diff --git a/.github/BUILD_IMAGE.md b/.github/BUILD_IMAGE.md
index eb228f178c1..7192510ddde 100644
--- a/.github/BUILD_IMAGE.md
+++ b/.github/BUILD_IMAGE.md
@@ -107,13 +107,13 @@ OR
```bash
cd ${DIRECTORY}
-docker buildx build -f Dockerfile --progress plane --push --no-cache --platform ${PLATFORMS} -t ${REPONAME}/$(IMAGE_NAME):$(IMG_TAG} .
+docker buildx build -f Dockerfile --progress plain --push --no-cache --platform ${PLATFORMS} -t ${REPONAME}/$(IMAGE_NAME):$(IMG_TAG} .
```
For frontend image:
```bash
cd ${DIRECTORY}
-docker buildx build . -f Dockerfile --progress plane --push --no-cache --platform ${PLATFORMS} -t ${REPONAME}/${IMAGE_NAME}:${IMG_TAG} \
+docker buildx build . -f Dockerfile --progress plain --push --no-cache --platform ${PLATFORMS} -t ${REPONAME}/${IMAGE_NAME}:${IMG_TAG} \
--build-arg REACT_APP_KB_CHAOS_VERSION=${IMG_TAG} --build-arg REACT_APP_BUILD_TIME="${timestamp}" --build-arg REACT_APP_HUB_BRANCH_NAME="v1.13.x"
```
diff --git a/litmus-portal/Makefile b/litmus-portal/Makefile
index ea879c26dca..a97386e946c 100644
--- a/litmus-portal/Makefile
+++ b/litmus-portal/Makefile
@@ -120,7 +120,7 @@ docker.buildx:
buildx.push.image:
@cd $(DIRECTORY) && \
- docker buildx build -f Dockerfile --progress plane --push --no-cache --platform $(PLATFORMS) -t $(REPONAME)/$(IMAGE_NAME):$(IMG_TAG) .
+ docker buildx build -f Dockerfile --progress plain --push --no-cache --platform $(PLATFORMS) -t $(REPONAME)/$(IMAGE_NAME):$(IMG_TAG) .
.PHONY: push-portal-component
push-portal-component: docker.buildx buildx.push.image
@@ -134,7 +134,7 @@ buildx.push.frontend:
docker build . -f Dockerfile -t $(REPONAME)/$(FRONTEND_IMAGE):$(IMG_TAG) --build-arg REACT_APP_KB_CHAOS_VERSION=$(IMG_TAG) --build-arg REACT_APP_BUILD_TIME="$(timestamp)" --build-arg REACT_APP_HUB_BRANCH_NAME="v1.13.x" --build-arg PUBLIC_URL="$(PUBLIC_URL)" --build-arg TARGETARCH=amd64;\
docker push $(REPONAME)/$(FRONTEND_IMAGE):$(IMG_TAG);\
else \
- docker buildx build . -f Dockerfile --progress plane --push --no-cache --platform $(PLATFORMS) -t $(REPONAME)/$(FRONTEND_IMAGE):$(IMG_TAG) --build-arg REACT_APP_KB_CHAOS_VERSION=$(IMG_TAG) --build-arg PUBLIC_URL="$(PUBLIC_URL)" \
+ docker buildx build . -f Dockerfile --progress plain --push --no-cache --platform $(PLATFORMS) -t $(REPONAME)/$(FRONTEND_IMAGE):$(IMG_TAG) --build-arg REACT_APP_KB_CHAOS_VERSION=$(IMG_TAG) --build-arg PUBLIC_URL="$(PUBLIC_URL)" \
--build-arg REACT_APP_BUILD_TIME="$(timestamp)" --build-arg REACT_APP_HUB_BRANCH_NAME="v1.13.x";\
fi
diff --git a/litmus-portal/README.md b/litmus-portal/README.md
index b2a3ee55cd8..7a5a36e5276 100644
--- a/litmus-portal/README.md
+++ b/litmus-portal/README.md
@@ -22,23 +22,23 @@ ChaosCenter provides console and UI experience for managing, monitoring, and eve
#### Applying k8s manifest
-> Litmus-3.0.0-beta7 Cluster Scope manifest
+> Litmus-3.0.0-beta8 Cluster Scope manifest
```bash
-kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/mkdocs/docs/3.0.0-beta7/litmus-3.0.0-beta7.yaml
+kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/mkdocs/docs/3.0.0-beta8/litmus-3.0.0-beta8.yaml
```
Or
-> Litmus-3.0.0-beta7 Namespaced Scope manifest.
+> Litmus-3.0.0-beta8 Namespaced Scope manifest.
```bash
#Create a namespace eg: litmus
kubectl create ns litmus
#Install CRDs, if SELF_AGENT env is set to TRUE
-kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/mkdocs/docs/3.0.0-beta7/litmus-portal-crds-3.0.0-beta7.yml
+kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/mkdocs/docs/3.0.0-beta8/litmus-portal-crds-3.0.0-beta8.yml
#Install ChaosCenter
-kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/mkdocs/docs/3.0.0-beta7/litmus-namespaced-3.0.0-beta7.yaml -n litmus
+kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/mkdocs/docs/3.0.0-beta8/litmus-namespaced-3.0.0-beta8.yaml -n litmus
```
Or
@@ -99,7 +99,7 @@ View the User Guide [here](https://docs.litmuschaos.io/)
### **Local Development Guide for ChaosCenter**
Local Development Guide for ChaosCenter can be found [here](https://github.com/litmuschaos/litmus/wiki/ChaosCenter-Development-Guide)
-### **Upgrade from 3.0.0-beta6 to 3.0.0-beta7**
+### **Upgrade from 3.0.0-beta7 to 3.0.0-beta8**
You can upgrade using the steps from [section here](https://docs.litmuschaos.io/docs/user-guides/upgrade)
diff --git a/litmus-portal/graphql-server/pkg/cluster/model/mocks/service.go b/litmus-portal/graphql-server/pkg/cluster/model/mocks/service.go
index 36193d78a53..80d5ab93dd3 100644
--- a/litmus-portal/graphql-server/pkg/cluster/model/mocks/service.go
+++ b/litmus-portal/graphql-server/pkg/cluster/model/mocks/service.go
@@ -7,8 +7,10 @@ import (
"github.com/litmuschaos/litmus/litmus-portal/graphql-server/graph/model"
store "github.com/litmuschaos/litmus/litmus-portal/graphql-server/pkg/data-store"
dbSchemaCluster "github.com/litmuschaos/litmus/litmus-portal/graphql-server/pkg/database/mongodb/cluster"
+ "github.com/litmuschaos/litmus/litmus-portal/graphql-server/utils"
"github.com/stretchr/testify/mock"
"go.mongodb.org/mongo-driver/bson"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
// ClusterService is a mock type for model.ClusterService
@@ -16,6 +18,18 @@ type ClusterService struct {
mock.Mock
}
+// GetEndpoint mocks the GetEndpoint of ClusterService
+func (c *ClusterService) GetEndpoint(agentType utils.AgentType) (string, error) {
+ args := c.Called(agentType)
+ return args.String(0), args.Error(1)
+}
+
+// GetClusterResource mocks the GetClusterResource of ClusterService
+func (c *ClusterService) GetClusterResource(manifest string, namespace string) (*unstructured.Unstructured, error) {
+ args := c.Called(manifest, namespace)
+ return args.Get(0).(*unstructured.Unstructured), args.Error(1)
+}
+
// RegisterCluster mocks the RegisterCluster of ClusterService
func (c *ClusterService) RegisterCluster(request model.RegisterClusterRequest) (*model.RegisterClusterResponse, error) {
args := c.Called(request)
diff --git a/litmus-portal/graphql-server/pkg/rest_handlers/file_handler_test.go b/litmus-portal/graphql-server/pkg/rest_handlers/file_handler_test.go
index 7a4fbdb5574..389808dd1c4 100644
--- a/litmus-portal/graphql-server/pkg/rest_handlers/file_handler_test.go
+++ b/litmus-portal/graphql-server/pkg/rest_handlers/file_handler_test.go
@@ -36,7 +36,7 @@ func TestFileHandler(t *testing.T) {
given: func() {
w = httptest.NewRecorder()
clusterID := uuid.NewString()
- accessKey, _ := cluster.ClusterCreateJWT(clusterID)
+ accessKey, _ := cluster.CreateClusterJWT(clusterID)
ctx, _ = gin.CreateTestContext(w)
ctx.Params = []gin.Param{
{
diff --git a/litmus-portal/upgrade-agents/control-plane/versions/upgrade-manager.go b/litmus-portal/upgrade-agents/control-plane/versions/upgrade-manager.go
index 48a556e41f2..f904ad1d36f 100644
--- a/litmus-portal/upgrade-agents/control-plane/versions/upgrade-manager.go
+++ b/litmus-portal/upgrade-agents/control-plane/versions/upgrade-manager.go
@@ -148,8 +148,13 @@ func (m *UpgradeManager) getUpgradePath() map[string]UpgradeExecutor {
VersionManager: nil,
},
- // latest version, no more upgrades available
"3.0.0-beta7": {
+ NextVersion: "3.0.0-beta8",
+ VersionManager: nil,
+ },
+
+ // latest version, no more upgrades available
+ "3.0.0-beta8": {
NextVersion: "",
VersionManager: nil,
},
diff --git a/mkdocs/docs/3.0.0-beta8/litmus-3.0.0-beta8-without-resources.yaml b/mkdocs/docs/3.0.0-beta8/litmus-3.0.0-beta8-without-resources.yaml
new file mode 100644
index 00000000000..826069cd9f9
--- /dev/null
+++ b/mkdocs/docs/3.0.0-beta8/litmus-3.0.0-beta8-without-resources.yaml
@@ -0,0 +1,838 @@
+### RBAC Manifests
+## If SELF_AGENT="true" then these permissions are required to apply
+## https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/1b_argo_rbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: argo-cr-for-litmusportal-server
+rules:
+- apiGroups: [""]
+ resources: [pods, pods/exec]
+ verbs: [create, get, list, watch, update, patch, delete]
+- apiGroups: [""]
+ resources: [configmaps]
+ verbs: [get, watch, list]
+- apiGroups: [""]
+ resources: [persistentvolumeclaims]
+ verbs: [create, delete]
+- apiGroups: [argoproj.io]
+ resources: [workflows, workflows/finalizers]
+ verbs: [get, list, watch, update, patch, delete, create]
+- apiGroups: [argoproj.io]
+ resources: [workflowtemplates, workflowtemplates/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, workflowtasksets]
+ verbs: [get, list, watch]
+- apiGroups: [argoproj.io]
+ resources: [workflowtaskresults]
+ verbs: [list, watch, deletecollection]
+- apiGroups: [""]
+ resources: [serviceaccounts]
+ verbs: [get, list]
+- apiGroups: [argoproj.io]
+ resources: [cronworkflows, cronworkflows/finalizers]
+ verbs: [get, list, watch, update, patch, delete]
+- apiGroups: [""]
+ resources: [events]
+ verbs: [create, patch]
+- apiGroups: [policy]
+ resources: [poddisruptionbudgets]
+ verbs: [create, get, delete]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: argo-crb-for-litmusportal-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: argo-cr-for-litmusportal-server
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+ namespace: litmus
+#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/2b_litmus_rbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: litmus-cluster-scope-for-litmusportal-server
+ labels:
+ app.kubernetes.io/name: litmus
+ # provide unique instance-id if applicable
+ # app.kubernetes.io/instance: litmus-abcxzy
+ app.kubernetes.io/version: 3.0.0-beta8
+ app.kubernetes.io/component: operator-clusterrole
+ app.kubernetes.io/part-of: litmus
+ app.kubernetes.io/managed-by: kubectl
+ name: litmus-cluster-scope-for-litmusportal-server
+rules:
+ - apiGroups: [""]
+ resources: [replicationcontrollers, secrets]
+ verbs: [get, list]
+ - apiGroups: [apps.openshift.io]
+ resources: [deploymentconfigs]
+ verbs: [get, list]
+ - apiGroups: [apps]
+ resources: [deployments, daemonsets, replicasets, statefulsets]
+ verbs: [get, list]
+ - apiGroups: [batch]
+ resources: [jobs]
+ verbs: [get, list, deletecollection]
+ - apiGroups: [argoproj.io]
+ resources: [rollouts]
+ verbs: [get, list]
+ - apiGroups: [""]
+ resources: [pods, configmaps, events, services]
+ verbs: [get, create, update, patch, delete, list, watch, deletecollection]
+ - apiGroups: [litmuschaos.io]
+ resources: [chaosengines, chaosexperiments, chaosresults]
+ verbs: [get, create, update, patch, delete, list, watch, deletecollection]
+ - apiGroups: [apiextensions.k8s.io]
+ resources: [customresourcedefinitions]
+ verbs: [list, get]
+ - apiGroups: ["litmuschaos.io"]
+ resources: ["chaosengines/finalizers"]
+ verbs: ["update"]
+ - apiGroups: [ "coordination.k8s.io" ]
+ resources: [ "leases" ]
+ verbs: [ "get","create","list","update","delete" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: litmus-cluster-scope-crb-for-litmusportal-server
+ labels:
+ app.kubernetes.io/name: litmus
+ # provide unique instance-id if applicable
+ # app.kubernetes.io/instance: litmus-abcxzy
+ app.kubernetes.io/version: 3.0.0-beta8
+ app.kubernetes.io/component: operator-clusterrolebinding
+ app.kubernetes.io/part-of: litmus
+ app.kubernetes.io/managed-by: kubectl
+ name: litmus-cluster-scope-crb-for-litmusportal-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: litmus-cluster-scope-for-litmusportal-server
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+ namespace: litmus
+#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/3a_agents_rbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: litmus-admin-cr-for-litmusportal-server
+ labels:
+ name: litmus-admin-cr-for-litmusportal-server
+rules:
+ # ***************************************************************************************
+ # Permissions needed for preparing and monitor the chaos resources by chaos-runner
+ # ***************************************************************************************
+
+ # The chaos operator watches the chaosengine resource and orchestartes the chaos experiment..
