diff --git a/Makefile b/Makefile index f1d6b3d4..16fe7fb4 100644 --- a/Makefile +++ b/Makefile @@ -49,11 +49,10 @@ endif IMG ?= $(IMAGE_TAG_BASE):v$(VERSION) # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -ENVTEST_K8S_VERSION = 1.24 +ENVTEST_K8S_VERSION = 1.27 # KIND_K8S_VERSION refers to the version of the kind k8s cluster for e2e testing. -# OCP 4.11 uses k8s 1.24 -KIND_K8S_VERSION = v1.24.0 +KIND_K8S_VERSION = v1.27.0 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) ifeq (,$(shell go env GOBIN)) @@ -108,14 +107,23 @@ vet: ## Run go vet against code. TEST_PKG = ./api/... ./controllers/... ./pkg/... KUBEBUILDER_ASSETS = "$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" -test: manifests generate fmt vet envtest assets ginkgo ## Run tests. +test/assets/external-apis/crds.yaml: kustomize + mkdir -p $(@D) + $(KUSTOMIZE) build config/dependencies/external-secrets-crds > $@ + echo "---" >> $@ && $(KUSTOMIZE) build config/dependencies/grafana-crds >> $@ + echo "---" >> $@ && $(KUSTOMIZE) build config/dependencies/marin3r-crds >> $@ + echo "---" >> $@ && $(KUSTOMIZE) build config/dependencies/prometheus-crds >> $@ + echo "---" >> $@ && $(KUSTOMIZE) build config/dependencies/tekton-crds >> $@ + +test: manifests generate fmt vet envtest assets ginkgo test/assets/external-apis/crds.yaml ## Run tests. KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) $(GINKGO) -p -r $(TEST_PKG) -coverprofile cover.out -test-debug: manifests generate fmt vet envtest assets ginkgo ## Run tests. +test-debug: manifests generate fmt vet envtest assets ginkgo test/assets/external-apis/crds.yaml ## Run tests. KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) $(GINKGO) -v -r $(TEST_PKG) -coverprofile cover.out +TEST_E2E_DEPLOY = marin3r-crds prometheus-crds tekton-crds grafana-crds external-secrets-crds minio test-e2e: export KUBECONFIG = $(PWD)/kubeconfig -test-e2e: manifests ginkgo kind-create kind-deploy kind-deploy-backup-assets ## Runs e2e tests +test-e2e: manifests ginkgo kind-create $(foreach elem,$(TEST_E2E_DEPLOY),install-$(elem)) kind-deploy-controller kind-load-redis-with-ssh ## Runs e2e tests $(GINKGO) -p -r ./test/e2e $(MAKE) kind-delete @@ -250,41 +258,78 @@ catalog-retag-latest: ##@ Kind Deployment kind-create: export KUBECONFIG = $(PWD)/kubeconfig -kind-create: docker-build kind ## Runs a k8s kind cluster with a local registry in "localhost:5000" and ports 1080 and 1443 exposed to the host - $(KIND) create cluster --wait 5m --image kindest/node:$(KIND_K8S_VERSION) || true +kind-create: kind ## Runs a k8s kind cluster + docker inspect kind-saas-operator > /dev/null || docker network create -d bridge --subnet 172.27.27.0/24 kind-saas-operator + KIND_EXPERIMENTAL_DOCKER_NETWORK=kind-saas-operator $(KIND) create cluster --wait 5m --image kindest/node:$(KIND_K8S_VERSION) + +install-%: export KUBECONFIG = $(PWD)/kubeconfig +install-%: kustomize yq helm + echo + KUSTOMIZE_BIN=$(KUSTOMIZE) YQ_BIN=$(YQ) BASE_PATH=config/dependencies hack/apply-kustomize.sh $* kind-delete: ## Deletes the kind cluster and the registry kind-delete: kind $(KIND) delete cluster -kind-deploy: export KUBECONFIG = $(PWD)/kubeconfig -kind-deploy: manifests kustomize ## Deploy operator to the Kind K8s cluster - kubectl apply -f config/test/external-apis/ && \ - find config/test/external-apis/ -name '*yaml' -type f \ - | sed -n 's/.*\/\(.*\).yaml/\1/p' \ - | xargs -n1 kubectl wait --for condition=established --timeout=60s crd +CONTROLLER_DEPS = prometheus-crds grafana-crds +kind-deploy-controller: export KUBECONFIG = $(PWD)/kubeconfig +kind-deploy-controller: manifests kustomize docker-build $(foreach elem,$(CONTROLLER_DEPS),install-$(elem)) ## Deploy operator to the Kind K8s cluster $(KIND) load docker-image $(IMG) cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} - $(KUSTOMIZE) build config/test | kubectl apply -f - + $(KUSTOMIZE) build config/test --load-restrictor LoadRestrictionsNone | kubectl apply -f - -kind-refresh-operator: export KUBECONFIG = ${PWD}/kubeconfig -kind-refresh-operator: manifests kind docker-build ## Reloads the operator image into the K8s cluster and deletes the old Pod +kind-refresh-controller: export KUBECONFIG = ${PWD}/kubeconfig +kind-refresh-controller: manifests kind docker-build ## Reloads the controller image into the K8s cluster and deletes the old Pod $(KIND) load docker-image $(IMG) kubectl delete pod -l control-plane=controller-manager +kind-deploy-databases: export KUBECONFIG = $(PWD)/kubeconfig +kind-deploy-databases: kind-deploy-controller + $(KUSTOMIZE) build config/local-setup/databases | kubectl apply -f - + sleep 10 + kubectl wait --for condition=ready --timeout=300s pod --all + kind-undeploy: export KUBECONFIG = $(PWD)/kubeconfig kind-undeploy: ## Undeploy controller from the Kind K8s cluster $(KUSTOMIZE) build config/test | kubectl delete -f - -kind-deploy-backup-assets: export KUBECONFIG = $(PWD)/kubeconfig -kind-deploy-backup-assets: kind-load-redis-with-ssh - $(KUSTOMIZE) build config/test/redis-backups --load-restrictor LoadRestrictionsNone --enable-helm | kubectl apply -f - - REDIS_WITH_SSH_IMG = redis-with-ssh:6.2.13-alpine kind-load-redis-with-ssh: docker build -t $(REDIS_WITH_SSH_IMG) test/assets/redis-with-ssh $(KIND) load docker-image $(REDIS_WITH_SSH_IMG) +kind-deploy-saas: export KUBECONFIG = ${PWD}/kubeconfig +kind-deploy-saas: kind-load-redis-with-ssh ## Deploys a 3scale SaaS dev environment + $(KUSTOMIZE) build config/local-setup | kubectl apply -f - + sleep 5 + kubectl wait --for condition=ready --timeout=300s pod system-console-0 + kubectl get pods --no-headers -o name | grep -v system | xargs kubectl wait --for condition=ready --timeout=300s + kubectl -ti exec system-console-0 -c system-console -- bash -c '\ + MASTER_DOMAIN=multitenant-admin \ + MASTER_ACCESS_TOKEN=mtoken \ + MASTER_PASSWORD=mpass \ + MASTER_USER=admin \ + TENANT_NAME=provider \ + PROVIDER_NAME="3scale SaaS Dev Provider" \ + USER_LOGIN=admin \ + USER_PASSWORD=ppass \ + ADMIN_ACCESS_TOKEN=ptoken \ + USER_EMAIL="admin@cluster.local" \ + DISABLE_DATABASE_ENVIRONMENT_CHECK=1 \ + bundle exec rake db:setup' + kubectl get pods --no-headers -o name | grep system | xargs kubectl wait --for condition=ready --timeout=300s + +kind-cleanup-saas: export KUBECONFIG = ${PWD}/kubeconfig +kind-cleanup-saas: + -$(KUSTOMIZE) build config/local-setup/databases | kubectl delete -f - + -$(KUSTOMIZE) build config/local-setup | kubectl delete -f - + -kubectl get pod --no-headers -o name | grep -v saas-operator | xargs kubectl delete --grace-period=0 --force + -kubectl get pvc --no-headers -o name | xargs kubectl delete + +LOCAL_SETUP_DEPS = metallb cert-manager marin3r prometheus-crds tekton-crds grafana-crds external-secrets-crds minio +kind-local-setup: export KUBECONFIG = ${PWD}/kubeconfig +kind-local-setup: $(foreach elem,$(LOCAL_SETUP_DEPS),install-$(elem)) kind-deploy-controller kind-deploy-databases kind-deploy-saas + ##@ Build Dependencies ## Location to install dependencies to @@ -292,6 +337,8 @@ LOCALBIN ?= $(shell pwd)/bin $(LOCALBIN): mkdir -p $(LOCALBIN) +export PATH := $(LOCALBIN):$(PATH) + ## Tool Binaries KUSTOMIZE ?= $(LOCALBIN)/kustomize CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen @@ -300,6 +347,8 @@ GINKGO ?= $(LOCALBIN)/ginkgo CRD_REFDOCS ?= $(LOCALBIN)/crd-ref-docs KIND ?= $(LOCALBIN)/kind GOBINDATA ?= $(LOCALBIN)/go-bindata +YQ ?= $(LOCALBIN)/yq +HELM ?= $(LOCALBIN)/helm ## Tool Versions KUSTOMIZE_VERSION ?= v5.1.1 @@ -310,6 +359,8 @@ KIND_VERSION ?= v0.16.0 ENVTEST_VERSION ?= latest GOBINDATA_VERSION ?= latest TEKTON_VERSION ?= v0.49.0 +YQ_VERSION ?= v4.40.5 +HELM_VERSION ?= v3.14.0 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" .PHONY: kustomize @@ -345,6 +396,17 @@ go-bindata: $(GOBINDATA) ## Download go-bindata locally if necessary. $(GOBINDATA): test -s $(GOBINDATA) || GOBIN=$(LOCALBIN) go install github.com/go-bindata/go-bindata/...@$(GOBINDATA_VERSION) +.PHONY: yq +yq: $(YQ) +$(YQ): + test -s $(YQ) || GOBIN=$(LOCALBIN) go install github.com/mikefarah/yq/v4@$(YQ_VERSION) + +HELM_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3" +.PHONY: helm +helm: $(HELM) +$(HELM): + curl -s $(HELM_INSTALL_SCRIPT) | HELM_INSTALL_DIR=$(LOCALBIN) bash -s -- --no-sudo --version $(HELM_VERSION) + ##@ Other .PHONY: operator-sdk diff --git a/api/v1alpha1/system_types.go b/api/v1alpha1/system_types.go index d5c49ae2..bf70c46e 100644 --- a/api/v1alpha1/system_types.go +++ b/api/v1alpha1/system_types.go @@ -430,13 +430,15 @@ type SystemConfig struct { // DSN of system's main database // +operator-sdk:csv:customresourcedefinitions:type=spec DatabaseDSN SecretReference `json:"databaseDSN"` - // EventsSharedSecret + // EventsSharedSecret is a password that protects System's event + // hooks endpoint. // +operator-sdk:csv:customresourcedefinitions:type=spec EventsSharedSecret SecretReference `json:"eventsSharedSecret"` // Holds recaptcha configuration options // +operator-sdk:csv:customresourcedefinitions:type=spec Recaptcha SystemRecaptchaSpec `json:"recaptcha"` - // SecretKeyBase + // SecretKeyBase: https://api.rubyonrails.org/classes/Rails/Application.html#method-i-secret_key_base + // You can generate one random key using 'bundle exec rake secret' // +operator-sdk:csv:customresourcedefinitions:type=spec SecretKeyBase SecretReference `json:"secretKeyBase"` // AccessCode to protect admin urls @@ -456,7 +458,8 @@ type SystemConfig struct { // +operator-sdk:csv:customresourcedefinitions:type=spec // +optional Bugsnag *BugsnagSpec `json:"bugsnag,omitempty"` - // Database secret + // DatabaseSecret is a site key stored off-database for improved more secure password hashing + // See https://github.com/3scale/porta/blob/ae498814cef3d856613f60d29330882fa870271d/config/initializers/site_keys.rb#L2-L19 // +operator-sdk:csv:customresourcedefinitions:type=spec DatabaseSecret SecretReference `json:"databaseSecret"` // Memcached servers diff --git a/config/crd/bases/saas.3scale.net_systems.yaml b/config/crd/bases/saas.3scale.net_systems.yaml index f332151c..392c09c1 100644 --- a/config/crd/bases/saas.3scale.net_systems.yaml +++ b/config/crd/bases/saas.3scale.net_systems.yaml @@ -861,7 +861,8 @@ spec: type: string type: object databaseSecret: - description: Database secret + description: DatabaseSecret is a site key stored off-database + for improved more secure password hashing See https://github.com/3scale/porta/blob/ae498814cef3d856613f60d29330882fa870271d/config/initializers/site_keys.rb#L2-L19 properties: fromVault: description: FromVault is a reference to a secret key/value @@ -883,7 +884,8 @@ spec: type: string type: object eventsSharedSecret: - description: EventsSharedSecret + description: EventsSharedSecret is a password that protects System's + event hooks endpoint. properties: fromVault: description: FromVault is a reference to a secret key/value @@ -1156,7 +1158,8 @@ spec: type: integer type: object secretKeyBase: - description: SecretKeyBase + description: 'SecretKeyBase: https://api.rubyonrails.org/classes/Rails/Application.html#method-i-secret_key_base + You can generate one random key using ''bundle exec rake secret''' properties: fromVault: description: FromVault is a reference to a secret key/value diff --git a/config/dependencies/cert-manager/kustomization.yaml b/config/dependencies/cert-manager/kustomization.yaml new file mode 100644 index 00000000..314bfe0e --- /dev/null +++ b/config/dependencies/cert-manager/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml + - resources.yaml diff --git a/config/dependencies/cert-manager/resources.yaml b/config/dependencies/cert-manager/resources.yaml new file mode 100644 index 00000000..b6c51e12 --- /dev/null +++ b/config/dependencies/cert-manager/resources.yaml @@ -0,0 +1,6 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: selfsigned-cluster-issuer +spec: + selfSigned: {} \ No newline at end of file diff --git a/config/dependencies/external-secrets-crds/kustomization.yaml b/config/dependencies/external-secrets-crds/kustomization.yaml new file mode 100644 index 00000000..cdba10f4 --- /dev/null +++ b/config/dependencies/external-secrets-crds/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - https://github.com/external-secrets/external-secrets/config/crds/bases/?ref=v0.9.11 \ No newline at end of file diff --git a/config/dependencies/grafana-crds/kustomization.yaml b/config/dependencies/grafana-crds/kustomization.yaml new file mode 100644 index 00000000..03e20437 --- /dev/null +++ b/config/dependencies/grafana-crds/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - https://github.com/grafana/grafana-operator/config/crd/?ref=v4.10.1 \ No newline at end of file diff --git a/config/dependencies/marin3r-crds/kustomization.yaml b/config/dependencies/marin3r-crds/kustomization.yaml new file mode 100644 index 00000000..292e3999 --- /dev/null +++ b/config/dependencies/marin3r-crds/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - https://github.com/3scale-ops/marin3r/config/crd/?ref=v0.12.3 \ No newline at end of file diff --git a/config/dependencies/marin3r/kustomization.yaml b/config/dependencies/marin3r/kustomization.yaml new file mode 100644 index 00000000..2418b414 --- /dev/null +++ b/config/dependencies/marin3r/kustomization.yaml @@ -0,0 +1,49 @@ +namespace: marin3r +resources: + - https://github.com/3scale-ops/marin3r/config/default/?ref=v0.12.3 + +# somehow this works in upstream repo but not here +patches: + - target: + group: admissionregistration.k8s.io + version: v1 + kind: MutatingWebhookConfiguration + patch: |- + - op: remove + path: /metadata/creationTimestamp + # use cluster scoped installation + - target: + group: rbac.authorization.k8s.io + kind: Role + name: manager-role + version: v1 + patch: |- + - op: replace + path: /kind + value: ClusterRole + - op: remove + path: /metadata/namespace + - target: + group: rbac.authorization.k8s.io + kind: RoleBinding + name: manager-rolebinding + version: v1 + patch: |- + - op: replace + path: /kind + value: ClusterRoleBinding + - op: replace + path: /roleRef/kind + value: ClusterRole + - op: remove + path: /metadata/namespace + # no HA + - target: + group: apps + kind: Deployment + name: controller-webhook + version: v1 + patch: |- + - op: replace + path: /spec/replicas + value: 1 diff --git a/config/dependencies/metallb/kustomization.yaml b/config/dependencies/metallb/kustomization.yaml new file mode 100644 index 00000000..be846261 --- /dev/null +++ b/config/dependencies/metallb/kustomization.yaml @@ -0,0 +1,4 @@ +namespace: metallb +resources: + - https://github.com/metallb/metallb/config/native/?ref=v0.13.12 + - resources.yaml \ No newline at end of file diff --git a/config/dependencies/metallb/resources.yaml b/config/dependencies/metallb/resources.yaml new file mode 100644 index 00000000..ba52e1c6 --- /dev/null +++ b/config/dependencies/metallb/resources.yaml @@ -0,0 +1,102 @@ +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: generic +spec: + addresses: + - 172.27.27.150-172.27.27.200 + +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: backend +spec: + addresses: + - 172.27.27.100/32 + serviceAllocation: + priority: 1 + serviceSelectors: + - matchLabels: + threescale_component: backend + threescale_component_element: listener + +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: apicast-production +spec: + addresses: + - 172.27.27.101/32 + serviceAllocation: + priority: 1 + serviceSelectors: + - matchLabels: + threescale_component: apicast-production + threescale_component_element: gateway + +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: apicast-staging +spec: + addresses: + - 172.27.27.102/32 + serviceAllocation: + priority: 1 + serviceSelectors: + - matchLabels: + threescale_component: apicast-staging + threescale_component_element: gateway + +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: echo-api +spec: + addresses: + - 172.27.27.103/32 + serviceAllocation: + priority: 1 + serviceSelectors: + - matchLabels: + app: echo-api + part-of: 3scale-saas + +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: autossl +spec: + addresses: + - 172.27.27.104/32 + serviceAllocation: + priority: 1 + serviceSelectors: + - matchLabels: + app: autossl + part-of: 3scale-saas + +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: system +spec: + addresses: + - 172.27.27.105/32 + serviceAllocation: + priority: 1 + serviceSelectors: + - matchLabels: + app: mt-ingress + +--- +apiVersion: metallb.io/v1beta1 +kind: L2Advertisement +metadata: + name: empty diff --git a/config/dependencies/minio/kustomization.yaml b/config/dependencies/minio/kustomization.yaml new file mode 100644 index 00000000..25d542a6 --- /dev/null +++ b/config/dependencies/minio/kustomization.yaml @@ -0,0 +1,25 @@ +namespace: minio +resources: + - namespace.yaml +helmCharts: + - name: minio + repo: https://charts.min.io + version: v5.0.13 + releaseName: minio + namespace: minio + valuesInline: + mode: standalone + persistence: + enabled: false + resources: + requests: + memory: 1Mi + buckets: + - name: backups + purge: true + versioning: false + - name: system-assets + purge: true + versioning: false + rootUser: admin + rootPassword: admin123 \ No newline at end of file diff --git a/config/dependencies/minio/namespace.yaml b/config/dependencies/minio/namespace.yaml new file mode 100644 index 00000000..428108a9 --- /dev/null +++ b/config/dependencies/minio/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: minio \ No newline at end of file diff --git a/config/dependencies/prometheus-crds/kustomization.yaml b/config/dependencies/prometheus-crds/kustomization.yaml new file mode 100644 index 00000000..9ccff7f7 --- /dev/null +++ b/config/dependencies/prometheus-crds/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.12/manifests/setup/0podmonitorCustomResourceDefinition.yaml + - https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.12/manifests/setup/0servicemonitorCustomResourceDefinition.yaml \ No newline at end of file diff --git a/config/dependencies/tekton-crds/kustomization.yaml b/config/dependencies/tekton-crds/kustomization.yaml new file mode 100644 index 00000000..3a097464 --- /dev/null +++ b/config/dependencies/tekton-crds/kustomization.yaml @@ -0,0 +1,12 @@ +resources: + - https://raw.githubusercontent.com/tektoncd/pipeline/release-v0.49.x/config/300-pipeline.yaml + - https://raw.githubusercontent.com/tektoncd/pipeline/release-v0.49.x/config/300-task.yaml + +patches: + - target: + group: apiextensions.k8s.io + version: v1 + kind: CustomResourceDefinition + patch: |- + - op: remove + path: /spec/conversion \ No newline at end of file diff --git a/config/local-setup/README.md b/config/local-setup/README.md new file mode 100644 index 00000000..e5d059be --- /dev/null +++ b/config/local-setup/README.md @@ -0,0 +1,38 @@ +# Instructions + +1. Create the file `config/local-setup/secrets/pull-secrets.json` with the registry auths required (for private repositories used). Example: + +```json +{ + "auths": { + "quay.io": { + "auth": "token1" + }, + "brew.registry.redhat.io": { + "auth": "token2" + } + } +} +``` + +1. Issue the following commands + +```bash +make kind-create +make kind-local-setup +``` + +## URLs + +* **backend**: http://backend-172-27-27-100.nip.io +* **apicast**: + * http://*.production-172-27-27-101.nip.io + * http://*.staging-172-27-27-102.nip.io +* **echo-api**: http://echo-api-172-27-27-103.nip.io +* **autossl**: http://autossl-172-27-27-104.nip.io +* **system**: https://-admin.system-172-27-27-105.nip.io + + +## TODO + +* System SMPTP?? maybe just disable altogether diff --git a/config/local-setup/apicast.yaml b/config/local-setup/apicast.yaml new file mode 100644 index 00000000..b18f541f --- /dev/null +++ b/config/local-setup/apicast.yaml @@ -0,0 +1,113 @@ +apiVersion: saas.3scale.net/v1alpha1 +kind: Apicast +metadata: + name: apicast +spec: + production: + image: + name: REPLACE + tag: REPLACE + pullSecretName: pull-secrets + pullPolicy: Always + config: + configurationCache: 300 + threescalePortalEndpoint: "http://mapping-service/config" + endpoint: {dns: []} + hpa: {} + marin3r: + dynamicConfigs: + gateway_cluster: + cluster: + host: 127.0.0.1 + port: 8080 + http: + listenerHttp: + proxyProtocol: false + port: 38080 + routeConfigName: router + router: + routeConfiguration: + virtualHosts: + - domains: ["*"] + name: gateway + routes: + - match: + prefix: / + route: + cluster: gateway_cluster + timeout: 30s + envoyImage: REPLACE + nodeID: apicast-production + ports: + - name: gateway-http + port: 38080 + - name: gateway-https + port: 38443 + - name: envoy-metrics + port: 9901 + shtdnmgrExtraLifecycleHooks: + - apicast + shtdnmgrPort: 8091 + pdb: {} + replicas: 1 + resources: {} + staging: + image: + name: REPLACE + tag: REPLACE + pullSecretName: pull-secrets + pullPolicy: Always + config: + configurationCache: 60 + threescalePortalEndpoint: "http://mapping-service/config" + endpoint: {dns: []} + hpa: {} + marin3r: + dynamicConfigs: + gateway_cluster: + cluster: + host: 127.0.0.1 + port: 8080 + http: + listenerHttp: + proxyProtocol: false + port: 38080 + routeConfigName: router + mgmt_cluster: + cluster: + host: 127.0.0.1 + port: 8090 + router: + routeConfiguration: + virtualHosts: + - domains: [policies.staging-172-27-27-102.nip.io] + name: policies + routes: + - match: + prefix: /policies + route: + cluster: mgmt_cluster + - domains: ["*"] + name: gateway + routes: + - match: + prefix: / + route: + cluster: gateway_cluster + timeout: 30s + envoyImage: REPLACE + nodeID: apicast-staging + ports: + - name: gateway-http + port: 38080 + - name: gateway-https + port: 38443 + - name: envoy-metrics + port: 9901 + resources: {} + shtdnmgrExtraLifecycleHooks: + - apicast + shtdnmgrPort: 8091 + pdb: {} + replicas: 1 + resources: {} diff --git a/config/local-setup/autossl.yaml b/config/local-setup/autossl.yaml new file mode 100644 index 00000000..884bc80a --- /dev/null +++ b/config/local-setup/autossl.yaml @@ -0,0 +1,22 @@ +apiVersion: saas.3scale.net/v1alpha1 +kind: AutoSSL +metadata: + name: autossl +spec: + image: + name: REPLACE + tag: REPLACE + pullSecretName: pull-secrets + pullPolicy: Always + config: + contactEmail: 3scale-operations@redhat.com + domainWhitelist: [] + logLevel: debug + proxyEndpoint: "https://multitenant-admin.system-172-27-27-105.nip.io" + redisHost: autossl-redis + verificationEndpoint: "https://multitenant-admin.system-172-27-27-105.nip.io/swagger/spec.json" + endpoint: {dns: []} + hpa: {} + pdb: {} + replicas: 1 + resources: {} diff --git a/config/local-setup/backend.yaml b/config/local-setup/backend.yaml new file mode 100644 index 00000000..43ebb83e --- /dev/null +++ b/config/local-setup/backend.yaml @@ -0,0 +1,94 @@ +--- +apiVersion: saas.3scale.net/v1alpha1 +kind: Backend +metadata: + name: backend +spec: + image: + name: REPLACE + tag: REPLACE + pullSecretName: pull-secrets + pullPolicy: Always + config: + masterServiceID: 1 + internalAPIPassword: + override: backend-internal-api-password + internalAPIUser: + override: backend-internal-api-user + rackEnv: preview + redisQueuesDSN: "redis://backend-redis:6379/1" + redisStorageDSN: "redis://backend-redis:6379/0" + systemEventsHookPassword: + override: system-events-shared-secret + systemEventsHookURL: + override: "https://system-172-27-27-105.nip.io/master/events/import" + listener: + config: + listenerWorkers: 1 + redisAsync: true + endpoint: {dns: []} + hpa: {} + marin3r: + dynamicConfigs: + backend_listener_cluster: + cluster: + host: 127.0.0.1 + port: 3000 + http: + listenerHttp: + proxyProtocol: false + port: 38080 + routeConfigName: router_external + http_internal: + listenerHttp: + port: 38081 + proxyProtocol: false + routeConfigName: router_internal + router_external: + routeConfiguration: + virtualHosts: + - domains: ["*"] + name: backend_listener + routes: + - direct_response: + status: "404" + match: + prefix: /internal + - match: + prefix: / + route: + cluster: backend_listener_cluster + router_internal: + routeConfiguration: + virtualHosts: + - domains: ["*"] + name: backend_listener + routes: + - match: + prefix: / + route: + cluster: backend_listener_cluster + envoyImage: REPLACE + nodeID: backend-listener + ports: + - name: backend-http + port: 38080 + - name: http-internal + port: 38081 + - name: backend-https + port: 38443 + - name: envoy-metrics + port: 9901 + resources: {} + shtdnmgrExtraLifecycleHooks: + - backend-listener + pdb: {} + replicas: 1 + resources: {} + worker: + config: + redisAsync: true + hpa: {} + pdb: {} + replicas: 1 + resources: {} diff --git a/config/local-setup/configuration.yaml b/config/local-setup/configuration.yaml new file mode 100644 index 00000000..c0a306cb --- /dev/null +++ b/config/local-setup/configuration.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: config +data: + # APICAST CONFIGURATION + APICAST_IMAGE_NAME: quay.io/3scale/apicast-cloud-hosted + APICAST_IMAGE_TAG: apicast-3scale2.13-1.23.0-12-001 + + # MAPPINGSERVICE CONFIGURATION + MAPPINGSERVICE_IMAGE_NAME: quay.io/3scale/apicast-cloud-hosted + MAPPINGSERVICE_IMAGE_TAG: mapping-service-3scale2.13-1.23.0-12-001 + + # AUTOSSL CONFIGURATION + AUTOSSL_IMAGE_NAME: quay.io/3scale/autossl + AUTOSSL_IMAGE_TAG: v1.0.1 + + # BACKEND CONFIGURATION + BACKEND_IMAGE_NAME: brew.registry.redhat.io/rh-osbs/3scale-amp2-backend-rhel8 + BACKEND_IMAGE_TAG: 3scale-amp-2-containers-candidate-89143-20221018113511 + + # CORSPROXY + CORSPROXY_IMAGE_NAME: quay.io/3scale/cors-proxy + CORSPROXY_IMAGE_TAG: v1.1.0 + + # ECHOAPI CONFIGURATION + ECHOAPI_IMAGE_NAME: quay.io/3scale/echoapi + ECHOAPI_IMAGE_TAG: v1.0.3 + + # SYSTEM CONFIGURATION + SYSTEM_IMAGE_NAME: brew.registry.redhat.io/rh-osbs/3scale-amp2-system-rhel7 + SYSTEM_IMAGE_TAG: 1.17.0-355 + SEARCHD_IMAGE_NAME: brew.registry.redhat.io/rh-osbs/3scale-amp2-3scale-manticore-search-rhel9 + SEARCHD_IMAGE_TAG: 1.0.0-3 + + # ZYNC CONFIGURATION + ZYNC_IMAGE_NAME: brew.registry.redhat.io/rh-osbs/3scale-amp2-zync-rhel9 + ZYNC_IMAGE_TAG: 1.15.0-136 + + # ENVOY CONFIGURATION + ENVOY_IMAGE: envoyproxy/envoy:v1.22.11 diff --git a/config/local-setup/corsproxy.yaml b/config/local-setup/corsproxy.yaml new file mode 100644 index 00000000..9d243b50 --- /dev/null +++ b/config/local-setup/corsproxy.yaml @@ -0,0 +1,17 @@ +apiVersion: saas.3scale.net/v1alpha1 +kind: CORSProxy +metadata: + name: cors-proxy +spec: + image: + name: REPLACE + tag: REPLACE + pullSecretName: pull-secrets + pullPolicy: Always + config: + systemDatabaseDSN: + override: mysql://app:password@system-mysql:3306/system_enterprise + hpa: {} + pdb: {} + replicas: 1 + resources: {} diff --git a/config/local-setup/databases/autossl-redis/kustomization.yaml b/config/local-setup/databases/autossl-redis/kustomization.yaml new file mode 100644 index 00000000..0c16a915 --- /dev/null +++ b/config/local-setup/databases/autossl-redis/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - resources.yaml diff --git a/config/local-setup/databases/autossl-redis/resources.yaml b/config/local-setup/databases/autossl-redis/resources.yaml new file mode 100644 index 00000000..1b29cda4 --- /dev/null +++ b/config/local-setup/databases/autossl-redis/resources.