diff --git a/k8s-manifests/2.3.0/cle-cluster-scope-percona-mongo.yaml b/k8s-manifests/2.3.0/cle-cluster-scope-percona-mongo.yaml new file mode 100644 index 0000000..2bdabef --- /dev/null +++ b/k8s-manifests/2.3.0/cle-cluster-scope-percona-mongo.yaml @@ -0,0 +1,1343 @@ +### RBAC Manifests +## If SELF_CLUSTER="true" then these permissions are required to apply +## https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/1b_argo_rbac.yaml +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argo-cr-for-litmusportal-server +rules: +- apiGroups: [""] + resources: [pods, pods/exec] + verbs: [create, get, list, watch, update, patch, delete] +- apiGroups: [""] + resources: [configmaps] + verbs: [get, watch, list] +- apiGroups: [""] + resources: [persistentvolumeclaims] + verbs: [create, delete] +- apiGroups: [argoproj.io] + resources: [workflows, workflows/finalizers] + verbs: [get, list, watch, update, patch, delete, create] +- apiGroups: [argoproj.io] + resources: [workflowtemplates, workflowtemplates/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, workflowtasksets] + verbs: [get, list, watch] +- apiGroups: [""] + resources: [serviceaccounts] + verbs: [get, list] +- apiGroups: [argoproj.io] + resources: [cronworkflows, cronworkflows/finalizers] + verbs: [get, list, watch, update, patch, delete] +- apiGroups: [""] + resources: [events] + verbs: [create, patch] +- apiGroups: [policy] + resources: [poddisruptionbudgets] + verbs: [create, get, delete] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: argo-crb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-cr-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/2b_litmus_rbac.yaml +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: litmus-cluster-scope-for-litmusportal-server + labels: + app.kubernetes.io/name: litmus + # provide unique instance-id if applicable + # app.kubernetes.io/instance: litmus-abcxzy + app.kubernetes.io/version: v2.0.0 + app.kubernetes.io/component: operator-clusterrole + app.kubernetes.io/part-of: litmus + app.kubernetes.io/managed-by: kubectl + name: litmus-cluster-scope-for-litmusportal-server +rules: + - apiGroups: [""] + resources: [replicationcontrollers, secrets] + verbs: [get, list] + - apiGroups: [apps.openshift.io] + resources: [deploymentconfigs] + verbs: [get, list] + - apiGroups: [apps] + resources: [deployments, daemonsets, replicasets, statefulsets] + verbs: [get, list] + - apiGroups: [batch] + resources: [jobs] + verbs: [get, list, deletecollection] + - apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [get, list] + - apiGroups: [""] + resources: [pods, configmaps, events, services] + verbs: [get, create, update, patch, delete, list, watch, deletecollection] + - apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosexperiments, chaosresults] + verbs: [get, create, update, patch, delete, list, watch, deletecollection] + - apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [list, get] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: litmus-cluster-scope-crb-for-litmusportal-server + labels: + app.kubernetes.io/name: litmus + # provide unique instance-id if applicable + # app.kubernetes.io/instance: litmus-abcxzy + app.kubernetes.io/version: v2.0.0 + app.kubernetes.io/component: operator-clusterrolebinding + app.kubernetes.io/part-of: litmus + app.kubernetes.io/managed-by: kubectl + name: litmus-cluster-scope-crb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: litmus-cluster-scope-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/3a_agents_rbac.yaml +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: litmus-admin-cr-for-litmusportal-server + labels: + name: litmus-admin-cr-for-litmusportal-server +rules: + # *************************************************************************************** + # Permissions needed for preparing and monitor the chaos resources by chaos-runner + # *************************************************************************************** + + # The chaos operator watches the chaosengine resource and orchestartes the chaos experiment.. + ## .. by creating the chaos-runner + + # for creating and monitoring the chaos-runner pods +- apiGroups: [""] + resources: [pods,events] + verbs: [create, delete, get, list, patch, update, deletecollection] + + # for fetching configmaps and