+ ## .. by creating the chaos-runner
+
+ # for creating and monitoring the chaos-runner pods
+- apiGroups: [""]
+ resources: [pods,events]
+ verbs: [create, delete, get, list, patch, update, deletecollection]
+
+ # for fetching configmaps and secrets to inject into chaos-runner pod (if specified)
+- apiGroups: [""]
+ resources: [secrets, configmaps]
+ verbs: [get, list]
+
+ # for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner
+- apiGroups: [""]
+ resources: [pods/log]
+ verbs: [get, list, watch]
+
+ # for configuring and monitor the experiment job by chaos-runner pod
+- apiGroups: [batch]
+ resources: [jobs]
+ verbs: [create, list, get, delete, deletecollection]
+
+ # ********************************************************************
+ # Permissions needed for creation and discovery of chaos experiments
+ # ********************************************************************
+
+ # The helper pods are created by experiment to perform the actual chaos injection ...
+ # ... for a period of chaos duration
+
+ # for creating and deleting the helper or target app pod and events by experiment
+- apiGroups: [""]
+ resources: [pods]
+ verbs: [create, delete, deletecollection]
+
+ # for creating and monitoring the events for chaos operations
+- apiGroups: [""]
+ resources: [events]
+ verbs: [create, delete, get, list, patch, update, deletecollection]
+
+ # for monitoring the helper and target app pod
+- apiGroups: [""]
+ resources: [pods]
+ verbs: [get, list, patch, update]
+
+ # for creating and managing to execute comands inside target container
+- apiGroups: [""]
+ resources: [pods/exec, pods/eviction, replicationcontrollers]
+ verbs: [get,list,create]
+
+ # for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment
+- apiGroups: [""]
+ resources: [pods/log]
+ verbs: [get, list, watch]
+
+ # for creating and monitoring liveness services or monitoring target app services during chaos injection
+- apiGroups: [""]
+ resources: [services]
+ verbs: [create, delete, get, list, delete, deletecollection]
+
+ # for checking the app parent resources as deployments or sts and are eligible chaos candidates
+- apiGroups: [apps]
+ resources: [deployments, statefulsets]
+ verbs: [list, get, patch, update, create, delete]
+
+ # for checking the app parent resources as replicasets and are eligible chaos candidates
+- apiGroups: [apps]
+ resources: [replicasets]
+ verbs: [list, get]
+
+ # for checking the app parent resources as deamonsets and are eligible chaos candidates
+- apiGroups: [apps]
+ resources: [daemonsets]
+ verbs: [list, get, delete]
+
+ # for checking (openshift) app parent resources if they are eligible chaos candidates
+- apiGroups: [apps.openshift.io]
+ resources: [deploymentconfigs]
+ verbs: [list, get]
+
+ # for checking (argo) app parent resources if they are eligible chaos candidates
+- apiGroups: [argoproj.io]
+ resources: [rollouts]
+ verbs: [list, get]
+
+ # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
+- apiGroups: [litmuschaos.io]
+ resources: [chaosengines, chaosexperiments, chaosresults]
+ verbs: [create, list, get, patch, update, delete]
+
+ # for experiment to perform node status checks and other node level operations like taint, drain in the experiment.
+- apiGroups: [""]
+ resources: [nodes]
+ verbs: [patch, get, list, update]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: litmus-admin-crb-for-litmusportal-server
+ labels:
+ name: litmus-admin-crb-for-litmusportal-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: litmus-admin-cr-for-litmusportal-server
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+ namespace: litmus
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: chaos-cr-for-litmusportal-server
+rules:
+ # for managing the pods created by workflow controller to implement individual steps in the workflow
+ - apiGroups: [""]
+ resources: [pods, services, namespaces]
+ verbs: [create, get, watch, patch, delete, list]
+
+ # for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow
+ - apiGroups: [""]
+ resources: [pods/log, secrets, configmaps]
+ verbs: [get, watch, create, delete, patch]
+
+ # for creation & deletion of application in predefined workflows
+ - apiGroups: [apps]
+ resources: [deployments, statefulsets]
+ verbs: [get, watch, patch, create, delete]
+
+ # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
+ - apiGroups: [litmuschaos.io]
+ resources: [chaosengines, chaosexperiments, chaosresults, chaosschedules]
+ verbs: [create, list, get, patch, delete, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: chaos-crb-for-litmusportal-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: chaos-cr-for-litmusportal-server
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+ namespace: litmus
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: subscriber-cr-for-litmusportal-server
+ namespace: litmus
+ labels:
+ name: subscriber-cr-for-litmusportal-server
+rules:
+- apiGroups: [""]
+ resources: [configmaps, secrets]
+ verbs: [get, create, delete, update]
+- apiGroups: [""]
+ resources: [pods/log]
+ verbs: [get, list, watch]
+- apiGroups: [""]
+ resources: [pods, namespaces, nodes, services]
+ verbs: [get, list, watch]
+- apiGroups: [litmuschaos.io]
+ resources: [chaosengines, chaosschedules, chaosresults]
+ verbs: [get, list, create, delete, update, watch]
+- apiGroups: [apps.openshift.io]
+ resources: [deploymentconfigs]
+ verbs: [get, list]
+- apiGroups: [apps]
+ resources: [deployments, daemonsets, replicasets, statefulsets]
+ verbs: [get, list, delete, deletecollection]
+- apiGroups: [argoproj.io]
+ resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, rollouts]
+ verbs: [get, list, create, delete, update, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: subscriber-crb-for-litmusportal-server
+ namespace: litmus
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+ namespace: litmus
+roleRef:
+ kind: ClusterRole
+ name: subscriber-cr-for-litmusportal-server
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: event-tracker-cr-for-litmusportal-server
+rules:
+- apiGroups: [eventtracker.litmuschaos.io]
+ resources: [eventtrackerpolicies]
+ verbs: [create, delete, get, list, patch, update, watch]
+- apiGroups: [eventtracker.litmuschaos.io]
+ resources: [eventtrackerpolicies/status]
+ verbs: [get, patch, update]
+- apiGroups: ["", extensions, apps]
+ resources: [deployments, daemonsets, statefulsets, pods, configmaps, secrets]
+ verbs: [get, list, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: event-tracker-crb-for-litmusportal-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: event-tracker-cr-for-litmusportal-server
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+ namespace: litmus
+# litmus-server-cr is used by the litmusportal-server
+# If SELF_AGENT=false, then only litmus-server-cr and litmus-server-crb are required.
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: litmus-server-cr
+rules:
+ - apiGroups: [networking.k8s.io, extensions]
+ resources: [ingresses]
+ verbs: [get]
+ - apiGroups: [""]
+ resources: [services, nodes, pods/log]
+ verbs: [get, watch]
+ - apiGroups: [apiextensions.k8s.io]
+ resources: [customresourcedefinitions]
+ verbs: [create]
+ - apiGroups: [apps]
+ resources: [deployments]
+ verbs: [create]
+ - apiGroups: [""]
+ resources: [configmaps]
+ verbs: [get]
+ - apiGroups: [""]
+ resources: [serviceaccounts]
+ verbs: [create]
+ - apiGroups: [rbac.authorization.k8s.io]
+ resources: [rolebindings, roles, clusterrolebindings, clusterroles]
+ verbs: [create]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: litmus-server-crb
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: litmus-server-cr
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+ namespace: litmus
+## Control plane manifests
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: litmus
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: litmus-server-account
+ namespace: litmus
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: litmus-portal-admin-secret
+ namespace: litmus
+stringData:
+ JWT_SECRET: "litmus-portal@123"
+ DB_USER: "admin"
+ DB_PASSWORD: "1234"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: litmus-portal-admin-config
+ namespace: litmus
+data:
+ DB_SERVER: "mongodb://mongo-service:27017"
+ AGENT_SCOPE: cluster
+ AGENT_NAMESPACE: litmus
+ VERSION: "3.0.0-beta8"
+ SKIP_SSL_VERIFY: "false"
+ # Configurations if you are using dex for OAuth
+ DEX_ENABLED: "false"
+ OIDC_ISSUER: "http://:32000"
+ DEX_OAUTH_CALLBACK_URL: "http://:8080/auth/dex/callback"
+ DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend"
+ DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0"
+ OAuthJwtSecret: "litmus-oauth@123"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: litmusportal-frontend-nginx-configuration
+ namespace: litmus
+data:
+ default.conf: |
+ map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+ }
+ server {
+ listen 8080;
+ server_name localhost;
+ #charset koi8-r;
+ #access_log /var/log/nginx/host.access.log main;
+
+ location / {
+ proxy_http_version 1.1;
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ try_files $uri /index.html;
+ }
+
+ #error_page 404 /404.html;
+
+ # redirect server error pages to the static page /50x.html
+ #
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ #
+ #location ~ /\.ht {
+ # deny all;
+ #}
+
+ location /auth/ {
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass "http://litmusportal-auth-server-service:9003/";
+ }
+
+ location /api/ {
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass "http://litmusportal-server-service:9002/";
+ }
+
+ location /ws/ {
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass "http://litmusportal-server-service:9002/";
+ }
+ }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-frontend
+ namespace: litmus
+ labels:
+ component: litmusportal-frontend
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-frontend
+ template:
+ metadata:
+ labels:
+ component: litmusportal-frontend
+ spec:
+ automountServiceAccountToken: false
+ containers:
+ - name: litmusportal-frontend
+ image: litmuschaos/litmusportal-frontend:3.0.0-beta8
+ imagePullPolicy: Always
+ securityContext:
+ runAsUser: 2000
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ ports:
+ - containerPort: 8080
+ volumeMounts:
+ - name: nginx-config
+ mountPath: /etc/nginx/conf.d/default.conf
+ subPath: default.conf
+ volumes:
+ - name: nginx-config
+ configMap:
+ name: litmusportal-frontend-nginx-configuration
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-frontend-service
+ namespace: litmus
+spec:
+ type: NodePort
+ ports:
+ - name: http
+ port: 9091
+ targetPort: 8080
+ selector:
+ component: litmusportal-frontend
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-server
+ namespace: litmus
+ labels:
+ component: litmusportal-server
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-server
+ template:
+ metadata:
+ labels:
+ component: litmusportal-server
+ spec:
+ initContainers:
+ - name: wait-for-mongodb
+ image: litmuschaos/curl:3.0.0-beta4
+ command: ["/bin/sh", "-c"]
+ args:
+ [
+ "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'",
+ ]
+ volumes:
+ - name: gitops-storage
+ emptyDir: {}
+ - name: hub-storage
+ emptyDir: {}
+ containers:
+ - name: graphql-server
+ image: litmuschaos/litmusportal-server:3.0.0-beta8
+ volumeMounts:
+ - mountPath: /tmp/
+ name: gitops-storage
+ - mountPath: /tmp/version
+ name: hub-storage
+ securityContext:
+ runAsUser: 2000
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ envFrom:
+ - configMapRef:
+ name: litmus-portal-admin-config
+ - secretRef:
+ name: litmus-portal-admin-secret
+ env:
+ - name: SELF_AGENT
+ value: "true"
+ # if self-signed certificate are used pass the k8s tls secret name created in portal ns, to allow agents to use tls for communication
+ - name: TLS_SECRET_NAME
+ value: ""
+ - name: LITMUS_PORTAL_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: CHAOS_CENTER_SCOPE
+ value: "cluster"
+ - name: SUBSCRIBER_IMAGE
+ value: "litmuschaos/litmusportal-subscriber:3.0.0-beta8"
+ - name: EVENT_TRACKER_IMAGE
+ value: "litmuschaos/litmusportal-event-tracker:3.0.0-beta8"
+ - name: ARGO_WORKFLOW_CONTROLLER_IMAGE
+ value: "litmuschaos/workflow-controller:v3.3.1"
+ - name: ARGO_WORKFLOW_EXECUTOR_IMAGE
+ value: "litmuschaos/argoexec:v3.3.1"
+ - name: LITMUS_CHAOS_OPERATOR_IMAGE
+ value: "litmuschaos/chaos-operator:3.0.0-beta3"
+ - name: LITMUS_CHAOS_RUNNER_IMAGE
+ value: "litmuschaos/chaos-runner:3.0.0-beta3"
+ - name: LITMUS_CHAOS_EXPORTER_IMAGE
+ value: "litmuschaos/chaos-exporter:3.0.0-beta3"
+ - name: SERVER_SERVICE_NAME
+ value: "litmusportal-server-service"
+ - name: AGENT_DEPLOYMENTS
+ value: "[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]"
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: SELF_AGENT_NODE_SELECTOR
+ value: ""
+ - name: SELF_AGENT_TOLERATIONS
+ value: ""
+ - name: CHAOS_CENTER_UI_ENDPOINT
+ value: ""
+ - name: INGRESS
+ value: "false"
+ - name: INGRESS_NAME
+ value: "litmus-ingress"
+ - name: CONTAINER_RUNTIME_EXECUTOR
+ value: "k8sapi"
+ - name: HUB_BRANCH_NAME
+ value: "v3.0.0-beta3"
+ - name: LITMUS_AUTH_GRPC_ENDPOINT
+ value: "litmusportal-auth-server-service.litmus.svc.cluster.local"
+ - name: LITMUS_AUTH_GRPC_PORT
+ value: ":3030"
+ - name: WORKFLOW_HELPER_IMAGE_VERSION
+ value: "3.0.0-beta3"
+ - name: REMOTE_HUB_MAX_SIZE
+ value: "5000000"
+ ports:
+ - containerPort: 8080
+ - containerPort: 8000
+ imagePullPolicy: Always
+ serviceAccountName: litmus-server-account
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-server-service
+ namespace: litmus
+spec:
+ type: NodePort
+ ports:
+ - name: graphql-server
+ port: 9002
+ targetPort: 8080
+ - name: graphql-rpc-server
+ port: 8000
+ targetPort: 8000
+ selector:
+ component: litmusportal-server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-auth-server
+ namespace: litmus
+ labels:
+ component: litmusportal-auth-server
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-auth-server
+ template:
+ metadata:
+ labels:
+ component: litmusportal-auth-server
+ spec:
+ automountServiceAccountToken: false
