litmuschaos · djkormo · May 6, 2025 · May 2, 2025 · May 2, 2025 · May 6, 2025
diff --git a/charts/litmus-agent/Chart.yaml b/charts/litmus-agent/Chart.yaml
@@ -21,6 +21,18 @@ maintainers:
 icon: https://raw.githubusercontent.com/litmuschaos/icons/master/litmus.png
 dependencies:
   - name: chaos-operator
+<<<<<<< HEAD
+    version: 3.19.0
+    condition: chaos-operator.enabled
+  - name: chaos-exporter
+    version: 3.19.0
+    condition: chaos-exporter.enabled
+  - name: event-tracker
+    version: 3.19.0
+    condition: event-tracker.enabled
+  - name: subscriber
+    version: 3.19.0
+=======
     version: 3.20.0
     condition: chaos-operator.enabled
   - name: chaos-exporter
@@ -31,6 +43,7 @@ dependencies:
     condition: event-tracker.enabled
   - name: subscriber
     version: 3.20.0
+>>>>>>> upstream/master
     condition: subscriber.enabled
   - name: workflow-controller
     version: 0.2.2

@@ -0,0 +1,53 @@
+
+
+helm template litmus charts/litmus  --namespace litmus-system --version 3.16 --values charts/litmus/values.yaml
+helm template litmus charts/litmus  --namespace litmus-system  --values charts/litmus/values.yaml | grep "image: "
+
+
+helm template litmus charts/litmus  --namespace litmus-system   --version 3.16 --values values-local-3-16-0.yaml
+helm template litmus charts/litmus  --namespace litmus-system   --version 3.16 --values values-local-3-16-0.yaml > all-litmus-3-16-0-manifests.yaml.out
+helm template litmus charts/litmus  --namespace litmus-system   --version 3.16 --values values-local-3-16-0.yaml | grep "image: "
+helm template litmus charts/litmus  --namespace litmus-system   --version 3.16 --values values-local-3-16-0.yaml | grep "runAsUser: " -C 10
+helm template litmus charts/litmus  --namespace litmus-system   --version 3.16 --values values-local-3-16-0.yaml | grep "ServiceAccount: "
+
+
+
+yq -s '"split-3-16-0"+(.kind | downcase) + "-" + .metadata.name +"-"+ $index' all-litmus-3-16-0-manifests.yaml.out
+
+# checking values file
+yq eval . values-local-3-16-0.yaml
+
+# checking  template files 
+yq eval . all-litmus-3-16-0-manifests.yaml.out
+
+
+kubectl apply -f all-litmus-manifests.yaml.out -n litmus-system --dry-run=client
+kubectl apply -f all-litmus-manifests.yaml.out -n litmus-system --dry-run=server
+
+
+helm template litmus charts/litmus  --namespace litmus-system --version 3.18 --values charts/litmus/values.yaml
+helm template litmus charts/litmus  --namespace litmus-system  --values charts/litmus/values.yaml | grep "image: "
+
+
+helm template litmus charts/litmus  --namespace litmus-system   --version 3.18 --values values-local-3-18-0.yaml
+helm template litmus charts/litmus  --namespace litmus-system   --version 3.18 --values values-local-3-18-0.yaml > all-litmus-3-18-0-manifests.yaml.out
+helm template litmus charts/litmus  --namespace litmus-system   --version 3.18 --values values-local-3-18-0.yaml | grep "image: "
+helm template litmus charts/litmus  --namespace litmus-system   --version 3.18 --values values-local-3-18-0.yaml | grep "runAsUser: " -C 10
+helm template litmus charts/litmus  --namespace litmus-system   --version 3.18 --values values-local-3-18-0.yaml | grep "ServiceAccount: "
+
+
+yq -s '"split-3-18-0"+(.kind | downcase) + "-" + .metadata.name +"-"+ $index' all-litmus-3-18-0-manifests.yaml.out
+
+# checking values file
+yq eval . values-local-3-18-0.yaml
+
+# checking  template files 
+yq eval . all-litmus-3-18-0-manifests.yaml.out
+
+
+rm all-litmus-*-manifests.yaml.out
+
+rm split*.y*ml
+
+
+
@@ -91,11 +91,14 @@ We separated service configuration from `portal.server.service` to `portal.serve
