-
Notifications
You must be signed in to change notification settings - Fork 703
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added installation manifest for 3.8.0 (#4709)
* Added installation manifest for 3.8.0 Signed-off-by: Saranya-jena <[email protected]> * Added env Signed-off-by: Saranya-jena <[email protected]> --------- Signed-off-by: Saranya-jena <[email protected]>
- Loading branch information
1 parent
12082b3
commit 8b97d59
Showing
4 changed files
with
4,834 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,392 @@ | ||
| --- | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: ClusterRole | ||
| metadata: | ||
| name: litmus-server-cr | ||
| rules: | ||
| - apiGroups: [networking.k8s.io, extensions] | ||
| resources: [ingresses] | ||
| verbs: [get] | ||
| - apiGroups: [""] | ||
| resources: [services, nodes, pods/log] | ||
| verbs: [get, watch] | ||
| - apiGroups: [""] # To get TLS Cert from secrets incase of cluster scope | ||
| resources: [secrets] | ||
| verbs: [get] | ||
| --- | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: ClusterRoleBinding | ||
| metadata: | ||
| name: litmus-server-crb | ||
| roleRef: | ||
| apiGroup: rbac.authorization.k8s.io | ||
| kind: ClusterRole | ||
| name: litmus-server-cr | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: litmus-server-account | ||
| namespace: litmus | ||
| ## Control plane manifests | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Namespace | ||
| metadata: | ||
| name: litmus | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ServiceAccount | ||
| metadata: | ||
| name: litmus-server-account | ||
| namespace: litmus | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Secret | ||
| metadata: | ||
| name: litmus-portal-admin-secret | ||
| namespace: litmus | ||
| stringData: | ||
| JWT_SECRET: "litmus-portal@123" | ||
| DB_USER: "root" | ||
| DB_PASSWORD: "1234" | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: litmus-portal-admin-config | ||
| namespace: litmus | ||
| data: | ||
| DB_SERVER: mongodb://my-release-mongodb-0.my-release-mongodb-headless:27017,my-release-mongodb-1.my-release-mongodb-headless:27017,my-release-mongodb-2.my-release-mongodb-headless:27017/admin | ||
| VERSION: "3.8.0" | ||
| SKIP_SSL_VERIFY: "false" | ||
| # Configurations if you are using dex for OAuth | ||
| DEX_ENABLED: "false" | ||
| OIDC_ISSUER: "http://<Your Domain>:32000" | ||
| DEX_OAUTH_CALLBACK_URL: "http://<litmus-portal frontend exposed URL>:8080/auth/dex/callback" | ||
| DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend" | ||
| DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0" | ||
| OAuthJwtSecret: "litmus-oauth@123" | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: litmusportal-frontend-nginx-configuration | ||
| namespace: litmus | ||
| data: | ||
| nginx.conf: | | ||
| pid /tmp/nginx.pid; | ||
| events { | ||
| worker_connections 1024; | ||
| } | ||
| http { | ||
| map $http_upgrade $connection_upgrade { | ||
| default upgrade; | ||
| '' close; | ||
| } | ||
| client_body_temp_path /tmp/client_temp; | ||
| proxy_temp_path /tmp/proxy_temp_path; | ||
| fastcgi_temp_path /tmp/fastcgi_temp; | ||
| uwsgi_temp_path /tmp/uwsgi_temp; | ||
| scgi_temp_path /tmp/scgi_temp; | ||
| sendfile on; | ||
| tcp_nopush on; | ||
| tcp_nodelay on; | ||
| keepalive_timeout 65; | ||
| types_hash_max_size 2048; | ||
| server_tokens off; | ||
| include /etc/nginx/mime.types; | ||
| gzip on; | ||
| gzip_disable "msie6"; | ||
| access_log /var/log/nginx/access.log; | ||
| error_log /var/log/nginx/error.log; | ||
| server { | ||
| listen 8185 default_server; | ||
| root /opt/chaos; | ||
| location /health { | ||
| return 200; | ||
| } | ||
| location / { | ||
| proxy_http_version 1.1; | ||