+ initContainers:
+ - name: wait-for-mongodb
+ image: litmuschaos/curl:3.0.0-beta4
+ command: ["/bin/sh", "-c"]
+ args:
+ [
+ "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'",
+ ]
+ containers:
+ - name: auth-server
+ image: litmuschaos/litmusportal-auth-server:3.0.0-beta8
+ securityContext:
+ runAsUser: 2000
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ envFrom:
+ - configMapRef:
+ name: litmus-portal-admin-config
+ - secretRef:
+ name: litmus-portal-admin-secret
+ env:
+ - name: STRICT_PASSWORD_POLICY
+ value: "false"
+ - name: ADMIN_USERNAME
+ value: "admin"
+ - name: ADMIN_PASSWORD
+ value: "litmus"
+ - name: LITMUS_GQL_GRPC_ENDPOINT
+ value: "litmusportal-server-service.litmus.svc.cluster.local"
+ - name: LITMUS_GQL_GRPC_PORT
+ value: ":8000"
+ ports:
+ - containerPort: 3000
+ - containerPort: 3030
+ imagePullPolicy: Always
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-auth-server-service
+ namespace: litmus
+spec:
+ type: NodePort
+ ports:
+ - name: auth-server
+ port: 9003
+ targetPort: 3000
+ - name: auth-rpc-server
+ port: 3030
+ targetPort: 3030
+ selector:
+ component: litmusportal-auth-server
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: mongo
+ namespace: litmus
+ labels:
+ app: mongo
+spec:
+ selector:
+ matchLabels:
+ component: database
+ serviceName: mongo-headless-service
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ component: database
+ spec:
+ automountServiceAccountToken: false
+ containers:
+ - name: mongo
+ image: litmuschaos/mongo:4.2.8
+ securityContext:
+# runAsUser: 2000
+ allowPrivilegeEscalation: false
+# runAsNonRoot: true
+ args: ["--ipv6"]
+ ports:
+ - containerPort: 27017
+ imagePullPolicy: Always
+ volumeMounts:
+ - name: mongo-persistent-storage
+ mountPath: /data/db
+ env:
+ - name: MONGO_INITDB_ROOT_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: litmus-portal-admin-secret
+ key: DB_USER
+ - name: MONGO_INITDB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: litmus-portal-admin-secret
+ key: DB_PASSWORD
+ volumeClaimTemplates:
+ - metadata:
+ name: mongo-persistent-storage
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 20Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: mongo
+ name: mongo-service
+ namespace: litmus
+spec:
+ ports:
+ - port: 27017
+ targetPort: 27017
+ selector:
+ component: database
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: mongo
+ name: mongo-headless-service
+ namespace: litmus
+spec:
+ clusterIP: None
+ ports:
+ - port: 27017
+ targetPort: 27017
+ selector:
+ component: database
\ No newline at end of file
diff --git a/mkdocs/docs/3.0.0-beta8/litmus-3.0.0-beta8.yaml b/mkdocs/docs/3.0.0-beta8/litmus-3.0.0-beta8.yaml
new file mode 100644
index 00000000000..99de6b73527
--- /dev/null
+++ b/mkdocs/docs/3.0.0-beta8/litmus-3.0.0-beta8.yaml
@@ -0,0 +1,892 @@
+### RBAC Manifests
+## If SELF_AGENT="true" then these permissions are required to apply
+## https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/1b_argo_rbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: argo-cr-for-litmusportal-server
+rules:
+- apiGroups: [""]
+ resources: [pods, pods/exec]
+ verbs: [create, get, list, watch, update, patch, delete]
+- apiGroups: [""]
+ resources: [configmaps]
+ verbs: [get, watch, list]
+- apiGroups: [""]
+ resources: [persistentvolumeclaims]
+ verbs: [create, delete]
+- apiGroups: [argoproj.io]
+ resources: [workflows, workflows/finalizers]
+ verbs: [get, list, watch, update, patch, delete, create]
+- apiGroups: [argoproj.io]
+ resources: [workflowtemplates, workflowtemplates/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, workflowtasksets]
+ verbs: [get, list, watch]
+- apiGroups: [argoproj.io]
+ resources: [workflowtaskresults]
+ verbs: [list, watch, deletecollection]
+- apiGroups: [""]
+ resources: [serviceaccounts]
+ verbs: [get, list]
+- apiGroups: [argoproj.io]
+ resources: [cronworkflows, cronworkflows/finalizers]
+ verbs: [get, list, watch, update, patch, delete]
+- apiGroups: [""]
+ resources: [events]
+ verbs: [create, patch]
+- apiGroups: [policy]
+ resources: [poddisruptionbudgets]
+ verbs: [create, get, delete]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: argo-crb-for-litmusportal-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: argo-cr-for-litmusportal-server
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+ namespace: litmus
+#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/2b_litmus_rbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: litmus-cluster-scope-for-litmusportal-server
+ labels:
+ app.kubernetes.io/name: litmus
+ # provide unique instance-id if applicable
+ # app.kubernetes.io/instance: litmus-abcxzy
+ app.kubernetes.io/version: 3.0.0-beta8
+ app.kubernetes.io/component: operator-clusterrole
+ app.kubernetes.io/part-of: litmus
+ app.kubernetes.io/managed-by: kubectl
+ name: litmus-cluster-scope-for-litmusportal-server
+rules:
+ - apiGroups: [""]
+ resources: [replicationcontrollers, secrets]
+ verbs: [get, list]
+ - apiGroups: [apps.openshift.io]
+ resources: [deploymentconfigs]
+ verbs: [get, list]
+ - apiGroups: [apps]
+ resources: [deployments, daemonsets, replicasets, statefulsets]
+ verbs: [get, list]
+ - apiGroups: [batch]
+ resources: [jobs]
+ verbs: [get, list, deletecollection]
+ - apiGroups: [argoproj.io]
+ resources: [rollouts]
+ verbs: [get, list]
+ - apiGroups: [""]
+ resources: [pods, configmaps, events, services]
+ verbs: [get, create, update, patch, delete, list, watch, deletecollection]
+ - apiGroups: [litmuschaos.io]
+ resources: [chaosengines, chaosexperiments, chaosresults]
+ verbs: [get, create, update, patch, delete, list, watch, deletecollection]
+ - apiGroups: [apiextensions.k8s.io]
+ resources: [customresourcedefinitions]
+ verbs: [list, get]
+ - apiGroups: ["litmuschaos.io"]
+ resources: ["chaosengines/finalizers"]
+ verbs: ["update"]
+ - apiGroups: [ "coordination.k8s.io" ]
+ resources: [ "leases" ]
+ verbs: [ "get","create","list","update","delete" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: litmus-cluster-scope-crb-for-litmusportal-server
+ labels:
+ app.kubernetes.io/name: litmus
+ # provide unique instance-id if applicable
+ # app.kubernetes.io/instance: litmus-abcxzy
+ app.kubernetes.io/version: 3.0.0-beta8
+ app.kubernetes.io/component: operator-clusterrolebinding
+ app.kubernetes.io/part-of: litmus
+ app.kubernetes.io/managed-by: kubectl
+ name: litmus-cluster-scope-crb-for-litmusportal-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: litmus-cluster-scope-for-litmusportal-server
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+ namespace: litmus
+#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/cluster/3a_agents_rbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: litmus-admin-cr-for-litmusportal-server
+ labels:
+ name: litmus-admin-cr-for-litmusportal-server
+rules:
+ # ***************************************************************************************
+ # Permissions needed for preparing and monitor the chaos resources by chaos-runner
+ # ***************************************************************************************
+
+ # The chaos operator watches the chaosengine resource and orchestartes the chaos experiment..
+ ## .. by creating the chaos-runner
+
+ # for creating and monitoring the chaos-runner pods
+- apiGroups: [""]
+ resources: [pods,events]
+ verbs: [create, delete, get, list, patch, update, deletecollection]
+
+ # for fetching configmaps and secrets to inject into chaos-runner pod (if specified)
+- apiGroups: [""]
+ resources: [secrets, configmaps]
+ verbs: [get, list]
+
+ # for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner
+- apiGroups: [""]
+ resources: [pods/log]
+ verbs: [get, list, watch]
+
+ # for configuring and monitor the experiment job by chaos-runner pod
+- apiGroups: [batch]
+ resources: [jobs]
+ verbs: [create, list, get, delete, deletecollection]
+
+ # ********************************************************************
+ # Permissions needed for creation and discovery of chaos experiments
+ # ********************************************************************
+
+ # The helper pods are created by experiment to perform the actual chaos injection ...
+ # ... for a period of chaos duration
+
+ # for creating and deleting the helper or target app pod and events by experiment
+- apiGroups: [""]
+ resources: [pods]
+ verbs: [create, delete, deletecollection]
+
+ # for creating and monitoring the events for chaos operations
+- apiGroups: [""]
+ resources: [events]
+ verbs: [create, delete, get, list, patch, update, deletecollection]
+
+ # for monitoring the helper and target app pod
+- apiGroups: [""]
+ resources: [pods]
+ verbs: [get, list, patch, update]
+
+ # for creating and managing to execute comands inside target container
+- apiGroups: [""]
+ resources: [pods/exec, pods/eviction, replicationcontrollers]
+ verbs: [get,list,create]
+
+ # for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment
+- apiGroups: [""]
+ resources: [pods/log]
+ verbs: [get, list, watch]
+
+ # for creating and monitoring liveness services or monitoring target app services during chaos injection
+- apiGroups: [""]
+ resources: [services]
+ verbs: [create, delete, get, list, delete, deletecollection]
+
+ # for checking the app parent resources as deployments or sts and are eligible chaos candidates
+- apiGroups: [apps]
+ resources: [deployments, statefulsets]
+ verbs: [list, get, patch, update, create, delete]
+
+ # for checking the app parent resources as replicasets and are eligible chaos candidates
+- apiGroups: [apps]
+ resources: [replicasets]
+ verbs: [list, get]
+
+ # for checking the app parent resources as deamonsets and are eligible chaos candidates
+- apiGroups: [apps]
+ resources: [daemonsets]
+ verbs: [list, get, delete]
+
+ # for checking (openshift) app parent resources if they are eligible chaos candidates
+- apiGroups: [apps.openshift.io]
+ resources: [deploymentconfigs]
+ verbs: [list, get]
+
+ # for checking (argo) app parent resources if they are eligible chaos candidates
+- apiGroups: [argoproj.io]
+ resources: [rollouts]
+ verbs: [list, get]
+
+ # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
+- apiGroups: [litmuschaos.io]
+ resources: [chaosengines, chaosexperiments, chaosresults]
+ verbs: [create, list, get, patch, update, delete]
+
+ # for experiment to perform node status checks and other node level operations like taint, drain in the experiment.
+- apiGroups: [""]
+ resources: [nodes]
+ verbs: [patch, get, list, update]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: litmus-admin-crb-for-litmusportal-server
+ labels:
+ name: litmus-admin-crb-for-litmusportal-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: litmus-admin-cr-for-litmusportal-server
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+ namespace: litmus
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: chaos-cr-for-litmusportal-server
+rules:
+ # for managing the pods created by workflow controller to implement individual steps in the workflow
+ - apiGroups: [""]
+ resources: [pods, services, namespaces]
+ verbs: [create, get, watch, patch, delete, list]
+
+ # for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow
+ - apiGroups: [""]
+ resources: [pods/log, secrets, configmaps]
+ verbs: [get, watch, create, delete, patch]
+
+ # for creation & deletion of application in predefined workflows
+ - apiGroups: [apps]
+ resources: [deployments, statefulsets]
+ verbs: [get, watch, patch, create, delete]
+
+ # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
+ - apiGroups: [litmuschaos.io]
+ resources: [chaosengines, chaosexperiments, chaosresults, chaosschedules]
+ verbs: [create, list, get, patch, delete, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: chaos-crb-for-litmusportal-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: chaos-cr-for-litmusportal-server
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+ namespace: litmus
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: subscriber-cr-for-litmusportal-server
+ namespace: litmus
+ labels:
+ name: subscriber-cr-for-litmusportal-server
+rules:
+- apiGroups: [""]
+ resources: [configmaps, secrets]
+ verbs: [get, create, delete, update]
+- apiGroups: [""]
+ resources: [pods/log]
+ verbs: [get, list, watch]
+- apiGroups: [""]
+ resources: [pods, namespaces, nodes, services]
+ verbs: [get, list, watch]
+- apiGroups: [litmuschaos.io]
+ resources: [chaosengines, chaosschedules, chaosresults]
+ verbs: [get, list, create, delete, update, watch]
+- apiGroups: [apps.openshift.io]
+ resources: [deploymentconfigs]
+ verbs: [get, list]
+- apiGroups: [apps]
+ resources: [deployments, daemonsets, replicasets, statefulsets]
+ verbs: [get, list, delete, deletecollection]
+- apiGroups: [argoproj.io]
+ resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, clusterworkflowtemplates, clusterworkflowtemplates/finalizers, rollouts]
+ verbs: [get, list, create, delete, update, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: subscriber-crb-for-litmusportal-server
+ namespace: litmus
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+ namespace: litmus
+roleRef:
+ kind: ClusterRole
+ name: subscriber-cr-for-litmusportal-server
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: event-tracker-cr-for-litmusportal-server
+rules:
+- apiGroups: [eventtracker.litmuschaos.io]
+ resources: [eventtrackerpolicies]
+ verbs: [create, delete, get, list, patch, update, watch]
+- apiGroups: [eventtracker.litmuschaos.io]
+ resources: [eventtrackerpolicies/status]
+ verbs: [get, patch, update]
+- apiGroups: ["", extensions, apps]
+ resources: [deployments, daemonsets, statefulsets, pods, configmaps, secrets]
+ verbs: [get, list, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: event-tracker-crb-for-litmusportal-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: event-tracker-cr-for-litmusportal-server
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+ namespace: litmus
+# litmus-server-cr is used by the litmusportal-server
+# If SELF_AGENT=false, then only litmus-server-cr and litmus-server-crb are required.
