml deleted file mode 100644 index cbb1dfab6..000000000 --- a/compiled/appcat/appcat/apiserver/10_cluster_role_view.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - labels: - name: appcat-api-view - rbac.authorization.k8s.io/aggregate-to-view: 'true' - name: appcat:api:view -rules: - - apiGroups: - - api.appcat.vshn.io - resources: - - vshnpostgresbackups - - vshnredisbackups - verbs: - - get - - list - - watch diff --git a/compiled/appcat/appcat/apiserver/20_service_account.yaml b/compiled/appcat/appcat/apiserver/20_service_account.yaml deleted file mode 100644 index da1654252..000000000 --- a/compiled/appcat/appcat/apiserver/20_service_account.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: appcat-apiserver - namespace: appcat-apiserver diff --git a/compiled/appcat/appcat/apiserver/30_api_service.yaml b/compiled/appcat/appcat/apiserver/30_api_service.yaml deleted file mode 100644 index 5ee968325..000000000 --- a/compiled/appcat/appcat/apiserver/30_api_service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - annotations: - cert-manager.io/inject-ca-from: appcat-apiserver/apiserver-certificate - labels: - api: appcat - apiserver: 'true' - name: v1.api.appcat.vshn.io -spec: - group: api.appcat.vshn.io - groupPriorityMinimum: 2000 - service: - name: appcat - namespace: appcat-apiserver - version: v1 - versionPriority: 10 diff --git a/compiled/appcat/appcat/apiserver/30_deployment.yaml b/compiled/appcat/appcat/apiserver/30_deployment.yaml deleted file mode 100644 index 7e442824e..000000000 --- a/compiled/appcat/appcat/apiserver/30_deployment.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - api: appcat - apiserver: 'true' - name: appcat-apiserver - namespace: appcat-apiserver -spec: - replicas: 1 - selector: - matchLabels: - api: appcat - apiserver: 'true' - template: - metadata: - labels: - api: appcat - apiserver: 'true' - spec: - containers: - - args: - - apiserver - - --audit-log-maxage=0 - - --audit-log-maxbackup=0 - - --audit-log-path=- - - --feature-gates=APIPriorityAndFairness=false - - --secure-port=9443 - - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - env: [] - envFrom: - - configMapRef: - name: apiserver-envs - image: ghcr.io/vshn/appcat-apiserver:v0.1.2 - name: apiserver - resources: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 100m - memory: 50Mi - volumeMounts: - - mountPath: /apiserver.local.config/certificates - name: apiserver-certs - readOnly: true - serviceAccountName: appcat-apiserver - volumes: - - name: apiserver-certs - secret: - secretName: appcat-apiserver-tls diff --git a/compiled/appcat/appcat/apiserver/30_service.yaml b/compiled/appcat/appcat/apiserver/30_service.yaml deleted file mode 100644 index 578bfed39..000000000 --- a/compiled/appcat/appcat/apiserver/30_service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - api: appcat - apiserver: 'true' - name: appcat - namespace: appcat-apiserver -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 9443 - selector: - api: appcat - apiserver: 'true' diff --git a/compiled/appcat/appcat/apiserver/31_api_certificate.yaml b/compiled/appcat/appcat/apiserver/31_api_certificate.yaml deleted file mode 100644 index 02bd07549..000000000 --- a/compiled/appcat/appcat/apiserver/31_api_certificate.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: apiserver-certificate - namespace: appcat-apiserver -spec: - dnsNames: - - appcat.appcat-apiserver.svc - duration: 87600h0m0s - issuerRef: - group: cert-manager.io - kind: Issuer - name: api-server-issuer - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 4096 - renewBefore: 2400h0m0s - secretName: appcat-apiserver-tls - subject: - organizations: - - vshn-appcat - usages: - - server auth - - client auth diff --git a/compiled/appcat/appcat/apiserver/31_api_issuer.yaml b/compiled/appcat/appcat/apiserver/31_api_issuer.yaml deleted file mode 100644 index 2531c0713..000000000 --- a/compiled/appcat/appcat/apiserver/31_api_issuer.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: api-server-issuer - namespace: appcat-apiserver -spec: - selfSigned: {} diff --git a/compiled/appcat/appcat/controllers/appcat/10_cluster_role.yaml b/compiled/appcat/appcat/controllers/appcat/10_cluster_role.yaml deleted file mode 100644 index 50ca69f8f..000000000 --- a/compiled/appcat/appcat/controllers/appcat/10_cluster_role.