| add_header Cache-Control "no-cache"; | ||
| try_files $uri /index.html; | ||
| autoindex on; | ||
| } | ||
| # redirect server error pages to the static page /50x.html | ||
| # | ||
| error_page 500 502 503 504 /50x.html; | ||
| location = /50x.html { | ||
| root /usr/share/nginx/html; | ||
| } | ||
| location /auth/ { | ||
| proxy_http_version 1.1; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| proxy_pass "http://litmusportal-auth-server-service:9003/"; | ||
| } | ||
| location /api/ { | ||
| proxy_http_version 1.1; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| proxy_pass "http://litmusportal-server-service:9002/"; | ||
| } | ||
| location /ws/ { | ||
| proxy_http_version 1.1; | ||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header Connection $connection_upgrade; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| proxy_pass "http://litmusportal-server-service:9002/"; | ||
| } | ||
| } | ||
| } | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: litmusportal-frontend | ||
| namespace: litmus | ||
| labels: | ||
| component: litmusportal-frontend | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| component: litmusportal-frontend | ||
| template: | ||
| metadata: | ||
| labels: | ||
| component: litmusportal-frontend | ||
| spec: | ||
| automountServiceAccountToken: false | ||
| containers: | ||
| - name: litmusportal-frontend | ||
| image: litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-frontend:3.8.0 | ||
| imagePullPolicy: Always | ||
| # securityContext: | ||
| # runAsUser: 2000 | ||
| # allowPrivilegeEscalation: false | ||
| # runAsNonRoot: true | ||
| ports: | ||
| - containerPort: 8185 | ||
| volumeMounts: | ||
| - name: nginx-config | ||
| mountPath: /etc/nginx/nginx.conf | ||
| subPath: nginx.conf | ||
| volumes: | ||
| - name: nginx-config | ||
| configMap: | ||
| name: litmusportal-frontend-nginx-configuration | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: litmusportal-frontend-service | ||
| namespace: litmus | ||
| spec: | ||
| type: NodePort | ||
| ports: | ||
| - name: http | ||
| port: 9091 | ||
| targetPort: 8185 | ||
| selector: | ||
| component: litmusportal-frontend | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: litmusportal-server | ||
| namespace: litmus | ||
| labels: | ||
| component: litmusportal-server | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| component: litmusportal-server | ||
| template: | ||
| metadata: | ||
| labels: | ||
| component: litmusportal-server | ||
| spec: | ||
| volumes: | ||
| - name: gitops-storage | ||
| emptyDir: {} | ||
| - name: hub-storage | ||
| emptyDir: {} | ||
| containers: | ||
| - name: graphql-server | ||
| image: litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-server:3.8.0 | ||
| volumeMounts: | ||
| - mountPath: /tmp/ | ||
| name: gitops-storage | ||
| - mountPath: /tmp/version | ||
| name: hub-storage | ||
| securityContext: | ||
| runAsUser: 2000 | ||
| allowPrivilegeEscalation: false | ||
| runAsNonRoot: true | ||
| readOnlyRootFilesystem: true | ||
| envFrom: | ||
| - configMapRef: | ||
| name: litmus-portal-admin-config | ||
| - secretRef: | ||
| name: litmus-portal-admin-secret | ||
| env: | ||
| # if self-signed certificate are used pass the k8s tls secret name created in portal ns, to allow agents to use tls for communication | ||
| - name: TLS_SECRET_NAME | ||
| value: "" | ||
| - name: LITMUS_PORTAL_NAMESPACE | ||
| valueFrom: | ||
| fieldRef: | ||
| fieldPath: metadata.namespace | ||
| - name: CHAOS_CENTER_SCOPE | ||
| value: "cluster" | ||
| - name: ENABLE_GQL_INTROSPECTION | ||
| value: "false" | ||
| - name: SUBSCRIBER_IMAGE | ||
| value: "litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-subscriber:3.8.0" | ||
| - name: EVENT_TRACKER_IMAGE | ||