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: litmus-server-cr
+rules:
+ - apiGroups: [networking.k8s.io, extensions]
+ resources: [ingresses]
+ verbs: [get]
+ - apiGroups: [""]
+ resources: [services, nodes, pods/log]
+ verbs: [get, watch]
+ - apiGroups: [apiextensions.k8s.io]
+ resources: [customresourcedefinitions]
+ verbs: [create]
+ - apiGroups: [apps]
+ resources: [deployments]
+ verbs: [create]
+ - apiGroups: [""]
+ resources: [configmaps]
+ verbs: [get]
+ - apiGroups: [""]
+ resources: [serviceaccounts]
+ verbs: [create]
+ - apiGroups: [rbac.authorization.k8s.io]
+ resources: [rolebindings, roles, clusterrolebindings, clusterroles]
+ verbs: [create]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: litmus-server-crb
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: litmus-server-cr
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+ namespace: litmus
+## Control plane manifests
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: litmus
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: litmus-server-account
+ namespace: litmus
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: litmus-portal-admin-secret
+ namespace: litmus
+stringData:
+ JWT_SECRET: "litmus-portal@123"
+ DB_USER: "admin"
+ DB_PASSWORD: "1234"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: litmus-portal-admin-config
+ namespace: litmus
+data:
+ DB_SERVER: "mongodb://mongo-service:27017"
+ AGENT_SCOPE: cluster
+ AGENT_NAMESPACE: litmus
+ VERSION: "3.0.0-beta8"
+ SKIP_SSL_VERIFY: "false"
+ # Configurations if you are using dex for OAuth
+ DEX_ENABLED: "false"
+ OIDC_ISSUER: "http://:32000"
+ DEX_OAUTH_CALLBACK_URL: "http://:8080/auth/dex/callback"
+ DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend"
+ DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0"
+ OAuthJwtSecret: "litmus-oauth@123"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: litmusportal-frontend-nginx-configuration
+ namespace: litmus
+data:
+ default.conf: |
+ map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+ }
+ server {
+ listen 8080;
+ server_name localhost;
+ #charset koi8-r;
+ #access_log /var/log/nginx/host.access.log main;
+
+ location / {
+ proxy_http_version 1.1;
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ try_files $uri /index.html;
+ }
+
+ #error_page 404 /404.html;
+
+ # redirect server error pages to the static page /50x.html
+ #
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ #
+ #location ~ /\.ht {
+ # deny all;
+ #}
+
+ location /auth/ {
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass "http://litmusportal-auth-server-service:9003/";
+ }
+
+ location /api/ {
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass "http://litmusportal-server-service:9002/";
+ }
+
+ location /ws/ {
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass "http://litmusportal-server-service:9002/";
+ }
+ }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-frontend
+ namespace: litmus
+ labels:
+ component: litmusportal-frontend
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-frontend
+ template:
+ metadata:
+ labels:
+ component: litmusportal-frontend
+ spec:
+ automountServiceAccountToken: false
+ containers:
+ - name: litmusportal-frontend
+ image: litmuschaos/litmusportal-frontend:3.0.0-beta8
+ imagePullPolicy: Always
+ securityContext:
+ runAsUser: 2000
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ ports:
+ - containerPort: 8080
+ resources:
+ requests:
+ memory: "150Mi"
+ cpu: "125m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "512Mi"
+ cpu: "550m"
+ ephemeral-storage: "1Gi"
+ volumeMounts:
+ - name: nginx-config
+ mountPath: /etc/nginx/conf.d/default.conf
+ subPath: default.conf
+ volumes:
+ - name: nginx-config
+ configMap:
+ name: litmusportal-frontend-nginx-configuration
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-frontend-service
+ namespace: litmus
+spec:
+ type: NodePort
+ ports:
+ - name: http
+ port: 9091
+ targetPort: 8080
+ selector:
+ component: litmusportal-frontend
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-server
+ namespace: litmus
+ labels:
+ component: litmusportal-server
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-server
+ template:
+ metadata:
+ labels:
+ component: litmusportal-server
+ spec:
+ initContainers:
+ - name: wait-for-mongodb
+ image: litmuschaos/curl:3.0.0-beta4
+ command: ["/bin/sh", "-c"]
+ args:
+ [
+ "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'",
+ ]
+ resources:
+ requests:
+ memory: "150Mi"
+ cpu: "25m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "512Mi"
+ cpu: "250m"
+ ephemeral-storage: "1Gi"
+ volumes:
+ - name: gitops-storage
+ emptyDir: {}
+ - name: hub-storage
+ emptyDir: {}
+ containers:
+ - name: graphql-server
+ image: litmuschaos/litmusportal-server:3.0.0-beta8
+ volumeMounts:
+ - mountPath: /tmp/
+ name: gitops-storage
+ - mountPath: /tmp/version
+ name: hub-storage
+ securityContext:
+ runAsUser: 2000
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ envFrom:
+ - configMapRef:
+ name: litmus-portal-admin-config
+ - secretRef:
+ name: litmus-portal-admin-secret
+ env:
+ - name: SELF_AGENT
+ value: "true"
+ # if self-signed certificate are used pass the k8s tls secret name created in portal ns, to allow agents to use tls for communication
+ - name: TLS_SECRET_NAME
+ value: ""
+ - name: LITMUS_PORTAL_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: CHAOS_CENTER_SCOPE
+ value: "cluster"
+ - name: SUBSCRIBER_IMAGE
+ value: "litmuschaos/litmusportal-subscriber:3.0.0-beta8"
+ - name: EVENT_TRACKER_IMAGE
+ value: "litmuschaos/litmusportal-event-tracker:3.0.0-beta8"
+ - name: ARGO_WORKFLOW_CONTROLLER_IMAGE
+ value: "litmuschaos/workflow-controller:v3.3.1"
+ - name: ARGO_WORKFLOW_EXECUTOR_IMAGE
+ value: "litmuschaos/argoexec:v3.3.1"
+ - name: LITMUS_CHAOS_OPERATOR_IMAGE
+ value: "litmuschaos/chaos-operator:3.0.0-beta3"
+ - name: LITMUS_CHAOS_RUNNER_IMAGE
+ value: "litmuschaos/chaos-runner:3.0.0-beta3"
+ - name: LITMUS_CHAOS_EXPORTER_IMAGE
+ value: "litmuschaos/chaos-exporter:3.0.0-beta3"
+ - name: SERVER_SERVICE_NAME
+ value: "litmusportal-server-service"
+ - name: AGENT_DEPLOYMENTS
+ value: "[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]"
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: SELF_AGENT_NODE_SELECTOR
+ value: ""
+ - name: SELF_AGENT_TOLERATIONS
+ value: ""
+ - name: CHAOS_CENTER_UI_ENDPOINT
+ value: ""
+ - name: INGRESS
+ value: "false"
+ - name: INGRESS_NAME
+ value: "litmus-ingress"
+ - name: CONTAINER_RUNTIME_EXECUTOR
+ value: "k8sapi"
+ - name: HUB_BRANCH_NAME
+ value: "v3.0.0-beta3"
+ - name: LITMUS_AUTH_GRPC_ENDPOINT
+ value: "litmusportal-auth-server-service.litmus.svc.cluster.local"
+ - name: LITMUS_AUTH_GRPC_PORT
+ value: ":3030"
+ - name: WORKFLOW_HELPER_IMAGE_VERSION
+ value: "3.0.0-beta3"
+ - name: REMOTE_HUB_MAX_SIZE
+ value: "5000000"
+ ports:
+ - containerPort: 8080
+ - containerPort: 8000
+ imagePullPolicy: Always
+ resources:
+ requests:
+ memory: "250Mi"
+ cpu: "225m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "712Mi"
+ cpu: "550m"
+ ephemeral-storage: "1Gi"
+ serviceAccountName: litmus-server-account
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-server-service
+ namespace: litmus
+spec:
+ type: NodePort
+ ports:
+ - name: graphql-server
+ port: 9002
+ targetPort: 8080
+ - name: graphql-rpc-server
+ port: 8000
+ targetPort: 8000
+ selector:
+ component: litmusportal-server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-auth-server
+ namespace: litmus
+ labels:
+ component: litmusportal-auth-server
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-auth-server
+ template:
+ metadata:
+ labels:
+ component: litmusportal-auth-server
+ spec:
+ automountServiceAccountToken: false
+ initContainers:
+ - name: wait-for-mongodb
+ image: litmuschaos/curl:3.0.0-beta4
+ command: ["/bin/sh", "-c"]
+ args:
+ [
+ "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'",
+ ]
+ resources:
+ requests:
+ memory: "150Mi"
+ cpu: "25m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "225Mi"
+ cpu: "250m"
+ ephemeral-storage: "1Gi"
+ containers:
+ - name: auth-server
+ image: litmuschaos/litmusportal-auth-server:3.0.0-beta8
+ securityContext:
+ runAsUser: 2000
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ envFrom:
+ - configMapRef:
+ name: litmus-portal-admin-config
+ - secretRef:
+ name: litmus-portal-admin-secret
+ env:
+ - name: STRICT_PASSWORD_POLICY
+ value: "false"
+ - name: ADMIN_USERNAME
+ value: "admin"
+ - name: ADMIN_PASSWORD
+ value: "litmus"
+ - name: LITMUS_GQL_GRPC_ENDPOINT
+ value: "litmusportal-server-service.litmus.svc.cluster.local"
+ - name: LITMUS_GQL_GRPC_PORT
+ value: ":8000"
+ resources:
+ requests:
+ memory: "250Mi"
+ cpu: "225m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "712Mi"
+ cpu: "550m"
+ ephemeral-storage: "1Gi"
+ ports:
+ - containerPort: 3000
+ - containerPort: 3030
+ imagePullPolicy: Always
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-auth-server-service
+ namespace: litmus
+spec:
+ type: NodePort
+ ports:
+ - name: auth-server
+ port: 9003
+ targetPort: 3000
+ - name: auth-rpc-server
+ port: 3030
+ targetPort: 3030
+ selector:
+ component: litmusportal-auth-server
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: mongo
+ namespace: litmus
+ labels:
+ app: mongo
+spec:
+ selector:
+ matchLabels:
+ component: database
+ serviceName: mongo-headless-service
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ component: database
+ spec:
+ automountServiceAccountToken: false
+ containers:
+ - name: mongo
+ image: litmuschaos/mongo:4.2.8
+ securityContext:
+# runAsUser: 2000
+ allowPrivilegeEscalation: false
+# runAsNonRoot: true
+ args: ["--ipv6"]
+ ports:
+ - containerPort: 27017
+ imagePullPolicy: Always
+ volumeMounts:
+ - name: mongo-persistent-storage
+ mountPath: /data/db
+ resources:
+ requests:
+ memory: "550Mi"
+ cpu: "225m"
+ ephemeral-storage: "1Gi"
+ limits:
+ memory: "1Gi"
+ cpu: "750m"
+ ephemeral-storage: "3Gi"
+ env:
+ - name: MONGO_INITDB_ROOT_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: litmus-portal-admin-secret
+ key: DB_USER
+ - name: MONGO_INITDB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: litmus-portal-admin-secret
+ key: DB_PASSWORD
+ volumeClaimTemplates:
+ - metadata:
+ name: mongo-persistent-storage
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 20Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: mongo
+ name: mongo-service
+ namespace: litmus
+spec:
+ ports:
+ - port: 27017
+ targetPort: 27017
+ selector:
+ component: database
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: mongo
+ name: mongo-headless-service
+ namespace: litmus
+spec:
+ clusterIP: None
+ ports:
+ - port: 27017
+ targetPort: 27017
+ selector:
+ component: database
\ No newline at end of file
diff --git a/mkdocs/docs/3.0.0-beta8/litmus-namespaced-3.0.0-beta8.yaml b/mkdocs/docs/3.0.0-beta8/litmus-namespaced-3.0.0-beta8.yaml
new file mode 100644
index 00000000000..88d444a8650
--- /dev/null
+++ b/mkdocs/docs/3.0.0-beta8/litmus-namespaced-3.0.0-beta8.yaml
@@ -0,0 +1,857 @@
+### RBAC Manifests
+## If SELF_AGENT="true" then these permissions are required to apply
+## https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/namespace/1b_argo_rbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: argo-role-for-litmusportal-server
+rules:
+ - apiGroups: [""]
+ resources: [pods, pods/exec]
+ verbs: [create, get, list, watch, update, patch, delete]
+ - apiGroups: [""]
+ resources: [configmaps]
+ verbs: [get, watch, list]
+ - apiGroups: [""]
+ resources: [persistentvolumeclaims]
+ verbs: [create, delete]
+ - apiGroups: [argoproj.io]
+ resources: [workflows, workflows/finalizers]
+ verbs: [get, list, watch, update, patch, delete, create]
+ - apiGroups: [argoproj.io]
+ resources: [workflowtemplates, workflowtemplates/finalizers,workflowtasksets]
+ verbs: [get, list, watch]
+ - apiGroups: [argoproj.io]
+ resources: [workflowtaskresults]
+ verbs: [list, watch, deletecollection]
+ - apiGroups: [""]
+ resources: [serviceaccounts]
+ verbs: [get, list]
+ - apiGroups: [""]
+ resources: [secrets]
+ verbs: [get]
+ - apiGroups: [argoproj.io]
+ resources: [cronworkflows, cronworkflows/finalizers]
+ verbs: [get, list, watch, update, patch, delete]
+ - apiGroups: [""]
+ resources: [events]
+ verbs: [create, patch]
+ - apiGroups: [policy]
+ resources: [poddisruptionbudgets]
+ verbs: [create, get, delete]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: argo-rb-for-litmusportal-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: argo-role-for-litmusportal-server
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: litmus-namespace-scope-for-litmusportal-server
+ labels:
+ app.kubernetes.io/name: litmus
+ # provide unique instance-id if applicable
+ # app.kubernetes.io/instance: litmus-abcxzy
+ app.kubernetes.io/version: 3.0.0-beta8
+ app.kubernetes.io/component: operator-role
+ app.kubernetes.io/part-of: litmus
+ app.kubernetes.io/managed-by: kubectl
+ name: litmus-namespace-scope-for-litmusportal-server
+rules:
+ - apiGroups: [""]
+ resources: [replicationcontrollers, secrets]
+ verbs: [get, list]
+ - apiGroups: [apps.openshift.io]
+ resources: [deploymentconfigs]
+ verbs: [get, list]
+ - apiGroups: [apps]
+ resources: [deployments, daemonsets, replicasets, statefulsets]
+ verbs: [get, list, update]
+ - apiGroups: [batch]
+ resources: [jobs]
+ verbs: [get, list, create, deletecollection]
+ - apiGroups: [argoproj.io]
+ resources: [rollouts]
+ verbs: [get, list]
+ - apiGroups: [""]
+ resources: [pods, pods/exec, configmaps, events, services]
+ verbs: [get, create, update, patch, delete, list, watch, deletecollection]
+ - apiGroups: [litmuschaos.io]
+ resources: [chaosengines, chaosexperiments, chaosresults]
+ verbs: [get, create, update, patch, delete, list, watch, deletecollection]
+ - apiGroups: ["litmuschaos.io"]
+ resources: ["chaosengines/finalizers"]
+ verbs: ["update"]
+ - apiGroups: [ "coordination.k8s.io" ]
+ resources: [ "leases" ]
+ verbs: [ "get","create","list","update","delete" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: litmus-namespace-scope-rb-for-litmusportal-server
+ labels:
+ app.kubernetes.io/name: litmus
+ # provide unique instance-id if applicable
+ # app.kubernetes.io/instance: litmus-abcxzy
+ app.kubernetes.io/version: 3.0.0-beta8
+ app.kubernetes.io/component: operator-rolebinding
+ app.kubernetes.io/part-of: litmus
+ app.kubernetes.io/managed-by: kubectl
+ name: litmus-namespace-scope-rb-for-litmusportal-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: litmus-namespace-scope-for-litmusportal-server
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+#these permissions are required to apply https://github.com/litmuschaos/litmus/blob/master/litmus-portal/graphql-server/manifests/namespace/3a_agents_rbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: subscriber-role-for-litmusportal-server
+ labels:
+ name: subscriber-role-for-litmusportal-server
+rules:
+ - apiGroups: [""]
+ resources: [configmaps, secrets]
+ verbs: [get, create, delete, update]
+
+ - apiGroups: [""]
+ resources: [pods/log]
+ verbs: [get, list, watch]
+
+ - apiGroups: [""]
+ resources: [pods, services]
+ verbs: [get, list, watch]
+
+ - apiGroups: [litmuschaos.io]
+ resources: [chaosengines, chaosschedules, chaosresults]
+ verbs: [get, list, create, delete, update, watch]
+
+ - apiGroups: [apps.openshift.io]
+ resources: [deploymentconfigs]
+ verbs: [get, list]
+
+ - apiGroups: [apps]
+ resources: [deployments, daemonsets, replicasets, statefulsets]
+ verbs: [get, list, delete, deletecollection]
+
+ - apiGroups: [argoproj.io]
+ resources: [workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers, cronworkflows, cronworkflows/finalizers, rollouts]
+ verbs: [get, list, create, delete, update, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: subscriber-rb-for-litmusportal-server
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+roleRef:
+ kind: Role
+ name: subscriber-role-for-litmusportal-server
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: litmus-admin-role-for-litmusportal-server
+ labels:
+ name: litmus-admin-role-for-litmusportal-server
+rules:
+ # ***************************************************************************************
+ # Permissions needed for preparing and monitor the chaos resources by chaos-runner
+ # ***************************************************************************************
+
+ # The chaos operator watches the chaosengine resource and orchestartes the chaos experiment..