 | mongodb | object | `{"architecture":"replicaset","auth":{"enabled":true,"existingSecret":"","rootPassword":"1234","rootUser":"root"},"enabled":true,"livenessProbe":{"timeoutSeconds":20},"metrics":{"enabled":false,"prometheusRule":{"enabled":false}},"persistence":{"enabled":true},"readinessProbe":{"timeoutSeconds":20},"replicaCount":3,"volumePermissions":{"enabled":true,"image":{"registry":"docker.io","repository":"bitnami/os-shell","tag":"12-debian-12-r47"}}}` | Configure the Bitnami MongoDB subchart see values at https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml |
 | mongodb.auth.existingSecret | string | `""` | existingSecret Existing secret with MongoDB(&reg;) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) |
 | nameOverride | string | `""` |  |
+| openshift.anyuid | bool | `false` |  |
+| openshift.enabled | bool | `false` |  |
 | openshift.route.annotations | object | `{}` |  |
 | openshift.route.customLabels | object | `{}` |  |
 | openshift.route.enabled | bool | `false` |  |
-| openshift.route.host | string | `""` |  |
+| openshift.route.host | string | `"litmus-portal.apps-crc.testing"` |  |
 | openshift.route.name | string | `"litmus-portal"` |  |
+| openshift.sccName | string | `"litmus-chaos-scc"` |  |
 | portal.frontend.affinity | object | `{}` |  |
 | portal.frontend.automountServiceAccountToken | bool | `false` |  |
 | portal.frontend.autoscaling.enabled | bool | `false` |  |
@@ -251,4 +254,4 @@ We separated service configuration from `portal.server.service` to `portal.serve
 | proxy.noProxy | string | `nil` |  |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
@@ -1,4 +1,4 @@
-{{- if .Values.openshift.route.enabled -}}
+{{- if and .Values.openshift.route.enabled  }}
 {{ $fullName := include "litmus-portal.fullname" . }}
 apiVersion: route.openshift.io/v1
 kind: Route

@@ -0,0 +1,95 @@
+{{- if and .Values.openshift.enabled (not .Values.openshift.anyuid)  }}
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  name: {{ .Values.openshift.sccName }}
+  labels:
+    app.kubernetes.io/name: {{ .Values.openshift.sccName }}
+
+allowHostIPC: false
+allowHostNetwork: false
+allowHostPID: false
+allowHostPorts: false
+allowHostDirVolumePlugin: false
+allowPrivilegeEscalation: true
+requiredDropCapabilities: null
+allowedCapabilities: null
+defaultAddCapabilities: null
+seccompProfiles:
+  - '*'
+runAsUser:
+  type: MustRunAsRange # Valid value for runAsUser.type
+  uidRangeMin: 0 # TODO 
+  uidRangeMax: 2000 # TODO
+seLinuxContext:
+  type: RunAsAny # Valid value for seLinuxContext.type
+fsGroup:
+  type: RunAsAny
+supplementalGroups:
+  type: RunAsAny
+readOnlyRootFilesystem: false
+volumes:
+  - configMap
+  - emptyDir
+  - projected
+  - secret
+  - downwardAPI
+  - persistentVolumeClaim
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.openshift.sccName }}-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ .Values.openshift.sccName }}-clusterrole
+rules:
+- apiGroups:
+  - security.openshift.io 
+  resourceNames:
+  - {{ .Values.openshift.sccName }}
+  resources:
+  - securitycontextconstraints 
+  verbs: 
+  - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Values.openshift.sccName }}-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Values.openshift.sccName }}-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.openshift.sccName }}-clusterrole
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}-mongodb  # For mongodb subchart
+    namespace: {{ .Release.Namespace }}
+  - kind: ServiceAccount
+    name: default # Default ServiceAccount 
+    namespace: {{ .Release.Namespace }}
+{{- end  }} 
+---
+{{- if and .Values.openshift.enabled .Values.openshift.anyuid   }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Values.openshift.sccName }}-scc-anyuid-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Values.openshift.sccName }}-scc-anyuid-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:anyuid
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}-mongodb
+    namespace: {{ .Release.Namespace }}
+  - kind: ServiceAccount
+    name: default # Default ServiceAccount 
+    namespace: {{ .Release.Namespace }}
+
+{{- end  }}