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: appcat-controller -rules: - - apiGroups: - - vshn.appcat.vshn.io - resources: - - xvshnpostgresqls - - xvshnpostgresqls/finalizers - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - kubernetes.crossplane.io - resources: - - objects - verbs: - - delete - - apiGroups: - - '' - resources: - - namespaces - - configmaps - verbs: - - get - - update - - list - - watch - - delete diff --git a/compiled/appcat/appcat/controllers/appcat/10_cluster_role_binding.yaml b/compiled/appcat/appcat/controllers/appcat/10_cluster_role_binding.yaml deleted file mode 100644 index c3fcdc368..000000000 --- a/compiled/appcat/appcat/controllers/appcat/10_cluster_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: appcat-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: appcat-controller -subjects: - - kind: ServiceAccount - name: appcat-controller - namespace: syn-appcat diff --git a/compiled/appcat/appcat/controllers/appcat/10_pg_webhooks.yaml b/compiled/appcat/appcat/controllers/appcat/10_pg_webhooks.yaml deleted file mode 100644 index 2d43785d0..000000000 --- a/compiled/appcat/appcat/controllers/appcat/10_pg_webhooks.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: syn-appcat/webhook-certificate - creationTimestamp: null - name: appcat-pg-validation -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: syn-appcat - path: /validate-vshn-appcat-vshn-io-v1-vshnpostgresql - failurePolicy: Fail - name: postgresql.vshn.appcat.vshn.io - rules: - - apiGroups: - - vshn.appcat.vshn.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - vshnpostgresqls - sideEffects: None diff --git a/compiled/appcat/appcat/controllers/appcat/10_redis_webhooks.yaml b/compiled/appcat/appcat/controllers/appcat/10_redis_webhooks.yaml deleted file mode 100644 index 27d097ded..000000000 --- a/compiled/appcat/appcat/controllers/appcat/10_redis_webhooks.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: syn-appcat/webhook-certificate - creationTimestamp: null - name: appcat-redis-validation -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: syn-appcat - path: /validate-vshn-appcat-vshn-io-v1-vshnredis - failurePolicy: Fail - name: vshnredis.vshn.appcat.vshn.io - rules: - - apiGroups: - - vshn.appcat.vshn.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - vshnredis - sideEffects: None diff --git a/compiled/appcat/appcat/controllers/appcat/10_role_binding_leader_election.yaml b/compiled/appcat/appcat/controllers/appcat/10_role_binding_leader_election.yaml deleted file mode 100644 index bfff674b0..000000000 --- a/compiled/appcat/appcat/controllers/appcat/10_role_binding_leader_election.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: appcat-controller-leader-election-rolebinding - namespace: syn-appcat -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: appcat-controller-leader-election-role -subjects: - - kind: ServiceAccount - name: appcat-controller - namespace: syn-appcat diff --git a/compiled/appcat/appcat/controllers/appcat/10_role_leader_election.yaml b/compiled/appcat/appcat/controllers/appcat/10_role_leader_election.yaml deleted file mode 100644 index 99db74fb8..000000000 --- a/compiled/appcat/appcat/controllers/appcat/10_role_leader_election.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: appcat-controller-leader-election-role - namespace: syn-appcat -rules: - - apiGroups: - - '' - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - '' - resources: - - events - verbs: - - create - - patch diff --git a/compiled/appcat/appcat/controllers/appcat/10_webhook_certificate.yaml b/compiled/appcat/appcat/controllers/appcat/10_webhook_certificate.yaml deleted file mode 100644 index 795cdab8f..000000000 --- a/compiled/appcat/appcat/controllers/appcat/10_webhook_certificate.