+ ## .. by creating the chaos-runner
+
+ # for creating and monitoring the chaos-runner pods
+ - apiGroups: [""]
+ resources: [pods, events]
+ verbs: [create, delete, get, list, patch, update, deletecollection]
+
+ # for fetching configmaps and secrets to inject into chaos-runner pod (if specified)
+ - apiGroups: [""]
+ resources: [secrets, configmaps]
+ verbs: [get, list]
+
+ # for tracking & getting logs of the pods created by chaos-runner to implement individual steps in the runner
+ - apiGroups: [""]
+ resources: [pods/log]
+ verbs: [get, list, watch]
+
+ # for configuring and monitor the experiment job by chaos-runner pod
+ - apiGroups: [batch]
+ resources: [jobs]
+ verbs: [create, list, get, delete, deletecollection]
+
+ # ********************************************************************
+ # Permissions needed for creation and discovery of chaos experiments
+ # ********************************************************************
+
+ # The helper pods are created by experiment to perform the actual chaos injection ...
+ # ... for a period of chaos duration
+
+ # for creating and deleting the helper or target app pod and events by experiment
+ - apiGroups: [""]
+ resources: [pods]
+ verbs: [create, delete, deletecollection]
+
+ # for creating and monitoring the events for chaos operations
+ - apiGroups: [""]
+ resources: [events]
+ verbs: [create, delete, get, list, patch, update, deletecollection]
+
+ # for monitoring the helper and target app pod
+ - apiGroups: [""]
+ resources: [pods]
+ verbs: [get, list, patch, update]
+
+ # for creating and managing to execute comands inside target container
+ - apiGroups: [""]
+ resources: [pods/exec, pods/eviction, replicationcontrollers]
+ verbs: [get, list, create]
+
+ # for tracking & getting logs of the pods created by experiment pod to implement individual steps in the experiment
+ - apiGroups: [""]
+ resources: [pods/log]
+ verbs: [get, list, watch]
+
+ # for creating and monitoring liveness services or monitoring target app services during chaos injection
+ - apiGroups: [""]
+ resources: [services]
+ verbs: [create, delete, get, list, delete, deletecollection]
+
+ # for checking the app parent resources as deployments or sts and are eligible chaos candidates
+ - apiGroups: [apps]
+ resources: [deployments, statefulsets]
+ verbs: [list, get, patch, update, create, delete]
+
+ # for checking the app parent resources as replicasets and are eligible chaos candidates
+ - apiGroups: [apps]
+ resources: [replicasets]
+ verbs: [list, get]
+
+ # for checking the app parent resources as deamonsets and are eligible chaos candidates
+ - apiGroups: [apps]
+ resources: [daemonsets]
+ verbs: [list, get, delete]
+
+ # for checking (openshift) app parent resources if they are eligible chaos candidates
+ - apiGroups: [apps.openshift.io]
+ resources: [deploymentconfigs]
+ verbs: [list, get]
+
+ # for checking (argo) app parent resources if they are eligible chaos candidates
+ - apiGroups: [argoproj.io]
+ resources: [rollouts]
+ verbs: [list, get]
+
+ # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
+ - apiGroups: [litmuschaos.io]
+ resources: [chaosengines, chaosexperiments, chaosresults]
+ verbs: [create, list, get, patch, update, delete]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: litmus-admin-rb-for-litmusportal-server
+ labels:
+ name: litmus-admin-rb-for-litmusportal-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: litmus-admin-role-for-litmusportal-server
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: chaos-role-for-litmusportal-server
+rules:
+ # for managing the pods created by workflow controller to implement individual steps in the workflow
+ - apiGroups: [""]
+ resources: [pods, services]
+ verbs: [create, get, watch, patch, delete, list]
+
+ # for tracking & getting logs of the pods created by workflow controller to implement individual steps in the workflow
+ - apiGroups: [""]
+ resources: [pods/log, secrets, configmaps]
+ verbs: [get, watch, create, delete, patch]
+
+ # for creation & deletion of application in predefined workflows
+ - apiGroups: [apps]
+ resources: [deployments, statefulsets]
+ verbs: [get, watch, patch , create, delete]
+
+ # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
+ - apiGroups: [litmuschaos.io]
+ resources:
+ [chaosengines, chaosexperiments, chaosresults, chaosschedules]
+ verbs: [create, list, get, patch, delete, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: chaos-rb-for-litmusportal-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: chaos-role-for-litmusportal-server
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: event-tracker-role-for-litmusportal-server
+rules:
+ - apiGroups: [eventtracker.litmuschaos.io]
+ resources: [eventtrackerpolicies]
+ verbs: [create, delete, get, list, patch, update, watch]
+ - apiGroups: [eventtracker.litmuschaos.io]
+ resources: [eventtrackerpolicies/status]
+ verbs: [get, patch, update]
+ - apiGroups: [""]
+ resources: [pods, configmaps, secrets]
+ verbs: [get, list, watch]
+ - apiGroups: [extensions, apps]
+ resources: [deployments, daemonsets, statefulsets]
+ verbs: [get, list, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: event-tracker-rb-for-litmusportal-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: event-tracker-role-for-litmusportal-server
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+# litmus-server-role is used by the litmusportal-server
+# If SELF_AGENT=false, then only litmus-server-role and litmus-server-rb are required.
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: litmus-server-role
+rules:
+ - apiGroups: [networking.k8s.io, extensions]
+ resources: [ingresses]
+ verbs: [get]
+ - apiGroups: [""]
+ resources: [services, pods/log]
+ verbs: [get, watch]
+ - apiGroups: [apps]
+ resources: [deployments]
+ verbs: [create]
+ - apiGroups: [""]
+ resources: [configmaps]
+ verbs: [get]
+ - apiGroups: [""]
+ resources: [serviceaccounts]
+ verbs: [create]
+ - apiGroups: [rbac.authorization.k8s.io]
+ resources: [rolebindings, roles]
+ verbs: [create]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: litmus-server-rb
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: litmus-server-role
+subjects:
+ - kind: ServiceAccount
+ name: litmus-server-account
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: litmus-server-account
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: litmus-portal-admin-secret
+stringData:
+ JWT_SECRET: "litmus-portal@123"
+ DB_USER: "admin"
+ DB_PASSWORD: "1234"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: litmus-portal-admin-config
+data:
+ AGENT_SCOPE: namespace
+ DB_SERVER: "mongodb://mongo-service:27017"
+ VERSION: "3.0.0-beta8"
+ SKIP_SSL_VERIFY: "false"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: litmusportal-frontend-nginx-configuration
+data:
+ default.conf: |
+ map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+ }
+ server {
+ listen 8080;
+ server_name localhost;
+ #charset koi8-r;
+ #access_log /var/log/nginx/host.access.log main;
+
+ location / {
+ proxy_http_version 1.1;
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ try_files $uri /index.html;
+ }
+
+ #error_page 404 /404.html;
+
+ # redirect server error pages to the static page /50x.html
+ #
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ #
+ #location ~ /\.ht {
+ # deny all;
+ #}
+
+ location /auth/ {
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass "http://litmusportal-auth-server-service:9003/";
+ }
+
+ location /api/ {
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass "http://litmusportal-server-service:9002/";
+ }
+
+ location /ws/ {
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass "http://litmusportal-server-service:9002/";
+ }
+ }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-frontend
+ labels:
+ component: litmusportal-frontend
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-frontend
+ template:
+ metadata:
+ labels:
+ component: litmusportal-frontend
+ spec:
+ automountServiceAccountToken: false
+ containers:
+ - name: litmusportal-frontend
+ image: litmuschaos/litmusportal-frontend:3.0.0-beta8
+ securityContext:
+ runAsUser: 2000
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ volumeMounts:
+ - name: nginx-config
+ mountPath: /etc/nginx/conf.d/default.conf
+ subPath: default.conf
+ resources:
+ requests:
+ memory: "250Mi"
+ cpu: "125m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "512Mi"
+ cpu: "550m"
+ ephemeral-storage: "1Gi"
+ volumes:
+ - name: nginx-config
+ configMap:
+ name: litmusportal-frontend-nginx-configuration
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-frontend-service
+spec:
+ type: NodePort
+ ports:
+ - name: http
+ port: 9091
+ targetPort: 8080
+ selector:
+ component: litmusportal-frontend
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-server
+ labels:
+ component: litmusportal-server
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-server
+ template:
+ metadata:
+ labels:
+ component: litmusportal-server
+ spec:
+ initContainers:
+ - name: wait-for-mongodb
+ image: litmuschaos/curl:3.0.0-beta4
+ command: ["/bin/sh", "-c"]
+ args:
+ [
+ "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'",
+ ]
+ resources:
+ requests:
+ memory: "150Mi"
+ cpu: "25m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "512Mi"
+ cpu: "250m"
+ ephemeral-storage: "1Gi"
+ volumes:
+ - name: gitops-storage
+ emptyDir: {}
+ - name: hub-storage
+ emptyDir: {}
+ containers:
+ - name: graphql-server
+ image: litmuschaos/litmusportal-server:3.0.0-beta8
+ volumeMounts:
+ - mountPath: /tmp/gitops
+ name: gitops-storage
+ - mountPath: /tmp/version
+ name: hub-storage
+ securityContext:
+ runAsUser: 2000
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ envFrom:
+ - configMapRef:
+ name: litmus-portal-admin-config
+ - secretRef:
+ name: litmus-portal-admin-secret
+ env:
+ - name: LITMUS_PORTAL_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: AGENT_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: SELF_AGENT
+ value: "true"
+ - name: SELF_AGENT_NODE_SELECTOR
+ value: ""
+ - name: SELF_AGENT_TOLERATIONS
+ value: ""
+ # if self-signed certificate are used pass the base64 tls certificate, to allow agents to use tls for communication
+ - name: TLS_CERT_B64
+ value: ""
+ - name: CHAOS_CENTER_SCOPE
+ value: "namespace"
+ - name: AGENT_DEPLOYMENTS
+ value: "[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]"
+ - name: SERVER_SERVICE_NAME
+ value: "litmusportal-server-service"
+ - name: CHAOS_CENTER_UI_ENDPOINT
+ value: ""
+ - name: SUBSCRIBER_IMAGE
+ value: "litmuschaos/litmusportal-subscriber:3.0.0-beta8"
+ - name: EVENT_TRACKER_IMAGE
+ value: "litmuschaos/litmusportal-event-tracker:3.0.0-beta8"
+ - name: ARGO_WORKFLOW_CONTROLLER_IMAGE
+ value: "litmuschaos/workflow-controller:v3.3.1"
+ - name: ARGO_WORKFLOW_EXECUTOR_IMAGE
+ value: "litmuschaos/argoexec:v3.3.1"
+ - name: LITMUS_CHAOS_OPERATOR_IMAGE
+ value: "litmuschaos/chaos-operator:3.0.0-beta3"
+ - name: LITMUS_CHAOS_RUNNER_IMAGE
+ value: "litmuschaos/chaos-runner:3.0.0-beta3"
+ - name: LITMUS_CHAOS_EXPORTER_IMAGE
+ value: "litmuschaos/chaos-exporter:3.0.0-beta3"
+ - name: CONTAINER_RUNTIME_EXECUTOR
+ value: "k8sapi"
+ - name: HUB_BRANCH_NAME
+ value: "v3.0.0-beta3"
+ - name: LITMUS_AUTH_GRPC_ENDPOINT
+ value: "litmusportal-auth-server-service"
+ - name: LITMUS_AUTH_GRPC_PORT
+ value: ":3030"
+ - name: WORKFLOW_HELPER_IMAGE_VERSION
+ value: "3.0.0-beta3"
+ - name: REMOTE_HUB_MAX_SIZE
+ value: "5000000"
+ - name: INGRESS
+ value: "false"
+ - name: INGRESS_NAME
+ value: "litmus-ingress"
+ ports:
+ - containerPort: 8080
+ - containerPort: 8000
+ imagePullPolicy: Always
+ resources:
+ requests:
+ memory: "250Mi"
+ cpu: "225m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "712Mi"
+ cpu: "550m"
+ ephemeral-storage: "1Gi"
+ serviceAccountName: litmus-server-account
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-server-service
+spec:
+ type: NodePort
+ ports:
+ - name: graphql-server
+ port: 9002
+ targetPort: 8080
+ - name: graphql-rpc-server
+ port: 8000
+ targetPort: 8000
+ selector:
+ component: litmusportal-server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-auth-server
+ labels:
+ component: litmusportal-auth-server
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-auth-server
+ template:
+ metadata:
+ labels:
+ component: litmusportal-auth-server
+ spec:
+ automountServiceAccountToken: false
+ initContainers:
+ - name: wait-for-mongodb
+ image: litmuschaos/curl:3.0.0-beta4
+ command: ["/bin/sh", "-c"]
+ args:
+ [
+ "while [[ $(curl -sw '%{http_code}' http://mongo-service:27017 -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'",
+ ]
+ resources:
+ requests:
+ memory: "150Mi"
+ cpu: "25m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "512Mi"
+ cpu: "250m"
+ ephemeral-storage: "1Gi"
+ containers:
+ - name: auth-server
+ image: litmuschaos/litmusportal-auth-server:3.0.0-beta8
+ securityContext:
+ runAsUser: 2000
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ envFrom:
+ - configMapRef:
+ name: litmus-portal-admin-config
+ - secretRef:
+ name: litmus-portal-admin-secret
+ env:
+ - name: STRICT_PASSWORD_POLICY
+ value: "false"
+ - name: ADMIN_USERNAME
+ value: "admin"
+ - name: ADMIN_PASSWORD
+ value: "litmus"
+ - name: LITMUS_GQL_GRPC_ENDPOINT
+ value: "litmusportal-server-service"
+ - name: LITMUS_GQL_GRPC_PORT
+ value: ":8000"
+ ports:
+ - containerPort: 3000
+ - containerPort: 3030
+ imagePullPolicy: Always
+ resources:
+ requests:
+ memory: "250Mi"
+ cpu: "125m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "712Mi"
+ cpu: "550m"
+ ephemeral-storage: "1Gi"
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-auth-server-service
+spec:
+ type: NodePort
+ ports:
+ - name: auth-server
+ port: 9003
+ targetPort: 3000
+ - name: auth-rpc-server
+ port: 3030
+ targetPort: 3030
+ selector:
+ component: litmusportal-auth-server
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: mongo