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: saas.3scale.net/v1alpha1 +kind: RedisShard +metadata: + name: autossl-redis +spec: + slaveCount: 0 + image: + tag: 6.2.13-alpine + +--- +apiVersion: v1 +kind: Service +metadata: + name: autossl-redis +spec: + ports: + - name: redis + port: 6379 + protocol: TCP + targetPort: redis-server + selector: + redis-shard: autossl-redis + type: ClusterIP diff --git a/config/local-setup/databases/backend-redis/kustomization.yaml b/config/local-setup/databases/backend-redis/kustomization.yaml new file mode 100644 index 00000000..0c16a915 --- /dev/null +++ b/config/local-setup/databases/backend-redis/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - resources.yaml diff --git a/config/local-setup/databases/backend-redis/resources.yaml b/config/local-setup/databases/backend-redis/resources.yaml new file mode 100644 index 00000000..6de4cb12 --- /dev/null +++ b/config/local-setup/databases/backend-redis/resources.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: saas.3scale.net/v1alpha1 +kind: RedisShard +metadata: + name: backend-redis +spec: + slaveCount: 0 + image: + tag: 6.2.13-alpine + +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-redis +spec: + ports: + - name: redis + port: 6379 + protocol: TCP + targetPort: redis-server + selector: + redis-shard: backend-redis + type: ClusterIP \ No newline at end of file diff --git a/config/local-setup/databases/kustomization.yaml b/config/local-setup/databases/kustomization.yaml new file mode 100644 index 00000000..d73c1c48 --- /dev/null +++ b/config/local-setup/databases/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - autossl-redis + - backend-redis + - system-memcached + - system-mysql + - system-redis + - zync-postgresql \ No newline at end of file diff --git a/config/local-setup/databases/system-memcached/kustomization.yaml b/config/local-setup/databases/system-memcached/kustomization.yaml new file mode 100644 index 00000000..0c16a915 --- /dev/null +++ b/config/local-setup/databases/system-memcached/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - resources.yaml diff --git a/config/local-setup/databases/system-memcached/resources.yaml b/config/local-setup/databases/system-memcached/resources.yaml new file mode 100644 index 00000000..7759a65d --- /dev/null +++ b/config/local-setup/databases/system-memcached/resources.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: system-memcached +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: system-memcached + template: + metadata: + labels: + app.kubernetes.io/name: system-memcached + spec: + containers: + - image: 'memcached:1.5.22' + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 10 + tcpSocket: + port: 11211 + name: memcached + ports: + - containerPort: 11211 + name: memcached + readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 5 + tcpSocket: + port: 11211 + +--- +apiVersion: v1 +kind: Service +metadata: + name: system-memcached +spec: + ports: + - name: memcached + port: 11211 + protocol: TCP + targetPort: memcached + selector: + app.kubernetes.io/name: system-memcached + type: ClusterIP diff --git a/config/local-setup/databases/system-mysql/kustomization.yaml b/config/local-setup/databases/system-mysql/kustomization.yaml new file mode 100644 index 00000000..0c16a915 --- /dev/null +++ b/config/local-setup/databases/system-mysql/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - resources.yaml diff --git a/config/local-setup/databases/system-mysql/resources.yaml b/config/local-setup/databases/system-mysql/resources.yaml new file mode 100644 index 00000000..6f314cb0 --- /dev/null +++ b/config/local-setup/databases/system-mysql/resources.yaml @@ -0,0 +1,70 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: system-mysql +spec: + selector: + matchLabels: + app.kubernetes.io/name: system-mysql + replicas: 1 + serviceName: system-mysql + template: + metadata: + labels: + app.kubernetes.io/name: system-mysql + spec: + containers: + - name: mysql + image: mysql:5.7 + # FOR MYSQL 8.0 # + # image: mysql:8.0 + # args: + # - mysqld + # - --default-authentication-plugin=mysql_native_password + env: + - name: MYSQL_ROOT_PASSWORD + value: password + - name: MYSQL_DATABASE + value: system_enterprise + - name: MYSQL_USER + value: app + - name: MYSQL_PASSWORD + value: password + ports: + - name: mysql + containerPort: 3306 + readinessProbe: + tcpSocket: + port: 3306 + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 1 + volumeMounts: + - name: system-mysql-storage + mountPath: /var/lib/mysql + subPath: data + volumeClaimTemplates: + - metadata: + name: system-mysql-storage + spec: + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +--- +apiVersion: v1 +kind: Service +metadata: + name: system-mysql +spec: + ports: + - name: mysql + port: 3306 + protocol: TCP + targetPort: 3306 + selector: + app.kubernetes.io/name: system-mysql diff --git a/config/local-setup/databases/system-redis/kustomization.yaml b/config/local-setup/databases/system-redis/kustomization.yaml new file mode 100644 index 00000000..0c16a915 --- /dev/null +++ b/config/local-setup/databases/system-redis/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - resources.yaml diff --git a/config/local-setup/databases/system-redis/resources.yaml b/config/local-setup/databases/system-redis/resources.yaml new file mode 100644 index 00000000..7fe55867 --- /dev/null +++ b/config/local-setup/databases/system-redis/resources.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: saas.3scale.net/v1alpha1 +kind: RedisShard +metadata: + name: system-redis +spec: + slaveCount: 0 + image: + tag: 6.2.13-alpine + +--- +apiVersion: v1 +kind: Service +metadata: + name: system-redis +spec: + ports: + - name: redis + port: 6379 + protocol: TCP + targetPort: redis-server + selector: + redis-shard: system-redis + type: ClusterIP \ No newline at end of file diff --git a/config/local-setup/databases/zync-postgresql/kustomization.yaml b/config/local-setup/databases/zync-postgresql/kustomization.yaml new file mode 100644 index 00000000..0c16a915 --- /dev/null +++ b/config/local-setup/databases/zync-postgresql/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - resources.yaml diff --git a/config/local-setup/databases/zync-postgresql/resources.yaml b/config/local-setup/databases/zync-postgresql/resources.yaml new file mode 100644 index 00000000..db90e5a4 --- /dev/null +++ b/config/local-setup/databases/zync-postgresql/resources.yaml @@ -0,0 +1,94 @@ + +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: zync-psql +spec: + serviceName: zync-psql + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: zync-psql + template: + metadata: + labels: + app.kubernetes.io/name: zync-psql + spec: + containers: + - name: psql + image: postgres:13.13-alpine + imagePullPolicy: IfNotPresent + ports: + - name: psql + containerPort: 5432 + env: + - name: POSTGRES_USER + value: app + - name: POSTGRES_PASSWORD + value: password + - name: POSTGRES_DB + value: zync + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + livenessProbe: + exec: + command: + - sh + - -c + - exec pg_isready --host $POD_IP + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - sh + - -c + - exec pg_isready --host $POD_IP + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + resources: + requests: + cpu: 5m + memory: 128Mi + limits: + cpu: 100m + memory: 256Mi + volumeMounts: + - name: zync-psql + mountPath: /var/lib/postgresql/data + subPath: postgres + volumeClaimTemplates: + - metadata: + name: zync-psql + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + +--- +apiVersion: v1 +kind: Service +metadata: + name: zync-psql +spec: + ports: + - name: psql + port: 5432 + protocol: TCP + targetPort: psql + selector: + app.kubernetes.io/name: zync-psql + type: ClusterIP \ No newline at end of file diff --git a/config/local-setup/discoveryservice.yaml b/config/local-setup/discoveryservice.yaml new file mode 100644 index 00000000..8f7bc5ea --- /dev/null +++ b/config/local-setup/discoveryservice.yaml @@ -0,0 +1,6 @@ +apiVersion: operator.marin3r.3scale.net/v1alpha1 +kind: DiscoveryService +metadata: + name: discoveryservice +spec: + debug: true \ No newline at end of file diff --git a/config/local-setup/echoapi.yaml b/config/local-setup/echoapi.yaml new file mode 100644 index 00000000..0124ed0c --- /dev/null +++ b/config/local-setup/echoapi.yaml @@ -0,0 +1,48 @@ +apiVersion: saas.3scale.net/v1alpha1 +kind: EchoAPI +metadata: + name: echo-api +spec: + endpoint: {dns: []} + hpa: {} + image: + name: REPLACE + tag: REPLACE + pullSecretName: pull-secrets + pullPolicy: Always + marin3r: + dynamicConfigs: + echo_api_cluster: + cluster: + host: 127.0.0.1 + port: 9292 + echo_api_route: + routeConfiguration: + virtualHosts: + - domains: ['*'] + name: echo_api + routes: + - match: + prefix: / + route: + cluster: echo_api_cluster + http: + listenerHttp: + proxyProtocol: false + port: 38080 + routeConfigName: echo_api_route + envoyImage: REPLACE + nodeID: echo-api + ports: + - name: echo-api-http + port: 38080 + - name: echo-api-https + port: 38443 + - name: envoy-metrics + port: 9901 + resources: {} + shtdnmgrExtraLifecycleHooks: + - echo-api + pdb: {} + replicas: 1 + resources: {} diff --git a/config/local-setup/kustomization.yaml b/config/local-setup/kustomization.yaml new file mode 100644 index 00000000..2299fa44 --- /dev/null +++ b/config/local-setup/kustomization.yaml @@ -0,0 +1,54 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default + +resources: + - discoveryservice.yaml + - configuration.yaml + - secrets + - apicast.yaml + - mappingservice.yaml + - autossl.yaml + - backend.yaml + - corsproxy.yaml + - echoapi.yaml + - zync.yaml + - system.yaml + - mt-ingress.yaml + +secretGenerator: + - name: system-config + files: + - system-config/amazon_s3.yml + - system-config/backend.yml + - system-config/backend_redis.yml + # - system-config/banned_domains.yml + - system-config/cache_store.yml + - system-config/core.yml + - system-config/cors.yml + - system-config/currencies.yml + - system-config/database.yml + - system-config/features.yml + # - system-config/internal_domains.yml + - system-config/oauth2.yml + - system-config/paperclip.yml + # - system-config/plan_rules.yml + - system-config/redhat_customer_portal.yml + - system-config/redis.yml + # - system-config/rolling_updates.yml + - system-config/sandbox_proxy.yml + - system-config/secrets.yml + - system-config/segment.yml + - system-config/service_discovery.yml + - system-config/settings.yml + - system-config/sidekiq_schedule.yml + - system-config/smtp.yml + - system-config/web_hooks.yml + - system-config/zync.yml + options: + disableNameSuffixHash: true + labels: + threescale_component_element: config + +replacements: + - path: replacements/images.yaml diff --git a/config/local-setup/mappingservice.yaml b/config/local-setup/mappingservice.yaml new file mode 100644 index 00000000..74eed694 --- /dev/null +++ b/config/local-setup/mappingservice.yaml @@ -0,0 +1,18 @@ +apiVersion: saas.3scale.net/v1alpha1 +kind: MappingService +metadata: + name: mapping-service +spec: + config: + apiHost: https://multitenant-admin.system-172-27-27-105.nip.io + systemAdminToken: + override: apicast-mtoken + image: + name: REPLACE + tag: REPLACE + pullSecretName: pull-secrets + pullPolicy: Always + hpa: {} + pdb: {} + replicas: 1 + resources: {} diff --git a/config/local-setup/mt-ingress.yaml b/config/local-setup/mt-ingress.yaml new file mode 100644 index 00000000..cbadd9bd --- /dev/null +++ b/config/local-setup/mt-ingress.yaml @@ -0,0 +1,199 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: mt-ingress-cert +spec: + dnsNames: ["*.system-172-27-27-105.nip.io"] + issuerRef: + kind: ClusterIssuer + name: selfsigned-cluster-issuer + secretName: mt-ingress-cert + +--- +apiVersion: operator.marin3r.3scale.net/v1alpha1 +kind: EnvoyDeployment +metadata: + name: mt-ingress +spec: + discoveryServiceRef: discoveryservice + envoyConfigRef: mt-ingress + image: REPLACE + ports: + - name: http + port: 8080 + protocol: TCP + - name: https + port: 8443 + protocol: TCP + - name: master-tenant + port: 8081 + protocol: TCP + adminAccessLogPath: /dev/null + shutdownManager: {} + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: mt-ingress + name: mt-ingress +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: envoy-deployment + app.kubernetes.io/instance: mt-ingress + app.kubernetes.io/managed-by: marin3r-operator + app.kubernetes.io/name: marin3r + type: LoadBalancer + +--- +apiVersion: marin3r.3scale.net/v1alpha1 +kind: EnvoyConfig +metadata: + name: mt-ingress +spec: + nodeID: mt-ingress + resources: + - type: secret + generateFromTlsSecret: mt-ingress-cert + + - type: listener + value: + name: http + address: + socket_address: + address: 0.0.0.0 + port_value: 8080 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": >- + type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": >- + type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/stdout + http_filters: + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + rds: + config_source: + ads: {} + resource_api_version: V3 + route_config_name: system_app + stat_prefix: ingress_http + + - type: listener + value: + name: https + address: + socket_address: + address: 0.0.0.0 + port_value: 8443 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": >- + type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": >- + type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/stdout + http_filters: + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + rds: + config_source: + ads: {} + resource_api_version: V3 + route_config_name: system_app + stat_prefix: ingress_https + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + '@type': >- + type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext + common_tls_context: + tls_certificate_sds_secret_configs: + - name: mt-ingress-cert + sds_config: + ads: {} + resource_api_version: V3 + + - type: cluster + value: + name: system_app + connect_timeout: 1s + eds_cluster_config: + eds_config: + ads: {} + initial_fetch_timeout: 0s + resource_api_version: V3 + lb_policy: LEAST_REQUEST + type: EDS + + - generateFromEndpointSlices: + clusterName: system_app + selector: + matchLabels: + kubernetes.io/service-name: system-app + targetPort: http + type: endpoint + + - type: cluster + value: + connect_timeout: 1s + dns_lookup_family: V4_ONLY + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: cors_proxy + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: cors-proxy + port_value: 80 + name: cors_proxy + type: STRICT_DNS + + - type: route + value: + name: system_app + virtual_hosts: + - domains: ["*"] + name: multitenant + routes: + - match: + prefix: /api_docs/proxy + route: + cluster: cors_proxy + timeout: 120s + - match: + prefix: / + request_headers_to_add: + - append: false + header: + # void the app redirect to https + key: x-forwarded-proto + value: https + route: + cluster: system_app + timeout: 120s diff --git a/config/local-setup/replacements/images.yaml b/config/local-setup/replacements/images.yaml new file mode 100644 index 00000000..2fd43489 --- /dev/null +++ b/config/local-setup/replacements/images.yaml @@ -0,0 +1,203 @@ +# APICAST +- source: + kind: ConfigMap + name: config + fieldPath: data.APICAST_IMAGE_NAME + targets: + - select: + kind: Apicast + fieldPaths: + - spec.staging.image.name + - spec.production.image.name +- source: + kind: ConfigMap + name: config + fieldPath: data.APICAST_IMAGE_TAG + targets: + - select: + kind: Apicast + fieldPaths: + - spec.staging.image.tag + - spec.production.image.tag + +# MAPPINGSERVICE +- source: + kind: ConfigMap + name: config + fieldPath: data.MAPPINGSERVICE_IMAGE_NAME + targets: + - select: + kind: MappingService + fieldPaths: + - spec.image.name +- source: + kind: ConfigMap + name: config + fieldPath: data.MAPPINGSERVICE_IMAGE_TAG + targets: + - select: + kind: MappingService + fieldPaths: + - spec.image.tag + +# AUTOSSL +- source: + kind: ConfigMap + name: config + fieldPath: data.AUTOSSL_IMAGE_NAME + targets: + - select: + kind: AutoSSL + fieldPaths: + - spec.image.name +- source: + kind: ConfigMap + name: config + fieldPath: data.AUTOSSL_IMAGE_TAG + targets: + - select: + kind: AutoSSL + fieldPaths: + - spec.image.tag + +# BACKEND +- source: + kind: ConfigMap + name: config + fieldPath: data.BACKEND_IMAGE_NAME + targets: + - select: + kind: Backend + fieldPaths: + - spec.image.name +- source: + kind: ConfigMap + name: config + fieldPath: data.BACKEND_IMAGE_TAG + targets: + - select: + kind: Backend + fieldPaths: + - spec.image.tag + +# CORSPROXY +- source: + kind: ConfigMap + name: config + fieldPath: data.CORSPROXY_IMAGE_NAME + targets: + - select: + kind: CORSProxy + fieldPaths: + - spec.image.name +- source: + kind: ConfigMap + name: config + fieldPath: data.CORSPROXY_IMAGE_TAG + targets: + - select: + kind: CORSProxy + fieldPaths: + - spec.image.tag + +# ECHOAPI +- source: + kind: ConfigMap + name: config + fieldPath: data.ECHOAPI_IMAGE_NAME + targets: + - select: + kind: EchoAPI + fieldPaths: + - spec.image.name +- source: + kind: ConfigMap + name: config + fieldPath: data.ECHOAPI_IMAGE_TAG + targets: + - select: + kind: EchoAPI + fieldPaths: + - spec.image.tag + +# SYSTEM +- source: + kind: ConfigMap + name: config + fieldPath: data.SYSTEM_IMAGE_NAME + targets: + - select: + kind: System + fieldPaths: + - spec.image.name +- source: + kind: ConfigMap + name: config + fieldPath: data.SYSTEM_IMAGE_TAG + targets: + - select: + kind: System + fieldPaths: + - spec.image.tag +- source: + kind: ConfigMap + name: config + fieldPath: data.SEARCHD_IMAGE_NAME + targets: + - select: + kind: System + fieldPaths: + - spec.searchd.image.name +- source: + kind: ConfigMap + name: config + fieldPath: data.SEARCHD_IMAGE_TAG + targets: + - select: + kind: System + fieldPaths: + - spec.searchd.image.tag + +# ZYNC +- source: + kind: ConfigMap + name: config + fieldPath: data.ZYNC_IMAGE_NAME + targets: + - select: + kind: Zync + fieldPaths: + - spec.image.name +- source: + kind: ConfigMap + name: config + fieldPath: data.ZYNC_IMAGE_TAG + targets: + - select: + kind: Zync + fieldPaths: + - spec.image.tag + +# ENVOY +- source: + kind: ConfigMap + name: config + fieldPath: data.ENVOY_IMAGE + targets: + - select: + kind: Apicast + fieldPaths: + - spec.staging.marin3r.envoyImage + - spec.production.marin3r.envoyImage + - select: + kind: Backend + fieldPaths: + - spec.listener.marin3r.envoyImage + - select: + kind: EchoAPI + fieldPaths: + - spec.marin3r.envoyImage + - select: + kind: EnvoyDeployment + fieldPaths: + - spec.image diff --git a/config/local-setup/secrets/.gitignore b/config/local-setup/secrets/.gitignore new file mode 100644 index 00000000..c491cbed --- /dev/null +++ b/config/local-setup/secrets/.gitignore @@ -0,0 +1 @@ +pull-secrets.json \ No newline at end of file diff --git a/config/local-setup/secrets/kustomization.yaml b/config/local-setup/secrets/kustomization.yaml new file mode 100644 index 00000000..968c6e33 --- /dev/null +++ b/config/local-setup/secrets/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default + +secretGenerator: + - name: pull-secrets + behavior: create + options: + disableNameSuffixHash: true + type: kubernetes.io/dockerconfigjson + files: + - .dockerconfigjson=pull-secrets.json diff --git a/config/local-setup/system-config/amazon_s3.yml b/config/local-setup/system-config/amazon_s3.yml new file mode 100644 index 00000000..27070209 --- /dev/null +++ b/config/local-setup/system-config/amazon_s3.yml @@ -0,0 +1,19 @@ +default: &default {} + +s3: &s3 + # access_key_id: "<%= ENV['AWS_ACCESS_KEY_ID'] %>" -> can't pass custom envvars to System, not supported + access_key_id: admin + # secret_access_key: "<%= ENV['AWS_SECRET_ACCESS_KEY'] %>" -> can't pass custom envvars to System, not supported + secret_access_key: admin123 + role_arn: "<%= ENV['AWS_ROLE_ARN'] %>" + web_identity_token_file: "<%= ENV['AWS_WEB_IDENTITY_TOKEN_FILE'] %>" + role_session_name: <%= ENV['AWS_ROLE_SESSION_NAME'].presence || '3scale-porta' %> + bucket: "<%= ENV['AWS_BUCKET'] %>" + region: "<%= ENV['AWS_REGION'] %>" + # hostname: "<%= ENV['AWS_HOSTNAME'] %>" -> can't pass custom envvars to System, not supported + hostname: "http://minio.minio.svc.cluster.local:9000" + protocol: "<%= ENV['AWS_PROTOCOL'] %>" + force_path_style: <%= ENV['AWS_PATH_STYLE'].presence || false %> + +production: + <<: *<%= ENV['FILE_UPLOAD_STORAGE'].presence || 'default' %> \ No newline at end of file diff --git a/config/local-setup/system-config/backend.yml b/config/local-setup/system-config/backend.yml new file mode 100644 index 00000000..4d9faa84 --- /dev/null +++ b/config/local-setup/system-config/backend.yml @@ -0,0 +1,6 @@ +production: + url: "<%= ENV.fetch('BACKEND_URL') %>" + public_url: "<%= ENV.fetch('BACKEND_PUBLIC_URL') %>" + persistent: false + timeout: 3 + open_timeout: 3 diff --git a/config/local-setup/system-config/backend_redis.yml b/config/local-setup/system-config/backend_redis.yml new file mode 100644 index 00000000..cf907d7a --- /dev/null +++ b/config/local-setup/system-config/backend_redis.yml @@ -0,0 +1,3 @@ +production: + url: "<%= ENV.fetch('BACKEND_REDIS_URL') %>" + pool_timeout: 5 diff --git a/config/local-setup/system-config/cache_store.yml b/config/local-setup/system-config/cache_store.yml new file mode 100644 index 00000000..d672776a --- /dev/null +++ b/config/local-setup/system-config/cache_store.yml @@ -0,0 +1,3 @@ +production: + - :mem_cache_store + - <%= ENV.fetch('MEMCACHE_SERVERS') %> diff --git a/config/local-setup/system-config/core.yml b/config/local-setup/system-config/core.yml new file mode 100644 index 00000000..07f49e47 --- /dev/null +++ b/config/local-setup/system-config/core.yml @@ -0,0 +1,5 @@ +production: + url: "<%= URI.join(ENV.fetch('BACKEND_URL', 'http://backend-listener:3000'), '/internal/') %>" + fake_server: false + username: "<%= ENV.fetch('CONFIG_INTERNAL_API_USER') %>" + password: "<%= ENV.fetch('CONFIG_INTERNAL_API_PASSWORD') %>" diff --git a/config/local-setup/system-config/cors.yml b/config/local-setup/system-config/cors.yml new file mode 100644 index 00000000..692935eb --- /dev/null +++ b/config/local-setup/system-config/cors.yml @@ -0,0 +1,12 @@ +production: + enabled: true + allow: + - origins: '*' + resources: + - !ruby/regexp /\.(?:woff2?|otf|ttf|svg|eot)$/ + headers: 'x-requested-with' + methods: :get + max_age: 3628800 + credentials: false + exclude: + - path_prefix: /p/signup diff --git a/config/local-setup/system-config/currencies.yml b/config/local-setup/system-config/currencies.yml new file mode 100644 index 00000000..52fe9e61 --- /dev/null +++ b/config/local-setup/system-config/currencies.yml @@ -0,0 +1,11 @@ +production: + 'USD - American Dollar': 'USD' + 'EUR - Euro': 'EUR' + 'GBP - British Pound': 'GBP' + 'NZD - New Zealand dollar': 'NZD' + 'CNY - Chinese Yuan Renminbi': 'CNY' + 'CAD - Canadian Dollar': 'CAD' + 'AUD - Australian Dollar': 'AUD' + 'JPY - Japanese Yen': 'JPY' + 'CHF - Swiss Franc': 'CHF' + 'SAR - Saudi Riyal': 'SAR' diff --git a/config/local-setup/system-config/database.yml b/config/local-setup/system-config/database.yml new file mode 100644 index 00000000..e941d6c5 --- /dev/null +++ b/config/local-setup/system-config/database.yml @@ -0,0 +1,6 @@ +production: + adapter: mysql2 + url: <%= ENV['DATABASE_URL'] %> + pool: 30 + encoding: utf8mb4 + collation: utf8mb4_unicode_ci diff --git a/config/local-setup/system-config/features.yml b/config/local-setup/system-config/features.yml new file mode 100644 index 00000000..015f9ade --- /dev/null +++ b/config/local-setup/system-config/features.yml @@ -0,0 +1,20 @@ +production: + account_deletion: + enabled: true + account_inactivity: 365 + account_suspension: 90 + contract_unpaid_time: 183 + disabled_for_app_plans: + - "%enterprise%" + segment_deletion: + enabled: false + token: "<%= ENV.fetch('SEGMENT_DELETION_TOKEN') %>" + root_uri: https://platform.segmentapis.com/v1beta + workspace: "<%= ENV.fetch('SEGMENT_DELETION_WORKSPACE') %>" + api: regulations + request_size: 1000 + wait_time: 5 + quickstarts: + enabled: true + email_configuration: + enabled: true diff --git a/config/local-setup/system-config/oauth2.yml b/config/local-setup/system-config/oauth2.yml new file mode 100644 index 00000000..e90483c2 --- /dev/null +++ b/config/local-setup/system-config/oauth2.yml @@ -0,0 +1,3 @@ +production: + github: + enabled: false diff --git a/config/local-setup/system-config/paperclip.yml b/config/local-setup/system-config/paperclip.yml new file mode 100644 index 00000000..539ab5b0 --- /dev/null +++ b/config/local-setup/system-config/paperclip.yml @@ -0,0 +1,2 @@ +production: + storage: :s3 diff --git a/config/local-setup/system-config/redhat_customer_portal.yml b/config/local-setup/system-config/redhat_customer_portal.yml new file mode 100644 index 00000000..ed621de5 --- /dev/null +++ b/config/local-setup/system-config/redhat_customer_portal.yml @@ -0,0 +1,2 @@ +production: + enabled: false diff --git a/config/local-setup/system-config/redis.yml b/config/local-setup/system-config/redis.yml new file mode 100644 index 00000000..9d2fde1e --- /dev/null +++ b/config/local-setup/system-config/redis.yml @@ -0,0 +1,4 @@ +production: + url: "<%= ENV.fetch('REDIS_URL') %>" + pool_timeout: 5 + timeout: 1 diff --git a/config/local-setup/system-config/removed/banned_domains.yml b/config/local-setup/system-config/removed/banned_domains.yml new file mode 100644 index 00000000..d99913d8 --- /dev/null +++ b/config/local-setup/system-config/removed/banned_domains.yml @@ -0,0 +1 @@ +production: [] diff --git a/config/local-setup/system-config/removed/internal_domains.yml b/config/local-setup/system-config/removed/internal_domains.yml new file mode 100644 index 00000000..d99913d8 --- /dev/null +++ b/config/local-setup/system-config/removed/internal_domains.yml @@ -0,0 +1 @@ +production: [] diff --git a/config/local-setup/system-config/removed/plan_rules.yml b/config/local-setup/system-config/removed/plan_rules.yml new file mode 100644 index 00000000..13a5be18 --- /dev/null +++ b/config/local-setup/system-config/removed/plan_rules.yml @@ -0,0 +1 @@ +production: {} \ No newline at end of file diff --git a/config/local-setup/system-config/removed/rolling_updates.yml b/config/local-setup/system-config/removed/rolling_updates.yml new file mode 100644 index 00000000..4c2e85bd --- /dev/null +++ b/config/local-setup/system-config/removed/rolling_updates.yml @@ -0,0 +1,27 @@ +production: + forum: false + apicast_v2: true + provider_sso: [] + apicast_oidc: true + log_requests: false + duplicate_user_key: [] + duplicate_application_id: [] + billable_contracts: [] + instant_bill_plan_change: [] + repeatable_usernames: [] + plan_changes_wizard: true + proxy_pro: [] + policies: true + policy_registry: true + billing_sidekiq: true + old_charts: [] + new_provider_documentation: [] + service_permissions: [] + require_cc_on_signup: [] + apicast_per_service: [] + cms_api: [] + service_mesh_integration: [] + proxy_private_base_path: true + api_as_product: true + published_service_plan_signup: [] + new_notification_system: [] \ No newline at end of file diff --git a/config/local-setup/system-config/sandbox_proxy.yml b/config/local-setup/system-config/sandbox_proxy.yml new file mode 100644 index 00000000..67846898 --- /dev/null +++ b/config/local-setup/system-config/sandbox_proxy.yml @@ -0,0 +1,10 @@ +production: + test_api_hosts: + - echo-api-172-27-27-103.nip.io + ignore_test_failures: [] + apicast_staging_endpoint: https://%{system_name}-%{account_id}.staging-172-27-27-102.nip.io + apicast_production_endpoint: https://%{system_name}-%{account_id}.production-172-27-27-101.nip.io + apicast_registry_url: http://apicast-staging-management:8090/policies + self_managed_apicast_registry_url: http://policies.apicast.io/latest/policies.json + backend_endpoint: <%= ENV.fetch('BACKEND_PUBLIC_URL') %> + verify_mode: <%= ::OpenSSL::SSL::VERIFY_PEER %> diff --git a/config/local-setup/system-config/secrets.yml b/config/local-setup/system-config/secrets.yml new file mode 100644 index 00000000..cde626e2 --- /dev/null +++ b/config/local-setup/system-config/secrets.yml @@ -0,0 +1,2 @@ +production: + secret_key_base: "<%= ENV.fetch('SECRET_KEY_BASE') %>" diff --git a/config/local-setup/system-config/segment.yml b/config/local-setup/system-config/segment.yml new file mode 100644 index 00000000..ed621de5 --- /dev/null +++ b/config/local-setup/system-config/segment.yml @@ -0,0 +1,2 @@ +production: + enabled: false diff --git a/config/local-setup/system-config/service_discovery.yml b/config/local-setup/system-config/service_discovery.yml new file mode 100644 index 00000000..ed621de5 --- /dev/null +++ b/config/local-setup/system-config/service_discovery.yml @@ -0,0 +1,2 @@ +production: + enabled: false diff --git a/config/local-setup/system-config/settings.yml b/config/local-setup/system-config/settings.yml new file mode 100644 index 00000000..380cec4d --- /dev/null +++ b/config/local-setup/system-config/settings.yml @@ -0,0 +1,36 @@ +production: + superdomain: "<%= ENV.fetch('THREESCALE_SUPERDOMAIN') %>" + secure_cookie: true + tenant_mode: multitenant + force_ssl: true + active_docs_proxy_disabled: false + apicast_oauth: false + apicast_custom_url: false + daily_weekly_reports_pref: true + readonly_custom_domains_settings: true + asset_host: <%= ENV.fetch('RAILS_ASSET_HOST', nil) %> + bugsnag_api_key: "<%= ENV.fetch('BUGSNAG_API_KEY') %>" + bugsnag_release_stage: <%= ENV.fetch('BUGSNAG_RELEASE_STAGE', Rails.env) %> + events_shared_secret: "<%= ENV.fetch('EVENTS_SHARED_SECRET') %>" + recaptcha_public_key: "<%= ENV.fetch('RECAPTCHA_PUBLIC_KEY') %>" + recaptcha_private_key: "<%= ENV.fetch('RECAPTCHA_PRIVATE_KEY') %>" + user_session_ttl: <%= ENV.fetch('USER_SESSION_TTL', 2.weeks) %> + noreply_email: "admin@cluster.local" + support_email: "admin@cluster.local" + sales_email: "admin@cluster.local" + notification_email: "admin@cluster.local" + report_traffic: true + db_secret: "<%= ENV.fetch('DB_SECRET') %>" + janitor_worker_enabled: true + billing_canaries: [] + email_sanitizer: + enabled: true + to: "admin@cluster.local" + # access_code: "<%= ENV['ACCESS_CODE'] %>" + zync_authentication_token: <%= ENV.fetch('ZYNC_AUTHENTICATION_TOKEN') %> + sysadmin_email: "admin@cluster.local" + impersonation_admin: + username: saas_impersonation_admin + domain: 3scale.redhat.com + active_merchant_mode: :test + bulk_indexing_queue: bulk_indexing diff --git a/config/local-setup/system-config/sidekiq_schedule.yml b/config/local-setup/system-config/sidekiq_schedule.yml new file mode 100644 index 00000000..fcb048ba --- /dev/null +++ b/config/local-setup/system-config/sidekiq_schedule.yml @@ -0,0 +1,37 @@ +monthly_jobs: + cron: '0 0 1 * *' + class: CronJob::Enqueuer + args: ['MONTH'] + queue: critical + status: enabled + +weekly_jobs: + cron: '0 0 * * 1' + class: CronJob::Enqueuer + args: ['WEEK'] + description: "Pdf::Dispatch, JanitorWorker" + queue: critical + status: enabled + +hourly_jobs: + cron: '0 * * * *' + class: CronJob::Enqueuer + args: ['HOUR'] + queue: critical + status: enabled + +daily_jobs: + cron: '0 8 * * *' + class: CronJob::Enqueuer + args: ['DAILY'] + description: "Delete old audits and log entries, Notify about expiring credit cards, Pdf::Dispatch" + queue: critical + status: enabled + +billing_jobs: + cron: '0 8 * * *' + class: CronJob::Enqueuer + args: ['BILLING'] + description: "Billing canaries and the rest" + queue: critical + status: enabled diff --git a/config/local-setup/system-config/smtp.yml b/config/local-setup/system-config/smtp.yml new file mode 100644 index 00000000..9257f022 --- /dev/null +++ b/config/local-setup/system-config/smtp.yml @@ -0,0 +1,11 @@ +production: + address: <%= ENV['SMTP_ADDRESS'] %> + port: <%= ENV.fetch('SMTP_PORT', '25').to_i %> + user_name: <%= ENV['SMTP_USER_NAME'] %> + password: <%= ENV['SMTP_PASSWORD'] %> + domain: <%= ENV['THREESCALE_SUPERDOMAIN'].presence || 'localhost' %> + authentication: "<%= ENV['SMTP_AUTHENTICATION'].presence || 'plain' %>" + enable_starttls_auto: <%= ENV['SMTP_STARTTLS_AUTO'].presence || false %> + enable_starttls: <%= ENV['SMTP_STARTTLS'].presence || true %> + openssl_verify_mode: "<%= ENV['SMTP_OPENSSL_VERIFY_MODE'].presence || 'none' %>" + ca_file: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem diff --git a/config/local-setup/system-config/web_hooks.yml b/config/local-setup/system-config/web_hooks.yml new file mode 100644 index 00000000..7620a73d --- /dev/null +++ b/config/local-setup/system-config/web_hooks.yml @@ -0,0 +1,3 @@ +production: + perform_deliveries: true + sanitized_url: diff --git a/config/local-setup/system-config/zync.yml b/config/local-setup/system-config/zync.yml new file mode 100644 index 00000000..1954adba --- /dev/null +++ b/config/local-setup/system-config/zync.yml @@ -0,0 +1,8 @@ +production: + endpoint: <%= ENV.fetch('ZYNC_ENDPOINT', 'http://zync:8080') %> + authentication: + token: <%= ENV.fetch('ZYNC_AUTHENTICATION_TOKEN') %> + connect_timeout: 2 + send_timeout: 2 + receive_timeout: 10 + skip_non_oidc_applications: true diff --git a/config/local-setup/system.yaml b/config/local-setup/system.yaml new file mode 100644 index 00000000..e1626be7 --- /dev/null +++ b/config/local-setup/system.yaml @@ -0,0 +1,119 @@ +apiVersion: saas.3scale.net/v1alpha1 +kind: System +metadata: + name: system +spec: + image: + name: REPLACE + tag: REPLACE + pullSecretName: pull-secrets + pullPolicy: Always + config: + configFilesSecret: system-config + threescaleSuperdomain: system-172-27-27-105.nip.io + rails: + console: true + environment: production + logLevel: info + redis: + queuesDSN: "redis://system-redis:6379" + backend: + externalEndpoint: "http://backend-172-27-27-100.nip.io" + internalAPIPassword: + override: backend-internal-api-password + internalAPIUser: + override: backend-internal-api-user + internalEndpoint: "http://backend-listener-internal" + redisDSN: "redis://backend-redis:6379/0" + assets: + bucket: system-assets # check config/amazon_s3.yml for the specific minio configuration (https://github.com/3scale/porta/blob/master/openshift/system/config/amazon_s3.yml) + region: us-east-1 + accessKey: + override: admin + secretKey: + override: admin123 + databaseDSN: + override: mysql2://app:password@system-mysql/system_enterprise + databaseSecret: + override: databasesecret + secretKeyBase: + override: 7f3b35479601a66da53071175c4833c888c2630fcafa496dc4046d143ea38666e075116bb4bac3c287b6e5d925815d5958c361786f89dc4211f6ca713ef3487e + eventsSharedSecret: + override: system-events-shared-secret + searchServer: + host: system-searchd + zync: + authToken: + override: zync-auth-token + endpoint: "http://zync:8080" + smtp: + address: smtp.sendgrid.net + authProtocol: plain + opensslVerifyMode: peer + password: + override: "" + port: 587 + starttls: true + starttlsAuto: false + user: + override: "" + github: + clientID: + override: "" + clientSecret: + override: "" + mappingServiceAccessToken: + override: apicast-mtoken + memcachedServers: system-memcached:11211 + recaptcha: + privateKey: + override: "" + publicKey: + override: "" + redhatCustomerPortal: + clientID: + override: "" + clientSecret: + override: "" + realm: "" + segment: + deletionToken: + override: "" + deletionWorkspace: "" + writeKey: + override: "" + app: + hpa: {} + pdb: {} + replicas: 1 + console: {} + searchd: + enabled: true + image: + name: REPLACE + tag: REPLACE + pullSecretName: pull-secrets + pullPolicy: Always + config: + databaseStorageSize: 1Gi + sidekiqBilling: + config: + maxThreads: 5 + hpa: {} + pdb: {} + resources: {} + replicas: 1 + sidekiqDefault: + config: + maxThreads: 5 + hpa: {} + pdb: {} + resources: {} + replicas: 1 + sidekiqLow: + config: + maxThreads: 5 + hpa: {} + pdb: {} + resources: {} + replicas: 1 diff --git a/config/local-setup/zync.yaml b/config/local-setup/zync.yaml new file mode 100644 index 00000000..e37f89e6 --- /dev/null +++ b/config/local-setup/zync.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: saas.3scale.net/v1alpha1 +kind: Zync +metadata: + name: zync +spec: + image: + name: REPLACE + tag: REPLACE + pullSecretName: pull-secrets + pullPolicy: Always + config: + databaseDSN: + override: postgresql://app:password@zync-psql:5432/zync + rails: + environment: production + logLevel: info + secretKeyBase: + override: b0b7de6526e9ea4ad5fabea2d6ccb7d16759c4e07522ea0b7a605e5f84f14b5b45a0aac2418c45810d2fa1e7abeeb33870b0592fbea9aeaf5361ab590ee2600b + zyncAuthToken: + override: zync-auth-token + api: + hpa: {} + pdb: {} + replicas: 1 + resources: {} + console: + enabled: true + resources: {} + que: + hpa: {} + pdb: {} + replicas: 1 + resources: {} diff --git a/config/test/external-apis/envoyconfigs.marin3r.3scale.net.yaml b/config/test/external-apis/envoyconfigs.marin3r.3scale.net.yaml deleted file mode 100644 index 6e6b1986..00000000 --- a/config/test/external-apis/envoyconfigs.marin3r.3scale.net.yaml +++ /dev/null @@ -1,398 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: envoyconfigs.marin3r.3scale.net -spec: - group: marin3r.3scale.net - names: - kind: EnvoyConfig - listKind: EnvoyConfigList - plural: envoyconfigs - shortNames: - - ec - singular: envoyconfig - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.nodeID - name: Node ID - type: string - - jsonPath: .spec.envoyAPI - name: Envoy API - type: string - - jsonPath: .status.desiredVersion - name: Desired Version - type: string - - jsonPath: .status.publishedVersion - name: Published Version - type: string - - jsonPath: .status.cacheState - name: Cache State - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: EnvoyConfig holds the configuration for a given envoy nodeID. - The spec of an EnvoyConfig object holds the Envoy resources that conform - the desired configuration for the given nodeID and that the discovery service - will send to any envoy client that identifies itself with that nodeID. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: EnvoyConfigSpec defines the desired state of EnvoyConfig - properties: - envoyAPI: - description: EnvoyAPI is the version of envoy's API to use. Defaults - to v3. - enum: - - v3 - type: string - envoyResources: - description: EnvoyResources holds the different types of resources - suported by the envoy discovery service - properties: - clusters: - description: 'Clusters is a list of the envoy Cluster resource - type. API V3 reference: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto' - items: - description: EnvoyResource holds serialized representation of - an envoy resource - properties: - name: - description: 'Name of the envoy resource. DEPRECATED: this - field has no effect and will be removed in an upcoming - release. The name of the resources for discovery purposes - is included in the resource itself. Refer to the envoy - API reference to check how the name is specified for each - resource type.' - type: string - value: - description: Value is the serialized representation of the - envoy resource - type: string - required: - - value - type: object - type: array - endpoints: - description: 'Endpoints is a list of the envoy ClusterLoadAssignment - resource type. API V3 reference: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/endpoint/v3/endpoint.proto' - items: - description: EnvoyResource holds serialized representation of - an envoy resource - properties: - name: - description: 'Name of the envoy resource. DEPRECATED: this - field has no effect and will be removed in an upcoming - release. The name of the resources for discovery purposes - is included in the resource itself. Refer to the envoy - API reference to check how the name is specified for each - resource type.' - type: string - value: - description: Value is the serialized representation of the - envoy resource - type: string - required: - - value - type: object - type: array - extensionConfigs: - description: 'ExtensionConfigs is a list of the envoy ExtensionConfig - resource type API V3 reference: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/extension.proto' - items: - description: EnvoyResource holds serialized representation of - an envoy resource - properties: - name: - description: 'Name of the envoy resource. DEPRECATED: this - field has no effect and will be removed in an upcoming - release. The name of the resources for discovery purposes - is included in the resource itself. Refer to the envoy - API reference to check how the name is specified for each - resource type.' - type: string - value: - description: Value is the serialized representation of the - envoy resource - type: string - required: - - value - type: object - type: array - listeners: - description: 'Listeners is a list of the envoy Listener resource - type. API V3 reference: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto' - items: - description: EnvoyResource holds serialized representation of - an envoy resource - properties: - name: - description: 'Name of the envoy resource. DEPRECATED: this - field has no