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: webhook-certificate - namespace: syn-appcat -spec: - dnsNames: - - webhook-service.syn-appcat.svc - duration: 87600h0m0s - issuerRef: - group: cert-manager.io - kind: Issuer - name: webhook-server-issuer - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 4096 - renewBefore: 2400h0m0s - secretName: webhook-cert - subject: - organizations: - - vshn-appcat - usages: - - server auth - - client auth diff --git a/compiled/appcat/appcat/controllers/appcat/10_webhook_issuer.yaml b/compiled/appcat/appcat/controllers/appcat/10_webhook_issuer.yaml deleted file mode 100644 index 990e0aca7..000000000 --- a/compiled/appcat/appcat/controllers/appcat/10_webhook_issuer.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: webhook-server-issuer - namespace: syn-appcat -spec: - selfSigned: {} diff --git a/compiled/appcat/appcat/controllers/appcat/10_webhook_service.yaml b/compiled/appcat/appcat/controllers/appcat/10_webhook_service.yaml deleted file mode 100644 index baa4924f3..000000000 --- a/compiled/appcat/appcat/controllers/appcat/10_webhook_service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: webhook-service - namespace: syn-appcat -spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: 9443 - selector: - appcat-controller: appcat-controller diff --git a/compiled/appcat/appcat/controllers/appcat/20_service_account.yaml b/compiled/appcat/appcat/controllers/appcat/20_service_account.yaml deleted file mode 100644 index 3aee318d9..000000000 --- a/compiled/appcat/appcat/controllers/appcat/20_service_account.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: appcat-controller - namespace: syn-appcat diff --git a/compiled/appcat/appcat/controllers/appcat/30_deployment.yaml b/compiled/appcat/appcat/controllers/appcat/30_deployment.yaml deleted file mode 100644 index b2e495054..000000000 --- a/compiled/appcat/appcat/controllers/appcat/30_deployment.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - appcat-controller: appcat-controller - name: appcat-controller - namespace: syn-appcat -spec: - replicas: 2 - selector: - matchLabels: - appcat-controller: appcat-controller - template: - metadata: - labels: - appcat-controller: appcat-controller - spec: - containers: - - args: - - controller - - --leader-elect - - --quotas=false - env: - - name: PLANS_NAMESPACE - value: syn-appcat - image: ghcr.io/vshn/appcat:v4.34.0 - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 100m - memory: 50Mi - volumeMounts: - - mountPath: /etc/webhook/certs - name: webhook-certs - securityContext: - runAsNonRoot: true - serviceAccountName: appcat-controller - terminationGracePeriodSeconds: 10 - volumes: - - name: webhook-certs - secret: - secretName: webhook-cert diff --git a/compiled/appcat/appcat/sla_reporter/01_cronjob.yaml b/compiled/appcat/appcat/sla_reporter/01_cronjob.yaml deleted file mode 100644 index 6358d8b55..000000000 --- a/compiled/appcat/appcat/sla_reporter/01_cronjob.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: batch/v1 -kind: CronJob -metadata: - annotations: {} - labels: - name: appcat-sla-reporter - name: appcat-sla-reporter - namespace: appcat-slos -spec: - concurrencyPolicy: Forbid - failedJobsHistoryLimit: 3 - jobTemplate: - spec: - completions: 1 - parallelism: 1 - template: - metadata: - labels: - name: appcat-sla-reporter - spec: - containers: - - args: - - slareport - - --previousmonth - - --mimirorg - - appuio-managed-openshift-metrics - env: - - name: PROM_URL - value: http://vshn-appuio-mimir-query-frontend.vshn-appuio-mimir.svc.cluster.local:8080/prometheus - envFrom: - - secretRef: - name: appcat-sla-reports-creds - image: ghcr.io/vshn/appcat:v4.34.0 - name: sla-reporter - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 200Mi - imagePullSecrets: [] - initContainers: [] - restartPolicy: OnFailure - terminationGracePeriodSeconds: 30 - volumes: [] - schedule: 0 9 1 * * - successfulJobsHistoryLimit: 0 diff --git a/compiled/appcat/appcat/sla_reporter/02_object_bucket.yaml b/compiled/appcat/appcat/sla_reporter/02_object_bucket.yaml deleted file mode 100644 index d4140582e..000000000 --- a/compiled/appcat/appcat/sla_reporter/02_object_bucket.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: appcat.vshn.io/v1 -kind: ObjectBucket -metadata: - annotations: - argocd.argoproj.io/compare-options: IgnoreExtraneous - argocd.argoproj.io/sync-options: Prune=false - name: appcat-sla-reports - namespace: appcat-slos -spec: - parameters: - bucketName: appcat-sla-reports - region: lpg - writeConnectionSecretToRef: - name: appcat-sla-reports-creds diff --git a/compiled/appcat/appcat/sla_reporter/03_network_policy.yaml b/compiled/appcat/appcat/sla_reporter/03_network_policy.yaml deleted file mode 100644 index 8c06f27f0..000000000 --- a/compiled/appcat/appcat/sla_reporter/03_network_policy.