+ labels:
+ app: mongo
+spec:
+ selector:
+ matchLabels:
+ component: database
+ serviceName: mongo-headless-service
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ component: database
+ spec:
+ automountServiceAccountToken: false
+ containers:
+ - name: mongo
+ image: litmuschaos/mongo:4.2.8
+ securityContext:
+ # runAsUser: 2000
+ allowPrivilegeEscalation: false
+ args: ["--ipv6"]
+ ports:
+ - containerPort: 27017
+ imagePullPolicy: Always
+ volumeMounts:
+ - name: mongo-persistent-storage
+ mountPath: /data/db
+ env:
+ - name: MONGO_INITDB_ROOT_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: litmus-portal-admin-secret
+ key: DB_USER
+ - name: MONGO_INITDB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: litmus-portal-admin-secret
+ key: DB_PASSWORD
+ resources:
+ requests:
+ memory: "250Mi"
+ cpu: "125m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "712Mi"
+ cpu: "550m"
+ ephemeral-storage: "3Gi"
+ volumeClaimTemplates:
+ - metadata:
+ name: mongo-persistent-storage
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 20Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: mongo
+ name: mongo-service
+spec:
+ ports:
+ - port: 27017
+ targetPort: 27017
+ selector:
+ component: database
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: mongo
+ name: mongo-headless-service
+spec:
+ clusterIP: None
+ ports:
+ - port: 27017
+ targetPort: 27017
+ selector:
+ component: database
\ No newline at end of file
diff --git a/mkdocs/docs/3.0.0-beta8/litmus-portal-crds-3.0.0-beta8.yml b/mkdocs/docs/3.0.0-beta8/litmus-portal-crds-3.0.0-beta8.yml
new file mode 100644
index 00000000000..e3bb707cc42
--- /dev/null
+++ b/mkdocs/docs/3.0.0-beta8/litmus-portal-crds-3.0.0-beta8.yml
@@ -0,0 +1,3472 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clusterworkflowtemplates.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: ClusterWorkflowTemplate
+ listKind: ClusterWorkflowTemplateList
+ plural: clusterworkflowtemplates
+ shortNames:
+ - clusterwftmpl
+ - cwft
+ singular: clusterworkflowtemplate
+ scope: Cluster
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: cronworkflows.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: CronWorkflow
+ listKind: CronWorkflowList
+ plural: cronworkflows
+ shortNames:
+ - cwf
+ - cronwf
+ singular: cronworkflow
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: workflows.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: Workflow
+ listKind: WorkflowList
+ plural: workflows
+ shortNames:
+ - wf
+ singular: workflow
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Status of the workflow
+ jsonPath: .status.phase
+ name: Status
+ type: string
+ - description: When the workflow was started
+ format: date-time
+ jsonPath: .status.startedAt
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: workflowtasksets.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: WorkflowTaskSet
+ listKind: WorkflowTaskSetList
+ plural: workflowtasksets
+ shortNames:
+ - wfts
+ singular: workflowtaskset
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: workflowtemplates.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: WorkflowTemplate
+ listKind: WorkflowTemplateList
+ plural: workflowtemplates
+ shortNames:
+ - wftmpl
+ singular: workflowtemplate
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: workflowtaskresults.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: WorkflowTaskResult
+ listKind: WorkflowTaskResultList
+ plural: workflowtaskresults
+ singular: workflowtaskresult
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ message:
+ type: string
+ metadata:
+ type: object
+ outputs:
+ properties:
+ artifacts:
+ items:
+ properties:
+ archive:
+ properties:
+ none:
+ type: object
+ tar:
+ properties:
+ compressionLevel:
+ format: int32
+ type: integer
+ type: object
+ zip:
+ type: object
+ type: object
+ archiveLogs:
+ type: boolean
+ artifactory:
+ properties:
+ passwordSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ url:
+ type: string
+ usernameSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - url
+ type: object
+ from:
+ type: string
+ fromExpression:
+ type: string
+ gcs:
+ properties:
+ bucket:
+ type: string
+ key:
+ type: string
+ serviceAccountKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - key
+ type: object
+ git:
+ properties:
+ depth:
+ format: int64
+ type: integer
+ disableSubmodules:
+ type: boolean
+ fetch:
+ items:
+ type: string
+ type: array
+ insecureIgnoreHostKey:
+ type: boolean
+ passwordSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ repo:
+ type: string
+ revision:
+ type: string
+ sshPrivateKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ usernameSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - repo
+ type: object
+ globalName:
+ type: string
+ hdfs:
+ properties:
+ addresses:
+ items:
+ type: string
+ type: array
+ force:
+ type: boolean
+ hdfsUser:
+ type: string
+ krbCCacheSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ krbConfigConfigMap:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ krbKeytabSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ krbRealm:
+ type: string
+ krbServicePrincipalName:
+ type: string
+ krbUsername:
+ type: string
+ path:
+ type: string
+ required:
+ - path
+ type: object
+ http:
+ properties:
+ headers:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ url:
+ type: string
+ required:
+ - url
+ type: object
+ mode:
+ format: int32
+ type: integer
+ name:
+ type: string
+ optional:
+ type: boolean
+ oss:
+ properties:
+ accessKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ bucket:
+ type: string
+ createBucketIfNotPresent:
+ type: boolean
+ endpoint:
+ type: string
+ key:
+ type: string
+ lifecycleRule:
+ properties:
+ markDeletionAfterDays:
+ format: int32
+ type: integer
+ markInfrequentAccessAfterDays:
+ format: int32
+ type: integer
+ type: object
+ secretKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ securityToken:
+ type: string
+ required:
+ - key
+ type: object
+ path:
+ type: string
+ raw:
+ properties:
+ data:
+ type: string
+ required:
+ - data
+ type: object
+ recurseMode:
+ type: boolean
+ s3:
+ properties:
+ accessKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ bucket:
+ type: string
+ createBucketIfNotPresent:
+ properties:
+ objectLocking:
+ type: boolean
+ type: object
+ encryptionOptions:
+ properties:
+ enableEncryption:
+ type: boolean
+ kmsEncryptionContext:
+ type: string
+ kmsKeyId:
+ type: string
+ serverSideCustomerKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ endpoint:
+ type: string
+ insecure:
+ type: boolean
+ key:
+ type: string
+ region:
+ type: string
+ roleARN:
+ type: string
+ secretKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ useSDKCreds:
+ type: boolean
+ type: object
+ subPath:
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ exitCode:
+ type: string
+ parameters:
+ items:
+ properties:
+ default:
+ type: string
+ description:
+ type: string
+ enum:
+ items:
+ type: string
+ type: array
+ globalName:
+ type: string
+ name:
+ type: string
+ value:
+ type: string
+ valueFrom:
+ properties:
+ configMapKeyRef:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ default:
+ type: string
+ event:
+ type: string
+ expression:
+ type: string
+ jqFilter:
+ type: string
+ jsonPath:
+ type: string
+ parameter:
+ type: string
+ path:
+ type: string
+ supplied:
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ result:
+ type: string
+ type: object
+ phase:
+ type: string
+ progress:
+ type: string
+ required:
+ - metadata
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: chaosengines.litmuschaos.io
+spec:
+ group: litmuschaos.io
+ names:
+ kind: ChaosEngine
+ listKind: ChaosEngineList
+ plural: chaosengines
+ singular: chaosengine
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ properties:
+ jobCleanUpPolicy:
+ type: string
+ pattern: ^(delete|retain)$
+ # alternate ways to do this in case of complex pattern matches
+ #oneOf:
+ # - pattern: '^delete$'
+ # - pattern: '^retain$'
+ defaultHealthCheck:
+ type: string
+ pattern: ^(true|false)$
+ appinfo:
+ type: object
+ properties:
+ appkind:
+ type: string
+ pattern: ^(^$|deployment|statefulset|daemonset|deploymentconfig|rollout)$
+ applabel:
+ type: string
+ appns:
+ type: string
+ selectors:
+ type: object
+ properties:
+ pods:
+ items:
+ properties:
+ names:
+ type: string
+ namespace:
+ type: string
+ required:
+ - names
+ - namespace
+ type: object
+ type: array
+ workloads:
+ items:
+ properties:
+ kind:
+ type: string
+ pattern: ^(^$|deployment|statefulset|daemonset|deploymentconfig|rollout)$
+ labels:
+ type: string
+ names:
+ type: string
+ namespace:
+ type: string
+ oneOf:
+ - required: [ names ]
+ - required: [ labels ]
+ required:
+ - kind
+ - namespace
+ type: object
+ type: array
+ oneOf:
+ - required: [ pods ]
+ - required: [ workloads ]
+ auxiliaryAppInfo:
+ type: string
+ engineState:
+ type: string
+ pattern: ^(active|stop)$
+ chaosServiceAccount:
+ type: string
+ terminationGracePeriodSeconds:
+ type: integer
+ components:
+ type: object
+ properties:
+ sidecar:
+ type: array
+ items:
+ type: object
+ properties:
+ env:
+ description: ENV contains ENV passed to the sidecar container
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are
+ expanded using the previous defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved, the
+ reference in the input string will be unchanged.
+ The $(VAR_NAME) syntax can be escaped with a double
+ $$, ie: $$(VAR_NAME). Escaped references will never
+ be expanded, regardless of whether the variable
+ exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom for the sidecar container
+ items:
+ description: EnvFromSource represents the source of a
+ set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must
+ be defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to prepend to
+ each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be
+ defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ type: string
+ imagePullPolicy:
+ type: string
+ secrets:
+ items:
+ properties:
+ mountPath:
+ type: string
+ name:
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ runner:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ properties:
+ image:
+ type: string
+ type:
+ type: string
+ pattern: ^(go)$
+ runnerLabels:
+ type: object
+ runnerAnnotations:
+ type: object
+ additionalProperties:
+ type: string
+ properties:
+ key:
+ type: string
+ minLength: 1
+ value:
+ type: string
+ minLength: 1
+ tolerations:
+ description: Pod's tolerations.
+ items:
+ description: The pod with this Toleration tolerates any taint matches the using the matching operator .
+ properties:
+ effect:
+ description: Effect to match. Empty means all effects.
+ type: string
+ key:
+ description: Taint key the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists.
+ type: string
+ operator:
+ description: Operators are Exists or Equal. Defaults to Equal.
+ type: string
+ tolerationSeconds:
+ description: Period of time the toleration tolerates the taint.
+ format: int64
+ type: integer
+ value:
+ description: If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ experiments:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ spec:
+ type: object
+ properties:
+ probe:
+ type: array
+ items:
+ type: object
+ required:
+ - runProperties
+ properties:
+ name:
+ type: string
+ type:
+ type: string
+ minLength: 1
+ pattern: ^(k8sProbe|httpProbe|cmdProbe|promProbe)$
+ k8sProbe/inputs:
+ type: object
+ properties:
+ group:
+ type: string
+ version:
+ type: string
+ resource:
+ type: string
+ namespace:
+ type: string
+ fieldSelector:
+ type: string
+ labelSelector:
+ type: string
+ operation:
+ type: string
+ pattern: ^(present|absent|create|delete)$
+ minLength: 1
+ cmdProbe/inputs:
+ type: object
+ properties:
+ command:
+ type: string
+ minLength: 1
+ comparator:
+ type: object
+ properties:
+ type:
+ type: string
+ minLength: 1
+ pattern: ^(int|float|string)$
+ criteria:
+ type: string
+ value:
+ type: string
+ source:
+ description: The external pod where we have to run the
+ probe commands. It will run the commands inside the experiment pod itself(inline mode) if source contains a nil value
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations for the source pod
+ type: object
+ args:
+ description: Args for the source pod
+ items:
+ type: string
+ type: array
+ command:
+ description: Command for the source pod
+ items:
+ type: string
+ type: array
+ env:
+ description: ENVList contains ENV passed to
+ the source pod
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previous defined
+ environment variables in the container
+ and any service environment variables.
+ If a variable cannot be resolved, the
+ reference in the input string will be
+ unchanged. The $(VAR_NAME) syntax can
+ be escaped with a double $$, ie: $$(VAR_NAME).
+ Escaped references will never be expanded,
+ regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment
+ variable's value. Cannot be used if
+ value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the
+ ConfigMap or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the
+ pod: supports metadata.name, metadata.namespace,
+ metadata.labels, metadata.annotations,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in
+ terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified API
+ version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of
+ the container: only resources limits
+ and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ type: string
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the
+ Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ hostNetwork:
+ description: HostNetwork define the hostNetwork
+ of the external pod it supports boolean values
+ and default value is false
+ type: boolean
+ inheritInputs:
+ description: InheritInputs define to inherit experiment
+ details in probe pod it supports boolean values
+ and default value is false.