secrets to inject into chaos-runner pod (if specified) +- apiGroups: [""] + resources: [secrets, configmaps] + verbs: [get, list] + + # for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner +- apiGroups: [""] + resources: [pods/log] + verbs: [get, list, watch] + + # for configuring and monitor the experiment job by chaos-runner pod +- apiGroups: [batch] + resources: [jobs] + verbs: [create, list, get, delete, deletecollection] + + # ******************************************************************** + # Permissions needed for creation and discovery of chaos experiments + # ******************************************************************** + + # The helper pods are created by experiment to perform the actual chaos injection ... + # ... for a period of chaos duration + + # for creating and deleting the helper or target app pod and events by experiment +- apiGroups: [""] + resources: [pods] + verbs: [create, delete, deletecollection] + + # for creating and monitoring the events for chaos operations +- apiGroups: [""] + resources: [events] + verbs: [create, delete, get, list, patch, update, deletecollection] + + # for monitoring the helper and target app pod +- apiGroups: [""] + resources: [pods] + verbs: [get, list, patch, update] + + # for creating and managing to execute comands inside target container +- apiGroups: [""] + resources: [pods/exec, pods/eviction, replicationcontrollers] + verbs: [get,list,create] + + # for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment +- apiGroups: [""] + resources: [pods/log] + verbs: [get, list, watch] + + # for creating and monitoring liveness services or monitoring target app services during chaos injection +- apiGroups: [""] + resources: [services] + verbs: [create, delete, get, list, delete, deletecollection] + + # for checking the app parent resources as deployments or sts and are eligible chaos candidates +- apiGroups: [apps] + resources: [deployments, statefulsets] + verbs: [list, get, patch, update, create, delete] + + # for checking the app parent resources as replicasets and are eligible chaos candidates +- apiGroups: [apps] + resources: [replicasets] + verbs: [list, get] + + # for checking the app parent resources as deamonsets and are eligible chaos candidates +- apiGroups: [apps] + resources: [daemonsets] + verbs: [list, get, delete] + + # for checking (openshift) app parent resources if they are eligible chaos candidates +- apiGroups: [apps.openshift.io] + resources: [deploymentconfigs] + verbs: [list, get] + + # for checking (argo) app parent resources if they are eligible chaos candidates +- apiGroups: [argoproj.io] + resources: [rollouts] + verbs: [list, get] + + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow +- apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosexperiments, chaosresults] + verbs: [create, list, get, patch, update, delete] + + # for experiment to perform node status checks and other node level operations like taint, drain in the experiment. +- apiGroups: [""] + resources: [nodes] + verbs: [patch, get, list, update] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: litmus-admin-crb-for-litmusportal-server + labels: + name: litmus-admin-crb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: litmus-admin-cr-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chaos-cr-for-litmusportal-server +rules: + # for managing the pods created by workflow controller to implement individual steps in the workflow + - apiGroups: [""] + resources: [pods, services, namespaces] + verbs: [create, get, watch, patch, delete, list] + + # for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow + - apiGroups: [""] + resources: [pods/log, secrets, configmaps] + verbs: [get, watch, create, delete, patch] + + # for creation & deletion of application in predefined workflows + - apiGroups: [apps] + resources: [deployments, statefulsets] + verbs: [get, watch, patch, create, delete] + + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosexperiments, chaosresults, chaosschedules] + verbs: [create, list, get, patch, delete, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chaos-crb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chaos-cr-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: subscriber-cr-for-litmusportal-server + namespace: litmus + labels: + name: subscriber-cr-for-litmusportal-server +rules: +- apiGroups: [""] + resources: [configmaps] + verbs: [get, create, delete, update] +- apiGroups: [""] + resources: [pods/log] + verbs: [get, list, watch] +- apiGroups: [""] + resources: [pods, namespaces, nodes, services] + verbs: [get, list, watch] +- apiGroups: [litmuschaos.io] + resources: [chaosengines, chaosschedules, chaosresults] + verbs: [get, list, create, delete, update, watch] +- apiGroups: [apps.openshift.io] + resources: [deploymentconfigs] + verbs: [get, list] +- apiGroups: [apps] + resources: [deployments, daemonsets, replicasets, statefulsets] + verbs: [get, list, delete] +- apiGroups: [argoproj.io] + resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, rollouts] + verbs: [get, list, create, delete, update, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: subscriber-crb-for-litmusportal-server + namespace: litmus +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +roleRef: + kind: ClusterRole + name: subscriber-cr-for-litmusportal-server + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: event-tracker-cr-for-litmusportal-server +rules: +- apiGroups: [eventtracker.litmuschaos.io] + resources: [eventtrackerpolicies] + verbs: [create, delete, get, list, patch, update, watch] +- apiGroups: [eventtracker.litmuschaos.io] + resources: [eventtrackerpolicies/status] + verbs: [get, patch, update] +- apiGroups: ["", extensions, apps] + resources: [deployments, daemonsets, statefulsets, pods, configmaps] + verbs: [get, list, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: event-tracker-crb-for-litmusportal-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: event-tracker-cr-for-litmusportal-server +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +# litmus-server-cr is used by the litmusportal-server +# If SELF_CLUSTER=false, then only litmus-server-cr and litmus-server-crb are required. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: litmus-server-cr +rules: + - apiGroups: [networking.k8s.io, extensions] + resources: [ingresses] + verbs: [get] + - apiGroups: [""] + resources: [services, nodes, pods/log] + verbs: [get, watch] + - apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [create] + - apiGroups: [apps] + resources: [deployments] + verbs: [create] + - apiGroups: [""] + resources: [configmaps] + verbs: [get] + - apiGroups: [""] + resources: [serviceaccounts] + verbs: [create] + - apiGroups: [rbac.authorization.k8s.io] + resources: [rolebindings, roles, clusterrolebindings, clusterroles] + verbs: [create] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: litmus-server-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: litmus-server-cr +subjects: + - kind: ServiceAccount + name: litmus-server-account + namespace: litmus +## Control plane manifests +--- +apiVersion: v1 +kind: Namespace +metadata: + name: litmus +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: litmus-server-account + namespace: litmus +--- +apiVersion: v1 +kind: Secret +metadata: + name: litmus-portal-admin-secret + namespace: litmus +stringData: + JWT_SECRET: "litmus-portal@123" + DB_USER: "admin" + DB_PASSWORD: "1234" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: litmus-portal-admin-config + namespace: litmus +data: + DB_SERVER: "mongodb://mongo-cluster-mongos:27017" + AGENT_SCOPE: cluster + AGENT_NAMESPACE: litmus + VERSION: "ci" + SKIP_SSL_VERIFY: "false" + # Configurations if you are using dex for OAuth + DEX_ENABLED: "false" + OIDC_ISSUER: "http://:32000" + DEX_OAUTH_CALLBACK_URL: "http://:8080/auth/dex/callback" + DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend" + DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0" + OAuthJwtSecret: "litmus-oauth@123" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: litmusportal-frontend-nginx-configuration + namespace: litmus +data: + default.conf: | + server { + listen 8080; + server_name localhost; + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri /index.html; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + + location /auth/ { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://litmusportal-server-service:9003/"; + } + + location /api/ { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://litmusportal-server-service:9002/"; + } + + location /ws/ { + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://litmusportal-server-service:9002/"; + } + } +--- +apiVersion: v1 +kind: Secret +metadata: + name: mongo-secrets + namespace: litmus +type: Opaque +stringData: + MONGODB_BACKUP_USER: backup + MONGODB_BACKUP_PASSWORD: backup123456 + MONGODB_CLUSTER_ADMIN_USER: clusterAdmin + MONGODB_CLUSTER_ADMIN_PASSWORD: clusterAdmin123456 + MONGODB_CLUSTER_MONITOR_USER: clusterMonitor + MONGODB_CLUSTER_MONITOR_PASSWORD: clusterMonitor123456 + MONGODB_USER_ADMIN_USER: UserAdmin + MONGODB_USER_ADMIN_PASSWORD: UserLitmus + PMM_SERVER_USER: PMMadmin + PMM_SERVER_PASSWORD: PMMpassword +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: litmusportal-frontend + namespace: litmus + labels: + component: litmusportal-frontend +spec: + replicas: 1 + selector: + matchLabels: + component: litmusportal-frontend + template: + metadata: + labels: + component: litmusportal-frontend + spec: + containers: + - name: litmusportal-frontend + image: litmuschaos/litmusportal-frontend:ci + imagePullPolicy: Always + ports: + - containerPort: 8080 + env: + - name: AGENT_SCOPE + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: AGENT_SCOPE + volumeMounts: + - name: nginx-config + mountPath: /etc/nginx/conf.d/default.conf + subPath: default.conf + volumes: + - name: nginx-config + configMap: + name: litmusportal-frontend-nginx-configuration +--- +apiVersion: v1 +kind: Service +metadata: + name: litmusportal-frontend-service + namespace: litmus +spec: + type: NodePort + ports: + - name: http + port: 9091 + targetPort: 8080 + selector: + component: litmusportal-frontend +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: litmusportal-server + namespace: litmus + labels: + component: litmusportal-server +spec: + replicas: 1 + selector: + matchLabels: + component: litmusportal-server + template: + metadata: + labels: + component: litmusportal-server + spec: + initContainers: + - name: wait-for-mongodb + image: litmuschaos/curl:latest + command: ["/bin/sh", "-c"] + args: + [ + "while [[ $(curl -sw '%{http_code}' http://mongo-cluster-mongos:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'", + ] + - name: server-version-updater + image: litmuschaos/mongo-utils:latest + command: ["/bin/sh"] + args: ["-c","mongo $DB_SERVER --username $DB_ADMIN_USER --password $DB_ADMIN_PASSWORD --eval 'db=db.getSiblingDB(\"admin\");db.createUser({ user: \"'$DB_USER'\" , pwd: \"'$DB_PASSWORD'\", roles: [\"userAdminAnyDatabase\", \"dbAdminAnyDatabase\", \"readWriteAnyDatabase\"]})'"] + env: + - name: DB_USER + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: litmus-portal-admin-secret + key: DB_PASSWORD + - name: DB_SERVER + valueFrom: + configMapKeyRef: + name: litmus-portal-admin-config + key: DB_SERVER + - name: DB_ADMIN_USER + valueFrom: + secretKeyRef: + name: mongo-secrets + key: MONGODB_USER_ADMIN_USER + - name: DB_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: mongo-secrets + key: MONGODB_USER_ADMIN_PASSWORD + containers: + - name: graphql-server + image: litmuschaos/litmusportal-server:ci + envFrom: + - configMapRef: + name: litmus-portal-admin-config + - secretRef: + name: litmus-portal-admin-secret + env: + - name: SELF_CLUSTER + value: "true" + - name: LITMUS_PORTAL_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PORTAL_SCOPE + value: "cluster" + - name: SUBSCRIBER_IMAGE + value: "litmuschaos/litmusportal-subscriber:ci" + - name: EVENT_TRACKER_IMAGE + value: "litmuschaos/litmusportal-event-tracker:ci" + - name: ARGO_WORKFLOW_CONTROLLER_IMAGE + value: "litmuschaos/workflow-controller:v3.2.3" + - name: ARGO_WORKFLOW_EXECUTOR_IMAGE + value: "litmuschaos/argoexec:v3.2.3" + - name: LITMUS_CHAOS_OPERATOR_IMAGE + value: "litmuschaos/chaos-operator:2.3.0" + - name: LITMUS_CHAOS_RUNNER_IMAGE + value: "litmuschaos/chaos-runner:2.3.0" + - name: LITMUS_CHAOS_EXPORTER_IMAGE + value: "litmuschaos/chaos-exporter:2.3.0" + - name: SERVER_SERVICE_NAME + value: "litmusportal-server-service" + - name: AGENT_DEPLOYMENTS + value: "[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: INGRESS + value: "false" + - name: INGRESS_NAME + value: "litmus-ingress" + - name: CONTAINER_RUNTIME_EXECUTOR + value: "k8sapi" + - name: HUB_BRANCH_NAME + value: "v2.3.x" + - name: LITMUS_AUTH_GRPC_ENDPOINT + value: "litmusportal-server-service.litmus.svc.cluster.local" + ports: + - containerPort: 8080 + - containerPort: 8000 + imagePullPolicy: Always + - name: auth-server + image: litmuschaos/litmusportal-auth-server:ci + envFrom: + - configMapRef: + name: litmus-portal-admin-config + - secretRef: + name: litmus-portal-admin-secret + env: + - name: STRICT_PASSWORD_POLICY + value: "false" + - name: ADMIN_USERNAME + value: "admin" + - name: ADMIN_PASSWORD + value: "litmus" + - name: LITMUS_SVC_ENDPOINT + value: "litmusportal-server-service.litmus.svc.cluster.local" + ports: + - containerPort: 3000 + - containerPort: 3030 + imagePullPolicy: Always + serviceAccountName: litmus-server-account +--- +apiVersion: v1 +kind: Service +metadata: + name: litmusportal-server-service + namespace: litmus +spec: + type: NodePort + ports: + - name: graphql-server + port: 9002 + targetPort: 8080 + - name: graphql-rpc-server + port: 8000 + targetPort: 8000 + - name: auth-server + port: 9003 + targetPort: 3000 + - name: auth-rpc-server + port: 3030 + targetPort: 3030 + selector: + component: litmusportal-server +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: perconaservermongodbs.psmdb.percona.com +spec: + group: psmdb.percona.com + names: + kind: PerconaServerMongoDB + listKind: PerconaServerMongoDBList + plural: perconaservermongodbs + singular: perconaservermongodb + shortNames: + - psmdb + scope: Namespaced + versions: + - name: v1alpha1 + storage: false + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: ENDPOINT + type: string + jsonPath: .status.host + - name: Status + type: string + jsonPath: .status.state + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} + - name: v1 + storage: false + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: ENDPOINT + type: string + jsonPath: .status.host + - name: Status + type: string + jsonPath: .status.state + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} + - name: v1-1-0 + storage: false + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: ENDPOINT + type: string + jsonPath: .status.host + - name: Status + type: string + jsonPath: .status.state + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} + - name: v1-2-0 + storage: false + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: ENDPOINT + type: string + jsonPath: .status.host + - name: Status + type: string + jsonPath: .status.state + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} + - name: v1-3-0 + storage: false + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: ENDPOINT + type: string + jsonPath: .status.host + - name: Status + type: string + jsonPath: .status.state + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} + - name: v1-4-0 + storage: false + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: ENDPOINT + type: string + jsonPath: .status.host + - name: Status + type: string + jsonPath: .status.state + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} + - name: v1-5-0 + storage: false + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: ENDPOINT + type: string + jsonPath: .status.host + - name: Status + type: string + jsonPath: .status.state + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} + - name: v1-6-0 + storage: false + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: ENDPOINT + type: string + jsonPath: .status.host + - name: Status + type: string + jsonPath: .status.state + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} + - name: v1-7-0 + storage: false + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: ENDPOINT + type: string + jsonPath: .status.host + - name: Status + type: string + jsonPath: .status.state + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} + - name: v1-8-0 + storage: false + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: ENDPOINT + type: string + jsonPath: .status.host + - name: Status + type: string + jsonPath: .status.state + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} + - name: v1-9-0 + storage: false + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: ENDPOINT + type: string + jsonPath: .status.host + - name: Status + type: string + jsonPath: .status.state + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} + - name: v1-10-0 + storage: false + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: ENDPOINT + type: string + jsonPath: .status.host + - name: Status + type: string + jsonPath: .status.state + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} + - name: v1-11-0 + storage: true + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: ENDPOINT + type: string + jsonPath: .status.host + - name: Status + type: string + jsonPath: .status.state + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: perconaservermongodbbackups.psmdb.percona.com +spec: + group: psmdb.percona.com + names: + kind: PerconaServerMongoDBBackup + listKind: PerconaServerMongoDBBackupList + plural: perconaservermongodbbackups + singular: perconaservermongodbbackup + shortNames: + - psmdb-backup + scope: Namespaced + versions: + - name: v1 + storage: true + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Cluster + type: string + description: Cluster name + jsonPath: .spec.psmdbCluster + - name: Storage + type: string + description: Storage name from pxc spec + jsonPath: .spec.storageName + - name: Destination + type: string + description: Backup destination + jsonPath: .status.destination + - name: Status + type: string + description: Job status + jsonPath: .status.state + - name: Completed + description: Completed time + type: date + jsonPath: .status.completed + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: perconaservermongodbrestores.psmdb.percona.com + namespace: litmus +spec: + group: psmdb.percona.com + names: + kind: PerconaServerMongoDBRestore + listKind: PerconaServerMongoDBRestoreList + plural: perconaservermongodbrestores + singular: perconaservermongodbrestore + shortNames: + - psmdb-restore + scope: Namespaced + versions: + - name: v1 + storage: true + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Cluster + type: string + description: Cluster name + jsonPath: .spec.clusterName + - name: Status + type: string + description: Job status + jsonPath: .status.state + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: percona-server-mongodb-operator + namespace: litmus +rules: +- apiGroups: + - psmdb.percona.com + resources: + - perconaservermongodbs + - perconaservermongodbs/status + - perconaservermongodbbackups + - perconaservermongodbbackups/status + - perconaservermongodbrestores + - perconaservermongodbrestores/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + - pods/exec + - services + - persistentvolumeclaims + - secrets + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - batch + resources: + - cronjobs + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - certmanager.k8s.io + - cert-manager.io + resources: + - issuers + - certificates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: percona-server-mongodb-operator + namespace: litmus +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: service-account-percona-server-mongodb-operator + namespace: litmus +subjects: +- kind: ServiceAccount + name: percona-server-mongodb-operator +roleRef: + kind: Role + name: percona-server-mongodb-operator + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: percona-server-mongodb-operator + namespace: litmus +spec: + replicas: 1 + selector: + matchLabels: + name: percona-server-mongodb-operator + template: + metadata: + labels: + name: percona-server-mongodb-operator + spec: + serviceAccountName: percona-server-mongodb-operator + containers: + - name: percona-server-mongodb-operator + image: percona/percona-server-mongodb-operator:1.11.0 + ports: + - containerPort: 60000 + name: metrics + command: + - percona-server-mongodb-operator + imagePullPolicy: Always + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: percona-server-mongodb-operator + - name: RESYNC_PERIOD + value: 5s + - name: LOG_VERBOSE + value: "false" +--- +apiVersion: psmdb.percona.com/v1-11-0 +kind: PerconaServerMongoDB +metadata: + name: mongo-cluster + namespace: litmus +spec: + crVersion: 1.11.0 + image: percona/percona-server-mongodb:4.4.10-11 + allowUnsafeConfigurations: true + upgradeOptions: + apply: 4.4-recommended + schedule: "0 2 * * *" + secrets: + users: mongo-secrets + replsets: + + - name: rs0 + size: 1 + volumeSpec: + persistentVolumeClaim: + resources: + requests: + storage: 3Gi + + sharding: + enabled: true + + configsvrReplSet: + size: 1 + volumeSpec: + persistentVolumeClaim: + resources: + requests: + storage: 3Gi + + mongos: + size: 1 \ No newline at end of file