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - annotations: {} - labels: - name: allow-from-appcat-slos - name: allow-from-appcat-slos - namespace: vshn-appuio-mimir -spec: - egress: [] - ingress: - - from: - - namespaceSelector: - matchLabels: - name: appcat-slos - podSelector: {} - policyTypes: - - Ingress diff --git a/compiled/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/compiled/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml deleted file mode 100644 index 0a67b8bd2..000000000 --- a/compiled/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - control-plane: controller-manager - name: controller-manager - name: appcat-sliexporter-controller-manager - namespace: appcat-slos -spec: - replicas: 1 - selector: - matchLabels: - control-plane: controller-manager - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - control-plane: controller-manager - spec: - containers: - - args: - - sliprober - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - env: - - name: APPCAT_SLI_VSHNPOSTGRESQL - value: "false" - - name: APPCAT_SLI_VSHNREDIS - value: "false" - image: ghcr.io/vshn/appcat:v4.34.0 - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 200Mi - securityContext: - allowPrivilegeEscalation: false - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - securityContext: - runAsNonRoot: true - serviceAccountName: appcat-sliexporter-controller-manager - terminationGracePeriodSeconds: 10 diff --git a/compiled/appcat/appcat/sli_exporter/monitoring.coreos.com_v1_servicemonitor_appcat-sliexporter-controller-manager-metrics-monitor.yaml b/compiled/appcat/appcat/sli_exporter/monitoring.coreos.com_v1_servicemonitor_appcat-sliexporter-controller-manager-metrics-monitor.yaml deleted file mode 100644 index 726aa1020..000000000 --- a/compiled/appcat/appcat/sli_exporter/monitoring.coreos.com_v1_servicemonitor_appcat-sliexporter-controller-manager-metrics-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - name: appcat-sliexporter-controller-manager-metrics-monitor - namespace: appcat-slos -spec: - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - honorLabels: true - path: /metrics - port: https - scheme: https - tlsConfig: - insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager diff --git a/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-appcat-sli-exporter.yaml b/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-appcat-sli-exporter.yaml deleted file mode 100644 index aea288f1b..000000000 --- a/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-appcat-sli-exporter.yaml +++ /dev/null @@ -1,77 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: appcat-sliexporter-appcat-sli-exporter -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - vshn.appcat.vshn.io - resources: - - vshnpostgresqls - verbs: - - get - - list - - watch -- apiGroups: - - vshn.appcat.vshn.io - resources: - - vshnpostgresqls/status - verbs: - - get -- apiGroups: - - vshn.appcat.vshn.io - resources: - - vshnredis - verbs: - - get - - list - - watch -- apiGroups: - - vshn.appcat.vshn.io - resources: - - vshnredis/status - verbs: - - get -- apiGroups: - - vshn.appcat.vshn.io - resources: - - xvshnpostgresqls - verbs: - - get - - list - - watch -- apiGroups: - - vshn.appcat.vshn.io - resources: - - xvshnpostgresqls/status - verbs: - - get -- apiGroups: - - vshn.appcat.vshn.io - resources: - - xvshnredis - verbs: - - get - - list - - watch -- apiGroups: - - vshn.appcat.vshn.io - resources: - - xvshnredis/status - verbs: - - get diff --git a/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-metrics-reader.yaml b/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-metrics-reader.yaml deleted file mode 100644 index 2e537691f..000000000 --- a/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-metrics-reader.