+ type: boolean
+ image:
+ description: Image for the source pod
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy for the source pod
+ type: string
+ imagePullSecrets:
+ description: ImagePullSecrets for source pod
+ items:
+ description: LocalObjectReference contains enough information
+ to let you locate the referenced object inside the same
+ namespace.
+ properties:
+ name:
+ description: 'Name of the referent'
+ type: string
+ type: object
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels for the source pod
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: NodeSelector for the source pod
+ type: object
+ privileged:
+ description: Privileged for the source pod
+ type: boolean
+ volumeMount:
+ description: VolumesMount for the source pod
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container
+ at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines
+ how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is
+ used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name
+ of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true,
+ read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from
+ which the container's volume should
+ be mounted. Defaults to "" (volume's
+ root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the
+ volume from which the container's volume
+ should be mounted. Behaves similarly
+ to SubPath but environment variable
+ references $(VAR_NAME) are expanded
+ using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and
+ SubPath are mutually exclusive. This
+ field is beta in 1.15.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: Volumes for the source pod
+ items:
+ description: Volume represents a named volume
+ in a pod that may be accessed by any container
+ in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'AWSElasticBlockStore represents
+ an AWS Disk resource that is attached
+ to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'Filesystem type of the
+ volume that you want to mount. Tip:
+ Ensure that the filesystem type
+ is supported by the host operating
+ system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ partition:
+ description: 'The partition in the
+ volume that you want to mount. If
+ omitted, the default is to mount
+ by volume name. Examples: For volume
+ /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can
+ leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Specify "true" to force
+ and set the ReadOnly property in
+ VolumeMounts to "true". If omitted,
+ the default is "false". More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'Unique ID of the persistent
+ disk resource in AWS (Amazon EBS
+ volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: AzureDisk represents an Azure
+ Data Disk mount on the host and bind
+ mount to the pod.
+ properties:
+ cachingMode:
+ description: 'Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: The Name of the data
+ disk in the blob storage
+ type: string
+ diskURI:
+ description: The URI the data disk
+ in the blob storage
+ type: string
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'Expected values Shared:
+ multiple blob disks per storage
+ account Dedicated: single blob
+ disk per storage account Managed:
+ azure managed data disk (only in
+ managed availability set). defaults
+ to shared'
+ type: string
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: AzureFile represents an Azure
+ File Service mount on the host and bind
+ mount to the pod.
+ properties:
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: the name of secret that
+ contains Azure Storage Account Name
+ and Key
+ type: string
+ shareName:
+ description: Share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: CephFS represents a Ceph
+ FS mount on the host that shares a pod's
+ lifetime
+ properties:
+ monitors:
+ description: 'Required: Monitors is
+ a collection of Ceph monitors More
+ info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'Optional: Used as the
+ mounted root, rather than the full
+ Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to
+ false (read/write). ReadOnly here
+ will force the ReadOnly setting
+ in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'Optional: SecretFile
+ is the path to key ring for User,
+ default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'Optional: SecretRef
+ is reference to the authentication
+ secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'Optional: User is the
+ rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'Cinder represents a cinder
+ volume attached and mounted on kubelets
+ host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to
+ false (read/write). ReadOnly here
+ will force the ReadOnly setting
+ in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'Optional: points to
+ a secret object containing parameters
+ used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volume id used to identify
+ the volume in cinder. More info:
+ https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: ConfigMap represents a configMap
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits
+ to use on created files by default.
+ Must be a value between 0 and 0777.
+ Defaults to 0644. Directories within
+ the path are not affected by this
+ setting. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each
+ key-value pair in the Data field
+ of the referenced ConfigMap will
+ be projected into the volume as
+ a file whose name is the key and
+ content is the value. If specified,
+ the listed keys will be projected
+ into the specified paths, and unlisted
+ keys will not be present. If a key
+ is specified which is not present
+ in the ConfigMap, the volume setup
+ will error unless it is marked optional.
+ Paths must be relative and may not
+ contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to
+ a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode
+ bits to use on this file,
+ must be a value between 0
+ and 0777. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path
+ of the file to map the key
+ to. May not be an absolute
+ path. May not contain the
+ path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ csi:
+ description: CSI (Container Storage Interface)
+ represents storage that is handled by
+ an external CSI driver (Alpha feature).
+ properties:
+ driver:
+ description: Driver is the name of
+ the CSI driver that handles this
+ volume. Consult with your admin
+ for the correct name as registered
+ in the cluster.
+ type: string
+ fsType:
+ description: Filesystem type to mount.
+ Ex. "ext4", "xfs", "ntfs". If not
+ provided, the empty value is passed
+ to the associated CSI driver which
+ will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: NodePublishSecretRef
+ is a reference to the secret object
+ containing sensitive information
+ to pass to the CSI driver to complete
+ the CSI NodePublishVolume and NodeUnpublishVolume
+ calls. This field is optional, and may
+ be empty if no secret is required.
+ If the secret object contains more
+ than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ readOnly:
+ description: Specifies a read-only
+ configuration for the volume. Defaults
+ to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: VolumeAttributes stores
+ driver-specific properties that
+ are passed to the CSI driver. Consult
+ your driver's documentation for
+ supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: DownwardAPI represents downward
+ API about the pod that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits
+ to use on created files by default.
+ Must be a value between 0 and 0777.
+ Defaults to 0644. Directories within
+ the path are not affected by this
+ setting. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward
+ API volume file
+ items:
+ description: DownwardAPIVolumeFile
+ represents information to create
+ the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of
+ the schema the FieldPath
+ is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the
+ field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode
+ bits to use on this file,
+ must be a value between 0
+ and 0777. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path
+ is the relative path name
+ of the file to be created.
+ Must not be absolute or contain
+ the ''..'' path. Must be utf-8
+ encoded. The first item of
+ the relative path must not
+ start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource
+ of the container: only resources
+ limits and requests (limits.cpu,
+ limits.memory, requests.cpu
+ and requests.memory) are currently
+ supported.'
+ properties:
+ containerName:
+ description: 'Container
+ name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the
+ output format of the exposed
+ resources, defaults to
+ "1"
+ type: string
+ resource:
+ description: 'Required:
+ resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'EmptyDir represents a temporary
+ directory that shares a pod''s lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'What type of storage
+ medium should back this directory.
+ The default is "" which means to
+ use the node''s default medium.
+ Must be an empty string (default)
+ or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ description: 'Total amount of local
+ storage required for this EmptyDir
+ volume. The size limit is also applicable
+ for memory medium. The maximum usage
+ on memory medium EmptyDir would
+ be the minimum value between the
+ SizeLimit specified here and the
+ sum of memory limits of all containers
+ in a pod. The default is nil which
+ means that the limit is undefined.
+ More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ type: string
+ type: object
+ fc:
+ description: FC represents a Fibre Channel
+ resource that is attached to a kubelet's
+ host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ lun:
+ description: 'Optional: FC target
+ lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Optional: Defaults to
+ false (read/write). ReadOnly here
+ will force the ReadOnly setting
+ in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'Optional: FC volume
+ world wide identifiers (wwids) Either
+ wwids or combination of targetWWNs
+ and lun must be set, but not both
+ simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: FlexVolume represents a generic
+ volume resource that is provisioned/attached
+ using an exec based plugin.
+ properties:
+ driver:
+ description: Driver is the name of
+ the driver to use for this volume.
+ type: string
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". The default
+ filesystem depends on FlexVolume
+ script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'Optional: Extra command
+ options if any.'
+ type: object
+ readOnly:
+ description: 'Optional: Defaults to
+ false (read/write). ReadOnly here
+ will force the ReadOnly setting
+ in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'Optional: SecretRef
+ is reference to the secret object
+ containing sensitive information
+ to pass to the plugin scripts. This
+ may be empty if no secret object
+ is specified. If the secret object
+ contains more than one secret, all
+ secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: Flocker represents a Flocker
+ volume attached to a kubelet's host
+ machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: Name of the dataset stored
+ as metadata -> name on the dataset
+ for Flocker should be considered
+ as deprecated
+ type: string
+ datasetUUID:
+ description: UUID of the dataset.
+ This is unique identifier of a Flocker
+ dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'GCEPersistentDisk represents
+ a GCE Disk resource that is attached
+ to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'Filesystem type of the
+ volume that you want to mount. Tip:
+ Ensure that the filesystem type
+ is supported by the host operating
+ system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ partition:
+ description: 'The partition in the
+ volume that you want to mount. If
+ omitted, the default is to mount
+ by volume name. Examples: For volume
+ /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can
+ leave the property empty). More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'Unique name of the PD
+ resource in GCE. Used to identify
+ the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'GitRepo represents a git
+ repository at a particular revision.
+ DEPRECATED: GitRepo is deprecated. To
+ provision a container with a git repo,
+ mount an EmptyDir into an InitContainer
+ that clones the repo using git, then
+ mount the EmptyDir into the Pod''s container.'
+ properties:
+ directory:
+ description: Target directory name.
+ Must not contain or start with '..'. If
+ '.' is supplied, the volume directory
+ will be the git repository. Otherwise,
+ if specified, the volume will contain
+ the git repository in the subdirectory
+ with the given name.
+ type: string
+ repository:
+ description: Repository URL
+ type: string
+ revision:
+ description: Commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'Glusterfs represents a Glusterfs
+ mount on the host that shares a pod''s
+ lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'EndpointsName is the
+ endpoint name that details Glusterfs
+ topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'Path is the Glusterfs
+ volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force
+ the Glusterfs volume to be mounted
+ with read-only permissions. Defaults
+ to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'HostPath represents a pre-existing
+ file or directory on the host machine
+ that is directly exposed to the container.
+ This is generally used for system agents
+ or other privileged things that are
+ allowed to see the host machine. Most
+ containers will NOT need this. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ # TODO(jonesdl) We need to restrict
+ who can use host directory mounts and
+ who can/can not mount host directories
+ as read/write.'
+ properties:
+ path:
+ description: 'Path of the directory
+ on the host. If the path is a symlink,
+ it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'Type for HostPath Volume
+ Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'ISCSI represents an ISCSI
+ Disk resource that is attached to a
+ kubelet''s host machine and then exposed
+ to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'Filesystem type of the
+ volume that you want to mount. Tip:
+ Ensure that the filesystem type
+ is supported by the host operating
+ system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ initiatorName:
+ description: Custom iSCSI Initiator
+ Name. If initiatorName is specified
+ with iscsiInterface simultaneously,
+ new iSCSI interface : will be created for the connection.
+ type: string
+ iqn:
+ description: Target iSCSI Qualified
+ Name.
+ type: string
+ iscsiInterface:
+ description: iSCSI Interface Name
+ that uses an iSCSI transport. Defaults
+ to 'default' (tcp).
+ type: string
+ lun:
+ description: iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: iSCSI Target Portal List.
+ The portal is either an IP or ip_addr:port
+ if the port is other than default
+ (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ type: boolean
+ secretRef:
+ description: CHAP Secret for iSCSI
+ target and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: iSCSI Target Portal.
+ The Portal is either an IP or ip_addr:port
+ if the port is other than default
+ (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'Volume''s name. Must be
+ a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'NFS represents an NFS mount
+ on the host that shares a pod''s lifetime
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'Path that is exported
+ by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force
+ the NFS export to be mounted with
+ read-only permissions. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'Server is the hostname
+ or IP address of the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'PersistentVolumeClaimVolumeSource
+ represents a reference to a PersistentVolumeClaim
+ in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'ClaimName is the name
+ of a PersistentVolumeClaim in the
+ same namespace as the pod using
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: Will force the ReadOnly
+ setting in VolumeMounts. Default
+ false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: PhotonPersistentDisk represents
+ a PhotonController persistent disk attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: ID that identifies Photon
+ Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: PortworxVolume represents
+ a portworx volume attached and mounted
+ on kubelets host machine
+ properties:
+ fsType:
+ description: FSType represents the
+ filesystem type to mount Must be
+ a filesystem type supported by the
+ host operating system. Ex. "ext4",
+ "xfs". Implicitly inferred to be
+ "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: VolumeID uniquely identifies
+ a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: Items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: Mode bits to use on created
+ files by default. Must be a value
+ between 0 and 0777. Directories
+ within the path are not affected
+ by this setting. This might be in
+ conflict with other options that
+ affect the file mode, like fsGroup,
+ and the result can be other mode
+ bits set.
+ format: int32
+ type: integer
+ sources:
+ description: list of volume projections
+ items:
+ description: Projection that may
+ be projected along with other
+ supported volume types
+ properties:
+ configMap:
+ description: information about
+ the configMap data to project
+ properties:
+ items:
+ description: If unspecified,
+ each key-value pair in
+ the Data field of the
+ referenced ConfigMap will
+ be projected into the
+ volume as a file whose
+ name is the key and content
+ is the value. If specified,
+ the listed keys will be
+ projected into the specified
+ paths, and unlisted keys
+ will not be present. If
+ a key is specified which
+ is not present in the
+ ConfigMap, the volume
+ setup will error unless
+ it is marked optional.
+ Paths must be relative
+ and may not contain the
+ '..' path or start with
+ '..'.
+ items:
+ description: Maps a string
+ key to a path within
+ a volume.
+ properties:
+ key:
+ description: The key
+ to project.
+ type: string
+ mode:
+ description: 'Optional:
+ mode bits to use
+ on this file, must
+ be a value between
+ 0 and 0777. If not
+ specified, the volume
+ defaultMode will
+ be used. This might
+ be in conflict with
+ other options that
+ affect the file
+ mode, like fsGroup,
+ and the result can
+ be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative
+ path of the file
+ to map the key to.
+ May not be an absolute
+ path. May not contain
+ the path element
+ '..'. May not start
+ with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the
+ referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful
+ fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether
+ the ConfigMap or its keys
+ must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: information about
+ the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a
+ list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile
+ represents information
+ to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required:
+ Selects a field
+ of the pod: only
+ annotations, labels,
+ name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version
+ of the schema
+ the FieldPath
+ is written in
+ terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path
+ of the field
+ to select in
+ the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional:
+ mode bits to use
+ on this file, must
+ be a value between
+ 0 and 0777. If not
+ specified, the volume
+ defaultMode will
+ be used. This might
+ be in conflict with
+ other options that
+ affect the file
+ mode, like fsGroup,
+ and the result can
+ be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required:
+ Path is the relative
+ path name of the
+ file to be created.