| value: "litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-event-tracker:3.8.0" | ||
| - name: ARGO_WORKFLOW_CONTROLLER_IMAGE | ||
| value: "litmuschaos.docker.scarf.sh/litmuschaos/workflow-controller:v3.3.1" | ||
| - name: ARGO_WORKFLOW_EXECUTOR_IMAGE | ||
| value: "litmuschaos.docker.scarf.sh/litmuschaos/argoexec:v3.3.1" | ||
| - name: LITMUS_CHAOS_OPERATOR_IMAGE | ||
| value: "litmuschaos.docker.scarf.sh/litmuschaos/chaos-operator:3.8.0" | ||
| - name: LITMUS_CHAOS_RUNNER_IMAGE | ||
| value: "litmuschaos.docker.scarf.sh/litmuschaos/chaos-runner:3.8.0" | ||
| - name: LITMUS_CHAOS_EXPORTER_IMAGE | ||
| value: "litmuschaos.docker.scarf.sh/litmuschaos/chaos-exporter:3.8.0" | ||
| - name: SERVER_SERVICE_NAME | ||
| value: "litmusportal-server-service" | ||
| - name: INFRA_DEPLOYMENTS | ||
| value: '["app=chaos-exporter", "name=chaos-operator", "app=workflow-controller", "app=event-tracker"]' | ||
| - name: NODE_NAME | ||
| valueFrom: | ||
| fieldRef: | ||
| fieldPath: spec.nodeName | ||
| - name: CHAOS_CENTER_UI_ENDPOINT | ||
| value: "" | ||
| - name: INGRESS | ||
| value: "false" | ||
| - name: INGRESS_NAME | ||
| value: "litmus-ingress" | ||
| - name: CONTAINER_RUNTIME_EXECUTOR | ||
| value: "k8sapi" | ||
| - name: DEFAULT_HUB_BRANCH_NAME | ||
| value: "v3.8.x" | ||
| - name: LITMUS_AUTH_GRPC_ENDPOINT | ||
| value: "litmusportal-auth-server-service" | ||
| - name: LITMUS_AUTH_GRPC_PORT | ||
| value: ":3030" | ||
| - name: WORKFLOW_HELPER_IMAGE_VERSION | ||
| value: "3.8.0" | ||
| - name: REMOTE_HUB_MAX_SIZE | ||
| value: "5000000" | ||
| - name: INFRA_COMPATIBLE_VERSIONS | ||
| value: '["3.8.0"]' | ||
| ports: | ||
| - containerPort: 8080 | ||
| - containerPort: 8000 | ||
| imagePullPolicy: Always | ||
| serviceAccountName: litmus-server-account | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: litmusportal-server-service | ||
| namespace: litmus | ||
| spec: | ||
| type: NodePort | ||
| ports: | ||
| - name: graphql-server | ||
| port: 9002 | ||
| targetPort: 8080 | ||
| - name: graphql-rpc-server | ||
| port: 8000 | ||
| targetPort: 8000 | ||
| selector: | ||
| component: litmusportal-server | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: litmusportal-auth-server | ||
| namespace: litmus | ||
| labels: | ||
| component: litmusportal-auth-server | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| component: litmusportal-auth-server | ||
| template: | ||
| metadata: | ||
| labels: | ||
| component: litmusportal-auth-server | ||
| spec: | ||
| automountServiceAccountToken: false | ||
| containers: | ||
| - name: auth-server | ||
| image: litmuschaos.docker.scarf.sh/litmuschaos/litmusportal-auth-server:3.8.0 | ||
| securityContext: | ||
| runAsUser: 2000 | ||
| allowPrivilegeEscalation: false | ||
| runAsNonRoot: true | ||
| readOnlyRootFilesystem: true | ||
| envFrom: | ||
| - configMapRef: | ||
| name: litmus-portal-admin-config | ||
| - secretRef: | ||
| name: litmus-portal-admin-secret | ||
| env: | ||
| - name: STRICT_PASSWORD_POLICY | ||
| value: "false" | ||
| - name: ADMIN_USERNAME | ||
| value: "admin" | ||
| - name: ADMIN_PASSWORD | ||
| value: "litmus" | ||
| - name: LITMUS_GQL_GRPC_ENDPOINT | ||
| value: "litmusportal-server-service" | ||
| - name: LITMUS_GQL_GRPC_PORT | ||
| value: ":8000" | ||
| ports: | ||
| - containerPort: 3000 | ||
| - containerPort: 3030 | ||
| imagePullPolicy: Always | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: litmusportal-auth-server-service | ||
| namespace: litmus | ||
| spec: | ||
| type: NodePort | ||
| ports: | ||
| - name: auth-server | ||
| port: 9003 | ||
| targetPort: 3000 | ||
| - name: auth-rpc-server | ||
| port: 3030 | ||
| targetPort: 3030 | ||
| selector: | ||
| component: litmusportal-auth-server |
Oops, something went wrong.