effect and will be removed in an upcoming - release. The name of the resources for discovery purposes - is included in the resource itself. Refer to the envoy - API reference to check how the name is specified for each - resource type.' - type: string - value: - description: Value is the serialized representation of the - envoy resource - type: string - required: - - value - type: object - type: array - routes: - description: 'Routes is a list of the envoy Route resource type. - API V3 reference: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route.proto' - items: - description: EnvoyResource holds serialized representation of - an envoy resource - properties: - name: - description: 'Name of the envoy resource. DEPRECATED: this - field has no effect and will be removed in an upcoming - release. The name of the resources for discovery purposes - is included in the resource itself. Refer to the envoy - API reference to check how the name is specified for each - resource type.' - type: string - value: - description: Value is the serialized representation of the - envoy resource - type: string - required: - - value - type: object - type: array - runtimes: - description: 'Runtimes is a list of the envoy Runtime resource - type. API V3 reference: https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/runtime/v3/rtds.proto' - items: - description: EnvoyResource holds serialized representation of - an envoy resource - properties: - name: - description: 'Name of the envoy resource. DEPRECATED: this - field has no effect and will be removed in an upcoming - release. The name of the resources for discovery purposes - is included in the resource itself. Refer to the envoy - API reference to check how the name is specified for each - resource type.' - type: string - value: - description: Value is the serialized representation of the - envoy resource - type: string - required: - - value - type: object - type: array - scopedRoutes: - description: 'ScopedRoutes is a list of the envoy ScopeRoute resource - type. API V3 reference: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/scoped_route.proto' - items: - description: EnvoyResource holds serialized representation of - an envoy resource - properties: - name: - description: 'Name of the envoy resource. DEPRECATED: this - field has no effect and will be removed in an upcoming - release. The name of the resources for discovery purposes - is included in the resource itself. Refer to the envoy - API reference to check how the name is specified for each - resource type.' - type: string - value: - description: Value is the serialized representation of the - envoy resource - type: string - required: - - value - type: object - type: array - secrets: - description: Secrets is a list of references to Kubernetes Secret - objects. - items: - description: EnvoySecretResource holds a reference to a k8s - Secret from where to take a secret from. Only Secrets within - the same namespace can be referred. - properties: - name: - description: Name of the envoy resource. If ref is not set, - a Secret with this same name will be fetched from within - the namespace. - type: string - ref: - description: Ref is a reference to a Kubernetes Secret of - type "kubernetes.io/tls". The value of 'ref' cannot point - to a different namespace. - properties: - name: - description: name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: namespace defines the space within which - the secret name must be unique. - type: string - type: object - x-kubernetes-map-type: atomic - required: - - name - type: object - type: array - type: object - nodeID: - description: NodeID holds the envoy identifier for the discovery service - to know which set of resources to send to each of the envoy clients - that connect to it. - type: string - serialization: - description: Serialization specicifies the serialization format used - to describe the resources. "json" and "yaml" are supported. "json" - is used if unset. - enum: - - json - - b64json - - yaml - type: string - required: - - envoyResources - - nodeID - type: object - status: - description: EnvoyConfigStatus defines the observed state of EnvoyConfig - properties: - cacheState: - description: CacheState summarizes all the observations about the - EnvoyConfig to give the user a concrete idea on the general status - of the discovery servie cache. It is intended only for human consumption. - Other controllers should relly on conditions to determine the status - of the discovery server cache. - type: string - conditions: - description: Conditions represent the latest available observations - of an object's state - items: - description: "Condition represents an observation of an object's - state. Conditions are an extension mechanism intended to be used - when the details of an observation are not a priori known or would - not apply to all instances of a given Kind. \n Conditions should - be added to explicitly convey properties that users and components - care about rather than requiring those properties to be inferred - from other observations. Once defined, the meaning of a Condition - can not be changed arbitrarily - it becomes part of the API, and - has the same backwards- and forwards-compatibility concerns of - any other part of the API." - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - description: ConditionReason is intended to be a one-word, CamelCase - representation of the category of cause of the current status. - It is intended to be used in concise output, such as one-line - kubectl get output, and in summarizing occurrences of causes. - type: string - status: - type: string - type: - description: "ConditionType is the type of the condition and - is typically a CamelCased word or short phrase. \n Condition - types should indicate state in the \"abnormal-true\" polarity. - For example, if the condition indicates when a policy is invalid, - the \"is valid\" case is probably the norm, so the condition - should be called \"Invalid\"." - type: string - required: - - status - - type - type: object - type: array - desiredVersion: - description: DesiredVersion represents the resources version described - in the spec of the EnvoyConfig object - type: string - publishedVersion: - description: PublishedVersion is the config version currently served - by the envoy discovery service for the give nodeID - type: string - revisions: - description: ConfigRevisions is an ordered list of references to EnvoyConfigRevision - objects - items: - description: ConfigRevisionRef holds a reference to EnvoyConfigRevision - object - properties: - ref: - description: Ref is a reference to the EnvoyConfigRevision object - that holds the configuration matching the Version field. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way - of referencing a part of an object. TODO: this design - is not final and this field is subject to change in the - future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - x-kubernetes-map-type: atomic - version: - description: Version is a hash of the EnvoyResources field - type: string - required: - - ref - - version - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/config/test/external-apis/externalsecrets.external-secrets.io.yaml b/config/test/external-apis/externalsecrets.external-secrets.io.yaml deleted file mode 100644 index 2553d715..00000000 --- a/config/test/external-apis/externalsecrets.external-secrets.io.yaml +++ /dev/null @@ -1,553 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null - name: externalsecrets.external-secrets.io -spec: - group: external-secrets.io - names: - categories: - - externalsecrets - kind: ExternalSecret - listKind: ExternalSecretList - plural: externalsecrets - shortNames: - - es - singular: externalsecret - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.secretStoreRef.name - name: Store - type: string - - jsonPath: .spec.refreshInterval - name: Refresh Interval - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].reason - name: Status - type: string - deprecated: true - name: v1alpha1 - schema: - openAPIV3Schema: - description: ExternalSecret is the Schema for the external-secrets API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ExternalSecretSpec defines the desired state of ExternalSecret. - properties: - data: - description: Data defines the connection between the Kubernetes Secret - keys and the Provider data - items: - description: ExternalSecretData defines the connection between the - Kubernetes Secret key (spec.data.) and the Provider data. - properties: - remoteRef: - description: ExternalSecretDataRemoteRef defines Provider data - location. - properties: - conversionStrategy: - default: Default - description: Used to define a conversion Strategy - type: string - key: - description: Key is the key used in the Provider, mandatory - type: string - property: - description: Used to select a specific property of the Provider - value (if a map), if supported - type: string - version: - description: Used to select a specific version of the Provider - value, if supported - type: string - required: - - key - type: object - secretKey: - type: string - required: - - remoteRef - - secretKey - type: object - type: array - dataFrom: - description: DataFrom is used to fetch all properties from a specific - Provider data If multiple entries are specified, the Secret keys - are merged in the specified order - items: - description: ExternalSecretDataRemoteRef defines Provider data location. - properties: - conversionStrategy: - default: Default - description: Used to define a conversion Strategy - type: string - key: - description: Key is the key used in the Provider, mandatory - type: string - property: - description: Used to select a specific property of the Provider - value (if a map), if supported - type: string - version: - description: Used to select a specific version of the Provider - value, if supported - type: string - required: - - key - type: object - type: array - refreshInterval: - default: 1h - description: RefreshInterval is the amount of time before the values - are read again from the SecretStore provider Valid time units are - "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to - fetch and create it once. Defaults to 1h. - type: string - secretStoreRef: - description: SecretStoreRef defines which SecretStore to fetch the - ExternalSecret data. - properties: - kind: - description: Kind of the SecretStore resource (SecretStore or - ClusterSecretStore) Defaults to `SecretStore` - type: string - name: - description: Name of the SecretStore resource - type: string - required: - - name - type: object - target: - description: ExternalSecretTarget defines the Kubernetes Secret to - be created There can be only one target per ExternalSecret. - properties: - creationPolicy: - default: Owner - description: CreationPolicy defines rules on how to create the - resulting Secret Defaults to 'Owner' - type: string - immutable: - description: Immutable defines if the final secret will be immutable - type: boolean - name: - description: Name defines the name of the Secret resource to be - managed This field is immutable Defaults to the .metadata.name - of the ExternalSecret resource - type: string - template: - description: Template defines a blueprint for the created Secret - resource. - properties: - data: - additionalProperties: - type: string - type: object - engineVersion: - default: v1 - description: EngineVersion specifies the template engine version - that should be used to compile/execute the template specified - in .data and .templateFrom[]. - type: string - metadata: - description: ExternalSecretTemplateMetadata defines metadata - fields for the Secret blueprint. - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - templateFrom: - items: - maxProperties: 1 - minProperties: 1 - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - required: - - key - type: object - type: array - name: - type: string - required: - - items - - name - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - required: - - key - type: object - type: array - name: - type: string - required: - - items - - name - type: object - type: object - type: array - type: - type: string - type: object - type: object - required: - - secretStoreRef - - target - type: object - status: - properties: - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - refreshTime: - description: refreshTime is the time and date the external secret - was fetched and the target secret updated - format: date-time - nullable: true - type: string - syncedResourceVersion: - description: SyncedResourceVersion keeps track of the last synced - version - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.secretStoreRef.name - name: Store - type: string - - jsonPath: .spec.refreshInterval - name: Refresh Interval - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].reason - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: ExternalSecret is the Schema for the external-secrets API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ExternalSecretSpec defines the desired state of ExternalSecret. - properties: - data: - description: Data defines the connection between the Kubernetes Secret - keys and the Provider data - items: - description: ExternalSecretData defines the connection between the - Kubernetes Secret key (spec.data.) and the Provider data. - properties: - remoteRef: - description: ExternalSecretDataRemoteRef defines Provider data - location. - properties: - conversionStrategy: - default: Default - description: Used to define a conversion Strategy - type: string - key: - description: Key is the key used in the Provider, mandatory - type: string - property: - description: Used to select a specific property of the Provider - value (if a map), if supported - type: string - version: - description: Used to select a specific version of the Provider - value, if supported - type: string - required: - - key - type: object - secretKey: - type: string - required: - - remoteRef - - secretKey - type: object - type: array - dataFrom: - description: DataFrom is used to fetch all properties from a specific - Provider data If multiple entries are specified, the Secret keys - are merged in the specified order - items: - maxProperties: 1 - minProperties: 1 - properties: - extract: - description: Used to extract multiple key/value pairs from one - secret - properties: - conversionStrategy: - default: Default - description: Used to define a conversion Strategy - type: string - key: - description: Key is the key used in the Provider, mandatory - type: string - property: - description: Used to select a specific property of the Provider - value (if a map), if supported - type: string - version: - description: Used to select a specific version of the Provider - value, if supported - type: string - required: - - key - type: object - find: - description: Used to find secrets based on tags or regular expressions - properties: - conversionStrategy: - default: Default - description: Used to define a conversion Strategy - type: string - name: - description: Finds secrets based on the name. - properties: - regexp: - description: Finds secrets base - type: string - type: object - path: - description: A root path to start the find operations. - type: string - tags: - additionalProperties: - type: string - description: Find secrets based on tags. - type: object - type: object - type: object - type: array - refreshInterval: - default: 1h - description: RefreshInterval is the amount of time before the values - are read again from the SecretStore provider Valid time units are - "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to - fetch and create it once. Defaults to 1h. - type: string - secretStoreRef: - description: SecretStoreRef defines which SecretStore to fetch the - ExternalSecret data. - properties: - kind: - description: Kind of the SecretStore resource (SecretStore or - ClusterSecretStore) Defaults to `SecretStore` - type: string - name: - description: Name of the SecretStore resource - type: string - required: - - name - type: object - target: - description: ExternalSecretTarget defines the Kubernetes Secret to - be created There can be only one target per ExternalSecret. - properties: - creationPolicy: - default: Owner - description: CreationPolicy defines rules on how to create the - resulting Secret Defaults to 'Owner' - enum: - - Owner - - Orphan - - Merge - - None - type: string - deletionPolicy: - default: Retain - description: DeletionPolicy defines rules on how to delete the - resulting Secret Defaults to 'Retain' - enum: - - Delete - - Merge - - Retain - type: string - immutable: - description: Immutable defines if the final secret will be immutable - type: boolean - name: - description: Name defines the name of the Secret resource to be - managed This field is immutable Defaults to the .metadata.name - of the ExternalSecret resource - type: string - template: - description: Template defines a blueprint for the created Secret - resource. - properties: - data: - additionalProperties: - type: string - type: object - engineVersion: - default: v2 - type: string - metadata: - description: ExternalSecretTemplateMetadata defines metadata - fields for the Secret blueprint. - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - templateFrom: - items: - maxProperties: 1 - minProperties: 1 - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - required: - - key - type: object - type: array - name: - type: string - required: - - items - - name - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - required: - - key - type: object - type: array - name: - type: string - required: - - items - - name - type: object - type: object - type: array - type: - type: string - type: object - type: object - required: - - secretStoreRef - - target - type: object - status: - properties: - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - refreshTime: - description: refreshTime is the time and date the external secret - was fetched and the target secret updated - format: date-time - nullable: true - type: string - syncedResourceVersion: - description: SyncedResourceVersion keeps track of the last synced - version - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] \ No newline at end of file diff --git a/config/test/external-apis/grafanadashboards.integreatly.org.yaml b/config/test/external-apis/grafanadashboards.integreatly.org.yaml deleted file mode 100644 index 33834052..00000000 --- a/config/test/external-apis/grafanadashboards.integreatly.org.yaml +++ /dev/null @@ -1,110 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: grafanadashboards.integreatly.org -spec: - group: integreatly.org - names: - kind: GrafanaDashboard - listKind: GrafanaDashboardList - plural: grafanadashboards - singular: grafanadashboard - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: GrafanaDashboard is the Schema for the grafanadashboards API - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: GrafanaDashboardSpec defines the desired state of GrafanaDashboard - properties: - configMapRef: - description: Selects a key from a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether the ConfigMap or its key must be - defined - type: boolean - required: - - key - type: object - customFolderName: - type: string - datasources: - items: - properties: - datasourceName: - type: string - inputName: - type: string - required: - - datasourceName - - inputName - type: object - type: array - grafanaCom: - properties: - id: - type: integer - revision: - type: integer - required: - - id - type: object - json: - type: string - jsonnet: - type: string - plugins: - items: - description: GrafanaPlugin contains information about a single plugin - properties: - name: - type: string - version: - type: string - required: - - name - - version - type: object - type: array - url: - type: string - type: object - status: - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/config/test/external-apis/pipelines.tekton.dev.yaml b/config/test/external-apis/pipelines.tekton.dev.yaml deleted file mode 100644 index a3378fe6..00000000 --- a/config/test/external-apis/pipelines.tekton.dev.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: pipelines.tekton.dev - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.49.0" - version: "v0.49.0" -spec: - group: tekton.dev - preserveUnknownFields: false - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # OpenAPIV3 schema allows Kubernetes to perform validation on the schema fields - # and use the schema in tooling such as `kubectl explain`. - # Using "x-kubernetes-preserve-unknown-fields: true" - # at the root of the schema (or within it) allows arbitrary fields. - # We currently perform our own validation separately. - # See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema - # for more info. - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - names: - kind: Pipeline - plural: pipelines - singular: pipeline - categories: - - tekton - - tekton-pipelines - scope: Namespaced - # conversion: - # strategy: Webhook - # webhook: - # conversionReviewVersions: ["v1beta1", "v1"] - # clientConfig: - # service: - # name: tekton-pipelines-webhook - # namespace: tekton-pipelines diff --git a/config/test/external-apis/podmonitors.monitoring.coreos.com.yaml b/config/test/external-apis/podmonitors.monitoring.coreos.com.yaml deleted file mode 100644 index db04fdbb..00000000 --- a/config/test/external-apis/podmonitors.monitoring.coreos.com.yaml +++ /dev/null @@ -1,353 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: podmonitors.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - kind: PodMonitor - listKind: PodMonitorList - plural: podmonitors - singular: podmonitor - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodMonitor defines monitoring for a set of pods. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of desired Pod selection for target discovery by Prometheus. - properties: - jobLabel: - description: The label to use to retrieve the job name from. - type: string - namespaceSelector: - description: Selector to select which namespaces the Endpoints objects are discovered from. - properties: - any: - description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names. - items: - type: string - type: array - type: object - podMetricsEndpoints: - description: A list of endpoints allowed as part of this PodMonitor. - items: - description: PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' - properties: - password: - description: The secret in the service monitor namespace that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - username: - description: The secret in the service monitor namespace that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - bearerTokenSecret: - description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the pod monitor and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - honorLabels: - description: HonorLabels chooses the metric's labels on collisions with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. - type: boolean - interval: - description: Interval at which metrics should be scraped - type: string - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. - items: - description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - description: Action to perform based on regex matching. Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. - type: string - type: object - type: array - params: - additionalProperties: - items: - type: string - type: array - description: Optional HTTP URL parameters - type: object - path: - description: HTTP path to scrape for metrics. - type: string - port: - description: Name of the pod port this endpoint refers to. Mutually exclusive with targetPort. - type: string - proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. - type: string - relabelings: - description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' - items: - description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - description: Action to perform based on regex matching. Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. - type: string - type: object - type: array - scheme: - description: HTTP scheme to use for scraping. - type: string - scrapeTimeout: - description: Timeout after which the scrape is ended - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Deprecated: Use ''port'' instead.' - x-kubernetes-int-or-string: true - tlsConfig: - description: TLS configuration to use when scraping the endpoint. - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - type: object - type: array - podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target. - items: - type: string - type: array - sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - format: int64 - type: integer - selector: - description: Selector to select Pod objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - targetLimit: - description: TargetLimit defines a limit on the number of scraped targets that will be accepted. - format: int64 - type: integer - required: - - podMetricsEndpoints - - selector - type: object - required: - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] \ No newline at end of file diff --git a/config/test/external-apis/servicemonitors.monitoring.coreos.com.yaml b/config/test/external-apis/servicemonitors.monitoring.coreos.com.yaml deleted file mode 100644 index 04693344..00000000 --- a/config/test/external-apis/servicemonitors.monitoring.coreos.com.yaml +++ /dev/null @@ -1,639 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null - name: servicemonitors.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: ServiceMonitor - listKind: ServiceMonitorList - plural: servicemonitors - shortNames: - - smon - singular: servicemonitor - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: ServiceMonitor defines monitoring for a set of services. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of desired Service selection for target discovery - by Prometheus. - properties: - endpoints: - description: A list of endpoints allowed as part of this ServiceMonitor. - items: - description: Endpoint defines a scrapeable endpoint serving Prometheus - metrics. - properties: - authorization: - description: Authorization section for this endpoint - properties: - credentials: - description: The secret's key that contains the credentials - of the request - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error - type: string - type: object - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: The secret in the service monitor namespace - that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - username: - description: The secret in the service monitor namespace - that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - type: object - bearerTokenFile: - description: File to read bearer token for scraping targets. - type: string - bearerTokenSecret: - description: Secret to mount to read bearer token for scraping - targets. The secret needs to be in the same namespace as the - service monitor and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - followRedirects: - description: FollowRedirects configures whether scrape requests - follow HTTP 3xx redirects. - type: boolean - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - interval: - description: Interval at which metrics should be scraped - type: string - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before - ingestion. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - default: replace - description: Action to perform based on regex matching. - Default is 'replace' - enum: - - replace - - keep - - drop - - hashmod - - labelmap - - labeldrop - - labelkeep - type: string - modulus: - description: Modulus to take of the hash of the source - label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. - items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: object - type: array - oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. - properties: - clientId: - description: The secret or configmap containing the OAuth2 - client id - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - clientSecret: - description: The secret containing the OAuth2 client secret - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - endpointParams: - additionalProperties: - type: string - description: Parameters to append to the token URL - type: object - scopes: - description: OAuth2 scopes used for the token request - items: - type: string - type: array - tokenUrl: - description: The URL to fetch the token from - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - params: - additionalProperties: - items: - type: string - type: array - description: Optional HTTP URL parameters - type: object - path: - description: HTTP path to scrape for metrics. - type: string - port: - description: Name of the service port this endpoint refers to. - Mutually exclusive with targetPort. - type: string - proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. - type: string - relabelings: - description: 'RelabelConfigs to apply to samples before scraping. - Prometheus Operator automatically adds relabelings for a few - standard Kubernetes fields. The original scrape job''s name - is available via the `__tmp_prometheus_job_name` label. More - info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - default: replace - description: Action to perform based on regex matching. - Default is 'replace' - enum: - - replace - - keep - - drop - - hashmod - - labelmap - - labeldrop - - labelkeep - type: string - modulus: - description: Modulus to take of the hash of the source - label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. - items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: object - type: array - scheme: - description: HTTP scheme to use for scraping. - type: string - scrapeTimeout: - description: Timeout after which the scrape is ended - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: Name or number of the target port of the Pod behind - the Service, the port must be specified with container port - property. Mutually exclusive with port. - x-kubernetes-int-or-string: true - tlsConfig: - description: TLS configuration to use when scraping the endpoint - properties: - ca: - description: Struct containing the CA cert to use for the - targets. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. - type: string - cert: - description: Struct containing the client cert file for - the targets. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - certFile: - description: Path to the client cert file in the Prometheus - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus - container for the targets. - type: string - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - type: object - type: array - jobLabel: - description: "Chooses the label of the Kubernetes `Endpoints`. Its - value will be used for the `job`-label's value of the created metrics. - \n Default & fallback value: the name of the respective Kubernetes - `Endpoint`." - type: string - labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. - format: int64 - type: integer - labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. - format: int64 - type: integer - labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. - format: int64 - type: integer - namespaceSelector: - description: Selector to select which namespaces the Kubernetes Endpoints - objects are discovered from. - properties: - any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names to select from. - items: - type: string - type: array - type: object - podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes `Pod` - onto the created metrics. - items: - type: string - type: array - sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. - format: int64 - type: integer - selector: - description: Selector to select Endpoints objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - targetLabels: - description: TargetLabels transfers labels from the Kubernetes `Service` - onto the created metrics. - items: - type: string - type: array - targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. - format: int64 - type: integer - required: - - endpoints - - selector - type: object - required: - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] \ No newline at end of file diff --git a/config/test/external-apis/tasks.tekton.dev.yaml b/config/test/external-apis/tasks.tekton.dev.yaml deleted file mode 100644 index 3110700b..00000000 --- a/config/test/external-apis/tasks.tekton.dev.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: tasks.tekton.dev - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.49.0" - version: "v0.49.0" -spec: - group: tekton.dev - preserveUnknownFields: false - versions: - - name: v1beta1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # TODO(#1461): Add OpenAPIV3 schema - # OpenAPIV3 schema allows Kubernetes to perform validation on the schema fields - # and use the schema in tooling such as `kubectl explain`. - # Using "x-kubernetes-preserve-unknown-fields: true" - # at the root of the schema (or within it) allows arbitrary fields. - # We currently perform our own validation separately. - # See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema - # for more info. - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - names: - kind: Task - plural: tasks - singular: task - categories: - - tekton - - tekton-pipelines - scope: Namespaced - # conversion: - # strategy: Webhook - # webhook: - # conversionReviewVersions: ["v1beta1", "v1"] - # clientConfig: - # service: - # name: tekton-pipelines-webhook - # namespace: tekton-pipelines diff --git a/config/test/kustomization.yaml b/config/test/kustomization.yaml index a34f3ad4..673315d7 100644 --- a/config/test/kustomization.yaml +++ b/config/test/kustomization.yaml @@ -3,13 +3,7 @@ kind: Kustomization namespace: default resources: - ../default - - external-apis/grafanadashboards.integreatly.org.yaml - - external-apis/podmonitors.monitoring.coreos.com.yaml - - external-apis/servicemonitors.monitoring.coreos.com.yaml - - external-apis/externalsecrets.external-secrets.io.yaml - - external-apis/envoyconfigs.marin3r.3scale.net.yaml - - external-apis/pipelines.tekton.dev.yaml - - external-apis/tasks.tekton.dev.yaml + patches: - target: group: apps @@ -51,3 +45,17 @@ patches: value: ClusterRole - op: remove path: /metadata/namespace + +# For redis backups testing +generatorOptions: + disableNameSuffixHash: true + +secretGenerator: +- name: redis-backup-ssh-private-key + type: kubernetes.io/ssh-auth + files: + - ssh-privatekey=../../test/assets/redis-with-ssh/test-ssh-key +- name: aws-credentials + literals: + - AWS_ACCESS_KEY_ID=admin + - AWS_SECRET_ACCESS_KEY=admin123 diff --git a/config/test/redis-backups/kustomization.yaml b/config/test/redis-backups/kustomization.yaml deleted file mode 100644 index 20a1d39d..00000000 --- a/config/test/redis-backups/kustomization.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default - -helmCharts: - - name: minio - repo: https://charts.min.io - version: v5.0.13 - releaseName: minio - namespace: default - valuesInline: - mode: standalone - persistence: - enabled: false - resources: - requests: - memory: 1Mi - buckets: - - name: my-bucket - purge: true - versioning: false - rootUser: admin - rootPassword: admin123 - -generatorOptions: - disableNameSuffixHash: true - -secretGenerator: -- name: redis-backup-ssh-private-key - type: kubernetes.io/ssh-auth - files: - - ssh-privatekey=../../../test/assets/redis-with-ssh/test-ssh-key -- name: aws-credentials - literals: - - AWS_ACCESS_KEY_ID=admin - - AWS_SECRET_ACCESS_KEY=admin123 diff --git a/controllers/reconciler_config.go b/controllers/reconciler_config.go index 5a90adaf..3c836bbf 100644 --- a/controllers/reconciler_config.go +++ b/controllers/reconciler_config.go @@ -22,6 +22,9 @@ func init() { "spec.clusterIP", "spec.clusterIPs", }, + IgnoreProperties: []string{ + "metadata.annotations['metallb.universe.tf/ip-allocated-from-pool']", + }, }) config.SetDefaultReconcileConfigForGVK( schema.FromAPIVersionAndKind("v1", "ConfigMap"), diff --git a/controllers/suite_test.go b/controllers/suite_test.go index 2d5ed668..1fa730f5 100644 --- a/controllers/suite_test.go +++ b/controllers/suite_test.go @@ -73,7 +73,7 @@ var _ = BeforeSuite(func() { testEnv = &envtest.Environment{ CRDDirectoryPaths: []string{ filepath.Join("..", "config", "crd", "bases"), - filepath.Join("..", "config", "test", "external-apis"), + filepath.Join("..", "test", "assets", "external-apis"), }, } diff --git a/hack/apply-kustomize.sh b/hack/apply-kustomize.sh new file mode 100755 index 00000000..a6260177 --- /dev/null +++ b/hack/apply-kustomize.sh @@ -0,0 +1,77 @@ +#!/bin/bash + +set -eu + +function generate_resources() { + local KPATH=${1} + local RESFILE=$(mktemp) + ${KUSTOMIZE_BIN} build ${KUSTOMIZE_OPTIONS} ${KPATH} > ${RESFILE} + echo ${RESFILE} +} + +function filter_resources() { + local RESFILE=${1} + local FILTER=${2} + cat ${RESFILE} | ${YQ_BIN} ". | select(${FILTER})" +} + +function resource_names() { + local RESFILE=${1} + local FILTER=${2} + filter_resources ${RESFILE} "${FILTER}" | ${YQ_BIN} -N .metadata.name +} + +function deploy_crds() { + local RESFILE=${1} + local FILTER=".kind == \"CustomResourceDefinition\"" + if [[ $(resource_names ${RESFILE} "${FILTER}") != "null" ]]; then + echo; echo "#################### > Deploying CRDs for ${NAME}" + filter_resources ${RESFILE} "${FILTER}" | kubectl apply -f - + resource_names ${RESFILE} "${FILTER}" | xargs kubectl wait --for condition=established --timeout=60s crd + fi +} + +function wait_for() { + local KIND=${1} + local NS=${2} + FILTER=".kind == \"${KIND}\"" + if [[ $(resource_names ${RESFILE} "${FILTER}") != "null" ]]; then + for ITEM in $(resource_names ${RESFILE} "${FILTER}"); do + echo; echo "#################### > Waiting for ${KIND} ${ITEM} in namespace ${NS}" + local SELECTOR=$(kubectl -n ${NS} describe ${KIND} ${ITEM} | awk '/Selector/{print $2}') + kubectl -n ${NS} get pods -l ${SELECTOR} --no-headers -o name | xargs kubectl -n ${NS} wait --for condition=ready + done + fi +} + +function deploy_controller() { + local RESFILE=${1} + local FILTER=".kind != \"CustomResourceDefinition\" and .apiVersion != \"*${NAME}*\"" + if [[ $(resource_names ${RESFILE} "${FILTER}") != "null" ]]; then + echo; echo "#################### > Deploying controller for ${NAME}" + filter_resources ${RESFILE} "${FILTER}" | kubectl apply -f - + for KIND in "Deployment" "StatefulSet"; do wait_for ${KIND} ${NAME}; done + fi +} + +function deploy_custom_resources() { + local RESFILE=${1} + local FILTER=".kind != \"CustomResourceDefinition\" and .apiVersion == \"*${NAME}*\"" + if [[ $(resource_names ${RESFILE} "${FILTER}") != "null" ]]; then + echo; echo "#################### > Deploying custom resources for ${NAME}" + filter_resources ${RESFILE} "${FILTER}" | kubectl apply -f - + fi +} + + +test -n "${KUSTOMIZE_BIN}" || (echo "KUSTOMIZE_BIN envvar must be set" && exit -1) +test -n "${YQ_BIN}" || (echo "YQ_BIN envvar must be set" && exit -1) +test -n "${BASE_PATH}" || (echo "BASE_PATH envvar must be set" && exit -1) + +KUSTOMIZE_OPTIONS="--enable-helm" +NAME=${1} +RESFILE=$(generate_resources ${BASE_PATH}/${NAME}) +deploy_crds ${RESFILE} +deploy_controller ${RESFILE} +deploy_custom_resources ${RESFILE} +rm -f ${RESFILE} diff --git a/test/assets/external-apis/.gitignore b/test/assets/external-apis/.gitignore new file mode 100644 index 00000000..2a616051 --- /dev/null +++ b/test/assets/external-apis/.gitignore @@ -0,0 +1 @@ +*.yaml \ No newline at end of file diff --git a/test/e2e/shardedredisbackup_suite_test.go b/test/e2e/shardedredisbackup_suite_test.go index 67d3baca..892191e5 100644 --- a/test/e2e/shardedredisbackup_suite_test.go +++ b/test/e2e/shardedredisbackup_suite_test.go @@ -24,8 +24,9 @@ import ( const ( awsCredentials = "aws-credentials" sshPrivateKey = "redis-backup-ssh-private-key" - bucketName = "my-bucket" - backupsPath = "backups" + bucketName = "backups" + backupsPath = "redis" + minioNamespace = "minio" ) var _ = Describe("shardedredisbackup e2e suite", func() { @@ -167,7 +168,7 @@ var _ = Describe("shardedredisbackup e2e suite", func() { CredentialsSecretRef: corev1.LocalObjectReference{ Name: "aws-credentials", }, - ServiceEndpoint: util.Pointer("http://minio.default.svc.cluster.local:9000"), + ServiceEndpoint: util.Pointer(fmt.Sprintf("http://minio.%s.svc.cluster.local:9000", minioNamespace)), }, PollInterval: &metav1.Duration{Duration: 1 * time.Second}, }, @@ -243,7 +244,7 @@ var _ = Describe("shardedredisbackup e2e suite", func() { ctx := context.Background() list := &corev1.PodList{} err := k8sClient.List(context.Background(), list, - client.InNamespace("default"), + client.InNamespace(minioNamespace), client.MatchingLabels{"app": "minio"}) Expect(err).ToNot(HaveOccurred()) Expect(len(list.Items)).To(Equal(1))