+ Must not be absolute
+ or contain the ''..''
+ path. Must be utf-8
+ encoded. The first
+ item of the relative
+ path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects
+ a resource of the
+ container: only
+ resources limits
+ and requests (limits.cpu,
+ limits.memory, requests.cpu
+ and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container
+ name: required
+ for volumes,
+ optional for
+ env vars'
+ type: string
+ divisor:
+ description: Specifies
+ the output format
+ of the exposed
+ resources, defaults
+ to "1"
+ type: string
+ resource:
+ description: 'Required:
+ resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: information about
+ the secret data to project
+ properties:
+ items:
+ description: If unspecified,
+ each key-value pair in
+ the Data field of the
+ referenced Secret will
+ be projected into the
+ volume as a file whose
+ name is the key and content
+ is the value. If specified,
+ the listed keys will be
+ projected into the specified
+ paths, and unlisted keys
+ will not be present. If
+ a key is specified which
+ is not present in the
+ Secret, the volume setup
+ will error unless it is
+ marked optional. Paths
+ must be relative and may
+ not contain the '..' path
+ or start with '..'.
+ items:
+ description: Maps a string
+ key to a path within
+ a volume.
+ properties:
+ key:
+ description: The key
+ to project.
+ type: string
+ mode:
+ description: 'Optional:
+ mode bits to use
+ on this file, must
+ be a value between
+ 0 and 0777. If not
+ specified, the volume
+ defaultMode will
+ be used. This might
+ be in conflict with
+ other options that
+ affect the file
+ mode, like fsGroup,
+ and the result can
+ be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative
+ path of the file
+ to map the key to.
+ May not be an absolute
+ path. May not contain
+ the path element
+ '..'. May not start
+ with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the
+ referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful
+ fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether
+ the Secret or its key
+ must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: information about
+ the serviceAccountToken data
+ to project
+ properties:
+ audience:
+ description: Audience is
+ the intended audience
+ of the token. A recipient
+ of a token must identify
+ itself with an identifier
+ specified in the audience
+ of the token, and otherwise
+ should reject the token.
+ The audience defaults
+ to the identifier of the
+ apiserver.
+ type: string
+ expirationSeconds:
+ description: ExpirationSeconds
+ is the requested duration
+ of validity of the service
+ account token. As the
+ token approaches expiration,
+ the kubelet volume plugin
+ will proactively rotate
+ the service account token.
+ The kubelet will start
+ trying to rotate the token
+ if the token is older
+ than 80 percent of its
+ time to live or if the
+ token is older than 24
+ hours.Defaults to 1 hour
+ and must be at least 10
+ minutes.
+ format: int64
+ type: integer
+ path:
+ description: Path is the
+ path relative to the mount
+ point of the file to project
+ the token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ required:
+ - sources
+ type: object
+ quobyte:
+ description: Quobyte represents a Quobyte
+ mount on the host that shares a pod's
+ lifetime
+ properties:
+ group:
+ description: Group to map volume access
+ to Default is no group
+ type: string
+ readOnly:
+ description: ReadOnly here will force
+ the Quobyte volume to be mounted
+ with read-only permissions. Defaults
+ to false.
+ type: boolean
+ registry:
+ description: Registry represents a
+ single or multiple Quobyte Registry
+ services specified as a string as
+ host:port pair (multiple entries
+ are separated with commas) which
+ acts as the central registry for
+ volumes
+ type: string
+ tenant:
+ description: Tenant owning the given
+ Quobyte volume in the Backend Used
+ with dynamically provisioned Quobyte
+ volumes, value is set by the plugin
+ type: string
+ user:
+ description: User to map volume access
+ to Defaults to serivceaccount user
+ type: string
+ volume:
+ description: Volume is a string that
+ references an already created Quobyte
+ volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'RBD represents a Rados Block
+ Device mount on the host that shares
+ a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type of the
+ volume that you want to mount. Tip:
+ Ensure that the filesystem type
+ is supported by the host operating
+ system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ image:
+ description: 'The rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'Keyring is the path
+ to key ring for RBDUser. Default
+ is /etc/ceph/keyring. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'A collection of Ceph
+ monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'The rados pool name.
+ Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'SecretRef is name of
+ the authentication secret for RBDUser.
+ If provided overrides keyring. Default
+ is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'The rados user name.
+ Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: ScaleIO represents a ScaleIO
+ persistent volume attached and mounted
+ on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Default is
+ "xfs".
+ type: string
+ gateway:
+ description: The host address of the
+ ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: The name of the ScaleIO
+ Protection Domain for the configured
+ storage.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef references
+ to the secret for ScaleIO user and
+ other sensitive information. If
+ this is not provided, Login operation
+ will fail.
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: Flag to enable/disable
+ SSL communication with Gateway,
+ default false
+ type: boolean
+ storageMode:
+ description: Indicates whether the
+ storage for a volume should be ThickProvisioned
+ or ThinProvisioned. Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: The ScaleIO Storage Pool
+ associated with the protection domain.
+ type: string
+ system:
+ description: The name of the storage
+ system as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: The name of a volume
+ already created in the ScaleIO system
+ that is associated with this volume
+ source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'Secret represents a secret
+ that should populate this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits
+ to use on created files by default.
+ Must be a value between 0 and 0777.
+ Defaults to 0644. Directories within
+ the path are not affected by this
+ setting. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each
+ key-value pair in the Data field
+ of the referenced Secret will be
+ projected into the volume as a file
+ whose name is the key and content
+ is the value. If specified, the
+ listed keys will be projected into
+ the specified paths, and unlisted
+ keys will not be present. If a key
+ is specified which is not present
+ in the Secret, the volume setup
+ will error unless it is marked optional.
+ Paths must be relative and may not
+ contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to
+ a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode
+ bits to use on this file,
+ must be a value between 0
+ and 0777. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path
+ of the file to map the key
+ to. May not be an absolute
+ path. May not contain the
+ path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: Specify whether the Secret
+ or its keys must be defined
+ type: boolean
+ secretName:
+ description: 'Name of the secret in
+ the pod''s namespace to use. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: StorageOS represents a StorageOS
+ volume attached and mounted on Kubernetes
+ nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef specifies the
+ secret to use for obtaining the
+ StorageOS API credentials. If not
+ specified, default values will be
+ attempted.
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeName:
+ description: VolumeName is the human-readable
+ name of the StorageOS volume. Volume
+ names are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: VolumeNamespace specifies
+ the scope of the volume within StorageOS. If
+ no namespace is specified then the
+ Pod's namespace will be used. This
+ allows the Kubernetes name scoping
+ to be mirrored within StorageOS
+ for tighter integration. Set VolumeName
+ to any name to override the default
+ behaviour. Set to "default" if you
+ are not using namespaces within
+ StorageOS. Namespaces that do not
+ pre-exist within StorageOS will
+ be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: VsphereVolume represents
+ a vSphere volume attached and mounted
+ on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: Storage Policy Based
+ Management (SPBM) profile ID associated
+ with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: Storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: Path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ httpProbe/inputs:
+ type: object
+ properties:
+ url:
+ type: string
+ minLength: 1
+ insecureSkipVerify:
+ type: boolean
+ method:
+ type: object
+ minProperties: 1
+ properties:
+ get:
+ type: object
+ properties:
+ criteria:
+ type: string
+ minLength: 1
+ responseCode:
+ type: string
+ minLength: 1
+ post:
+ type: object
+ properties:
+ contentType:
+ type: string
+ minLength: 1
+ body:
+ type: string
+ bodyPath:
+ type: string
+ criteria:
+ type: string
+ minLength: 1
+ responseCode:
+ type: string
+ minLength: 1
+ promProbe/inputs:
+ type: object
+ properties:
+ endpoint:
+ type: string
+ query:
+ type: string
+ queryPath:
+ type: string
+ comparator:
+ type: object
+ properties:
+ criteria:
+ type: string
+ value:
+ type: string
+ runProperties:
+ type: object
+ minProperties: 2
+ required:
+ - probeTimeout
+ - interval
+ properties:
+ probeTimeout:
+ type: integer
+ interval:
+ type: integer
+ retry:
+ type: integer
+ probePollingInterval:
+ type: integer
+ initialDelaySeconds:
+ type: integer
+ stopOnFailure:
+ type: boolean
+ mode:
+ type: string
+ pattern: ^(SOT|EOT|Edge|Continuous|OnChaos)$
+ minLength: 1
+ data:
+ type: string
+ components:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ properties:
+ statusCheckTimeouts:
+ type: object
+ properties:
+ delay:
+ type: integer
+ timeout:
+ type: integer
+ nodeSelector:
+ type: object
+ additionalProperties:
+ type: string
+ properties:
+ key:
+ type: string
+ minLength: 1
+ allowEmptyValue: false
+ value:
+ type: string
+ minLength: 1
+ allowEmptyValue: false
+ experimentImage:
+ type: string
+ env:
+ type: array
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previous defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ The $(VAR_NAME) syntax can be escaped with a
+ double $$, ie: $$(VAR_NAME). Escaped references
+ will never be expanded, regardless of whether
+ the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ metadata.labels, metadata.annotations, spec.nodeName,
+ spec.serviceAccountName, status.hostIP,
+ status.podIP.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage,
+ requests.cpu, requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ configMaps:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ mountPath:
+ type: string
+ secrets:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ mountPath:
+ type: string
+ experimentAnnotations:
+ type: object
+ additionalProperties:
+ type: string
+ properties:
+ key:
+ type: string
+ minLength: 1
+ allowEmptyValue: false
+ value:
+ type: string
+ minLength: 1
+ allowEmptyValue: false
+ tolerations:
+ description: Pod's tolerations.
+ items:
+ description: The pod with this Toleration tolerates any taint matches the using the matching operator .
+ properties:
+ effect:
+ description: Effect to match. Empty means all effects.
+ type: string
+ key:
+ description: Taint key the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists.
+ type: string
+ operator:
+ description: Operators are Exists or Equal. Defaults to Equal.
+ type: string
+ tolerationSeconds:
+ description: Period of time the toleration tolerates the taint.
+ format: int64
+ type: integer
+ value:
+ description: If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+ conversion:
+ strategy: None
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: chaosexperiments.litmuschaos.io
+spec:
+ group: litmuschaos.io
+ names:
+ kind: ChaosExperiment
+ listKind: ChaosExperimentList
+ plural: chaosexperiments
+ singular: chaosexperiment
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ description:
+ type: object
+ additionalProperties:
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ spec:
+ type: object
+ properties:
+ definition:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ properties:
+ args:
+ type: array
+ items:
+ type: string
+ command:
+ type: array
+ items:
+ type: string
+ env:
+ type: array
+ items:
+ type: object
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previous defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ The $(VAR_NAME) syntax can be escaped with a
+ double $$, ie: $$(VAR_NAME). Escaped references
+ will never be expanded, regardless of whether
+ the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ metadata.labels, metadata.annotations, spec.nodeName,
+ spec.serviceAccountName, status.hostIP,
+ status.podIP.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage,
+ requests.cpu, requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ image:
+ type: string
+ imagePullPolicy:
+ type: string
+ labels:
+ type: object
+ additionalProperties:
+ type: string
+ scope:
+ type: string
+ pattern: ^(Namespaced|Cluster)$
+ permissions:
+ type: array
+ items:
+ type: object
+ minProperties: 3
+ required:
+ - apiGroups
+ - resources
+ - verbs
+ properties:
+ apiGroups:
+ type: array
+ items:
+ type: string
+ resources:
+ type: array
+ items:
+ type: string
+ verbs:
+ type: array
+ items:
+ type: string
+ resourceNames:
+ type: array
+ items:
+ type: string
+ nonResourceURLs:
+ type: array
+ items:
+ type: string
+ configMaps:
+ type: array
+ items:
+ type: object
+ minProperties: 2
+ properties:
+ name:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ mountPath:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ secrets:
+ type: array
+ items:
+ type: object
+ minProperties: 2
+ properties:
+ name:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ mountPath:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ hostFileVolumes:
+ type: array
+ items:
+ type: object
+ minProperties: 3
+ properties:
+ name:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ mountPath:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ nodePath:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ securityContext:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ hostPID:
+ type: boolean
+
+ served: true
+ storage: true
+ subresources: {}
+ conversion:
+ strategy: None
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: chaosresults.litmuschaos.io
+spec:
+ group: litmuschaos.io
+ names:
+ kind: ChaosResult
+ listKind: ChaosResultList
+ plural: chaosresults
+ singular: chaosresult
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+ conversion:
+ strategy: None
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ name: eventtrackerpolicies.eventtracker.litmuschaos.io
+spec:
+ group: eventtracker.litmuschaos.io
+ names:
+ kind: EventTrackerPolicy
+ listKind: EventTrackerPolicyList
+ plural: eventtrackerpolicies
+ singular: eventtrackerpolicy
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: EventTrackerPolicy is the Schema for the eventtrackerpolicies
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EventTrackerPolicySpec defines the desired state of EventTrackerPolicy
+ properties:
+ condition_type:
+ type: string
+ conditions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ value:
+ type: string
+ type: object
+ type: array
+ type: object
+ statuses:
+ items:
+ description: EventTrackerPolicyStatus defines the observed state of
+ EventTrackerPolicy
+ properties:
+ is_triggered:
+ type: string
+ resource:
+ type: string
+ resource_name:
+ type: string
+ result:
+ type: string
+ time_stamp:
+ description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
+ of cluster Important: Run "make" to regenerate code after modifying
+ this file'
+ type: string
+ workflow_id:
+ type: string
+ type: object
+ type: array
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
\ No newline at end of file
diff --git a/mkdocs/docs/3.0.0-beta8/upgrade-agent.yaml b/mkdocs/docs/3.0.0-beta8/upgrade-agent.yaml
new file mode 100644
index 00000000000..43f1e8282d9
--- /dev/null
+++ b/mkdocs/docs/3.0.0-beta8/upgrade-agent.yaml
@@ -0,0 +1,19 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: upgrade-agent
+spec:
+ ttlSecondsAfterFinished: 60
+ backoffLimit: 0
+ template:
+ spec:
+ containers:
+ - name: upgrade-agent
+ image: litmuschaos/upgrade-agent-cp:3.0.0-beta8
+ envFrom:
+ - configMapRef:
+ name: litmus-portal-admin-config
+ - secretRef:
+ name: litmus-portal-admin-secret
+ imagePullPolicy: Always
+ restartPolicy: Never