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: appcat-sliexporter-metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get diff --git a/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-proxy-role.yaml b/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-proxy-role.yaml deleted file mode 100644 index 5e8f92f8d..000000000 --- a/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrole_appcat-sliexporter-proxy-role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: appcat-sliexporter-proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrolebinding_appcat-sliexporter-appcat-sli-exporter.yaml b/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrolebinding_appcat-sliexporter-appcat-sli-exporter.yaml deleted file mode 100644 index ab3bd597f..000000000 --- a/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrolebinding_appcat-sliexporter-appcat-sli-exporter.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: appcat-sliexporter-appcat-sli-exporter -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: appcat-sliexporter-appcat-sli-exporter -subjects: -- kind: ServiceAccount - name: appcat-sliexporter-controller-manager - namespace: appcat-slos diff --git a/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrolebinding_appcat-sliexporter-proxy-rolebinding.yaml b/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrolebinding_appcat-sliexporter-proxy-rolebinding.yaml deleted file mode 100644 index f80a89762..000000000 --- a/compiled/appcat/appcat/sli_exporter/rbac.authorization.k8s.io_v1_clusterrolebinding_appcat-sliexporter-proxy-rolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: appcat-sliexporter-proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: appcat-sliexporter-proxy-role -subjects: -- kind: ServiceAccount - name: appcat-sliexporter-controller-manager - namespace: appcat-slos diff --git a/compiled/appcat/appcat/sli_exporter/v1_namespace_appcat-slos.yaml b/compiled/appcat/appcat/sli_exporter/v1_namespace_appcat-slos.yaml deleted file mode 100644 index cf3df2a41..000000000 --- a/compiled/appcat/appcat/sli_exporter/v1_namespace_appcat-slos.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - name: appcat-slos diff --git a/compiled/appcat/appcat/sli_exporter/v1_service_appcat-sliexporter-controller-manager-metrics-service.yaml b/compiled/appcat/appcat/sli_exporter/v1_service_appcat-sliexporter-controller-manager-metrics-service.yaml deleted file mode 100644 index 17a01dc8f..000000000 --- a/compiled/appcat/appcat/sli_exporter/v1_service_appcat-sliexporter-controller-manager-metrics-service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: appcat-sliexporter-controller-manager-metrics-service - namespace: appcat-slos -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager diff --git a/compiled/appcat/appcat/sli_exporter/v1_serviceaccount_appcat-sliexporter-controller-manager.yaml b/compiled/appcat/appcat/sli_exporter/v1_serviceaccount_appcat-sliexporter-controller-manager.yaml deleted file mode 100644 index b6f125cea..000000000 --- a/compiled/appcat/appcat/sli_exporter/v1_serviceaccount_appcat-sliexporter-controller-manager.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: appcat-sliexporter-controller-manager - namespace: appcat-slos diff --git a/compiled/appcat/appcat/statefuleset-resize-controller.yaml b/compiled/appcat/appcat/statefuleset-resize-controller.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/compiled/appcat/apps/appcat.yaml b/compiled/appcat/apps/appcat.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/dependencies/appcat-apiserver/manifests/v0.1.2 b/dependencies/appcat-apiserver/manifests/v0.1.2 deleted file mode 160000 index 13926a313..000000000 --- a/dependencies/appcat-apiserver/manifests/v0.1.2 +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 13926a313dff9533e3f2409b7cdc5a943977ac1a diff --git a/dependencies/appcat/manifests/statefulset-resize-controller/v0.3.0 b/dependencies/appcat/manifests/statefulset-resize-controller/v0.3.0 deleted file mode 160000 index 6335cd6e5..000000000 --- a/dependencies/appcat/manifests/statefulset-resize-controller/v0.3.0 +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 6335cd6e51a98e4d6e1f8fa8f766574dc6b54cd2 diff --git a/dependencies/appcat/manifests/v4.34.0 b/dependencies/appcat/manifests/v4.34.0 deleted file mode 160000 index a3ca24333..000000000 --- a/dependencies/appcat/manifests/v4.34.0 +++ /dev/null @@ -1 +0,0 @@ -Subproject commit a3ca24333b1dd8e3bb4f2119a1a02d3be55d983e diff --git a/vendor/lib/crossplane.libsonnet b/vendor/lib/crossplane.libsonnet deleted file mode 100644 index 226f62d43..000000000 --- a/vendor/lib/crossplane.libsonnet +++ /dev/null @@ -1,80 +0,0 @@ -/** - * \file crossplane.libsonnet - * \brief Helpers to create Crossplane CRs. - * API reference: https://doc.crds.dev/github.com/crossplane/crossplane - */ - -local kube = import 'lib/kube.libjsonnet'; - -// Define Crossplane API versions -local api_version = { - pkg: 'pkg.crossplane.io/v1', - apiextensions: 'apiextensions.crossplane.io/v1', -}; - -local sync_options = { - metadata+: { - annotations+: { - 'argocd.argoproj.io/sync-options': 'SkipDryRunOnMissingResource=true', - 'argocd.argoproj.io/sync-wave': '10', - }, - }, -}; - -{ - api_version: api_version, - - /** - * \brief Helper to create Provider objects. - * - * \arg The name of the Provider. - * \return A Provider object. - */ - Provider(name): - kube._Object(api_version.pkg, 'Provider', name) + sync_options, - - /** - * \brief Helper to create ProviderConfig objects. - * - * \arg The name of the ProviderConfig. - * \return A ProviderConfig object. - */ - ProviderConfig(name): - kube._Object('', 'ProviderConfig', name) + sync_options, - - /** - * \brief Helper to create Configuration objects. - * - * \arg The name of the Configuration. - * \return A Configuration object. - */ - Configuration(name): - kube._Object(api_version.pkg, 'Configuration', name) + sync_options, - - /** - * \brief Helper to create ControllerConfig objects. - * - * \arg The name of the ControllerConfig. - * \return A ControllerConfig object. - */ - ControllerConfig(name): - kube._Object('pkg.crossplane.io/v1alpha1', 'ControllerConfig', name) + sync_options, - - /** - * \brief Helper to create Composition objects. - * - * \arg The name of the Composition. - * \return A Composition object. - */ - Composition(name): - kube._Object(api_version.apiextensions, 'Composition', name) + sync_options, - - /** - * \brief Helper to create CompositeResourceDefinition objects. - * - * \arg The name of the CompositeResourceDefinition. - * \return A CompositeResourceDefinition object. - */ - CompositeResourceDefinition(name): - kube._Object(api_version.apiextensions, 'CompositeResourceDefinition', name) + sync_options, -} From 2f7251aefb2ff8e1ac1f797cdc50a866e46da47b Mon Sep 17 00:00:00 2001 From: "lukasz.widera@vshn.ch" Date: Tue, 10 Oct 2023 11:21:49 +0200 Subject: [PATCH 5/6] removing superfluous variable --- component/component/vshn_redis.jsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/component/component/vshn_redis.jsonnet b/component/component/vshn_redis.jsonnet index 21893ef98..7150ead1a 100644 --- a/component/component/vshn_redis.jsonnet +++ b/component/component/vshn_redis.jsonnet @@ -93,8 +93,8 @@ local restoreRole = kube.ClusterRole(restoreRoleName) { }, ], }; -local helmMonitoringClusterRoleName = 'allow-helm-monitoring-resources'; -local helmMonitoringClusterRole = kube.ClusterRole(helmMonitoringClusterRoleName) { + +local helmMonitoringClusterRole = kube.ClusterRole('allow-helm-monitoring-resources') { rules: [ { apiGroups: [ 'monitoring.coreos.com' ], From 08d689518ecd4eac7bd8989b1f07c46cb68bbd71 Mon Sep 17 00:00:00 2001 From: "lukasz.widera@vshn.ch" Date: Tue, 10 Oct 2023 11:28:22 +0200 Subject: [PATCH 6/6] switching to variable --- component/component/vshn_redis.jsonnet | 2 +- .../golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/component/component/vshn_redis.jsonnet b/component/component/vshn_redis.jsonnet index 7150ead1a..fc46c5036 100644 --- a/component/component/vshn_redis.jsonnet +++ b/component/component/vshn_redis.jsonnet @@ -399,7 +399,7 @@ local composition = metrics: { enabled: true, containerSecurityContext: { - enabled: false, + enabled: securityContext, }, serviceMonitor: { enabled: true, diff --git a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml index 19525974e..85c7a1f2d 100644 --- a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml +++ b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml @@ -701,7 +701,7 @@ spec: memory: '' metrics: containerSecurityContext: - enabled: false + enabled: true enabled: true serviceMonitor: enabled: true